valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch '3.2' into 3.2-better-reset

Browse Source
This commit is contained in:
Javier Castro 2018-03-13 11:32:15 +01:00 committed by GitHub
commit 7c852bde6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 649 additions and 431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package.json
View File

@ -1,7 +1,7 @@
{
"name": "wazuh",
"version": "3.2.1",
"revision": "0385",
"revision": "0386",
"kibana": {
"version": "6.2.2"
},
@ -33,6 +33,7 @@
"js-yaml": "3.10.0",
"lodash": "3.10.1",
"needle": "^2.0.1",
"node-cron": "^1.1.2"
"node-cron": "^1.1.2",
"winston": "3.0.0-rc1"
}
}

26
server/api/wazuh-api-elastic.js
View File

@ -11,10 +11,10 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
size: '100'
})
.then((data) => {
.then(data => {
reply(data.hits.hits);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -26,10 +26,10 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
id: req.params.id
})
.then((data) => {
.then(data => {
reply(data);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -42,7 +42,7 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
q: 'active:true'
})
.then((data) => {
.then(data => {
if (data.hits.total === 1) {
// Setting off previous default
elasticRequest.callWithRequest(req, 'update', {
@ -72,7 +72,7 @@ module.exports = (server, options) => {
message: 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,
@ -98,7 +98,7 @@ module.exports = (server, options) => {
'message': 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -107,7 +107,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -122,10 +122,10 @@ module.exports = (server, options) => {
index: '.wazuh',
type: 'wazuh-configuration'
})
.then((data) => {
.then(data => {
reply(data.hits.hits);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -152,7 +152,7 @@ module.exports = (server, options) => {
'message': 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -223,7 +223,7 @@ module.exports = (server, options) => {
response: response
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,
@ -249,7 +249,7 @@ module.exports = (server, options) => {
message: 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,

5
server/api/wazuh-api.js
View File

@ -279,7 +279,9 @@ module.exports = (server, options) => {
}
})
.catch(error => reply({ statusCode: 400, error: '9997', data: 'An error occurred trying to obtain PCI DSS requirements from Wazuh API' }));
.catch(error => {
reply({ statusCode: 400, error: '9997', data: 'An error occurred trying to obtain PCI DSS requirements from Wazuh API' })
});
});
} else {
if (typeof pciRequirements[req.params.requirement] !== 'undefined'){
@ -394,6 +396,7 @@ module.exports = (server, options) => {
const getApiSettings = (req, reply) => {
if(!protectedRoute(req)) return reply(genericErrorBuilder(401,7,'Session expired.')).code(401);
getConfig(req.payload.id, (wapi_config) => {
if (wapi_config.error_code > 1) {
//Can not connect to elasticsearch
return reply({

22
server/api/wazuh-elastic.js
View File

@ -52,7 +52,7 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
id: id
})
.then((data) => {
.then(data => {
callback({
'user': data._source.api_user,
'password': Buffer.from(data._source.api_password, 'base64').toString("ascii"),
@ -63,7 +63,7 @@ module.exports = (server, options) => {
'extensions': data._source.extensions
});
})
.catch((error) => {
.catch(error => {
callback({
'error': 'no elasticsearch',
'error_code': 2
@ -92,7 +92,7 @@ module.exports = (server, options) => {
}
}
})
.then((resp) => {
.then(resp => {
// Update the pattern in the configuration
importAppObjects(req.params.pattern);
reply({
@ -100,7 +100,7 @@ module.exports = (server, options) => {
'data': 'Index pattern updated'
});
})
.catch((err) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,
@ -111,7 +111,7 @@ module.exports = (server, options) => {
const getTemplate = (req, reply) => {
elasticRequest.callWithInternalUser('cat.templates', {})
.then((data) => {
.then(data => {
if (req.params.pattern == "wazuh-alerts-3.x-*" && data.includes("wazuh-alerts-3.*")) {
reply({
'statusCode': 200,
@ -147,7 +147,7 @@ module.exports = (server, options) => {
}
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 10000,
@ -188,7 +188,7 @@ module.exports = (server, options) => {
'data': 'Index pattern not found'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 10000,
@ -250,7 +250,7 @@ module.exports = (server, options) => {
payload.aggs['2'].terms.field = req.params.field;
fetchElastic(req, payload)
.then((data) => {
.then(data => {
if (data.hits.total === 0 || typeof data.aggregations['2'].buckets[0] === 'undefined'){
reply({
@ -264,7 +264,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,
@ -279,7 +279,7 @@ module.exports = (server, options) => {
index: '.wazuh-version',
type: 'wazuh-version'
})
.then((data) => {
.then(data => {
if (data.hits.total === 0) {
reply({
'statusCode': 200,
@ -292,7 +292,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,

271
server/initialize.js
View File

@ -1,17 +1,21 @@
const needle = require('needle');
// Colors for console logging
const colors = require('ansicolors');
const blueWazuh = colors.blue('wazuh');
const fs = require('fs');
const yml = require('js-yaml');
const path = require('path');
const { log } = require('./logger');
const OBJECTS_FILE = './integration-files/objects-file.json';
const APP_OBJECTS_FILE = './integration-files/app-objects-file-alerts.json';
const KIBANA_TEMPLATE = './integration-files/kibana-template.json';
