2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-05-12 06:31:13 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
#include <exception>
|
2014-09-02 01:15:17 +00:00
|
|
|
#include <mutex>
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/filesystem.h>
|
|
|
|
|
#include <osquery/flags.h>
|
2015-01-21 21:36:55 +00:00
|
|
|
#include <osquery/logger.h>
|
2014-10-30 22:03:05 +00:00
|
|
|
|
2015-04-30 01:53:25 +00:00
|
|
|
namespace pt = boost::property_tree;
|
2015-02-16 02:15:06 +00:00
|
|
|
namespace fs = boost::filesystem;
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2015-02-17 08:36:20 +00:00
|
|
|
FLAG(string,
|
|
|
|
|
logger_path,
|
|
|
|
|
"/var/log/osquery/",
|
|
|
|
|
"Directory path for ERROR/WARN/INFO and results logging");
|
2015-03-30 19:49:57 +00:00
|
|
|
/// Legacy, backward compatible "osquery_log_dir" CLI option.
|
2015-02-17 08:36:20 +00:00
|
|
|
FLAG_ALIAS(std::string, osquery_log_dir, logger_path);
|
2015-02-16 02:15:06 +00:00
|
|
|
|
|
|
|
|
const std::string kFilesystemLoggerFilename = "osqueryd.results.log";
|
2015-04-30 01:53:25 +00:00
|
|
|
const std::string kFilesystemLoggerSnapshots = "osqueryd.snapshots.log";
|
|
|
|
|
const std::string kFilesystemLoggerHealth = "osqueryd.health.log";
|
2015-02-16 02:15:06 +00:00
|
|
|
|
2014-09-02 01:15:17 +00:00
|
|
|
std::mutex filesystemLoggerPluginMutex;
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
class FilesystemLoggerPlugin : public LoggerPlugin {
|
2014-08-15 07:25:30 +00:00
|
|
|
public:
|
2015-01-30 18:44:25 +00:00
|
|
|
Status setUp();
|
|
|
|
|
Status logString(const std::string& s);
|
2015-04-30 01:53:25 +00:00
|
|
|
Status logStringToFile(const std::string& s, const std::string& filename);
|
|
|
|
|
Status logSnapshot(const std::string& s);
|
|
|
|
|
Status logHealth(const std::string& s);
|
2015-02-16 02:15:06 +00:00
|
|
|
Status init(const std::string& name, const std::vector<StatusLogLine>& log);
|
|
|
|
|
Status logStatus(const std::vector<StatusLogLine>& log);
|
2015-01-30 18:44:25 +00:00
|
|
|
|
|
|
|
|
private:
|
2015-02-16 02:15:06 +00:00
|
|
|
fs::path log_path_;
|
2015-01-30 18:44:25 +00:00
|
|
|
};
|
|
|
|
|
|
2015-01-31 08:25:51 +00:00
|
|
|
REGISTER(FilesystemLoggerPlugin, "logger", "filesystem");
|
2015-01-30 18:44:25 +00:00
|
|
|
|
|
|
|
|
Status FilesystemLoggerPlugin::setUp() {
|
2015-04-30 01:53:25 +00:00
|
|
|
log_path_ = fs::path(FLAGS_logger_path);
|
2015-01-30 18:44:25 +00:00
|
|
|
return Status(0, "OK");
|
|
|
|
|
}
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2015-01-30 18:44:25 +00:00
|
|
|
Status FilesystemLoggerPlugin::logString(const std::string& s) {
|
2015-04-30 01:53:25 +00:00
|
|
|
return logStringToFile(s, kFilesystemLoggerFilename);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status FilesystemLoggerPlugin::logStringToFile(const std::string& s,
|
|
|
|
|
const std::string& filename) {
|
2015-01-30 18:44:25 +00:00
|
|
|
std::lock_guard<std::mutex> lock(filesystemLoggerPluginMutex);
|
|
|
|
|
try {
|
|
|
|
|
// The results log may contain sensitive information if run as root.
|
2015-04-30 01:53:25 +00:00
|
|
|
auto status = writeTextFile((log_path_ / filename).string(), s, 0640, true);
|
2015-01-30 18:44:25 +00:00
|
|
|
if (!status.ok()) {
|
|
|
|
|
return status;
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
} catch (const std::exception& e) {
|
|
|
|
|
return Status(1, e.what());
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
return Status(0, "OK");
|
|
|
|
|
}
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2015-02-16 02:15:06 +00:00
|
|
|
Status FilesystemLoggerPlugin::logStatus(
|
|
|
|
|
const std::vector<StatusLogLine>& log) {
|
|
|
|
|
for (const auto& item : log) {
|
2015-04-30 01:53:25 +00:00
|
|
|
// Emit this intermediate log to the Glog filesystem logger.
