github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 02:16:46 +00:00
Code Issues Projects Releases Wiki Activity

feat: add hostname field in gRPC output

Browse Source 
Signed-off-by: Adrián Arroyo Calle <adrian.arroyocalle@gmail.com>
This commit is contained in:
Adrián Arroyo Calle 2019-11-18 12:17:05 +00:00 committed by Lorenzo Fontana
parent c96f85282d
commit a084f17493
3 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
userspace/falco/falco_outputs.cpp
View File

@ -146,6 +146,12 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
std::lock_guard<std::mutex> guard(m_ls_semaphore);
lua_getglobal(m_ls, m_lua_output_event.c_str());
char hostname[1024];
int err = gethostname(hostname, sizeof(hostname));
if(err != 0){
string err = "Failed to get hostname";
throw falco_exception(err);
}
if(lua_isfunction(m_ls, -1))
{
lua_pushlightuserdata(m_ls, ev);
@ -154,8 +160,9 @@ void falco_outputs::handle_event(gen_event *ev, string &rule, string &source,
lua_pushstring(m_ls, falco_common::priority_names[priority].c_str());
lua_pushnumber(m_ls, priority);
lua_pushstring(m_ls, format.c_str());
lua_pushstring(m_ls, hostname);
if(lua_pcall(m_ls, 6, 0, 0) != 0)
if(lua_pcall(m_ls, 7, 0, 0) != 0)
{
const char* lerr = lua_tostring(m_ls, -1);
string err = "Error invoking function output: " + string(lerr);
@ -300,12 +307,13 @@ int falco_outputs::handle_http(lua_State *ls)
int falco_outputs::handle_grpc(lua_State *ls)
{
// check parameters
if(!lua_islightuserdata(ls, -7) ||
if(!lua_islightuserdata(ls, -8) ||
!lua_isstring(ls, -7) ||
!lua_isstring(ls, -6) ||
!lua_isstring(ls, -5) ||
!lua_isstring(ls, -4) ||
!lua_isstring(ls, -3) ||
!lua_istable(ls, -2) ||
!lua_istable(ls, -3) ||
!lua_isstring(ls, -2) ||
!lua_istable(ls, -1))
{
lua_pushstring(ls, "Invalid arguments passed to handle_grpc()");
@ -355,7 +363,10 @@ int falco_outputs::handle_grpc(lua_State *ls)
}
lua_pop(ls, 1); // pop table
// hostname
grpc_res.set_hostname((char* )lua_tostring(ls, 7));
falco::output::queue::get().push(grpc_res);
return 1;
}
}

18
userspace/falco/lua/output.lua
View File

@ -17,7 +17,7 @@ local mod = {}
local outputs = {}
function mod.stdout(event, rule, source, priority, priority_num, msg, format, options)
function mod.stdout(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.stdout_message(priority, priority_num, msg, outputs)
end
@ -57,7 +57,7 @@ function mod.file_open(options)
end
end
function mod.file(event, rule, source, priority, priority_num, msg, format, options)
function mod.file(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.file_message(priority, priority_num, msg, options)
end
@ -91,7 +91,7 @@ function mod.file_reopen(options)
end
end
function mod.syslog(event, rule, source, priority, priority_num, msg, format, options)
function mod.syslog(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.syslog_message(priority, priority_num, msg, options)
end
@ -114,7 +114,7 @@ function mod.program_open(options)
end
end
function mod.program(event, rule, source, priority, priority_num, msg, format, options)
function mod.program(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.program_message(priority, priority_num, msg, options)
end
@ -153,7 +153,7 @@ function mod.program_reopen(options)
end
end
function mod.http(event, rule, source, priority, priority_num, msg, format, options)
function mod.http(event, rule, source, priority, priority_num, msg, format, hostname, options)
mod.http_message(priority, priority_num, msg, options)
end
@ -167,9 +167,9 @@ end
function mod.http_reopen()
end
function mod.grpc(event, rule, source, priority, priority_num, msg, format, options)
function mod.grpc(event, rule, source, priority, priority_num, msg, format, hostname, options)
fields = formats.resolve_tokens(event, source, format)
c_outputs.handle_grpc(event, rule, source, priority, msg, fields, options)
c_outputs.handle_grpc(event, rule, source, priority, msg, fields, hostname, options)
end
function mod.grpc_message(priority, priority_num, msg, options)
@ -183,7 +183,7 @@ end
function mod.grpc_reopen()
end
function output_event(event, rule, source, priority, priority_num, format)
function output_event(event, rule, source, priority, priority_num, format, hostname)
-- If format starts with a *, remove it, as we're adding our own
-- prefix here.
if format:sub(1, 1) == "*" then
@ -215,7 +215,7 @@ function output_event(event, rule, source, priority, priority_num, format)
msg = formats.format_event(event, rule, source, priority, format)
for index, o in ipairs(outputs) do
o.output(event, rule, source, priority, priority_num, msg, format, o.options)
o.output(event, rule, source, priority, priority_num, msg, format, hostname, o.options)
end
end

3
userspace/falco/output.proto
View File

@ -35,5 +35,6 @@ message response {
string rule = 4;
string output = 5;
map<string, string> output_fields = 6;
// repeated string tags = 7; // TODO(leodido,fntlnz): tags not supported yet, keeping for reference
string hostname = 7;
// repeated string tags = 8; // TODO(leodido,fntlnz): tags not supported yet, keeping for reference
}