Skip to content

Commit

Permalink
add new notifier elasticsearch
Browse files Browse the repository at this point in the history 
Signed-off-by: Thomas Labarussias <[email protected]>
  • Loading branch information
@Issif
Issif committed Jan 30, 2024
1 parent c92d8a3 commit 71c9f67
Show file tree
Hide file tree
Showing 16 changed files with 343 additions and 100 deletions.
32 changes: 22 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
- [K8s Events](#k8s-events)
- [Slack](#slack)
- [Loki](#loki)
- [Elasticsearch](#elasticsearch)
- [SMTP](#smtp)
- [Webhook](#webhook)
- [Configuration](#configuration)
Expand Down Expand Up @@ -154,23 +155,34 @@ Results:

| Setting | Default | Description |
| ---------------- | ------- | ---------------------------- |
| `host_port` | n/a | http://{domain or ip}:{port} |
| `url` | n/a | http://{domain or ip}:{port} |
| `user` | n/a | User for Grafana Logs |
| `api_key` | n/a | API Key for Grafana Logs |
| `tenant` | n/a | Add the Tenant header |
| `custom_headers` | n/a | Custom HTTP Headers |

### Elasticsearch

| Setting | Default | Description |
| ---------------- | ------------- | --------------------------------------------------------------------------------- |
| `host_port` | n/a | http://{domain or ip}:{port} |
| `user` | n/a | User for Grafana Logs |
| `password` | n/a | Password for Grafana Logs |
| `index` | `falco-talon` | Elasticsearch index |
| `suffix` | `daily` | Date suffix for index rotation : `daily` (default), `monthly`, `annually`, `none` |
| `custom_headers` | n/a | Custom HTTP Headers |

### SMTP

| Setting | Default | Description | |
| ----------- | ------- | ------------------------------------- | ------ |
| `host_port` | n/a | Host:Port of SMTP server | |
| `user` | n/a | User for SMTP | |
| `password` | n/a | Password for SMTP | |
| `from` | n/a | From | |
| `to` | n/a | To (comma separated list of adresses) | |
| `format` | `html` | Format of the email (`text | html`) |
| `tls` | `false` | Use TLS connection | |
| Setting | Default | Description |
| ----------- | ------- | ------------------------------------- |
| `host_port` | n/a | Host:Port of SMTP server |
| `user` | n/a | User for SMTP |
| `password` | n/a | Password for SMTP |
| `from` | n/a | From |
| `to` | n/a | To (comma separated list of adresses) |
| `format` | `html` | Format of the email (`text`, `html`) |
| `tls` | `false` | Use TLS connection |

Results:

Expand Down
28 changes: 14 additions & 14 deletions actionners/actionners.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type checkActionner func(event *events.Event) error

type Actionners []*Actionner

var defaultActionners *Actionners
var availableActionners *Actionners
var enabledActionners *Actionners

const (
Expand All @@ -40,22 +40,22 @@ const (
)

func init() {
defaultActionners = new(Actionners)
defaultActionners = GetDefaultActionners()
availableActionners = new(Actionners)
availableActionners = GetDefaultActionners()
enabledActionners = new(Actionners)
}

func GetDefaultActionners() *Actionners {
if len(*defaultActionners) == 0 {
defaultActionners.Add(
if len(*availableActionners) == 0 {
availableActionners.Add(
&Actionner{
Category: "kubernetes",
Name: "terminate",
DefaultContinue: false,
Init: kubernetes.Init,
Checks: []checkActionner{kubernetes.CheckPodExist},
CheckParameters: terminate.CheckParameters,
Action: terminate.Terminate,
Action: terminate.Action,
},
&Actionner{
Category: "kubernetes",
Expand All @@ -64,7 +64,7 @@ func GetDefaultActionners() *Actionners {
Init: kubernetes.Init,
Checks: []checkActionner{kubernetes.CheckPodExist},
CheckParameters: labelize.CheckParameters,
Action: labelize.Labelize,
Action: labelize.Action,
},
&Actionner{
Category: "kubernetes",
Expand All @@ -75,7 +75,7 @@ func GetDefaultActionners() *Actionners {
kubernetes.CheckPodExist,
},
CheckParameters: networkpolicy.CheckParameters,
Action: networkpolicy.NetworkPolicy,
Action: networkpolicy.Action,
},
&Actionner{
Category: "kubernetes",
Expand All @@ -86,7 +86,7 @@ func GetDefaultActionners() *Actionners {
kubernetes.CheckPodExist,
},
CheckParameters: exec.CheckParameters,
Action: exec.Exec,
Action: exec.Action,
},
&Actionner{
Category: "kubernetes",
Expand All @@ -97,7 +97,7 @@ func GetDefaultActionners() *Actionners {
kubernetes.CheckPodExist,
},
CheckParameters: script.CheckParameters,
Action: script.Script,
Action: script.Action,
},
&Actionner{
Category: "kubernetes",
Expand All @@ -108,12 +108,12 @@ func GetDefaultActionners() *Actionners {
kubernetes.CheckPodExist,
},
CheckParameters: logActionner.CheckParameters,
Action: logActionner.Log,
Action: logActionner.Action,
},
)
}

