author | Kim Alvefur <zash@zash.se> |
Sat, 17 Jun 2023 16:28:13 +0200 | |
changeset 5556 | 12828e969a60 |
parent 5355 | c35f3c1762b5 |
child 5709 | 9bbf5b0673a2 |
permissions | -rw-r--r-- |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 |
module:set_global(); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
|
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
3 |
local time_now = os.time; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
4 |
local parse_duration = require "util.human.io".parse_duration; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
5 |
local ip = require "util.ip"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
6 |
local st = require "util.stanza"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
7 |
local moduleapi = require "core.moduleapi"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
8 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
9 |
local host_wide_user = "@"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
10 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
11 |
local cleanup_after = module:get_option_string("audit_log_expires_after", "28d"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
12 |
if cleanup_after == "never" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
13 |
cleanup_after = nil; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
14 |
else |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
15 |
cleanup_after = parse_duration(cleanup_after); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
16 |
end |
5119
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4938
diff
changeset
|
17 |
|
5255
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
18 |
local attach_ips = module:get_option_boolean("audit_log_ips", true); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
19 |
local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
20 |
local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
21 |
|
5302
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
22 |
local have_geoip, geoip = pcall(require, "geoip.country"); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
23 |
local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
24 |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
25 |
local geoip4_country, geoip6_country; |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
26 |
if have_geoip and attach_location then |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
27 |
geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
28 |
geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat")); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
29 |
end |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
30 |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 |
local stores = {}; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
33 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 |
local function get_store(self, host) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 |
local store = rawget(self, host); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 |
if store then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 |
return store |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 |
end |
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
39 |
store = module:context(host):open_store("audit", "archive"); |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
40 |
rawset(self, host, store); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
41 |
return store; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
42 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
43 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
44 |
setmetatable(stores, { __index = get_store }); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
45 |
|
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
46 |
local function prune_audit_log(host) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
47 |
local before = os.time() - cleanup_after; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
48 |
module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before)); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
49 |
local ok, err = stores[host]:delete(nil, { ["end"] = before }); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
50 |
if not ok then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
51 |
module:context(host):log("error", "Unable to prune audit log: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
52 |
return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
53 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
54 |
local sum = tonumber(ok); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
55 |
if sum then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
56 |
module:context(host):log("debug", "Pruned %d expired audit log entries", sum); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
57 |
return sum > 0; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
58 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
59 |
module:context(host):log("debug", "Pruned expired audit log entries"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
60 |
return true; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
61 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
62 |
|
5255
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
63 |
local function get_ip_network(ip_addr) |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
64 |
local _ip = ip.new_ip(ip_addr); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
65 |
local proto = _ip.proto; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
66 |
local network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
67 |
if proto == "IPv4" and attach_ipv4_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
68 |
network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
69 |
elseif proto == "IPv6" and attach_ipv6_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
70 |
network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
71 |
end |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
72 |
return network; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
73 |
end |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
74 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
75 |
local function session_extra(session) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
76 |
local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
77 |
xmlns = "xmpp:prosody.im/audit", |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
78 |
}; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
79 |
if session.id then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
80 |
attr.id = session.id; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
81 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
82 |
if session.type then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
83 |
attr.type = session.type; |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
84 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
85 |
local stanza = st.stanza("session", attr); |
5255
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
86 |
if attach_ips and session.ip then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
87 |
local remote_ip, network = session.ip; |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
88 |
if attach_ipv4_prefix or attach_ipv6_prefix then |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
89 |
network = get_ip_network(remote_ip); |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
90 |
end |
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5254
diff
changeset
|
91 |
stanza:text_tag("remote-ip", network or remote_ip); |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
92 |
end |
5302
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
93 |
if attach_location and session.ip then |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
94 |
local remote_ip = ip.new(session.ip); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
95 |
local geoip_country = ip.proto == "IPv6" and geoip6_country or geoip4_country; |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
96 |
stanza:tag("location", { |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
97 |
country = geoip_country:query_by_addr(remote_ip.normal); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
98 |
}):up(); |
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5255
diff
changeset
|
99 |
end |
5254
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5119
diff
changeset
|
100 |
if session.client_id then |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5119
diff
changeset
|
101 |
stanza:text_tag("client", session.client_id); |
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5119
diff
changeset
|
102 |
end |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
103 |
return stanza |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
104 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
105 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
106 |
local function audit(host, user, source, event_type, extra) |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
107 |
if not host or host == "*" then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
108 |
error("cannot log audit events for global"); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
109 |
end |
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
110 |
local user_key = user or host_wide_user; |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
111 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
112 |
local attr = { |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
113 |
["source"] = source, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
114 |
["type"] = event_type, |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
115 |
}; |
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
116 |
if user_key ~= host_wide_user then |
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
117 |
attr.user = user_key; |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
118 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
119 |
local stanza = st.stanza("audit-event", attr); |
5322
c5ecfb06afde
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
120 |
if extra then |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
121 |
if extra.session then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
122 |
local child = session_extra(extra.session); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
123 |
if child then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
124 |
stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
125 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
126 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
127 |
if extra.custom then |
5325
d02f465e2aff
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
128 |
for _, child in ipairs(extra.custom) do |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
129 |
if not st.is_stanza(child) then |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
130 |
error("all extra.custom items must be stanzas") |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
131 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
132 |
stanza:add_child(child); |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
133 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
134 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
135 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
136 |
|
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
137 |
local store = stores[host]; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
138 |
local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
139 |
if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
140 |
if err == "quota-limit" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
141 |
local limit = store.caps and store.caps.quota or 1000; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
142 |
local truncate_to = math.floor(limit * 0.99); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
143 |
if type(cleanup_after) == "number" then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
144 |
module:log("debug", "Audit log has reached quota - forcing prune"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
