Merge pull request #1596 from atomicturtle/json-update-01

JSON output support for archives.log and agent_control
ossec · Dec 17, 2018 · 20438ca · 20438ca
2 parents 4da7333 + 9b5b8fa
commit 20438ca
Show file tree

Hide file tree

Showing 19 changed files with 690 additions and 25 deletions.
diff --git a/src/addagent/manage_agents.c b/src/addagent/manage_agents.c
@@ -320,7 +320,7 @@ int remove_agent()
 
 
 
-    if (!print_agents(0, 0, 0)) {
+    if (!print_agents(0, 0, 0, 0)) {
         printf(NO_AGENT);
         return (0);
     }
@@ -416,7 +416,7 @@ int remove_agent()
 
 int list_agents(int cmdlist)
 {
-    if (!print_agents(0, 0, 0)) {
+    if (!print_agents(0, 0, 0, 0)) {
         printf(NO_AGENT);
     }
 

diff --git a/src/addagent/manage_agents.h b/src/addagent/manage_agents.h
@@ -41,7 +41,7 @@ double OS_AgentAntiquity(const char *id);
 void FormatID(char *id);
 
 /* Print available agents */
-int print_agents(int print_status, int active_only, int csv_output);
+int print_agents(int print_status, int active_only, int csv_output, int json_output);
 int list_agents(int cmdlist);
 
 /* Clear a line */

diff --git a/src/addagent/manage_keys.c b/src/addagent/manage_keys.c
@@ -197,7 +197,7 @@ int k_extract(const char *cmdextract)
             exit(1);
         }
     } else {
-        if (!print_agents(0, 0, 0)) {
+        if (!print_agents(0, 0, 0, 0)) {
             printf(NO_AGENT);
             printf(PRESS_ENTER);
             read_from_user();

diff --git a/src/addagent/validate.c b/src/addagent/validate.c
@@ -509,7 +509,7 @@ double OS_AgentAntiquity(const char *id)
 }
 
 /* Print available agents */
-int print_agents(int print_status, int active_only, int csv_output)
+int print_agents(int print_status, int active_only, int csv_output, int json_output)
 {
     int total = 0;
     FILE *fp;
@@ -563,11 +563,11 @@ int print_agents(int print_status, int active_only, int csv_output)
                         }
 
                         if (csv_output) {
-                            printf("%s,%s,%s,%s,\n", line_read, name, ip,
-                                   print_agent_status(agt_status));
-                        } else {
-                            printf(PRINT_AGENT_STATUS, line_read, name, ip,
-                                   print_agent_status(agt_status));
+                            printf("%s,%s,%s,%s,\n", line_read, name, ip, print_agent_status(agt_status));
+			}else if (json_output) {
+			   printf(", { \"ID\" : \"%s\", \"Name\" : \"%s\", \"IP\": \"%s\", \"Status\" : \"%s\" }",line_read, name, ip, print_agent_status(agt_status));
+			} else {
+                            printf(PRINT_AGENT_STATUS, line_read, name, ip, print_agent_status(agt_status));
                         }
                     } else {
                         printf(PRINT_AGENT, line_read, name, ip);
@@ -583,7 +583,7 @@ int print_agents(int print_status, int active_only, int csv_output)
         DIR *dirp;
         struct dirent *dp;
 
-        if (!csv_output) {
+        if (!csv_output && !json_output) {
             printf("\nList of agentless devices:\n");
         }
 

diff --git a/src/analysisd/alerts/getloglocation.c b/src/analysisd/alerts/getloglocation.c
@@ -17,14 +17,15 @@ FILE *_eflog;
 FILE *_aflog;
 FILE *_fflog;
 FILE *_jflog;
+FILE *_ejflog;
 
 /* Global variables */
 static int  __crt_day;
 static char __elogfile[OS_FLSIZE + 1];
 static char __alogfile[OS_FLSIZE + 1];
 static char __flogfile[OS_FLSIZE + 1];
 static char __jlogfile[OS_FLSIZE + 1];
-
+static char __ejlogfile[OS_FLSIZE + 1];
 
 void OS_InitLog()
 {
@@ -37,11 +38,13 @@ void OS_InitLog()
     memset(__elogfile, '\0', OS_FLSIZE + 1);
     memset(__flogfile, '\0', OS_FLSIZE + 1);
     memset(__jlogfile, '\0', OS_FLSIZE + 1);
+    memset(__ejlogfile, '\0', OS_FLSIZE + 1);
 
     _eflog = NULL;
     _aflog = NULL;
     _fflog = NULL;
     _jflog = NULL;
+    _ejflog = NULL;
 
     /* Set the umask */
     umask(0027);
@@ -53,7 +56,8 @@ int OS_GetLogLocation(const Eventinfo *lf)
      * Check if the year directory is there
      * If not, create it. Same for the month directory.
      */
-
+
+
     /* For the events */
     if (_eflog) {
         if (ftell(_eflog) == 0) {
@@ -95,7 +99,30 @@ int OS_GetLogLocation(const Eventinfo *lf)
     if (link(__elogfile, EVENTS_DAILY) == -1) {
         ErrorExit(LINK_ERROR, ARGV0, __elogfile, EVENTS_DAILY, errno, strerror(errno));
     }
+    /* For the events in JSON */
+    if (Config.jsonout_output) {
+        /* Create the json archives logfile name */
+        snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
+                 EVENTS,
+                 lf->year,
+                 lf->mon,
+                 "archive",
+                 lf->day);
+
+        _ejflog = fopen(__ejlogfile, "a");
 
+        if (!_ejflog) {
+            ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __ejlogfile);
+        }
+
+        /* Create a symlink */
+        unlink(EVENTSJSON_DAILY);
+
+        if (link(__ejlogfile, EVENTSJSON_DAILY) == -1) {
+            ErrorExit(LINK_ERROR, ARGV0, __ejlogfile, EVENTSJSON_DAILY, errno, strerror(errno));
+        }
+    }
+
     /* For the alerts logs */
     if (_aflog) {
         if (ftell(_aflog) == 0) {

diff --git a/src/analysisd/alerts/getloglocation.h b/src/analysisd/alerts/getloglocation.h
@@ -23,6 +23,7 @@ int OS_GetLogLocation(const Eventinfo *lf);
 
 /* Global declarations */
 extern FILE *_eflog;
+extern FILE *_ejflog;
 extern FILE *_aflog;
 extern FILE *_fflog;
 extern FILE *_jflog;

diff --git a/src/analysisd/analysisd.c b/src/analysisd/analysisd.c
@@ -1030,6 +1030,7 @@ void OS_ReadMSG_analysisd(int m_queue)
             /* If configured to log all, do it */
             if (Config.logall) {
                 OS_Store(lf);
+                jsonout_output_archive(lf);
             }
 
 CLMEM: