2015-06-13 01:13:55 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2015-06-13 01:13:55 +00:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <syslog.h>
|
|
|
|
|
|
|
|
#include <osquery/flags.h>
|
|
|
|
#include <osquery/logger.h>
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
|
|
|
FLAG(int32,
|
|
|
|
logger_syslog_facility,
|
|
|
|
LOG_LOCAL3 >> 3,
|
|
|
|
"Syslog facility for status and results logs (0-23, default 19)");
|
|
|
|
|
2016-12-09 01:35:20 +00:00
|
|
|
FLAG(bool,
|
|
|
|
logger_syslog_prepend_cee,
|
|
|
|
false,
|
|
|
|
"Prepend @cee: tag to logged JSON messages");
|
|
|
|
|
2015-06-13 01:13:55 +00:00
|
|
|
class SyslogLoggerPlugin : public LoggerPlugin {
|
|
|
|
public:
|
2016-05-11 19:05:09 +00:00
|
|
|
bool usesLogStatus() override { return true; }
|
|
|
|
|
|
|
|
protected:
|
2016-02-22 01:56:47 +00:00
|
|
|
Status logString(const std::string& s) override;
|
2016-05-11 19:05:09 +00:00
|
|
|
void init(const std::string& name,
|
|
|
|
const std::vector<StatusLogLine>& log) override;
|
2016-02-22 01:56:47 +00:00
|
|
|
Status logStatus(const std::vector<StatusLogLine>& log) override;
|
2015-06-13 01:13:55 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
REGISTER(SyslogLoggerPlugin, "logger", "syslog");
|
|
|
|
|
|
|
|
Status SyslogLoggerPlugin::logString(const std::string& s) {
|
2016-12-09 01:35:20 +00:00
|
|
|
if (FLAGS_logger_syslog_prepend_cee) {
|
|
|
|
syslog(LOG_INFO, "@cee:%s", s.c_str());
|
|
|
|
} else {
|
|
|
|
syslog(LOG_INFO, "%s", s.c_str());
|
|
|
|
}
|
2015-06-13 01:13:55 +00:00
|
|
|
return Status(0, "OK");
|
|
|
|
}
|
|
|
|
|
|
|
|
Status SyslogLoggerPlugin::logStatus(const std::vector<StatusLogLine>& log) {
|
|
|
|
for (const auto& item : log) {
|
|
|
|
int severity = LOG_NOTICE;
|
|
|
|
if (item.severity == O_INFO) {
|
|
|
|
severity = LOG_NOTICE;
|
|
|
|
} else if (item.severity == O_WARNING) {
|
|
|
|
severity = LOG_WARNING;
|
|
|
|
} else if (item.severity == O_ERROR) {
|
|
|
|
severity = LOG_ERR;
|
|
|
|
} else if (item.severity == O_FATAL) {
|
|
|
|
severity = LOG_CRIT;
|
|
|
|
}
|
|
|
|
|
2015-11-24 05:52:00 +00:00
|
|
|
std::string line = "severity=" + std::to_string(item.severity) +
|
|
|
|
" location=" + item.filename + ":" +
|
|
|
|
std::to_string(item.line) + " message=" + item.message;
|
2015-06-13 01:13:55 +00:00
|
|
|
|
|
|
|
syslog(severity, "%s", line.c_str());
|
|
|
|
}
|
|
|
|
return Status(0, "OK");
|
|
|
|
}
|
|
|
|
|
2016-05-11 19:05:09 +00:00
|
|
|
void SyslogLoggerPlugin::init(const std::string& name,
|
|
|
|
const std::vector<StatusLogLine>& log) {
|
2015-06-13 01:13:55 +00:00
|
|
|
closelog();
|
|
|
|
|
|
|
|
// Define the syslog/target's application name.
|
2015-11-24 05:52:00 +00:00
|
|
|
if (FLAGS_logger_syslog_facility < 0 || FLAGS_logger_syslog_facility > 23) {
|
2015-06-13 01:13:55 +00:00
|
|
|
FLAGS_logger_syslog_facility = LOG_LOCAL3 >> 3;
|
|
|
|
}
|
|
|
|
openlog(name.c_str(), LOG_PID | LOG_CONS, FLAGS_logger_syslog_facility << 3);
|
|
|
|
|
|
|
|
// Now funnel the intermediate status logs provided to `init`.
|
2016-05-11 19:05:09 +00:00
|
|
|
logStatus(log);
|
2015-06-13 01:13:55 +00:00
|
|
|
}
|
|
|
|
}
|