return defaultActionners
return availableActionners
}

func Init() error {
Expand All @@ -131,7 +131,7 @@ func Init() error {
}

for category := range categories {
for _, actionner := range *defaultActionners {
for _, actionner := range *availableActionners {
if category == actionner.Category {
if actionner.Init != nil {
utils.PrintLog("info", config.LogFormat, utils.LogLine{Message: "init", ActionnerCategory: actionner.Category})
Expand All @@ -147,7 +147,7 @@ func Init() error {
}

for i := range enabledCategories {
for _, j := range *defaultActionners {
for _, j := range *availableActionners {
if i == j.Category {
enabledActionners.Add(j)
}
Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/exec/exec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/Issif/falco-talon/utils"
)

var Exec = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/labelize/labelize.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ const (
metadataLabels = "/metadata/labels/"
)

var Labelize = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/log/log.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
"github.com/Issif/falco-talon/utils"
)

var Log = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/networkpolicy/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/Issif/falco-talon/utils"
)

var NetworkPolicy = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
podName := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/script/script.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"github.com/Issif/falco-talon/utils"
)

var Script = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
pod := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
2 changes: 1 addition & 1 deletion actionners/kubernetes/terminate/terminate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
"github.com/Issif/falco-talon/utils"
)

var Terminate = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
var Action = func(rule *rules.Rule, action *rules.Action, event *events.Event) (utils.LogLine, error) {
podName := event.GetPodName()
namespace := event.GetNamespaceName()

Expand Down
69 changes: 69 additions & 0 deletions notifiers/elasticsearch/elasticsearch.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
package elasticsearch

import (
"errors"
"time"

"github.com/Issif/falco-talon/notifiers/http"
"github.com/Issif/falco-talon/utils"
)

type Settings struct {
CustomHeaders map[string]string `field:"custom_headers"`
URL string `field:"url"`
User string `field:"user"`
Password string `field:"password"`
Suffix string `field:"suffix" default:"daily"`
Index string `field:"index" default:"falco-talon"`
}

const docType string = "/_doc"

var settings *Settings

var Init = func(fields map[string]interface{}) error {
settings = new(Settings)
settings = utils.SetFields(settings, fields).(*Settings)
if err := checkSettings(settings); err != nil {
return err
}
return nil
}

var Notify = func(log utils.LogLine) error {

client := http.DefaultClient()

current := time.Now()
var u string
switch settings.Suffix {
case "none":
u = settings.URL + "/" + settings.Index + docType
case "monthly":
u = settings.URL + "/" + settings.Index + "-" + current.Format("2006.01") + docType
case "annually":
u = settings.URL + "/" + settings.Index + "-" + current.Format("2006") + docType
default:
u = settings.URL + "/" + settings.Index + "-" + current.Format("2006.01.02") + docType
}

log.Time = time.Now().Format(time.RFC3339)

if err := client.Post(u, log); err != nil {
return err
}

return nil
}

func checkSettings(settings *Settings) error {
if settings.URL == "" {
return errors.New("wrong `url` setting")
}

if err := http.CheckURL(settings.URL); err != nil {
return err
}

return nil
}
Loading

0 comments on commit 71c9f67

Please sign in to comment.