const fs = require('fs');
const yml = require('js-yaml');
const path = require('path');
module.exports = (server, options) => {
log('initialize.js', 'Initializing', 'info');
// Elastic JS Client
const elasticRequest = server.plugins.elasticsearch.getCluster('data');
@ -24,26 +28,27 @@ module.exports = (server, options) => {
// Read config from package.json and config.yml
try {
configurationFile = yml.load(fs.readFileSync(path.join(__dirname,'../config.yml'), {encoding: 'utf-8'}));
configurationFile = yml.load(fs.readFileSync(path.join(__dirname, '../config.yml'), { encoding: 'utf-8' }));
global.loginEnabled = (configurationFile && typeof configurationFile['login.enabled'] !== 'undefined') ? configurationFile['login.enabled'] : false;
pattern = (configurationFile && typeof configurationFile.pattern !== 'undefined') ? configurationFile.pattern : 'wazuh-alerts-3.x-*';
packageJSON = require('../package.json');
} catch (e) {
log('initialize.js', e.message || e);
server.log([blueWazuh, 'initialize', 'error'], 'Something went wrong while reading the configuration.' + e.message);
}
if(typeof global.sessions === 'undefined') {
global.sessions = { };
if (typeof global.sessions === 'undefined') {
global.sessions = {};
}
global.protectedRoute = req => {
if(!loginEnabled) return true;
if (!loginEnabled) return true;
const session = (req.headers && req.headers.code) ? sessions[req.headers.code] : null;
if(!session) return false;
if (!session) return false;
const timeElapsed = (new Date() - session.created) / 1000;
if(timeElapsed >= session.exp){
if (timeElapsed >= session.exp) {
delete sessions[req.payload.code];
return false;
}
@ -54,18 +59,20 @@ module.exports = (server, options) => {
// Importing Wazuh built-in visualizations and dashboards
const importObjects = (id) => {
log('initialize.js importObjects', 'Importing objects (Searches, visualizations and dashboards) into Elasticsearch...','info');
server.log([blueWazuh, 'initialize', 'info'], 'Importing objects (Searches, visualizations and dashboards) into Elasticsearch...');
try {
objects = require(OBJECTS_FILE);
} catch (e) {
log('initialize.js', e.message || e);
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the objects file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + OBJECTS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
}
let body = '';
for(let element of objects){
for (let element of objects) {
body += '{ "index": { "_index": ".kibana", "_type": "doc", ' +
'"_id": "' + element._type + ':' + element._id + '" } }\n';
@ -91,9 +98,11 @@ module.exports = (server, options) => {
index: ['.kibana', index_pattern]
}))
.then(() => {
log('initialize.js importObjects', 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.','info');
server.log([blueWazuh, 'initialize', 'info'], 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.');
})
.catch((error) => {
.catch(error => {
log('initialize.js importObjects', error.message || error);
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
});
};
@ -101,18 +110,20 @@ module.exports = (server, options) => {
// Importing Wazuh app visualizations and dashboards
const importAppObjects = (id) => {
console.log("Importing objects");
log('initialize.js importAppObjects', 'Importing Wazuh app visualizations...','info')
server.log([blueWazuh, 'initialize', 'info'], 'Importing Wazuh app visualizations...');
try {
app_objects = require(APP_OBJECTS_FILE);
} catch (e) {
log('initialize.js importAppObjects', e.message || e)
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the objects file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + APP_OBJECTS_FILE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
}
let body = '';
for(let element of app_objects){
for (let element of app_objects) {
body += '{ "index": { "_index": ".kibana", "_type": "doc", ' + '"_id": "' + element._type + ':' + element._id + '" } }\n';
let temp = {};
@ -137,15 +148,18 @@ module.exports = (server, options) => {
index: ['.kibana', index_pattern]
}))
.then(() => {
log('initialize.js importAppObjects', 'Wazuh app visualizations were successfully installed. App ready to be used.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh app visualizations were successfully installed. App ready to be used.');
})
.catch((error) => {
.catch(error => {
log('initialize.js importAppObjects', error.message || error);
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
});
};
// Create index pattern TODO: remove hardcoded index-patterns ids
const createIndexPattern = () => {
log('initialize.js createIndexPattern', `Creating index pattern: ${index_pattern}`,'info')
server.log([blueWazuh, 'initialize', 'info'], `Creating index pattern: ${index_pattern}`);
let patternId = 'index-pattern:' + index_pattern;
@ -162,13 +176,15 @@ module.exports = (server, options) => {
}
}
})
.then((resp) => {
.then(resp => {
log('initialize.js createIndexPattern', `Created index pattern: ${index_pattern}`,'info')
server.log([blueWazuh, 'initialize', 'info'], 'Created index pattern: ' + index_pattern);
// Import objects (dashboards and visualizations)
importObjects(index_pattern);
importAppObjects(index_pattern);
})
.catch((err) => {
.catch(error => {
log('initialize.js createIndexPattern', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Error creating index-pattern.');
});
};
@ -176,16 +192,20 @@ module.exports = (server, options) => {
// Configure Kibana status: Index pattern, default index pattern, default time, import dashboards.
