annotate mod_audit/mod_audit.lua @ 5787:e79f9dec35c0

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.
author Matthew Wild <mwild1@gmail.com>
date Thu, 07 Dec 2023 15:46:50 +0000
parents 6c0570a8b866
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
1 module:set_global();
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
2
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
3 local time_now = os.time;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
4 local ip = require "util.ip";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
5 local st = require "util.stanza";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
6 local moduleapi = require "core.moduleapi";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
7
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
8 local host_wide_user = "@";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
9
5731
1bdc6b5979ee mod_audit: Use new module API for period/time ranges
Kim Alvefur <zash@zash.se>
parents: 5714
diff changeset
10 local cleanup_after = module:get_option_period("audit_log_expires_after", "28d");
5115
4a5837591380 mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents: 4935
diff changeset
11
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
12 local attach_ips = module:get_option_boolean("audit_log_ips", true);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
13 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
14 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
15
5298
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
16 local have_geoip, geoip = pcall(require, "geoip.country");
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
17 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true);
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
18
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
19 local geoip4_country, geoip6_country;
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
20 if have_geoip and attach_location then
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
21 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat"));
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
22 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat"));
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
23 end
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
24
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
25
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
26 local stores = {};
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
27
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
28 local function get_store(self, host)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
29 local store = rawget(self, host);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
30 if store then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
31 return store
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
32 end
4934
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
33 store = module:context(host):open_store("audit", "archive");
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
34 rawset(self, host, store);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
35 return store;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
36 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
37
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
38 setmetatable(stores, { __index = get_store });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
39
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
40 local function prune_audit_log(host)
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
41 local before = os.time() - cleanup_after;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
42 module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before));
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
43 local ok, err = stores[host]:delete(nil, { ["end"] = before });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
44 if not ok then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
45 module:context(host):log("error", "Unable to prune audit log: %s", err);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
46 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
47 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
48 local sum = tonumber(ok);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
49 if sum then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
50 module:context(host):log("debug", "Pruned %d expired audit log entries", sum);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
51 return sum > 0;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
52 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
53 module:context(host):log("debug", "Pruned expired audit log entries");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
54 return true;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
55 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
56
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
57 local function get_ip_network(ip_addr)
5711
c782f220b3ee mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents: 5710
diff changeset
58 local proto = ip_addr.proto;
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
59 local network;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
60 if proto == "IPv4" and attach_ipv4_prefix then
5711
c782f220b3ee mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents: 5710
diff changeset
61 network = ip.truncate(ip_addr, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix;
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
62 elseif proto == "IPv6" and attach_ipv6_prefix then
5711
c782f220b3ee mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents: 5710
diff changeset
63 network = ip.truncate(ip_addr, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix;
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
64 end
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
65 return network;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
66 end
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
67
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
68 local function session_extra(session)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
69 local attr = {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
70 xmlns = "xmpp:prosody.im/audit",
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
71 };
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
72 if session.id then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
73 attr.id = session.id;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
74 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
75 if session.type then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
76 attr.type = session.type;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
77 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
78 local stanza = st.stanza("session", attr);
5707
9a5fca9f90a6 mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents: 5706
diff changeset
79 local remote_ip = session.ip and ip.new_ip(session.ip);
9a5fca9f90a6 mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents: 5706
diff changeset
80 if attach_ips and remote_ip then
9a5fca9f90a6 mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents: 5706
diff changeset
81 local network;
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
82 if attach_ipv4_prefix or attach_ipv6_prefix then
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
83 network = get_ip_network(remote_ip);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
84 end
5706
655f90b149a4 mod_audit: Pass IP address in string form
Kim Alvefur <zash@zash.se>
parents: 5705
diff changeset
85 stanza:text_tag("remote-ip", network or remote_ip.normal);
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
86 end
5707
9a5fca9f90a6 mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents: 5706
diff changeset
87 if attach_location and remote_ip then
5708
37ba9478b387 mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents: 5707
diff changeset
88 local geoip_info = remote_ip.proto == "IPv6" and geoip6_country:query_by_addr6(remote_ip.normal) or geoip4_country:query_by_addr(remote_ip.normal);
5709
0c9606770db1 mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents: 5708
