valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1119 from wazuh/issue-1101

Browse Source 
Refresh known fields on health check
This commit is contained in:
Jesús Ángel 2019-01-03 12:12:10 +01:00 committed by GitHub
commit b6d096fff7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 207 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
public/controllers/misc/health-check.js
View File

@ -231,6 +231,11 @@ export class HealthCheck {
id: 3, id: 3,
description: 'Check Elasticsearch template', description: 'Check Elasticsearch template',
status: this.checks.template ? 'Checking...' : 'disabled' status: this.checks.template ? 'Checking...' : 'disabled'
},
{
id: 4,
description: 'Check index pattern known fields',
status: 'Checking...'
} }
); );
@ -241,6 +246,15 @@ export class HealthCheck {
await Promise.all([this.checkPatterns(), this.checkApiConnection()]); await Promise.all([this.checkPatterns(), this.checkApiConnection()]);
this.checksDone = true; this.checksDone = true;
try {
await this.genericReq.request('GET', '/elastic/known-fields/all', {});
this.results[this.results.length - 1].status = 'Ready';
} catch (error) {
this.results[this.results.length - 1].status = 'Error';
this.handleError(error);
}
if (!this.errors || !this.errors.length) { if (!this.errors || !this.errors.length) {
await this.$timeout(800); await this.$timeout(800);
this.$window.location.assign( this.$window.location.assign(

11
server/controllers/wazuh-elastic.js
View File

@ -20,7 +20,7 @@ import {
} from '../integration-files/visualizations'; } from '../integration-files/visualizations';
import { Base } from '../reporting/base-query'; import { Base } from '../reporting/base-query';
import { checkKnownFields } from '../lib/refresh-known-fields';
export class WazuhElasticCtrl { export class WazuhElasticCtrl {
/** /**
* Constructor * Constructor
@ -589,9 +589,12 @@ export class WazuhElasticCtrl {
try { try {
if (!req.params.pattern) throw new Error('Missing parameters'); if (!req.params.pattern) throw new Error('Missing parameters');
const output = await this.wzWrapper.updateIndexPatternKnownFields( const output =
req.params.pattern ((req || {}).params || {}).pattern === 'all'
); ? await checkKnownFields(this.wzWrapper, false, false, false, true)
: await this.wzWrapper.updateIndexPatternKnownFields(
req.params.pattern
);
return reply({ acknowledge: true, output: output }); return reply({ acknowledge: true, output: output });
} catch (error) { } catch (error) {

