From fad88ee4b7297b96031e7824359e45dd9bbf6a01 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Fri, 22 Apr 2016 14:54:49 -0700 Subject: [PATCH 1/4] Remove signal handling Not currently serving any purpose --- userspace/digwatch/digwatch.cpp | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index b2ac05de..61635d56 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -27,13 +27,6 @@ extern "C" { #include "utils.h" #include -static bool g_terminate = false; - -static void signal_callback(int signal) -{ - g_terminate = true; -} - std::vector valid_output_names {"stdout", "syslog"}; @@ -74,11 +67,6 @@ void do_inspect(sinsp* inspector, while(1) { - if(g_terminate) - { - break; - } - res = inspector->next(&ev); if(res == SCAP_TIMEOUT) @@ -310,20 +298,6 @@ int digwatch_init(int argc, char **argv) } cout << "Using rules file " + config.m_rules_filename + "\n"; - if(signal(SIGINT, signal_callback) == SIG_ERR) - { - fprintf(stderr, "An error occurred while setting SIGINT signal handler.\n"); - result = EXIT_FAILURE; - goto exit; - } - - if(signal(SIGTERM, signal_callback) == SIG_ERR) - { - fprintf(stderr, "An error occurred while setting SIGTERM signal handler.\n"); - result = EXIT_FAILURE; - goto exit; - } - lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN; if (!std::ifstream(lua_main_filename)) { From 5413935f158691ad9810b706196699ebd43452c4 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Fri, 22 Apr 2016 15:33:43 -0700 Subject: [PATCH 2/4] Small tweak to usage message --- userspace/digwatch/digwatch.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index 61635d56..a2a5e3b7 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -42,7 +42,7 @@ static void usage() " -c Configuration file (default " DIGWATCH_SOURCE_CONF_FILE ", " DIGWATCH_INSTALL_CONF_FILE ")\n" " -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n" " -e Read the events from (in .scap format) instead of tapping into live.\n" - " -r Rules configuration file (defaults to value set in configuration file, or /etc/digwatch_rules.conf).\n" + " -r Rules file (defaults to value set in configuration file, or /etc/digwatch_rules.conf).\n" "\n" ); } From 4c64295adcc696023edca57999f954f698925c93 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Fri, 22 Apr 2016 15:56:18 -0700 Subject: [PATCH 3/4] Digwatch logging Log digwatch messages to syslog and/or stderr --- digwatch.yaml | 5 ++++- userspace/digwatch/configuration.cpp | 4 ++++ userspace/digwatch/digwatch.cpp | 23 +++++++++++++---------- userspace/digwatch/formats.cpp | 8 ++++---- userspace/digwatch/syslog.cpp | 19 ++++++++++++++++++- userspace/digwatch/syslog.h | 6 ++++++ 6 files changed, 49 insertions(+), 16 deletions(-) diff --git a/digwatch.yaml b/digwatch.yaml index cab5e194..402358d5 100644 --- a/digwatch.yaml +++ b/digwatch.yaml @@ -1,5 +1,8 @@ rules_file: /etc/digwatch_rules.conf -json_output: true +json_output: false + +log_stderr: true +log_syslog: true syslog_output: enabled: false diff --git a/userspace/digwatch/configuration.cpp b/userspace/digwatch/configuration.cpp index 3fc8a602..d7a25a95 100644 --- a/userspace/digwatch/configuration.cpp +++ b/userspace/digwatch/configuration.cpp @@ -1,6 +1,7 @@ #include "configuration.h" #include "config_digwatch.h" #include "sinsp.h" +#include "syslog.h" using namespace std; @@ -53,4 +54,7 @@ void digwatch_configuration::init(string conf_filename) { throw sinsp_exception("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block"); } + + digwatch_syslog::log_stderr = m_config->get_scalar("log_stderr", false); + digwatch_syslog::log_syslog = m_config->get_scalar("log_syslog", true); } diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index a2a5e3b7..aa97299d 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -254,7 +254,7 @@ int digwatch_init(int argc, char **argv) conf_stream = new ifstream(conf_filename); if (!conf_stream->good()) { - fprintf(stderr, "Could not find configuration file at %s \n", conf_filename.c_str()); + digwatch_syslog::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n"); result = EXIT_FAILURE; goto exit; } @@ -283,20 +283,20 @@ int digwatch_init(int argc, char **argv) digwatch_configuration config; if (conf_filename.size()) { - cout << "Using configuration file " + conf_filename + "\n"; config.init(conf_filename); + // log after config init because config determines where logs go + digwatch_syslog::log(LOG_INFO, "Digwatch initialized with configuration file " + conf_filename + "\n"); } else { - cout << "No configuration file found, proceeding with defaults\n"; config.init(); + digwatch_syslog::log(LOG_INFO, "Digwatch initialized. No configuration file found, proceeding with defaults\n"); } if (rules_filename.size()) { config.m_rules_filename = rules_filename; } - cout << "Using rules file " + config.m_rules_filename + "\n"; lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN; if (!std::ifstream(lua_main_filename)) @@ -305,9 +305,9 @@ int digwatch_init(int argc, char **argv) lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN; if (!std::ifstream(lua_main_filename)) { - fprintf(stderr, "Could not find Digwatch Lua libraries (tried %s, %s). \n", - DIGWATCH_LUA_DIR DIGWATCH_LUA_MAIN, - lua_main_filename.c_str()); + digwatch_syslog::log(LOG_ERR, "Could not find Digwatch Lua libraries (tried " + + string(DIGWATCH_LUA_DIR DIGWATCH_LUA_MAIN) + ", " + + lua_main_filename + "). Exiting \n"); result = EXIT_FAILURE; goto exit; } @@ -328,6 +328,7 @@ int digwatch_init(int argc, char **argv) rules->load_rules(config.m_rules_filename); inspector->set_filter(rules->get_filter()); + digwatch_syslog::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n"); inspector->set_hostname_and_port_resolution_mode(false); @@ -360,7 +361,7 @@ int digwatch_init(int argc, char **argv) { if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) { - fprintf(stderr, "Unable to load the driver\n"); + digwatch_syslog::log(LOG_ERR, "Unable to load the driver. Exiting\n"); } inspector->open(); } @@ -373,12 +374,14 @@ int digwatch_init(int argc, char **argv) } catch(sinsp_exception& e) { - cerr << e.what() << endl; + digwatch_syslog::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n"); + result = EXIT_FAILURE; } catch(...) { - printf("Error, exiting.\n"); + digwatch_syslog::log(LOG_ERR, "Unexpected error, Exiting\n"); + result = EXIT_FAILURE; } diff --git a/userspace/digwatch/formats.cpp b/userspace/digwatch/formats.cpp index bf9113e0..ba2e5f63 100644 --- a/userspace/digwatch/formats.cpp +++ b/userspace/digwatch/formats.cpp @@ -1,4 +1,5 @@ #include "formats.h" +#include "syslog.h" sinsp* digwatch_formats::s_inspector = NULL; @@ -27,8 +28,8 @@ int digwatch_formats::formatter(lua_State *ls) } catch(sinsp_exception& e) { - string err = "invalid output format " + format; - fprintf(stderr, "%s\n", err.c_str()); + digwatch_syslog::log(LOG_ERR, "Invalid output format '" + format + "'.\n"); + throw sinsp_exception("set_formatter error"); } @@ -42,8 +43,7 @@ int digwatch_formats::format_event (lua_State *ls) string line; if (!lua_islightuserdata(ls, -1) || !lua_islightuserdata(ls, -2)) { - string err = "invalid arguments passed to format_event() "; - fprintf(stderr, "%s\n", err.c_str()); + digwatch_syslog::log(LOG_ERR, "Invalid arguments passed to format_event()\n"); throw sinsp_exception("format_event error"); } sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1); diff --git a/userspace/digwatch/syslog.cpp b/userspace/digwatch/syslog.cpp index 8d811651..3cd881a2 100644 --- a/userspace/digwatch/syslog.cpp +++ b/userspace/digwatch/syslog.cpp @@ -1,8 +1,8 @@ +#include #include "syslog.h" #include "chisel_api.h" #include "filterchecks.h" -#include const static struct luaL_reg ll_digwatch [] = @@ -30,3 +30,20 @@ int digwatch_syslog::syslog(lua_State *ls) { return 0; } +bool digwatch_syslog::log_stderr; +bool digwatch_syslog::log_syslog; + +void digwatch_syslog::log(int priority, const string msg) { + if (digwatch_syslog::log_syslog) { + ::syslog(priority, "%s", msg.c_str()); + } + + if (digwatch_syslog::log_stderr) { + std::time_t result = std::time(nullptr); + string tstr = std::asctime(std::localtime(&result)); + tstr = tstr.substr(0, 24);// remove trailling newline + fprintf(stderr, "%s: %s", tstr.c_str(), msg.c_str()); + } +} + + diff --git a/userspace/digwatch/syslog.h b/userspace/digwatch/syslog.h index 54dccc17..bf96dbed 100644 --- a/userspace/digwatch/syslog.h +++ b/userspace/digwatch/syslog.h @@ -1,6 +1,7 @@ #pragma once #include "sinsp.h" +#include extern "C" { #include "lua.h" @@ -15,4 +16,9 @@ class digwatch_syslog // value = digwatch.syslog(level, message) static int syslog(lua_State *ls); + + static void log(int priority, const string msg); + + static bool log_stderr; + static bool log_syslog; }; From 6d72619968e02bb9faee2990097735e883cccf81 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Fri, 22 Apr 2016 16:00:35 -0700 Subject: [PATCH 4/4] rename digwatch_syslog -> digwatch_logger --- userspace/digwatch/CMakeLists.txt | 2 +- userspace/digwatch/configuration.cpp | 6 +++--- userspace/digwatch/digwatch.cpp | 20 +++++++++---------- userspace/digwatch/formats.cpp | 6 +++--- userspace/digwatch/{syslog.cpp => logger.cpp} | 18 ++++++++--------- userspace/digwatch/{syslog.h => logger.h} | 2 +- 6 files changed, 27 insertions(+), 27 deletions(-) rename userspace/digwatch/{syslog.cpp => logger.cpp} (67%) rename userspace/digwatch/{syslog.h => logger.h} (94%) diff --git a/userspace/digwatch/CMakeLists.txt b/userspace/digwatch/CMakeLists.txt index eb6dfc8a..3a94017d 100644 --- a/userspace/digwatch/CMakeLists.txt +++ b/userspace/digwatch/CMakeLists.txt @@ -9,7 +9,7 @@ include_directories("${YAMLCPP_INCLUDE_DIR}") include_directories("${LPEG_SRC}") include_directories(${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include) -add_executable(digwatch configuration.cpp formats.cpp fields.cpp rules.cpp syslog.cpp digwatch.cpp) +add_executable(digwatch configuration.cpp formats.cpp fields.cpp rules.cpp logger.cpp digwatch.cpp) target_link_libraries(digwatch sinsp) target_link_libraries(digwatch diff --git a/userspace/digwatch/configuration.cpp b/userspace/digwatch/configuration.cpp index d7a25a95..b6044c9c 100644 --- a/userspace/digwatch/configuration.cpp +++ b/userspace/digwatch/configuration.cpp @@ -1,7 +1,7 @@ #include "configuration.h" #include "config_digwatch.h" #include "sinsp.h" -#include "syslog.h" +#include "logger.h" using namespace std; @@ -55,6 +55,6 @@ void digwatch_configuration::init(string conf_filename) throw sinsp_exception("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block"); } - digwatch_syslog::log_stderr = m_config->get_scalar("log_stderr", false); - digwatch_syslog::log_syslog = m_config->get_scalar("log_syslog", true); + digwatch_logger::log_stderr = m_config->get_scalar("log_stderr", false); + digwatch_logger::log_syslog = m_config->get_scalar("log_syslog", true); } diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index aa97299d..4163843b 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -23,7 +23,7 @@ extern "C" { #include "rules.h" #include "formats.h" #include "fields.h" -#include "syslog.h" +#include "logger.h" #include "utils.h" #include @@ -254,7 +254,7 @@ int digwatch_init(int argc, char **argv) conf_stream = new ifstream(conf_filename); if (!conf_stream->good()) { - digwatch_syslog::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n"); + digwatch_logger::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n"); result = EXIT_FAILURE; goto exit; } @@ -285,12 +285,12 @@ int digwatch_init(int argc, char **argv) { config.init(conf_filename); // log after config init because config determines where logs go - digwatch_syslog::log(LOG_INFO, "Digwatch initialized with configuration file " + conf_filename + "\n"); + digwatch_logger::log(LOG_INFO, "Digwatch initialized with configuration file " + conf_filename + "\n"); } else { config.init(); - digwatch_syslog::log(LOG_INFO, "Digwatch initialized. No configuration file found, proceeding with defaults\n"); + digwatch_logger::log(LOG_INFO, "Digwatch initialized. No configuration file found, proceeding with defaults\n"); } if (rules_filename.size()) @@ -305,7 +305,7 @@ int digwatch_init(int argc, char **argv) lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN; if (!std::ifstream(lua_main_filename)) { - digwatch_syslog::log(LOG_ERR, "Could not find Digwatch Lua libraries (tried " + + digwatch_logger::log(LOG_ERR, "Could not find Digwatch Lua libraries (tried " + string(DIGWATCH_LUA_DIR DIGWATCH_LUA_MAIN) + ", " + lua_main_filename + "). Exiting \n"); result = EXIT_FAILURE; @@ -324,11 +324,11 @@ int digwatch_init(int argc, char **argv) digwatch_formats::init(inspector, ls); digwatch_fields::init(inspector, ls); - digwatch_syslog::init(ls); + digwatch_logger::init(ls); rules->load_rules(config.m_rules_filename); inspector->set_filter(rules->get_filter()); - digwatch_syslog::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n"); + digwatch_logger::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n"); inspector->set_hostname_and_port_resolution_mode(false); @@ -361,7 +361,7 @@ int digwatch_init(int argc, char **argv) { if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) { - digwatch_syslog::log(LOG_ERR, "Unable to load the driver. Exiting\n"); + digwatch_logger::log(LOG_ERR, "Unable to load the driver. Exiting\n"); } inspector->open(); } @@ -374,13 +374,13 @@ int digwatch_init(int argc, char **argv) } catch(sinsp_exception& e) { - digwatch_syslog::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n"); + digwatch_logger::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n"); result = EXIT_FAILURE; } catch(...) { - digwatch_syslog::log(LOG_ERR, "Unexpected error, Exiting\n"); + digwatch_logger::log(LOG_ERR, "Unexpected error, Exiting\n"); result = EXIT_FAILURE; } diff --git a/userspace/digwatch/formats.cpp b/userspace/digwatch/formats.cpp index ba2e5f63..a2bfb961 100644 --- a/userspace/digwatch/formats.cpp +++ b/userspace/digwatch/formats.cpp @@ -1,5 +1,5 @@ #include "formats.h" -#include "syslog.h" +#include "logger.h" sinsp* digwatch_formats::s_inspector = NULL; @@ -28,7 +28,7 @@ int digwatch_formats::formatter(lua_State *ls) } catch(sinsp_exception& e) { - digwatch_syslog::log(LOG_ERR, "Invalid output format '" + format + "'.\n"); + digwatch_logger::log(LOG_ERR, "Invalid output format '" + format + "'.\n"); throw sinsp_exception("set_formatter error"); } @@ -43,7 +43,7 @@ int digwatch_formats::format_event (lua_State *ls) string line; if (!lua_islightuserdata(ls, -1) || !lua_islightuserdata(ls, -2)) { - digwatch_syslog::log(LOG_ERR, "Invalid arguments passed to format_event()\n"); + digwatch_logger::log(LOG_ERR, "Invalid arguments passed to format_event()\n"); throw sinsp_exception("format_event error"); } sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1); diff --git a/userspace/digwatch/syslog.cpp b/userspace/digwatch/logger.cpp similarity index 67% rename from userspace/digwatch/syslog.cpp rename to userspace/digwatch/logger.cpp index 3cd881a2..f09af8c6 100644 --- a/userspace/digwatch/syslog.cpp +++ b/userspace/digwatch/logger.cpp @@ -1,5 +1,5 @@ #include -#include "syslog.h" +#include "logger.h" #include "chisel_api.h" #include "filterchecks.h" @@ -7,17 +7,17 @@ const static struct luaL_reg ll_digwatch [] = { - {"syslog", &digwatch_syslog::syslog}, + {"syslog", &digwatch_logger::syslog}, {NULL,NULL} }; -void digwatch_syslog::init(lua_State *ls) +void digwatch_logger::init(lua_State *ls) { luaL_openlib(ls, "digwatch", ll_digwatch, 0); } -int digwatch_syslog::syslog(lua_State *ls) { +int digwatch_logger::syslog(lua_State *ls) { int priority = luaL_checknumber(ls, 1); if (priority > LOG_DEBUG) { @@ -30,15 +30,15 @@ int digwatch_syslog::syslog(lua_State *ls) { return 0; } -bool digwatch_syslog::log_stderr; -bool digwatch_syslog::log_syslog; +bool digwatch_logger::log_stderr; +bool digwatch_logger::log_syslog; -void digwatch_syslog::log(int priority, const string msg) { - if (digwatch_syslog::log_syslog) { +void digwatch_logger::log(int priority, const string msg) { + if (digwatch_logger::log_syslog) { ::syslog(priority, "%s", msg.c_str()); } - if (digwatch_syslog::log_stderr) { + if (digwatch_logger::log_stderr) { std::time_t result = std::time(nullptr); string tstr = std::asctime(std::localtime(&result)); tstr = tstr.substr(0, 24);// remove trailling newline diff --git a/userspace/digwatch/syslog.h b/userspace/digwatch/logger.h similarity index 94% rename from userspace/digwatch/syslog.h rename to userspace/digwatch/logger.h index bf96dbed..5043aedf 100644 --- a/userspace/digwatch/syslog.h +++ b/userspace/digwatch/logger.h @@ -9,7 +9,7 @@ extern "C" { #include "lauxlib.h" } -class digwatch_syslog +class digwatch_logger { public: static void init(lua_State *ls);