-
Notifications
You must be signed in to change notification settings - Fork 421
/
config.go
171 lines (154 loc) · 5.12 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
package csconfig
import (
"flag"
"fmt"
"io/ioutil"
"path/filepath"
"os"
"github.com/crowdsecurity/crowdsec/pkg/cwversion"
"github.com/crowdsecurity/crowdsec/pkg/outputs"
log "github.com/sirupsen/logrus"
"gopkg.in/yaml.v2"
)
// CrowdSec is the structure of the crowdsec configuration
type CrowdSec struct {
WorkingFolder string `yaml:"working_dir,omitempty"`
DataFolder string `yaml:"data_dir,omitempty"`
ConfigFolder string `yaml:"config_dir,omitempty"`
AcquisitionFile string `yaml:"acquis_path,omitempty"`
SingleFile string //for forensic mode
SingleFileLabel string //for forensic mode
PIDFolder string `yaml:"pid_dir,omitempty"`
LogFolder string `yaml:"log_dir,omitempty"`
LogMode string `yaml:"log_mode,omitempty"` //like file, syslog or stdout ?
LogLevel log.Level `yaml:"log_level,omitempty"` //trace,debug,info,warning,error
Daemonize bool `yaml:"daemon,omitempty"` //true -> go background
Profiling bool `yaml:"profiling,omitempty"` //true -> enable runtime profiling
SQLiteFile string `yaml:"sqlite_path,omitempty"` //path to sqlite output
APIMode bool `yaml:"apimode,omitempty"` //true -> enable api push
CsCliFolder string `yaml:"cscli_dir"` //cscli folder
NbParsers int `yaml:"parser_routines"` //the number of go routines to start for parsing
Linter bool
Prometheus bool
HTTPListen string `yaml:"http_listen,omitempty"`
RestoreMode string
DumpBuckets bool
OutputConfig *outputs.OutputFactory `yaml:"plugin"`
}
// NewCrowdSecConfig create a new crowdsec configuration with default configuration
func NewCrowdSecConfig() *CrowdSec {
return &CrowdSec{
LogLevel: log.InfoLevel,
Daemonize: false,
Profiling: false,
WorkingFolder: "/tmp/",
DataFolder: "/var/lib/crowdsec/data/",
ConfigFolder: "/etc/crowdsec/config/",
PIDFolder: "/var/run/",
LogFolder: "/var/log/",
LogMode: "stdout",
SQLiteFile: "/var/lib/crowdsec/data/crowdsec.db",
APIMode: false,
NbParsers: 1,
Prometheus: false,
HTTPListen: "127.0.0.1:6060",
}
}
func (c *CrowdSec) GetCliConfig(configFile *string) error {
/*overriden by cfg file*/
if *configFile != "" {
rcfg, err := ioutil.ReadFile(*configFile)
if err != nil {
return fmt.Errorf("read '%s' : %s", *configFile, err)
}
if err := yaml.UnmarshalStrict(rcfg, c); err != nil {
return fmt.Errorf("parse '%s' : %s", *configFile, err)
}
if c.AcquisitionFile == "" {
c.AcquisitionFile = filepath.Clean(c.ConfigFolder + "/acquis.yaml")
}
}
return nil
}
// GetOPT return flags parsed from command line
func (c *CrowdSec) GetOPT() error {
AcquisitionFile := flag.String("acquis", "", "path to acquis.yaml")
configFile := flag.String("c", "", "configuration file")
printTrace := flag.Bool("trace", false, "VERY verbose")
printDebug := flag.Bool("debug", false, "print debug-level on stdout")
printInfo := flag.Bool("info", false, "print info-level on stdout")
printVersion := flag.Bool("version", false, "display version")
APIMode := flag.Bool("api", false, "perform pushes to api")
SQLiteMode := flag.Bool("sqlite", true, "write overflows to sqlite")
profileMode := flag.Bool("profile", false, "Enable performance profiling")
catFile := flag.String("file", "", "Process a single file in time-machine")
catFileType := flag.String("type", "", "Labels.type for file in time-machine")
daemonMode := flag.Bool("daemon", false, "Daemonize, go background, drop PID file, log to file")
testMode := flag.Bool("t", false, "only test configs")
prometheus := flag.Bool("prometheus-metrics", false, "expose http prometheus collector (see http_listen)")
restoreMode := flag.String("restore-state", "", "[dev] restore buckets state from json file")
dumpMode := flag.Bool("dump-state", false, "[dev] Dump bucket state at the end of run.")
flag.Parse()
if *printVersion {
cwversion.Show()
os.Exit(0)
}
if *catFile != "" {
if *catFileType == "" {
log.Fatalf("-file requires -type")
}
c.SingleFile = *catFile
c.SingleFileLabel = *catFileType
}
/*overriden by cfg file*/
if *configFile != "" {
rcfg, err := ioutil.ReadFile(*configFile)
if err != nil {
return fmt.Errorf("read '%s' : %s", *configFile, err)
}
if err := yaml.UnmarshalStrict(rcfg, c); err != nil {
return fmt.Errorf("parse '%s' : %s", *configFile, err)
}
if c.AcquisitionFile == "" {
c.AcquisitionFile = filepath.Clean(c.ConfigFolder + "/acquis.yaml")
}
}
if *AcquisitionFile != "" {
c.AcquisitionFile = *AcquisitionFile
}
if *dumpMode {
c.DumpBuckets = true
}
if *prometheus {
c.Prometheus = true
}
if *testMode {
c.Linter = true
}
/*overriden by cmdline*/
if *daemonMode {
c.Daemonize = true
}
if *profileMode {
c.Profiling = true
}
if *printDebug {
c.LogLevel = log.DebugLevel
}
if *printInfo {
c.LogLevel = log.InfoLevel
}
if *printTrace {
c.LogLevel = log.TraceLevel
}
if !*SQLiteMode {
c.SQLiteFile = ""
}
if *APIMode {
c.APIMode = true
}
if *restoreMode != "" {
c.RestoreMode = *restoreMode
}
return nil
}