jmpsec · javuto · Apr 11, 2020 · Apr 11, 2020
diff --git a/admin/handlers/handlers.go b/admin/handlers/handlers.go
@@ -5,6 +5,7 @@ import (
 	"github.com/jmpsec/osctrl/admin/sessions"
 	"github.com/jmpsec/osctrl/carves"
 	"github.com/jmpsec/osctrl/environments"
+	"github.com/jmpsec/osctrl/logging"
 	"github.com/jmpsec/osctrl/metrics"
 	"github.com/jmpsec/osctrl/nodes"
 	"github.com/jmpsec/osctrl/queries"
@@ -43,6 +44,7 @@ type HandlersAdmin struct {
 	Carves         *carves.Carves
 	Settings       *settings.Settings
 	Metrics        *metrics.Metrics
+	LoggerDB       *logging.LoggerDB
 	Sessions       *sessions.SessionManager
 	ServiceVersion string
 	OsqueryTables  []types.OsqueryTable
@@ -99,6 +101,12 @@ func WithMetrics(metrics *metrics.Metrics) HandlersOption {
 	}
 }
 
+func WithLoggerDB(logger *logging.LoggerDB) HandlersOption {
+	return func(h *HandlersAdmin) {
+		h.LoggerDB = logger
+	}
+}
+
 func WithSessions(sessions *sessions.SessionManager) HandlersOption {
 	return func(h *HandlersAdmin) {
 		h.Sessions = sessions

diff --git a/admin/handlers/json-logs.go b/admin/handlers/json-logs.go
@@ -109,7 +109,7 @@ func (h *HandlersAdmin) JSONLogsHandler(w http.ResponseWriter, r *http.Request)
 	// Get logs
 	logJSON := []LogJSON{}
 	if logType == "status" {
-		statusLogs, err := h.postgresStatusLogs(UUID, env, secondsBack)
+		statusLogs, err := h.LoggerDB.StatusLogs(UUID, env, secondsBack)
 		if err != nil {
 			log.Printf("error getting logs %v", err)
 			h.Inc(metricJSONErr)
@@ -129,7 +129,7 @@ func (h *HandlersAdmin) JSONLogsHandler(w http.ResponseWriter, r *http.Request)
 			logJSON = append(logJSON, _l)
 		}
 	} else if logType == "result" {
-		resultLogs, err := h.postgresResultLogs(UUID, env, secondsBack)
+		resultLogs, err := h.LoggerDB.ResultLogs(UUID, env, secondsBack)
 		if err != nil {
 			log.Printf("error getting logs %v", err)
 			h.Inc(metricJSONErr)
@@ -178,7 +178,7 @@ func (h *HandlersAdmin) JSONQueryLogsHandler(w http.ResponseWriter, r *http.Requ
 		return
 	}
 	// Get logs
-	queryLogs, err := h.postgresQueryLogs(name)
+	queryLogs, err := h.LoggerDB.QueryLogs(name)
 	if err != nil {
 		log.Printf("error getting logs %v", err)
 		h.Inc(metricJSONErr)

diff --git a/admin/handlers/postgres.go b/admin/handlers/postgres.go
diff --git a/admin/main.go b/admin/main.go
@@ -16,6 +16,7 @@ import (
 	"github.com/jmpsec/osctrl/backend"
 	"github.com/jmpsec/osctrl/carves"
 	"github.com/jmpsec/osctrl/environments"
+	"github.com/jmpsec/osctrl/logging"
 	"github.com/jmpsec/osctrl/metrics"
 	"github.com/jmpsec/osctrl/nodes"
 	"github.com/jmpsec/osctrl/queries"
@@ -108,6 +109,7 @@ var (
 	osqueryTables []types.OsqueryTable
 	adminMetrics  *metrics.Metrics
 	handlersAdmin *ahandlers.HandlersAdmin
+	loggerDB      *logging.LoggerDB
 )
 
 // Variables for flags
@@ -280,7 +282,11 @@ func main() {
 	if err != nil {
 		log.Fatalf("Error loading metrics - %v", err)
 	}
-
+	// Initialize DB logger
+	loggerDB, err = logging.CreateLoggerDB(*dbFlag, backend.DBKey)
+	if err != nil {
+		log.Fatalf("Error loading logger - %v", err)
+	}
 	// Start SAML Middleware if we are using SAML
 	if adminConfig.Auth == settings.AuthSAML {
 		if settingsmgr.DebugService(settings.ServiceAdmin) {
@@ -330,6 +336,7 @@ func main() {
 		ahandlers.WithCarves(carvesmgr),
 		ahandlers.WithSettings(settingsmgr),
 		ahandlers.WithMetrics(adminMetrics),
+		ahandlers.WithLoggerDB(loggerDB),
 		ahandlers.WithSessions(sessionsmgr),
 		ahandlers.WithVersion(serviceVersion),
 		ahandlers.WithOsqueryTables(osqueryTables),

