mirror of https://github.com/MISP/MISP
new: Add ability to log to elasticsearch
Hannah Ward
parent
bb31ee1f03
commit
a70f8e45d8
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
use Elasticsearch\ClientBuilder;
|
||||
|
||||
class ElasticSearchClient {
|
||||
private $__settings = false;
|
||||
private $__client = false;
|
||||
|
||||
private function __getSetSettings() {
|
||||
$settings = array(
|
||||
'enabled' => false,
|
||||
'connection_string' => 'http://localhost',
|
||||
);
|
||||
|
||||
foreach ($settings as $key => $setting) {
|
||||
$temp = Configure::read('Plugin.ElasticSearch_' . $key);
|
||||
if ($temp) $settings[$key] = $temp;
|
||||
}
|
||||
return $settings;
|
||||
}
|
||||
|
||||
public function initTool() {
|
||||
$settings = $this->__getSetSettings();
|
||||
$hosts = explode(",", $settings["connection_string"]);
|
||||
$client = ClientBuilder::create()
|
||||
->setHosts($hosts)
|
||||
->build();
|
||||
$this->__client = $client;
|
||||
$this->__settings = $settings;
|
||||
return $client;
|
||||
}
|
||||
|
||||
public function pushDocument($index, $document_type, $document) {
|
||||
// Format timestamp
|
||||
$time = strftime("%Y-%m-%d %H:%M:%S", strtotime($document["Log"]["created"]));
|
||||
$document["Log"]["created"] = $time;
|
||||
$params = array(
|
||||
'index' => $index,
|
||||
'type' => $document_type,
|
||||
'body' => $document
|
||||
);
|
||||
|
||||
$this->__client->index($params);
|
||||
}
|
||||
}
|
||||
|
|
@ -36,6 +36,8 @@ class AppModel extends Model {
|
|||
|
||||
private $__profiler = array();
|
||||
|
||||
public $elasticSearchClient = false;
|
||||
|
||||
public function __construct($id = false, $table = null, $ds = null) {
|
||||
parent::__construct($id, $table, $ds);
|
||||
|
||||
|
|
@ -1320,6 +1322,20 @@ class AppModel extends Model {
|
|||
return true;
|
||||
}
|
||||
|
||||
public function getElasticSearchTool() {
|
||||
if (!$this->elasticSearchClient) {
|
||||
$this->loadElasticSearchTool();
|
||||
}
|
||||
return $this->elasticSearchClient;
|
||||
}
|
||||
|
||||
public function loadElasticSearchTool() {
|
||||
App::uses('ElasticSearchClient', 'Tools');
|
||||
$client = new ElasticSearchClient();
|
||||
$client->initTool();
|
||||
$this->elasticSearchClient = $client;
|
||||
}
|
||||
|
||||
public function checkVersionRequirements($versionString, $minVersion) {
|
||||
$version = explode('.', $versionString);
|
||||
$minVersion = explode('.', $minVersion);
|
||||
|
|
|
|||
|
|
@ -239,6 +239,14 @@ class Log extends AppModel {
|
|||
$pubSubTool = $this->getPubSubTool();
|
||||
$pubSubTool->publish($data, 'audit', 'log');
|
||||
}
|
||||
|
||||
if (Configure::read('Plugin.ElasticSearch_logging_enable')) {
|
||||
// send off our logs to distributed /dev/null
|
||||
$logIndex = Configure::read("Plugin.ElasticSearch_log_index");
|
||||
$elasticSearchClient = $this->getElasticSearchTool();
|
||||
$elasticSearchClient->pushDocument($logIndex, "log", $data);
|
||||
}
|
||||
|
||||
if (Configure::read('Security.syslog')) {
|
||||
// write to syslogd as well
|
||||
$syslog = new SysLog();
|
||||
|
|
|
|||
|
|
@ -1374,7 +1374,7 @@ class Server extends AppModel {
|
|||
),
|
||||
'ElasticSearch_connection_string' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The URL at which to access ElasticSearch',
|
||||
'description' => 'The URL(s) at which to access ElasticSearch - comma seperate if you want to have more than one.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@
|
|||
"require": {
|
||||
"kamisama/cake-resque": "@stable",
|
||||
"pear/crypt_gpg": "@stable",
|
||||
"pear/net_geoip": "@dev"
|
||||
"pear/net_geoip": "@dev",
|
||||
"elasticsearch/elasticsearch": "~6.0"
|
||||
},
|
||||
"config": {
|
||||
"vendor-dir": "Vendor"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue