mmetc
3fa555fb25
Rename k8s_audit to k8s-audit (easier to type, consistent with labels) ( #2153 )
2023-04-03 09:53:38 +02:00
blotus
61bea26486
Add transform
configuration option for acquisition ( #2144 )
2023-03-29 16:04:17 +02:00
blotus
1095f6c875
use expr.Function for custom functions instead of passing them in the env ( #2133 )
2023-03-28 10:49:01 +02:00
mmetc
d769fff1e8
File acquisition: log "file reopen" events instead of writing to stderr ( #2139 )
2023-03-24 11:24:36 +01:00
blotus
dc38e5ac00
S3 acquisition datasource ( #2130 )
2023-03-21 13:54:52 +01:00
Thibault "bui" Koechlin
618be9ff68
properly update the time structure within event ( #2122 )
...
* properly update the time structure within event to ensure it works in time-machine
* move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
2023-03-16 16:25:50 +01:00
Manuel Sabban
b451d190b7
try to make reproducible build work ( #2119 )
...
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2023-03-13 17:26:33 +01:00
mmetc
e161507d08
Lint (type inference): remove redundant type declarations ( #2111 )
2023-03-09 11:56:02 +01:00
mmetc
ba4396e52c
fix flaky parser unit test ( #1985 )
2023-01-12 17:03:25 +01:00
mmetc
2d81e751a1
fix parser test 2k23 ( #1971 )
2023-01-04 15:46:16 +01:00
mmetc
ff88faf402
updated localstack dependencies, added build cache
2022-12-21 12:20:01 +01:00
blotus
fdda940ac0
Add Kubernetes audit acquisition ( #1767 )
2022-12-06 13:47:29 +01:00
mmetc
4a6a9c4355
acquisition: validate datasources before configuration (static checks) ( #1841 )
...
* acquisition: validate datasources before configuration (allow static configuration checks)
* remove comment
* import reviser, format
* error wrap
2022-11-30 17:36:56 +01:00
mmetc
104f5d1fe6
lint: error handling cleanup ( #1877 )
2022-11-29 09:16:07 +01:00
mmetc
895691dad1
enabled linters: gocritic, nilerr ( #1853 )
2022-11-07 10:36:50 +01:00
mmetc
02d2eab18c
update golangci-lint to 1.50 and fixes ( #1828 )
2022-10-26 15:11:37 +02:00
mmetc
2088bb1f91
fix for #1839 ( #1840 )
2022-10-26 11:02:12 +02:00
mmetc
2b7e3ff1e7
warn if no acquisition files are found, acquisition_test refactoring, tests ( #1816 )
2022-10-17 17:32:08 +02:00
mmetc
ec0d2a5ed2
refactor broker_test.go, extract cstest/filenotfound*.go ( #1815 )
2022-10-17 14:17:23 +02:00
mmetc
1d9f861f28
unit tests: always capture testcase variable -> allow parallel testing ( #1797 )
2022-10-10 10:48:26 +02:00
Manuel Sabban
83841d801c
fork dlog to ease debian packaging on official repos ( #1790 )
...
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2022-10-06 13:40:31 +02:00
Shivam Sandbhor
65c0b9ebcf
Simplify one shot tests ( #1786 )
2022-10-06 11:57:26 +02:00
Shivam Sandbhor
b203b3f444
Fix flakey test in file_tests ( #1783 )
...
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2022-10-05 16:40:09 +02:00
mmetc
6120571421
fix & cleanup cloudwatch_test.go ( #1780 )
2022-10-04 09:48:59 +02:00
mmetc
edced6818a
cleanup + fix flaky tests in file_test.go, apic_test.go ( #1773 )
2022-09-30 16:01:42 +02:00
blotus
bfbe180101
Tighten windows sqlite database permissions ( #1769 )
2022-09-28 16:18:00 +02:00
Laurence Jones
21e5b0d6d0
Improvement: Docker one shot error message ( #1666 )
...
* In one shot, user would only specify one container?
2022-09-27 16:20:30 +02:00
Thibault "bui" Koechlin
9d199fd4a9
fix #1733 : add support for exclusion regexps ( #1735 )
...
* allow to specify a list of regular expressions to skip some specific files
2022-09-06 14:58:37 +02:00
mmetc
414282a2c9
golangci-lint 1.49 and related fixes ( #1736 )
2022-09-06 13:55:03 +02:00
he2ss
ea40ffd655
Datasource/kafka ( #1698 )
...
