feat(aa-log): fallback to syslog if audit.log is not present.

cmd/aa-log/main.go

@@ -17,6 +17,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"regexp"
+	"sort"
 	"strings"
 )
 
@@ -44,8 +45,11 @@ var (
 	systemd bool
 )
 
-// LogFile is the default path to the file to query
-const LogFile = "/var/log/audit/audit.log"
+// LogFiles is the list of default path to query
+var LogFiles = []string{
+	"/var/log/audit/audit.log",
+	"/var/log/syslog",
+}
 
 // Colors
 const (
@@ -77,6 +81,12 @@ var (
 	isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")
 )
 
+func inSlice(item string, slice []string) bool {
+	sort.Strings(slice)
+	i := sort.SearchStrings(slice, item)
+	return i < len(slice) && slice[i] == item
+}
+
 func splitQuoted(r rune) bool {
 	if r == '"' {
 		quoted = !quoted
@@ -146,7 +156,6 @@ func getJournalctlLogs(path string, useFile bool) (io.Reader, error) {
 	value = strings.Replace(value, "\n", ",\n", -1)
 	value = strings.TrimSuffix(value, ",\n")
 	value = `[` + value + `]`
-	// fmt.Printf("value: %v\n", value)
 	if err := json.Unmarshal([]byte(value), &logs); err != nil {
 		return nil, err
 	}
@@ -275,6 +284,24 @@ func (aaLogs AppArmorLogs) String() string {
 	return res
 }
 
+func getLogFile(path string) string {
+	info, err := os.Stat(filepath.Clean(path))
+	if err == nil && !info.IsDir() {
+		return path
+	}
+	for _, logfile := range LogFiles {
+		if _, err := os.Stat(logfile); err == nil {
+			oldLogfile := filepath.Clean(logfile + "." + path)
+			if _, err := os.Stat(oldLogfile); err == nil {
+				return oldLogfile
+			} else {
+				return logfile
+			}
+		}
+	}
+	return ""
+}
+
 func aaLog(logger string, path string, profile string) error {
 	var err error
 	var file io.Reader
@@ -283,7 +310,7 @@ func aaLog(logger string, path string, profile string) error {
 	case "auditd":
 		file, err = getAuditLogs(path)
 	case "systemd":
-		file, err = getJournalctlLogs(path, path != LogFile)
+		file, err = getJournalctlLogs(path, !inSlice(path, LogFiles))
 	default:
 		err = fmt.Errorf("Logger %s not supported.", logger)
 	}
@@ -298,8 +325,8 @@ func aaLog(logger string, path string, profile string) error {
 func init() {
 	flag.BoolVar(&help, "h", false, "Show this help message and exit.")
 	flag.BoolVar(&help, "help", false, "Show this help message and exit.")
-	flag.StringVar(&path, "f", LogFile, "Set a logfile or a suffix to the default log file.")
-	flag.StringVar(&path, "file", LogFile, "Set a logfile or a suffix to the default log file.")
+	flag.StringVar(&path, "f", "", "Set a logfile or a suffix to the default log file.")
+	flag.StringVar(&path, "file", "", "Set a logfile or a suffix to the default log file.")
 	flag.BoolVar(&systemd, "s", false, "Parse systemd logs from journalctl.")
 	flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")
 }
@@ -322,11 +349,7 @@ func main() {
 		logger = "systemd"
 	}
 
-	logfile := filepath.Clean(LogFile + "." + path)
-	if _, err := os.Stat(logfile); err != nil {
-		logfile = path
-	}
-
+	logfile := getLogFile(path)
 	err := aaLog(logger, logfile, profile)
 	if err != nil {
 		fmt.Println(err)

cmd/aa-log/main_test.go

@@ -306,6 +306,37 @@ func TestAppArmorLogs_String(t *testing.T) {
 	}
 }
 
+func Test_getLogFile(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+		want string
+	}{
+		{
+			name: "Get audit.log",
+			path: "../../tests/audit.log",
+			want: "../../tests/audit.log",
+		},
+		{
+			name: "Get /var/log/audit/audit.log.1",
+			path: "1",
+			want: "/var/log/audit/audit.log.1",
+		},
+		{
+			name: "Get default log file",
+			path: "",
+			want: "/var/log/audit/audit.log",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := getLogFile(tt.path); got != tt.want {
+				t.Errorf("getLogFile() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
 func Test_app(t *testing.T) {
 	tests := []struct {
 		name    string