diff --git a/.github/ISSUE_TEMPLATE/planned__specific_support_new_oss.md b/.github/ISSUE_TEMPLATE/planned__specific_support_new_oss.md index aa77924aeb..fabdc10085 100644 --- a/.github/ISSUE_TEMPLATE/planned__specific_support_new_oss.md +++ b/.github/ISSUE_TEMPLATE/planned__specific_support_new_oss.md @@ -4,10 +4,10 @@ about: Test compatibility with new OS. title: Support new OSs - - labels: level/task, request/operational, type/maintenance assignees: '' - --- # Description + | Related issue | Epic issue | |---|---| | Issue number | Issue number| @@ -20,9 +20,29 @@ assignees: '' \ No newline at end of file +--> diff --git a/.github/actions/clang_format/action.yml b/.github/actions/clang_format/action.yml index c228abe77d..30a9f44f8f 100644 --- a/.github/actions/clang_format/action.yml +++ b/.github/actions/clang_format/action.yml @@ -33,6 +33,9 @@ runs: shell: bash run: | + # Print clanformat version used. + echo "Clang-format version: $(clang-format --version)" + # Don't apply changes, just check arguments="--dry-run " diff --git a/.github/actions/compile/action.yml b/.github/actions/compile/action.yml index 95e1a16763..61ce4696d4 100644 --- a/.github/actions/compile/action.yml +++ b/.github/actions/compile/action.yml @@ -37,5 +37,5 @@ runs: run: | set +e cd build - ctest -C RelWithDebInfo -j $(nproc) + ctest -C RelWithDebInfo --output-on-failure shell: bash diff --git a/.github/actions/ghcr_pull_and_push/build_and_push_image_to_ghcr.sh b/.github/actions/ghcr_pull_and_push/build_and_push_image_to_ghcr.sh index f24b6198b7..227d341cf3 100644 --- a/.github/actions/ghcr_pull_and_push/build_and_push_image_to_ghcr.sh +++ b/.github/actions/ghcr_pull_and_push/build_and_push_image_to_ghcr.sh @@ -10,13 +10,19 @@ else fi GITHUB_REPOSITORY="wazuh/wazuh" GITHUB_OWNER="wazuh" +IMAGE_ID_CACHE=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:latest-5.0 +IMAGE_ID_CACHE=$(echo ${IMAGE_ID_CACHE} | tr '[A-Z]' '[a-z]') IMAGE_ID=ghcr.io/${GITHUB_OWNER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} IMAGE_ID=$(echo ${IMAGE_ID} | tr '[A-Z]' '[a-z]') # Login to GHCR echo ${GITHUB_PUSH_SECRET} | docker login https://ghcr.io -u $GITHUB_USER --password-stdin +# Pull latest image id from cache +echo pull ${IMAGE_ID_CACHE} +docker pull ${IMAGE_ID_CACHE} + # Build image -echo build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} -docker build -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +echo build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${IMAGE_ID_CACHE} -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} +docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${IMAGE_ID_CACHE} -t ${IMAGE_ID} -f ${DOCKERFILE_PATH} ${BUILD_CONTEXT} docker push ${IMAGE_ID} diff --git a/.github/actions/ghcr_pull_and_push/retag_image.sh b/.github/actions/ghcr_pull_and_push/retag_image.sh index 2bd2bb7292..5749663745 100644 --- a/.github/actions/ghcr_pull_and_push/retag_image.sh +++ b/.github/actions/ghcr_pull_and_push/retag_image.sh @@ -1,4 +1,4 @@ -set -x +set -ex GITHUB_PUSH_SECRET=$1 GITHUB_USER=$2 OLD_TAG=$3 @@ -14,11 +14,13 @@ IMAGES_LIST=( "pkg_deb_agent_builder_amd64" "pkg_deb_agent_builder_arm64" "pkg_deb_agent_builder_armhf" + "pkg_deb_agent_builder_ppc64le" "pkg_deb_manager_builder_amd64" "pkg_rpm_agent_builder_i386" "pkg_rpm_agent_builder_amd64" "pkg_rpm_agent_builder_arm64" "pkg_rpm_agent_builder_armhf" + "pkg_rpm_agent_builder_ppc64le" "pkg_rpm_manager_builder_amd64" "pkg_rpm_legacy_builder_i386" "pkg_rpm_legacy_builder_amd64" diff --git a/.github/actions/test-install-components/install_component.sh b/.github/actions/test-install-components/install_component.sh new file mode 100755 index 0000000000..c95c8d8702 --- /dev/null +++ b/.github/actions/test-install-components/install_component.sh @@ -0,0 +1,38 @@ +#!/bin/bash +package_name=$1 +target=$2 + +# Check parameters +if [ -z "$package_name" ] || [ -z "$target" ]; then + echo "Error: Both package_name and target must be provided." + echo "Usage: $0 " + exit 1 +fi + +echo "Installing Wazuh $target." + +if [ -n "$(command -v yum)" ]; then + install="yum install -y --nogpgcheck" + installed_log="/var/log/yum.log" +elif [ -n "$(command -v dpkg)" ]; then + install="dpkg --install" + installed_log="/var/log/dpkg.log" +else + common_logger -e "Couldn't find type of system" + exit 1 +fi + +if [ "${ARCH}" = "i386" ] || [ "${ARCH}" = "armhf" ]; then + linux="linux32" + if [ "${ARCH}" = "armhf" ] && [ "${SYSTEM}" = "rpm" ]; then + install="rpm -ivh --force --ignorearch" + WAZUH_MANAGER="10.0.0.2" $linux $install "/packages/$package_name"| tee /packages/status.log + if [ "$(rpm -qa | grep wazuh-agent)" ]; then + echo " installed wazuh-agent" >> /packages/status.log + exit 0 + fi + fi +fi + +WAZUH_MANAGER="10.0.0.2" $linux $install "/packages/$package_name"| tee /packages/status.log +grep -i " installed.*wazuh-$target" $installed_log| tee -a /packages/status.log diff --git a/.github/workflows/build_and_test_component.yml b/.github/workflows/build_and_test_component.yml index 6d60603f4f..3e959a8d83 100644 --- a/.github/workflows/build_and_test_component.yml +++ b/.github/workflows/build_and_test_component.yml @@ -22,7 +22,7 @@ jobs: - name: Set up dependencies run: | sudo apt-get update - sudo apt-get install -y wget gnupg lsb-release software-properties-common libsystemd-dev + sudo apt-get install -y wget gnupg lsb-release software-properties-common wget https://apt.llvm.org/llvm.sh chmod +x llvm.sh sudo ./llvm.sh 18 diff --git a/.github/workflows/compile_and_run_tests.yml b/.github/workflows/compile_and_run_tests.yml index ab3a8a2c12..3c0c3ea5d2 100644 --- a/.github/workflows/compile_and_run_tests.yml +++ b/.github/workflows/compile_and_run_tests.yml @@ -30,7 +30,7 @@ jobs: if: matrix.os == 'ubuntu-latest' run: | sudo apt-get update - sudo apt-get install -y wget gnupg lsb-release software-properties-common libsystemd-dev + sudo apt-get install -y wget gnupg lsb-release software-properties-common wget https://apt.llvm.org/llvm.sh chmod +x llvm.sh sudo ./llvm.sh 18 diff --git a/.github/workflows/coverage_check.yml b/.github/workflows/coverage_check.yml index 1b929ba53d..bca4acf689 100644 --- a/.github/workflows/coverage_check.yml +++ b/.github/workflows/coverage_check.yml @@ -7,9 +7,12 @@ on: - synchronize - reopened +env: + VCPKG_BINARY_SOURCES: 'clear;nuget,GitHub,readwrite' + jobs: coverage: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout code @@ -18,27 +21,15 @@ jobs: submodules: true fetch-depth: 0 - - name: Install Clang 16 and LLVM 16 - run: | - sudo apt-get update - wget https://apt.llvm.org/llvm.sh - chmod +x llvm.sh - sudo ./llvm.sh 16 - - name: Set up dependencies run: | sudo apt-get update - sudo apt-get install -y cmake gcovr libsystemd-dev - sudo apt-get install -y autopoint libtool zlib1g-dev \ - libgcrypt20-dev libmagic-dev libpopt-dev libmagic-dev \ - libsqlite3-dev liblua5.4-dev gettext libarchive-dev - shell: bash - - - name: Update PATH for LLVM - run: echo "/usr/lib/llvm-16/bin" >> $GITHUB_PATH + sudo apt-get install -y cmake llvm gcovr autopoint \ + libtool zlib1g-dev libgcrypt20-dev libmagic-dev libpopt-dev \ + libmagic-dev libsqlite3-dev liblua5.4-dev gettext libarchive-dev shell: bash - - name: Set up Binary caching + - name: Set up Binary caching uses: ./.github/actions/vcpkg_related/cover_vcpkg_dependencies with: gh_token: ${{ secrets.GITHUB_TOKEN }} @@ -46,19 +37,19 @@ jobs: - name: Generate CMake project run: | mkdir -p build && cd build - cmake -DCMAKE_CXX_COMPILER=clang++-16 ../src -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=1 -DCOVERAGE=1 -G "Unix Makefiles" + cmake -DCMAKE_CXX_COMPILER=clang++-16 -DCMAKE_C_COMPILER=clang-16 ../src -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=1 -DCOVERAGE=1 -DENABLE_CLANG_TIDY=OFF -G "Unix Makefiles" shell: bash - name: Compile run: | cd build - cmake --build . --config Debug + cmake --build . --config Debug -j $(nproc) shell: bash - name: Generate and Check Coverage run: | cd build - cmake --build . --target coverage + cmake --build . --target coverage -j $(nproc) shell: bash - name: Zip Coverage Files diff --git a/.github/workflows/integration_tests_fim_tier_0_1_win.yml b/.github/workflows/integration_tests_fim_tier_0_1_win.yml index f5b0051e64..6296d02e0b 100644 --- a/.github/workflows/integration_tests_fim_tier_0_1_win.yml +++ b/.github/workflows/integration_tests_fim_tier_0_1_win.yml @@ -90,5 +90,6 @@ jobs: # Run fim integration tests. - name: Run fim integration tests run: | + NET START wazuh cd C:\wazuh\tests\integration python -m pytest --tier 0 --tier 1 test_fim\ diff --git a/.github/workflows/integration_tests_fim_tier_2_win.yml.yml b/.github/workflows/integration_tests_fim_tier_2_win.yml.yml index 432f3bc2b2..07a00e9b02 100644 --- a/.github/workflows/integration_tests_fim_tier_2_win.yml.yml +++ b/.github/workflows/integration_tests_fim_tier_2_win.yml.yml @@ -1,4 +1,4 @@ -name: Integration tests for FIM on Windows - Tier 0 and 1 +name: Integration tests for FIM on Windows - Tier 2 on: workflow_dispatch: @@ -90,5 +90,6 @@ jobs: # Run fim integration tests. - name: Run fim integration tests run: | + NET START wazuh cd C:\wazuh\tests\integration python -m pytest --tier 2 test_fim\ diff --git a/.github/workflows/packages_retag_images.yml b/.github/workflows/packages_retag_images.yml index 207c80c28a..61e41bc6f8 100644 --- a/.github/workflows/packages_retag_images.yml +++ b/.github/workflows/packages_retag_images.yml @@ -64,8 +64,8 @@ jobs: - name: Run retag script run: | if [ "${{ inputs.old_version }}" != "none" ] && [ "${{ inputs.new_version }}" != "none" ]; then - new_version=${{ inputs.new_version }} - old_version=${{ inputs.old_version }} + new_version=$(sed 's|[/\]|--|g' <<< ${{ inputs.new_version }}) + old_version=$(sed 's|[/\]|--|g' <<< ${{ inputs.old_version }}) else new_version=${{ env.NEW_VERSION }} old_version=${{ env.OLD_VERSION }} diff --git a/.github/workflows/packages_upload_images.yml b/.github/workflows/packages_upload_images.yml index 314a6bc80b..fc89e104e0 100644 --- a/.github/workflows/packages_upload_images.yml +++ b/.github/workflows/packages_upload_images.yml @@ -49,6 +49,11 @@ jobs: - 'packages/generate_package.sh' - 'packages/debs/i386/agent/**' - 'packages/debs/utils/**' + pkg_deb_agent_builder_ppc64le: + - 'packages/build.sh' + - 'packages/generate_package.sh' + - 'packages/debs/ppc64le/agent/**' + - 'packages/debs/utils/**' pkg_rpm_agent_builder_amd64: - 'packages/build.sh' - 'packages/generate_package.sh' @@ -59,6 +64,11 @@ jobs: - 'packages/generate_package.sh' - 'packages/rpms/i386/agent/**' - 'packages/rpms/utils/**' + pkg_rpm_agent_builder_ppc64le: + - 'packages/build.sh' + - 'packages/generate_package.sh' + - 'packages/rpms/ppc64le/agent/**' + - 'packages/rpms/utils/**' pkg_rpm_legacy_builder_amd64: - 'packages/build.sh' - 'packages/generate_package.sh' @@ -130,6 +140,13 @@ jobs: env: GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }} + - name: Request pkg_deb_agent_builder_ppc64le update + if: steps.changes.outputs.pkg_deb_agent_builder_ppc64le == 'true' + run: | + gh workflow run packages-upload-agent-images-ppc.yml --repo wazuh/wazuh-agent-packages -r ${{ github.ref_name }} -f docker_image_tag=${{ env.TAG }} -f system=deb -f source_reference=${{ github.ref_name }} + env: + GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }} + - name: Request pkg_rpm_agent_builder_amd64 update if: steps.changes.outputs.pkg_rpm_agent_builder_amd64 == 'true' run: | @@ -144,6 +161,13 @@ jobs: env: GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }} + - name: Request pkg_rpm_agent_builder_ppc64le update + if: steps.changes.outputs.pkg_rpm_agent_builder_ppc64le == 'true' + run: | + gh workflow run packages-upload-agent-images-ppc.yml --repo wazuh/wazuh-agent-packages -r ${{ github.ref_name }} -f docker_image_tag=${{ env.TAG }} -f system=rpm -f source_reference=${{ github.ref_name }} + env: + GH_TOKEN: ${{ secrets.CI_WAZUH_AGENT_PACKAGES }} + - name: Request pkg_rpm_legacy_builder_amd64 update if: steps.changes.outputs.pkg_rpm_legacy_builder_amd64 == 'true' run: | diff --git a/BUILD.md b/BUILD.md index 657058edd2..6c9496e1ae 100644 --- a/BUILD.md +++ b/BUILD.md @@ -11,9 +11,8 @@ The following dependencies are required for this project: - **Tar** (for [vcpkg](https://vcpkg.io)) - **Ninja-build** (for [vcpkg](https://vcpkg.io)) - **Pkg-config** -- **libsystemd-dev** -## Compilation steps +## Compilation steps for Linux 1. **Installing Dependencies on Debian** @@ -21,7 +20,7 @@ The following dependencies are required for this project: ```bash sudo apt-get update - sudo apt-get install cmake make gcc git zip curl tar ninja-build pkg-config libsystemd-dev wget gnupg lsb-release software-properties-common + sudo apt-get install cmake make gcc git zip curl tar ninja-build pkg-config wget gnupg lsb-release software-properties-common libbz2-dev wget https://apt.llvm.org/llvm.sh chmod +x llvm.sh sudo ./llvm.sh 18 @@ -60,7 +59,43 @@ The following dependencies are required for this project: cmake --build build ``` -5. **Run tests** +5. **Run the Agent** + + **To run the agent in the foreground from the CLI** + + You can start and get status with: + + ```bash + ./wazuh-agent + ./wazuh-agent --status + ``` + + **To run the agent as a systemd service** + + Copy the file `src/agent/service/wazuh-agent.service` to `/usr/lib/systemd/system/`. + Replace the placeholder WAZUH_HOME to your wazuh-agent executable directory. + Reload unit files. + + ```bash + systemctl daemon-reload + ``` + + Enable service. + + ```bash + systemctl enable wazuh-agent + ``` + + You can start and stop the agent, and get status from systemctl: + + ```bash + systemctl start wazuh-agent + systemctl stop wazuh-agent + systemctl is-active wazuh-agent + systemctl status wazuh-agent + ``` + +6. **Run tests** If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: @@ -68,6 +103,182 @@ The following dependencies are required for this project: ctest --test-dir build --output-log build ``` +## Compilation steps for macOS + +1. **Install brew, a package manager for macOS** + ```bash + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + ``` + +2. **Install dependencies** + ```bash + brew install automake autoconf libtool cmake pkg-config openssl + ``` + +3. **Clone the Repository** + + Clone the repository: + + ```bash + git clone https://github.com/wazuh/wazuh-agent.git + ``` + +4. **Initialize Submodules** + + The project uses submodules, so you need to initialize and update them. Run the following commands: + + ```bash + cd wazuh-agent + git submodule update --init --recursive + ``` + +5. **Configure and Build the Project** + + ```bash + cmake src -B build + cmake --build build + ``` + + If you want to include tests, configure the project with the following command: + + ```bash + cmake src -B build -DBUILD_TESTS=1 + cmake --build build + ``` + +6. **Run the Agent** + + **To run the agent in the foreground from the CLI** + + You can start and get status with: + + ```bash + ./wazuh-agent + ./wazuh-agent --status + ``` + + **To run the agent as a launchd service** + + Copy the file `src/agent/service/com.wazuh.agent.plist` to `/Library/LaunchDaemons/`. + Edit the file and replace the placeholder path with your wazuh-agent executable directory as well as the working directory. + + ```bash + sudo chown root:wheel /Library/LaunchDaemons/com.wazuh.agent.plist + sudo chmod 644 /Library/LaunchDaemons/com.wazuh.agent.plist + ``` + + Load the service + + ```bash + sudo launchctl bootstrap system /Library/LaunchDaemons/com.wazuh.agent.plist + ``` + + Verify the service is running + + ``` + sudo launchctl print system/com.wazuh.agent + ``` + +7. **Run tests** + + If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: + + ```bash + ctest --test-dir build --output-log build + ``` + +## Compilation steps for Windows + +1. **Installing Dependencies** + +- Visual Studio Community 2022 (with MSVC 14) +- Chocolatey + ```bash + Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) + ``` +- Make + ```bash + choco install make + ``` +- Cmake 3.30.x + ```bash + choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' + ``` +- OpenSSL + ```bash + choco install openssl + ``` +- Git + +2. **Clone the Repository** + + First, clone the repository using the following command: + + ```bash + git clone https://github.com/wazuh/wazuh-agent.git + ``` + +3. **Initialize Submodules** + + The project uses submodules, so you need to initialize and update them. Run the following commands: + + ```bash + cd wazuh-agent + git submodule update --init --recursive + ``` + +4. **Configure and Build the Project** + + ```bash + cmake src -B build -G "Visual Studio 17 2022" -A x64 + cmake --build build + ``` + + If you want to include tests, configure the project with the following command: + + ```bash + cmake src -B build -DBUILD_TESTS=1 -G "Visual Studio 17 2022" -A x64 + cmake --build build --config RelWithDebInfo + ``` + +5. **Run the Agent** + + **Install windows service** + + ```bash + .\RelWithDebInfo\wazuh-agent --install-service + ``` + You can start, stop or restart the service from Windows SCM. + + Or from the CLI + ```bash + .\RelWithDebInfo\wazuh-agent + .\RelWithDebInfo\wazuh-agent --status + ``` + + **To remove the service** + ```bash + .\RelWithDebInfo\wazuh-agent --remove-service + ``` + +6. **Run tests** + + If built with CMake and `-DBUILD_TESTS=1`, you can run tests with: + + ```bash + ctest -C RelWithDebInfo --test-dir build --output-log build + ``` + +### Options + +|Option|Description|Default| +|---|---|---| +|`BUILD_TESTS`|Enable tests compilation|`OFF`| +|`COVERAGE`|Enable coverage report|`OFF`| +|`ENABLE_CLANG_TIDY`|Check code with _clang-tidy_|`ON`| +|`ENABLE_INVENTORY`|Enable Inventory module |`ON`| +|`ENABLE_LOGCOLLECTOR`|Enable Logcollector module|`ON`| + ## Notes - The project uses `vcpkg` as a submodule to manage dependencies. By initializing the submodules, `vcpkg` will automatically fetch the necessary dependencies when running CMake. diff --git a/README.md b/README.md index fa1862c9a6..248f38920a 100644 --- a/README.md +++ b/README.md @@ -45,17 +45,25 @@ This project uses the following third-party software: | [Boost Asio](https://www.boost.org/doc/libs/release/doc/html/boost_asio.html) | Cross-platform C++ library for network programming | Boost Software License 1.0 | 1.85.0 | | [Boost Beast](https://www.boost.org/doc/libs/release/libs/beast/) | Library built on Boost Asio for HTTP and WebSocket communication | Boost Software License 1.0 | 1.85.0 | | [Boost Uuid](https://www.boost.org/doc/libs/release/libs/uuid/) | Provides support for universally unique identifiers (UUIDs) | Boost Software License 1.0 | 1.85.0 | +| [cjson](https://github.com/DaveGamble/cJSON) | Ultralightweight JSON parser in ANSI Clone | MIT licensed | 1.7.17 | +| [curl](https://curl.se/) | A library for transferring data with URLs | curl AND ISC AND BSD-3-Clause | 8.5.0 | | [fmt](https://fmt.dev/) | A formatting library for C++ | MIT License | 10.2.1 | | [gtest](https://github.com/google/googletest) | Google's C++ testing framework | BSD-3-Clause | 1.15.2 | | [jwt-cpp](https://github.com/Thalhammer/jwt-cpp) | C++ library for handling JSON Web Tokens (JWT) | MIT License | 0.7.0 | +| [libarchive](https://www.libarchive.org) | Library for reading and writing streaming archives | 3-Clause New BSD License | 3.7.5 | | [libdb](https://github.com/yasuhirokimura/db18) | Database management library | AGPL-3.0 | 18.1.40 | +| [libplist](https://libimobiledevice.org/) | A library to handle Apple Property List format in binary or XML | LGPL-2.1-or-later | 2.2.0 | +| [libpopt](https://github.com/rpm-software-management/popt) | Library for parsing command line parameters | MIT licensed | 1.16 | | [librpm](https://github.com/rpm-software-management/rpm) | RPM package manager | GPL-2.0 | 4.18.2 | +| [lua](https://www.lua.org) | A powerful, fast, lightweight, embeddable scripting language | MIT licensed | 5.4.1 | | [nlohmann-json](https://github.com/nlohmann/json) | JSON parsing and serialization library for C++ | MIT License | 3.11.3 | | [OpenSSL](https://www.openssl.org/) | Toolkit for SSL/TLS protocols | Apache 2.0 and OpenSSL License | 3.3.2 | | [procps](https://github.com/warmchang/procps) | Utilities for monitoring system processes and resources | GPL-2.0 | 3.3.0 | | [spdlog](https://github.com/gabime/spdlog) | Fast C++ logging library | MIT License | 1.14.1 | +| [sqlite3](https://sqlite.org/) | SQLite is a software library that implements a self-contained serverless, zero-configuration, transactional SQL database engine | Public Domain (no restrictions) | 3.45.0 | | [SQLiteCpp](https://github.com/SRombauts/SQLiteCpp) | C++ wrapper around the SQLite database library | MIT License | 3.3.2 | | [toml11](https://github.com/ToruNiina/toml11) | C++11 TOML parser library | MIT License | 4.0.0 | +| [zlib](https://www.zlib.net/) | A compression library | Zlib | 1.3.1 | ## License diff --git a/etc/config/wazuh-agent.yml b/etc/config/wazuh-agent.yml new file mode 100644 index 0000000000..d15aa850c4 --- /dev/null +++ b/etc/config/wazuh-agent.yml @@ -0,0 +1,25 @@ +agent: + thread_count: 4 + server_url: https://localhost:27000 + retry_interval: 30s +events: + batch_interval: 10s + batch_size: 1000 +inventory: + enabled: true + interval: 1h + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true +logcollector: + enabled: true + localfiles: + - /var/log/auth.log + reload_interval: 1m + file_wait: 500ms diff --git a/etc/ruleset/rootcheck/rootkit_trojans.txt b/etc/ruleset/rootcheck/rootkit_trojans.txt index 3bbeddabba..fb4de058fb 100644 --- a/etc/ruleset/rootcheck/rootkit_trojans.txt +++ b/etc/ruleset/rootcheck/rootkit_trojans.txt @@ -40,7 +40,7 @@ sudo !satori|vejeta|conf\.inv! crond !/dev/[^nt]|bash! gpm !bash|mingetty! ifconfig !bash|^/bin/sh|/dev/tux|session.null|/dev/[^cludisopt]! -diff !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! +diff !bash|^/bin/sh|file\.h|proc\.h|/dev/[^nf]ull|^/bin/.*sh! md5sum !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! hdparm !bash|/dev/ida! ldd !/dev/[^n]|proc\.h|libshow.so|libproc.a! @@ -62,7 +62,7 @@ w !uname -a|proc\.h|bash! sendmail !bash|fuck! named !bash|blah|/dev/[0-9]|^/bin/sh! inetd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^un%]|^/bin/.*sh! -apachectl !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! +apachectl !^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! sshd !check_global_passwd|panasonic|satori|vejeta|\.ark|/hash\.zk|bash|/dev[a-s]|/dev[A-Z]/! syslogd !bash|/usr/lib/pt07|/dev/[^cln]]|syslogs\.h|proc\.h! xinetd !bash|file\.h|proc\.h! diff --git a/packages/build.sh b/packages/build.sh index 27efc6b051..a858376583 100755 --- a/packages/build.sh +++ b/packages/build.sh @@ -66,6 +66,27 @@ post_process() { fi } +set_vcpkg_remote_binary_cache(){ + local vcpkg_token="$1" + + if [[ $(mono --version 2>/dev/null) =~ [0-9] ]]; then + echo "mono already installed, proceeding" + export VCPKG_BINARY_SOURCES="clear;nuget,GitHub,readwrite" + $sources_dir/src/vcpkg/bootstrap-vcpkg.sh + mono `$sources_dir/src/vcpkg/vcpkg fetch nuget | tail -n 1` \ + sources add \ + -source "https://nuget.pkg.github.com/wazuh/index.json" \ + -name "GitHub" \ + -username "wazuh" \ + -password "$vcpkg_token" + mono `$sources_dir/src/vcpkg/vcpkg fetch nuget | tail -n 1` \ + setapikey "$vcpkg_token" \ + -source "https://nuget.pkg.github.com/wazuh/index.json" + else + echo "mono in not installed, remote binary caching not being enabled" + fi +} + # Main script body # Script parameters @@ -74,39 +95,34 @@ export JOBS="$2" debug="$3" checksum="$4" future="$5" -legacy="$6" -src="$7" +src="$6" build_dir="/build_wazuh" -source helper_function.sh +source /home/helper_function.sh -set -x +if [ -n "${WAZUH_VERBOSE}" ]; then + set -x +fi # Download source code if it is not shared from the local host if [ ! -d "/wazuh-local-src" ] ; then - curl -sL https://github.com/wazuh/wazuh/tarball/${WAZUH_BRANCH} | tar zx - short_commit_hash="$(curl -s https://api.github.com/repos/wazuh/wazuh/commits/${WAZUH_BRANCH} \ + git clone --branch ${WAZUH_BRANCH} --single-branch --recurse-submodules https://github.com/wazuh/wazuh-agent.git + short_commit_hash="$(curl -s https://api.github.com/repos/wazuh/wazuh-agent/commits/${WAZUH_BRANCH} \ | grep '"sha"' | head -n 1| cut -d '"' -f 4 | cut -c 1-11)" else - if [ "${legacy}" = "no" ]; then - short_commit_hash="$(cd /wazuh-local-src && git rev-parse --short HEAD)" - else - # Git package is not available in the CentOS 5 repositories. - hash_commit=$(cat /wazuh-local-src/.git/$(cat /wazuh-local-src/.git/HEAD|cut -d" " -f2)) - short_commit_hash="$(cut -c 1-11 <<< $hash_commit)" - fi + short_commit_hash="$(cd /wazuh-local-src && git rev-parse --short HEAD)" fi # Build directories source_dir=$(build_directories "$build_dir/${BUILD_TARGET}" "wazuh*" $future) -wazuh_version="$(cat $source_dir/src/VERSION| cut -d 'v' -f 2)" +wazuh_version="$(cat wazuh*/src/VERSION| cut -d 'v' -f 2)" # TODO: Improve how we handle package_name # Changing the "-" to "_" between target and version breaks the convention for RPM or DEB packages. # For now, I added extra code that fixes it. package_name="wazuh-${BUILD_TARGET}-${wazuh_version}" -specs_path="$(find $source_dir -name SPECS|grep $SYSTEM)" +specs_path="$(find $source_dir/packages -name SPECS|grep $SYSTEM)" setup_build "$source_dir" "$specs_path" "$build_dir" "$package_name" "$debug" @@ -114,7 +130,16 @@ set_debug $debug $sources_dir # Installing build dependencies cd $sources_dir -build_deps $legacy + +if [ "${ARCHITECTURE_TARGET}" != "amd64" ]; then + export VCPKG_FORCE_SYSTEM_BINARIES=1 +fi + +if [ -n "${VCPKG_KEY}" ]; then + set_vcpkg_remote_binary_cache "$VCPKG_KEY" +fi + +build_deps build_package $package_name $debug "$short_commit_hash" "$wazuh_version" # Post-processing diff --git a/packages/debs/SPECS/wazuh_agent/debian/changelog b/packages/debs/SPECS/wazuh-agent/debian/changelog similarity index 98% rename from packages/debs/SPECS/wazuh_agent/debian/changelog rename to packages/debs/SPECS/wazuh-agent/debian/changelog index a5d5509337..04eda32f89 100644 --- a/packages/debs/SPECS/wazuh_agent/debian/changelog +++ b/packages/debs/SPECS/wazuh-agent/debian/changelog @@ -1,3 +1,9 @@ +wazuh-agent (5.0.0-RELEASE) stable; urgency=low + + * More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html + + -- Wazuh, Inc Wed, 01 Jan 2025 00:00:00 +0000 + wazuh-agent (4.9.0-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html @@ -280,7 +286,7 @@ wazuh-agent (4.1.0-RELEASE) stable; urgency=low -- Wazuh, Inc Tue, 19 Jan 2021 06:25:59 +0000 - wazuh-agent (4.0.4-RELEASE) stable; urgency=low +wazuh-agent (4.0.4-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-4-0-4.html @@ -310,19 +316,19 @@ wazuh-agent (4.0.0-RELEASE) stable; urgency=low -- Wazuh, Inc Mon, 19 Oct 2020 06:59:39 +0000 - wazuh-manager (3.13.6-RELEASE) stable; urgency=low +wazuh-manager (3.13.6-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-6.html -- Wazuh, Inc Wed, 21 Sep 2022 15:00:00 +0000 - wazuh-manager (3.13.5-RELEASE) stable; urgency=low +wazuh-manager (3.13.5-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-5.html -- Wazuh, Inc Wed, 24 Aug 2022 15:00:00 +0000 - wazuh-manager (3.13.4-RELEASE) stable; urgency=low +wazuh-manager (3.13.4-RELEASE) stable; urgency=low * More info: https://documentation.wazuh.com/current/release-notes/release-3-13-4.html diff --git a/packages/debs/SPECS/wazuh_agent/debian/compat b/packages/debs/SPECS/wazuh-agent/debian/compat similarity index 100% rename from packages/debs/SPECS/wazuh_agent/debian/compat rename to packages/debs/SPECS/wazuh-agent/debian/compat diff --git a/packages/debs/SPECS/wazuh_agent/debian/conffiles b/packages/debs/SPECS/wazuh-agent/debian/conffiles similarity index 100% rename from packages/debs/SPECS/wazuh_agent/debian/conffiles rename to packages/debs/SPECS/wazuh-agent/debian/conffiles diff --git a/packages/debs/SPECS/wazuh_agent/debian/control b/packages/debs/SPECS/wazuh-agent/debian/control similarity index 60% rename from packages/debs/SPECS/wazuh_agent/debian/control rename to packages/debs/SPECS/wazuh-agent/debian/control index c6c6cb0b1d..c7875698cb 100644 --- a/packages/debs/SPECS/wazuh_agent/debian/control +++ b/packages/debs/SPECS/wazuh-agent/debian/control @@ -8,7 +8,10 @@ Homepage: https://www.wazuh.com Package: wazuh-agent Architecture: any -Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, debconf, adduser +Depends: ${shlibs:Depends}, libc6 (>= 2.7), lsb-release, libgcc-s1, adduser Conflicts: ossec-hids-agent, wazuh-manager, ossec-hids, wazuh-api Breaks: ossec-hids-agent, wazuh-manager, ossec-hids -Description: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring +Description: Wazuh helps you to gain security visibility into your infrastructure + by monitoring hosts at an operating system and application level. + It provides the following capabilities: log analysis, file integrity monitoring, + intrusions detection and policy and compliance monitoring diff --git a/packages/debs/SPECS/wazuh_agent/debian/copyright b/packages/debs/SPECS/wazuh-agent/debian/copyright similarity index 100% rename from packages/debs/SPECS/wazuh_agent/debian/copyright rename to packages/debs/SPECS/wazuh-agent/debian/copyright diff --git a/packages/debs/SPECS/wazuh-agent/debian/postinst b/packages/debs/SPECS/wazuh-agent/debian/postinst new file mode 100644 index 0000000000..215b4a296a --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/postinst @@ -0,0 +1,54 @@ +#!/bin/sh +# postinst script for wazuh-agent +# Wazuh, Inc 2024 + +set -e +UPGRADE_RESTART_FLAG="/tmp/wazuh.restart" + +case "$1" in + configure) + + OS=$(lsb_release -si) + VER=$(lsb_release -sr) + USER="wazuh" + GROUP="wazuh" + + OSMYSHELL="/sbin/nologin" + + if [ ! -f ${OSMYSHELL} ]; then + if [ -f "/bin/false" ]; then + OSMYSHELL="/bin/false" + fi + fi + + if ! getent group ${GROUP} > /dev/null 2>&1; then + addgroup --system ${GROUP} > /dev/null 2>&1 + fi + + if ! getent passwd ${USER} > /dev/null 2>&1; then + adduser --system --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1 + fi + + if [ -f ${UPGRADE_RESTART_FLAG} ] ; then + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then + systemctl daemon-reload > /dev/null 2>&1 + systemctl restart wazuh-agent > /dev/null 2>&1 + fi + rm ${UPGRADE_RESTART_FLAG} + fi + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + + *) + echo "postinst called with unknown argument \`$1'" >2 + exit 1 + ;; + +esac + +exit 0 diff --git a/packages/debs/SPECS/wazuh-agent/debian/postrm b/packages/debs/SPECS/wazuh-agent/debian/postrm new file mode 100644 index 0000000000..d4033a7ac2 --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/postrm @@ -0,0 +1,51 @@ +#!/bin/sh +# postrm script for wazuh-agent +# Wazuh, Inc 2024 + +set -e +WAZUH_SHARE_DIR="/usr/share/wazuh-agent" + +case "$1" in + remove|failed-upgrade|abort-install|abort-upgrade|disappear) + + if [ "$1" = "remove" ]; then + rm -rf ${WAZUH_SHARE_DIR} + rm -f /usr/lib/systemd/system/wazuh-agent.service + + # Remove the shared library configuration file if it exists + if [ -f /etc/ld.so.conf.d/wazuh-agentlibs.conf ]; then + rm -f /etc/ld.so.conf.d/wazuh-agentlibs.conf + ldconfig # Update the linker cache + fi + fi + + if getent passwd wazuh >/dev/null 2>&1; then + deluser wazuh > /dev/null 2>&1 + fi + ;; + + purge) + + if getent passwd wazuh >/dev/null 2>&1; then + deluser wazuh > /dev/null 2>&1 + fi + if getent group wazuh >/dev/null 2>&1; then + delgroup wazuh > /dev/null 2>&1 + fi + rm -rf /var/lib/wazuh-agent + ;; + + upgrade) + # If the upgrade downgrades to earlier versions, restore ownership + echo "Upgrade step" + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; + +esac + +exit 0 diff --git a/packages/debs/SPECS/wazuh-agent/debian/preinst b/packages/debs/SPECS/wazuh-agent/debian/preinst new file mode 100644 index 0000000000..f69a202641 --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/preinst @@ -0,0 +1,47 @@ +#!/bin/sh +# preinst script for wazuh-agent +# Wazuh, Inc 2024 + +set -e +BINARY_DIR="/usr/share/wazuh-agent/bin/" + +# configuration variables +UPGRADE_RESTART_FLAG="/tmp/wazuh.restart" + +case "$1" in + install|upgrade) + + if [ "$1" = "upgrade" ]; then + + if [ ! -d "$BINARY_DIR" ]; then + echo "Error: Directory $BINARY_DIR does not exist. Cannot perform upgrade" >&2 + exit 1 + fi + + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl stop wazuh-agent > /dev/null 2>&1 + touch ${UPGRADE_RESTART_FLAG} + elif ${BINARY_DIR}wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null + fi + touch ${UPGRADE_RESTART_FLAG} + fi + + fi + ;; + + abort-upgrade) + + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + + ;; + +esac + +exit 0 diff --git a/packages/debs/SPECS/wazuh-agent/debian/prerm b/packages/debs/SPECS/wazuh-agent/debian/prerm new file mode 100644 index 0000000000..03ba9a4131 --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/prerm @@ -0,0 +1,78 @@ +#!/bin/sh +# prerm script for wazuh-manager +# Wazuh, Inc 2024 + +set -e + +BINARY_DIR="/usr/share/wazuh-agent/bin/" + +case "$1" in + upgrade|deconfigure) + + # Stop the services before uninstalling the package + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl stop wazuh-agent > /dev/null 2>&1 + elif ${BINARY_DIR}wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null + fi + fi + + # # Process: wazuh-agent + # if pgrep -f "wazuh-agent" > /dev/null 2>&1; then + # kill -15 $(pgrep -f "wazuh-agent") > /dev/null 2>&1 + # fi + + # if pgrep -f "wazuh-agent" > /dev/null 2>&1; then + # kill -9 $(pgrep -f "wazuh-agent") > /dev/null 2>&1 + # fi + ;; + + remove) + + # Stop the services before uninstalling the package + # Check for systemd + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl stop wazuh-agent > /dev/null 2>&1 + elif ${BINARY_DIR}wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null + fi + fi + + ;; + + failed-upgrade) + + # Stop the services before uninstalling the package + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl stop wazuh-agent > /dev/null 2>&1 + elif ${BINARY_DIR}wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null + fi + fi + + # if [ -f ${INSTALLATION_WAZUH_DIR}/bin/wazuh-agent ]; then + # # pkill wazuh-agent + # if pgrep -f "wazuh-agent" > /dev/null 2>&1; then + # kill -15 $(pgrep -f "wazuh-agent") > /dev/null 2>&1 + # fi + + # if pgrep -f "wazuh-agent" > /dev/null 2>&1; then + # kill -9 $(pgrep -f "wazuh-agent") > /dev/null 2>&1 + # fi + # fi + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; + +esac + +exit 0 diff --git a/packages/debs/SPECS/wazuh-agent/debian/rules b/packages/debs/SPECS/wazuh-agent/debian/rules new file mode 100644 index 0000000000..4ab35e6764 --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/rules @@ -0,0 +1,57 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. +# +# Modified to make a template file for a multi-binary package with separated +# build-arch and build-indep targets by Bill Allombert 2001 + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +export TARGET_DIR=${CURDIR}/debian/wazuh-agent + +# Package build options +export INSTALLATION_DIR="" +export JOBS=$(shell nproc) +export DEBUG_ENABLED="no" +export PATH="${PATH}" +export LD_LIBRARY_PATH="" +export VCPKG_BINARY_SOURCES="" +export VCPKG_FORCE_SYSTEM_BINARIES="" + +%: + dh $@ + +override_dh_shlibdeps: + +override_dh_auto_configure: + +override_dh_auto_install: + +override_dh_install: + + # Build the binaries + git submodule update --init --recursive + cmake src -B build -DINSTALL_ROOT=${TARGET_DIR}$(INSTALLATION_DIR) + cmake --build build --parallel $(JOBS) + + make -C build install -j $(JOBS) + +override_dh_auto_clean: + make -C src clean + +override_dh_usrlocal: + + +override_dh_strip: + dh_strip --no-automatic-dbgsym + +.PHONY: override_dh_install override_dh_strip override_dh_auto_clean override_dh_auto_build override_dh_auto_configure override_dh_usrlocal diff --git a/packages/debs/SPECS/wazuh_agent/debian/source/format b/packages/debs/SPECS/wazuh-agent/debian/source/format similarity index 100% rename from packages/debs/SPECS/wazuh_agent/debian/source/format rename to packages/debs/SPECS/wazuh-agent/debian/source/format diff --git a/packages/debs/SPECS/wazuh-agent/debian/templates b/packages/debs/SPECS/wazuh-agent/debian/templates new file mode 100644 index 0000000000..4fb4e49df6 --- /dev/null +++ b/packages/debs/SPECS/wazuh-agent/debian/templates @@ -0,0 +1,4 @@ +Template: wazuh-agent/server-ip +Type: string +Default: 127.0.0.1 +Description: Wazuh server IP address for this agent. diff --git a/packages/debs/SPECS/wazuh_agent/debian/wazuh_agent.lintian_overrides b/packages/debs/SPECS/wazuh-agent/debian/wazuh-agent.lintian_overrides similarity index 100% rename from packages/debs/SPECS/wazuh_agent/debian/wazuh_agent.lintian_overrides rename to packages/debs/SPECS/wazuh-agent/debian/wazuh-agent.lintian_overrides diff --git a/packages/debs/SPECS/wazuh_agent/debian/postinst b/packages/debs/SPECS/wazuh_agent/debian/postinst deleted file mode 100644 index d114d2efe6..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/postinst +++ /dev/null @@ -1,214 +0,0 @@ -#!/bin/sh -# postinst script for wazuh-agent -# Wazuh, Inc 2015 - -set -e - -case "$1" in - configure) - - OS=$(lsb_release -si) - VER=$(lsb_release -sr) - DIR="/var/ossec" - USER="wazuh" - GROUP="wazuh" - WAZUH_GLOBAL_TMP_DIR="${DIR}/packages_files" - WAZUH_TMP_DIR="${WAZUH_GLOBAL_TMP_DIR}/agent_config_files" - SCRIPTS_DIR="${WAZUH_GLOBAL_TMP_DIR}/agent_installation_scripts" - SCA_BASE_DIR="${SCRIPTS_DIR}/sca" - - OSMYSHELL="/sbin/nologin" - - if [ -d /run/systemd/system ]; then - rm -f /etc/init.d/wazuh-agent - fi - - if [ ! -f ${OSMYSHELL} ]; then - if [ -f "/bin/false" ]; then - OSMYSHELL="/bin/false" - fi - fi - - if ! getent group ${GROUP} > /dev/null 2>&1; then - addgroup --system ${GROUP} > /dev/null 2>&1 - fi - if ! getent passwd ${USER} > /dev/null 2>&1; then - adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1 - fi - - if [ -z "$2" ] || [ -f ${WAZUH_TMP_DIR}/create_conf ] ; then - - ${SCRIPTS_DIR}/gen_ossec.sh conf agent ${OS} ${VER} ${DIR} > ${DIR}/etc/ossec.conf - ${SCRIPTS_DIR}/add_localfiles.sh ${DIR} >> ${DIR}/etc/ossec.conf - else - ${SCRIPTS_DIR}/gen_ossec.sh conf agent ${OS} ${VER} ${DIR} > ${DIR}/etc/ossec.conf.new - chmod 660 ${DIR}/etc/ossec.conf.new - fi - - # For the etc dir - if [ -f /etc/localtime ]; then - cp -pL /etc/localtime ${DIR}/etc/; - chmod 640 ${DIR}/etc/localtime - chown root:${GROUP} ${DIR}/etc/localtime - fi - - # Restore the local rules, client.keys and local_decoder - if [ -f ${WAZUH_TMP_DIR}/client.keys ]; then - cp ${WAZUH_TMP_DIR}/client.keys ${DIR}/etc/client.keys - fi - # Restore ossec.conf configuration - if [ -f ${WAZUH_TMP_DIR}/ossec.conf ]; then - mv ${WAZUH_TMP_DIR}/ossec.conf ${DIR}/etc/ossec.conf - fi - # Restore internal options configuration - if [ -f ${WAZUH_TMP_DIR}/local_internal_options.conf ]; then - mv ${WAZUH_TMP_DIR}/local_internal_options.conf ${DIR}/etc/local_internal_options.conf - fi - - # Install the SCA files - if [ -d "${SCA_BASE_DIR}" ]; then - . ${SCRIPTS_DIR}/src/init/dist-detect.sh - - SCA_DIR="${DIST_NAME}/${DIST_VER}" - - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}" - mkdir -p ${DIR}/ruleset/sca - - # Install the configuration files needed for this hosts - if [ -r "${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}" - elif [ -r "${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}" - elif [ -r "${SCA_BASE_DIR}/${DIST_NAME}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}" - else - SCA_TMP_DIR="${SCA_BASE_DIR}/generic" - fi - - SCA_TMP_FILE="${SCA_TMP_DIR}/sca.files" - - if [ -r ${SCA_TMP_FILE} ]; then - rm -f ${DIR}/ruleset/sca/* || true - - for sca_file in $(cat ${SCA_TMP_FILE}); do - mv ${SCA_BASE_DIR}/${sca_file} ${DIR}/ruleset/sca - done - fi - - # Set correct permissions, owner and group. ruleset directory may be empty. - if [ -n "$(ls -A ${DIR}/ruleset/sca/)" ]; then - chmod --recursive u=rwX,g=rX,o= ${DIR}/ruleset/sca/ - chown --recursive root:${GROUP} ${DIR}/ruleset/sca/ - fi - # Delete the temporary directory - rm -rf ${SCA_BASE_DIR} - - fi - - # Restore group files - if [ -d ${WAZUH_TMP_DIR}/group ]; then - for file in ${WAZUH_TMP_DIR}/group/* ; do - mv ${file} ${DIR}/etc/shared/ - done - rm -rf ${WAZUH_TMP_DIR}/group - fi - - touch ${DIR}/logs/active-responses.log - chown wazuh:wazuh ${DIR}/logs/active-responses.log - chmod 0660 ${DIR}/logs/active-responses.log - - # Check if SELinux is installed and enabled - if command -v getenforce > /dev/null 2>&1 && command -v semodule > /dev/null 2>&1; then - if [ $(getenforce) != "Disabled" ]; then - semodule -i ${DIR}/var/selinux/wazuh.pp - semodule -e wazuh - fi - fi - - # Register and configure agent if Wazuh environment variables are defined - if [ -z "$2" ] ; then - ${SCRIPTS_DIR}/src/init/register_configure_agent.sh ${DIR} > /dev/null || : - fi - - # Restoring file permissions - ${SCRIPTS_DIR}/restore-permissions.sh > /dev/null 2>&1 || : - - if [ -f /etc/systemd/system/wazuh-agent.service ]; then - rm -f /etc/systemd/system/wazuh-agent.service - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then - systemctl daemon-reload > /dev/null 2>&1 - fi - fi - - # Remove old ossec user and group if exists and change ownwership of files - if getent group ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true - if getent passwd ossec > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - deluser ossec > /dev/null 2>&1 - fi - if getent passwd ossecm > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - deluser ossecm > /dev/null 2>&1 - fi - if getent passwd ossecr > /dev/null 2>&1; then - find ${DIR}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - deluser ossecr > /dev/null 2>&1 - fi - if getent group ossec > /dev/null 2>&1; then - delgroup ossec > /dev/null 2>&1 - fi - fi - - find ${DIR} -nogroup -exec chgrp ${GROUP} {} \; > /dev/null 2>&1 - find ${DIR} -nouser -exec chown ${USER} {} \; > /dev/null 2>&1 - - if [ ! -z "$2" ]; then - if [ -f ${WAZUH_TMP_DIR}/wazuh.restart ] ; then - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then - systemctl daemon-reload > /dev/null 2>&1 - systemctl restart wazuh-agent.service > /dev/null 2>&1 - elif command -v service > /dev/null 2>&1 ; then - service wazuh-agent restart > /dev/null 2>&1 - else - ${DIR}/bin/wazuh-control restart > /dev/null 2>&1 - fi - fi - fi - - #Delete obsolete files - if [ -f /etc/ossec-init.conf ]; then - rm -f /etc/ossec-init.conf - fi - - # Delete installation scripts - if [ -d ${SCRIPTS_DIR} ]; then - rm -rf ${SCRIPTS_DIR} - fi - - # Delete tmp directory - if [ -d ${WAZUH_TMP_DIR} ]; then - rm -rf ${WAZUH_TMP_DIR} - fi - - # If the parent directory is empty, delete it - if [ -z "$(ls -A ${WAZUH_GLOBAL_TMP_DIR})" ]; then - rm -rf ${WAZUH_GLOBAL_TMP_DIR} - fi - - ;; - - - abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - - *) - echo "postinst called with unknown argument \`$1'" >2 - exit 1 - ;; - -esac - -exit 0 diff --git a/packages/debs/SPECS/wazuh_agent/debian/postrm b/packages/debs/SPECS/wazuh_agent/debian/postrm deleted file mode 100644 index 8404ffdbbf..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/postrm +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/sh -# postrm script for wazuh-agent -# Wazuh, Inc 2015 - -set -e - -DIR="/var/ossec" -WAZUH_TMP_DIR="${DIR}/packages_files/agent_config_files" - -case "$1" in - remove|failed-upgrade|abort-install|abort-upgrade|disappear) - - if [ -d ${WAZUH_TMP_DIR} ]; then - rm -rf ${WAZUH_TMP_DIR} - fi - - # Back up the old configuration files as .save - if [ ! -d ${DIR}/etc ]; then - mkdir -p ${DIR}/etc - fi - - # If the directory is not empty, copy the files into ${DIR}/etc - if ls -A ${DIR}/tmp/conffiles > /dev/null 2>&1 ; then - mv ${DIR}/tmp/conffiles/* ${DIR}/etc - fi - rm -rf ${DIR}/tmp - if [ "$1" = "remove" ]; then - rm -rf ${DIR}/ruleset - rm -rf ${DIR}/var - rm -rf ${DIR}/logs - rm -rf ${DIR}/queue - rm -rf ${DIR}/etc/shared - fi - - # Delete old .save - find ${DIR}/etc/ -type f -name "*save" -exec rm -f {} \; - - # Rename the files - find ${DIR}/etc/ -type f -exec mv {} {}.save \; - - ;; - - purge) - - if getent passwd wazuh >/dev/null 2>&1; then - deluser wazuh > /dev/null 2>&1 - fi - if getent group wazuh >/dev/null 2>&1; then - delgroup wazuh > /dev/null 2>&1 - fi - rm -rf ${DIR}/* - - ;; - - upgrade) - # If the upgrade downgrades to earlier versions, restore ownership - if command -v ${DIR}/bin/ossec-control > /dev/null 2>&1; then - - OSMYSHELL="/sbin/nologin" - - if [ -d ${DIR}/logs/wazuh ]; then - mv ${DIR}/logs/wazuh ${DIR}/logs/ossec - fi - - if [ -d ${DIR}/queue/sockets ]; then - mv ${DIR}/queue/sockets ${DIR}/queue/ossec - fi - - if [ -f ${DIR}/queue/sockets/.agent_info ]; then - mv ${DIR}/queue/sockets/.agent_info ${DIR}/queue/ossec/ - fi - - rm -rf ${DIR}/queue/sockets > /dev/null 2>&1 - - if ! getent group ossec > /dev/null 2>&1; then - addgroup --system ossec > /dev/null 2>&1 - fi - - if ! getent passwd ossec > /dev/null 2>&1; then - adduser --system --home /var/ossec --shell ${OSMYSHELL} --ingroup ossec ossec > /dev/null 2>&1 - fi - - # Set the correct permissions to orphaned files (not owned by root) - find ${DIR} ! -group root -exec chgrp ossec {} \; > /dev/null 2>&1 - find ${DIR} ! -user root -exec chown ossec {} \; > /dev/null 2>&1 - - # delete wazuh user and group - if getent passwd wazuh > /dev/null 2>&1; then - deluser wazuh - fi - - if getent group wazuh > /dev/null 2>&1; then - delgroup wazuh - fi - fi - - exit 0 - - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - - ;; - -esac - -exit 0 diff --git a/packages/debs/SPECS/wazuh_agent/debian/preinst b/packages/debs/SPECS/wazuh_agent/debian/preinst deleted file mode 100644 index 1a67be6bab..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/preinst +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/sh -# preinst script for wazuh-agent - -set -e - -# configuration variables -DIR="/var/ossec" -WAZUH_TMP_DIR="${DIR}/packages_files/agent_config_files" - -# environment configuration -if [ ! -d ${WAZUH_TMP_DIR} ]; then - mkdir -p ${WAZUH_TMP_DIR} -else - rm -rf ${WAZUH_TMP_DIR} - mkdir -p ${WAZUH_TMP_DIR} -fi - -case "$1" in - install|upgrade) - - if [ "$1" = "upgrade" ]; then - - if [ ! -d "$DIR" ]; then - echo "Error: Directory $DIR does not exist. Cannot perform upgrade" >&2 - exit 1 - fi - - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then - systemctl stop wazuh-agent.service > /dev/null 2>&1 - touch ${WAZUH_TMP_DIR}/wazuh.restart - elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - service wazuh-agent stop > /dev/null 2>&1 - touch ${WAZUH_TMP_DIR}/wazuh.restart - elif ${DIR}/bin/wazuh-control status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - touch ${WAZUH_TMP_DIR}/wazuh.restart - elif ${DIR}/bin/ossec-control status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - touch ${WAZUH_TMP_DIR}/wazuh.restart - fi - ${DIR}/bin/ossec-control stop > /dev/null 2>&1 || ${DIR}/bin/wazuh-control stop > /dev/null 2>&1 - - if [ -d ${DIR}/logs/ossec ]; then - mv ${DIR}/logs/ossec ${DIR}/logs/wazuh - fi - - if [ -d ${DIR}/queue/ossec ]; then - mv ${DIR}/queue/ossec ${DIR}/queue/sockets - fi - fi - - if [ ! -z "$2" ] && [ ! -f ${DIR}/etc/ossec.conf ] ; then - touch ${WAZUH_TMP_DIR}/create_conf - fi - - # Delete old service - if [ -f /etc/init.d/ossec ]; then - rm /etc/init.d/ossec - fi - # back up the current user rules - if [ -f ${DIR}/etc/client.keys ]; then - cp ${DIR}/etc/client.keys ${WAZUH_TMP_DIR}/client.keys - fi - if [ -f ${DIR}/etc/local_internal_options.conf ]; then - cp -p ${DIR}/etc/local_internal_options.conf ${WAZUH_TMP_DIR}/local_internal_options.conf - fi - if [ -f ${DIR}/etc/ossec.conf ]; then - cp -p ${DIR}/etc/ossec.conf ${WAZUH_TMP_DIR}/ossec.conf - fi - - if [ -d ${DIR}/etc/shared ]; then - files="$(ls -A ${DIR}/etc/shared/*)" - fi - - if [ ! -z "$files" ]; then - mkdir -p ${WAZUH_TMP_DIR}/group - cp -rp ${DIR}/etc/shared/* ${WAZUH_TMP_DIR}/group/ - fi - ;; - - abort-upgrade) - - ;; - - *) - echo "preinst called with unknown argument \`$1'" >&2 - exit 1 - - ;; - -esac - -exit 0 diff --git a/packages/debs/SPECS/wazuh_agent/debian/prerm b/packages/debs/SPECS/wazuh_agent/debian/prerm deleted file mode 100644 index 5ffd70b01c..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/prerm +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh -# prerm script for wazuh-manager - -set -e - -DIR="/var/ossec" - -case "$1" in - upgrade|deconfigure) - - # Stop the services before uninstalling the package - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then - systemctl stop wazuh-agent > /dev/null 2>&1 - elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "running" > /dev/null 2>&1; then - service wazuh-agent stop > /dev/null 2>&1 - fi - ${DIR}/bin/wazuh-control stop > /dev/null 2>&1 - - # Process: wazuh-execd - if pgrep -f "wazuh-execd" > /dev/null 2>&1; then - kill -15 $(pgrep -f "wazuh-execd") > /dev/null 2>&1 - fi - - if pgrep -f "wazuh-execd" > /dev/null 2>&1; then - kill -9 $(pgrep -f "wazuh-execd") > /dev/null 2>&1 - fi - - # Process: wazuh-agentd - if pgrep -f "wazuh-agentd" > /dev/null 2>&1; then - kill -15 $(pgrep -f "wazuh-agentd") > /dev/null 2>&1 - fi - - if pgrep -f "wazuh-agentd" > /dev/null 2>&1; then - kill -9 $(pgrep -f "wazuh-agentd") > /dev/null 2>&1 - fi - - # Process: wazuh-syscheckd - if pgrep -f "wazuh-syscheckd" > /dev/null 2>&1; then - kill -15 $(pgrep -f "wazuh-syscheckd") > /dev/null 2>&1 - fi - - if pgrep -f "wazuh-syscheckd" > /dev/null 2>&1; then - kill -9 $(pgrep -f "wazuh-syscheckd") > /dev/null 2>&1 - fi - - # Process: wazuh-logcollector - if pgrep -f "wazuh-logcollector" > /dev/null 2>&1; then - kill -15 $(pgrep -f "wazuh-logcollector") > /dev/null 2>&1 - fi - - if pgrep -f "wazuh-logcollector" > /dev/null 2>&1; then - kill -9 $(pgrep -f "wazuh-logcollector") > /dev/null 2>&1 - fi - - # Process: wazuh-modulesd - if pgrep -f "wazuh-modulesd" > /dev/null 2>&1; then - kill -15 $(pgrep -f "wazuh-modulesd") > /dev/null 2>&1 - fi - - if pgrep -f "wazuh-modulesd" > /dev/null 2>&1; then - kill -9 $(pgrep -f "wazuh-modulesd") > /dev/null 2>&1 - fi - - ;; - - remove) - - # Stop the services before uninstalling the package - # Check for systemd - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then - systemctl stop wazuh-agent > /dev/null 2>&1 - # Check for SysV - elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "running" > /dev/null 2>&1; then - service wazuh-agent stop > /dev/null 2>&1 - fi - ${DIR}/bin/wazuh-control stop > /dev/null 2>&1 - - # Save the conffiles - mkdir -p ${DIR}/tmp/conffiles - # Save the client.keys - if [ -f ${DIR}/etc/client.keys ]; then - cp -p ${DIR}/etc/client.keys ${DIR}/tmp/conffiles - fi - # Save the local_internal_options.conf - if [ -f ${DIR}/etc/local_internal_options.conf ]; then - cp -p ${DIR}/etc/local_internal_options.conf ${DIR}/tmp/conffiles - fi - # Save the ossec.conf - if [ -f ${DIR}/etc/ossec.conf ]; then - cp -p ${DIR}/etc/ossec.conf ${DIR}/tmp/conffiles - fi - - ;; - - failed-upgrade) - if [ -f ${DIR}/bin/wazuh-control ]; then - ${DIR}/bin/wazuh-control stop > /dev/null 2>&1 - fi - ;; - - *) - echo "prerm called with unknown argument \`$1'" >&2 - exit 1 - ;; - -esac - -exit 0 diff --git a/packages/debs/SPECS/wazuh_agent/debian/rules b/packages/debs/SPECS/wazuh_agent/debian/rules deleted file mode 100644 index 2bc8a15c06..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/rules +++ /dev/null @@ -1,159 +0,0 @@ -#!/usr/bin/make -f -# -*- makefile -*- -# Sample debian/rules that uses debhelper. -# -# This file was originally written by Joey Hess and Craig Small. -# As a special exception, when this file is copied by dh-make into a -# dh-make output file, you may use that output file without restriction. -# This special exception was added by Craig Small in version 0.37 of dh-make. -# -# Modified to make a template file for a multi-binary package with separated -# build-arch and build-indep targets by Bill Allombert 2001 - -# Uncomment this to turn on verbose mode. -export DH_VERBOSE=1 - -# This has to be exported to make some magic below work. -export DH_OPTIONS - -export TARGET_DIR=${CURDIR}/debian/wazuh-agent - -# Package build options -export INSTALLATION_DIR="/var/ossec" -export INSTALLATION_SCRIPTS_DIR="${INSTALLATION_DIR}/packages_files/agent_installation_scripts" -export JOBS="5" -export DEBUG_ENABLED="no" -export PATH="${PATH}" -export LD_LIBRARY_PATH="" - -%: - dh $@ - -override_dh_shlibdeps: - -override_dh_auto_configure: - -override_dh_auto_install: - -override_dh_install: - - rm -rf $(INSTALLATION_DIR)/ - - # Build the binaries - make -C src deps TARGET=agent - make -j$(JOBS) -C src/ TARGET=agent USE_SELINUX=yes DEBUG=$(DEBUG_ENABLED) - - USER_LANGUAGE="en" \ - USER_NO_STOP="y" \ - USER_INSTALL_TYPE="agent" \ - USER_DIR="$(INSTALLATION_DIR)" \ - USER_DELETE_DIR="y" \ - USER_ENABLE_ACTIVE_RESPONSE="y" \ - USER_ENABLE_SYSCHECK="y" \ - USER_ENABLE_ROOTCHECK="y" \ - USER_ENABLE_SYSCOLLECTOR="y" \ - USER_UPDATE="n" \ - USER_AGENT_SERVER_IP="MANAGER_IP" \ - USER_CA_STORE="/path/to/my_cert.pem" \ - USER_AUTO_START="n" \ - ./install.sh - - # Copying init.d script - mkdir -p ${TARGET_DIR}/etc/init.d/ - sed -i "s:WAZUH_HOME_TMP:${INSTALLATION_DIR}:g" src/init/templates/ossec-hids-debian.init - - cp src/init/templates/ossec-hids-debian.init ${TARGET_DIR}/etc/init.d/wazuh-agent - - # Copying systemd file - mkdir -p ${TARGET_DIR}/usr/lib/systemd/system/ - sed -i "s:WAZUH_HOME_TMP:${INSTALLATION_DIR}:g" src/init/templates/wazuh-agent.service - install -m 0644 src/init/templates/wazuh-agent.service ${TARGET_DIR}/usr/lib/systemd/system/ - - # Generating permission restoration file for postinstall - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR) - - # Remove preinstalled log files - rm -rf $(INSTALLATION_DIR)/logs/*.log - rm -rf $(INSTALLATION_DIR)/logs/*.json - - # Clean the preinstalled configuration assesment files - rm -rf ${TARGET_DIR}$(INSTALLATION_DIR)/ruleset/sca - mkdir -p ${TARGET_DIR}$(INSTALLATION_DIR)/ruleset/sca - - ./gen_permissions.sh $(INSTALLATION_DIR)/ ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/restore-permissions.sh - - # Copying to target - mkdir -p ${TARGET_DIR}$(INSTALLATION_DIR)/ - cp -r $(INSTALLATION_DIR)/. $(TARGET_DIR)$(INSTALLATION_DIR)/ - - # Copying install scripts to /usr/share - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/ - cp gen_ossec.sh ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/ - cp add_localfiles.sh ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/ - - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/src - cp src/VERSION ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/src/ - cp src/REVISION ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/src/ - - # Install configuration assesment files and files templates - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/applications - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/generic - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/7 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/8 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/12/04 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/14/04 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/16/04 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/18/04 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/20/04 - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04 - - cp -r ruleset/sca/* ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca - - cp etc/templates/config/generic/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/generic - cp etc/templates/config/generic/sca.manager.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/generic - - cp etc/templates/config/debian/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian - cp etc/templates/config/debian/7/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/7 - cp etc/templates/config/debian/8/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/8 - cp etc/templates/config/debian/9/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/9 - cp etc/templates/config/debian/10/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/10 - cp etc/templates/config/debian/11/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/11 - cp etc/templates/config/debian/12/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/debian/12 - - cp etc/templates/config/ubuntu/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu - cp etc/templates/config/ubuntu/12/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/12/04 - cp etc/templates/config/ubuntu/14/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/14/04 - cp etc/templates/config/ubuntu/16/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/16/04 - cp etc/templates/config/ubuntu/18/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/18/04 - cp etc/templates/config/ubuntu/20/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/20/04 - cp etc/templates/config/ubuntu/22/04/sca.files ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/sca/ubuntu/22/04 - - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/src/init - cp -r src/init/* ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/src/init - - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/generic - cp -r etc/templates/config/generic ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/ - - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/debian - cp -r etc/templates/config/debian ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/ - - mkdir -p ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/ubuntu - cp -r etc/templates/config/ubuntu ${TARGET_DIR}$(INSTALLATION_SCRIPTS_DIR)/etc/templates/config/ - - # Copying systemd file - mkdir -p ${TARGET_DIR}/etc/systemd/system/ - sed -i "s:WAZUH_HOME_TMP:${INSTALLATION_DIR}:g" src/init/templates/wazuh-agent.service - cp src/init/templates/wazuh-agent.service ${TARGET_DIR}/etc/systemd/system/ - -override_dh_auto_clean: - $(MAKE) -C src clean - - -override_dh_strip: - dh_strip --no-automatic-dbgsym - -.PHONY: override_dh_install override_dh_strip override_dh_auto_clean override_dh_auto_build override_dh_auto_configure diff --git a/packages/debs/SPECS/wazuh_agent/debian/templates b/packages/debs/SPECS/wazuh_agent/debian/templates deleted file mode 100644 index 3dbe63d83f..0000000000 --- a/packages/debs/SPECS/wazuh_agent/debian/templates +++ /dev/null @@ -1,4 +0,0 @@ -Template: wazuh-agent/server-ip -Type: string -Default: 127.0.0.1 -Description: OSSEC server IP address for this agent. This server is also known as Manager and will receive information from the agent. You need to specify the IP address, the hostname is not valid. The agent still needs to be registered and started manually. diff --git a/packages/debs/amd64/agent/Dockerfile b/packages/debs/amd64/agent/Dockerfile index 6896f77636..31bd1e516c 100644 --- a/packages/debs/amd64/agent/Dockerfile +++ b/packages/debs/amd64/agent/Dockerfile @@ -1,44 +1,62 @@ -FROM debian:7 +FROM debian:10 -ENV DEBIAN_FRONTEND noninteractive +ENV DEBIAN_FRONTEND=noninteractive # Installing necessary packages -RUN echo "deb http://archive.debian.org/debian/ wheezy contrib main non-free" > /etc/apt/sources.list && \ - echo "deb-src http://archive.debian.org/debian/ wheezy contrib main non-free" >> /etc/apt/sources.list && \ - apt-get update && apt-get install -y --force-yes apt-utils && \ - apt-get install -y --force-yes \ - curl gcc make sudo wget expect gnupg perl-base=5.14.2-21+deb7u3 perl \ - libc-bin=2.13-38+deb7u10 libc6=2.13-38+deb7u10 libc6-dev build-essential \ - cdbs devscripts equivs automake autoconf libtool libaudit-dev selinux-basics \ - libdb5.1=5.1.29-5 libdb5.1-dev libssl1.0.0=1.0.1e-2+deb7u20 procps gawk libsigsegv2 - -RUN apt-get update && apt-get build-dep python3.2 -y --force-yes - -RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ - tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ +RUN apt-get update && apt-get install -y build-essential \ + curl wget git gawk devscripts sudo libssl-dev \ + unzip zip tar texinfo pkg-config clang-tidy uuid \ + libmpfr-dev libgmp3-dev libmpc-dev autopoint libtool \ + zlib1g-dev libgcrypt20-dev libmagic-dev libpopt-dev \ + libmagic-dev libsqlite3-dev gettext \ + ninja-build libsystemd-dev libaudit-dev selinux-basics \ + libarchive-dev debhelper libssl-dev libbz2-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN echo "deb http://ftp.de.debian.org/debian bullseye main" >>/etc/apt/sources.list && \ + apt-get update && apt-get install -y g++-10 && rm -rf /var/lib/apt/lists/* + +RUN wget https://ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.gz && \ + tar xzf gcc-13.2.0.tar.gz && cd gcc-13.2.0/ && \ ./contrib/download_prerequisites && \ - ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ - --disable-libsanitizer && \ - make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ - ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* - -ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" -ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64:${LD_LIBRARY_PATH}" -ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" - -RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ - tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ - ./bootstrap --no-system-curl CXX=/usr/local/gcc-9.4.0/bin/g++ \ - CC=/usr/local/gcc-9.4.0/bin/gcc && \ - make -j$(nproc) && make install && ln -s /usr/local/bin/cmake /usr/bin/cmake && \ + ./configure --prefix=/usr/local/gcc-13.2.0 --enable-languages=c,c++ \ + --disable-multilib --disable-libsanitizer && \ + make -j$(nproc) && make install -j$(nproc) && \ + ln -fs /usr/local/gcc-13.2.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-13.2.0/bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-13.2.0/include/c++/13.2.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-13.2.0/lib64/" +ENV PATH "/usr/local/gcc-13.2.0/bin:${PATH}" +ENV PKG_CONFIG_PATH "/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH}" + +RUN curl -OL https://github.com/Kitware/CMake/releases/download/v3.30.3/cmake-3.30.3.tar.gz && \ + tar -zxf cmake-3.*.tar.gz && cd cmake-3.* && ./bootstrap && \ + make -j$(nproc) && make install && ln -fs /usr/local/bin/cmake /usr/bin/cmake && \ cd / && rm -rf cmake-* -# Add the script and helper_funcitons to build the Debian package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh -ADD gen_permissions.sh /tmp/gen_permissions.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] +RUN curl -sO https://lua.org/ftp/lua-5.4.7.tar.gz && tar -xzvf lua-5.4.7.tar.gz && \ + cd lua-5.4.7 && make -j$(nproc) linux CFLAGS+="-fPIC" LDFLAGS+="-fPIC" && make install && \ + ln -fs /usr/local/bin/lua /usr/bin/lua && cd / && rm -rf lua* + +RUN mkdir -p /usr/local/lib/pkgconfig && \ + echo "# Package Information for pkg-config" > /usr/local/lib/pkgconfig/lua.pc && \ + echo "prefix=/usr/local" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "exec_prefix=\${prefix}" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "libdir=\${exec_prefix}/lib" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "includedir=\${prefix}/include" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Name: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Description: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Version: 5.4.7" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Libs: -L\${libdir} -llua -lm" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Cflags: -I\${includedir}" >> /usr/local/lib/pkgconfig/lua.pc + +RUN git config --global --add safe.directory /wazuh-local-src + +RUN apt update && apt install dirmngr gnupg apt-transport-https ca-certificates -y && \ + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ + sh -c 'echo "deb https://download.mono-project.com/repo/debian stable-buster main" > /etc/apt/sources.list.d/mono-official-stable.list' && \ + apt update && apt install mono-devel -y + +RUN curl -o /usr/local/bin/nuget https://dist.nuget.org/win-x86-commandline/v6.10.2/nuget.exe diff --git a/packages/debs/arm64/agent/Dockerfile b/packages/debs/arm64/agent/Dockerfile index a79811426b..8dca8175c0 100644 --- a/packages/debs/arm64/agent/Dockerfile +++ b/packages/debs/arm64/agent/Dockerfile @@ -1,47 +1,60 @@ -FROM arm64v8/debian:stretch +FROM arm64v8/debian:10 -ENV DEBIAN_FRONTEND noninteractive +ENV DEBIAN_FRONTEND=noninteractive # Installing necessary packages -RUN echo "deb http://archive.debian.org/debian stretch contrib main non-free" > /etc/apt/sources.list && \ - echo "deb http://archive.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list && \ - echo "deb-src http://archive.debian.org/debian stretch main" >> /etc/apt/sources.list && \ - apt-get update && apt-get install -y --allow-change-held-packages apt apt-utils \ - curl gcc g++ make sudo expect gnupg \ - perl-base perl wget libc-bin libc6 libc6-dev \ - build-essential cdbs devscripts equivs automake \ - autoconf libtool libaudit-dev selinux-basics \ - libdb5.3 libdb5.3 libssl1.0.2 gawk libsigsegv2 - -# Add Debian's source repository and, Install NodeJS 12 -RUN apt-get update && apt-get build-dep python3.5 -y --allow-change-held-packages -RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - && \ - apt-get install --allow-change-held-packages -y nodejs - -RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ - tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ +RUN apt-get update && apt-get install -y build-essential \ + curl wget git gawk devscripts sudo libssl-dev \ + unzip zip tar texinfo pkg-config clang-tidy uuid \ + libmpfr-dev libgmp3-dev libmpc-dev autopoint libtool \ + zlib1g-dev libgcrypt20-dev libmagic-dev libpopt-dev \ + libmagic-dev libsqlite3-dev gettext ninja-build \ + ninja-build libsystemd-dev libaudit-dev selinux-basics \ + libarchive-dev debhelper libssl-dev libbz2-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN echo "deb http://ftp.de.debian.org/debian bullseye main" >>/etc/apt/sources.list && \ + apt-get update && apt-get install -y g++-10 && rm -rf /var/lib/apt/lists/* + +RUN wget https://ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.gz && \ + tar xzf gcc-13.2.0.tar.gz && cd gcc-13.2.0/ && \ ./contrib/download_prerequisites && \ - ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ - --disable-libsanitizer && \ - make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ - ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* - -ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" -ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" -ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" - -RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ - tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ - ./bootstrap --no-system-curl && \ + ./configure --prefix=/usr/local/gcc-13.2.0 --enable-languages=c,c++ \ + --disable-multilib --disable-libsanitizer && \ + make -j$(nproc) && make install -j$(nproc) && \ + ln -fs /usr/local/gcc-13.2.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-13.2.0/bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-13.2.0/include/c++/13.2.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-13.2.0/lib64/" +ENV PATH "/usr/local/gcc-13.2.0/bin:${PATH}" +ENV PKG_CONFIG_PATH "/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH}" + +RUN curl -OL https://github.com/Kitware/CMake/releases/download/v3.30.3/cmake-3.30.3.tar.gz && \ + tar -zxf cmake-3.*.tar.gz && cd cmake-3.* && ./bootstrap && \ make -j$(nproc) && make install && ln -s /usr/local/bin/cmake /usr/bin/cmake && \ cd / && rm -rf cmake-* -# Add the script to build the Debian package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh -ADD gen_permissions.sh /tmp/gen_permissions.