175
server/initialize.js
View File

@ -18,6 +18,7 @@ import { kibanaTemplate } from './integration-files/kibana-template';
import { getConfiguration } from './lib/get-configuration'; import { getConfiguration } from './lib/get-configuration';
import { defaultExt } from './lib/default-ext'; import { defaultExt } from './lib/default-ext';
import { BuildBody } from './lib/replicas-shards-helper'; import { BuildBody } from './lib/replicas-shards-helper';
import { checkKnownFields } from './lib/refresh-known-fields';
export function Initialize(server) { export function Initialize(server) {
const blueWazuh = colors.blue('wazuh'); const blueWazuh = colors.blue('wazuh');
@ -61,178 +62,6 @@ export function Initialize(server) {
const defaultIndexPattern = pattern || 'wazuh-alerts-3.x-*'; const defaultIndexPattern = pattern || 'wazuh-alerts-3.x-*';
/**
* Refresh known fields for all valid index patterns.
* Optionally forces the wazuh-alerts-3.x-* creation.
*/
const checkKnownFields = async () => {
try {
const usingCredentials = await wzWrapper.usingCredentials();
const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
log('[initialize][checkKnownFields]', msg, 'info');
server.log([blueWazuh, 'initialize', 'info'], msg);
const indexPatternList = await wzWrapper.getAllIndexPatterns();
log(
'[initialize][checkKnownFields]',
`Found ${indexPatternList.hits.total} index patterns`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${indexPatternList.hits.total} index patterns`
);
const list = [];
if (((indexPatternList || {}).hits || {}).hits) {
const minimum = ['@timestamp', 'full_log', 'manager.name', 'agent.id'];
if (indexPatternList.hits.hits.length > 0) {
for (const index of indexPatternList.hits.hits) {
let valid, parsed;
try {
parsed = JSON.parse(index._source['index-pattern'].fields);
} catch (error) {
continue;
}
valid = parsed.filter(item => minimum.includes(item.name));
if (valid.length === 4) {
list.push({
id: index._id.split('index-pattern:')[1],
title: index._source['index-pattern'].title
});
}
}
}
}
log(
'[initialize][checkKnownFields]',
`Found ${list.length} valid index patterns for Wazuh alerts`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${list.length} valid index patterns for Wazuh alerts`
);
const defaultExists = list.filter(
item => item.title === defaultIndexPattern
);
if (defaultExists.length === 0) {
log(
'[initialize][checkKnownFields]',
`Default index pattern not found, creating it...`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern not found, creating it...`
);
await createIndexPattern();
log(
'[initialize][checkKnownFields]',
'Waiting for default index pattern creation to complete...',
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
'Waiting for default index pattern creation to complete...'
);
let waitTill = new Date(new Date().getTime() + 0.5 * 1000);
let tmplist = null;
while (waitTill > new Date()) {
tmplist = await wzWrapper.searchIndexPatternById(defaultIndexPattern);
if (tmplist.hits.total >= 1) break;
else waitTill = new Date(new Date().getTime() + 0.5 * 1000);
}
server.log(
[blueWazuh, 'initialize', 'info'],
'Index pattern created...'
);
list.push({
id: tmplist.hits.hits[0]._id.split('index-pattern:')[1],
title: tmplist.hits.hits[0]._source['index-pattern'].title
});
} else {
log(
'[initialize][checkKnownFields]',
`Default index pattern found`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern found`
);
}
for (const item of list) {
if (
item.title.includes('wazuh-monitoring-*') ||
item.id.includes('wazuh-monitoring-*')
)
continue;
log(
'[initialize][checkKnownFields]',
`Refreshing known fields for "index-pattern:${item.title}"`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Refreshing known fields for "index-pattern:${item.title}"`
);
await wzWrapper.updateIndexPatternKnownFields(
'index-pattern:' + item.id
);
}
log('[initialize][checkKnownFields]', 'App ready to be used.', 'info');
server.log([blueWazuh, 'initialize', 'info'], 'App ready to be used.');
return;
} catch (error) {
log('[initialize][checkKnownFields]', error.message || error);
server.log(
[blueWazuh, 'server', 'error'],
'Error importing objects into elasticsearch.' + error.message || error
);
}
};
// Creates the default index pattern
const createIndexPattern = async () => {
try {
log(
'[initialize][createIndexPattern]',
`Creating index pattern: ${defaultIndexPattern}`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
`Creating index pattern: ${defaultIndexPattern}`
);
await wzWrapper.createIndexPattern(defaultIndexPattern);
log(
'[initialize][createIndexPattern]',
`Created index pattern: ${defaultIndexPattern}`,
'info'
);
server.log(
[blueWazuh, 'initialize', 'info'],
'Created index pattern: ' + defaultIndexPattern
);
} catch (error) {
log('[initialize][createIndexPattern]', error.message || error);
server.log(
[blueWazuh, 'initialize', 'error'],
'Error creating index-pattern.'
);
}
};
// Save Wazuh App setup // Save Wazuh App setup
const saveConfiguration = async () => { const saveConfiguration = async () => {
try { try {
@ -477,7 +306,7 @@ export function Initialize(server) {
await Promise.all([ await Promise.all([
checkWazuhIndex(), checkWazuhIndex(),
checkWazuhVersionIndex(), checkWazuhVersionIndex(),
checkKnownFields() checkKnownFields(wzWrapper, log, server, defaultIndexPattern)
]); ]);
} catch (error) { } catch (error) {
log('[initialize][init]', error.message || error); log('[initialize][init]', error.message || error);

179
server/lib/refresh-known-fields.js Normal file
View File

@ -0,0 +1,179 @@
/*
* Wazuh app - Refresh known fields for all valid index patterns
* Copyright (C) 2018 Wazuh, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Find more information about this on the LICENSE file.
*/
import colors from 'ansicolors';
const blueWazuh = colors.blue('wazuh');
/**
* Refresh known fields for all valid index patterns.
* Optionally forces the default index pattern creation.
*/
export async function checkKnownFields(
wzWrapper,
log,
server,
defaultIndexPattern,
quiet = false
) {
try {
const usingCredentials = await wzWrapper.usingCredentials();
const msg = `Security enabled: ${usingCredentials ? 'yes' : 'no'}`;
!quiet && log('[initialize][checkKnownFields]', msg, 'info');
!quiet && server.log([blueWazuh, 'initialize', 'info'], msg);
const indexPatternList = await wzWrapper.getAllIndexPatterns();
!quiet &&
log(
'[initialize][checkKnownFields]',
`Found ${indexPatternList.hits.total} index patterns`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${indexPatternList.hits.total} index patterns`
);
const list = [];
if (((indexPatternList || {}).hits || {}).hits) {
const minimum = ['@timestamp', 'full_log', 'manager.name', 'agent.id'];
if (indexPatternList.hits.hits.length > 0) {
for (const index of indexPatternList.hits.hits) {
let valid, parsed;
try {
parsed = JSON.parse(index._source['index-pattern'].fields);
} catch (error) {
continue;
}
valid = parsed.filter(item => minimum.includes(item.name));
if (valid.length === 4) {
list.push({
id: index._id.split('index-pattern:')[1],
title: index._source['index-pattern'].title
});
}
}
}
}
!quiet &&
log(
'[initialize][checkKnownFields]',
`Found ${list.length} valid index patterns for Wazuh alerts`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Found ${list.length} valid index patterns for Wazuh alerts`
);
const defaultExists = list.filter(
item => item.title === defaultIndexPattern
);
if (defaultIndexPattern && defaultExists.length === 0) {
!quiet &&
log(
'[initialize][checkKnownFields]',
`Default index pattern not found, creating it...`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern not found, creating it...`
);
try {
await wzWrapper.createIndexPattern(defaultIndexPattern);
} catch (error) {
throw new Error('Error creating default index pattern');
}
!quiet &&
log(
'[initialize][checkKnownFields]',
'Waiting for default index pattern creation to complete...',
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
'Waiting for default index pattern creation to complete...'
);
let waitTill = new Date(new Date().getTime() + 0.5 * 1000);
let tmplist = null;
while (waitTill > new Date()) {
tmplist = await wzWrapper.searchIndexPatternById(defaultIndexPattern);
if (tmplist.hits.total >= 1) break;
else waitTill = new Date(new Date().getTime() + 0.5 * 1000);
}
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
'Index pattern created...'
);
list.push({
id: tmplist.hits.hits[0]._id.split('index-pattern:')[1],
title: tmplist.hits.hits[0]._source['index-pattern'].title
});
} else {
!quiet &&
log(
'[initialize][checkKnownFields]',
`Default index pattern found`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Default index pattern found`
);
}
for (const item of list) {
if (
item.title.includes('wazuh-monitoring-*') ||
item.id.includes('wazuh-monitoring-*')
) {
continue;
}
!quiet &&
log(
'[initialize][checkKnownFields]',
`Refreshing known fields for "index-pattern:${item.title}"`,
'info'
);
!quiet &&
server.log(
[blueWazuh, 'initialize', 'info'],
`Refreshing known fields for "index-pattern:${item.title}"`
);
await wzWrapper.updateIndexPatternKnownFields('index-pattern:' + item.id);
}
!quiet &&
log('[initialize][checkKnownFields]', 'App ready to be used.', 'info');
!quiet &&
server.log([blueWazuh, 'initialize', 'info'], 'App ready to be used.');
return;
} catch (error) {
!quiet && log('[initialize][checkKnownFields]', error.message || error);
!quiet &&
server.log(
[blueWazuh, 'server', 'error'],
'Error importing objects into elasticsearch.' + error.message || error
);
}
}

7
server/monitoring.js
View File

@ -212,15 +212,18 @@ export class Monitoring {
if (!response.error && ((response.body || {}).data || {}).totalItems) { if (!response.error && ((response.body || {}).data || {}).totalItems) {
await this.checkStatus(api, response.body.data.totalItems); await this.checkStatus(api, response.body.data.totalItems);
} else { } else {
const msg = ((response || {}).body || {}).message || false;
!this.quiet && !this.quiet &&
log( log(
'[monitoring][checkAndSaveStatus]', '[monitoring][checkAndSaveStatus]',
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.' msg ||
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.'
); );
!this.quiet && !this.quiet &&
this.server.log( this.server.log(
[blueWazuh, 'monitoring', 'error'], [blueWazuh, 'monitoring', 'error'],
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.' msg ||
'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.'
); );
} }
return; return;