diff --git a/admin/static/js/nodeactions.js b/admin/static/js/nodeactions.js
@@ -85,3 +85,10 @@ function showCarveFiles(_uuids) {
   });
   $("#carveModal").modal();
 }
+
+function changeBackValue(table_id, range_input, range_output) {
+  range_output.value = range_input.value;
+  var table = $('#' + table_id).DataTable();
+  var _url = table.ajax.url();
+  table.ajax.url(_url.split('seconds=')[0] + 'seconds=' + (range_output.value*3600));
+}
diff --git a/admin/templates/conf.html b/admin/templates/conf.html
@@ -42,7 +42,7 @@
                         <label for="conf_range">Configuration Interval: <b><output id="conf_output">{{ .Environment.ConfigInterval }}</output></b> seconds</label>
                         <input type="range" class="form-control-range" id="conf_range"
                           value="{{ .Environment.ConfigInterval }}" min="10" max="600" step="10"
-                          oninput="changeIntervalValue('conf_range', 'conf_output');">
+                          oninput="changeIntervalValue(conf_range, conf_output);">
                         <input id="conf_range_save" type="hidden" value="{{ .Environment.ConfigInterval }}">
                       </div>
                     </div>
@@ -52,7 +52,7 @@
                       <label for="logging_range">Logging Interval: <b><output id="logging_output">{{ .Environment.LogInterval }}</output></b> seconds</label>
                       <input type="range" class="form-control-range" id="logging_range"
                         value="{{ .Environment.LogInterval }}" min="10" max="600" step="10"
-                        oninput="changeIntervalValue('logging_range', 'logging_output');">
+                        oninput="changeIntervalValue(logging_range, logging_output);">
                       <input id="logging_range_save" type="hidden" value="{{ .Environment.LogInterval }}">
                     </div>
                   </div>
@@ -61,7 +61,7 @@
                       <label for="query_range">Query Interval: <b><output id="query_output">{{ .Environment.QueryInterval }}</output></b> seconds</label>
                       <input type="range" class="form-control-range" id="query_range"
                         value="{{ .Environment.QueryInterval }}" min="10" max="300" step="1"
-                        oninput="changeIntervalValue('query_range', 'query_output');">
+                        oninput="changeIntervalValue(query_range, query_output);">
                       <input id="query_range_save" type="hidden" value="{{ .Environment.QueryInterval }}">
                     </div>
                   </div>

diff --git a/admin/templates/node.html b/admin/templates/node.html
@@ -291,7 +291,10 @@
                       <div class="tab-pane fade" id="status-logs" role="tabpanel">
                         <div class="card mt-2">
                           <div id="status-card-header" class="card-header">
-                            <i class="fas fa-stream"></i> Last 6 hours of status logs for node {{ .UUID }}
+                            <i class="fas fa-stream"></i>
+                            <label for="back_hours_status">Last <b><output id="back_output_status">6</output></b> hours of status logs for node {{ .UUID }}</label>
+                            <input type="range" class="form-control-range" id="back_hours_status"
+                            value="6" min="1" max="24" step="1" oninput="changeBackValue('tableStatusLogs', back_hours_status, back_output_status);">
                             <div class="card-header-actions">
                               <small>Refresh in <span id="status_refresh_seconds">60</span> seconds</small>
                               <button id="status_refresh_pause" class="btn btn-sm btn-outline-dark" data-tooltip="true"
@@ -337,7 +340,10 @@
                       <div class="tab-pane fade" id="result-logs" role="tabpanel">
                         <div class="card mt-2">
                           <div id="result-card-header" class="card-header">
-                            <i class="fas fa-stream"></i> Last 6 hours of result logs for node {{ .UUID }}
+                            <i class="fas fa-stream"></i>
+                            <label for="back_hours_result">Last <b><output id="back_output_result">6</output></b> hours of status logs for node {{ .UUID }}</label>
+                            <input type="range" class="form-control-range" id="back_hours_result"
+                            value="6" min="1" max="24" step="1" oninput="changeBackValue('tableResultLogs', back_hours_result, back_output_result);">
                             <div class="card-header-actions">
                               <small>Refresh in <span id="result_refresh_seconds">60</span> seconds</small>
                               <button id="result_refresh_pause" class="btn btn-sm btn-outline-dark" data-tooltip="true"
@@ -442,7 +448,7 @@
           searching : true,
           processing : true,
           ajax : {
-            url: "/json/logs/status/{{ .Environment }}/{{ .UUID }}",
+            url: "/json/logs/status/{{ .Environment }}/{{ .UUID }}?seconds=" + ($("#back_hours_status").val() * 3600),
             dataSrc: function(json) {
               $('#status-card-header').removeClass("bg-danger");
               return json.data;
@@ -466,8 +472,6 @@
         });
         // Display the number of seconds left and refresh for status logs
         var refreshSecondsStatus = 60;
-        // Time to go back in seconds, default is 6 hours
-        var refreshBackSeconds = 21600;
         var timeLeftStatus = refreshSecondsStatus;
         var tableTimerStatus = setInterval(function(){
           if (document.getElementById("status_refresh_value").value === 'yes') {
@@ -476,7 +480,6 @@
           document.getElementById("status_refresh_seconds").textContent = timeLeftStatus;
           if (timeLeftStatus <= 0) {
             timeLeftStatus = refreshSecondsStatus;
-            tableStatusLogs.ajax.url("/json/logs/status/{{ .Environment }}/{{ .UUID }}?seconds=" + refreshBackSeconds);
             tableStatusLogs.ajax.reload();
           }
         },1000);
@@ -489,7 +492,7 @@
           searching : true,
           processing : true,
           ajax : {
-            url: "/json/logs/result/{{ .Environment }}/{{ .UUID }}",
+            url: "/json/logs/result/{{ .Environment }}/{{ .UUID }}?seconds=" + (back_output_result.value * 3600),
             dataSrc: function(json) {
               $('#result-card-header').removeClass("bg-danger");
               return json.data;
@@ -514,8 +517,6 @@
 
