Mercurial > prosody-modules
annotate mod_audit/mod_audit.lua @ 5787:e79f9dec35c0
mod_c2s_conn_throttle: Reduce log level from error->info
Our general policy is that "error" should never be triggerable by remote
entities, and that it is always about something that requires admin
intervention. This satisfies neither condition.
The "warn" level can be used for unexpected events/behaviour triggered by
remote entities, and this could qualify. However I don't think failed auth
attempts are unexpected enough.
I selected "info" because it is what is also used for other notable session
lifecycle events.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 07 Dec 2023 15:46:50 +0000 |
parents | 6c0570a8b866 |
children |
rev | line source |
---|---|
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 module:set_global(); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
3 local time_now = os.time; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
4 local ip = require "util.ip"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
5 local st = require "util.stanza"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
6 local moduleapi = require "core.moduleapi"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
7 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
8 local host_wide_user = "@"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
9 |
5731
1bdc6b5979ee
mod_audit: Use new module API for period/time ranges
Kim Alvefur <zash@zash.se>
parents:
5714
diff
changeset
|
10 local cleanup_after = module:get_option_period("audit_log_expires_after", "28d"); |
5115
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4935
diff
changeset
|
11 |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
12 local attach_ips = module:get_option_boolean("audit_log_ips", true); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
13 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
14 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
15 |
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
16 local have_geoip, geoip = pcall(require, "geoip.country"); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
17 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
18 |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
19 local geoip4_country, geoip6_country; |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
20 if have_geoip and attach_location then |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
21 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
22 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
23 end |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
24 |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
25 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
26 local stores = {}; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
27 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
28 local function get_store(self, host) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
29 local store = rawget(self, host); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
30 if store then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 return store |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 end |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
33 store = module:context(host):open_store("audit", "archive"); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 rawset(self, host, store); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 return store; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 setmetatable(stores, { __index = get_store }); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
39 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
40 local function prune_audit_log(host) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
41 local before = os.time() - cleanup_after; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
42 module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before)); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
43 local ok, err = stores[host]:delete(nil, { ["end"] = before }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
44 if not ok then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
45 module:context(host):log("error", "Unable to prune audit log: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
46 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
47 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
48 local sum = tonumber(ok); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
49 if sum then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
50 module:context(host):log("debug", "Pruned %d expired audit log entries", sum); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
51 return sum > 0; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
52 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
53 module:context(host):log("debug", "Pruned expired audit log entries"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
54 return true; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
55 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
56 |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
57 local function get_ip_network(ip_addr) |
5711
c782f220b3ee
mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents:
5710
diff
changeset
|
58 local proto = ip_addr.proto; |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
59 local network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
60 if proto == "IPv4" and attach_ipv4_prefix then |
5711
c782f220b3ee
mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents:
5710
diff
changeset
|
61 network = ip.truncate(ip_addr, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
62 elseif proto == "IPv6" and attach_ipv6_prefix then |
5711
c782f220b3ee
mod_audit: Fix storing IP prefixes
Kim Alvefur <zash@zash.se>
parents:
5710
diff
changeset
|
63 network = ip.truncate(ip_addr, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
64 end |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
65 return network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
66 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
67 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
68 local function session_extra(session) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
69 local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
70 xmlns = "xmpp:prosody.im/audit", |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
71 }; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
72 if session.id then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
73 attr.id = session.id; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
74 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
75 if session.type then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
76 attr.type = session.type; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
77 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
78 local stanza = st.stanza("session", attr); |
5707
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
79 local remote_ip = session.ip and ip.new_ip(session.ip); |
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
80 if attach_ips and remote_ip then |
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
81 local network; |
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
82 if attach_ipv4_prefix or attach_ipv6_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
83 network = get_ip_network(remote_ip); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
84 end |
5706
655f90b149a4
mod_audit: Pass IP address in string form
Kim Alvefur <zash@zash.se>
parents:
5705
diff
changeset
|
85 stanza:text_tag("remote-ip", network or remote_ip.normal); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
86 end |
5707
9a5fca9f90a6
mod_audit: Parse IP into util.ip object once and reuse
Kim Alvefur <zash@zash.se>
parents:
5706
diff
changeset
|
87 if attach_location and remote_ip then |
5708
37ba9478b387
mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
88 local geoip_info = remote_ip.proto == "IPv6" and geoip6_country:query_by_addr6(remote_ip.normal) or geoip4_country:query_by_addr(remote_ip.normal); |
5709
0c9606770db1
mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents:
