Skip to content

Commit

Permalink
Fixed Audit test random error, improved logging and code, improved ro…
Browse files Browse the repository at this point in the history 
…tator code and minor fixes
  • Loading branch information
@okynos
okynos committed Oct 16, 2023
1 parent e53e48c commit 0cf45a9
Show file tree
Hide file tree
Showing 4 changed files with 237 additions and 192 deletions.
7 changes: 5 additions & 2 deletions src/logreader.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ pub fn read_log(file: String, config: config::Config, position: u64, itx: u64) -
debug!("Reading start: {}", current_position);
let bytes_read = match buff.read_line(&mut line){
Ok(bytes) => {
debug!("Read string: '{}', bytes read: {}", line, bytes);
debug!("Read string: '{}', bytes read: {}", line.as_str(), bytes);
bytes as u64
},
Err(e) => {
Expand All @@ -51,7 +51,7 @@ pub fn read_log(file: String, config: config::Config, position: u64, itx: u64) -
}
};
current_position += bytes_read;
debug!("End read position: {}", current_position);
debug!("End read position: {}\n", current_position);

let line_info = parse_audit_log(line.clone());
if line_info.contains_key("type") && (line_info["type"] == "SYSCALL" ||
Expand All @@ -61,6 +61,7 @@ pub fn read_log(file: String, config: config::Config, position: u64, itx: u64) -
data.push(line_info.clone());
if line_info.contains_key("type") &&
line_info["type"] == "PROCTITLE" {
debug!("PROCTITLE line detected, breaking loop. Data: {:?}", data);
break;
}
}
Expand Down Expand Up @@ -91,6 +92,8 @@ pub fn read_log(file: String, config: config::Config, position: u64, itx: u64) -
line["type"] == "PROCTITLE"
}) && itx < 120 {
current_position = position;
}else{
debug!("Audit log discarded, data: {:?}", data);
}
}
(event, current_position)
Expand Down
11 changes: 7 additions & 4 deletions src/monitor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,6 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
let current_date = OffsetDateTime::now_utc();
let index_name = format!("fim-{}-{}-{}", current_date.year(), current_date.month() as u8, current_date.day() );
let current_timestamp = format!("{:?}", SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards").as_millis());
let current_hostname = utils::get_hostname();
let kind: notify::EventKind = event.kind;
let path = event.paths[0].clone();

Expand All @@ -204,19 +203,23 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
if plain_path == logreader::AUDIT_LOG_PATH {
// Getting events from audit.log
let mut events = Vec::new();
let (event, position) = logreader::read_log(String::from(logreader::AUDIT_LOG_PATH), config.clone(), last_position, 0);
if event.id != "0" { events.push(event); };
let (log_event, position) = logreader::read_log(String::from(logreader::AUDIT_LOG_PATH), config.clone(), last_position, 0);
if log_event.id != "0" { events.push(log_event); };
let mut ctr = 0;
last_position = position;
while last_position < utils::get_file_end(logreader::AUDIT_LOG_PATH, 0) {
debug!("Reading events, iteration: {}", ctr);
let original_position = last_position;
ctr += 1;
let (evt, pos) = logreader::read_log(String::from(logreader::AUDIT_LOG_PATH), config.clone(), last_position, ctr);
if evt.id != "0" {
events.push(evt);
ctr = 0;
};
last_position = pos;
if original_position == pos {
ctr = 0;
}
}
debug!("Events read from audit log, position: {}", last_position);

Expand Down Expand Up @@ -255,7 +258,7 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
let event = event::Event {
id: utils::get_uuid(),
timestamp: current_timestamp,
hostname: current_hostname,
hostname: utils::get_hostname(),
node: config.node.clone(),
version: String::from(config::VERSION),
kind,
Expand Down
62 changes: 58 additions & 4 deletions src/rotator.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,6 @@ fn rotate_file(filepath: &str, iteration: u32, lock: &mut bool){
thread::sleep(Duration::new(15, 0));
let path = Path::new(filepath);
let mut parent_path = path.parent().unwrap().to_path_buf();
parent_path.push(Path::new("archive"));
parent_path.push(Path::new(path.file_name().unwrap()));

let file_rotated = format!("{}.{}",
Expand Down Expand Up @@ -179,13 +178,14 @@ pub fn rotator(){

loop{
if (start_time + Duration::new(10, 0)).as_millis() < SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards").as_millis() {
// Include check if files are created.
let log_size = metadata(config.clone().log_file).unwrap().len() as usize;
let events_size = metadata(config.clone().events_file).unwrap().len() as usize;

if events_size >= config.events_max_file_size * 1000000 {
let events_path = Path::new(config.events_file.as_str());
let mut parent_path = events_path.parent().unwrap().to_path_buf();
parent_path.push(Path::new("archive"));
parent_path.push("archive");

if ! parent_path.exists(){
match create_dir(parent_path.clone()){
Expand All @@ -201,7 +201,7 @@ pub fn rotator(){
if log_size >= config.log_max_file_size * 1000000 {
let log_path = Path::new(config.log_file.as_str());
let mut parent_path = log_path.parent().unwrap().to_path_buf();
parent_path.push(Path::new("archive"));
parent_path.push("archive");

if ! parent_path.exists(){
match create_dir(parent_path.clone()){
Expand Down Expand Up @@ -229,10 +229,10 @@ mod tests {

#[test]
fn test_get_iteration() {

let mut current_path = env::current_dir().unwrap();
current_path.push("test_get_iteration");
let test_path = current_path.to_str().unwrap();

create_dir(test_path).unwrap();
assert_eq!(get_iteration(test_path), 0);
assert_ne!(get_iteration(test_path), 1);
Expand All @@ -241,4 +241,58 @@ mod tests {

// ------------------------------------------------------------------------

#[cfg(target_os = "windows")]
#[test]
fn test_compress_zip_file() {
let mut current_path = env::current_dir().unwrap();
current_path.push("LICENSE");
let test_path = current_path.to_str().unwrap();
let zip_path = format!("{}.zip", test_path);

compress_zip_file(test_path).unwrap();
assert_eq!(Path::new(&zip_path).exists(), true);
remove_file(zip_path).unwrap();
}

// ------------------------------------------------------------------------

#[cfg(target_os = "linux")]
#[test]
fn test_compress_tgz_file() {
let mut current_path = env::current_dir().unwrap();
current_path.push("LICENSE");
let test_path = current_path.to_str().unwrap();
let tgz_path = format!("{}.tar.gz", test_path);

compress_tgz_file(test_path).unwrap();
assert_eq!(Path::new(&tgz_path).exists(), true);
remove_file(tgz_path).unwrap();
}

// ------------------------------------------------------------------------

#[test]
fn test_rotate_file() {
let mut current_path = env::current_dir().unwrap();
current_path.push("LICENSE");
let license_path = current_path.to_str().unwrap();

let mut current_path = env::current_dir().unwrap();
current_path.push("LICENSE.bk");
let copy_path = current_path.to_str().unwrap();

copy(license_path, copy_path).unwrap();

let mut lock = false;
let iteration = 0;
let extension = if utils::get_os() == "windows" { "zip"
}else{ "tar.gz" };
let compressed_file = format!("{}.{}.{}", copy_path, iteration, extension);
rotate_file(copy_path, iteration, &mut lock);
assert_eq!(metadata(copy_path).unwrap().len(), 0);
assert_ne!(metadata(compressed_file.clone()).unwrap().len(), 0);
remove_file(copy_path).unwrap();
remove_file(compressed_file).unwrap();
}

}
Loading

0 comments on commit 0cf45a9

Please sign in to comment.