evectl 0.1.0-alpha.6

EveCtl with Suricata and EveBox
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

// SPDX-FileCopyrightText: (C) 2023 Jason Ish <jason@codemonkey.net>
// SPDX-License-Identifier: MIT

use std::{
    io::{BufRead, BufReader, Read},
    process::Stdio,
    thread,
};

use clap::Parser;
use regex::Regex;

use crate::{
    context::Context, EVEBOX_AGENT_CONTAINER_NAME, EVEBOX_SERVER_CONTAINER_NAME,
    SURICATA_CONTAINER_NAME,
};

#[derive(Parser, Debug)]
pub(crate) struct LogArgs {
    #[arg(short, long, help = "Follow log output")]
    follow: bool,
    #[arg(help = "Service to display logs for, default = all")]
    services: Vec<String>,
}

pub(crate) fn logs(ctx: &Context, args: LogArgs) {
    let containers = [
        SURICATA_CONTAINER_NAME,
        EVEBOX_SERVER_CONTAINER_NAME,
        EVEBOX_AGENT_CONTAINER_NAME,
        crate::elastic::ELASTICSEARCH_CONTAINER_NAME,
    ];
    let max_container_name_len = containers.iter().map(|s| s.len()).max().unwrap_or(0);
    let mut handles = vec![];

    for container in containers {
        if !args.services.is_empty() {
            match container {
                SURICATA_CONTAINER_NAME => {
                    if !args.services.contains(&"suricata".to_string()) {
                        continue;
                    }
                }
                EVEBOX_SERVER_CONTAINER_NAME => {
                    if !args.services.contains(&"evebox".to_string()) {
                        continue;
                    }
                }
                _ => unimplemented!(),
            }
        }

        let mut command = ctx.manager.command();
        command.arg("logs");
        command.arg("--timestamps");
        if args.follow {
            command.arg("--follow");
        }
        command.arg(container);
        let handle = thread::spawn(move || {
            match command
                .stdout(Stdio::piped())
                .stderr(Stdio::piped())
                .spawn()
            {
                Ok(mut output) => {
                    let mut handles = vec![];

                    let stdout = output.stdout.take().unwrap();

                    let handle = thread::spawn(move || {
                        log_line_printer(
                            format!(
                                "{:width$} | stdout",
                                container,
                                width = max_container_name_len
                            ),
                            stdout,
                        );
                    });
                    handles.push(handle);

                    let stderr = output.stderr.take().unwrap();
                    let handle = thread::spawn(move || {
                        log_line_printer(
                            format!(
                                "{:width$} | stderr",
                                container,
                                width = max_container_name_len
                            ),
                            stderr,
                        );
                    });
                    handles.push(handle);

                    for handle in handles {
                        let _ = handle.join();
                    }
                }
                Err(err) => {
                    panic!("{}", err);
                }
            }
        });
        handles.push(handle);
    }

    for handle in handles {
        let _ = handle.join();
    }
}

fn log_line_printer<R: Read + Sync + Send + 'static>(prefix: String, output: R) {
    let evebox_ts_pattern = r".....\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.....";
    let re = Regex::new(evebox_ts_pattern).unwrap();

    let reader = BufReader::new(output).lines();
    for line in reader {
        if let Ok(line) = line {
            let line = re.replace_all(&line, "");
            println!("{} | {}", prefix, line);
        } else {
            return;
        }
    }
}