const configureKibana = (type) => {
if (type === "install") {
elasticRequest .callWithInternalUser('search', {
elasticRequest.callWithInternalUser('search', {
index: '.kibana',
type: 'doc',
q: `index-pattern.title:"${index_pattern}"`
})
.then((data) => {
if (data.hits.total >= 1) server.log([blueWazuh, 'initialize', 'info'], 'Skipping index-pattern creation. Already exists.');
.then(data => {
if (data.hits.total >= 1) {
log('initialize.js configureKibana', 'Skipping index-pattern creation. Already exists.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Skipping index-pattern creation. Already exists.');
}
else createIndexPattern();
})
.catch((error) => {
.catch(error => {
log('initialize.js configureKibana', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not reach elasticsearch.');
});
}
@ -207,10 +227,10 @@ module.exports = (server, options) => {
}
let shard_configuration = {
"settings" : {
"index" : {
"number_of_shards" : shards,
"number_of_replicas" : replicas
"settings": {
"index": {
"number_of_shards": shards,
"number_of_replicas": replicas
}
}
};
@ -237,13 +257,31 @@ module.exports = (server, options) => {
body: configuration
})
.then(() => {
let configuration = {
"name": "Wazuh App",
"app-version": packageJSON.version,
"revision": packageJSON.revision,
"installationDate": new Date().toISOString()
};
elasticRequest.callWithInternalUser('create', {
index: ".wazuh-version",
type: 'wazuh-version',
id: 1,
body: configuration
})
.then(() => {
log('initialize.js saveConfiguration', 'Wazuh configuration inserted','info')
server.log([blueWazuh, 'initialize', 'info'], 'Wazuh configuration inserted');
})
.catch((error) => {
.catch(error => {
log('initialize.js saveConfiguration', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not insert Wazuh configuration');
});
})
.catch((error) => {
.catch(error => {
log('initialize.js saveConfiguration', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Error creating index .wazuh-version.');
});
};
@ -259,6 +297,18 @@ module.exports = (server, options) => {
let shards = 1;
let replicas = 1;
if (configurationFile) {
if (configurationFile["wazuh.shards"]) {
shards = configurationFile["wazuh.shards"];
}
if (configurationFile["wazuh.replicas"]) {
replicas = configurationFile["wazuh.replicas"];
}
}
let shards = 1;
let replicas = 1;
if (configurationFile) {
if (configurationFile["wazuh.shards"]) {
shards = configurationFile["wazuh.shards"];
@ -269,10 +319,10 @@ module.exports = (server, options) => {
}
let configuration = {
"settings" : {
"index" : {
"number_of_shards" : shards,
"number_of_replicas" : replicas
"settings": {
"index": {
"number_of_shards": shards,
"number_of_replicas": replicas
}
}
};
@ -282,9 +332,10 @@ module.exports = (server, options) => {
body: configuration
})
.then(() => {
log('initialize.js init', 'Index .wazuh created.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Index .wazuh created.');
})
.catch((error) => {
.catch(error => {
server.log([blueWazuh, 'initialize', 'error'], 'Error creating index .wazuh.');
});
} else { // The .wazuh index exists, we now proceed to check whether it's from an older version
@ -293,16 +344,21 @@ module.exports = (server, options) => {
type: "wazuh-setup",
id: "1"
})
.then((data) => {
.then(data => {
// Reindex!
