Mercurial > prosody-modules
annotate mod_audit/mod_audit.lua @ 5710:15c1801e8901
mod_audit: Fix showing session details in module command
The namespaced session element was not accounted for.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Nov 2023 12:37:21 +0100 |
| parents | 0c9606770db1 |
| children | c782f220b3ee |
| rev | line source |
|---|---|
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 module:set_global(); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
3 local time_now = os.time; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
4 local parse_duration = require "util.human.io".parse_duration; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
5 local ip = require "util.ip"; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
6 local st = require "util.stanza"; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
7 local moduleapi = require "core.moduleapi"; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
8 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
9 local host_wide_user = "@"; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
10 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
11 local cleanup_after = module:get_option_string("audit_log_expires_after", "28d"); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
12 if cleanup_after == "never" then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
13 cleanup_after = nil; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
14 else |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
15 cleanup_after = parse_duration(cleanup_after); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
16 end |
|
5115
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4935
diff
changeset
|
17 |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
18 local attach_ips = module:get_option_boolean("audit_log_ips", true); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
19 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
20 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
21 |
|
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
22 local have_geoip, geoip = pcall(require, "geoip.country"); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
23 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
24 |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
25 local geoip4_country, geoip6_country; |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
26 if have_geoip and attach_location then |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
27 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat")); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
28 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat")); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
29 end |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
30 |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 local stores = {}; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
33 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 local function get_store(self, host) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 local store = rawget(self, host); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 if store then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 return store |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 end |
|
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
39 store = module:context(host):open_store("audit", "archive"); |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
40 rawset(self, host, store); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
41 return store; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
42 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
43 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
44 setmetatable(stores, { __index = get_store }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
45 |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
46 local function prune_audit_log(host) |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
47 local before = os.time() - cleanup_after; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
48 module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before)); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
49 local ok, err = stores[host]:delete(nil, { ["end"] = before }); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
50 if not ok then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
51 module:context(host):log("error", "Unable to prune audit log: %s", err); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
52 return; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
53 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
54 local sum = tonumber(ok); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
55 if sum then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
56 module:context(host):log("debug", "Pruned %d expired audit log entries", sum); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
57 return sum > 0; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
58 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
59 module:context(host):log("debug", "Pruned expired audit log entries"); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
60 return true; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
61 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
62 |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
63 local function get_ip_network(ip_addr) |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
64 local _ip = ip.new_ip(ip_addr); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
65 local proto = _ip.proto; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
66 local network; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
67 if proto == "IPv4" and attach_ipv4_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
68 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
69 elseif proto == "IPv6" and attach_ipv6_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
70 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
71 end |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
72 return network; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
73 end |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
74 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
75 local function session_extra(session) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
76 local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
77 xmlns = "xmpp:prosody.im/audit", |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
78 }; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
79 if session.id then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
80 attr.id = session.id; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
81 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
82 if session.type then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
83 attr.type = session.type; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
84 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
85 local stanza = st.stanza("session", attr); |
|
5707
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
86 local remote_ip = session.ip and ip.new_ip(session.ip); |
|
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
87 if attach_ips and remote_ip then |
|
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
88 local network; |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
89 if attach_ipv4_prefix or attach_ipv6_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
90 network = get_ip_network(remote_ip); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
91 end |
|
5706
655f90b149a4
mod_audit: Pass IP address in string form
Kim Alvefur <zash@zash.se>
parents:
5705
diff
changeset
|
92 stanza:text_tag("remote-ip", network or remote_ip.normal); |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
93 end |
|
5707
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
94 if attach_location and remote_ip then |
|
5708
37ba9478b387
mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
95 local geoip_info = remote_ip.proto == "IPv6" and geoip6_country:query_by_addr6(remote_ip.normal) or geoip4_country:query_by_addr(remote_ip.normal); |
|
5709
0c9606770db1
mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents:
5708
diff
changeset
|
96 stanza:text_tag("location", geoip_info.name, { |
|
5708
37ba9478b387
mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
97 country = geoip_info.code; |
|
5709
0c9606770db1
mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents:
5708
diff
changeset
|
98 continent = geoip_info.continent; |
|
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
99 }):up(); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
100 end |
|
5250
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
101 if session.client_id then |
|
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
102 stanza:text_tag("client", session.client_id); |
|
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
103 end |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
104 return stanza |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
105 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
106 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
107 local function audit(host, user, source, event_type, extra) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
108 if not host or host == "*" then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
109 error("cannot log audit events for global"); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
110 end |
|
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
111 local user_key = user or host_wide_user; |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
112 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
113 local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
114 ["source"] = source, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
115 ["type"] = event_type, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
116 }; |
|
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
117 if user_key ~= host_wide_user then |
|
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
118 attr.user = user_key; |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
119 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
120 local stanza = st.stanza("audit-event", attr); |
|
5318
c5ecfb06afde
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents:
5317
diff
changeset
|
121 if extra then |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
122 if extra.session then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
123 local child = session_extra(extra.session); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
124 if child then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
125 stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
126 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
127 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
128 if extra.custom then |
|
5321
d02f465e2aff
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents:
5319
diff
changeset
|
129 for _, child in ipairs(extra.custom) do |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
130 if not st.is_stanza(child) then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
131 error("all extra.custom items must be stanzas") |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
132 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
133 stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
134 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
135 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
136 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
137 |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
138 local store = stores[host]; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
139 local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
140 if not id then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
141 if err == "quota-limit" then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
