valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1119 from wazuh/issue-1101

Browse Source 
Refresh known fields on health check
This commit is contained in:
Jesús Ángel 2019-01-03 12:12:10 +01:00 committed by GitHub
commit b6d096fff7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 207 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
public/controllers/misc/health-check.js
View File

@ -231,6 +231,11 @@ export class HealthCheck {
id: 3, id: 3,
description: 'Check Elasticsearch template', description: 'Check Elasticsearch template',
status: this.checks.template ? 'Checking...' : 'disabled' status: this.checks.template ? 'Checking...' : 'disabled'
},
{
id: 4,
description: 'Check index pattern known fields',
status: 'Checking...'
} }
); );
@ -241,6 +246,15 @@ export class HealthCheck {
await Promise.all([this.checkPatterns(), this.checkApiConnection()]); await Promise.all([this.checkPatterns(), this.checkApiConnection()]);
this.checksDone = true; this.checksDone = true;
try {
await this.genericReq.request('GET', '/elastic/known-fields/all', {});
this.results[this.results.length - 1].status = 'Ready';
} catch (error) {
this.results[this.results.length - 1].status = 'Error';
this.handleError(error);
}
if (!this.errors || !this.errors.length) { if (!this.errors || !this.errors.length) {
await this.$timeout(800); await this.$timeout(800);
this.$window.location.assign( this.$window.location.assign(

7
server/controllers/wazuh-elastic.js
View File

@ -20,7 +20,7 @@ import {
} from '../integration-files/visualizations'; } from '../integration-files/visualizations';
import { Base } from '../reporting/base-query'; import { Base } from '../reporting/base-query';
import { checkKnownFields } from '../lib/refresh-known-fields';
export class WazuhElasticCtrl { export class WazuhElasticCtrl {
/** /**
* Constructor * Constructor
@ -589,7 +589,10 @@ export class WazuhElasticCtrl {
try { try {
if (!req.params.pattern) throw new Error('Missing parameters'); if (!req.params.pattern) throw new Error('Missing parameters');
const output = await this.wzWrapper.updateIndexPatternKnownFields( const output =
((req || {}).params || {}).pattern === 'all'
? await checkKnownFields(this.wzWrapper, false, false, false, true)
: await this.wzWrapper.updateIndexPatternKnownFields(
req.params.pattern req.params.pattern
); );

