osquery-1/osquery/dispatcher/distributed.cpp

/*
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <osquery/database.h>
#include <osquery/distributed.h>
#include <osquery/flags.h>
#include <osquery/system.h>

#include "osquery/core/conversions.h"
#include "osquery/dispatcher/distributed.h"

namespace osquery {

FLAG(uint64,
     distributed_interval,
     60,
     "Seconds between polling for new queries (default 60)")

DECLARE_bool(disable_distributed);
DECLARE_string(distributed_plugin);

const size_t kDistributedAccelerationInterval = 5;

void DistributedRunner::start() {
  auto dist = Distributed();
  while (!interrupted()) {
    dist.pullUpdates();
    if (dist.getPendingQueryCount() > 0) {
      dist.runQueries();
    }

    std::string str_acu = "0";
    Status database = getDatabaseValue(
        kPersistentSettings, "distributed_accelerate_checkins_expire", str_acu);
    unsigned long accelerate_checkins_expire;
    Status conversion = safeStrtoul(str_acu, 10, accelerate_checkins_expire);
    if (!database.ok() || !conversion.ok() ||
        getUnixTime() > accelerate_checkins_expire) {
      pauseMilli(FLAGS_distributed_interval * 1000);
    } else {
      pauseMilli(kDistributedAccelerationInterval * 1000);
    }
  }
}

Status startDistributed() {
  if (!FLAGS_disable_distributed) {
    Dispatcher::addService(std::make_shared<DistributedRunner>());
    return Status(0, "OK");
  } else {
    return Status(1, "Distributed query service not enabled.");
  }
}
}
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`/*`
[osquery] Update copyright headers to new format. 2016-02-11 19:48:58 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
			`* LICENSE file in the root directory of this source tree. An additional grant`
			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`

Accelerated checkins (#2454) 2016-09-12 23:53:42 +00:00			`#include <osquery/database.h>`
[Fix #1828] Remove inline include from distributed 2016-02-12 06:19:49 +00:00			`#include <osquery/distributed.h>`
[Fix #1920] Detach thread before joining/clearing (terminate) 2016-03-12 09:23:09 +00:00			`#include <osquery/flags.h>`
Accelerated checkins (#2454) 2016-09-12 23:53:42 +00:00			`#include <osquery/system.h>`
[Fix #1828] Remove inline include from distributed 2016-02-12 06:19:49 +00:00
Accelerated checkins (#2454) 2016-09-12 23:53:42 +00:00			`#include "osquery/core/conversions.h"`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`#include "osquery/dispatcher/distributed.h"`

			`namespace osquery {`

			`FLAG(uint64,`
Minor nits around distributed CLIs 2015-10-02 18:33:50 +00:00			`distributed_interval,`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`60,`
Minor nits around distributed CLIs 2015-10-02 18:33:50 +00:00			`"Seconds between polling for new queries (default 60)")`
Distributed queries client-side 2015-09-07 18:09:06 +00:00
Minor nits around distributed CLIs 2015-10-02 18:33:50 +00:00			`DECLARE_bool(disable_distributed);`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`DECLARE_string(distributed_plugin);`

Accelerated checkins (#2454) 2016-09-12 23:53:42 +00:00			`const size_t kDistributedAccelerationInterval = 5;`

Distributed queries client-side 2015-09-07 18:09:06 +00:00			`void DistributedRunner::start() {`
			`auto dist = Distributed();`
[Fix #1920] Detach thread before joining/clearing (terminate) 2016-03-12 09:23:09 +00:00			`while (!interrupted()) {`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`dist.pullUpdates();`
			`if (dist.getPendingQueryCount() > 0) {`
			`dist.runQueries();`
			`}`
[Fix #2704] Various distributed code cleanups (#2719) 2016-11-04 06:54:55 +00:00
Accelerated checkins (#2454) 2016-09-12 23:53:42 +00:00			`std::string str_acu = "0";`
			`Status database = getDatabaseValue(`
			`kPersistentSettings, "distributed_accelerate_checkins_expire", str_acu);`
			`unsigned long accelerate_checkins_expire;`
			`Status conversion = safeStrtoul(str_acu, 10, accelerate_checkins_expire);`
			`if (!database.ok() \|\| !conversion.ok() \|\|`
			`getUnixTime() > accelerate_checkins_expire) {`
			`pauseMilli(FLAGS_distributed_interval * 1000);`
			`} else {`
			`pauseMilli(kDistributedAccelerationInterval * 1000);`
			`}`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`}`
			`}`

			`Status startDistributed() {`
Allow distributed plugin changes and reduce ifdefs (#2670) 2016-10-22 07:27:04 +00:00			`if (!FLAGS_disable_distributed) {`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`Dispatcher::addService(std::make_shared<DistributedRunner>());`
			`return Status(0, "OK");`
			`} else {`
			`return Status(1, "Distributed query service not enabled.");`
			`}`
			`}`
			`}`