Mercurial > prosody-modules
annotate mod_audit/mod_audit.lua @ 5536:96dec7681af8
mod_firewall: Update user marks to store instantly via map store
The original approach was to keep marks in memory only, and persist them at
shutdown. That saves I/O, at the cost of potentially losing marks on an
unclean shutdown.
This change persists marks instantly, which may have some performance overhead
but should be more "correct".
It also splits the marking/unmarking into an event which may be watched or
even fired by other modules.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 08 Jun 2023 16:20:42 +0100 |
parents | c35f3c1762b5 |
children | 9bbf5b0673a2 |
rev | line source |
---|---|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 module:set_global(); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
3 local time_now = os.time; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
4 local parse_duration = require "util.human.io".parse_duration; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
5 local ip = require "util.ip"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
6 local st = require "util.stanza"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
7 local moduleapi = require "core.moduleapi"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
8 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
9 local host_wide_user = "@"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
10 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
11 local cleanup_after = module:get_option_string("audit_log_expires_after", "28d"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
12 if cleanup_after == "never" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
13 cleanup_after = nil; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
14 else |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
15 cleanup_after = parse_duration(cleanup_after); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
16 end |
5115
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4935
diff
changeset
|
17 |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
18 local attach_ips = module:get_option_boolean("audit_log_ips", true); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
19 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
20 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
21 |
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
22 local have_geoip, geoip = pcall(require, "geoip.country"); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
23 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
24 |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
25 local geoip4_country, geoip6_country; |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
26 if have_geoip and attach_location then |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
27 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
28 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
29 end |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
30 |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 local stores = {}; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
33 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 local function get_store(self, host) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 local store = rawget(self, host); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 if store then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 return store |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 end |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
39 store = module:context(host):open_store("audit", "archive"); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
40 rawset(self, host, store); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
41 return store; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
42 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
43 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
44 setmetatable(stores, { __index = get_store }); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
45 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
46 local function prune_audit_log(host) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
47 local before = os.time() - cleanup_after; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
48 module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before)); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
49 local ok, err = stores[host]:delete(nil, { ["end"] = before }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
50 if not ok then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
51 module:context(host):log("error", "Unable to prune audit log: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
52 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
53 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
54 local sum = tonumber(ok); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
55 if sum then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
56 module:context(host):log("debug", "Pruned %d expired audit log entries", sum); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
57 return sum > 0; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
58 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
59 module:context(host):log("debug", "Pruned expired audit log entries"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
60 return true; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
61 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
62 |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
63 local function get_ip_network(ip_addr) |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
64 local _ip = ip.new_ip(ip_addr); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
65 local proto = _ip.proto; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
66 local network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
67 if proto == "IPv4" and attach_ipv4_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
68 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
69 elseif proto == "IPv6" and attach_ipv6_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
70 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
71 end |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
72 return network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
73 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
74 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
75 local function session_extra(session) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
76 local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
77 xmlns = "xmpp:prosody.im/audit", |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
78 }; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
79 if session.id then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
80 attr.id = session.id; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
81 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
82 if session.type then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
83 attr.type = session.type; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
84 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
85 local stanza = st.stanza("session", attr); |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
86 if attach_ips and session.ip then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
87 local remote_ip, network = session.ip; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
88 if attach_ipv4_prefix or attach_ipv6_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
89 network = get_ip_network(remote_ip); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
90 end |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
91 stanza:text_tag("remote-ip", network or remote_ip); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
92 end |
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
93 if attach_location and session.ip then |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
94 local remote_ip = ip.new(session.ip); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
95 local geoip_country = ip.proto == "IPv6" and geoip6_country or geoip4_country; |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
96 stanza:tag("location", { |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
97 country = geoip_country:query_by_addr(remote_ip.normal); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
98 }):up(); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
99 end |
5250
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
100 if session.client_id then |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
101 stanza:text_tag("client", session.client_id); |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
102 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
103 return stanza |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
104 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
105 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
106 local function audit(host, user, source, event_type, extra) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
107 if not host or host == "*" then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
108 error("cannot log audit events for global"); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
109 end |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
110 local user_key = user or host_wide_user; |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
111 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
112 local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
113 ["source"] = source, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
114 ["type"] = event_type, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
115 }; |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
116 if user_key ~= host_wide_user then |
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
117 attr.user = user_key; |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
118 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
119 local stanza = st.stanza("audit-event", attr); |
5318
c5ecfb06afde
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents:
5317
diff
changeset
|
120 if extra then |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
121 if extra.session then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
122 local child = session_extra(extra.session); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
123 if child then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
124 stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
125 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
126 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
127 if extra.custom then |
5321
d02f465e2aff
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents:
5319
diff
changeset
|
128 for _, child in ipairs(extra.custom) do |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
129 if not st.is_stanza(child) then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
130 error("all extra.custom items must be stanzas") |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
131 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
132 stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
133 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
134 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
135 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
136 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
137 local store = stores[host]; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
138 local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
139 if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
