Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow empty fields in Syscollector #2740

Merged
merged 1 commit into from Mar 5, 2019
Merged

Allow empty fields in Syscollector #2740

merged 1 commit into from Mar 5, 2019

Conversation

juan70
Copy link
Contributor

@juan70 juan70 commented Mar 5, 2019

Hi, Team,

This PR fixes the issue #2716.

Bug description

When a record is going to be inserted in the table sys_hwinfo with the field cpu_mhz containing 0, an error is thrown, because of a constraint in the schema of the table. Namely: cpu_mhz REAL CHECK (cpu_mhz > 0); the accepted values must be > 0.

The error is reproduced in the issue: #2716 (comment).

Solution

Check the value in the Syscollector decoder. Allow the value cpu_mhz to be 0, and send an empty field in this case.

Testing

See below.

@juan70
Copy link
Contributor Author

juan70 commented Mar 5, 2019
edited

Testing

First of all, check that syscollector and hardware are enabled in ossec.conf (they are enabled by default):

  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>
  </wodle>

Using netcat (package openbsd-netcat), simulate a hardware event, with all the values empty (strings) or zero (numbers):

# echo 'd:syscollector:{"type":"hardware","ID":0,"timestamp":"","inventory":{"board_serial":"","cpu_name":"","cpu_cores":0,"cpu_MHz":0,"ram_total":0,"ram_free":0,"ram_usage":0}}' | nc -Uu /var/ossec/queue/ossec/queue

Restart the manager (or maybe wait for the next scan).

Check the result:

# sqlite3 /var/ossec/queue/db/000.db '.headers on' 'select * from sys_hwinfo'
scan_id|scan_time|board_serial|cpu_name|cpu_cores|cpu_mhz|ram_total|ram_free|ram_usage
0||||||||

No errors thrown. OK.

As a control, with non-empty arbitrary values:

# echo 'd:syscollector:{"type":"hardware","ID":890,"timestamp":"Just for today","inventory":{"board_serial":"321","cpu_name":"The name of the CPU","cpu_cores":6,"cpu_MHz":12,"ram_total":240,"ram_free":139,"ram_usage":13}}' | nc -Uu /var/ossec/queue/ossec/queue

# sqlite3 /var/ossec/queue/db/000.db '.headers on' 'select * from sys_hwinfo'
scan_id|scan_time|board_serial|cpu_name|cpu_cores|cpu_mhz|ram_total|ram_free|ram_usage
890|Just for today|321|The name of the CPU|6|12.0|240|139|13

The values are stored in the table. OK.

@juan70 juan70 mentioned this pull request Mar 5, 2019
Closed
4 tasks
chemamartinez
chemamartinez approved these changes Mar 5, 2019
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@chemamartinez chemamartinez merged commit 2119239 into 3.9 Mar 5, 2019
@chemamartinez chemamartinez deleted the fix-3.9-empty-fields-syscollector branch March 5, 2019 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@juan70 @chemamartinez