Please support JSON as report format

[hvhaugwitz]

To better support processing of the report by machines, AIDE should support JSON as report format.

[elico]

@hvhaugwitz Are there any missing parameters in the current format?

[hvhaugwitz]

What do you mean by missing parameters in the current format?

[elico]

@hvhaugwitz as a transition phase a simple report conversion to json can help.
As far as I can tell from what I see in my reports is that every section of the report has it's own format ie:

command
Start time
AIDE found differences between database and filesystem!!
<\n>
<title:>Summary:
<\s\s> section
<\n>
<--....>
<title:>Added entries:
<--....>
<\n>
<list of new files and directories>
<\n>
<--....>
<title:>Changed entries:
<--....>
<\n>
<list of changed enteries>
<\n>
<--....>
<title:>Detailed information about changes:
<--....>
<\n>
<list of file changes with a leading space to each section/file and separated by a \n>
<\n>
<--....>
<title:>The attributes of the (uncompressed) database(s):
<--....>
<\n>
<DB Attributes>
<\n>
<\n>
<End timestamp>
<\n>

I believe it's pretty easy to script the basic transformation to json.

[hvhaugwitz]

Sure, it should be possible to write a wrapper script to transform the current (human) report format to JSON format. The native support for JSON report format is planned for the upcoming release.

[elico]

@hvhaugwitz Is there any specific date for this release?

[elico]

@hvhaugwitz I wrote this tiny tool that converts a specific example log file into an experimental json format.
https://github.com/elico/aide-tools

Of-course it's basic parser so it would be possible to do better job later.
It will probably be useful for older systems which doesn't have the option to re-compile and install aide.
With enough work on this script it would be possible to also export to external DBs if not supported or to report an external URL on a change in the system.

I wanted to know if the format I am using is similar to what you have planned for aide.
Also any specific improvements to my script are more then welcome.
The license is not there yet but it's MIT 3 Clause BSD.

[hvhaugwitz]

@hvhaugwitz Is there any specific date for this release?

No, not yet.

I wanted to know if the format I am using is similar to what you have planned for aide.

Can you provide an example json output along with your example log file?

The license is not there yet but it's MIT 3 Clause BSD.

Please add a license so others can use your script without knowing this issue.

[elico]

@hvhaugwitz
https://github.com/elico/aide-tools/blob/master/example-report-1.json

[elico]

@hvhaugwitz I'm looking for other logs to verify what I might be able to improve in the parser.

[arafatx]

Using wrapper for json output would be slow. Love to see this feature would be added as a native option.

[konstantin-921]

We plan to send AIDE reports to the ELK and process them like normal logs. It would be ideal for us if the reports supported JSON format because it would make it much easier to process reports at Logstash level.

[hvhaugwitz]

Native json support for reports is now available in master branch.

Please give it a try and report back any issues.

[munntjlx]

has this been comitted to any release yet?

[hvhaugwitz]

has this been comitted to any release yet?

This has been released with AIDE 0.18 (see https://github.com/aide/aide/blob/v0.18.6/NEWS#L51)