reindexOldVersion();
})
.catch((error) => {
.catch(error => {
if (error.message && error.message !== 'Not Found') {
log('initialize.js init 1', error.message || error);
}
log('initialize.js init', 'No older .wazuh index found -> no need to reindex.','info')
server.log([blueWazuh, 'initialize', 'info'], 'No older .wazuh index found -> no need to reindex.');
});
}
})
.catch((error) => {
.catch(error => {
log('initialize.js init 2', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not check if .wazuh index exists due to ' + error);
});
@ -333,13 +389,33 @@ module.exports = (server, options) => {
server.log([blueWazuh, 'initialize', 'error'], 'Could not update version information due to ' + error);
});
elasticRequest.callWithInternalUser('update', {
index: '.wazuh-version',
type: 'wazuh-version',
id: 1,
body: {
'doc': {
"app-version": packageJSON.version,
"revision": packageJSON.revision
}
}
})
.then(response => {
log('initialize.js init', 'Successfully updated version information','info')
server.log([blueWazuh, 'initialize', 'info'], 'Successfully updated version information');
})
.catch(error => {
log('initialize.js init 3', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not update version information due to ' + error);
});
// We search for the currently applied pattern in the visualizations
elasticRequest .callWithInternalUser('search', {
elasticRequest.callWithInternalUser('search', {
index: '.kibana',
type: 'doc',
q: `visualization.title:"Wazuh App Overview General Metric alerts"`
})
.then((data) => {
.then(data => {
elasticRequest.callWithInternalUser('deleteByQuery', {
index: '.kibana',
@ -364,16 +440,19 @@ module.exports = (server, options) => {
// Update the visualizations
importAppObjects(JSON.parse(data.hits.hits[0]._source.visualization.kibanaSavedObjectMeta.searchSourceJSON).index);
})
.catch((error) => {
.catch(error => {
log('initialize.js init 4', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not update visualizations due to ' + error);
});
})
.catch((error) => {
.catch(error => {
log('initialize.js init 5', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not get a sample for the pattern due to ' + error);
});
})
.catch((error) => {
.catch(error => {
log('initialize.js init 6', error.message || error);
server.log([blueWazuh, 'initialize', 'info'], '.wazuh-version document does not exist. Initializating configuration...');
// Save Setup Info
@ -383,14 +462,16 @@ module.exports = (server, options) => {
};
const createKibanaTemplate = () => {
log('initialize.js createKibanaTemplate', 'Creating template for .kibana.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Creating template for .kibana.');
try {
kibana_template = require(KIBANA_TEMPLATE);
} catch (e) {
} catch (error) {
log('initialize.js init 6', error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not read the .kibana template file.');
server.log([blueWazuh, 'initialize', 'error'], 'Path: ' + KIBANA_TEMPLATE);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + e);
server.log([blueWazuh, 'initialize', 'error'], 'Exception: ' + error);
}
return elasticRequest.callWithInternalUser('indices.putTemplate',
@ -407,57 +488,70 @@ module.exports = (server, options) => {
elasticRequest.callWithInternalUser('indices.exists', {
index: ".kibana"
})
.then((data) => {
.then(data => {
if (data) { // It exists, initialize!
init();
}
else { // No .kibana index created...
log('initialize.js checkKibanaStatus', 'Didn\'t find .kibana index...','info')
server.log([blueWazuh, 'initialize', 'info'], "Didn't find .kibana index...");
elasticRequest.callWithInternalUser('indices.getTemplate',
{
name: 'wazuh-kibana'
})
.then((data) => {
.then(data => {
log('initialize.js checkKibanaStatus', 'No need to create the .kibana template, already exists.','info')
server.log([blueWazuh, 'initialize', 'info'], 'No need to create the .kibana template, already exists.');
elasticRequest.callWithInternalUser('indices.create', { index: '.kibana' })
.then((data) => {
.then(data => {
log('initialize.js checkKibanaStatus', 'Successfully created .kibana index.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Successfully created .kibana index.');
init();
})
.catch((error) => {
.catch(error => {
log('initialize.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Error creating .kibana index due to ' + error);
});
})
.catch((error) => {
.catch(error => {
log('initialize.js checkKibanaStatus',
error.message || error
);
createKibanaTemplate()
.then((data) => {
.then(data => {
log('initialize.js checkKibanaStatus', 'Successfully created .kibana template.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Successfully created .kibana template.');
