2016-01-21 08:23:05 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2016-01-21 08:23:05 +00:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
2016-03-21 22:27:51 +00:00
|
|
|
#include <osquery/dispatcher.h>
|
2016-01-21 08:23:05 +00:00
|
|
|
#include <osquery/logger.h>
|
|
|
|
|
|
2016-04-15 16:49:35 +00:00
|
|
|
#include "osquery/logger/plugins/buffered.h"
|
2016-01-21 08:23:05 +00:00
|
|
|
|
2016-04-15 16:49:35 +00:00
|
|
|
namespace osquery {
|
2016-01-21 08:23:05 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A log forwarder thread flushing database-buffered logs.
|
|
|
|
|
*
|
2016-04-15 16:49:35 +00:00
|
|
|
* The TLSLogForwarder flushes buffered result and status logs based
|
2016-01-21 08:23:05 +00:00
|
|
|
* on CLI/options settings. If an enrollment key is set (and checked) during
|
|
|
|
|
* startup, this Dispatcher service is started.
|
|
|
|
|
*/
|
2016-04-15 16:49:35 +00:00
|
|
|
class TLSLogForwarder : public BufferedLogForwarder {
|
2016-01-21 08:23:05 +00:00
|
|
|
public:
|
2016-04-15 16:49:35 +00:00
|
|
|
explicit TLSLogForwarder(const std::string& node_key);
|
2016-01-21 08:23:05 +00:00
|
|
|
|
|
|
|
|
protected:
|
2016-04-15 16:49:35 +00:00
|
|
|
Status send(std::vector<std::string>& log_data,
|
|
|
|
|
const std::string& log_type) override;
|
2016-01-21 08:23:05 +00:00
|
|
|
|
|
|
|
|
/// Receive an enrollment/node key from the backing store cache.
|
|
|
|
|
std::string node_key_;
|
|
|
|
|
|
|
|
|
|
/// Endpoint URI
|
|
|
|
|
std::string uri_;
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
friend class TLSLoggerTests;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
class TLSLoggerPlugin : public LoggerPlugin {
|
|
|
|
|
public:
|
|
|
|
|
/**
|
|
|
|
|
* @brief The osquery logger initialization method.
|
|
|
|
|
*
|
|
|
|
|
* LoggerPlugin::init is optionally used by logger plugins to receive a
|
|
|
|
|
* buffer of status logs generated between application start and logger
|
|
|
|
|
* initialization. TLSLoggerPlugin will further buffer these logs into the
|
|
|
|
|
* backing store. They will flush to a TLS endpoint under normal conditions
|
|
|
|
|
* in a supporting/asynchronous thread.
|
|
|
|
|
*/
|
2016-05-11 19:05:09 +00:00
|
|
|
void init(const std::string& name,
|
|
|
|
|
const std::vector<StatusLogLine>& log) override;
|
2016-01-21 08:23:05 +00:00
|
|
|
|
2016-04-15 16:49:35 +00:00
|
|
|
/// Setup node key and worker thread for sending logs.
|
|
|
|
|
Status setUp() override;
|
|
|
|
|
|
2016-05-11 19:05:09 +00:00
|
|
|
bool usesLogStatus() override { return true; }
|
|
|
|
|
|
|
|
|
|
protected:
|
2016-01-21 08:23:05 +00:00
|
|
|
/// Log a result string. This is the basic catch-all for snapshots and events.
|
|
|
|
|
Status logString(const std::string& s) override;
|
|
|
|
|
|
|
|
|
|
/// Log a status (ERROR/WARNING/INFO) message.
|
|
|
|
|
Status logStatus(const std::vector<StatusLogLine>& log) override;
|
|
|
|
|
|
|
|
|
|
private:
|
2016-04-15 16:49:35 +00:00
|
|
|
/// Forwarder that buffers/sends logs. Runs in a Dispatcher thread.
|
|
|
|
|
std::shared_ptr<TLSLogForwarder> forwarder_{nullptr};
|
2016-01-21 08:23:05 +00:00
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
friend class TLSLoggerTests;
|
|
|
|
|
};
|
|
|
|
|
}
|
