mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-24 03:48:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(aa-log): add the --since option.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-21 14:12:02 +01:00
parent 2bace01783
commit 7e09351f8f
Failed to generate hash of commit
3 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/aa-log/main.go
View file

@ -31,6 +31,7 @@ Options:
-s, --systemd Parse systemd logs from journalctl. -s, --systemd Parse systemd logs from journalctl.
-r, --rules Convert the log into AppArmor rules. -r, --rules Convert the log into AppArmor rules.
-R, --raw Print the raw log without any formatting. -R, --raw Print the raw log without any formatting.
-S, --since DATE Show entries not older than the specified date.
` `
@ -41,6 +42,7 @@ var (
path string path string
systemd bool systemd bool
raw bool raw bool
since string
) )
func aaLog(logger string, path string, profile string) error { func aaLog(logger string, path string, profile string) error {
@ -51,7 +53,7 @@ func aaLog(logger string, path string, profile string) error {
case "auditd": case "auditd":
file, err = logs.GetAuditLogs(path) file, err = logs.GetAuditLogs(path)
case "systemd": case "systemd":
file, err = logs.GetJournalctlLogs(path, !slices.Contains(logs.LogFiles, path)) file, err = logs.GetJournalctlLogs(path, since, !slices.Contains(logs.LogFiles, path))
default: default:
err = fmt.Errorf("Logger %s not supported.", logger) err = fmt.Errorf("Logger %s not supported.", logger)
} }

17
pkg/logs/loggers.go
View file

@ -63,9 +63,10 @@ func GetAuditLogs(path string) (io.Reader, error) {
} }
// GetJournalctlLogs return a reader with the logs entries from Systemd // GetJournalctlLogs return a reader with the logs entries from Systemd
func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) { func GetJournalctlLogs(path string, since string, useFile bool) (io.Reader, error) {
var logs []systemdLog var logs []systemdLog
var stdout bytes.Buffer var stdout bytes.Buffer
var stderr bytes.Buffer
var scanner *bufio.Scanner var scanner *bufio.Scanner
if useFile { if useFile {
@ -77,14 +78,20 @@ func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) {
} else { } else {
// journalctl -b -o json -g apparmor -t kernel -t audit -t dbus-daemon --output-fields=MESSAGE > systemd.log // journalctl -b -o json -g apparmor -t kernel -t audit -t dbus-daemon --output-fields=MESSAGE > systemd.log
args := []string{ args := []string{
"--boot", "--grep=apparmor", "--grep=apparmor", "--identifier=kernel",
"--identifier=kernel", "--identifier=audit", "--identifier=dbus-daemon", "--identifier=audit", "--identifier=dbus-daemon",
"--output=json", "--output-fields=MESSAGE", "--output=json", "--output-fields=MESSAGE",
} }
if since == "" {
args = append(args, "--boot")
} else {
args = append(args, "--since="+since)
}
cmd := exec.Command("journalctl", args...) cmd := exec.Command("journalctl", args...)
cmd.Stdout = &stdout cmd.Stdout = &stdout
if err := cmd.Run(); err != nil { cmd.Stderr = &stderr
return nil, err if err := cmd.Run(); err != nil && stderr.Len() != 0 {
return nil, fmt.Errorf("journalctl: %s", stderr.String())
} }
scanner = bufio.NewScanner(&stdout) scanner = bufio.NewScanner(&stdout)
} }

2
pkg/logs/loggers_test.go
View file

@ -49,7 +49,7 @@ func TestGetJournalctlLogs(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
reader, _ := GetJournalctlLogs(tt.path, tt.useFile) reader, _ := GetJournalctlLogs(tt.path, "", tt.useFile)
if got := New(reader, tt.name); !reflect.DeepEqual(got, tt.want) { if got := New(reader, tt.name); !reflect.DeepEqual(got, tt.want) {
t.Errorf("New() = %v, want %v", got, tt.want) t.Errorf("New() = %v, want %v", got, tt.want)
} }