* add Kafka datasource
2022-08-30 17:03:45 +02:00
blotus
1f5224b74b
switch to go 1.19 ( #1709 )
2022-08-26 13:31:49 +02:00
blotus
7b8cd63b04
do not set the UDP read buffer size in syslog datasource ( #1657 )
2022-07-13 10:18:03 +02:00
mmetc
628d7be1d8
simplify err.Error() to err when used in printf context ( #1603 )
2022-06-22 15:53:53 +02:00
mmetc
10585bfecc
enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet ( #1595 )
2022-06-16 14:41:54 +02:00
blotus
bdda8691ff
New syslog parser for syslog datasource ( #1554 )
2022-06-08 15:16:58 +02:00
mmetc
799cc82bb5
functional tests, minor refactoring and lint/cleanup ( #1570 )
...
* cmd/crowdsec: removed log.Fatal()s, added tests and print error for unrecognized argument
* updated golangci-lint to v1.46
* lint/deadcode: fix existing issues
* tests: cscli config backup/restore
* tests: cscli completion powershell/fish
* err check: pflags MarkHidden()
* empty .dockerignore (and explain the reason)
* tests, errors.Wrap
* test for CS_LAPI_SECRET and minor refactoring
* minor style changes
* log cleanup
2022-06-06 15:24:48 +02:00
mmetc
1fc9587919
fix #1283 : update and enable error reports from golangci ( #1523 )
2022-05-25 22:27:50 +02:00
blotus
0449ec1868
Windows Support ( #1159 )
2022-05-17 12:14:59 +02:00
blotus
392708a804
Fix docker flaky test ( #1494 )
2022-04-29 12:16:49 +02:00
Greg Myers
0f4ab71f01
Fix typos in docs, comments, code ( #1483 )
2022-04-27 11:04:12 +02:00
blotus
1bd8cc79c8
Kill the whole docker acquis in tests ( #1475 )
2022-04-22 16:56:22 +02:00
blotus
8909fbdb22
cleanup container state if the reader tomb dies by itself ( #1470 )
2022-04-22 10:52:44 +02:00
Thibault "bui" Koechlin
242706a475
fix journalctl deadlock on shutdown ( #1468 )
...
* avoid being locked sending termination error while the reading routine - on the chan - died
2022-04-21 14:02:25 +02:00
blotus
9cf2d5ab5c
handle containers with TTY in docker acquis ( #1422 )
2022-04-05 10:31:36 +02:00
mmetc
4e6b9597f8
fix for https://staticcheck.io/docs/checks#SA2002 ( #1334 )
2022-03-10 13:53:33 +01:00
Shivam Sandbhor
c3dbe0080c
Exit syslog acquis only after server is dead ( #1288 )
2022-03-01 11:32:28 +01:00
mmetc
9bc7e6ffcf
Refactor unit tests to reduce line count ( #1264 )
2022-02-15 12:50:33 +01:00
mmetc
ad28a979e9
local control flow cleanup ( #1215 )
...
removed redundant/unreachable returns, else branches, type declarations, unused variables
2022-02-01 22:08:06 +01:00
Thibault "bui" Koechlin
cc1ab8c50d
switch to utc time everywhere ( #1167 )
...
* switch to utc time everywhere
Co-authored-by: alteredCoder <kevin@crowdsec.net>
2022-01-19 14:56:05 +01:00
Thibault "bui" Koechlin
c81fc87d4e
fix #1168 ( #1179 )
...
* fix #1168
2022-01-19 11:34:40 +01:00
Thibault "bui" Koechlin
a17f150e5d
fix #1170 : display full message in debug mode when syslog cannot parse ( #1176 )
...
* fix #1170 : display full message in debug mode when syslog cannot parse
2022-01-18 09:54:01 +01:00
blotus
4a11060930
Kinesis datasource ( #1147 )
2022-01-11 14:19:43 +01:00
blotus
f86ec1c389
Docker api version negotiation ( #1135 )
2021-12-30 12:21:49 +01:00
AlteredCoder
4917aa23c9
Docker datasource ( #1064 )
...
* add docker datasource
2021-12-02 15:55:50 +01:00
he2ss
0652e9ed08
feature cscli|crowdsec add additional labels on crowdsec dsn run ( #1053 )
...
* feature cscli|crowdsec add additional labels on crowdsec dsn run
2021-11-17 10:08:46 +01:00
Shivam Sandbhor
cbada3d435
Allow using cloudwatch using iam role instead of hardcoded tokens ( #1035 )
2021-11-02 10:25:35 +01:00
Thibault "bui" Koechlin
2b2a11fec7
Extra syslog debug ( #1030 )
...
* extra logging
2021-11-01 20:55:03 +01:00
Shivam Sandbhor
a7b1c02bd5
Fix bugs in cloudwatch acq ( #991 )
...
* Fix bugs in cloudwatch acq
- Fix concurrent writes to map streamIndexes
- Fix multiple cases of modifying while iterating on slice.
- Fix order of fetching cloudwatch events.
- Remove `startup` hack.
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
* Fix cloudwatch tests
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
2021-10-22 10:35:05 +02:00
Thibault "bui" Koechlin
af4bb350c0
hubtests revamp + cscli explain ( #988 )
...
* New hubtest CI for scenarios/parsers from the hub
* New `cscli explain` command to visualize parsers/scenarios pipeline
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Cristian Nitescu <cristian@crowdsec.net>
2021-10-04 17:14:52 +02:00
blotus
f0db3742de
fix usage of regex.Match in cloudwatch module ( #986 )
2021-09-23 13:52:05 +02:00
Thibault "bui" Koechlin
0ad6165ed2
fix release drafter + readme + remove dead readme for acquis ( #933 )
2021-09-03 09:07:24 +02:00
blotus
b5d0d56a11
add support for --since in journalctl DSN ( #917 )
2021-08-31 12:40:22 +02:00
blotus
cedfca07c2
don't wait for acquis tomb if we have no sources ( #868 )
2021-07-28 08:58:44 +02:00
Thibault "bui" Koechlin
ce6a61df1c
Refactor Acquisition Interface ( #773 )
...
* Add new acquisition interface + new modules (cloudwatch, syslog)
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2021-06-11 09:53:53 +02:00
Shivam Sandbhor
f25d02a7c8
Allow bouncers to filter decisions by scope ( #817 )
...
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
2021-05-31 15:07:09 +02:00
Thibault "bui" Koechlin
22ada59393
Allow for acquisition files to be specified from a directory as well ( #619 )
...
* allow a acquisition_dir in crowdsec's config + change the behaviour of config loading so that it's working with a list instead. keep backward compat with acquisition_path
* remove the default behaviour of 'guessing' acquis path if param isn't present, and error
2021-02-17 13:55:36 +01:00
Thibault "bui" Koechlin
dbb420f79e
local api ( #482 )
...
Co-authored-by: AlteredCoder
Co-authored-by: erenJag
2020-11-30 10:37:17 +01:00
Thibault "bui" Koechlin
742435f178
Acquisition extra tests ( #188 )
...
* acquisition testing
2020-08-20 13:55:52 +02:00
erenJag
89c8d1a527
rename metrics and update metrics helps ( #152 )
...
* rename metrics and update metrics helps
* add meta info about crowdsec
Co-authored-by: erenJag <erenJag>
2020-07-29 15:03:15 +02:00
AlteredCoder
851ad300cb
Add unitest in pkg/acquisition
and pkg/cwapi
( #145 )
...
* ci for acquisition and cwapi
* update README
Co-authored-by: AlteredCoder <AlteredCoder>
2020-07-27 12:18:55 +02:00
Thibault "bui" Koechlin
5446857377
Add crowdsec reload + cscli metrics minor improvements ( #79 )
2020-06-19 13:57:44 +02:00
Thibault "bui" Koechlin
64c5fa7360
CI: add a CI to test parsers ( #67 )
2020-06-10 12:14:27 +02:00
Thibault bui Koechlin
e86b163ba5
linter fixes
2020-05-20 18:05:05 +02:00
Thibault bui Koechlin
fe68914628
more linter fixes (simplicity mostly)
2020-05-20 11:00:25 +02:00
Thibault bui Koechlin
604b97a519
LGMT fixes + avoid capitalizing fmt.Errorf strings
2020-05-19 21:31:06 +02:00
Thibault bui Koechlin
2016167654
initial import
2020-05-15 11:39:16 +02:00