-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor azure module structure #20624
Conversation
9581050
to
50843c9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, but I have some questions:
-
We are changing the location of
azure.db
from/var/ossec/wodles/azure/azure.db
to/var/ossec/wodles/azure/db/azure.db
. Does this affect in any way those users who upgrade compared to current behavior?For example, is it possible that alerts that had already been generated before upgrading could be duplicated since the DB is in a different location? Will the old db be deleted or moved?
I would like to see an example where 4.8.0 is installed, the wodle is run to get some events/alerts and then upgrade to this branch and run the wodle again.
-
I guess it is also needed to update the
check_files
and other related files in Jenkins, as it was done when refactoring AWS here. -
Probably, Solaris package files also need to be updated (AWS example).
After checking the behaviour of the AWS module, I moved the db file to the root of the module root@0aaf5453a213:/var/ossec# ll wodles/azure/
total 84
drwxr-x--- 5 root wazuh 4096 Dec 13 18:54 ./
drwxr-x--- 7 root wazuh 4096 Dec 13 18:52 ../
drwxr-xr-x 2 root root 4096 Dec 13 18:52 __pycache__/
-rwxr-x--- 1 root wazuh 1045 Dec 13 18:42 azure-logs*
-rwxr-x--- 1 root wazuh 1466 Dec 13 18:42 azure-logs.py*
-rw-r--r-- 1 root root 28672 Dec 13 18:54 azure.db
drwxr-x--- 3 root wazuh 4096 Dec 13 18:52 azure_services/
-rwxr-x--- 1 root wazuh 13811 Dec 13 18:42 azure_utils.py*
drwxr-x--- 3 root wazuh 4096 Dec 13 18:52 db/
-rw-r--r-- 1 root root 113 Dec 13 18:52 graph.credentials
-rw-r--r-- 1 root root 112 Dec 13 18:52 loganalytics.credentials
-rw-r--r-- 1 root root 138 Dec 13 18:52 storage.credentials Also, two new issues were opened to address the changes in wazuh-jenkins and wazuh-packages respectively:
|
d64b8f7
to
30b21c1
Compare
30b21c1
to
fd77e0f
Compare
The failed checks are unrelated to these changes:
|
Description
This PR refactors the structure of the Azure module. Splits the base code into different files to get a better organization.
Logs/Alerts example
Graph
Log Analytics
Storage