2021-07-30 15:45:49 +00:00
|
|
|
// Package logging provides logger "plugins" for writing osquery status and
|
2019-04-08 18:47:15 +00:00
|
|
|
// result logs to various destinations.
|
|
|
|
|
package logging
|
|
|
|
|
|
|
|
|
|
import (
|
2021-11-22 14:13:26 +00:00
|
|
|
"fmt"
|
|
|
|
|
|
2021-06-26 04:46:51 +00:00
|
|
|
"github.com/fleetdm/fleet/v4/server/config"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
2021-02-24 18:02:26 +00:00
|
|
|
"github.com/go-kit/kit/log"
|
|
|
|
|
"github.com/go-kit/kit/log/level"
|
2019-04-08 18:47:15 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OsqueryLogger struct {
|
2021-06-06 22:07:29 +00:00
|
|
|
Status fleet.JSONLogger
|
|
|
|
|
Result fleet.JSONLogger
|
2019-04-08 18:47:15 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-06 22:07:29 +00:00
|
|
|
func New(config config.FleetConfig, logger log.Logger) (*OsqueryLogger, error) {
|
|
|
|
|
var status, result fleet.JSONLogger
|
2019-04-08 18:47:15 +00:00
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
switch config.Osquery.StatusLogPlugin {
|
|
|
|
|
case "":
|
|
|
|
|
// Allow "" to mean filesystem for backwards compatibility
|
2021-02-24 18:02:26 +00:00
|
|
|
level.Info(logger).Log("msg", "fleet_status_log_plugin not explicitly specified. Assuming 'filesystem'")
|
2019-04-08 18:47:15 +00:00
|
|
|
fallthrough
|
|
|
|
|
case "filesystem":
|
|
|
|
|
status, err = NewFilesystemLogWriter(
|
|
|
|
|
config.Filesystem.StatusLogFile,
|
|
|
|
|
logger,
|
|
|
|
|
config.Filesystem.EnableLogRotation,
|
2020-09-09 20:33:32 +00:00
|
|
|
config.Filesystem.EnableLogCompression,
|
2019-04-08 18:47:15 +00:00
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create filesystem status logger: %w", err)
|
2019-04-08 18:47:15 +00:00
|
|
|
}
|
|
|
|
|
case "firehose":
|
|
|
|
|
status, err = NewFirehoseLogWriter(
|
|
|
|
|
config.Firehose.Region,
|
2021-07-30 15:45:49 +00:00
|
|
|
config.Firehose.EndpointURL,
|
2019-04-08 18:47:15 +00:00
|
|
|
config.Firehose.AccessKeyID,
|
|
|
|
|
config.Firehose.SecretAccessKey,
|
2020-08-19 21:56:44 +00:00
|
|
|
config.Firehose.StsAssumeRoleArn,
|
2019-04-08 18:47:15 +00:00
|
|
|
config.Firehose.StatusStream,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create firehose status logger: %w", err)
|
2019-04-08 18:47:15 +00:00
|
|
|
}
|
2020-08-19 21:56:44 +00:00
|
|
|
case "kinesis":
|
|
|
|
|
status, err = NewKinesisLogWriter(
|
|
|
|
|
config.Kinesis.Region,
|
2021-07-30 15:45:49 +00:00
|
|
|
config.Kinesis.EndpointURL,
|
2020-08-19 21:56:44 +00:00
|
|
|
config.Kinesis.AccessKeyID,
|
|
|
|
|
config.Kinesis.SecretAccessKey,
|
|
|
|
|
config.Kinesis.StsAssumeRoleArn,
|
|
|
|
|
config.Kinesis.StatusStream,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create kinesis status logger: %w", err)
|
2020-08-19 21:56:44 +00:00
|
|
|
}
|
2021-02-24 18:02:26 +00:00
|
|
|
case "lambda":
|
|
|
|
|
status, err = NewLambdaLogWriter(
|
|
|
|
|
config.Lambda.Region,
|
|
|
|
|
config.Lambda.AccessKeyID,
|
|
|
|
|
config.Lambda.SecretAccessKey,
|
|
|
|
|
config.Lambda.StsAssumeRoleArn,
|
|
|
|
|
config.Lambda.StatusFunction,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create lambda status logger: %w", err)
|
2021-02-24 18:02:26 +00:00
|
|
|
}
|
2019-07-16 22:41:50 +00:00
|
|
|
case "pubsub":
|
|
|
|
|
status, err = NewPubSubLogWriter(
|
|
|
|
|
config.PubSub.Project,
|
|
|
|
|
config.PubSub.StatusTopic,
|
2021-05-08 19:29:52 +00:00
|
|
|
false,
|
2019-07-16 22:41:50 +00:00
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create pubsub status logger: %w", err)
|
2019-07-16 22:41:50 +00:00
|
|
|
}
|
2020-08-19 21:56:44 +00:00
|
|
|
case "stdout":
|
|
|
|
|
status, err = NewStdoutLogWriter()
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create stdout status logger: %w", err)
|
2020-08-19 21:56:44 +00:00
|
|
|
}
|
2021-10-28 04:51:17 +00:00
|
|
|
case "kafkarest":
|
|
|
|
|
status, err = NewKafkaRESTWriter(&KafkaRESTParams{
|
|
|
|
|
KafkaProxyHost: config.KafkaREST.ProxyHost,
|
|
|
|
|
