From 1e714e735fec4ad86d4101f118cc68da181e1cdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C5=BEe=20=C5=BDitnik?= <anze.zitnik@xlab.si>
Date: Thu, 9 Dec 2021 17:49:41 +0100
Subject: [PATCH] Use logging.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replaced all print() calls with logger.info/debug. Printing evidence objects. Logging to /var/log/evidence_collector.log and setting tailf to this file in docker entrypoint.
Version 0.0.4.
Squashed commit of the following:
commit 825d1f95a141f8e11703c27889e53a6e16c3cd66
Author: Anže Žitnik <anze.zitnik@xlab.si>
Date: Wed Dec 1 12:21:26 2021 +0100
Output logs to /var/log... and tailf in Dockerfile
commit db9b34317d19e42316fc0c5f0a8f60b03b2e4dbc
Author: Anže Žitnik <anze.zitnik@xlab.si>
Date: Wed Dec 1 12:19:54 2021 +0100
Introduce logger. Replace all prints.
---
MANIFEST | 4 +--
entrypoint.sh | 2 +-
evidence/generate_evidence.py | 4 +--
forward_evidence/forward_evidence.py | 17 ++++-------
logging.conf | 28 +++++++++++++++++++
scheduler/scheduler.py | 14 ++++------
.../wazuh_evidence_collector.py | 21 +++++++++-----
7 files changed, 58 insertions(+), 32 deletions(-)
create mode 100644 logging.conf
diff --git a/MANIFEST b/MANIFEST
index f6a67d7..437fb90 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,2 +1,2 @@
-VERSION=v0.0.3
-SERVICE=evidence-collector
\ No newline at end of file
+VERSION=v0.0.4
+SERVICE=evidence-collector
diff --git a/entrypoint.sh b/entrypoint.sh
index 06f7bf6..2b06fa7 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,4 +12,4 @@ rqscheduler --host $redis_host --port $redis_port &
python3 -m scheduler.scheduler
-tail -f /dev/null
\ No newline at end of file
+tail -f /var/log/evidence_collector.log
\ No newline at end of file
diff --git a/evidence/generate_evidence.py b/evidence/generate_evidence.py
index 1c0c97d..9e0e53c 100644
--- a/evidence/generate_evidence.py
+++ b/evidence/generate_evidence.py
@@ -29,6 +29,6 @@ def create_evidence(id, service_id, tool_id, raw, resource):
return evidence
-def print_evidence(evidence):
+def print_evidence(logger, evidence):
evidence.raw = evidence.raw[:50] + "..."
- print(evidence)
\ No newline at end of file
+ logger.debug(evidence)
\ No newline at end of file
diff --git a/forward_evidence/forward_evidence.py b/forward_evidence/forward_evidence.py
index 9b42835..bc2d5f5 100644
--- a/forward_evidence/forward_evidence.py
+++ b/forward_evidence/forward_evidence.py
@@ -1,26 +1,21 @@
from evidence.evidence_store_pb2_grpc import EvidenceStoreStub
from evidence.evidence_pb2 import Evidence
import grpc
-import json
class ForwardEvidence(object):
- def __init__(self):
- f = open('constants.json',)
- constants = json.load(f)
- f.close()
-
+ def __init__(self, constants, logger):
self.channel = grpc.insecure_channel('{}:{}'.format(constants['clouditor']['host'], constants['clouditor']['port']))
-
self.stub = EvidenceStoreStub(self.channel)
+ self.logger = logger
def send_evidence(self, evidence):
try:
response = self.stub.StoreEvidence(evidence)
- print('gRPC evidence forwarded: ' + str(response))
+ self.logger.info('gRPC evidence forwarded: ' + str(response))
except grpc.RpcError as err:
- print(err)
- print(err.details())
- print('{}, {}'.format(err.code().name, err.code().value))
+ self.logger.error(err)
+ self.logger.error(err.details())
+ self.logger.error('{}, {}'.format(err.code().name, err.code().value))
diff --git a/logging.conf b/logging.conf
