Add API JSON log handling #11171
Merged
Add API JSON log handling #11171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 tasks
Kondent
force-pushed
the
feature/10867-api-json-log
branch
3 times, most recently
from
1b1c8bc
to
3560b61
Compare
Kondent
force-pushed
the
feature/10867-api-json-log
branch
3 times, most recently
from
6337ad3
to
3f1f2f2
Compare
Kondent
force-pushed
the
feature/10867-api-json-log
branch
3 times, most recently
from
e14b911
to
5c78316
Compare
Kondent
force-pushed
the
feature/10867-api-json-log
branch
from
04d3565
to
66f1103
Compare
mcarmona99
suggested changes
Feb 17, 2022
Kondent
force-pushed
the
feature/10867-api-json-log
branch
from
a600133
to
43a38e7
Compare
This was referenced Mar 4, 2022
added 18 commits
March 18, 2022 16:13
mcarmona99
force-pushed
the
feature/10867-api-json-log
branch
from
9963eef
to
bfba0a8
Compare
davidjiglesias
approved these changes
Apr 20, 2022
mcarmona99
pushed a commit
that referenced
this pull request
Apr 21, 2022
* Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
mcarmona99
pushed a commit
that referenced
this pull request
Apr 27, 2022
* Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
mcarmona99
pushed a commit
that referenced
this pull request
May 4, 2022
* Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
mcarmona99
pushed a commit
that referenced
this pull request
May 5, 2022
* Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
mcarmona99
pushed a commit
that referenced
this pull request
May 9, 2022
* Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
davidjiglesias
pushed a commit
that referenced
this pull request
May 11, 2022
…ncy (#13197) * Add python-json-logger to requirements.txt (#11153) * Add API JSON log handling (#11171) * Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com> Co-authored-by: Alexis Rivas <84642680+Kondent@users.noreply.github.com> Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
FrancoRivero
pushed a commit
that referenced
this pull request
May 13, 2022
…ncy (#13197) * Add python-json-logger to requirements.txt (#11153) * Add API JSON log handling (#11171) * Add API JSON Logs * Fix related unittest * Fix API config from AIT * Fix alogging unittest and wazuhjsonformatter * Add docstrings * Add traceback message handling * Fix wazuhjsonformatter and related unittest * Add few improvements regarding key names and debug2 handling * Fix unittest for alogging * Add minor fixes after the rebase from master * Add minor fixes at related unit test * Add support for logging into both file types at the same time * Fix related unit test * Fix CustomFilter class and add related unit test * Add foreground fix related with default formatter * Fix related unit test * Add log rotation support for json files * Add requested changes: docstrings and minor fixes * Fix log rotation unit test * Remove python-json-logger from requirements file. Added in #11153 Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com> Co-authored-by: Alexis Rivas <84642680+Kondent@users.noreply.github.com> Co-authored-by: Alexis Rivas <alexis.rivas@wazuh.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Under this development, I made a few adjustments to make API log parsing easier by allowing our API to write them in JSON format, besides plain text.
Changes on this PR:
api.yaml.api.yamlfrom AIT.api/api/test/test_alogging.py.api/api/test/test_configuration.py.framework/wazuh/core/cluster/tests/test_utils.py.framework/wazuh/core/tests/test_wlogging.py.api/api/configuration.py.api/api/validator.py.api/scripts/wazuh-apid.py.framework/scripts/wazuh-clusterd.py.framework/wazuh/core/wlogging.py.framework/requirements.txt.api/api/alogging.py.API Default Configuration Block:
NOTE:
formatallowed values arejson,plain,json,plainandplain,jsonJSON Log Handler
With this customization of
python-json-loggerwe're adding the information to the log entry with the formatting we want.In other words, API json log will have three keys:
timestamp,levelnameanddata. The last key is a dict with two more keys:typeandpayload.type: str. Value could beinformative,errororrequest.payload: str or dict. Value could be a plain text message or a dict if the value for thetypekey isrequest.NOTE: every log entry will have these three main keys, even with log level set as
DEBUGorDEBUG2API JSON Log Sample:
Starting
{ "timestamp": "2021/12/14 10:11:36", "levelname": "INFO", "data": { "type": "informative", "payload": "Listening on 0.0.0.0:55000.." } }Request
{ "timestamp": "2021/12/14 11:12:04", "levelname": "INFO", "data": { "type": "request", "payload": { "user": "wazuh", "ip": "172.19.0.1", "http_method": "GET", "uri": "GET /security/user/authenticate", "parameters": {}, "body": {}, "time": "0.276s", "status_code": 200 } } } { "timestamp": "2021/12/14 11:12:04", "levelname": "INFO", "data": { "type": "request", "payload": { "user": "wazuh", "ip": "172.19.0.1", "http_method": "GET", "uri": "GET /agents", "parameters": { "offset": "0", "limit": "2", "select": "id" }, "body": {}, "time": "0.044s", "status_code": 200 } } }Unhandled Exception