KafkaTopic: config.KafkaREST.StatusTopic,
|
|
|
|
|
KafkaTimeout: config.KafkaREST.Timeout,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create kafka rest status logger: %w", err)
|
2021-10-28 04:51:17 +00:00
|
|
|
}
|
2019-04-08 18:47:15 +00:00
|
|
|
default:
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf(
|
2019-04-08 18:47:15 +00:00
|
|
|
"unknown status log plugin: %s", config.Osquery.StatusLogPlugin,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch config.Osquery.ResultLogPlugin {
|
|
|
|
|
case "":
|
|
|
|
|
// Allow "" to mean filesystem for backwards compatibility
|
2021-02-24 18:02:26 +00:00
|
|
|
level.Info(logger).Log("msg", "fleet_result_log_plugin not explicitly specified. Assuming 'filesystem'")
|
2019-04-08 18:47:15 +00:00
|
|
|
fallthrough
|
|
|
|
|
case "filesystem":
|
|
|
|
|
result, err = NewFilesystemLogWriter(
|
|
|
|
|
config.Filesystem.ResultLogFile,
|
|
|
|
|
logger,
|
|
|
|
|
config.Filesystem.EnableLogRotation,
|
2020-09-09 20:33:32 +00:00
|
|
|
config.Filesystem.EnableLogCompression,
|
2019-04-08 18:47:15 +00:00
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create filesystem result logger: %w", err)
|
2019-04-08 18:47:15 +00:00
|
|
|
}
|
|
|
|
|
case "firehose":
|
|
|
|
|
result, err = NewFirehoseLogWriter(
|
|
|
|
|
config.Firehose.Region,
|
2021-07-30 15:45:49 +00:00
|
|
|
config.Firehose.EndpointURL,
|
2019-04-08 18:47:15 +00:00
|
|
|
config.Firehose.AccessKeyID,
|
|
|
|
|
config.Firehose.SecretAccessKey,
|
2020-08-19 21:56:44 +00:00
|
|
|
config.Kinesis.StsAssumeRoleArn,
|
2019-04-08 18:47:15 +00:00
|
|
|
config.Firehose.ResultStream,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create firehose result logger: %w", err)
|
2019-04-08 18:47:15 +00:00
|
|
|
}
|
2020-08-19 21:56:44 +00:00
|
|
|
case "kinesis":
|
|
|
|
|
result, err = NewKinesisLogWriter(
|
|
|
|
|
config.Kinesis.Region,
|
2021-07-30 15:45:49 +00:00
|
|
|
config.Kinesis.EndpointURL,
|
2020-08-19 21:56:44 +00:00
|
|
|
config.Kinesis.AccessKeyID,
|
|
|
|
|
config.Kinesis.SecretAccessKey,
|
|
|
|
|
config.Kinesis.StsAssumeRoleArn,
|
|
|
|
|
config.Kinesis.ResultStream,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create kinesis result logger: %w", err)
|
2020-08-19 21:56:44 +00:00
|
|
|
}
|
2021-02-24 18:02:26 +00:00
|
|
|
case "lambda":
|
|
|
|
|
result, err = NewLambdaLogWriter(
|
|
|
|
|
config.Lambda.Region,
|
|
|
|
|
config.Lambda.AccessKeyID,
|
|
|
|
|
config.Lambda.SecretAccessKey,
|
|
|
|
|
config.Lambda.StsAssumeRoleArn,
|
|
|
|
|
config.Lambda.ResultFunction,
|
|
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create lambda result logger: %w", err)
|
2021-02-24 18:02:26 +00:00
|
|
|
}
|
2019-07-16 22:41:50 +00:00
|
|
|
case "pubsub":
|
|
|
|
|
result, err = NewPubSubLogWriter(
|
|
|
|
|
config.PubSub.Project,
|
|
|
|
|
config.PubSub.ResultTopic,
|
2021-05-08 19:29:52 +00:00
|
|
|
config.PubSub.AddAttributes,
|
2019-07-16 22:41:50 +00:00
|
|
|
logger,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create pubsub result logger: %w", err)
|
2019-07-16 22:41:50 +00:00
|
|
|
}
|
2020-08-19 21:56:44 +00:00
|
|
|
case "stdout":
|
|
|
|
|
result, err = NewStdoutLogWriter()
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create stdout result logger: %w", err)
|
2020-08-19 21:56:44 +00:00
|
|
|
}
|
2021-10-28 04:51:17 +00:00
|
|
|
case "kafkarest":
|
|
|
|
|
result, err = NewKafkaRESTWriter(&KafkaRESTParams{
|
|
|
|
|
KafkaProxyHost: config.KafkaREST.ProxyHost,
|
|
|
|
|
KafkaTopic: config.KafkaREST.ResultTopic,
|
|
|
|
|
KafkaTimeout: config.KafkaREST.Timeout,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf("create kafka rest result logger: %w", err)
|
2021-10-28 04:51:17 +00:00
|
|
|
}
|
2019-04-08 18:47:15 +00:00
|
|
|
default:
|
2021-11-22 14:13:26 +00:00
|
|
|
return nil, fmt.Errorf(
|
2019-04-08 18:47:15 +00:00
|
|
|
"unknown result log plugin: %s", config.Osquery.StatusLogPlugin,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
return &OsqueryLogger{Status: status, Result: result}, nil
|
|
|
|
|
}
|
