From 52934934b117c19ac5eb094847912dc2232743ad Mon Sep 17 00:00:00 2001 From: bui Date: Fri, 30 Apr 2021 08:49:35 +0200 Subject: [PATCH] up --- cmd/crowdsec/main.go | 40 +++++++++++++------ go.mod | 2 +- pkg/acquisition/acquisition.go | 6 +-- pkg/acquisition/acquisition_test.go | 6 +++ .../configuration/configuration.go | 8 ++++ pkg/acquisition/modules/file/file.go | 5 +++ 6 files changed, 49 insertions(+), 18 deletions(-) diff --git a/cmd/crowdsec/main.go b/cmd/crowdsec/main.go index 87a72c728..56af6abd4 100644 --- a/cmd/crowdsec/main.go +++ b/cmd/crowdsec/main.go @@ -146,21 +146,35 @@ func LoadAcquisition(cConfig *csconfig.Config) error { tmpCfg.Mode = configuration.CAT_MODE tmpCfg.Labels = map[string]string{"type": flags.SingleFileType} - /*if flags.SingleFilePath != "" { - tmpCfg.Filename = flags.SingleFilePath + var craftConf []byte + var acquisType string + if flags.SingleFilePath != "" { + acquisType = "file" + craftConf = []byte(fmt.Sprintf(` +filename: %s +labels: + type: %s +type: file +mode: cat`, flags.SingleFilePath, flags.SingleFileType)) } else if flags.SingleJournalctlFilter != "" { - tmpCfg.JournalctlFilters = strings.Split(flags.SingleJournalctlFilter, " ") - }*/ - log.Fatalf("fixme tko") + acquisType = "journald" + craftConf = []byte(fmt.Sprintf(` +journalctl_filter: %s +labels: + type: %s +type: journald +mode: cat`, flags.SingleJournalctlFilter, flags.SingleFileType)) + } + tmpCfg.Type = acquisType - // datasrc, err := acquisition.DataSourceConfigure([]byte(""), "file") - // if err != nil { - // return fmt.Errorf("while configuring specified file datasource : %s", err) - // } - // if dataSources == nil { - // dataSources = make([]acquisition.DataSource, 0) - // } - // dataSources = append(dataSources, *datasrc) + datasrc, err := acquisition.DataSourceConfigure(craftConf, tmpCfg) + if err != nil { + return fmt.Errorf("while configuring specified file datasource : %s", err) + } + if dataSources == nil { + dataSources = make([]acquisition.DataSource, 0) + } + dataSources = append(dataSources, *datasrc) } else { dataSources, err = acquisition.LoadAcquisitionFromFile(cConfig.Crowdsec) if err != nil { diff --git a/go.mod b/go.mod index e9519cc44..b3aa23152 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 gopkg.in/yaml.v2 v2.4.0 - gotest.tools/v3 v3.0.3 // indirect + gotest.tools/v3 v3.0.3 ) replace golang.org/x/time/rate => github.com/crowdsecurity/crowdsec/pkg/time/rate v0.0.0 diff --git a/pkg/acquisition/acquisition.go b/pkg/acquisition/acquisition.go index 20eab03c1..1e1181746 100644 --- a/pkg/acquisition/acquisition.go +++ b/pkg/acquisition/acquisition.go @@ -67,6 +67,7 @@ type DataSource interface { Configure([]byte, *log.Entry) error // Configure the datasource GetMode() string // Get the mode (TAIL, CAT or SERVER) SupportedModes() []string // Returns the mode supported by the datasource + SupportedURIPrefixes() []string // Returns the list of supported URI schemes (file:// s3:// ...) OneShotAcquisition(chan types.Event, *tomb.Tomb) error // Start one shot acquisition(eg, cat a file) LiveAcquisition(chan types.Event, *tomb.Tomb) error // Start live acquisition (eg, tail a file) CanRun() error // Whether the datasource can run or not (eg, journalctl on BSD is a non-sense) @@ -197,10 +198,7 @@ func LoadAcquisitionFromFile(config *csconfig.CrowdsecServiceCfg) ([]DataSource, if guessType := detectBackwardCompatAcquis(inBytes); guessType != "" { sub.Type = guessType } - // default mode is tail - if sub.Mode == "" { - sub.Mode = configuration.TAIL_MODE - } + if GetDataSourceIface(sub.Type) == nil { return nil, fmt.Errorf("unknown data source %s in %s", sub.Type, sub.ConfigFile) } diff --git a/pkg/acquisition/acquisition_test.go b/pkg/acquisition/acquisition_test.go index 99c090a7c..933d82ab5 100644 --- a/pkg/acquisition/acquisition_test.go +++ b/pkg/acquisition/acquisition_test.go @@ -24,6 +24,7 @@ type MockSource struct { } func (f *MockSource) Configure(cfg []byte, logger *log.Entry) error { + f.SetDefaults() f.logger = logger if err := yaml.UnmarshalStrict(cfg, &f); err != nil { return errors.Wrap(err, "while unmarshaling to reader specific config") @@ -40,6 +41,7 @@ func (f *MockSource) LiveAcquisition(chan types.Event, *tomb.Tomb) error { re func (f *MockSource) CanRun() error { return nil } func (f *MockSource) GetMetrics() []prometheus.Collector { return nil } func (f *MockSource) Dump() interface{} { return f } +func (f *MockSource) SupportedURIPrefixes() []string { return []string{"mock://"} } //func (f *MockSource) New() DataSource { return &MockSource{} } @@ -308,6 +310,7 @@ type MockCat struct { } func (f *MockCat) Configure(cfg []byte, logger *log.Entry) error { + f.SetDefaults() f.logger = logger return nil } @@ -327,6 +330,7 @@ func (f *MockCat) LiveAcquisition(chan types.Event, *tomb.Tomb) error { func (f *MockCat) CanRun() error { return nil } func (f *MockCat) GetMetrics() []prometheus.Collector { return nil } func (f *MockCat) Dump() interface{} { return f } +func (f *MockCat) SupportedURIPrefixes() []string { return []string{"mock://"} } //---- @@ -336,6 +340,7 @@ type MockTail struct { } func (f *MockTail) Configure(cfg []byte, logger *log.Entry) error { + f.SetDefaults() f.logger = logger return nil } @@ -358,6 +363,7 @@ func (f *MockTail) LiveAcquisition(out chan types.Event, t *tomb.Tomb) error { func (f *MockTail) CanRun() error { return nil } func (f *MockTail) GetMetrics() []prometheus.Collector { return nil } func (f *MockTail) Dump() interface{} { return f } +func (f *MockTail) SupportedURIPrefixes() []string { return []string{"mock://"} } //func StartAcquisition(sources []DataSource, output chan types.Event, AcquisTomb *tomb.Tomb) error { diff --git a/pkg/acquisition/configuration/configuration.go b/pkg/acquisition/configuration/configuration.go index 25a6c2533..ae78038c5 100644 --- a/pkg/acquisition/configuration/configuration.go +++ b/pkg/acquisition/configuration/configuration.go @@ -13,6 +13,14 @@ type DataSourceCommonCfg struct { //logger *log.Entry `yaml:"-"` } +func (d *DataSourceCommonCfg) SetDefaults() error { + // default mode is tail + if d.Mode == "" { + d.Mode = TAIL_MODE + } + return nil +} + var TAIL_MODE = "tail" var CAT_MODE = "cat" var SERVER_MODE = "server" // No difference with tail, just a bit more verbose diff --git a/pkg/acquisition/modules/file/file.go b/pkg/acquisition/modules/file/file.go index 68e92ae2f..af2f5461e 100644 --- a/pkg/acquisition/modules/file/file.go +++ b/pkg/acquisition/modules/file/file.go @@ -39,7 +39,12 @@ type FileSource struct { files []string } +func (f *FileSource) SupportedURIPrefixes() []string { + return []string{"file://"} +} + func (f *FileSource) Configure(Config []byte, logger *log.Entry) error { + f.config.SetDefaults() fileConfig := FileConfiguration{} f.logger = logger f.watchedDirectories = make(map[string]bool)