diff --git a/CMakeLists.txt b/CMakeLists.txt index 7a435945..0964c7ef 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -152,7 +152,8 @@ ExternalProject_Add(lpeg CONFIGURE_COMMAND "" INSTALL_COMMAND "") - +install(FILES digwatch.yaml + DESTINATION "${DIR_ETC}") add_subdirectory(${SYSDIG_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/userspace/libscap) add_subdirectory(${SYSDIG_DIR}/userspace/libsinsp ${PROJECT_BINARY_DIR}/userspace/libsinsp) diff --git a/digwatch.yaml b/digwatch.yaml index 9d5c98f5..bc6c41ff 100644 --- a/digwatch.yaml +++ b/digwatch.yaml @@ -1,7 +1,8 @@ -rules_file: /etc/digwatch.conf +rules_file: /etc/digwatch_rules.conf # Priority level # Any rule with priority lower than this level will be discarded +# WARNING currently has no effect! priority_level: warning syslog_output: diff --git a/rules/CMakeLists.txt b/rules/CMakeLists.txt index b1c34ae1..dff2d608 100644 --- a/rules/CMakeLists.txt +++ b/rules/CMakeLists.txt @@ -1,3 +1,3 @@ -install(FILES digwatch.conf +install(FILES digwatch_rules.conf DESTINATION "${DIR_ETC}") diff --git a/rules/digwatch.conf b/rules/digwatch_rules.conf similarity index 100% rename from rules/digwatch.conf rename to rules/digwatch_rules.conf diff --git a/userspace/digwatch/configuration.cpp b/userspace/digwatch/configuration.cpp index 401d6328..06706b27 100644 --- a/userspace/digwatch/configuration.cpp +++ b/userspace/digwatch/configuration.cpp @@ -18,7 +18,7 @@ void digwatch_configuration::init(string conf_filename) string m_config_file = conf_filename; m_config = new yaml_configuration(m_config_file); - m_rules_file = m_config->get_scalar("rules_file", "/etc/digwatch.conf"); + m_rules_filename = m_config->get_scalar("rules_file", "/etc/digwatch_rules.conf"); m_priority_level = m_config->get_scalar("priority_level", "warning"); output_config file_output; diff --git a/userspace/digwatch/configuration.h b/userspace/digwatch/configuration.h index 9d3644ab..056976ea 100644 --- a/userspace/digwatch/configuration.h +++ b/userspace/digwatch/configuration.h @@ -94,7 +94,7 @@ class digwatch_configuration public: void init(std::string conf_filename); void init(); - std::string m_rules_file; + std::string m_rules_filename; std::string m_priority_level; std::vector m_outputs; private: diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index 0a963106..7320f5f9 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -46,9 +46,10 @@ static void usage() "Usage: digwatch [options] rules_filename\n\n" "Options:\n" " -h, --help Print this page\n" + " -c Configuration file (default " DIGWATCH_SOURCE_CONF_FILE ", " DIGWATCH_INSTALL_CONF_FILE ")\n" " -o Output type (options are 'stdout', 'syslog', default is 'stdout')\n" - " -r , --read=\n" - " Read the events from .\n" + " -e Read the events from (in .scap format) instead of tapping into live.\n" + " -r Rules configuration file (defaults to value set in configuration file, or /etc/digwatch_rules.conf).\n" "\n" ); } @@ -203,15 +204,15 @@ int digwatch_init(int argc, char **argv) int long_index = 0; string lua_main_filename; string output_name = "stdout"; - string infile; + string scap_filename; string conf_filename; + string rules_filename; string lua_dir = DIGWATCH_LUA_DIR; lua_State* ls = NULL; static struct option long_options[] = { {"help", no_argument, 0, 'h' }, - {"readfile", required_argument, 0, 'r' }, {0, 0, 0, 0} }; @@ -224,7 +225,7 @@ int digwatch_init(int argc, char **argv) // Parse the args // while((op = getopt_long(argc, argv, - "c:ho:R:", + "c:ho:e:r:", long_options, &long_index)) != -1) { switch(op) @@ -243,8 +244,11 @@ int digwatch_init(int argc, char **argv) } output_name = optarg; break; + case 'e': + scap_filename = optarg; + break; case 'r': - infile = optarg; + rules_filename = optarg; break; case '?': result = EXIT_FAILURE; @@ -257,33 +261,6 @@ int digwatch_init(int argc, char **argv) inspector->set_buffer_format(event_buffer_format); - string rules_file; - - if(optind < argc) - { -#ifdef HAS_FILTERING - for(int32_t j = optind ; j < argc; j++) - { - rules_file += argv[j]; - if(j < argc - 1) - { - rules_file += " "; - } - } - -#else - fprintf(stderr, "filtering not compiled.\n"); - result = EXIT_FAILURE; - goto exit; -#endif - } - - if(rules_file.size() == 0) { - usage(); - result = EXIT_FAILURE; - goto exit; - - } ifstream* conf_stream; if (conf_filename.size()) @@ -329,6 +306,12 @@ int digwatch_init(int argc, char **argv) config.init(); } + if (rules_filename.size()) + { + config.m_rules_filename = rules_filename; + } + cout << "Using rules file " + config.m_rules_filename + "\n"; + if(signal(SIGINT, signal_callback) == SIG_ERR) { fprintf(stderr, "An error occurred while setting SIGINT signal handler.\n"); @@ -371,7 +354,7 @@ int digwatch_init(int argc, char **argv) digwatch_syslog::init(ls); - rules->load_rules(rules_file); + rules->load_rules(config.m_rules_filename); inspector->set_filter(rules->get_filter()); inspector->set_hostname_and_port_resolution_mode(false); @@ -381,9 +364,9 @@ int digwatch_init(int argc, char **argv) add_output(ls, *it); } - if (infile.size()) + if (scap_filename.size()) { - inspector->open(infile); + inspector->open(scap_filename); } else { diff --git a/userspace/digwatch/rules.cpp b/userspace/digwatch/rules.cpp index f93b875d..39ca0edc 100644 --- a/userspace/digwatch/rules.cpp +++ b/userspace/digwatch/rules.cpp @@ -45,7 +45,7 @@ void digwatch_rules::load_rules(string rules_filename) is.open(rules_filename); if(!is.is_open()) { - throw sinsp_exception("can't open file " + rules_filename); + throw sinsp_exception("Can't open file " + rules_filename + ". Try setting file location in config file or use '-r' flag."); } lua_getglobal(m_ls, m_lua_load_rule.c_str());