From 7892eb5c0c03cc45e6952570e0d95d49a1aeee52 Mon Sep 17 00:00:00 2001 From: Enrique Martin Date: Sun, 3 Dec 2023 23:52:55 +0100 Subject: [PATCH] Added log modules --- .../extras/demodata/agents/1-linux.prd | 64 ++++++++++++++++++- .../util/plugin/pandora_demo_agents.pl | 39 +++++++++++ 2 files changed, 102 insertions(+), 1 deletion(-) diff --git a/pandora_console/extras/demodata/agents/1-linux.prd b/pandora_console/extras/demodata/agents/1-linux.prd index 35d76f3f79..aaec5cd6ad 100644 --- a/pandora_console/extras/demodata/agents/1-linux.prd +++ b/pandora_console/extras/demodata/agents/1-linux.prd @@ -146,4 +146,66 @@ total_size[3]="819M" mount_point[1]="/home" mount_point[2]="/" -mount_point[3]="/tmp" \ No newline at end of file +mount_point[3]="/tmp" + +[log_modules] + +source[1]="httpd" +data[1]='127.0.0.1 - "GET /index.html HTTP/1.1" 200 3456 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[2]="httpd" +data[2]='192.168.1.1 - "POST /submit.php HTTP/1.1" 302 0 "https://example.com/form" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[3]="httpd" +data[3]='10.0.0.2 - "GET /images/logo.png HTTP/1.1" 304 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Mobile/15E148 Safari/604.1"' + +source[4]="httpd" +data[4]='172.16.0.1 - "GET /page/about-us HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[5]="httpd" +data[5]='192.168.0.10 - "GET /css/style.css HTTP/1.1" 200 768 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[6]="httpd" +data[6]='203.0.113.45 - "GET /blog/post-123 HTTP/1.1" 200 5432 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[7]="httpd" +data[7]='54.78.90.12 - "GET /category/api-reference HTTP/1.1" 200 6543 "-" "Mozilla/5.0 (Linux; Android 10; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.181 Mobile Safari/537.36"' + +source[8]="httpd" +data[8]='88.77.66.55 - "GET /contact-us HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[9]="httpd" +data[9]='198.51.100.23 - "GET /images/photo.jpg HTTP/1.1" 200 4567 "https://example.com/gallery" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[10]="httpd" +data[10]='128.0.0.1 - "GET /downloads/file.zip HTTP/1.1" 200 12345 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"' + +source[11]="mysqld" +data[11]="[Warning] Aborted connection 123 to db: 'your_database' user: 'your_user' host: '192.168.1.100' (Got an error reading communication packets)" + +source[12]="mysqld" +data[12]="[ERROR] Table 'your_database.your_table' doesn't exist" + +source[13]="mysqld" +data[13]="[Note] Starting crash recovery..." + +source[14]="mysqld" +data[14]="[Warning] Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. Statement is unsafe because it uses a LIMIT clause. Use a different log bin event type." + +source[15]="mysqld" +data[15]="[ERROR] Out of memory; check if mysqld or some other process uses all available memory; if not, you may have to use 'ulimit' to allow mysqld to use more memory or you can add more swap space" + +source[16]="mysqld" +data[16]="[Note] Aborted connection 456 to db: 'another_database' user: 'another_user' host: 'localhost' (Got timeout reading communication packets)" + +source[17]="mysqld" +data[17]="[ERROR] Can't create a new thread (errno 11); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug" + +source[18]="mysqld" +data[18]="[Warning] 'user' entry 'your_user@localhost' ignored in --skip-name-resolve mode." + +source[19]="mysqld" +data[19]="[Note] InnoDB: Starting rollback of uncommitted transactions" + +source[20]="mysqld" +data[20]="[ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed." \ No newline at end of file diff --git a/pandora_server/util/plugin/pandora_demo_agents.pl b/pandora_server/util/plugin/pandora_demo_agents.pl index d58472aa66..88ec91bf2c 100644 --- a/pandora_server/util/plugin/pandora_demo_agents.pl +++ b/pandora_server/util/plugin/pandora_demo_agents.pl @@ -197,6 +197,19 @@ sub parse_ini_file { $ini_data{'inventory_values'} = {}; } + # Initialize log modules keys + if(!defined($ini_data{'log_modules'})) { + $ini_data{'log_modules'} = {}; + } + + if(!defined($ini_data{'log_modules'}{'source'})) { + $ini_data{'log_modules'}{'source'} = {}; + } + + if(!defined($ini_data{'log_modules'}{'data'})) { + $ini_data{'log_modules'}{'data'} = {}; + } + # Initialize traps keys if(!defined($ini_data{'traps'})) { $ini_data{'traps'} = {}; @@ -518,6 +531,32 @@ sub generate_agent($) { $xml .= "\n"; } + # Append log module data to XML (only once a day at 00:00) + if (!empty($sorted_ini[$current_ini]->{'log_modules'}->{'source'}) && !empty($sorted_ini[$current_ini]->{'log_modules'}->{'data'})) { + + # Remove agent_data closing tag + $xml =~ s/<\/agent_data>//i; + + # Add log modules for each source + foreach my $log_source (sort keys %{$sorted_ini[$current_ini]->{'log_modules'}->{'source'}}) { + # Only if data is defined + if(defined($sorted_ini[$current_ini]->{'log_modules'}->{'data'}->{$log_source})) { + # Add log module 50% of times + if(get_bool(50)) { + my $log_data = $sorted_ini[$current_ini]->{'log_modules'}->{'data'}->{$log_source}; + + $xml .= "\n"; + $xml .= "\t\n"; + $xml .= "\t\n"; + $xml .= "\n"; + } + } + } + + # Close agent_data tag again + $xml .= "\n"; + } + # Get file name MD5 my $file_md5 = md5_hex($agent->{'agent_name'});