github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-23 10:57:59 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #26 from draios/file-output

Browse Source 
File output
This commit is contained in:
Henri DF
2016-04-12 18:20:31 -07:00
parent 4eef8c9647 89b1a55d9e
commit 859047c5f2
4 changed files with 86 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
digwatch.yaml
View File

@@ -5,12 +5,12 @@ rules_file: /etc/digwatch.conf
priority_level: warning priority_level: warning
syslog_output: syslog_output:
enabled: true enabled: false
file_output: file_output:
enabled: true enabled: true
filename: "bla.bla" filename: ./events.txt
stdout_output: stdout_output:
enabled: false enabled: true

43
userspace/digwatch/digwatch.cpp
View File

@@ -54,13 +54,13 @@ static void usage()
} }
string lua_on_event = "on_event"; string lua_on_event = "on_event";
string lua_add_output = "add_output";
// //
// Event processing loop // Event processing loop
// //
void do_inspect(sinsp* inspector, void do_inspect(sinsp* inspector,
digwatch_rules* rules, digwatch_rules* rules,
string output_name,
lua_State* ls) lua_State* ls)
{ {
int32_t res; int32_t res;
@@ -110,9 +110,8 @@ void do_inspect(sinsp* inspector,
{ {
lua_pushlightuserdata(ls, ev); lua_pushlightuserdata(ls, ev);
lua_pushnumber(ls, ev->get_check_id()); lua_pushnumber(ls, ev->get_check_id());
lua_pushstring(ls, output_name.c_str());
if(lua_pcall(ls, 3, 0, 0) != 0) if(lua_pcall(ls, 2, 0, 0) != 0)
{ {
const char* lerr = lua_tostring(ls, -1); const char* lerr = lua_tostring(ls, -1);
string err = "Error invoking function output: " + string(lerr); string err = "Error invoking function output: " + string(lerr);
@@ -157,6 +156,38 @@ void add_lua_path(lua_State *ls, string path)
lua_pop(ls, 1); lua_pop(ls, 1);
} }
void add_output(lua_State *ls, output_config oc)
{
uint8_t nargs = 1;
lua_getglobal(ls, lua_add_output.c_str());
if(!lua_isfunction(ls, -1))
{
throw sinsp_exception("No function " + lua_add_output + " found. ");
}
lua_pushstring(ls, oc.name.c_str());
// If we have options, build up a lua table containing them
if (oc.options.size())
{
nargs = 2;
lua_createtable(ls, 0, oc.options.size());
for (auto it = oc.options.cbegin(); it != oc.options.cend(); ++it)
{
lua_pushstring(ls, (*it).second.c_str());
lua_setfield(ls, -2, (*it).first.c_str());
}
}
if(lua_pcall(ls, nargs, 0, 0) != 0)
{
const char* lerr = lua_tostring(ls, -1);
throw sinsp_exception(string(lerr));
}
}
// //
@@ -345,6 +376,11 @@ int digwatch_init(int argc, char **argv)
inspector->set_hostname_and_port_resolution_mode(false); inspector->set_hostname_and_port_resolution_mode(false);
for(std::vector<output_config>::iterator it = config.m_outputs.begin(); it != config.m_outputs.end(); ++it)
{
add_output(ls, *it);
}
if (infile.size()) if (infile.size())
{ {
inspector->open(infile); inspector->open(infile);
@@ -366,7 +402,6 @@ int digwatch_init(int argc, char **argv)
} }
do_inspect(inspector, do_inspect(inspector,
rules, rules,
output_name,
ls); ls);
inspector->close(); inspector->close();

23
userspace/digwatch/lua/output.lua
View File

@@ -9,6 +9,29 @@ function mod.stdout(evt, level, format)
print (msg) print (msg)
end end
function mod.file_validate(options)
if (not type(options.filename) == 'string') then
error("File output needs to be configured with a valid filename")
end
file, err = io.open(options.filename, "a+")
if file == nil then
error("Error with file output: "..err)
end
file:close()
end
function mod.file(evt, level, format, options)
format = "%evt.time: "..levels[level+1].." "..format
formatter = digwatch.formatter(format)
msg = digwatch.format_event(evt, formatter)
file = io.open(options.filename, "a+")
file:write(msg, "\n")
file:close()
end
function mod.syslog(evt, level, format) function mod.syslog(evt, level, format)
formatter = digwatch.formatter(format) formatter = digwatch.formatter(format)

26
userspace/digwatch/lua/rule_loader.lua
View File

@@ -159,17 +159,33 @@ function on_done()
io.flush() io.flush()
end end
local outputs = require('output') local output_functions = require('output')
function on_event(evt_, rule_id, output_name) outputs = {}
if not (type(outputs[output_name]) == 'function') then
error("rule_loader.on_event(): invalid output_name: ", output_name) function add_output(output_name, config)
if not (type(output_functions[output_name]) == 'function') then
error("rule_loader.add_output(): invalid output_name: "..output_name)
end end
-- outputs can optionally define a validation function so that we don't
-- find out at runtime (when an event finally matches a rule!) that the config is invalid
if (type(output_functions[output_name.."_validate"]) == 'function') then
output_functions[output_name.."_validate"](config)
end
table.insert(outputs, {output = output_functions[output_name], config=config})
end
function on_event(evt_, rule_id)
if state.outputs[rule_id] == nil then if state.outputs[rule_id] == nil then
error ("rule_loader.on_event(): event with invalid rule_id: ", rule_id) error ("rule_loader.on_event(): event with invalid rule_id: ", rule_id)
end end
outputs[output_name](evt_, state.outputs[rule_id].level, state.outputs[rule_id].format) for index,o in ipairs(outputs) do
o.output(evt_, state.outputs[rule_id].level, state.outputs[rule_id].format, o.config)
end
end end