2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
#include <algorithm>
|
|
|
|
|
#include <thread>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/flags.h>
|
|
|
|
|
#include <osquery/logger.h>
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2015-02-05 00:54:44 +00:00
|
|
|
/// `logger` defines the default log receiver plugin name.
|
2014-10-27 16:34:13 +00:00
|
|
|
DEFINE_osquery_flag(string,
|
2015-02-05 00:54:44 +00:00
|
|
|
logger_plugin,
|
2014-10-27 16:34:13 +00:00
|
|
|
"filesystem",
|
2015-02-05 00:54:44 +00:00
|
|
|
"The default logger plugin");
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-10-27 16:34:13 +00:00
|
|
|
DEFINE_osquery_flag(bool,
|
|
|
|
|
log_result_events,
|
|
|
|
|
true,
|
2015-02-05 00:54:44 +00:00
|
|
|
"Log scheduled results as events");
|
2014-10-24 22:02:27 +00:00
|
|
|
|
2015-01-30 18:44:25 +00:00
|
|
|
Status LoggerPlugin::call(const PluginRequest& request,
|
|
|
|
|
PluginResponse& response) {
|
|
|
|
|
if (request.count("string") == 0) {
|
|
|
|
|
return Status(1, "Logger plugins only support a request string");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this->logString(request.at("string"));
|
|
|
|
|
return Status(0, "OK");
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-31 00:35:19 +00:00
|
|
|
Status logString(const std::string& s) {
|
2015-02-05 00:54:44 +00:00
|
|
|
return logString(s, FLAGS_logger_plugin);
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status logString(const std::string& s, const std::string& receiver) {
|
2015-01-31 08:25:51 +00:00
|
|
|
if (!Registry::exists("logger", receiver)) {
|
2014-07-31 00:35:19 +00:00
|
|
|
LOG(ERROR) << "Logger receiver " << receiver << " not found";
|
|
|
|
|
return Status(1, "Logger receiver not found");
|
|
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-01-31 08:25:51 +00:00
|
|
|
auto status = Registry::call("logger", receiver, {{"string", s}});
|
2014-07-31 00:35:19 +00:00
|
|
|
return Status(0, "OK");
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-21 21:29:28 +00:00
|
|
|
Status logScheduledQueryLogItem(const osquery::ScheduledQueryLogItem& results) {
|
2015-02-05 00:54:44 +00:00
|
|
|
return logScheduledQueryLogItem(results, FLAGS_logger_plugin);
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
|
|
|
|
|
2014-09-21 21:29:28 +00:00
|
|
|
Status logScheduledQueryLogItem(const osquery::ScheduledQueryLogItem& results,
|
|
|
|
|
const std::string& receiver) {
|
2014-07-31 00:35:19 +00:00
|
|
|
std::string json;
|
2014-10-24 22:02:27 +00:00
|
|
|
Status status;
|
|
|
|
|
if (FLAGS_log_result_events) {
|
|
|
|
|
status = serializeScheduledQueryLogItemAsEventsJSON(results, json);
|
|
|
|
|
} else {
|
|
|
|
|
status = serializeScheduledQueryLogItemJSON(results, json);
|
|
|
|
|
}
|
|
|
|
|
if (!status.ok()) {
|
|
|
|
|
return status;
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
|
|
|
|
return logString(json, receiver);
|
|
|
|
|
}
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