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] +RUN curl -sO https://lua.org/ftp/lua-5.4.7.tar.gz && tar -xzvf lua-5.4.7.tar.gz && \ + cd lua-5.4.7 && make -j$(nproc) linux CFLAGS+="-fPIC" LDFLAGS+="-fPIC" && make install && \ + ln -fs /usr/local/bin/lua /usr/bin/lua && cd / && rm -rf lua* + +RUN mkdir -p /usr/local/lib/pkgconfig && \ + echo "# Package Information for pkg-config" > /usr/local/lib/pkgconfig/lua.pc && \ + echo "prefix=/usr/local" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "exec_prefix=\${prefix}" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "libdir=\${exec_prefix}/lib" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "includedir=\${prefix}/include" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Name: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Description: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Version: 5.4.7" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Libs: -L\${libdir} -llua -lm" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Cflags: -I\${includedir}" >> /usr/local/lib/pkgconfig/lua.pc + +RUN git config --global --add safe.directory /wazuh-local-src + +RUN apt update && apt install dirmngr gnupg apt-transport-https ca-certificates -y && \ + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ + sh -c 'echo "deb https://download.mono-project.com/repo/debian stable-buster main" > /etc/apt/sources.list.d/mono-official-stable.list' && \ + apt update && apt install mono-complete -y diff --git a/packages/debs/armhf/agent/Dockerfile b/packages/debs/armhf/agent/Dockerfile index a27b9d1347..1029339b33 100644 --- a/packages/debs/armhf/agent/Dockerfile +++ b/packages/debs/armhf/agent/Dockerfile @@ -37,12 +37,3 @@ RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ linux32 ./bootstrap --no-system-curl && \ linux32 make -j$(nproc) && linux32 make install && \ ln -s /usr/local/bin/cmake /usr/bin/cmake && cd / && rm -rf cmake-* - -# Add the script to build the Debian package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh -ADD gen_permissions.sh /tmp/gen_permissions.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/debs/i386/agent/Dockerfile b/packages/debs/i386/agent/Dockerfile index 4e45fa3b04..9249b5429a 100644 --- a/packages/debs/i386/agent/Dockerfile +++ b/packages/debs/i386/agent/Dockerfile @@ -36,12 +36,3 @@ RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ CC=/usr/local/gcc-9.4.0/bin/gcc && \ linux32 make -j$(nproc) && linux32 make install && \ ln -s /usr/local/bin/cmake /usr/bin/cmake && cd / && rm -rf cmake-* - -# Add the script to build the Debian package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh -ADD gen_permissions.sh /tmp/gen_permissions.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/debs/ppc64le/agent/Dockerfile b/packages/debs/ppc64le/agent/Dockerfile index a611151b9d..6bccd1c924 100644 --- a/packages/debs/ppc64le/agent/Dockerfile +++ b/packages/debs/ppc64le/agent/Dockerfile @@ -36,12 +36,3 @@ RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ CC=/usr/local/gcc-9.4.0/bin/gcc && \ make -j$(nproc) && make install && ln -s /usr/local/bin/cmake /usr/bin/cmake && \ cd / && rm -rf cmake-* - -# Add the script to build the Debian package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh -ADD gen_permissions.sh /tmp/gen_permissions.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/debs/utils/helper_function.sh b/packages/debs/utils/helper_function.sh index 02988d82d7..5bf948cafe 100644 --- a/packages/debs/utils/helper_function.sh +++ b/packages/debs/utils/helper_function.sh @@ -19,19 +19,27 @@ setup_build(){ debug="$5" cp -pr ${specs_path}/wazuh-${BUILD_TARGET}/debian ${sources_dir}/debian - cp -p /tmp/gen_permissions.sh ${sources_dir} + cp -p /home/gen_permissions.sh ${sources_dir} # Generating directory structure to build the .deb package cd ${build_dir}/${BUILD_TARGET} && tar -czf ${package_name}.orig.tar.gz "${package_name}" + # Configure the package with the different parameters + if [ "${ARCHITECTURE_TARGET}" != "amd64" ]; then + sed -i "s:export VCPKG_FORCE_SYSTEM_BINARIES=.*:export VCPKG_FORCE_SYSTEM_BINARIES=1:g" ${sources_dir}/debian/rules + fi sed -i "s:RELEASE:${REVISION}:g" ${sources_dir}/debian/changelog sed -i "s:export JOBS=.*:export JOBS=${JOBS}:g" ${sources_dir}/debian/rules + sed -i "s:export VCPKG_BINARY_SOURCES=.*:export VCPKG_BINARY_SOURCES=clear;nuget,GitHub,readwrite:g" ${sources_dir}/debian/rules sed -i "s:export DEBUG_ENABLED=.*:export DEBUG_ENABLED=${debug}:g" ${sources_dir}/debian/rules - sed -i "s#export PATH=.*#export PATH=/usr/local/gcc-5.5.0/bin:${PATH}#g" ${sources_dir}/debian/rules - sed -i "s#export LD_LIBRARY_PATH=.*#export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}#g" ${sources_dir}/debian/rules - sed -i "s:export INSTALLATION_DIR=.*:export INSTALLATION_DIR=${INSTALLATION_PATH}:g" ${sources_dir}/debian/rules - sed -i "s:DIR=\"/var/ossec\":DIR=\"${INSTALLATION_PATH}\":g" ${sources_dir}/debian/{preinst,postinst,prerm,postrm} + sed -i "s#export PATH=.*#export PATH=/usr/local/gcc-13.2.0/bin:${PATH}#g" ${sources_dir}/debian/rules + sed -i "s#export LD_LIBRARY_PATH=.*#export LD_LIBRARY_PATH=/usr/local/gcc-13.2.0/lib64/:${LD_LIBRARY_PATH}#g" ${sources_dir}/debian/rules + if [ "${INSTALLATION_PATH}" == "/" ]; then + sed -i "s:export INSTALLATION_DIR=.*:export INSTALLATION_DIR="":g" ${sources_dir}/debian/rules + else + sed -i "s:export INSTALLATION_DIR=.*:export INSTALLATION_DIR=${INSTALLATION_PATH}:g" ${sources_dir}/debian/rules + fi } set_debug(){ @@ -47,7 +55,6 @@ build_deps(){ } build_package(){ - if [[ "${ARCHITECTURE_TARGET}" == "amd64" ]] || [[ "${ARCHITECTURE_TARGET}" == "ppc64le" ]] || \ [[ "${ARCHITECTURE_TARGET}" == "arm64" ]]; then debuild --rootcmd=sudo -b -uc -us -nc diff --git a/packages/generate_package.sh b/packages/generate_package.sh index a633688c2b..af2131de52 100755 --- a/packages/generate_package.sh +++ b/packages/generate_package.sh @@ -15,6 +15,7 @@ ARCHITECTURE="amd64" SYSTEM="deb" OUTDIR="${CURRENT_PATH}/output/" BRANCH="" +VCPKG_KEY="" REVISION="0" TARGET="agent" JOBS="2" @@ -22,11 +23,11 @@ DEBUG="no" SRC="no" BUILD_DOCKER="yes" DOCKER_TAG="latest" -INSTALLATION_PATH="/var/ossec" +INSTALLATION_PATH="/" CHECKSUM="no" FUTURE="no" -LEGACY="no" IS_STAGE="no" +ENTRYPOINT="/home/build.sh" trap ctrl_c INT @@ -36,7 +37,6 @@ clean() { # Clean the files find "${DOCKERFILE_PATH}" \( -name '*.sh' -o -name '*.tar.gz' -o -name 'wazuh-*' \) ! -name 'docker_builder.sh' -exec rm -rf {} + - exit ${exit_code} } @@ -55,27 +55,8 @@ download_file() { } build_pkg() { - if [ "$LEGACY" = "yes" ]; then - REVISION="${REVISION}.el5" - TAR_URL="https://packages-dev.wazuh.com/utils/centos-5-i386-build/centos-5-i386.tar.gz" - TAR_FILE="${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}/legacy/centos-5-i386.tar.gz" - if [ ! -f "$TAR_FILE" ]; then - download_file ${TAR_URL} "${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}/legacy" - fi - DOCKERFILE_PATH="${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}/legacy" - CONTAINER_NAME="pkg_${SYSTEM}_legacy_builder_${ARCHITECTURE}" - if [ "$SYSTEM" != "rpm" ]; then - echo "Legacy mode is only available for RPM packages." - clean 1 - fi - else - CONTAINER_NAME="pkg_${SYSTEM}_${TARGET}_builder_${ARCHITECTURE}" - if [ "${ARCHITECTURE}" = "arm64" ] || [ "${ARCHITECTURE}" = "ppc64le" ]; then - DOCKERFILE_PATH="${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}" - else - DOCKERFILE_PATH="${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}/${TARGET}" - fi - fi + CONTAINER_NAME="pkg_${SYSTEM}_${TARGET}_builder_${ARCHITECTURE}" + DOCKERFILE_PATH="${CURRENT_PATH}/${SYSTEM}s/${ARCHITECTURE}/${TARGET}" # Copy the necessary files cp ${CURRENT_PATH}/build.sh ${DOCKERFILE_PATH} @@ -94,10 +75,14 @@ build_pkg() { -e INSTALLATION_PATH="${INSTALLATION_PATH}" \ -e IS_STAGE="${IS_STAGE}" \ -e WAZUH_BRANCH="${BRANCH}" \ + -e WAZUH_VERBOSE="${VERBOSE}" \ + -e VCPKG_KEY="${VCPKG_KEY}" \ ${CUSTOM_CODE_VOL} \ + -v ${DOCKERFILE_PATH}:/home:Z \ ${CONTAINER_NAME}:${DOCKER_TAG} \ + ${ENTRYPOINT} \ ${REVISION} ${JOBS} ${DEBUG} \ - ${CHECKSUM} ${FUTURE} ${LEGACY} ${SRC}|| return 1 + ${CHECKSUM} ${FUTURE} ${SRC}|| return 1 echo "Package $(ls -Art ${OUTDIR} | tail -n 1) added to ${OUTDIR}." @@ -115,7 +100,6 @@ help() { echo "Usage: $0 [OPTIONS]" echo echo " -b, --branch [Optional] Select Git branch." - echo " -t, --target [Required] Target package to build: manager or agent." echo " -a, --architecture [Optional] Target architecture of the package [amd64/i386/ppc64le/arm64/armhf]." echo " -j, --jobs [Optional] Change number of parallel jobs when compiling the manager or agent. By default: 2." echo " -r, --revision [Optional] Package revision. By default: 0." @@ -123,14 +107,16 @@ help() { echo " -p, --path [Optional] Installation path for the package. By default: /var/ossec." echo " -d, --debug [Optional] Build the binaries with debug symbols. By default: no." echo " -c, --checksum [Optional] Generate checksum on the same directory than the package. By default: no." - echo " -l, --legacy [Optional only for RPM] Build package for CentOS 5." + echo " -e, --entrypoint [Optional] Script to execute as entrypoint." echo " --dont-build-docker [Optional] Locally built docker image will be used instead of generating a new one." + echo " --vcpkg-binary-caching-key [Optional] VCPK remote binary caching repository key." echo " --tag [Optional] Tag to use with the docker image." echo " --sources [Optional] Absolute path containing wazuh source code. This option will use local source code instead of downloading it from GitHub. By default use the script path." echo " --is_stage [Optional] Use release name in package." echo " --system [Optional] Select Package OS [rpm, deb]. By default is 'deb'." echo " --src [Optional] Generate the source package in the destination directory." echo " --future [Optional] Build test future package x.30.0 Used for development purposes." + echo " --verbose [Optional] Print commands and their arguments as they are executed." echo " -h, --help Show this help." echo exit $1 @@ -152,14 +138,6 @@ main() { "-h"|"--help") help 0 ;; - "-t"|"--target") - if [ -n "$2" ]; then - TARGET="$2" - shift 2 - else - help 1 - fi - ;; "-a"|"--architecture") if [ -n "$2" ]; then ARCHITECTURE="$2" @@ -168,10 +146,6 @@ main() { help 1 fi ;; - "-l"|"--legacy") - LEGACY="yes" - shift 1 - ;; "-j"|"--jobs") if [ -n "$2" ]; then JOBS="$2" @@ -196,6 +170,14 @@ main() { help 1 fi ;; + "-e"|"--entrypoint") + if [ -n "$2" ]; then + ENTRYPOINT="$2" + shift 2 + else + help 1 + fi + ;; "-d"|"--debug") DEBUG="yes" shift 1 @@ -245,15 +227,35 @@ main() { shift 1 ;; "--system") - SYSTEM="$2" - shift 2 + if [ -n "$2" ]; then + SYSTEM="$2" + shift 2 + else + help 1 + fi + ;; + "--vcpkg-binary-caching-key") + if [ -n "$2" ]; then + VCPKG_KEY="$2" + shift 2 + else + help 1 + fi + ;; + "--verbose") + VERBOSE="yes" + shift 1 ;; *) help 1 esac done - if [ -z "${CUSTOM_CODE_VOL}" ]; then + if [ -n "${VERBOSE}" ]; then + set -x + fi + + if [ -z "${CUSTOM_CODE_VOL}" ] && [ -z "${BRANCH}" ]; then CUSTOM_CODE_VOL="-v $WAZUH_PATH:/wazuh-local-src:Z" fi diff --git a/packages/macos/generate_wazuh_packages.sh b/packages/macos/generate_wazuh_packages.sh index b7445a8a0f..46a0f1c9a9 100755 --- a/packages/macos/generate_wazuh_packages.sh +++ b/packages/macos/generate_wazuh_packages.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -ex +set -e # Program to build and package OSX wazuh-agent # Wazuh package generator # Copyright (C) 2015, Wazuh Inc. @@ -11,19 +11,21 @@ set -ex export PATH=/usr/local/bin:/Applications/CMake.app/Contents/bin:/opt/homebrew/bin:/opt/homebrew/sbin:$PATH CURRENT_PATH="$( cd $(dirname ${0}) ; pwd -P )" +PACKAGED_DIRECTORY=$CURRENT_PATH/wazuh-agent/payload ARCH="intel64" -WAZUH_SOURCE_REPOSITORY="https://github.com/wazuh/wazuh" -INSTALLATION_PATH="/Library/Ossec" # Installation path. +WAZUH_SOURCE_REPOSITORY="https://github.com/wazuh/wazuh-agent" +SERVICE_PATH="/Library/LaunchDaemons/com.wazuh.agent.plist" +INSTALLATION_PATH="/Library/Application Support/Wazuh agent.app" # Installation path. VERSION="" # Default VERSION (branch/tag). REVISION="1" # Package revision. BRANCH_TAG="" # Branch that will be downloaded to build package. -DESTINATION="${CURRENT_PATH}/output" # Where package will be stored. +DESTINATION="${CURRENT_PATH}/output" # Where package will be stored. JOBS="2" # Compilation jobs. VERBOSE="no" # Enables the full log by using `set -exf`. DEBUG="no" # Enables debug symbols while compiling. CHECKSUM="no" # Enables the checksum generation. IS_STAGE="no" # Enables release package naming. -MAKE_COMPILATION="yes" # Set whether or not to compile the code +BUILD_TYPE="full_package" # Set build type CERT_APPLICATION_ID="" # Apple Developer ID certificate to sign Apps and binaries. CERT_INSTALLER_ID="" # Apple Developer ID certificate to sign pkg. KEYCHAIN="" # Keychain where the Apple Developer ID certificate is. @@ -34,6 +36,7 @@ ALTOOL_PASS="" # Temporary Application password for altoo TEAM_ID="" # Team ID of the Apple Developer ID. pkg_name="" notarization_path="" +VCPKG_KEY="" trap ctrl_c INT @@ -41,10 +44,9 @@ function clean_and_exit() { exit_code=$1 rm -rf "${SOURCES_DIRECTORY}" if [ -z "$BRANCH_TAG" ]; then - make -C $WAZUH_PATH/src clean clean-deps + make -C $CURRENT_PATH/../../src/build clean fi - ${CURRENT_PATH}/uninstall.sh - + rm -rf $CURRENT_PATH/wazuh-agent exit ${exit_code} } @@ -84,8 +86,8 @@ function sign_binaries() { if [ ! -z "${KEYCHAIN}" ] && [ ! -z "${CERT_APPLICATION_ID}" ] ; then security -v unlock-keychain -p "${KC_PASS}" "${KEYCHAIN}" > /dev/null # Sign every single binary in Wazuh's installation. This also includes library files. - for bin in $(find ${INSTALLATION_PATH} -exec file {} \; | grep bit | cut -d: -f1); do - codesign -f --sign "${CERT_APPLICATION_ID}" --entitlements ${ENTITLEMENTS_PATH} --deep --timestamp --options=runtime --verbose=4 "${bin}" + for bin in $(find ${PACKAGED_DIRECTORY} -exec file {} \; | grep -E 'executable|bit' | cut -d: -f1); do + codesign -f --sign "${CERT_APPLICATION_ID}" --entitlements ${ENTITLEMENTS_PATH} --timestamp --options=runtime --verbose=4 "${bin}" done security -v lock-keychain "${KEYCHAIN}" > /dev/null fi @@ -97,50 +99,61 @@ function sign_pkg() { security -v unlock-keychain -p "${KC_PASS}" "${KEYCHAIN}" > /dev/null # Sign the package - productsign --sign "${CERT_INSTALLER_ID}" --timestamp ${DESTINATION}/${pkg_name} ${DESTINATION}/${pkg_name}.signed - mv ${DESTINATION}/${pkg_name}.signed ${DESTINATION}/${pkg_name} + productsign --sign "${CERT_INSTALLER_ID}" --timestamp ${DESTINATION}/${pkg_name}.pkg ${DESTINATION}/${pkg_name}.pkg.signed + mv ${DESTINATION}/${pkg_name}.pkg.signed ${DESTINATION}/${pkg_name}.pkg security -v lock-keychain "${KEYCHAIN}" > /dev/null fi } -function get_pkgproj_specs() { +function prepare_building_folder() { - VERSION="$1" + version="$1" pkg_final_name="$2" + build_info_file="${WAZUH_PACKAGES_PATH}/specs/build-info.json" + preinstall_script="${WAZUH_PACKAGES_PATH}/package_files/preinstall.sh" + postinstall_script="${WAZUH_PACKAGES_PATH}/package_files/postinstall.sh" - pkg_file="${WAZUH_PACKAGES_PATH}/specs/wazuh_agent_${ARCH}.pkgproj" + if [ -d "$CURRENT_PATH/wazuh-agent" ]; then - if [ ! -f "${pkg_file}" ]; then - echo "Warning: the file ${pkg_file} does not exists. Check the version selected." - exit 1 - else - echo "Modifiying ${pkg_file} to match revision." - sed -i -e "s:>.