Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt log collector socket configuration response controller component #6660

Merged
merged 5 commits into from
May 13, 2024
Merged

Adapt log collector socket configuration response controller component #6660

merged 5 commits into from
May 13, 2024

Conversation

JuanGarriuz
Copy link
Member

@JuanGarriuz JuanGarriuz commented May 10, 2024
edited by asteriscos
Loading

Description

Adapt log collector socket configuration response controller component to a new response property.

  • Previous response:
{
  "data": {
    "target": [
      {
        "name": "custom_socket",
        "location": "/var/run/custom.sock",
        "mode": "tcp",
        "prefix": "custom_syslog: "
      },
      {
        "name": "test_socket",
        "location": "/var/run/test.sock",
        "mode": "udp"
      }
    ]
  },
  "error": 0
}
  • New response:
{
"data": {
  "socket": [
    {
      "name": "custom_socket",
      "location": "/var/run/custom.sock",
      "mode": "tcp",
      "prefix": "custom_syslog: "
    },
    {
      "name": "test_socket",
      "location": "/var/run/test.sock",
      "mode": "udp"
    }
  ]
},
"error": 0
}

Change the imposter's response accordingly.

Issues Resolved

Evidence

image
image

Test

To test this, it is necessary to use a manager and an agent from sources with this development branch: 'fix/17662-fix-socket-conf-not-displayed'

I have attached the corresponding configuration to streamline the process.

Wazuh Manager:

wazuh-manager-master:
    build:
      context: PATH_TO_OLD_ENVIROMENTS/images/wazuh_manager_filebeat_sources_cmake
      args:
        WAZUH_VERSION: 'fix/17662-fix-socket-conf-not--displayed'
        FILEBEAT_VERSION: '7.10.2'
        FILEBEAT_WAZUH_TEMPLATE_URL: https://raw.githubusercontent.com/wazuh/wazuh/fix/17662-fix-socket-conf-not--displayed/extensions/elasticsearch/7.x/wazuh-template.json
        FILEBEAT_WAZUH_MODULE_URL: https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz
    image: wazuh-manager:4.9.0-7.10.2
    hostname: wazuh-manager-4.9.0-7102
    volumes:
      - 'PATH_TO_OLD_ENVIROMENTS/config/filebeat/filebeat.odfe.yml:/etc/filebeat/filebeat.yml'
    ports:
      - '514:514'
      - '1514:1514'
      - '1515:1515'
      - '1516:1516'
      - '55000:55000'
    depends_on:
      - os1
    environment:
      NODE_IP: wazuh-manager-master
      NODE_NAME: manager-node
      NODE_TYPE: master
    networks:
      - os-dev

Agent configuration:

agent:
    build:
      context: PATH_TO_OLD_ENVIROMENTS/images/wazuh_agent_ubuntu20.04_sources
      args:
        WAZUH_VERSION: 'fix/17662-fix-socket-conf-not--displayed'
    image: wazuh_agent_ubuntu:${WAZUH_VERSION}
    hostname: wazuh_agent_ubuntu
    environment:
      JOIN_MANAGER: wazuh-manager-master
    depends_on:
      - wazuh-manager-master
    networks:
      - os-dev

Context:

FROM selutario/wazuh-dev-req

ARG WAZUH_VERSION

# Copy preloaded vars file and entrypoint
COPY --chown=root:root preloaded-vars.conf entrypoint.sh /scripts/

# Install dependencies
RUN apt-get update -y \
    && curl -Ls https://github.com/wazuh/wazuh/archive/$WAZUH_VERSION.tar.gz | tar zx \
    && rm -rf /var/lib/apt/lists/* \
    && WAZUH_TMP_INSTALLER_DIRECTORY="/$(ls | grep wazuh)" \
    && cp /scripts/preloaded-vars.conf $WAZUH_TMP_INSTALLER_DIRECTORY/etc/ \
    && $WAZUH_TMP_INSTALLER_DIRECTORY/install.sh \
    && rm -rf $WAZUH_TMP_INSTALLER_DIRECTORY

WORKDIR /var/ossec

ENTRYPOINT /scripts/entrypoint.sh

### Variables ###

## Arguments
# WAZUH_VERSION = Define the Wazuh branch to install. [WAZUH_VERSION=v4.0.2]

## Environment
# JOIN_MANAGER - Manager IP/Domain. [JOIN_MANAGER=172.17.1.2]
# JOIN_GROUPS - Groups to add the agent. [JOIN_GROUPS=default]
# JOIN_PASSWORD - Password to register. [JOIN_PASSWORD=password]
  • Add Sockets configuration to agent

Go to agent docker, /var/ossec/etc/ and add to ossec.conf a socket configuration like:

<socket>
  <name>custom_socket</name>
  <location>/var/run/custom.sock</location>
  <mode>tcp</mode>
  <prefix>custom_syslog: </prefix>
</socket>

Reference: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/socket.html

  • Go to Server Management > Endpoints Summary, click on agent, and go to his Configuration > Log collection > Sockets
  • Checks API response is the expected
  • Checks dashboard render correctly the response data
  • Checks previously test with imposter

Check List

  • All tests pass
    • yarn test:jest
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@JuanGarriuz JuanGarriuz linked an issue May 10, 2024 that may be closed by this pull request
Change log collector socket configuration response property #6636
Closed
2 tasks
@JuanGarriuz JuanGarriuz changed the base branch from master to 4.9.0 May 10, 2024 07:01
@JuanGarriuz JuanGarriuz marked this pull request as ready for review May 10, 2024 07:04
asteriscos
asteriscos approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@asteriscos asteriscos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: ✔️

Test with socket
image

Test with target
image

JcabreraC
JcabreraC approved these changes May 13, 2024
View reviewed changes
Copy link
Member

@JcabreraC JcabreraC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

yenienserrano
yenienserrano approved these changes May 13, 2024
View reviewed changes
Copy link
Member

@yenienserrano yenienserrano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: ✅
Test: ✅

image image

@asteriscos asteriscos merged commit d099590 into 4.9.0 May 13, 2024
1 check passed
@asteriscos asteriscos deleted the feat/6636-change-log-collector-socket-response branch May 13, 2024 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yenienserrano yenienserrano yenienserrano approved these changes

@JcabreraC JcabreraC JcabreraC approved these changes

@asteriscos asteriscos asteriscos approved these changes

Assignees

@JuanGarriuz JuanGarriuz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change log collector socket configuration response property
4 participants
@JuanGarriuz @asteriscos @JcabreraC @yenienserrano