elasticRequest.callWithInternalUser('indices.create', { index: '.kibana' })
.then((data) => {
.then(data => {
log('initialize.js checkKibanaStatus', 'Successfully created .kibana index.','info')
server.log([blueWazuh, 'initialize', 'info'], 'Successfully created .kibana index.');
init();
})
.catch((error) => {
.catch(error => {
log('initialize.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Error creating .kibana index due to ' + error);
});
}).catch((error) => {
}).catch(error => {
log('initialize.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Error creating template for .kibana due to ' + error);
});
});
}
})
.catch((error) => {
.catch(error => {
log('initialize.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'initialize', 'error'], 'Could not check .kibana index due to ' + error);
});
};
// Wait until Elasticsearch js is ready
const checkStatus = () => {
server.plugins.elasticsearch.waitUntilReady().then((data) => { checkKibanaStatus() })
.catch((error) => {
server.plugins.elasticsearch.waitUntilReady().then(data => { checkKibanaStatus() })
.catch(error => {
log('initialize.js checkStatus',error.message || error);
server.log([blueWazuh, 'initialize', 'info'], 'Waiting for elasticsearch plugin to be ready...');
setTimeout(() => checkStatus(), 3000);
});
@ -467,7 +561,7 @@ module.exports = (server, options) => {
// Now, let's see whether they have a 2.x or 3.x version
let id = wapi_config._id;
wapi_config = wapi_config._source;
log('initialize.js reachAPI', 'Reaching ' + wapi_config.manager,'info')
server.log([blueWazuh, 'reindex', 'info'], 'Reaching ' + wapi_config.manager);
let decoded_password = Buffer.from(wapi_config.api_password, 'base64').toString("ascii");
if (wapi_config.cluster_info === undefined) { // No cluster_info in the API configuration data -> 2.x version
@ -476,7 +570,8 @@ module.exports = (server, options) => {
password: decoded_password,
rejectUnauthorized: !wapi_config.insecure
})
.then((response) => {
.then(response => {
log('initialize.js reachAPI', 'API is reachable ' + wapi_config.manager,'info')
server.log([blueWazuh, 'reindex', 'info'], 'API is reachable ' + wapi_config.manager);
if (parseInt(response.body.error) === 0 && response.body.data) {
needle('get', `${wapi_config.url}:${wapi_config.api_port}/cluster/status`, {}, { // Checking the cluster status
@ -499,7 +594,8 @@ module.exports = (server, options) => {
wapi_config.cluster_info.manager = wapi_config.manager;
wapi_config.cluster_info.node = response.body.data.node;
wapi_config.cluster_info.cluster = response.body.data.cluster;
} else if (response.body.error){
} else if (response.body.error) {
log('initialize.js reachAPI', response.body.error || response.body);
server.log([blueWazuh, 'reindex', 'error'], 'Could not get cluster/node information for ', wapi_config.manager);
}
});
@ -523,30 +619,35 @@ module.exports = (server, options) => {
"url": wapi_config.url,
"api_port": wapi_config.api_port,
"manager": wapi_config.manager,
"cluster_info" : {
"manager" : wapi_config.manager,
"node" : wapi_config.cluster_info.node,
"cluster" : wapi_config.cluster_info.cluster,
"status" : wapi_config.cluster_info.status
"cluster_info": {
"manager": wapi_config.manager,
"node": wapi_config.cluster_info.node,
"cluster": wapi_config.cluster_info.cluster,
"status": wapi_config.cluster_info.status
},
}
}
})
.then((resp) => {
.then(resp => {
log('initialize.js reachAPI', 'Successfully updated proper cluster information for ' + wapi_config.manager,'info')
server.log([blueWazuh, 'reindex', 'info'], 'Successfully updated proper cluster information for ' + wapi_config.manager);
})
.catch((err) => {
.catch(error => {
log('initialize.js reachAPI', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Could not update proper cluster information for ' + wapi_config.manager + 'due to ' + err);
});
} else {
log('initialize.js reachAPI', 'Could not get cluster/status information for ' + wapi_config.manager)
server.log([blueWazuh, 'reindex', 'error'], 'Could not get cluster/status information for ' + wapi_config.manager);
}
});
} else {
log('initialize.js reachAPI', 'The API responded with some kind of error for ' + wapi_config.manager)
server.log([blueWazuh, 'reindex', 'error'], 'The API responded with some kind of error for ' + wapi_config.manager);
}
})
.catch(error => {
log('initialize.js reachAPI', error.message || error);
server.log([blueWazuh, 'reindex', 'info'], 'API is NOT reachable ' + wapi_config.manager);
// We weren't able to reach the API, reorganize data and fill with sample node and cluster name information
elasticRequest.callWithInternalUser('update', {
@ -560,30 +661,34 @@ module.exports = (server, options) => {
"url": wapi_config.url,
