Merge pull request #435 from Security-Onion-Solutions/2.4/truncatelogs

Truncate logs
Security-Onion-Solutions · Apr 22, 2024 · babf4c3 · babf4c3
2 parents c4e31b8 + 087c0e8
commit babf4c3
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 2 deletions.
diff --git a/server/modules/elastalert/elastalert.go b/server/modules/elastalert/elastalert.go
@@ -572,7 +572,7 @@ func (e *ElastAlertEngine) startCommunityRuleImport() {
 			// there were errors, don't save the fingerprint.
 			// idempotency means we might fix it if we try again later.
 			log.WithFields(log.Fields{
-				"errors": errMap,
+				"errors": mutil.TruncateMap(errMap, 5),
 			}).Error("unable to sync all ElastAlert community detections")
 
 			if e.notify {
@@ -877,7 +877,7 @@ func (e *ElastAlertEngine) syncCommunityDetections(ctx context.Context, detectio
 		"updated":   results.Updated,
 		"removed":   results.Removed,
 		"unchanged": results.Unchanged,
-		"errors":    errMap,
+		"errors":    mutil.TruncateMap(errMap, 5),
 	}).Info("elastalert community diff")
 
 	return errMap, nil

diff --git a/server/modules/util/detengine_helpers.go b/server/modules/util/detengine_helpers.go
@@ -69,6 +69,23 @@ func readStateFile(iom IOManager, path string) (lastImport *uint64, err error) {
 	return &unix, nil
 }
 
+func TruncateMap(originalMap map[string]error, limit int) map[string]error {
+	if len(originalMap) <= limit {
+		return originalMap // Return the original map if it's already within the limit
+	}
+
+	truncatedMap := make(map[string]error, limit)
+	count := 0
+	for key, value := range originalMap {
+		if count >= limit {
+			break
+		}
+		truncatedMap[key] = value
+		count++
+	}
+	return truncatedMap
+}
+
 func WriteStateFile(iom IOManager, path string) {
 	unix := time.Now().Unix()
 	sUnix := strconv.FormatInt(unix, 10)

diff --git a/server/modules/util/detengine_helpers_test.go b/server/modules/util/detengine_helpers_test.go
@@ -12,6 +12,32 @@ import (
 	"go.uber.org/mock/gomock"
 )
 
+func TestTruncateMap(t *testing.T) {
+	errMap := map[string]error{
+		"db6c06c4-bf3b-421c-aa88-15672b88c743": errors.New("error 1"),
+		"db92dd33-a3ad-49cf-8c2c-608c3e30ace0": errors.New("error 2"),
+		"dbc1f800-0fe0-4bc0-9c66-292c2abe3f78": errors.New("error 3"),
+		"Random key":                           errors.New("random value"),
+	}
+
+	// Test truncating to one element
+	truncatedErrMap := TruncateMap(errMap, 2)
+	assert.Equal(t, 2, len(truncatedErrMap), "Truncated map should have exactly two elements.")
+
+	// Ensure the key in the truncated map exists in the original map and has the correct error message
+	for key, val := range truncatedErrMap {
+		assert.Equal(t, errMap[key], val, "Error messages should match for truncated keys.")
+	}
+
+	// Test truncating to more elements than exist in the map
+	truncatedErrMap = TruncateMap(errMap, 10)
+	assert.Equal(t, len(errMap), len(truncatedErrMap), "Truncated map should equal the original map in size when the limit exceeds the number of map elements.")
+
+	// Test truncating to zero elements
+	truncatedErrMap = TruncateMap(errMap, 0)
+	assert.Equal(t, 0, len(truncatedErrMap), "Truncated map should have no elements when limit is 0.")
+}
+
 func TestDetermineWaitTimeNoState(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	mio := mock.NewMockIOManager(ctrl)