175
server/initialize.js
View File

@ -18,6 +18,7 @@ import { kibanaTemplate } from './integration-files/kibana-template';
import { getConfiguration } from './lib/get-configuration'; import { getConfiguration } from './lib/get-configuration';
import { defaultExt } from './lib/default-ext'; import { defaultExt } from './lib/default-ext';
import { BuildBody } from './lib/replicas-shards-helper'; import { BuildBody } from './lib/replicas-shards-helper';
import { checkKnownFields } from './lib/refresh-known-fields';
export function Initialize(server) { export function Initialize(server) {
const blueWazuh = colors.blue('wazuh'); const blueWazuh = colors.blue('wazuh');
@ -61,178 +62,6 @@ export function Initialize(server) {
const defaultIndexPattern = pattern || 'wazuh-alerts-3.x-*'; const defaultIndexPattern = pattern || 'wazuh-alerts-3.x-*';
/**
* Refresh known fields for all valid index patterns.
* Optionally forces the wazuh-alerts-3.x-* creation.
*/
const checkKnownFields = async () => {
try {
const usingCredentials = await wzWrapper.usingCredentials();
const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
log('[initialize][checkKnownFields]', msg, 'info');
server.log([blueWazuh, 'initialize', 'info'], msg);
const indexPatternList = await wzWrapper.getAllIndexPatterns();
log(
'[initialize][checkKnownFields]',
`Found ${indexPatternList.hits.total} index patterns`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${indexPatternList.hits.total} index patterns`
);
const list = [];
if (((indexPatternList || {}).hits || {}).hits) {
const minimum = ['@timestamp', 'full_log', 'manager.name', 'agent.id'];
if (indexPatternList.hits.hits.length > 0) {
for (const index of indexPatternList.hits.hits) {
let valid, parsed;
try {
parsed = JSON.parse(index._source['index-pattern'].fields);
} catch (error) {
continue;
}
valid = parsed.filter(item => minimum.includes(item.name));
if (valid.length === 4) {
list.push({
id: index._id.split('index-pattern:')[1],
title: index._source['index-pattern'].title
});
}
}
}
}
log(
'[initialize][checkKnownFields]',
`Found ${list.length} valid index patterns for Wazuh alerts`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${list.length} valid index patterns for Wazuh alerts`
);
const defaultExists = list.filter(
item => item.title === defaultIndexPattern
);
if (defaultExists.length === 0) {
log(
'[initialize][checkKnownFields]',
`Default index pattern not found, creating it...`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern not found, creating it...`
);
await createIndexPattern();
log(
'[initialize][checkKnownFields]',
'Waiting for default index pattern creation to complete...',
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
'Waiting for default index pattern creation to complete...'
);
let waitTill = new Date(new Date().getTime() + 0.5 * 1000);
let tmplist = null;
while (waitTill > new Date()) {
tmplist = await wzWrapper.searchIndexPatternById(defaultIndexPattern);
if (tmplist.hits.total >= 1) break;
else waitTill = new Date(new Date().getTime() + 0.5 * 1000);
}
server.log(
[blueWazuh, 'initialize', 'info'],
'Index pattern created...'
);
list.push({
id: tmplist.hits.hits[0]._id.split('index-pattern:')[1],
title: tmplist.hits.hits[0]._source['index-pattern'].title
});
} else {
log(
'[initialize][checkKnownFields]',
`Default index pattern found`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern found`
);
}
for (const item of list) {
if (
item.title.includes('wazuh-monitoring-*') ||
item.id.includes('wazuh-monitoring-*')
)
continue;
log(
'[initialize][checkKnownFields]',
`Refreshing known fields for "index-pattern:${item.title}"`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Refreshing known fields for "index-pattern:${item.title}"`
);
await wzWrapper.updateIndexPatternKnownFields(
'index-pattern:' + item.id
);
}
log('[initialize][checkKnownFields]', 'App ready to be used.', 'info');
server.log([blueWazuh, 'initialize', 'info'], 'App ready to be used.');
return;
} catch (error) {
log('[initialize][checkKnownFields]', error.message || error);
server.log(
[blueWazuh, 'server', 'error'],
'Error importing objects into elasticsearch.' + error.message || error
);
}
};
// Creates the default index pattern
const createIndexPattern = async () => {
try {
log(
'[initialize][createIndexPattern]',
`Creating index pattern: ${defaultIndexPattern}`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Creating index pattern: ${defaultIndexPattern}`
);
await wzWrapper.createIndexPattern(defaultIndexPattern);
log(
'[initialize][createIndexPattern]',
`Created index pattern: ${defaultIndexPattern}`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
'Created index pattern: ' + defaultIndexPattern
);
} catch (error) {
log('[initialize][createIndexPattern]', error.message || error);
server.log(
[blueWazuh, 'initialize', 'error'],
'Error creating index-pattern.'
);
}
};
// Save Wazuh App setup // Save Wazuh App setup
const saveConfiguration = async () => { const saveConfiguration = async () => {
try { try {
@ -477,7 +306,7 @@ export function Initialize(server) {
await Promise.all([ await Promise.all([
checkWazuhIndex(), checkWazuhIndex(),
checkWazuhVersionIndex(), checkWazuhVersionIndex(),
checkKnownFields() checkKnownFields(wzWrapper, log, server, defaultIndexPattern)
]); ]);
} catch (error) { } catch (error) {
log('[initialize][init]', error.message || error); log('[initialize][init]', error.message || error);