new file mode 100644
index 0000000..fdd026a
--- /dev/null
+++ b/logging.conf
@@ -0,0 +1,28 @@
+[loggers]
+keys=root
+
+[handlers]
+keys=consoleHandler,fileHandler
+
+[formatters]
+keys=simpleFormatter
+
+[logger_root]
+level=DEBUG
+handlers=fileHandler
+
+[handler_consoleHandler]
+class=StreamHandler
+level=DEBUG
+formatter=simpleFormatter
+args=(sys.stdout,)
+
+[handler_fileHandler]
+class=FileHandler
+level=DEBUG
+formatter=simpleFormatter
+args=('/var/log/evidence_collector.log',)
+
+[formatter_simpleFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
diff --git a/scheduler/scheduler.py b/scheduler/scheduler.py
index bcfc9fa..01f5ad0 100644
--- a/scheduler/scheduler.py
+++ b/scheduler/scheduler.py
@@ -1,12 +1,8 @@
-import json
from redis import Redis
from rq import Queue
from rq_scheduler import Scheduler
from wazuh_evidence_collector import wazuh_evidence_collector
-
-f = open('constants.json',)
-constants = json.load(f)
-f.close()
+from wazuh_evidence_collector.wazuh_evidence_collector import CONSTANTS, LOGGER
def remove_jobs(scheduler):
jobs = scheduler.get_jobs()
@@ -16,10 +12,10 @@ def remove_jobs(scheduler):
def print_jobs(scheduler):
jobs = scheduler.get_jobs()
for job in jobs:
- print(job)
+ LOGGER.info(job)
-redis = Redis(constants['redis']['host'], constants['redis']['port'])
-q = Queue(constants['redis']['queue'], connection=redis)
+redis = Redis(CONSTANTS['redis']['host'], CONSTANTS['redis']['port'])
+q = Queue(CONSTANTS['redis']['queue'], connection=redis)
scheduler = Scheduler(connection=redis)
# TODO: Remove if needed
@@ -32,7 +28,7 @@ scheduler.cron(
func=wazuh_evidence_collector.run_collector,
args=[],
repeat=None,
- queue_name=constants['redis']['queue'],
+ queue_name=CONSTANTS['redis']['queue'],
use_local_timezone=False
)
diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py
index 0843b52..fb73fc3 100644
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -6,23 +6,31 @@ from forward_evidence.forward_evidence import ForwardEvidence
from evidence.generate_evidence import create_resource, create_evidence, print_evidence
import uuid
import configparser
+import logging
+import logging.config
f = open('constants.json',)
-constants = json.load(f)
+CONSTANTS = json.load(f)
f.close()
-wc = WazuhClient(constants['wazuh']['host'], constants['wazuh']['port'], constants['wazuh']['username'], constants['wazuh']['password'])
+logging.config.fileConfig('logging.conf')
+LOGGER = logging.getLogger('root')
+
+
+wc = WazuhClient(CONSTANTS['wazuh']['host'], CONSTANTS['wazuh']['port'], CONSTANTS['wazuh']['username'], CONSTANTS['wazuh']['password'])
es = Elasticsearch(
- constants['elastic']['host'],
- http_auth=(constants['elastic']['username'], constants['elastic']['password']),
+ CONSTANTS['elastic']['host'],
+ http_auth=(CONSTANTS['elastic']['username'], CONSTANTS['elastic']['password']),
scheme='https',
- port=constants['elastic']['port'],
+ port=CONSTANTS['elastic']['port'],
use_ssl=False,
verify_certs=False,
ssl_show_warn=False,
)
+forwarder = ForwardEvidence(CONSTANTS, LOGGER)
+
# Get ID (UUID)
def get_id():
id = uuid.uuid1()
@@ -62,10 +70,9 @@ def run_collector():
evidence_list.append(generate_evidence(wc, es, agent))
# TODO:
- forwarder = ForwardEvidence()
for evidence in evidence_list:
forwarder.send_evidence(evidence)
- print_evidence(evidence)
+ print_evidence(LOGGER, evidence)
return evidence_list
--
GitLab