"api_port": wapi_config.api_port,
"manager": wapi_config.manager,
"cluster_info" : {
"manager" : wapi_config.manager,
"node" : "nodata",
"cluster" : "nodata",
"status" : "disabled"
"cluster_info": {
"manager": wapi_config.manager,
"node": "nodata",
"cluster": "nodata",
"status": "disabled"
},
}
}
})
.then((resp) => {
.then(resp => {
log('initialize.js reachAPI', 'Successfully updated sample cluster information for ' + wapi_config.manager,'info')
server.log([blueWazuh, 'reindex', 'info'], 'Successfully updated sample cluster information for ' + wapi_config.manager);
})
.catch((err) => {
.catch(error => {
log('initialize.js reachAPI', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Could not update sample cluster information for ' + wapi_config.manager + 'due to ' + err);
});
});
} else { // 3.x version
// Nothing to be done, cluster_info is present
log('initialize.js reachAPI', 'Nothing to be done for ' + wapi_config.manager + ' as it is already a 3.x version.' + wapi_config.manager,'info')
server.log([blueWazuh, 'reindex', 'info'], 'Nothing to be done for ' + wapi_config.manager + ' as it is already a 3.x version.');
}
};
// Reindex a .wazuh index from 2.x-5.x or 3.x-5.x to .wazuh and .wazuh-version in 3.x-6.x
const reindexOldVersion = () => {
log('initialize.js reindexOldVersion', `Old version detected. Proceeding to reindex.`,'info')
server.log([blueWazuh, 'reindex', 'info'], `Old version detected. Proceeding to reindex.`);
let configuration = {
@ -598,22 +703,25 @@ module.exports = (server, options) => {
// Backing up .wazuh index
elasticRequest.callWithInternalUser('reindex', { body: configuration })
.then((result) => {
.then(result => {
log('initialize.js reindexOldVersion', 'Successfully backed up .wazuh index','info')
// And...this response does not take into acount new index population so...let's wait for it
server.log([blueWazuh, 'reindex', 'info'], 'Successfully backed up .wazuh index');
setTimeout(() => swapIndex(), 3000);
})
.catch((error) => {
.catch(error => {
log('initialize.js reindexOldVersion', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Could not begin the reindex process: ' + error);
});
};
const swapIndex = () => {
// Deleting old .wazuh index
log('initialize.js swapIndex', 'Deleting old .wazuh index','info');
server.log([blueWazuh, 'reindex', 'info'], 'Deleting old .wazuh index.');
elasticRequest.callWithInternalUser('indices.delete', { index: ".wazuh" })
.then((data) => {
.then(data => {
let configuration = {
"source": {
"index": ".old-wazuh",
@ -627,7 +735,7 @@ module.exports = (server, options) => {
"lang": "painless"
}
};
log('initialize.js swapIndex', 'Reindexing into the new .wazuh','info');
server.log([blueWazuh, 'reindex', 'info'], 'Reindexing into the new .wazuh');
// Reindexing from .old-wazuh where the type of document is wazuh-configuration into the new index .wazuh
elasticRequest.callWithInternalUser('reindex', { body: configuration })
@ -636,23 +744,26 @@ module.exports = (server, options) => {
// And...this response does not take into acount new index population so...let's wait for it
setTimeout(() => reachAPIs(), 3000);
})
.catch((error) => {
.catch(error => {
log('initialize.js swapIndex', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Could not reindex the new .wazuh: ' + error);
});
})
.catch((error) => {
.catch(error => {
log('initialize.js swapIndex', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Could not delete the old .wazuh index: ' + error);
});
};
const reachAPIs = () => {
elasticRequest.callWithInternalUser('search', { index: ".wazuh"} )
.then((data) => {
elasticRequest.callWithInternalUser('search', { index: ".wazuh" })
.then(data => {
for (var i = 0; i < data.hits.hits.length; i++) {
reachAPI(data.hits.hits[i]);
}
})
.catch((error) => {
.catch(error => {
log('initialize.js reachAPIs', error.message || error);
server.log([blueWazuh, 'reindex', 'error'], 'Something happened while getting old API configuration data: ' + error);
});
};

76
server/logger.js Normal file
View File

@ -0,0 +1,76 @@
const winston = require('winston');
const fs = require('fs');
const path = require('path');
/**
* Checks if /var/log/wazuh exists on linux systems. If it doesn't exist, it will be created.
*/
const initDirectory = () => {
if (!fs.existsSync('/var/log/wazuh') && process.platform === 'linux') {
fs.mkdirSync('/var/log/wazuh');
}
return;
}
/**
* Here we create the logger
*/
const wazuhlogger = winston.createLogger({
level : 'info',
format : winston.format.json(),
transports: [
new winston.transports.File({
filename: process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log')
})
]
});
/**
* Prevents from exit on error related to the logger.
