Comments (3)
So I'm not sure if this will help you or not, but I made a small modification to the svc_upload_event.go file that enables logging to an HTTP endpoint - in my case, a Logstash agent -> Elastic. Here's the steps I did:
-
Clone the github repo
-
Ensure Golang has been downloaded and installed (link)
-
Modify ./moroz/svc_upload_event.go to add HTTP endpoint logging. Basically replace the main function at the top with this code (don't forget to update the url to reflect your endpoint!):
func (svc *SantaService) UploadEvent(ctx context.Context, machineID string, events []santa.EventPayload) error {
if !svc.flPersistEvents {
return nil
}
for _, ev := range events {
eventDir := filepath.Join(svc.eventDir, ev.FileSHA, machineID)
if err := os.MkdirAll(eventDir, 0700); err != nil {
return errors.Wrapf(err, "create event directory %s", eventDir)
}
eventPath := filepath.Join(eventDir, fmt.Sprintf("%f.json", ev.UnixTime))
eventInfoJSON, err := json.Marshal(ev.EventInfo)
if err != nil {
return errors.Wrap(err, "marshal event info to json")
}
// Decode JSON data into a map[string]interface{}
var eventInfoMap map[string]interface{}
if err := json.Unmarshal(eventInfoJSON, &eventInfoMap); err != nil {
return errors.Wrap(err, "unmarshal eventInfoJSON")
}
// Add machineID to the map
eventInfoMap["serial"] = machineID
// Marshal the modified map back into JSON format
updatedEventInfoJSON, err := json.Marshal(eventInfoMap)
if err != nil {
return errors.Wrap(err, "marshal updated eventInfoJSON")
}
if err := os.WriteFile(eventPath, updatedEventInfoJSON, 0644); err != nil {
return errors.Wrapf(err, "write event to path %s", eventPath)
}
req, err := http.NewRequest("POST", "http://<YOUR IP HERE>:8080", bytes.NewReader(updatedEventInfoJSON))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: time.Minute}
// Execute the HTTP request asynchronously in a goroutine
go func() {
resp, err := client.Do(req)
if err != nil {
// Handle error if occurred during HTTP request
// (such as connection error, timeout, etc.)
return
}
defer resp.Body.Close()
// Optionally, you can process the response here if needed
}()
return nil
}
return nil
}
- Compile by running cd cmd/moroz; go build
There's probably a better way to do this, but I'm not a Go coder so it's the quick and dirty way I came up with.
EDIT: Just wanted to add this completely replaces the file-based logging that Moroz did natively.
from moroz.
@clreinki That might be useful! Thanks!
What do you feed these logs into? Grafana?
from moroz.
from moroz.
Related Issues (17)
- Missing upload_logs_url endpoint HOT 2
- implement object storage interfaces
- add tests HOT 1
- Request: Machine ID should overwrite global.toml HOT 2
- Escaping characters
- Santa Sync Error HOT 8
- event file is the same for every host HOT 1
- Fighting with other Resources on the server HOT 1
- TLS handshake error HOT 1
- clean_sync = true not working HOT 2
- clean sync doesnt seem to be working newest version.
- Rules handling and client_sync HOT 6
- Add Multiple Whitelist rules to gobal.toml HOT 1
- Missing TLS certificate, but it isn't
- global config not reloading when new rules are added
- Add a debug flag to see traffic of moroz
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from moroz.