diff --git a/MANIFEST b/MANIFEST
index f6a67d7e5efb12002cbe3b939879777a00a0ff56..437fb90383583a526cfb5fb2c184e1f41846c447 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,2 +1,2 @@
-VERSION=v0.0.3
-SERVICE=evidence-collector
\ No newline at end of file
+VERSION=v0.0.4
+SERVICE=evidence-collector
diff --git a/entrypoint.sh b/entrypoint.sh
index 06f7bf63589cc86dbebbcc47bacacdf60c7e9ec6..2b06fa7983701f439ab2a1aceb006966a0aa9c8c 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,4 +12,4 @@ rqscheduler --host $redis_host --port $redis_port &
python3 -m scheduler.scheduler
-tail -f /dev/null
\ No newline at end of file
+tail -f /var/log/evidence_collector.log
\ No newline at end of file
diff --git a/evidence/generate_evidence.py b/evidence/generate_evidence.py
index 1c0c97d328b66f261fb6a2c269c604832e24f9b4..9e0e53c2cf965d453d50589a8f5af59ca89c6364 100644
--- a/evidence/generate_evidence.py
+++ b/evidence/generate_evidence.py
@@ -29,6 +29,6 @@ def create_evidence(id, service_id, tool_id, raw, resource):
return evidence
-def print_evidence(evidence):
+def print_evidence(logger, evidence):
evidence.raw = evidence.raw[:50] + "..."
- print(evidence)
\ No newline at end of file
+ logger.debug(evidence)
\ No newline at end of file
diff --git a/forward_evidence/forward_evidence.py b/forward_evidence/forward_evidence.py
index 9b42835804e94ddcc6c89f52622d5a0146cab09b..bc2d5f5a215e52354f6ab9960fab3e6ee24aab1d 100644
--- a/forward_evidence/forward_evidence.py
+++ b/forward_evidence/forward_evidence.py
@@ -1,26 +1,21 @@
from evidence.evidence_store_pb2_grpc import EvidenceStoreStub
from evidence.evidence_pb2 import Evidence
import grpc
-import json
class ForwardEvidence(object):
- def __init__(self):
- f = open('constants.json',)
- constants = json.load(f)
- f.close()
-
+ def __init__(self, constants, logger):
self.channel = grpc.insecure_channel('{}:{}'.format(constants['clouditor']['host'], constants['clouditor']['port']))
-
self.stub = EvidenceStoreStub(self.channel)
+ self.logger = logger
def send_evidence(self, evidence):
try:
response = self.stub.StoreEvidence(evidence)
- print('gRPC evidence forwarded: ' + str(response))
+ self.logger.info('gRPC evidence forwarded: ' + str(response))
except grpc.RpcError as err:
- print(err)
- print(err.details())
- print('{}, {}'.format(err.code().name, err.code().value))
+ self.logger.error(err)
+ self.logger.error(err.details())
+ self.logger.error('{}, {}'.format(err.code().name, err.code().value))
diff --git a/logging.conf b/logging.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fdd026a512a2a165419f8e0457771d9a516933ac
--- /dev/null
+++ b/logging.conf
@@ -0,0 +1,28 @@
+[loggers]
+keys=root
+
+[handlers]
+keys=consoleHandler,fileHandler
+
+[formatters]
+keys=simpleFormatter
+
+[logger_root]
+level=DEBUG
+handlers=fileHandler
+
+[handler_consoleHandler]
+class=StreamHandler
+level=DEBUG
+formatter=simpleFormatter
+args=(sys.stdout,)
+
+[handler_fileHandler]
+class=FileHandler
+level=DEBUG
+formatter=simpleFormatter
+args=('/var/log/evidence_collector.log',)
+
+[formatter_simpleFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
diff --git a/scheduler/scheduler.py b/scheduler/scheduler.py
index bcfc9fa7baaf64b1410a33dce949e2316ac61047..01f5ad0dd53d97d282000937fa9bb4cb59a8499a 100644
--- a/scheduler/scheduler.py
+++ b/scheduler/scheduler.py
@@ -1,12 +1,8 @@
-import json
from redis import Redis
from rq import Queue
from rq_scheduler import Scheduler
from wazuh_evidence_collector import wazuh_evidence_collector
-
-f = open('constants.json',)
-constants = json.load(f)
-f.close()
+from wazuh_evidence_collector.wazuh_evidence_collector import CONSTANTS, LOGGER
def remove_jobs(scheduler):
jobs = scheduler.get_jobs()
@@ -16,10 +12,10 @@ def remove_jobs(scheduler):
def print_jobs(scheduler):
jobs = scheduler.get_jobs()
for job in jobs:
- print(job)
+ LOGGER.info(job)
-redis = Redis(constants['redis']['host'], constants['redis']['port'])
-q = Queue(constants['redis']['queue'], connection=redis)
+redis = Redis(CONSTANTS['redis']['host'], CONSTANTS['redis']['port'])
+q = Queue(CONSTANTS['redis']['queue'], connection=redis)
scheduler = Scheduler(connection=redis)
# TODO: Remove if needed
@@ -32,7 +28,7 @@ scheduler.cron(
func=wazuh_evidence_collector.run_collector,
args=[],
repeat=None,
- queue_name=constants['redis']['queue'],
+ queue_name=CONSTANTS['redis']['queue'],
use_local_timezone=False
)
diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py
index 0843b5273fe962f7aa4bedfb29ce044cbab37025..fb73fc3f9d3d3ebaa16564e77d338b4487d18b26 100644
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -6,23 +6,31 @@ from forward_evidence.forward_evidence import ForwardEvidence
from evidence.generate_evidence import create_resource, create_evidence, print_evidence
import uuid
import configparser
+import logging
+import logging.config
f = open('constants.json',)
-constants = json.load(f)
+CONSTANTS = json.load(f)
f.close()
-wc = WazuhClient(constants['wazuh']['host'], constants['wazuh']['port'], constants['wazuh']['username'], constants['wazuh']['password'])
+logging.config.fileConfig('logging.conf')
+LOGGER = logging.getLogger('root')
+
+
+wc = WazuhClient(CONSTANTS['wazuh']['host'], CONSTANTS['wazuh']['port'], CONSTANTS['wazuh']['username'], CONSTANTS['wazuh']['password'])
es = Elasticsearch(
- constants['elastic']['host'],
- http_auth=(constants['elastic']['username'], constants['elastic']['password']),
+ CONSTANTS['elastic']['host'],
+ http_auth=(CONSTANTS['elastic']['username'], CONSTANTS['elastic']['password']),
scheme='https',
- port=constants['elastic']['port'],
+ port=CONSTANTS['elastic']['port'],
use_ssl=False,
verify_certs=False,
ssl_show_warn=False,
)
+forwarder = ForwardEvidence(CONSTANTS, LOGGER)
+
# Get ID (UUID)
def get_id():
id = uuid.uuid1()
@@ -62,10 +70,9 @@ def run_collector():
evidence_list.append(generate_evidence(wc, es, agent))
# TODO:
- forwarder = ForwardEvidence()
for evidence in evidence_list:
forwarder.send_evidence(evidence)
- print_evidence(evidence)
+ print_evidence(LOGGER, evidence)
return evidence_list