|
2015-02-16 02:15:06 +00:00
|
|
|
google::LogMessage(item.filename.c_str(),
|
|
|
|
|
item.line,
|
|
|
|
|
(google::LogSeverity)item.severity).stream()
|
|
|
|
|
<< item.message;
|
|
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-02-16 02:15:06 +00:00
|
|
|
return Status(0, "OK");
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-30 01:53:25 +00:00
|
|
|
Status FilesystemLoggerPlugin::logSnapshot(const std::string& s) {
|
|
|
|
|
// Send the snapshot data to a separate filename.
|
|
|
|
|
return logStringToFile(s, kFilesystemLoggerSnapshots);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status FilesystemLoggerPlugin::logHealth(const std::string& s) {
|
|
|
|
|
return logStringToFile(s, kFilesystemLoggerHealth);
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-16 02:15:06 +00:00
|
|
|
Status FilesystemLoggerPlugin::init(const std::string& name,
|
|
|
|
|
const std::vector<StatusLogLine>& log) {
|
2015-04-30 01:53:25 +00:00
|
|
|
// Stop the internal Glog facilities.
|
2015-02-16 02:15:06 +00:00
|
|
|
google::ShutdownGoogleLogging();
|
|
|
|
|
|
|
|
|
|
// The log dir is used for status logging and the filesystem results logs.
|
2015-04-30 01:53:25 +00:00
|
|
|
if (isWritable(log_path_.string()).ok()) {
|
|
|
|
|
FLAGS_log_dir = log_path_.string();
|
2015-02-16 02:15:06 +00:00
|
|
|
FLAGS_logtostderr = false;
|
|
|
|
|
} else {
|
|
|
|
|
// If we cannot write logs to the filesystem, fallback to stderr.
|
|
|
|
|
// The caller (flags/options) might 'also' be logging to stderr using
|
|
|
|
|
// debug, verbose, etc.
|
|
|
|
|
FLAGS_logtostderr = true;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-30 01:53:25 +00:00
|
|
|
// Restart the Glog facilities using the name `init` was provided.
|
2015-02-16 02:15:06 +00:00
|
|
|
google::InitGoogleLogging(name.c_str());
|
|
|
|
|
|
2015-04-30 01:53:25 +00:00
|
|
|
// We may violate Glog global object assumptions. So set names manually.
|
|
|
|
|
auto basename = (log_path_ / name).string();
|
2015-03-30 19:49:57 +00:00
|
|
|
google::SetLogDestination(google::INFO, (basename + ".INFO.").c_str());
|
|
|
|
|
google::SetLogDestination(google::WARNING, (basename + ".WARNING.").c_str());
|
|
|
|
|
google::SetLogDestination(google::ERROR, (basename + ".ERROR.").c_str());
|
2015-02-16 02:15:06 +00:00
|
|
|
|
|
|
|
|
// Store settings for logging to stderr.
|
|
|
|
|
bool log_to_stderr = FLAGS_logtostderr;
|
|
|
|
|
bool also_log_to_stderr = FLAGS_alsologtostderr;
|
2015-04-30 01:53:25 +00:00
|
|
|
int stderr_threshold = FLAGS_stderrthreshold;
|
2015-02-16 02:15:06 +00:00
|
|
|
FLAGS_alsologtostderr = false;
|
|
|
|
|
FLAGS_logtostderr = false;
|
2015-04-30 01:53:25 +00:00
|
|
|
FLAGS_stderrthreshold = 5;
|
2015-02-16 02:15:06 +00:00
|
|
|
|
2015-04-30 01:53:25 +00:00
|
|
|
// Now funnel the intermediate status logs provided to `init`.
|
2015-02-16 02:15:06 +00:00
|
|
|
logStatus(log);
|
|
|
|
|
|
|
|
|
|
// Restore settings for logging to stderr.
|
|
|
|
|
FLAGS_logtostderr = log_to_stderr;
|
|
|
|
|
FLAGS_alsologtostderr = also_log_to_stderr;
|
2015-04-30 01:53:25 +00:00
|
|
|
FLAGS_stderrthreshold = stderr_threshold;
|
2015-02-16 02:15:06 +00:00
|
|
|
|
|
|
|
|
// The filesystem logger cheats and uses Glog to log to the filesystem so
|
|
|
|
|
// we can return failure here and stop the custom log sink.
|
|
|
|
|
return Status(1, "No status logger used for filesystem");
|
|
|
|
|
}
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