145 |
if prune_audit_log(host) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
146 |
-- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
147 |
id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
148 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
149 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
150 |
if not id and (store.caps and store.caps.truncate) then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
151 |
module:log("debug", "Audit log has reached quota - truncating"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
152 |
local truncated = store:delete(nil, { |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
153 |
truncate = truncate_to; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
154 |
}); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
155 |
if truncated then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
156 |
-- Retry append |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
157 |
id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
158 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
159 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
160 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
161 |
if not id then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
162 |
module:log("error", "Failed to persist audit event: %s", err); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
163 |
return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
164 |
end |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
165 |
else |
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
166 |
module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id); |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
167 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
168 |
end |
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
169 |
|
4938
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4937
diff
changeset
|
170 |
function moduleapi.audit(module, user, event_type, extra) |
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4937
diff
changeset
|
171 |
audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
172 |
end |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
173 |
|
5355
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5335
diff
changeset
|
174 |
function module.command(arg_) |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
175 |
local jid = require "util.jid"; |
5355
c35f3c1762b5
mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents:
5335
diff
changeset
|
176 |
local arg = require "util.argparse".parse(arg_, { |
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
177 |
value_params = { "limit" }; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
178 |
}); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
179 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
180 |
for k, v in pairs(arg) do print("U", k, v) end |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
181 |
local query_user, host = jid.prepped_split(arg[1]); |
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
182 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
183 |
if arg.prune then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
184 |
local sm = require "core.storagemanager"; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
185 |
if host then |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
186 |
sm.initialize_host(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
187 |
prune_audit_log(host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
188 |
else |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
189 |
for _host in pairs(prosody.hosts) do |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
190 |
sm.initialize_host(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
191 |
prune_audit_log(_host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
192 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
193 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
194 |
return; |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
195 |
end |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
196 |
|
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
197 |
if not host then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
198 |
print("EE: Please supply the host for which you want to show events"); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
199 |
return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
200 |
elseif not prosody.hosts[host] then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
201 |
print("EE: Unknown host: "..host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
202 |
return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
203 |
end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
204 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
205 |
require "core.storagemanager".initialize_host(host); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
206 |
local store = stores[host]; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
207 |
local c = 0; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
208 |
|
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
209 |
if arg.global then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
210 |
if query_user then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
211 |
print("WW: Specifying a user account is incompatible with --global. Showing only global events."); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
212 |
end |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
213 |
query_user = "@"; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
214 |
end |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
215 |
|
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
216 |
local results, err = store:find(nil, { |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
217 |
with = query_user; |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
218 |
limit = arg.limit and tonumber(arg.limit) or nil; |
5323
5043108b14f4
mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents:
5322
diff
changeset
|
219 |
reverse = true; |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
220 |
}) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
221 |
if not results then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
222 |
print("EE: Failed to query audit log: "..tostring(err)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
223 |
return 1; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
224 |
end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
225 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
226 |
local colspec = { |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
227 |
{ title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", when); end }; |
5326
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
228 |
{ title = "Source", key = "source", width = "2p" }; |
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
229 |
{ title = "Event", key = "event_type", width = "2p" }; |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
230 |
}; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
231 |
|
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
232 |
if arg.show_user ~= false and (not arg.global and not query_user) or arg.show_user then |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
233 |
table.insert(colspec, { |
5326
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
234 |
title = "User", key = "username", width = "2p", |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
235 |
mapper = function (user) |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
236 |
if user == "@" then return ""; end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
237 |
if user:sub(-#host-1, -1) == ("@"..host) then |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
238 |
return (user:gsub("@.+$", "")); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
239 |
end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
240 |
end; |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
241 |
}); |
5329
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
242 |
end |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
243 |
if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then |
5329
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
244 |
table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
245 |
title = "IP", key = "ip", width = "2p"; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
246 |
}); |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
247 |
end |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
248 |
if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then |
5329
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
249 |
table.insert(colspec, { |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
250 |
title = "Location", key = "country", width = 2; |
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5327
diff
changeset
|
251 |
}); |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
252 |
end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
253 |
|
5331
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
254 |
if arg.show_note then |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
255 |
table.insert(colspec, { |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
256 |
title = "Note", key = "note", width = "2p"; |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
257 |
}); |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
258 |
end |
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
259 |
|
5327
400ffa842576
mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents:
5326
diff
changeset
|
260 |
local row, width = require "util.human.io".table(colspec); |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
261 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
262 |
print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
263 |
print(row()); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
264 |
print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
265 |
for _, entry, when, user in results do |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
266 |
if arg.global ~= false or user ~= "@" then |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
267 |
c = c + 1; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
268 |
print(row({ |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
269 |
when = when; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
270 |
source = entry.attr.source; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
271 |
event_type = entry.attr.type:gsub("%-", " "); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
272 |
username = user; |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
273 |
ip = entry:get_child_text("remote-ip"); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
274 |
location = entry:find("location@country"); |
5331
7e3862a26e55
mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents:
5330
diff
changeset
|
275 |
note = entry:get_child_text("note"); |
5330
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
276 |
})); |
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5329
diff
changeset
|
277 |
end |
5303
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
278 |
end |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
279 |
print(string.rep("-", width)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
280 |
print(("%d records displayed"):format(c)); |
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5302
diff
changeset
|
281 |
end |
5335
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
282 |
|
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
283 |
function module.add_host(host_module) |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
284 |
host_module:depends("cron"); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
285 |
host_module:daily("Prune audit logs", function () |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
286 |
prune_audit_log(host_module.host); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
287 |
end); |
e00e3e2c72a3
mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents:
5331
diff
changeset
|
288 |
end |