5708
diff
changeset
|
89 stanza:text_tag("location", geoip_info.name, { |
5708
37ba9478b387
mod_audit: Fix recording location info
Kim Alvefur <zash@zash.se>
parents:
5707
diff
changeset
|
90 country = geoip_info.code; |
5709
0c9606770db1
mod_audit: Also record human-readable name of country
Kim Alvefur <zash@zash.se>
parents:
5708
diff
changeset
|
91 continent = geoip_info.continent; |
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
92 }):up(); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
93 end |
5250
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
94 if session.client_id then |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
95 stanza:text_tag("client", session.client_id); |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
96 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
97 return stanza |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
98 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
99 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
100 local function audit(host, user, source, event_type, extra) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
101 if not host or host == "*" then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
102 error("cannot log audit events for global"); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
103 end |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
104 local user_key = user or host_wide_user; |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
105 |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
106 local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
107 ["source"] = source, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
108 ["type"] = event_type, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
109 }; |
4934
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
110 if user_key ~= host_wide_user then |
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
111 attr.user = user_key; |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
112 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
113 local stanza = st.stanza("audit-event", attr); |
5318
c5ecfb06afde
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents:
5317
diff
changeset
|
114 if extra then |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
115 if extra.session then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
116 local child = session_extra(extra.session); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
117 if child then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
118 stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
119 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
120 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
121 if extra.custom then |
5321
d02f465e2aff
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents:
5319
diff
changeset
|
122 for _, child in ipairs(extra.custom) do |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
123 if not st.is_stanza(child) then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
124 error("all extra.custom items must be stanzas") |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
125 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
126 stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
127 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
128 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
129 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
130 |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
131 local store = stores[host]; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
132 local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
133 if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
134 if err == "quota-limit" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
135 local limit = store.caps and store.caps.quota or 1000; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
136 local truncate_to = math.floor(limit * 0.99); |
5731
1bdc6b5979ee
mod_audit: Use new module API for period/time ranges
Kim Alvefur <zash@zash.se>
parents:
5714
diff
changeset
|
137 if cleanup_after ~= math.huge then |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
138 module:log("debug", "Audit log has reached quota - forcing prune"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
139 if prune_audit_log(host) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
140 -- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
141 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
142 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
143 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
144 if not id and (store.caps and store.caps.truncate) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
145 module:log("debug", "Audit log has reached quota - truncating"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
146 local truncated = store:delete(nil, { |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
147 truncate = truncate_to; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
148 }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
149 if truncated then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
150 -- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
151 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
152 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
153 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
154 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
155 if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
156 module:log("error", "Failed to persist audit event: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
157 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
158 end |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
159 else |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
160 module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
161 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
162 end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
163 |
4935
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
164 function moduleapi.audit(module, user, event_type, extra) |
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
165 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
4933
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
166 end |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
167 |
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
168 function module.command(arg_) |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
169 local jid = require "util.jid"; |
5351
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5331
diff
changeset
|
170 local arg = require "util.argparse".parse(arg_, { |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
171 value_params = { "limit" }; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
172 }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
173 |
5714
c77010f25b14
mod_audit: Replace argument parsing debug print() with debug logging
Kim Alvefur <zash@zash.se>
parents:
5711
diff
changeset
|
174 module:log("debug", "arg = %q", arg); |
5757
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
175 local query_jid = jid.prep(arg[1]); |
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
176 local host = jid.host(query_jid); |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
177 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
178 if arg.prune then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
179 local sm = require "core.storagemanager"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
180 if host then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
181 sm.initialize_host(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
182 prune_audit_log(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
183 else |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
184 for _host in pairs(prosody.hosts) do |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
185 sm.initialize_host(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
186 prune_audit_log(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
187 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
188 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
189 return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
