feat(aa-log): add the --since option.

2024-11-14 15:33:47 +01:00 · 2024-10-21 14:12:02 +01:00 · 2024-10-21 14:12:02 +01:00 · 7e09351f8f
commit 7e09351f8f
parent 2bace01783
3 changed files with 16 additions and 7 deletions
--- a/cmd/aa-log/main.go
+++ b/cmd/aa-log/main.go
@ -31,6 +31,7 @@ Options:
    -s, --systemd      Parse systemd logs from journalctl.
    -r, --rules        Convert the log into AppArmor rules.
    -R, --raw          Print the raw log without any formatting.
+    -S, --since DATE   Show entries not older than the specified date.

 `

@ -41,6 +42,7 @@ var (
 	path    string
 	systemd bool
 	raw     bool
+	since   string
 )

 func aaLog(logger string, path string, profile string) error {
@ -51,7 +53,7 @@ func aaLog(logger string, path string, profile string) error {
 	case "auditd":
 		file, err = logs.GetAuditLogs(path)
 	case "systemd":
-		file, err = logs.GetJournalctlLogs(path, !slices.Contains(logs.LogFiles, path))
+		file, err = logs.GetJournalctlLogs(path, since, !slices.Contains(logs.LogFiles, path))
 	default:
 		err = fmt.Errorf("Logger %s not supported.", logger)
 	}
--- a/pkg/logs/loggers.go
+++ b/pkg/logs/loggers.go
@ -63,9 +63,10 @@ func GetAuditLogs(path string) (io.Reader, error) {
 }

 // GetJournalctlLogs return a reader with the logs entries from Systemd
-func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) {
+func GetJournalctlLogs(path string, since string, useFile bool) (io.Reader, error) {
 	var logs []systemdLog
 	var stdout bytes.Buffer
+	var stderr bytes.Buffer
 	var scanner *bufio.Scanner

 	if useFile {
@ -77,14 +78,20 @@ func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) {
 	} else {
 		// journalctl -b -o json -g apparmor -t kernel -t audit -t dbus-daemon --output-fields=MESSAGE > systemd.log
 		args := []string{
-			"--boot", "--grep=apparmor",
-			"--identifier=kernel", "--identifier=audit", "--identifier=dbus-daemon",
+			"--grep=apparmor", "--identifier=kernel",
+			"--identifier=audit", "--identifier=dbus-daemon",
 			"--output=json", "--output-fields=MESSAGE",
 		}
+		if since == "" {
+			args = append(args, "--boot")
+		} else {
+			args = append(args, "--since="+since)
+		}
 		cmd := exec.Command("journalctl", args...)
 		cmd.Stdout = &stdout
-		if err := cmd.Run(); err != nil {
-			return nil, err
+		cmd.Stderr = &stderr
+		if err := cmd.Run(); err != nil && stderr.Len() != 0 {
+			return nil, fmt.Errorf("journalctl: %s", stderr.String())
 		}
 		scanner = bufio.NewScanner(&stdout)
 	}
--- a/pkg/logs/loggers_test.go
+++ b/pkg/logs/loggers_test.go
@ -49,7 +49,7 @@ func TestGetJournalctlLogs(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			reader, _ := GetJournalctlLogs(tt.path, tt.useFile)
+			reader, _ := GetJournalctlLogs(tt.path, "", tt.useFile)
 			if got := New(reader, tt.name); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("New() = %v, want %v", got, tt.want)
 			}