179
server/lib/refresh-known-fields.js Normal file
View File

@ -0,0 +1,179 @@
/*
* Wazuh app - Refresh known fields for all valid index patterns
* Copyright (C) 2018 Wazuh, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Find more information about this on the LICENSE file.
*/
import colors from 'ansicolors';
const blueWazuh = colors.blue('wazuh');
/**
* Refresh known fields for all valid index patterns.
* Optionally forces the default index pattern creation.
*/
export async function checkKnownFields(
wzWrapper,
log,
server,
defaultIndexPattern,
quiet = false
) {
try {
const usingCredentials = await wzWrapper.usingCredentials();
const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
!quiet && log('[initialize][checkKnownFields]', msg, 'info');
!quiet && server.log([blueWazuh, 'initialize', 'info'], msg);
const indexPatternList = await wzWrapper.getAllIndexPatterns();
!quiet &&
log(
'[initialize][checkKnownFields]',
`Found ${indexPatternList.hits.total} index patterns`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${indexPatternList.hits.total} index patterns`
);
const list = [];
if (((indexPatternList || {}).hits || {}).hits) {
const minimum = ['@timestamp', 'full_log', 'manager.name', 'agent.id'];
if (indexPatternList.hits.hits.length > 0) {
for (const index of indexPatternList.hits.hits) {
let valid, parsed;
try {
parsed = JSON.parse(index._source['index-pattern'].fields);
} catch (error) {
continue;
}
valid = parsed.filter(item => minimum.includes(item.name));
if (valid.length === 4) {
list.push({
id: index._id.split('index-pattern:')[1],
title: index._source['index-pattern'].title
});
}
}
}
}
!quiet &&
log(
'[initialize][checkKnownFields]',
`Found ${list.length} valid index patterns for Wazuh alerts`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${list.length} valid index patterns for Wazuh alerts`
);
const defaultExists = list.filter(
item => item.title === defaultIndexPattern
);
if (defaultIndexPattern && defaultExists.length === 0) {
!quiet &&
log(
'[initialize][checkKnownFields]',
`Default index pattern not found, creating it...`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern not found, creating it...`
);
try {
await wzWrapper.createIndexPattern(defaultIndexPattern);
} catch (error) {
throw new Error('Error creating default index pattern');
}
!quiet &&
log(
'[initialize][checkKnownFields]',
'Waiting for default index pattern creation to complete...',
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
'Waiting for default index pattern creation to complete...'
);
let waitTill = new Date(new Date().getTime() + 0.5 * 1000);
let tmplist = null;
while (waitTill > new Date()) {
tmplist = await wzWrapper.searchIndexPatternById(defaultIndexPattern);
if (tmplist.hits.total >= 1) break;
else waitTill = new Date(new Date().getTime() + 0.5 * 1000);
}
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
'Index pattern created...'
);
list.push({
id: tmplist.hits.hits[0]._id.split('index-pattern:')[1],
title: tmplist.hits.hits[0]._source['index-pattern'].title
});
} else {
!quiet &&
log(
'[initialize][checkKnownFields]',
`Default index pattern found`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern found`
);
}
for (const item of list) {
if (
item.title.includes('wazuh-monitoring-*') ||
item.id.includes('wazuh-monitoring-*')
) {
continue;
}
!quiet &&
log(
'[initialize][checkKnownFields]',
`Refreshing known fields for "index-pattern:${item.title}"`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Refreshing known fields for "index-pattern:${item.title}"`
);
await wzWrapper.updateIndexPatternKnownFields('index-pattern:' + item.id);
}
!quiet &&
log('[initialize][checkKnownFields]', 'App ready to be used.', 'info');
!quiet &&
server.log([blueWazuh, 'initialize', 'info'], 'App ready to be used.');
return;
} catch (error) {
!quiet && log('[initialize][checkKnownFields]', error.message || error);
!quiet &&
server.log(
[blueWazuh, 'server', 'error'],
'Error importing objects into elasticsearch.' + error.message || error
);
}
}

3
server/monitoring.js
View File

@ -212,14 +212,17 @@ export class Monitoring {
if (!response.error && ((response.body || {}).data || {}).totalItems) { if (!response.error && ((response.body || {}).data || {}).totalItems) {
await this.checkStatus(api, response.body.data.totalItems); await this.checkStatus(api, response.body.data.totalItems);
} else { } else {
const msg = ((response || {}).body || {}).message || false;
!this.quiet && !this.quiet &&
log( log(
'[monitoring][checkAndSaveStatus]', '[monitoring][checkAndSaveStatus]',
msg ||
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.' 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.'
); );
!this.quiet && !this.quiet &&
this.server.log( this.server.log(
[blueWazuh, 'monitoring', 'error'], [blueWazuh, 'monitoring', 'error'],
msg ||
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.' 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.'
); );
} }