*/
wazuhlogger.exitOnError = false;
/**
* Returns given file size in MB, if the file doesn't exist returns 0
* @param {*} filename Path to the file
*/
const getFilesizeInMegaBytes = filename => {
if (fs.existsSync(filename)) {
const stats = fs.statSync(filename)
const fileSizeInMegaBytes = stats.size
return fileSizeInMegaBytes / 1000000.0;
}
return 0;
}
/**
* Checks if the wazuhapp.log file size is greater than 100MB, if so it rotates the file.
*/
const checkFiles = () => {
if (getFilesizeInMegaBytes(process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log')) >= 100) {
fs.renameSync(
process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log'),
process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, `../../wazuhapp.${new Date().getTime()}.log`)
)
}
};
/**
* Main function to add a new log
* @param {*} location File where the log is being thrown
* @param {*} message Message to show
* @param {*} level Optional, default is 'error'
*/
const log = (location, message, level) => {
initDirectory();
checkFiles();
wazuhlogger.log({
date : new Date(),
level : level || 'error',
location: location || 'unknown',
message : message || 'An error occurred'
});
};
module.exports = { log }

71
server/monitoring.js
View File

@ -9,6 +9,8 @@ const blueWazuh = colors.blue('wazuh');
const APP_OBJECTS_FILE = './integration-files/app-objects-file-monitoring.json';
const { log } = require('./logger');
module.exports = (server, options) => {
// Elastic JS Client
const elasticRequest = server.plugins.elasticsearch.getCluster('admin');
@ -25,13 +27,15 @@ module.exports = (server, options) => {
// Read Wazuh App package file
try {
packageJSON = require('../package.json');
} catch (e) {
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the Wazuh package file due to ' + e);
} catch (error) {
log('monitoring.js', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the Wazuh package file due to ' + error.message || error);
}
// Check status and get agent status array
const checkStatus = (apiEntry, maxSize, offset) => {
if (!maxSize) {
log('monitoring.js', 'You must provide a max size');
server.log([blueWazuh, 'monitoring', 'error'], 'You must provide a max size');
}
@ -58,6 +62,7 @@ module.exports = (server, options) => {
saveStatus();
}
} else {
log('monitoring.js', 'Can not access Wazuh API');
server.log([blueWazuh, 'monitoring', 'error'], 'Can not access Wazuh API');
}
});
@ -83,6 +88,7 @@ module.exports = (server, options) => {
if (!response.error && response.body.data && response.body.data.totalItems) {
checkStatus(apiEntry, response.body.data.totalItems);
} else {
log('monitoring.js', 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.');
server.log([blueWazuh, 'monitoring', 'error'], 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.');
}
});
@ -110,6 +116,7 @@ module.exports = (server, options) => {
'insecure': element._source.insecure
};
if (apiEntry.error) {
log('monitoring.js loadCredentials', apiEntry.error || apiEntry);
server.log([blueWazuh, 'monitoring', 'error'], `Error getting wazuh-api data: ${apiEntry.error}`);
break;
}
@ -127,13 +134,15 @@ module.exports = (server, options) => {
if (data.hits.total > 0) {
callback(data.hits);
} else {
log('monitoring.js getConfig','no credentials');
callback({
'error': 'no credentials',
'error_code': 1
});
}
})
.catch(() => {
.catch(error => {
log('monitoring.js getConfig',error.message || error);
callback({
'error': 'no elasticsearch',
'error_code': 2
@ -143,14 +152,16 @@ module.exports = (server, options) => {
// Importing Wazuh app visualizations and dashboards
const importAppObjects = (id) => {
log('monitoring.js importAppObjects','Importing Wazuh app visualizations...','info');
server.log([blueWazuh, 'monitoring', 'info'], 'Importing Wazuh app visualizations...');
try {
app_objects = require(APP_OBJECTS_FILE);
} catch (e) {
} catch (error) {
log('monitoring.js importAppObjects', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the objects file.');
server.log([blueWazuh, 'monitoring', 'error'], 'Path: ' + APP_OBJECTS_FILE);
server.log([blueWazuh, 'monitoring', 'error'], 'Exception: ' + e);
server.log([blueWazuh, 'monitoring', 'error'], 'Exception: ' + error.message || error);
}
let body = '';
@ -180,9 +191,11 @@ module.exports = (server, options) => {
index: ['.kibana', index_pattern]
}))
.then(() => {
log('monitoring.js importAppObjects', 'Wazuh app visualizations were successfully installed. App ready to be used.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Wazuh app visualizations were successfully installed. App ready to be used.');
})
.catch((error) => {
.catch(error => {
log('monitoring.js importAppObjects',error.message || error);
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
});
};
@ -192,6 +205,7 @@ module.exports = (server, options) => {
// Configure Kibana patterns.
