-
-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
agent: refactor; use simpler config abstraction
The agent will now also monitor for new log files that may show up after agent start.
- Loading branch information
Showing
23 changed files
with
850 additions
and
708 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +0,0 @@ | ||
#fn_args_layout = "compressed" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
// SPDX-License-Identifier: MIT | ||
// | ||
// Copyright (C) 2020-2022 Jason Ish | ||
|
||
// EveBox agent client (to EveBox server) | ||
#[derive(Clone, Debug)] | ||
pub struct Client { | ||
url: String, | ||
disable_certificate_validation: bool, | ||
username: Option<String>, | ||
password: Option<String>, | ||
} | ||
|
||
impl Client { | ||
pub fn new( | ||
url: &str, | ||
username: Option<String>, | ||
password: Option<String>, | ||
disable_certificate_validation: bool, | ||
) -> Self { | ||
Self { | ||
url: url.to_string(), | ||
disable_certificate_validation, | ||
username, | ||
password, | ||
} | ||
} | ||
|
||
pub fn get_http_client(&self) -> Result<reqwest::Client, reqwest::Error> { | ||
let mut builder = reqwest::Client::builder(); | ||
if self.disable_certificate_validation { | ||
builder = builder.danger_accept_invalid_certs(true); | ||
} | ||
builder.build() | ||
} | ||
|
||
pub fn post(&self, path: &str) -> Result<reqwest::RequestBuilder, reqwest::Error> { | ||
let url = format!("{}/{}", self.url, path); | ||
let request = self | ||
.get_http_client()? | ||
.post(&url) | ||
.header("Content-Type", "application/json"); | ||
let request = if let Some(username) = &self.username { | ||
request.basic_auth(username, self.password.clone()) | ||
} else { | ||
request | ||
}; | ||
Ok(request) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
// SPDX-License-Identifier: MIT | ||
// | ||
// Copyright (C) 2020-2022 Jason Ish | ||
// EveBox agent import. For importing events to an EveBox server. | ||
|
||
use crate::agent::client::Client; | ||
use crate::eve::eve::EveJson; | ||
use tracing::trace; | ||
|
||
#[derive(Debug, Clone)] | ||
pub struct EveboxImporter { | ||
pub client: Client, | ||
pub queue: Vec<String>, | ||
} | ||
|
||
impl EveboxImporter { | ||
pub fn new(client: Client) -> Self { | ||
Self { | ||
queue: Vec::new(), | ||
client: client, | ||
} | ||
} | ||
|
||
pub async fn submit( | ||
&mut self, | ||
event: EveJson, | ||
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> { | ||
self.queue.push(event.to_string()); | ||
Ok(()) | ||
} | ||
|
||
pub fn pending(&self) -> usize { | ||
self.queue.len() | ||
} | ||
|
||
pub async fn commit(&mut self) -> anyhow::Result<usize> { | ||
let n = self.queue.len(); | ||
let body = self.queue.join("\n"); | ||
let size = body.len(); | ||
trace!("Committing {} events (bytes: {})", n, size); | ||
let r = self.client.post("api/1/submit")?.body(body).send().await?; | ||
let status_code = r.status(); | ||
if status_code != 200 { | ||
let response_body = r.text().await?; | ||
if !response_body.is_empty() { | ||
if let Ok(error) = serde_json::from_str::<serde_json::Value>(&response_body) { | ||
if let serde_json::Value::String(error) = &error["error"] { | ||
return Err(anyhow!("{}", error)); | ||
} | ||
} | ||
return Err(anyhow!("{}", response_body)); | ||
} | ||
return Err(anyhow!("Server returned status code {}", status_code)); | ||
} | ||
self.queue.truncate(0); | ||
Ok(n) | ||
} | ||
} |
Oops, something went wrong.