{ "timestamp": "2021/12/14 10:13:22", "levelname": "ERROR", "data": { "type": "error", "payload": "Error handling request. Traceback (most recent call last):\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.4.0-py3.9.egg/wazuh/core/cluster/control.py\", line 56, in get_nodes\n result = json.loads(response, object_hook=as_wazuh_object)\n File \"/var/ossec/framework/python/lib/python3.9/json/__init__.py\", line 359, in loads\n return cls(**kw).decode(s)\n File \"/var/ossec/framework/python/lib/python3.9/json/decoder.py\", line 337, in decode\n obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n File \"/var/ossec/framework/python/lib/python3.9/json/decoder.py\", line 355, in raw_decode\n raise JSONDecodeError(\"Expecting value\", s, err.value) from None\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/connexion/apis/aiohttp_api.py\", line 50, in problems_middleware\n response = yield from handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/aiohttp/web_middlewares.py\", line 110, in impl\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/middlewares.py\", line 140, in response_postprocessing\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/middlewares.py\", line 33, in set_user_name\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/middlewares.py\", line 117, in security_middleware\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/middlewares.py\", line 89, in request_logging\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/middlewares.py\", line 38, in set_secure_headers\n resp = await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/aiohttp_cache/middleware.py\", line 59, in cache_middleware\n return await handler(request)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/connexion/decorators/coroutine_wrappers.py\", line 23, in wrapper\n connexion_response = yield from connexion_response\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/api-4.4.0-py3.9.egg/api/controllers/cluster_controller.py\", line 33, in get_cluster_node\n nodes = raise_if_exc(await get_system_nodes())\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.4.0-py3.9.egg/wazuh/core/cluster/control.py\", line 198, in get_system_nodes\n result = await get_nodes(lc)\n File \"/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.4.0-py3.9.egg/wazuh/core/cluster/control.py\", line 58, in get_nodes\n raise WazuhClusterError(3020) if timeout in response else e\nwazuh.core.exception.WazuhClusterError: Error 3020 - Timeout sending request" } }Starting with
DEBUG2{ "timestamp": "2021/12/14 11:16:04", "levelname": "DEBUG", "data": { "type": "informative", "payload": "Loaded API configuration: {host: 0.0.0.0, port: 55000, drop_privileges: True, experimental_features: False, max_upload_size: 10485760, intervals: {request_timeout: 10}, https: {enabled: True, key: /var/ossec/api/configuration/ssl/server.key, cert: /var/ossec/api/configuration/ssl/server.crt, use_ca: False, ca: /var/ossec/api/configuration/ssl/ca.crt, ssl_protocol: TLSv1.2, ssl_ciphers: }, logs: {level: debug2, path: /var/ossec/logs, format: json}, cors: {enabled: False, source_route: *, expose_headers: *, allow_headers: *, allow_credentials: False}, cache: {enabled: True, time: 0.75}, access: {max_login_attempts: 50, block_time: 300, max_request_per_minute: 300}, remote_commands: {localfile: {enabled: True, exceptions: []}, wodle_command: {enabled: True, exceptions: []}}}" } } { "timestamp": "2021/12/14 11:16:04", "levelname": "DEBUG", "data": { "type": "informative", "payload": "Loaded security API configuration: {auth_token_exp_timeout: 900, rbac_mode: white}" } } { "timestamp": "2021/12/14 11:16:04", "levelname": "DEBUG", "data": { "type": "informative", "payload": "Starting aiohttp HTTP server.." } } { "timestamp": "2021/12/14 11:16:04", "levelname": "INFO", "data": { "type": "informative", "payload": "Listening on 0.0.0.0:55000.." } }Foreground mode - JSON
Foreground mode - PLAIN
Foreground mode - BOTH
Unit Test: API
Unit Test: Framework
Related Integration tests (dependency installed in a local environment):
Dependencies Scanner:
Full report.json
{ "report_date": "2022-02-17T14:19:38.484238", "vulnerabilities_found": 5, "packages": [ { "package_name": "python", "package_version": "3.9.5", "package_affected_version": ">0", "vuln_description": "Lib/zipfile.py in Python allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.\r\nhttps://bugs.python.org/issue36260", "safety_id": "37832" }, { "package_name": "python", "package_version": "3.9.5", "package_affected_version": ">0", "vuln_description": "In difflib module, table header in output of difflib.HtmlDiff.make_table is not escaped and can be rendered as code in the browser, leading potentially to XSS.\r\nhttps://bugs.python.org/issue35603\r\nhttps://github.com/python/cpython/commit/44e36e80456dabaeb59c6e2a93e0c1322bfeb179", "safety_id": "42393" }, { "package_name": "python", "package_version": "3.9.5", "package_affected_version": ">=3.9.0a0,<3.9.6", "vuln_description": "Python versions 3.6.14, 3.7.11, 3.8.11, 3.9.6 and 3.10.0b2 make urllib.parse sanitize urls containing ASCII newline and tabs.\r\nhttps://bugs.python.org/issue43882", "safety_id": "42384" }, { "package_name": "python", "package_version": "3.9.5", "package_affected_version": ">=3.9.0a0,<3.9.6", "vuln_description": "Python versions 3.6.14, 3.7.11, 3.8.11, 3.9.6 and 3.10.0b2 include a fix for CVE-2021-3737: An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.\r\nhttps://access.redhat.com/security/cve/CVE-2021-3737\r\nhttps://bugs.python.org/issue44022", "safety_id": "42380" }, { "package_name": "python", "package_version": "3.9.5", "package_affected_version": ">=3.9.0a0,<3.9.7", "vuln_description": "Python versions 3.6.15, 3.7.12, 3.8.12, 3.9.7 and 3.10.0rc2 fix a smtplib multiple CRLF injection vulnerability.\r\nhttps://bugs.python.org/issue43124", "safety_id": "42379" } ] }