const configureKibana = () => {
log('monitoring.js configureKibana', `Creating index pattern: ${index_pattern}`, 'info');
server.log([blueWazuh, 'monitoring', 'info'], `Creating index pattern: ${index_pattern}`);
let patternId = 'index-pattern:' + index_pattern;
@ -207,23 +221,27 @@ module.exports = (server, options) => {
}
}
})
.then((resp) => {
server.log([blueWazuh, 'monitoring', 'info'], 'Created index pattern: ' + index_pattern);
.then(resp => {
log('monitoring.js configureKibana', `Created index pattern: ${index_pattern}`, 'info');
server.log([blueWazuh, 'monitoring', 'info'], `Created index pattern: ${index_pattern}`);
importAppObjects(index_pattern);
})
.catch((error) => {
.catch(error => {
log('monitoring.js configureKibana',error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Error creating index-pattern due to ' + error);
});;
});
};
// Creating wazuh-monitoring index
const createIndex = (todayIndex) => {
elasticRequest.callWithInternalUser('indices.create', { index: todayIndex })
.then(() => {
log('monitoring.js createIndex', 'Successfully created today index.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Successfully created today index.');
insertDocument(todayIndex);
})
.catch((error) => {
.catch(error => {
log('monitoring.js createIndex', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], `Could not create ${todayIndex} index on elasticsearch due to ` + error);
});
};
@ -250,7 +268,8 @@ module.exports = (server, options) => {
body: body
})
.then((response) => agentsArray.length = 0)
.catch((error) => {
.catch(error => {
log('monitoring.js insertDocument', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Error inserting agent data into elasticsearch. Bulk request failed due to ' + error);
});
}
@ -266,13 +285,15 @@ module.exports = (server, options) => {
if (result) insertDocument(todayIndex);
else createIndex(todayIndex);
})
.catch((error) => {
.catch(error => {
log('monitoring.js saveStatus', `Could not check if the index ${todayIndex} exists due to ${error.message || error}`);
server.log([blueWazuh, 'monitoring', 'error'], `Could not check if the index ${todayIndex} exists due to ` + error);
});
};
// Main. First execution when installing / loading App.
const init = () => {
log('monitoring.js init', 'Creating today index...', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Creating today index...');
saveStatus();
@ -282,10 +303,12 @@ module.exports = (server, options) => {
type: 'doc',
id: patternId
})
.then((data) => {
.then(data => {
log('monitoring.js init', 'Skipping index-pattern creation. Already exists.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Skipping index-pattern creation. Already exists.');
})
.catch((error) => {
.catch(error => {
log('monitoring.js init', 'Didn\'t find wazuh-monitoring pattern for Kibana v6.x. Proceeding to create it...');
server.log([blueWazuh, 'monitoring', 'info'], "Didn't find wazuh-monitoring pattern for Kibana v6.x. Proceeding to create it...");
elasticRequest.callWithInternalUser('delete', {
@ -293,10 +316,12 @@ module.exports = (server, options) => {
type: 'doc',
id: 'index-pattern:wazuh-monitoring-*'
})
.then((resp) => {
.then(resp => {
log('monitoring.js init', 'Successfully deleted old wazuh-monitoring pattern.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], "Successfully deleted old wazuh-monitoring pattern.");
})
.catch((error) => {
.catch(error => {
log('monitoring.js init', 'Didn\'t find old wazuh-monitoring pattern. Skipping deletion.');
server.log([blueWazuh, 'monitoring', 'info'], "Didn't find old wazuh-monitoring pattern. Skipping deletion.");
});
configureKibana();
@ -307,11 +332,12 @@ module.exports = (server, options) => {
const checkElasticsearchServer = () => {
return new Promise(function (resolve, reject) {
elasticRequest.callWithInternalUser('indices.exists', { index: ".kibana" })
.then((data) => {
if (data) server.plugins.elasticsearch.waitUntilReady().then((data) => { resolve(data); });
.then(data => {
if (data) server.plugins.elasticsearch.waitUntilReady().then(data => { resolve(data); });
else reject(data);
})
.catch((error) => {
.catch(error => {
log('monitoring.js checkElasticsearchServer',error.message || error);
reject(error);
});
})
@ -319,8 +345,9 @@ module.exports = (server, options) => {
// Wait until Kibana server is ready
const checkKibanaStatus = () => {
checkElasticsearchServer().then((data) => { init() })
.catch((error) => {
checkElasticsearchServer().then(data => { init() })
.catch(error => {
log('monitoring.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'monitoring', 'info'], 'Waiting for Kibana and Elasticsearch servers to be ready...');
setTimeout(() => checkKibanaStatus(), 3000);
});