mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1642 commits 11 branches 43 tags 36 MiB
Commit graph

18 commits

Author SHA1 Message Date
Gustavo Iñiguez Goia
e5787aef65
structs fields reorganized 
Structs' fields reorganized based on fieldalignment tool output
 2024-01-14 20:44:49 +01:00
Gustavo Iñiguez Goia
6e340a7e39
remote loggers improvements 
- Remote logger: fixed a couple of leaks.
- Allow to use multiple remote loggers.
- Allow to use rfc3164 format.
 2023-07-23 22:27:28 +02:00
Gustavo Iñiguez Goia
e1afd24dbf
log: fixed logging service 
A default value was preventing from writing logs to the configured file.

+ Changed a couple of locks by rlocks.
 2023-06-09 17:43:32 +02:00
selfdenial
52c23ffd5d Introduce 2 new daemon logging options: LogUTC & LogMicro. 2023-06-05 20:46:42 -06:00
Gustavo Iñiguez Goia
102b65e6c3
added new generic remote logger and new formats 
- Added new generic remote logger to send events to remote servers.
- Added new formats RFC3164 and JSON.

Configuration example to send events to logstash using the tcp input
plugin, in json format:
 "Loggers": [
    {
        "Name": "remote",
        "Server": "127.0.0.1:3333",
        "Protocol": "tcp",
        "Workers": 5,
        "Format": "json",
        "Tag": "opensnitch"
    },
 ]

logstash configuration, saving events under document.*:
 input {
    tcp {
        port => 3333
        codec => json_lines {
            target => "[document]"
        }
    }
 }

You can also use the syslog input plugin:
 "Loggers": [
    {
        "Name": "remote",
        "Server": "127.0.0.1:5140",
        "Protocol": "tcp",
        "Workers": 5,
        "Format": "rfc3164",
        "Tag": "opensnitch"
    },
 ]

logstash's syslog input plugin configuration:
 input {
    syslog {
        port => 5140
    }
}

Note: you'll need a grok filter to parse and extract the fields.

See: #947
 2023-05-29 13:49:38 +02:00
Gustavo Iñiguez Goia
89dc6abbcd
loggers: remote syslog, rfc5424 format improvements 
- Allow to configure remote logger's write timeout and workers.
- Improved syslog RFC5424 formatting.
 2023-05-28 23:19:56 +02:00
Gustavo Iñiguez Goia
631f27ee24
loggers: fixed race condition on remote loggers 
- Fixed race condition when a remote logger can't open a connection with
  the server.
 2023-05-24 01:19:07 +02:00
Gustavo Iñiguez Goia
12b1adfe03 loggers: improved remote_syslog logging 
Under heavy network traffic load, writing to a remote syslog fails with
a timeout. Under this situation the connection didn't recover from that
state, blocking other connections.

To ensure that we continue working normally, as well as keep sending
events to syslog:

- Set a max timeout when writing to a remote syslog.
- Restart the connection with the server, if there're more than 10
  errors.

With these fixes along with few other changes, writing to remote syslog
is more reliable, it works as expected.

We need to find the root cause of this behavior, and further test it
(#638).
 2022-05-25 17:46:27 +02:00
Gustavo Iñiguez Goia
5453a49692 tests: updated rules tests 
- Updated rules tests to use the new description field.
- Removed debugging traces from the loggers module.
 2022-05-18 15:27:53 +02:00
Gustavo Iñiguez Goia
7b610c0176 added way to send events to syslog 
Now you can send events to syslog, local or remote.
This feature was requested here #638

This feature allows you to integrate opensnitch with your SIEM. Take a
look at the above discussion to see examples with
syslog-ng+promtail+loki+grafana.

There's only one logger implemented (syslog), but it should be easily
expandable to add more type of loggers (elastic, etc).

The event format can be CSV or RFC5424. It sould also be easy to add
more formats.

- Allow to configure stats workers. They were hardcoded to 4.
 2022-05-17 16:28:59 +02:00
themighty1
41172b65e5 minor fixes to prevent go vet from complaining 2021-02-13 19:18:38 +03:00
Gustavo Iñiguez Goia
a3a7becbc8 fixed exception if system-fw.json doesn't exist 
closes #88
 2020-11-15 00:53:13 +01:00
Gustavo Iñiguez Goia
ff5c1ff4c2 cli logging parameters overwrite config options 
Parameters passed by command line must overwrite the options configured
in the config file.

closes #82
 2020-11-02 01:37:35 +01:00
Gustavo Iñiguez Goia
4c26454409 added functions to open a log file 2020-10-26 16:12:58 +01:00
Gustavo Iñiguez Goia
b03bbf0506 fixed race conditions setting log level and monitor methods 2020-06-14 20:14:24 +02:00
evilsocket
b6bdeb7173
misc: small fix or general refactoring i did not bother commenting 2018-04-05 23:56:07 +02:00
evilsocket
9fe5915e5b
misc: small fix or general refactoring i did not bother commenting 2018-04-05 17:41:12 +02:00
evilsocket
534ec8cd73
misc: small fix or general refactoring i did not bother commenting 2018-04-02 05:25:32 +02:00