190 end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
191 |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
192 if not host then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
193 print("EE: Please supply the host for which you want to show events"); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
194 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
195 elseif not prosody.hosts[host] then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
196 print("EE: Unknown host: "..host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
197 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
198 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
199 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
200 require "core.storagemanager".initialize_host(host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
201 local store = stores[host]; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
202 local c = 0; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
203 |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
204 if arg.global then |
5757
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
205 if jid.node(query_jid) then |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
206 print("WW: Specifying a user account is incompatible with --global. Showing only global events."); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
207 end |
5757
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
208 query_jid = "@"; |
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
209 elseif host == query_jid then |
5763
6c0570a8b866
mod_audit: Fix querying for both user and global events
Kim Alvefur <zash@zash.se>
parents:
5761
diff
changeset
|
210 query_jid = nil; |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
211 end |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
212 |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
213 local results, err = store:find(nil, { |
5757
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
214 with = query_jid; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
215 limit = arg.limit and tonumber(arg.limit) or nil; |
5319
5043108b14f4
mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents:
5318
diff
changeset
|
216 reverse = true; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
217 }) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
218 if not results then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
219 print("EE: Failed to query audit log: "..tostring(err)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
220 return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
221 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
222 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
223 local colspec = { |
5761
754f8eaad34c
mod_audit: Fix error due to sub-second precision timestamps
Kim Alvefur <zash@zash.se>
parents:
5757
diff
changeset
|
224 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", math.floor(when)); end }; |
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
225 { title = "Source", key = "source", width = "2p" }; |
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
226 { title = "Event", key = "event_type", width = "2p" }; |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
227 }; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
228 |
5757
08a635862201
mod_audit: Update command to handle storing JIDs instead of only usernames
Kim Alvefur <zash@zash.se>
parents:
5731
diff
changeset
|
229 if arg.show_user ~= false and (not arg.global and not query_jid) or arg.show_user then |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
230 table.insert(colspec, { |
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
231 title = "User", key = "username", width = "2p", |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
232 mapper = function (user) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
233 if user == "@" then return ""; end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
234 if user:sub(-#host-1, -1) == ("@"..host) then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
235 return (user:gsub("@.+$", "")); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
236 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
237 end; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
238 }); |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
239 end |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
240 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
241 table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
242 title = "IP", key = "ip", width = "2p"; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
243 }); |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
244 end |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
245 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then |
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
246 table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
247 title = "Location", key = "country", width = 2; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
248 }); |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
249 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
250 |
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
251 if arg.show_note then |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
252 table.insert(colspec, { |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
253 title = "Note", key = "note", width = "2p"; |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
254 }); |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
255 end |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
256 |
5323
400ffa842576
mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents:
5322
diff
changeset
|
257 local row, width = require "util.human.io".table(colspec); |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
258 |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
259 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
260 print(row()); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
261 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
262 for _, entry, when, user in results do |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
263 if arg.global ~= false or user ~= "@" then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
264 c = c + 1; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
265 print(row({ |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
266 when = when; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
267 source = entry.attr.source; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
268 event_type = entry.attr.type:gsub("%-", " "); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
269 username = user; |
5710
15c1801e8901
mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents:
5709
diff
changeset
|
270 ip = entry:find("{xmpp:prosody.im/audit}session/remote-ip#"); |
15c1801e8901
mod_audit: Fix showing session details in module command
Kim Alvefur <zash@zash.se>
parents:
5709
diff
changeset
|
271 country = entry:find("{xmpp:prosody.im/audit}session/location@country"); |
5327
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
272 note = entry:get_child_text("note"); |
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
273 })); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
274 end |
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
275 end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
276 print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
277 print(("%d records displayed"):format(c)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
278 end |
5331
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
279 |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
280 function module.add_host(host_module) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
281 host_module:depends("cron"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
282 host_module:daily("Prune audit logs", function () |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
283 prune_audit_log(host_module.host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
284 end); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
285 end |