         // Display the number of seconds left and refresh for result logs
         var refreshSecondsResult = 60;
-        // Time to go back in seconds, default is 6 hours
-        var refreshBackSeconds = 21600;
         var timeLeftResult = refreshSecondsResult;
         var tableTimerResult = setInterval(function(){
           if (document.getElementById("result_refresh_value").value === 'yes') {
@@ -524,7 +525,6 @@
           document.getElementById("result_refresh_seconds").textContent = timeLeftResult;
           if (timeLeftResult <= 0) {
             timeLeftResult = refreshSecondsResult;
-            tableResultLogs.ajax.url("/json/logs/result/{{ .Environment }}/{{ .UUID }}?seconds=" + refreshBackSeconds);
             tableResultLogs.ajax.reload();
           }
         },1000);

diff --git a/logging/db.go b/logging/db.go
@@ -3,6 +3,7 @@ package logging
 import (
 	"encoding/json"
 	"log"
+	"time"
 
 	"github.com/jinzhu/gorm"
 
@@ -11,13 +12,6 @@ import (
 	"github.com/jmpsec/osctrl/types"
 )
 
-const (
-	// DBName as JSON key for configuration
-	DBName string = "db"
-	// DBFile as default file for configuration
-	DBFile string = "config/" + DBName + ".json"
-)
-
 // OsqueryResultData to log result data to database
 type OsqueryResultData struct {
 	gorm.Model
@@ -59,9 +53,9 @@ type LoggerDB struct {
 	Enabled       bool
 }
 
-func CreateLoggerDB() (*LoggerDB, error) {
+func CreateLoggerDB(dbfile, dbname string) (*LoggerDB, error) {
 	// Load DB configuration
-	config, err := backend.LoadConfiguration(DBFile, DBName)
+	config, err := backend.LoadConfiguration(dbfile, dbname)
 	if err != nil {
 		return nil, err
 	}
@@ -75,6 +69,18 @@ func CreateLoggerDB() (*LoggerDB, error) {
 		Configuration: config,
 		Enabled:       true,
 	}
+	// table osquery_status_data
+	if err := database.AutoMigrate(OsqueryStatusData{}).Error; err != nil {
+		log.Fatalf("Failed to AutoMigrate table (osquery_status_data): %v", err)
+	}
+	// table osquery_result_data
+	if err := database.AutoMigrate(OsqueryResultData{}).Error; err != nil {
+		log.Fatalf("Failed to AutoMigrate table (osquery_result_data): %v", err)
+	}
+	// table osquery_query_data
+	if err := database.AutoMigrate(OsqueryQueryData{}).Error; err != nil {
+		log.Fatalf("Failed to AutoMigrate table (osquery_query_data): %v", err)
+	}
 	return l, nil
 }
 
@@ -195,3 +201,32 @@ func (logDB *LoggerDB) Query(data []byte, environment, uuid, name string, status
 		log.Printf("NewRecord did not return true")
 	}
 }
+
+// QueryLogs will retrieve all query logs
+func (logDB *LoggerDB) QueryLogs(name string) ([]OsqueryQueryData, error) {
+	var logs []OsqueryQueryData
+	if err := logDB.Database.Where("name = ?", name).Find(&logs).Error; err != nil {
+		return logs, err
+	}
+	return logs, nil
+}
+
+// StatusLogs will retrieve all status logs
+func (logDB *LoggerDB) StatusLogs(uuid, environment string, seconds int64) ([]OsqueryStatusData, error) {
+	var logs []OsqueryStatusData
+	minusSeconds := time.Now().Add(time.Duration(-seconds) * time.Second)
+	if err := logDB.Database.Where("uuid = ? AND environment = ?", uuid, environment).Where("created_at > ?", minusSeconds).Find(&logs).Error; err != nil {
+		return logs, err
+	}
+	return logs, nil
+}
+
+// ResultLogs will retrieve all result logs
+func (logDB *LoggerDB) ResultLogs(uuid, environment string, seconds int64) ([]OsqueryResultData, error) {
+	var logs []OsqueryResultData
+	minusSeconds := time.Now().Add(time.Duration(-seconds) * time.Second)
+	if err := logDB.Database.Where("uuid = ? AND environment = ?", uuid, environment).Where("created_at > ?", minusSeconds).Find(&logs).Error; err != nil {
+		return logs, err
+	}
+	return logs, nil
+}