diff changeset
89 stanza:text_tag("location", geoip_info.name, {
5708
37ba9478b387 mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents: 5707
diff changeset
90 country = geoip_info.code;
5709
0c9606770db1 mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents: 5708
diff changeset
91 continent = geoip_info.continent;
5298
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
92 }):up();
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
93 end
5250
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
94 if session.client_id then
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
95 stanza:text_tag("client", session.client_id);
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
96 end
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
97 return stanza
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
98 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
99
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
100 local function audit(host, user, source, event_type, extra)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
101 if not host or host == "*" then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
102 error("cannot log audit events for global");
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
103 end
4934
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
104 local user_key = user or host_wide_user;
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
105
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
106 local attr = {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
107 ["source"] = source,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
108 ["type"] = event_type,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
109 };
4934
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
110 if user_key ~= host_wide_user then
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
111 attr.user = user_key;
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
112 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
113 local stanza = st.stanza("audit-event", attr);
5318
c5ecfb06afde mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents: 5317
diff changeset
114 if extra then
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
115 if extra.session then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
116 local child = session_extra(extra.session);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
117 if child then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
118 stanza:add_child(child);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
119 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
120 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
121 if extra.custom then
5321
d02f465e2aff mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents: 5319
diff changeset
122 for _, child in ipairs(extra.custom) do
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
123 if not st.is_stanza(child) then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
124 error("all extra.custom items must be stanzas")
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
125 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
126 stanza:add_child(child);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
127 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
128 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
129 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
130
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
131 local store = stores[host];
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
132 local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
133 if not id then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
134 if err == "quota-limit" then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
135 local limit = store.caps and store.caps.quota or 1000;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
136 local truncate_to = math.floor(limit * 0.99);
5731
1bdc6b5979ee mod_audit: Use new module API for period/time ranges
Kim Alvefur <zash@zash.se>
parents: 5714
diff changeset
137 if cleanup_after ~= math.huge then
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
138 module:log("debug", "Audit log has reached quota - forcing prune");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
139 if prune_audit_log(host) then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
140 -- Retry append
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
141 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
142 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
143 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
144 if not id and (store.caps and store.caps.truncate) then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
145 module:log("debug", "Audit log has reached quota - truncating");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
146 local truncated = store:delete(nil, {
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
147 truncate = truncate_to;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
148 });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
149 if truncated then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
150 -- Retry append
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
151 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
152 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
153 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
154 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
155 if not id then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
156 module:log("error", "Failed to persist audit event: %s", err);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
157 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
158 end
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
159 else
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
160 module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id);
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
161 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
162 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
163
4935
ae83200fb55f mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents: 4934
diff changeset
164 function moduleapi.audit(module, user, event_type, extra)
ae83200fb55f mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents: 4934
diff changeset
165 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra);
4933
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
166 end
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
167
5351
c35f3c1762b5 mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents: 5331
diff changeset
168 function module.command(arg_)
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
169 local jid = require "util.jid";
5351
c35f3c1762b5 mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents: 5331
diff changeset
170 local arg = require "util.argparse".parse(arg_, {
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
171 value_params = { "limit" };
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
172 });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
173
5714
c77010f25b14 mod_audit: Replace argument parsing debug print() with debug logging
Kim Alvefur <zash@zash.se>
parents: 5711
diff changeset
174 module:log("debug", "arg = %q", arg);
5757
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
175 local query_jid = jid.prep(arg[1]);
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
176 local host = jid.host(query_jid);
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
177
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
178 if arg.prune then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
179 local sm = require "core.storagemanager";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
180 if host then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
181 sm.initialize_host(host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
182 prune_audit_log(host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
183 else
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
184 for _host in pairs(prosody.hosts) do
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
185 sm.initialize_host(_host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
