2021-10-04 15:14:52 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"path/filepath"
|
|
|
|
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/cstest"
|
2022-03-29 12:20:26 +00:00
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/types"
|
2021-10-04 15:14:52 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
)
|
|
|
|
|
|
|
|
func NewExplainCmd() *cobra.Command {
|
|
|
|
/* ---- HUB COMMAND */
|
|
|
|
var logFile string
|
|
|
|
var dsn string
|
|
|
|
var logLine string
|
|
|
|
var logType string
|
2021-11-08 17:01:43 +00:00
|
|
|
var opts cstest.DumpOpts
|
2021-10-04 15:14:52 +00:00
|
|
|
|
|
|
|
var cmdExplain = &cobra.Command{
|
|
|
|
Use: "explain",
|
|
|
|
Short: "Explain log pipeline",
|
|
|
|
Long: `
|
|
|
|
Explain log pipeline
|
|
|
|
`,
|
|
|
|
Example: `
|
|
|
|
cscli explain --file ./myfile.log --type nginx
|
|
|
|
cscli explain --log "Sep 19 18:33:22 scw-d95986 sshd[24347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.4" --type syslog
|
2021-12-02 14:55:50 +00:00
|
|
|
cscli explain --dsn "file://myfile.log" --type nginx
|
2021-10-04 15:14:52 +00:00
|
|
|
`,
|
|
|
|
Args: cobra.ExactArgs(0),
|
|
|
|
DisableAutoGenTag: true,
|
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
|
|
|
|
|
|
if logType == "" || (logLine == "" && logFile == "" && dsn == "") {
|
2022-03-10 12:55:25 +00:00
|
|
|
printHelp(cmd)
|
2021-10-04 15:14:52 +00:00
|
|
|
fmt.Println()
|
|
|
|
fmt.Printf("Please provide --type flag\n")
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
2022-06-16 12:41:54 +00:00
|
|
|
|
2022-04-29 12:24:41 +00:00
|
|
|
var f *os.File
|
2022-06-22 08:27:43 +00:00
|
|
|
dir := os.TempDir()
|
2021-10-04 15:14:52 +00:00
|
|
|
|
|
|
|
// we create a temporary log file if a log line has been provided
|
|
|
|
if logLine != "" {
|
2022-06-22 08:27:43 +00:00
|
|
|
logFile = filepath.Join(dir, "cscli_test_tmp.log")
|
2022-06-16 12:41:54 +00:00
|
|
|
f, err := os.Create(logFile) // nolint: govet
|
2021-10-04 15:14:52 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
_, err = f.WriteString(logLine)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if logFile != "" {
|
|
|
|
absolutePath, err := filepath.Abs(logFile)
|
|
|
|
if err != nil {
|
2022-04-19 09:25:27 +00:00
|
|
|
log.Fatalf("unable to get absolute path of '%s', exiting", logFile)
|
2021-10-04 15:14:52 +00:00
|
|
|
}
|
|
|
|
dsn = fmt.Sprintf("file://%s", absolutePath)
|
2022-03-29 12:20:26 +00:00
|
|
|
lineCount := types.GetLineCountForFile(absolutePath)
|
2022-02-28 13:57:59 +00:00
|
|
|
if lineCount > 100 {
|
|
|
|
log.Warnf("log file contains %d lines. This may take lot of resources.", lineCount)
|
|
|
|
}
|
2021-10-04 15:14:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if dsn == "" {
|
|
|
|
log.Fatal("no acquisition (--file or --dsn) provided, can't run cscli test.")
|
|
|
|
}
|
|
|
|
|
|
|
|
cmdArgs := []string{"-c", ConfigFilePath, "-type", logType, "-dsn", dsn, "-dump-data", "./", "-no-api"}
|
|
|
|
crowdsecCmd := exec.Command("crowdsec", cmdArgs...)
|
2022-06-22 08:27:43 +00:00
|
|
|
crowdsecCmd.Dir = dir
|
2021-10-04 15:14:52 +00:00
|
|
|
output, err := crowdsecCmd.CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println(string(output))
|
|
|
|
log.Fatalf("fail to run crowdsec for test: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// rm the temporary log file if only a log line was provided
|
|
|
|
if logLine != "" {
|
2022-04-29 12:24:41 +00:00
|
|
|
f.Close()
|
2021-10-04 15:14:52 +00:00
|
|
|
if err := os.Remove(logFile); err != nil {
|
|
|
|
log.Fatalf("unable to remove tmp log file '%s': %+v", logFile, err)
|
|
|
|
}
|
|
|
|
}
|
2022-06-22 08:27:43 +00:00
|
|
|
parserDumpFile := filepath.Join(dir, cstest.ParserResultFileName)
|
|
|
|
bucketStateDumpFile := filepath.Join(dir, cstest.BucketPourResultFileName)
|
2021-10-04 15:14:52 +00:00
|
|
|
|
|
|
|
parserDump, err := cstest.LoadParserDump(parserDumpFile)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("unable to load parser dump result: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
bucketStateDump, err := cstest.LoadBucketPourDump(bucketStateDumpFile)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("unable to load bucket dump result: %s", err)
|
|
|
|
}
|
|
|
|
|
2021-11-08 17:01:43 +00:00
|
|
|
cstest.DumpTree(*parserDump, *bucketStateDump, opts)
|
2021-10-04 15:14:52 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
cmdExplain.PersistentFlags().StringVarP(&logFile, "file", "f", "", "Log file to test")
|
|
|
|
cmdExplain.PersistentFlags().StringVarP(&dsn, "dsn", "d", "", "DSN to test")
|
2022-02-24 12:32:18 +00:00
|
|
|
cmdExplain.PersistentFlags().StringVarP(&logLine, "log", "l", "", "Log line to test")
|
2021-10-04 15:14:52 +00:00
|
|
|
cmdExplain.PersistentFlags().StringVarP(&logType, "type", "t", "", "Type of the acquisition to test")
|
2021-11-08 17:01:43 +00:00
|
|
|
cmdExplain.PersistentFlags().BoolVarP(&opts.Details, "verbose", "v", false, "Display individual changes")
|
|
|
|
cmdExplain.PersistentFlags().BoolVar(&opts.SkipOk, "failures", false, "Only show failed lines")
|
2021-10-04 15:14:52 +00:00
|
|
|
|
|
|
|
return cmdExplain
|
|
|
|
}
|