140 if err == "quota-limit" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
141 local limit = store.caps and store.caps.quota or 1000; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
142 local truncate_to = math.floor(limit * 0.99); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
143 if type(cleanup_after) == "number" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
144 module:log("debug", "Audit log has reached quota - forcing prune"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
145 if prune_audit_log(host) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
146 -- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
147 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
148 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
149 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
150 if not id and (store.caps and store.caps.truncate) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
151 module:log("debug", "Audit log has reached quota - truncating"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
152 local truncated = store:delete(nil, { |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
153 truncate = truncate_to; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
154 }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
155 if truncated then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
156 -- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
157 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
158 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
159 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
160 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
161 if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
162 module:log("error", "Failed to persist audit event: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
163 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
164 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
165 else |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
166 module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
167 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
168 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
169 |
4935
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
170 function moduleapi.audit(module, user, event_type, extra) |
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
171 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
172 end |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
173 |
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
174 function module.command(arg_) |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
175 local jid = require "util.jid"; |
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
176 local arg = require "util.argparse".parse(arg_, { |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
177 value_params = { "limit" }; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
178 }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
179 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
180 for k, v in pairs(arg) do print("U", k, v) end |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
181 local query_user, host = jid.prepped_split(arg[1]); |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
182 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
183 if arg.prune then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
184 local sm = require "core.storagemanager"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
185 if host then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
186 sm.initialize_host(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
187 prune_audit_log(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
188 else |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
189 for _host in pairs(prosody.hosts) do |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
190 sm.initialize_host(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
191 prune_audit_log(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
192 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
193 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
194 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
195 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
196 |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
197 if not host then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
198 print("EE: Please supply the host for which you want to show events"); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
199 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
200 elseif not prosody.hosts[host] then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
201 print("EE: Unknown host: "..host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
202 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
203 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
204 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
205 require "core.storagemanager".initialize_host(host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
206 local store = stores[host]; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
207 local c = 0; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
208 |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
209 if arg.global then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
210 if query_user then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
211 print("WW: Specifying a user account is incompatible with --global. Showing only global events."); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
212 end |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
213 query_user = "@"; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
214 end |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
215 |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
216 local results, err = store:find(nil, { |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
217 with = query_user; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
218 limit = arg.limit and tonumber(arg.limit) or nil; |
5319
5043108b14f4
mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents:
5318
diff
changeset
|
219 reverse = true; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
220 }) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
221 if not results then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
222 print("EE: Failed to query audit log: "..tostring(err)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
223 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
224 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
225 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
226 local colspec = { |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
227 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", when); end }; |
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
228 { title = "Source", key = "source", width = "2p" }; |
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
229 { title = "Event", key = "event_type", width = "2p" }; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
230 }; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
231 |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
232 if arg.show_user ~= false and (not arg.global and not query_user) or arg.show_user then |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
233 table.insert(colspec, { |
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
234 title = "User", key = "username", width = "2p", |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
235 mapper = function (user) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
236 if user == "@" then return ""; end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
237 if user:sub(-#host-1, -1) == ("@"..host) then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
238 return (user:gsub("@.+$", "")); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
239 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
240 end; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
241 }); |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
242 end |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
243 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
244 table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
245 title = "IP", key = "ip", width = "2p"; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
246 }); |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
247 end |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
248 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
249 table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
250 title = "Location", key = "country", width = 2; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
251 }); |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
252 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
253 |
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
254 if arg.show_note then |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
255 table.insert(colspec, { |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
256 title = "Note", key = "note", width = "2p"; |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
257 }); |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
258 end |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
259 |
5323
400ffa842576
mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents:
5322
diff
changeset
|
260 local row, width = require "util.human.io".table(colspec); |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
261 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
262 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
263 print(row()); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
264 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
265 for _, entry, when, user in results do |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
266 if arg.global ~= false or user ~= "@" then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
267 c = c + 1; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
268 print(row({ |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
269 when = when; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
270 source = entry.attr.source; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
271 event_type = entry.attr.type:gsub("%-", " "); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
272 username = user; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
273 ip = entry:get_child_text("remote-ip"); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
274 location = entry:find("location@country"); |
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
275 note = entry:get_child_text("note"); |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
276 })); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
277 end |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
278 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
279 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
280 print(("%d records displayed"):format(c)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
281 end |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
282 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
283 function module.add_host(host_module) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
284 host_module:depends("cron"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
285 host_module:daily("Prune audit logs", function () |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
286 prune_audit_log(host_module.host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
287 end); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
288 end |