186 prune_audit_log(_host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
187 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
188 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
189 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
190 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
191
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
192 if not host then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
193 print("EE: Please supply the host for which you want to show events");
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
194 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
195 elseif not prosody.hosts[host] then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
196 print("EE: Unknown host: "..host);
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
197 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
198 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
199
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
200 require "core.storagemanager".initialize_host(host);
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
201 local store = stores[host];
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
202 local c = 0;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
203
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
204 if arg.global then
5757
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
205 if jid.node(query_jid) then
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
206 print("WW: Specifying a user account is incompatible with --global. Showing only global events.");
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
207 end
5757
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
208 query_jid = "@";
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
209 elseif host == query_jid then
5763
6c0570a8b866 mod_audit: Fix querying for both user and global events
Kim Alvefur <zash@zash.se>
parents: 5761
diff changeset
210 query_jid = nil;
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
211 end
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
212
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
213 local results, err = store:find(nil, {
5757
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
214 with = query_jid;
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
215 limit = arg.limit and tonumber(arg.limit) or nil;
5319
5043108b14f4 mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents: 5318
diff changeset
216 reverse = true;
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
217 })
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
218 if not results then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
219 print("EE: Failed to query audit log: "..tostring(err));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
220 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
221 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
222
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
223 local colspec = {
5761
754f8eaad34c mod_audit: Fix error due to sub-second precision timestamps
Kim Alvefur <zash@zash.se>
parents: 5757
diff changeset
224 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", math.floor(when)); end };
5322
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
225 { title = "Source", key = "source", width = "2p" };
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
226 { title = "Event", key = "event_type", width = "2p" };
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
227 };
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
228
5757
08a635862201 mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents: 5731
diff changeset
229 if arg.show_user ~= false and (not arg.global and not query_jid) or arg.show_user then
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
230 table.insert(colspec, {
5322
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
231 title = "User", key = "username", width = "2p",
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
232 mapper = function (user)
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
233 if user == "@" then return ""; end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
234 if user:sub(-#host-1, -1) == ("@"..host) then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
235 return (user:gsub("@.+$", ""));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
236 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
237 end;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
238 });
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
239 end
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
240 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
241 table.insert(colspec, {
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
242 title = "IP", key = "ip", width = "2p";
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
243 });
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
244 end
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
245 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
246 table.insert(colspec, {
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
247 title = "Location", key = "country", width = 2;
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
248 });
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
249 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
250
5327
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
251 if arg.show_note then
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
252 table.insert(colspec, {
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
253 title = "Note", key = "note", width = "2p";
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
254 });
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
255 end
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
256
5323
400ffa842576 mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents: 5322
diff changeset
257 local row, width = require "util.human.io".table(colspec);
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
258
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
259 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
260 print(row());
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
261 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
262 for _, entry, when, user in results do
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
263 if arg.global ~= false or user ~= "@" then
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
264 c = c + 1;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
265 print(row({
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
266 when = when;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
267 source = entry.attr.source;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
268 event_type = entry.attr.type:gsub("%-", " ");
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
269 username = user;
5710
15c1801e8901 mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents: 5709
diff changeset
270 ip = entry:find("{xmpp:prosody.im/audit}session/remote-ip#");
15c1801e8901 mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents: 5709
diff changeset
271 country = entry:find("{xmpp:prosody.im/audit}session/location@country");
5327
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
272 note = entry:get_child_text("note");
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
273 }));
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
274 end
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
275 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
276 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
277 print(("%d records displayed"):format(c));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
278 end
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
279
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
280 function module.add_host(host_module)
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
281 host_module:depends("cron");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
282 host_module:daily("Prune audit logs", function ()
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
283 prune_audit_log(host_module.host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
284 end);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
285 end