142 local limit = store.caps and store.caps.quota or 1000; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
143 local truncate_to = math.floor(limit * 0.99); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
144 if type(cleanup_after) == "number" then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
145 module:log("debug", "Audit log has reached quota - forcing prune"); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
146 if prune_audit_log(host) then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
147 -- Retry append |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
148 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
149 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
150 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
151 if not id and (store.caps and store.caps.truncate) then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
152 module:log("debug", "Audit log has reached quota - truncating"); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
153 local truncated = store:delete(nil, { |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
154 truncate = truncate_to; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
155 }); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
156 if truncated then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
157 -- Retry append |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
158 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
159 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
160 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
161 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
162 if not id then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
163 module:log("error", "Failed to persist audit event: %s", err); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
164 return; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
165 end |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
166 else |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
167 module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id); |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
168 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
169 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
170 |
|
4935
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
171 function moduleapi.audit(module, user, event_type, extra) |
|
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
172 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
173 end |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
174 |
|
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
175 function module.command(arg_) |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
176 local jid = require "util.jid"; |
|
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
177 local arg = require "util.argparse".parse(arg_, { |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
178 value_params = { "limit" }; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
179 }); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
180 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
181 for k, v in pairs(arg) do print("U", k, v) end |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
182 local query_user, host = jid.prepped_split(arg[1]); |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
183 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
184 if arg.prune then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
185 local sm = require "core.storagemanager"; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
186 if host then |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
187 sm.initialize_host(host); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
188 prune_audit_log(host); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
189 else |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
190 for _host in pairs(prosody.hosts) do |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
191 sm.initialize_host(_host); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
192 prune_audit_log(_host); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
193 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
194 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
195 return; |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
196 end |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
197 |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
198 if not host then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
199 print("EE: Please supply the host for which you want to show events"); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
200 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
201 elseif not prosody.hosts[host] then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
202 print("EE: Unknown host: "..host); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
203 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
204 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
205 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
206 require "core.storagemanager".initialize_host(host); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
207 local store = stores[host]; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
208 local c = 0; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
209 |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
210 if arg.global then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
211 if query_user then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
212 print("WW: Specifying a user account is incompatible with --global. Showing only global events."); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
213 end |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
214 query_user = "@"; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
215 end |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
216 |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
217 local results, err = store:find(nil, { |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
218 with = query_user; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
219 limit = arg.limit and tonumber(arg.limit) or nil; |
|
5319
5043108b14f4
mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents:
5318
diff
changeset
|
220 reverse = true; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
221 }) |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
222 if not results then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
223 print("EE: Failed to query audit log: "..tostring(err)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
224 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
225 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
226 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
227 local colspec = { |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
228 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", when); end }; |
|
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
229 { title = "Source", key = "source", width = "2p" }; |
|
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
230 { title = "Event", key = "event_type", width = "2p" }; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
231 }; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
232 |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
233 if arg.show_user ~= false and (not arg.global and not query_user) or arg.show_user then |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
234 table.insert(colspec, { |
|
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
235 title = "User", key = "username", width = "2p", |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
236 mapper = function (user) |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
237 if user == "@" then return ""; end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
238 if user:sub(-#host-1, -1) == ("@"..host) then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
239 return (user:gsub("@.+$", "")); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
240 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
241 end; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
242 }); |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
243 end |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
244 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
245 table.insert(colspec, { |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
246 title = "IP", key = "ip", width = "2p"; |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
247 }); |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
248 end |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
249 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
250 table.insert(colspec, { |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
251 title = "Location", key = "country", width = 2; |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
252 }); |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
253 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
254 |
|
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
255 if arg.show_note then |
|
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
256 table.insert(colspec, { |
|
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
257 title = "Note", key = "note", width = "2p"; |
|
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
258 }); |
|
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
259 end |
|
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
260 |
|
5323
400ffa842576
mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents:
5322
diff
changeset
|
261 local row, width = require "util.human.io".table(colspec); |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
262 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
263 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
264 print(row()); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
265 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
266 for _, entry, when, user in results do |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
267 if arg.global ~= false or user ~= "@" then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
268 c = c + 1; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
269 print(row({ |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
270 when = when; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
271 source = entry.attr.source; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
272 event_type = entry.attr.type:gsub("%-", " "); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
273 username = user; |
|
5710
15c1801e8901
mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents:
5709
diff
changeset
|
274 ip = entry:find("{xmpp:prosody.im/audit}session/remote-ip#"); |
|
15c1801e8901
mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents:
5709
diff
changeset
|
275 country = entry:find("{xmpp:prosody.im/audit}session/location@country"); |
|
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
276 note = entry:get_child_text("note"); |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
277 })); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
278 end |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
279 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
280 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
281 print(("%d records displayed"):format(c)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
282 end |
|
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
283 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
284 function module.add_host(host_module) |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
285 host_module:depends("cron"); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
286 host_module:daily("Prune audit logs", function () |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
287 prune_audit_log(host_module.host); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
288 end); |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
289 end |