New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bugs reading logs in framework #856

Merged
merged 8 commits into from Jul 13, 2018

Conversation

Projects
3 participants
@Lifka
Member

Lifka commented Jun 27, 2018

Hi team,

this PR fixes bugs reading logs with non-ascii characters (wazuh/wazuh-api#100) or with line breaks in the description:

Samples

Log with line breaks in the description:

Log

[...]
2018/06/26 06:50:03 manage_agents: CRITICAL:
** Syntax error at file /file
[...]

Before

$ curl -u foo:bar -k "http://127.0.0.1:55000/manager/logs/summary?pretty"
{
   "error": 1000,
   "message": "Wazuh-Python Internal Error: 'NoneType' object is not iterable"
}

Now

$ curl -u foo:bar -k "http://127.0.0.1:55000/manager/logs/summary?pretty"
{
   "error": 0,
   "data": {
      "ossec-testrule": {
         "info": 1,
         "all": 1,
         "error": 0
      },
      "manage_agents": {
         "info": 3,
         "all": 3,
         "error": 0
      }
   }

Log with non-ascii characters:

Log

[...]
2018/06/26 06:42:18 manage_agents: CRITICAL: (1103): àCould not  ®open file '/root/file' due to [(2)-(No such file or directory)].
[...]

Before

$ curl -u foo:bar -k "http://127.0.0.1:55000/manager/logs?pretty"
{
   "error": 1000,
   "message": "Wazuh-Python Internal Error: 'ascii' codec can't decode byte 0xc3 in position 53: ordinal not in range(128)"
}

Now

curl -u foo:bar -k "http://127.0.0.1:55000/manager/logs?pretty"
{
   "error": 0,
   "data": {
      "totalItems": 1,
      "items": [
         {
            "timestamp": "2018/06/26 06:42:18",
            "tag": "manage_agents",
            "description": "(1103): àCould not  ®open file '/root/file' due to [(2)-(No such file or directory)].",
            "level": "CRITICAL"
         }
      ]
   }
}

Best regards,
Javier.

@Lifka Lifka added this to In review in Wazuh TBD via automation Jun 27, 2018

@Lifka Lifka requested a review from mgmacias95 Jun 27, 2018

@mgmacias95

Hello @Lifka,

The search parameter fails when it tries to "search" for non-ascii characters. For example, I've added the log line I showed on wazuh/wazuh-api#100 and I got the following error as result:

# echo '{"function":"/manager/logs","ossec_path":"/var/ossec","arguments":{"category":"wazuh-db","search":{"value":"Intel","negation":false}}}' | /var/ossec/api/models/wazuh-api.py --debug --pretty
{
    "message": "Wazuh-Python Internal Error: 'ascii' codec can't encode character u'\\xae' in position 134: ordinal not in range(128)",
    "error": 1000
}
Traceback (most recent call last):
  File "/var/ossec/api/models/wazuh-api.py", line 266, in <module>
    data = functions[request['function']](**request['arguments'])
  File "/var/ossec/framework/wazuh/manager.py", line 124, in ossec_log
    logs = search_array(logs, search['value'], search['negation'])
  File "/var/ossec/framework/wazuh/utils.py", line 195, in search_array
    values = get_values(o=item, fields=fields)
  File "/var/ossec/framework/wazuh/utils.py", line 173, in get_values
    strings.extend(get_values(obj[key]))
  File "/var/ossec/framework/wazuh/utils.py", line 175, in get_values
    strings.append(str(obj).lower())
UnicodeEncodeError: 'ascii' codec can't encode character u'\xae' in position 134: ordinal not in range(128)

The error is on this line:

strings.append(str(obj).lower())

Best regards,
Marta

@jesuslinares jesuslinares added this to In review in Wazuh 3.5 via automation Jul 5, 2018

@jesuslinares jesuslinares removed this from In review in Wazuh TBD Jul 5, 2018

@mgmacias95 mgmacias95 changed the base branch from 3.3 to 3.5 Jul 9, 2018

mgmacias95 added some commits Jul 9, 2018

@mgmacias95

This comment has been minimized.

Show comment
Hide comment
@mgmacias95

mgmacias95 Jul 13, 2018

Member

Hello,

While fixing this bug, I found out that there were lots of missing log levels in GET/manager/logs/summary API call.

These are all log levels that wazuh has:

const char *strlevel[5]={
"DEBUG",
"INFO",
"WARNING",
"ERROR",
"CRITICAL",
};

We were only returning info and error levels.

I have added the missing levels in this PR.

Best regards,
Marta

Member

mgmacias95 commented Jul 13, 2018

Hello,

While fixing this bug, I found out that there were lots of missing log levels in GET/manager/logs/summary API call.

These are all log levels that wazuh has:

const char *strlevel[5]={
"DEBUG",
"INFO",
"WARNING",
"ERROR",
"CRITICAL",
};

We were only returning info and error levels.

I have added the missing levels in this PR.

Best regards,
Marta

@jesuslinares jesuslinares merged commit a30a14f into 3.5 Jul 13, 2018

Wazuh 3.5 automation moved this from In review to Done Jul 13, 2018

@jesuslinares jesuslinares deleted the fix-framework-get-logs branch Jul 13, 2018

mgmacias95 added a commit to wazuh/wazuh-api that referenced this pull request Jul 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment