apparmor.d/cmd/aa-log/main.go

// aa-log - Review AppArmor generated messages
// Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package main

import (
	"bufio"
	"bytes"
	"encoding/hex"
	"encoding/json"
	"flag"
	"fmt"
	"io"
	"io/ioutil"
	"os"
	"os/exec"
	"path/filepath"
	"regexp"
	"strings"
)

// Command line options
var (
	help    bool
	path    string
	systemd bool
)

// LogFile is the default path to the file to query
const LogFile = "/var/log/audit/audit.log"

// Colors
const (
	Reset      = "\033[0m"
	FgGreen    = "\033[32m"
	FgYellow   = "\033[33m"
	FgBlue     = "\033[34m"
	FgMagenta  = "\033[35m"
	FgCian     = "\033[36m"
	FgWhite    = "\033[37m"
	BoldRed    = "\033[1;31m"
	BoldGreen  = "\033[1;32m"
	BoldYellow = "\033[1;33m"
)

// AppArmorLog describes a apparmor log entry
type AppArmorLog map[string]string

// AppArmorLogs describes all apparmor log entries
type AppArmorLogs []AppArmorLog

// SystemdLog is a simplified systemd json log representation.
type SystemdLog struct {
	Message string `json:"MESSAGE"`
}

var (
	quoted bool
	isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")
)

func splitQuoted(r rune) bool {
	if r == '"' {
		quoted = !quoted
	}
	return !quoted && r == ' '
}

func toQuote(str string) string {
	if strings.Contains(str, " ") {
		return `"` + str + `"`
	}
	return str
}

func decodeHex(str string) string {
	if isHexa.MatchString(str) {
		bs, _ := hex.DecodeString(str)
		return string(bs)
	}
	return str
}

func removeDuplicateLog(logs []string) []string {
	list := []string{}
	keys := map[string]interface{}{"": true}
	for _, log := range logs {
		if _, v := keys[log]; !v {
			keys[log] = true
			list = append(list, log)
		}
	}
	return list
}

// getAuditLogs return a reader with the logs entries from Auditd
func getAuditLogs(path string) (io.Reader, error) {
	file, err := os.Open(filepath.Clean(path))
	if err != nil {
		return nil, err
	}
	return file, err
}

// getJournalctlLogs return a reader with the logs entries from Systemd
func getJournalctlLogs(path string, user bool, useFile bool) (io.Reader, error) {
	var logs []SystemdLog
	var stdout bytes.Buffer
	var value string

	if useFile {
		content, err := ioutil.ReadFile(filepath.Clean(path))
		if err != nil {
			return nil, err
		}
		value = string(content)
	} else {
		mode := "--system"
		if user {
			mode = "--user"
		}
		cmd := exec.Command("journalctl", mode, "--boot", "--unit=dbus.service", "--output=json")
		cmd.Stdout = &stdout
		if err := cmd.Run(); err != nil {
			return nil, err
		}
		value = stdout.String()
	}

	value = strings.Replace(value, "\n", ",\n", -1)
	value = strings.TrimSuffix(value, ",\n")
	value = `[` + value + `]`
	if err := json.Unmarshal([]byte(value), &logs); err != nil {
		return nil, err
	}
	res := ""
	for _, log := range logs {
		res += log.Message + "\n"
	}
	return strings.NewReader(res), nil
}

// NewApparmorLogs return a new ApparmorLogs list of map from a log file
func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
	log := ""
	exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")`
	if profile != "" {
		exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile)
	}
	isAppArmorLog := regexp.MustCompile(exp)

	// Select Apparmor logs
	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		line := scanner.Text()
		if isAppArmorLog.MatchString(line) {
			log += line + "\n"
		}
	}

	// Clean logs
	regex := regexp.MustCompile(`.*apparmor="`)
	log = regex.ReplaceAllLiteralString(log, `apparmor="`)
	regexAppArmorLogs := map[*regexp.Regexp]string{
		regexp.MustCompile(`(peer_|)pid=[0-9]* `): "",
		regexp.MustCompile(` fsuid.*`):            "",
		regexp.MustCompile(` exe=.*`):             "",
	}
	for regex, value := range regexAppArmorLogs {
		log = regex.ReplaceAllLiteralString(log, value)
	}

	// Remove doublon in logs
	logs := strings.Split(log, "\n")
	logs = removeDuplicateLog(logs)

	// Parse log into ApparmorLog struct
	aaLogs := make(AppArmorLogs, 0)
	for _, log := range logs {
		quoted = false
		tmp := strings.FieldsFunc(log, splitQuoted)

		aa := make(AppArmorLog)
		for _, item := range tmp {
			kv := strings.Split(item, "=")
			if len(kv) >= 2 {
				aa[kv[0]] = strings.Trim(kv[1], `"`)
			}
		}
		aa["profile"] = decodeHex(aa["profile"])
		if name, ok := aa["name"]; ok {
			aa["name"] = decodeHex(name)
		}
		aaLogs = append(aaLogs, aa)
	}

	return aaLogs
}

// String returns a formatted AppArmor logs string
func (aaLogs AppArmorLogs) String() string {
	res := ""
	state := map[string]string{
		"DENIED":  BoldRed + "DENIED " + Reset,
		"ALLOWED": BoldGreen + "ALLOWED" + Reset,
		"AUDIT":   BoldYellow + "AUDIT  " + Reset,
	}
	// Order of impression
	keys := []string{
		"profile", "label", // Profile name
		"operation", "name",
		"mask", "bus", "path", "interface", "member", // dbus
		"info", "comm",
		"laddr", "lport", "faddr", "fport", "family", "sock_type", "protocol",
		"requested_mask", "denied_mask", "signal", "peer", // "fsuid", "ouid", "FSUID", "OUID",
	}
	// Optional colors template to use
	colors := map[string]string{
		"profile":        FgBlue,
		"label":          FgBlue,
		"operation":      FgYellow,
		"name":           FgMagenta,
		"mask":           BoldRed,
		"bus":            FgCian + "bus=",
		"path":           "path=" + FgWhite,
		"requested_mask": "requested_mask=" + BoldRed,
		"denied_mask":    "denied_mask=" + BoldRed,
		"interface":      "interface=" + FgWhite,
		"member":         "member=" + FgGreen,
	}

	for _, log := range aaLogs {
		seen := map[string]bool{"apparmor": true}
		res += state[log["apparmor"]]

		for _, key := range keys {
			if log[key] != "" {
				if colors[key] != "" {
					res += " " + colors[key] + toQuote(log[key]) + Reset
				} else {
					res += " " + key + "=" + toQuote(log[key])
				}
				seen[key] = true
			}
		}

		for key, value := range log {
			if !seen[key] && value != "" {
				res += " " + key + "=" + toQuote(value)
			}
		}
		res += "\n"
	}
	return res
}

func aaLog(logger string, path string, profile string) error {
	var err error
	var file io.Reader

	switch logger {
	case "auditd":
		file, err = getAuditLogs(path)
	case "systemd":
		file, err = getJournalctlLogs(path, true, path != LogFile)
	default:
		err = fmt.Errorf("Logger %s not supported.", logger)
	}
	if err != nil {
		return err
	}
	aaLogs := NewApparmorLogs(file, profile)
	fmt.Print(aaLogs.String())
	return nil
}

func init() {
	flag.BoolVar(&help, "h", false, "Show this help message and exit.")
	flag.StringVar(&path, "f", LogFile,
		"Set a log`file` or a suffix to the default log file.")
	flag.BoolVar(&systemd, "s", false, "Parse systemd dbus logs.")
}

func main() {
	flag.Parse()
	if help {
		fmt.Printf(`aa-log [-h] [-d] [-f file] [profile]

  Review AppArmor generated messages in a colorful way.
  It can be given an optional profile name to filter the output with.

`)
		flag.PrintDefaults()
		os.Exit(0)
	}

	profile := ""
	if len(flag.Args()) >= 1 {
		profile = flag.Args()[0]
	}

	logger := "auditd"
	if systemd {
		logger = "systemd"
	}

	logfile := filepath.Clean(LogFile + "." + path)
	if _, err := os.Stat(logfile); err != nil {
		logfile = path
	}

	err := aaLog(logger, logfile, profile)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
}
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`// aa-log - Review AppArmor generated messages`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`// Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`// SPDX-License-Identifier: GPL-2.0-only`

			`package main`

			`import (`
			`"bufio"`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`"bytes"`
test(aa-log): Add AppArmor event test from the Apparmor lib upstream repo. 2022-05-02 18:14:42 +02:00			`"encoding/hex"`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`"encoding/json"`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`"flag"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`"fmt"`
test(aa-log): Add AppArmor event test from the Apparmor lib upstream repo. 2022-05-02 18:14:42 +02:00			`"io"`
fix(aa-log): ensure compatibility with Debian. 2022-08-20 14:46:45 +02:00			`"io/ioutil"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`"os"`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`"os/exec"`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`"path/filepath"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`"regexp"`
			`"strings"`
			`)`

aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`// Command line options`
			`var (`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`help bool`
			`path string`
			`systemd bool`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`)`

			`// LogFile is the default path to the file to query`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`const LogFile = "/var/log/audit/audit.log"`

			`// Colors`
			`const (`
aa-log: add support for audit entries. 2022-03-17 15:03:00 +01:00			`Reset = "\033[0m"`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`FgGreen = "\033[32m"`
aa-log: add support for audit entries. 2022-03-17 15:03:00 +01:00			`FgYellow = "\033[33m"`
			`FgBlue = "\033[34m"`
			`FgMagenta = "\033[35m"`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`FgCian = "\033[36m"`
			`FgWhite = "\033[37m"`
aa-log: add support for audit entries. 2022-03-17 15:03:00 +01:00			`BoldRed = "\033[1;31m"`
			`BoldGreen = "\033[1;32m"`
			`BoldYellow = "\033[1;33m"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`)`

			`// AppArmorLog describes a apparmor log entry`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`type AppArmorLog map[string]string`

			`// AppArmorLogs describes all apparmor log entries`
			`type AppArmorLogs []AppArmorLog`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`// SystemdLog is a simplified systemd json log representation.`
			`type SystemdLog struct {`
			Message string `json:"MESSAGE"`
			`}`

feat(aa-log): Add support for encoded paths and profile names. 2022-05-02 14:21:53 +02:00			`var (`
			`quoted bool`
			`isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")`
			`)`
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00
			`func splitQuoted(r rune) bool {`
			`if r == '"' {`
			`quoted = !quoted`
			`}`
			`return !quoted && r == ' '`
			`}`

aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`func toQuote(str string) string {`
			`if strings.Contains(str, " ") {`
			return `"` + str + `"`
			`}`
			`return str`
			`}`

feat(aa-log): Add support for encoded paths and profile names. 2022-05-02 14:21:53 +02:00			`func decodeHex(str string) string {`
			`if isHexa.MatchString(str) {`
			`bs, _ := hex.DecodeString(str)`
			`return string(bs)`
			`}`
			`return str`
			`}`

Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`func removeDuplicateLog(logs []string) []string {`
			`list := []string{}`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`keys := map[string]interface{}{"": true}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`for _, log := range logs {`
			`if _, v := keys[log]; !v {`
			`keys[log] = true`
			`list = append(list, log)`
			`}`
			`}`
			`return list`
			`}`

feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`// getAuditLogs return a reader with the logs entries from Auditd`
			`func getAuditLogs(path string) (io.Reader, error) {`
			`file, err := os.Open(filepath.Clean(path))`
			`if err != nil {`
			`return nil, err`
			`}`
			`return file, err`
			`}`

			`// getJournalctlLogs return a reader with the logs entries from Systemd`
			`func getJournalctlLogs(path string, user bool, useFile bool) (io.Reader, error) {`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`var logs []SystemdLog`
			`var stdout bytes.Buffer`
			`var value string`

			`if useFile {`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`content, err := ioutil.ReadFile(filepath.Clean(path))`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`if err != nil {`
			`return nil, err`
			`}`
			`value = string(content)`
			`} else {`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`mode := "--system"`
			`if user {`
			`mode = "--user"`
			`}`
			`cmd := exec.Command("journalctl", mode, "--boot", "--unit=dbus.service", "--output=json")`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`cmd.Stdout = &stdout`
			`if err := cmd.Run(); err != nil {`
			`return nil, err`
			`}`
			`value = stdout.String()`
			`}`

			`value = strings.Replace(value, "\n", ",\n", -1)`
			`value = strings.TrimSuffix(value, ",\n")`
			value = `[` + value + `]`
			`if err := json.Unmarshal([]byte(value), &logs); err != nil {`
			`return nil, err`
			`}`
			`res := ""`
			`for _, log := range logs {`
			`res += log.Message + "\n"`
			`}`
			`return strings.NewReader(res), nil`
			`}`

aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`// NewApparmorLogs return a new ApparmorLogs list of map from a log file`
test(aa-log): Add AppArmor event test from the Apparmor lib upstream repo. 2022-05-02 18:14:42 +02:00			`func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`log := ""`
fix(aa-log): relax audit log format. 2022-09-06 18:49:40 +02:00			exp := `apparmor=("DENIED"\|"ALLOWED"\|"AUDIT")`
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00			`if profile != "" {`
fix(aa-log): relax audit log format. 2022-09-06 18:49:40 +02:00			exp = fmt.Sprintf(exp+`.* (profile="%s."\|label="%s.")`, profile, profile)
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`isAppArmorLog := regexp.MustCompile(exp)`

			`// Select Apparmor logs`
			`scanner := bufio.NewScanner(file)`
			`for scanner.Scan() {`
			`line := scanner.Text()`
			`if isAppArmorLog.MatchString(line) {`
			`log += line + "\n"`
			`}`
			`}`

			`// Clean logs`
fix(aa-log): relax audit log format. 2022-09-06 18:49:40 +02:00			regex := regexp.MustCompile(`.*apparmor="`)
			log = regex.ReplaceAllLiteralString(log, `apparmor="`)
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00			`regexAppArmorLogs := map[*regexp.Regexp]string{`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			regexp.MustCompile(`(peer_\|)pid=[0-9]* `): "",
			regexp.MustCompile(` fsuid.*`): "",
			regexp.MustCompile(` exe=.*`): "",
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00			`for regex, value := range regexAppArmorLogs {`
			`log = regex.ReplaceAllLiteralString(log, value)`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`

			`// Remove doublon in logs`
			`logs := strings.Split(log, "\n")`
			`logs = removeDuplicateLog(logs)`

			`// Parse log into ApparmorLog struct`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`aaLogs := make(AppArmorLogs, 0)`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`for _, log := range logs {`
aa-log: fix some renderring issues & improve speed. 2021-11-23 21:12:10 +01:00			`quoted = false`
			`tmp := strings.FieldsFunc(log, splitQuoted)`

aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`aa := make(AppArmorLog)`
			`for _, item := range tmp {`
			`kv := strings.Split(item, "=")`
			`if len(kv) >= 2 {`
aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			aa[kv[0]] = strings.Trim(kv[1], `"`)
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
feat(aa-log): Add support for encoded paths and profile names. 2022-05-02 14:21:53 +02:00			`aa["profile"] = decodeHex(aa["profile"])`
			`if name, ok := aa["name"]; ok {`
			`aa["name"] = decodeHex(name)`
			`}`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`aaLogs = append(aaLogs, aa)`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`

			`return aaLogs`
			`}`

aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`// String returns a formatted AppArmor logs string`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`func (aaLogs AppArmorLogs) String() string {`
			`res := ""`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`state := map[string]string{`
			`"DENIED": BoldRed + "DENIED " + Reset,`
			`"ALLOWED": BoldGreen + "ALLOWED" + Reset,`
aa-log: add support for audit entries. 2022-03-17 15:03:00 +01:00			`"AUDIT": BoldYellow + "AUDIT " + Reset,`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`// Order of impression`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`keys := []string{`
fix(aa-log): ensure the good profile is shown. 2022-06-04 22:53:24 +02:00			`"profile", "label", // Profile name`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`"operation", "name",`
			`"mask", "bus", "path", "interface", "member", // dbus`
			`"info", "comm",`
			`"laddr", "lport", "faddr", "fport", "family", "sock_type", "protocol",`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`"requested_mask", "denied_mask", "signal", "peer", // "fsuid", "ouid", "FSUID", "OUID",`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`// Optional colors template to use`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`colors := map[string]string{`
			`"profile": FgBlue,`
fix(aa-log): ensure the good profile is shown. 2022-06-04 22:53:24 +02:00			`"label": FgBlue,`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`"operation": FgYellow,`
			`"name": FgMagenta,`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`"mask": BoldRed,`
			`"bus": FgCian + "bus=",`
			`"path": "path=" + FgWhite,`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`"requested_mask": "requested_mask=" + BoldRed,`
			`"denied_mask": "denied_mask=" + BoldRed,`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`"interface": "interface=" + FgWhite,`
			`"member": "member=" + FgGreen,`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`for _, log := range aaLogs {`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`seen := map[string]bool{"apparmor": true}`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`res += state[log["apparmor"]]`

			`for _, key := range keys {`
			`if log[key] != "" {`
			`if colors[key] != "" {`
aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`res += " " + colors[key] + toQuote(log[key]) + Reset`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`} else {`
aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`res += " " + key + "=" + toQuote(log[key])`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`seen[key] = true`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
			`}`

			`for key, value := range log {`
feat(aa-log): add support for dbus log. 2022-06-03 20:09:03 +02:00			`if !seen[key] && value != "" {`
aa-log: better quotting management. 2021-12-05 00:53:05 +01:00			`res += " " + key + "=" + toQuote(value)`
aa-log: cosmetic. 2021-11-21 22:57:11 +01:00			`}`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`}`
			`res += "\n"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
aa-log: improve log parsing and rendering. 2021-11-15 00:54:23 +01:00			`return res`
			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`func aaLog(logger string, path string, profile string) error {`
			`var err error`
			`var file io.Reader`

			`switch logger {`
			`case "auditd":`
			`file, err = getAuditLogs(path)`
			`case "systemd":`
			`file, err = getJournalctlLogs(path, true, path != LogFile)`
			`default:`
feat(aa-log): better error formating. 2022-10-16 13:11:07 +02:00			`err = fmt.Errorf("Logger %s not supported.", logger)`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`if err != nil {`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`return err`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`aaLogs := NewApparmorLogs(file, profile)`
			`fmt.Print(aaLogs.String())`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`return nil`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`}`

aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`func init() {`
			`flag.BoolVar(&help, "h", false, "Show this help message and exit.")`
			`flag.StringVar(&path, "f", LogFile,`
test(aa-log): Add AppArmor event test from the Apparmor lib upstream repo. 2022-05-02 18:14:42 +02:00			"Set a log`file` or a suffix to the default log file.")
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`flag.BoolVar(&systemd, "s", false, "Parse systemd dbus logs.")`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`}`

aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`func main() {`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`flag.Parse()`
			`if help {`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			fmt.Printf(`aa-log [-h] [-d] [-f file] [profile]
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00
			`Review AppArmor generated messages in a colorful way.`
			`It can be given an optional profile name to filter the output with.`

			`)
			`flag.PrintDefaults()`
			`os.Exit(0)`
			`}`

			`profile := ""`
			`if len(flag.Args()) >= 1 {`
			`profile = flag.Args()[0]`
			`}`

feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`logger := "auditd"`
			`if systemd {`
			`logger = "systemd"`
			`}`

aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`logfile := filepath.Clean(LogFile + "." + path)`
			`if _, err := os.Stat(logfile); err != nil {`
			`logfile = path`
			`}`

feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`err := aaLog(logger, logfile, profile)`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`if err != nil {`
			`fmt.Println(err)`
			`os.Exit(1)`
			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`