*${VERSION}-.*<:>${pkg_final_name}<:g" "${pkg_file}" - cp "${pkg_file}" "${AGENT_PKG_FILE}" + echo "The wazuh agent building directory is present on this machine." + echo "Removing it from the system." + + rm -rf $CURRENT_PATH/wazuh-agent fi - return 0 + munkipkg --create --json $CURRENT_PATH/wazuh-agent + + cp -f $build_info_file $CURRENT_PATH/wazuh-agent/ + + sed -i '' "s|VERSION|$version|g" $CURRENT_PATH/wazuh-agent/$(basename $build_info_file) + sed -i '' "s|PACKAGE_NAME|$pkg_final_name|g" $CURRENT_PATH/wazuh-agent/$(basename $build_info_file) + + cp $preinstall_script $CURRENT_PATH/wazuh-agent/scripts/preinstall + cp $postinstall_script $CURRENT_PATH/wazuh-agent/scripts/postinstall + + sed -i '' "s|PACKAGE_ARCH|$ARCH|g" $CURRENT_PATH/wazuh-agent/scripts/preinstall + + mkdir -p ${PACKAGED_DIRECTORY} + mkdir -p $DESTINATION } -function build_package() { +function build_package_binaries() { # Download source code if [ -n "$BRANCH_TAG" ]; then SOURCES_DIRECTORY="${CURRENT_PATH}/repository" WAZUH_PATH="${SOURCES_DIRECTORY}/wazuh" - git clone --depth=1 -b ${BRANCH_TAG} ${WAZUH_SOURCE_REPOSITORY} "${WAZUH_PATH}" + git clone -b ${BRANCH_TAG} --single-branch --recurse-submodules ${WAZUH_SOURCE_REPOSITORY} "${WAZUH_PATH}" else WAZUH_PATH="${CURRENT_PATH}/../.." fi short_commit_hash="$(cd "${WAZUH_PATH}" && git rev-parse --short HEAD)" - export CONFIG="${WAZUH_PATH}/etc/preloaded-vars.conf" WAZUH_PACKAGES_PATH="${WAZUH_PATH}/packages/macos" - AGENT_PKG_FILE="${WAZUH_PACKAGES_PATH}/package_files/wazuh_agent_${ARCH}.pkgproj" ENTITLEMENTS_PATH="${WAZUH_PACKAGES_PATH}/entitlements.plist" - VERSION=$(cat ${WAZUH_PATH}/src/VERSION | cut -d "-" -f1 | cut -c 2-) + VERSION=$(cat ${WAZUH_PATH}/src/VERSION | cut -d 'v' -f 2) # Define output package name if [ $IS_STAGE == "no" ]; then @@ -149,28 +162,28 @@ function build_package() { pkg_name="wazuh-agent-${VERSION}-${REVISION}.${ARCH}" fi - get_pkgproj_specs $VERSION $pkg_name - - if [ -d "${INSTALLATION_PATH}" ]; then - - echo "\nThe wazuh agent is already installed on this machine." - echo "Removing it from the system." + prepare_building_folder $VERSION $pkg_name - ${CURRENT_PATH}/uninstall.sh - fi + ${WAZUH_PACKAGES_PATH}/package_files/build.sh "${PACKAGED_DIRECTORY}" "${WAZUH_PATH}" ${JOBS} ${VCPKG_KEY} - ${WAZUH_PACKAGES_PATH}/package_files/build.sh "${INSTALLATION_PATH}" "${WAZUH_PATH}" ${JOBS} ${DEBUG} ${MAKE_COMPILATION} +} +function build_package() { # sign the binaries and the libraries sign_binaries # create package - if packagesbuild ${AGENT_PKG_FILE} --build-folder "${DESTINATION}/" ; then + if munkipkg $CURRENT_PATH/wazuh-agent ; then echo "The wazuh agent package for macOS has been successfully built." - pkg_name+=".pkg" + mv $CURRENT_PATH/wazuh-agent/build/*.pkg $DESTINATION/ + # symbols_pkg_name="${pkg_name}_debug_symbols" + # cp -R "${WAZUH_PATH}/src/symbols" "${DESTINATION}" + # zip -r "${DESTINATION}/${symbols_pkg_name}.zip" "${DESTINATION}/symbols" + # rm -rf "${DESTINATION}/symbols" sign_pkg if [[ "${CHECKSUM}" == "yes" ]]; then - shasum -a512 "${DESTINATION}/${pkg_name}" > "${DESTINATION}/${pkg_name}.sha512" + shasum -a512 "${DESTINATION}/${pkg_name}.pkg" > "${DESTINATION}/${pkg_name}.pkg.sha512" + # shasum -a512 "${DESTINATION}/${symbols_pkg_name}.zip" > "${DESTINATION}/${symbols_pkg_name}.sha512" fi clean_and_exit 0 else @@ -190,11 +203,12 @@ function help() { echo " -j, --jobs [Optional] Number of parallel jobs when compiling." echo " -r, --revision [Optional] Package revision that append to version e.g. x.x.x-rev" echo " -d, --debug [Optional] Build the binaries with debug symbols. By default: no." - echo " -c, --checksum [Optional] Generate checksum on the desired path (by default, if no path is specified it will be generated on the same directory than the package)." + echo " -c, --checksum [Optional] Generate checksum on the store path." echo " --is_stage [Optional] Use release name in package" - echo " -nc, --not-compile [Optional] Set whether or not to compile the code." + echo " -bt, --build-type [Optional] Set building type, binaries, package, or full_package [binaries,package,full_package]. By Default: full." + echo " --vcpkg-binary-caching-key [Optional] VCPK remote binary caching repository key." echo " -h, --help [ Util ] Show this help." - echo " -i, --install-deps [ Util ] Install build dependencies (Packages)." + echo " -i, --install-deps [ Util ] Install build dependencies." echo " -x, --install-xcode [ Util ] Install X-Code and brew. Can't be executed as root." echo " -v, --verbose [ Util ] Show additional information during the package generation." echo " Signing options:" @@ -215,35 +229,58 @@ function help() { function testdep() { - if command -v packagesbuild ; then - return 0 - else - echo "Error: packagesbuild not found. Download and install dependencies." + if [[ ! $(brew --version 2>/dev/null) =~ [0-9] ]]; then + echo "Error: brew not found. Download and install it." + echo "Use $0 -x for install it." + exit 1 + fi + + if [[ ! $(munkipkg --version 2>/dev/null) =~ [0-9] ]]; then + echo "Error: munkipkg not found. Download and install dependencies." echo "Use $0 -i for install it." exit 1 fi + + if [ -n "${VCPKG_KEY}" ]; then + if [[ ! $(mono --version 2>/dev/null) =~ [0-9] ]]; then + echo "Error: mono not found. Download and install dependencies." + echo "Use $0 -i for install it." + exit 1 + fi + fi } function install_deps() { - # Install packagesbuild tool - curl -O http://s.sudre.free.fr/Software/files/Packages.dmg - - hdiutil attach Packages.dmg - - cd /Volumes/Packages* + if [[ $(mono --version 2>/dev/null) =~ [0-9] ]]; then + echo "mono already installed" + else + # Install mono tool + echo "Installing mono" + brew install mono + fi - if sudo installer -package *Packages.pkg -target / ; then - echo "Packagesbuild was correctly installed." + if [[ $(munkipkg --version 2>/dev/null) =~ [0-9] ]]; then + echo "munkipkg already installed" else - echo "Something went wrong installing packagesbuild." + # Install munkipkg tool + echo "Installing munkipkg" + git clone https://github.com/munki/munki-pkg.git ~/Developer/munki-pkg + mkdir -p /usr/local/bin + sudo ln -s "$HOME/Developer/munki-pkg/munkipkg" /usr/local/bin/munkipkg + + if [[ $(munkipkg --version 2>/dev/null) =~ [0-9] ]]; then + echo "Munkipkg was correctly installed." + else + echo "Something went wrong installing Munkipkg." + fi fi echo "Installing build dependencies for $(uname -m) architecture." if [ "$(uname -m)" = "arm64" ]; then - brew install gcc binutils autoconf automake libtool cmake + brew install gcc binutils autoconf automake libtool cmake git pkg-config openssl else - brew install cmake + brew install cmake git pkg-config openssl fi exit 0 } @@ -252,22 +289,19 @@ function install_xcode() { # Install brew tool. Brew will install X-Code if it is not already installed in the host. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" - exit 0 } function check_root() { if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root" - echo + echo "This script must be run as root\n" exit 1 fi } function main() { - BUILD="yes" while [ -n "$1" ] do case "$1" in @@ -289,7 +323,7 @@ function main() { ;; "-s"|"--store-path") if [ -n "$2" ]; then - DESTINATION="$2" + DESTINATION=$(echo "$2" | sed 's:/*$::') shift 2 else help 1 @@ -336,9 +370,21 @@ function main() { IS_STAGE="yes" shift 1 ;; - "-nc"|"--not-compile") - MAKE_COMPILATION="no" - shift 1 + "-bt"|"--build-type") + if [ -n "$2" ]; then + BUILD_TYPE="$2" + shift 2 + else + help 1 + fi + ;; + "--vcpkg-binary-caching-key") + if [ -n "$2" ]; then + VCPKG_KEY="$2" + shift 2 + else + help 1 + fi ;; "--keychain") if [ -n "$2" ]; then @@ -414,37 +460,54 @@ function main() { done if [ ${VERBOSE} = "yes" ]; then - set -exf + set -ex fi - testdep - if [ "${ARCH}" != "intel64" ] && [ "${ARCH}" != "arm64" ]; then echo "Error: architecture not supported." echo "Supported architectures: intel64, arm64" exit 1 fi - if [[ "${BUILD}" != "no" ]]; then - check_root - build_package - "${CURRENT_PATH}/uninstall.sh" - fi + testdep + check_root + + case "$BUILD_TYPE" in + binaries) + echo "Building only the binaries for the package." + build_package_binaries + ;; + package) + if [ -d $PACKAGED_DIRECTORY ] ; then + echo "Building package with previously generated binaries." + build_package + else + echo "Binaries have not been created, existing." + clean_and_exit 1 + fi + ;; + full_package) + echo "Building binaries and packaging them." + build_package_binaries + build_package + ;; + *) + echo "Error: BUILD_TYPE mus't be one of: [binaries, package, full_package]" + clean_and_exit 1 + ;; + esac - if [ "${NOTARIZE}" = "yes" ]; then - if [ "${BUILD}" = "yes" ]; then - notarization_path="${DESTINATION}/${pkg_name}" - fi + if [ "${NOTARIZE}" = "yes" ] && { [ "${BUILD_TYPE}" = "package" ] || [ "${BUILD_TYPE}" = "full_package" ]; }; then + + notarization_path="${DESTINATION}/${pkg_name}.pkg" + if [ -z "${notarization_path}" ]; then echo "The path of the package to be notarized has not been specified." help 1 fi notarize_pkg "${notarization_path}" - fi - - if [ "${BUILD}" = "no" ] && [ "${NOTARIZE}" = "no" ]; then - echo "The branch has not been specified and notarization has not been selected." - help 1 + else + echo "Notarization has not been selected or was not available for the selected building type." fi return 0 diff --git a/packages/macos/package_files/build.sh b/packages/macos/package_files/build.sh index 1899b40c75..b8c2678b5b 100755 --- a/packages/macos/package_files/build.sh +++ b/packages/macos/package_files/build.sh @@ -7,71 +7,53 @@ # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation. -set -exf +set -e DESTINATION_PATH=$1 -SOURCES_PATH=$2 +WAZUH_PATH=$2 BUILD_JOBS=$3 -DEBUG=$4 -MAKE_COMPILATION=$5 -INSTALLATION_SCRIPTS_DIR=${DESTINATION_PATH}/packages_files/agent_installation_scripts - -function configure() { - echo USER_LANGUAGE="en" > ${CONFIG} - echo USER_NO_STOP="y" >> ${CONFIG} - echo USER_INSTALL_TYPE="agent" >> ${CONFIG} - echo USER_DIR="${DESTINATION_PATH}" >> ${CONFIG} - echo USER_DELETE_DIR="y" >> ${CONFIG} - echo USER_CLEANINSTALL="y" >> ${CONFIG} - echo USER_BINARYINSTALL="y" >> ${CONFIG} - echo USER_AGENT_SERVER_IP="MANAGER_IP" >> ${CONFIG} - echo USER_ENABLE_SYSCHECK="y" >> ${CONFIG} - echo USER_ENABLE_ROOTCHECK="y" >> ${CONFIG} - echo USER_ENABLE_ACTIVE_RESPONSE="y" >> ${CONFIG} - echo USER_CA_STORE="n" >> ${CONFIG} +VCPKG_KEY=$4 +SOURCES_DIR=${WAZUH_PATH}/src + +set_vcpkg_remote_binary_cache(){ + local vcpkg_token="$1" + + if [[ $(mono --version 2>/dev/null) =~ [0-9] ]]; then + echo "mono already installed, proceeding" + export VCPKG_BINARY_SOURCES="clear;nuget,GitHub,readwrite" + $WAZUH_PATH/src/vcpkg/bootstrap-vcpkg.sh + mono `$WAZUH_PATH/src/vcpkg/vcpkg fetch nuget | tail -n 1` \ + sources add \ + -source "https://nuget.pkg.github.com/wazuh/index.json" \ + -name "GitHub" \ + -username "wazuh" \ + -password "$vcpkg_token" + mono `$WAZUH_PATH/src/vcpkg/vcpkg fetch nuget | tail -n 1` \ + setapikey "$vcpkg_token" \ + -source "https://nuget.pkg.github.com/wazuh/index.json" + else + echo "mono in not installed, remote binary caching not being enabled" + fi } function build() { - configure - - if [ "${MAKE_COMPILATION}" == "yes" ]; then - make -C ${SOURCES_PATH}/src deps TARGET=agent - - echo "Generating Wazuh executables" - make -j $BUILD_JOBS -C ${SOURCES_PATH}/src DYLD_FORCE_FLAT_NAMESPACE=1 DEBUG=$DEBUG TARGET=agent build + if [ ! -z "${VCPKG_KEY}" ]; then + set_vcpkg_remote_binary_cache $VCPKG_KEY fi + git submodule update --init --recursive + cmake -S $SOURCES_DIR -B $SOURCES_DIR/build -DINSTALL_ROOT=$DESTINATION_PATH + make -C $SOURCES_DIR/build -j $BUILD_JOBS - echo "Running install script" - ${SOURCES_PATH}/install.sh - - find ${DESTINATION_PATH}/ruleset/sca/ -type f -exec rm -f {} \; - - # Add the auxiliar script used while installing the package - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/ - cp ${SOURCES_PATH}/gen_ossec.sh ${INSTALLATION_SCRIPTS_DIR}/ - cp ${SOURCES_PATH}/add_localfiles.sh ${INSTALLATION_SCRIPTS_DIR}/ - - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/src/init - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/etc/templates/config/{generic,darwin} - - cp -r ${SOURCES_PATH}/etc/templates/config/generic ${INSTALLATION_SCRIPTS_DIR}/etc/templates/config - cp -r ${SOURCES_PATH}/etc/templates/config/darwin ${INSTALLATION_SCRIPTS_DIR}/etc/templates/config - - find ${SOURCES_PATH}/src/init/ -name *.sh -type f -exec install -m 0640 {} ${INSTALLATION_SCRIPTS_DIR}/src/init \; - - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/sca/generic - mkdir -p ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/{15,16,17,18,20,21,22,23} - - cp -r ${SOURCES_PATH}/ruleset/sca/darwin ${INSTALLATION_SCRIPTS_DIR}/sca - cp -r ${SOURCES_PATH}/ruleset/sca/generic ${INSTALLATION_SCRIPTS_DIR}/sca - cp ${SOURCES_PATH}/etc/templates/config/generic/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/generic/ + EXECUTABLE_FILES=$(find "${SOURCES_DIR}" -maxdepth 1 -type f ! -name "*.py" -exec file {} + | grep 'executable' | cut -d: -f1) + EXECUTABLE_FILES+=" $(find "${SOURCES_DIR}" -type f ! -name "*.py" ! -path "${SOURCES_DIR}/external/*" ! -path "${SOURCES_DIR}/symbols/*" -name "*.dylib" -print 2>/dev/null)" - for n in $(seq 15 23); do - cp ${SOURCES_PATH}/etc/templates/config/darwin/$n/sca.files ${INSTALLATION_SCRIPTS_DIR}/sca/darwin/$n/ + for var in $EXECUTABLE_FILES; do + filename=$(basename "$var") + dsymutil -o "${SOURCES_DIR}/symbols/${filename}.dSYM" "$var" 2>/dev/null && strip -S "$var" done - cp ${SOURCES_PATH}/src/VERSION ${INSTALLATION_SCRIPTS_DIR}/src/ - cp ${SOURCES_PATH}/src/REVISION ${INSTALLATION_SCRIPTS_DIR}/src/ + echo "Installing sources" + make -C $SOURCES_DIR/build install -j $BUILD_JOBS } build diff --git a/packages/macos/package_files/postinstall.sh b/packages/macos/package_files/postinstall.sh index e19f92c76f..dc082a9331 100755 --- a/packages/macos/package_files/postinstall.sh +++ b/packages/macos/package_files/postinstall.sh @@ -10,163 +10,53 @@ # so the the list GroupMembership works properly GROUP="wazuh" USER="wazuh" -DIR="/Library/Ossec" -INSTALLATION_SCRIPTS_DIR="${DIR}/packages_files/agent_installation_scripts" -SCA_BASE_DIR="${INSTALLATION_SCRIPTS_DIR}/sca" +AGENT_DIR="/Library/Application Support/Wazuh agent.app" +CONF_DIR="$AGENT_DIR/etc" +DATA_DIR="$AGENT_DIR/var" +SERVICE_FILE="/Library/LaunchDaemons/com.wazuh.agent.plist" +UPGRADE_FILE_FLAG="${AGENT_DIR}/WAZUH_PKG_UPGRADE" -if [ -f "${DIR}/WAZUH_PKG_UPGRADE" ]; then - upgrade="true" -fi -if [ -f "${DIR}/WAZUH_PKG_UPGRADE" ]; then - rm -f ${DIR}/WAZUH_PKG_UPGRADE -fi - -if [ -f "${DIR}/WAZUH_RESTART" ]; then +if [ -f "${AGENT_DIR}/WAZUH_RESTART" ]; then restart="true" + rm -f ${AGENT_DIR}/WAZUH_RESTART fi -if [ -f "${DIR}/WAZUH_RESTART" ]; then - rm -f ${DIR}/WAZUH_RESTART -fi - -if [ -n "${upgrade}" ]; then - echo "Restoring configuration files from ${DIR}/config_files/ to ${DIR}/etc/" - rm -rf ${DIR}/etc/{ossec.conf,client.keys,local_internal_options.conf,shared} - cp -rf ${DIR}/config_files/{ossec.conf,client.keys,local_internal_options.conf,shared} ${DIR}/etc/ - rm -rf ${DIR}/config_files/ +if [ -f "${UPGRADE_FILE_FLAG}" ]; then + upgrade="true" + rm -f ${UPGRADE_FILE_FLAG} + echo "Restoring configuration files from ${CONF_DIR}/config_files/ to ${CONF_DIR}/etc/" + rm -f ${CONF_DIR}/wazuh-agent.yml + cp -rf ${CONF_DIR}/config_files/* ${CONF_DIR} + rm -rf ${CONF_DIR}/config_files/ fi # Default for all directories echo "Seting permissions and ownership for directories and files" -chmod -R 750 ${DIR}/ -chown -R root:${GROUP} ${DIR}/ - -chown -R root:wheel ${DIR}/bin -chown -R root:wheel ${DIR}/lib - -# To the ossec queue (default for agentd to read) -chown -R ${USER}:${GROUP} ${DIR}/queue/{alerts,diff,sockets,rids} - -chmod -R 770 ${DIR}/queue/{alerts,sockets} -chmod -R 750 ${DIR}/queue/{diff,sockets,rids} - -# For the logging user -chmod 770 ${DIR}/logs -chown -R ${USER}:${GROUP} ${DIR}/logs -find ${DIR}/logs/ -type d -exec chmod 750 {} \; -find ${DIR}/logs/ -type f -exec chmod 660 {} \; - -chown -R root:${GROUP} ${DIR}/tmp -chmod 1750 ${DIR}/tmp - -chmod 770 ${DIR}/etc -chown ${USER}:${GROUP} ${DIR}/etc -chmod 640 ${DIR}/etc/internal_options.conf -chown root:${GROUP} ${DIR}/etc/internal_options.conf -chmod 640 ${DIR}/etc/local_internal_options.conf -chown root:${GROUP} ${DIR}/etc/local_internal_options.conf -chmod 640 ${DIR}/etc/client.keys -chown root:${GROUP} ${DIR}/etc/client.keys -chmod 640 ${DIR}/etc/localtime -chmod 770 ${DIR}/etc/shared # ossec must be able to write to it -chown -R root:${GROUP} ${DIR}/etc/shared -find ${DIR}/etc/shared/ -type f -exec chmod 660 {} \; -chown root:${GROUP} ${DIR}/etc/ossec.conf -chmod 660 ${DIR}/etc/ossec.conf -chown root:${GROUP} ${DIR}/etc/wpk_root.pem -chmod 640 ${DIR}/etc/wpk_root.pem - - -chmod 770 ${DIR}/.ssh - -# For the /var/run -chmod -R 770 ${DIR}/var -chown -R root:${GROUP} ${DIR}/var - -# Check if the distribution detection script exists -if [ -f "${INSTALLATION_SCRIPTS_DIR}/src/init/dist-detect.sh" ]; then - echo "Running the dist-detect.sh script..." - . "${INSTALLATION_SCRIPTS_DIR}/src/init/dist-detect.sh" -else - echo "Error: dist-detect.sh script not found." -fi - -if [ -z "${upgrade}" ]; then - echo "Generating Wazuh configuration for a fresh installation." +chmod -R 750 ${AGENT_DIR}/ +chown -R root:${GROUP} ${AGENT_DIR}/ +chown -R root:wheel ${AGENT_DIR}/bin - if [ -f "${INSTALLATION_SCRIPTS_DIR}/gen_ossec.sh" ]; then - ${INSTALLATION_SCRIPTS_DIR}/gen_ossec.sh conf agent ${DIST_NAME} ${DIST_VER}.${DIST_SUBVER} ${DIR} > ${DIR}/etc/ossec.conf - chown root:wazuh ${DIR}/etc/ossec.conf - chmod 0640 ${DIR}/etc/ossec.conf - else - echo "Error: ${INSTALLATION_SCRIPTS_DIR}/gen_ossec.sh script not found." - fi -fi - -SCA_DIR="${DIST_NAME}/${DIST_VER}" -mkdir -p ${DIR}/ruleset/sca - -SCA_TMP_DIR="${SCA_BASE_DIR}/${SCA_DIR}" - -# Install the configuration files needed for this hosts -echo "Installing SCA configuration files..." -if [ -r "${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/${DIST_SUBVER}" -elif [ -r "${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}/${DIST_VER}" -elif [ -r "${SCA_BASE_DIR}/${DIST_NAME}/sca.files" ]; then - SCA_TMP_DIR="${SCA_BASE_DIR}/${DIST_NAME}" -else - SCA_TMP_DIR="${SCA_BASE_DIR}/generic" -fi - -SCA_TMP_FILE="${SCA_TMP_DIR}/sca.files" +chmod 770 ${DATA_DIR} +chown -R ${USER}:${GROUP} ${DATA_DIR} -if [ -r ${SCA_TMP_FILE} ]; then +chmod 770 ${CONF_DIR} +chown ${USER}:${GROUP} ${CONF_DIR} - rm -f ${DIR}/ruleset/sca/* || true - - for sca_file in $(cat ${SCA_TMP_FILE}); do - mv ${SCA_BASE_DIR}/${sca_file} ${DIR}/ruleset/sca - done -fi - -# Register and configure agent if Wazuh environment variables are defined -if [ -z "${upgrade}" ]; then - echo "Running the register_configure_agent.sh script..." - if [ -f "${INSTALLATION_SCRIPTS_DIR}/src/init/register_configure_agent.sh" ]; then - ${INSTALLATION_SCRIPTS_DIR}/src/init/register_configure_agent.sh ${DIR} > /dev/null || : - else - echo "Error: ${INSTALLATION_SCRIPTS_DIR}/src/init/register_configure_agent.sh script not found." - fi -fi - -# Remove backup file created in register_configure_agent step -if [ -e ${DIR}/etc/ossec.confre ]; then - rm -f ${DIR}/etc/ossec.confre || true -fi - -# Install the service -echo "Running the darwin-init.sh script..." -if [ -f "${INSTALLATION_SCRIPTS_DIR}/src/init/darwin-init.sh" ]; then - ${INSTALLATION_SCRIPTS_DIR}/src/init/darwin-init.sh ${DIR} -else - echo "Error: ${INSTALLATION_SCRIPTS_DIR}/src/init/darwin-init.sh script not found." -fi +sudo chown root:wheel $SERVICE_FILE +sudo chmod 644 $SERVICE_FILE # Remove temporary directory echo "Removing temporary files..." rm -rf ${DIR}/packages_files # Remove old ossec user and group if exists and change ownwership of files - if [[ $(dscl . -read /Groups/ossec) ]]; then echo "Changing group from Ossec to Wazuh" - find ${DIR}/ -group ossec -user root -exec chown root:wazuh {} \ > /dev/null 2>&1 || true + find ${AGENT_DIR}/ -group ossec -user root -exec chown root:wazuh {} \ > /dev/null 2>&1 || true if [[ $(dscl . -read /Users/ossec) ]]; then echo "Changing user from Ossec to Wazuh" - find ${DIR}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \ > /dev/null 2>&1 || true + find ${AGENT_DIR}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \ > /dev/null 2>&1 || true echo "Removing Ossec user" sudo /usr/bin/dscl . -delete "/Users/ossec" fi @@ -174,13 +64,7 @@ if [[ $(dscl . -read /Groups/ossec) ]]; then sudo /usr/bin/dscl . -delete "/Groups/ossec" fi -# Remove 4.1.5 patch -if [ -f ${DIR}/queue/alerts/sockets ]; then - echo "Removing 4.1.5 patch file socket" - rm ${DIR}/queue/alerts/sockets -fi - if [ -n "${upgrade}" ] && [ -n "${restart}" ]; then echo "Restarting Wazuh..." - ${DIR}/bin/wazuh-control restart + ${AGENT_DIR}/bin/wazuh-control restart fi diff --git a/packages/macos/package_files/preinstall.sh b/packages/macos/package_files/preinstall.sh index aaaaa1e77c..ca4f8fe9f1 100755 --- a/packages/macos/package_files/preinstall.sh +++ b/packages/macos/package_files/preinstall.sh @@ -9,78 +9,69 @@ # $1 is the message # $2 is the error code -DIR="/Library/Ossec" +AGENT_DIR="/Library/Application Support/Wazuh agent.app" +CONF_DIR="$AGENT_DIR/etc" +ARCH="PACKAGE_ARCH" -if [ -d "${DIR}" ]; then - echo "A Wazuh agent installation was found in ${DIR}. Will perform an upgrade." - - if [ -f "${DIR}/WAZUH_PKG_UPGRADE" ]; then - rm -f "${DIR}/WAZUH_PKG_UPGRADE" - fi - if [ -f "${DIR}/WAZUH_RESTART" ]; then - rm -f "${DIR}/WAZUH_RESTART" - fi +function check_errm +{ + if [[ ${?} != "0" ]] + then + echo "${1}"; + exit ${2}; + fi +} - touch "${DIR}/WAZUH_PKG_UPGRADE" - upgrade="true" +function check_arch +{ + local system_arch=$(uname -m) - if ${DIR}/bin/wazuh-control status | grep "is running" > /dev/null 2>&1; then - touch "${DIR}/WAZUH_RESTART" - restart="true" - elif ${DIR}/bin/ossec-control status | grep "is running" > /dev/null 2>&1; then - touch "${DIR}/WAZUH_RESTART" - restart="true" + if [ "$ARCH" = "intel64" ] && [ "$system_arch" = "arm64" ]; then + if ! arch -x86_64 zsh -c '' &> /dev/null; then + >&2 echo "ERROR: Rosetta is not installed. Please install it and try again." + exit 1 + fi + elif [ "$ARCH" = "arm64" ] && [ "$system_arch" = "x86_64" ]; then + >&2 echo "ERROR: Incompatible architecture. Please use the Intel package on this system." + exit 1 fi -fi +} -# Stops the agent before upgrading it -echo "Stopping the agent before upgrading it." +check_arch -if [ -f ${DIR}/bin/wazuh-control ]; then - ${DIR}/bin/wazuh-control stop -elif [ -f ${DIR}/bin/ossec-control ]; then - ${DIR}/bin/ossec-control stop -fi - -if [ -n "${upgrade}" ]; then - echo "Backing up configuration files to ${DIR}/config_files/" - mkdir -p ${DIR}/config_files/ - cp -r ${DIR}/etc/{ossec.conf,client.keys,local_internal_options.conf,shared} ${DIR}/config_files/ +if [ -d "${AGENT_DIR}" ]; then + echo "A Wazuh agent installation was found in ${AGENT_DIR}. Will perform an upgrade." + upgrade="true" + touch "${AGENT_DIR}/WAZUH_PKG_UPGRADE" - if [ -d ${DIR}/logs/ossec ]; then - echo "Renaming ${DIR}/logs/ossec to ${DIR}/logs/wazuh" - mv ${DIR}/logs/ossec ${DIR}/logs/wazuh + if [ -f "${AGENT_DIR}/WAZUH_RESTART" ]; then + rm -f "${AGENT_DIR}/WAZUH_RESTART" fi - if [ -d ${DIR}/queue/ossec ]; then - echo "Renaming ${DIR}/queue/ossec to ${DIR}/queue/sockets" - mv ${DIR}/queue/ossec ${DIR}/queue/sockets + # Stops the agent before upgrading it + if ${AGENT_DIR}/bin/wazuh-agent --status | grep "is running" > /dev/null 2>&1; then + touch "${AGENT_DIR}/WAZUH_RESTART" + ${AGENT_DIR}/bin/wazuh-agent --stop + restart="true" fi -fi -if [ -n "${upgrade}" ]; then + echo "Backing up configuration files to ${CONF_DIR}/config_files/" + mkdir -p ${CONF_DIR}/config_files/ + cp -r ${CONF_DIR}/* ${CONF_DIR}/config_files/ + if pkgutil --pkgs | grep -i wazuh-agent-etc > /dev/null 2>&1 ; then echo "Removing previous package receipt for wazuh-agent-etc" pkgutil --forget com.wazuh.pkg.wazuh-agent-etc fi fi -if [[ ! -f "/usr/bin/dscl" ]] +DSCL="/usr/bin/dscl"; +if [[ ! -f "$DSCL" ]] then echo "Error: I couldn't find dscl, dying here"; exit fi -DSCL="/usr/bin/dscl"; - -function check_errm -{ - if [[ ${?} != "0" ]] - then - echo "${1}"; - exit ${2}; - fi -} # get unique id numbers (uid, gid) that are greater than 100 echo "Getting unique id numbers (uid, gid)" @@ -88,13 +79,12 @@ unset -v i new_uid new_gid idvar; declare -i new_uid=0 new_gid=0 i=100 idvar=0; while [[ $idvar -eq 0 ]]; do i=$[i+1] - if [[ -z "$(/usr/bin/dscl . -search /Users uid ${i})" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid ${i})" ]]; + if [[ -z "$(${DSCL} . -search /Users uid ${i})" ]] && [[ -z "$(${DSCL} . -search /Groups gid ${i})" ]]; then echo "Found available UID and GID: $i" new_uid=$i new_gid=$i idvar=1 - #break fi done @@ -113,13 +103,6 @@ if [[ ${new_uid} != ${new_gid} ]] exit 5; fi -# Stops the agent before upgrading it -if [ -f ${DIR}/bin/wazuh-control ]; then - ${DIR}/bin/wazuh-control stop -elif [ -f ${DIR}/bin/ossec-control ]; then - ${DIR}/bin/ossec-control stop -fi - # Creating the group echo "Checking group..." if [[ $(dscl . -read /Groups/wazuh) ]] @@ -155,4 +138,4 @@ fi #Hide the fixed users echo "Hiding the fixed wazuh user" -dscl . create /Users/wazuh IsHidden 1 \ No newline at end of file +dscl . create /Users/wazuh IsHidden 1 diff --git a/packages/macos/specs/build-info.json b/packages/macos/specs/build-info.json new file mode 100644 index 0000000000..1d54e0931b --- /dev/null +++ b/packages/macos/specs/build-info.json @@ -0,0 +1,11 @@ +{ + "ownership": "recommended", + "suppress_bundle_relocation": true, + "postinstall_action": "none", + "preserve_xattr": true, + "name": "PACKAGE_NAME.pkg", + "identifier": "com.wazuh.pkg.wazuh-agent", + "install_location": "/", + "version": "VERSION", + "distribution_style": false +} diff --git a/packages/macos/specs/wazuh_agent_arm64.pkgproj b/packages/macos/specs/wazuh_agent_arm64.pkgproj deleted file mode 100644 index 9c463b1a19..0000000000 --- a/packages/macos/specs/wazuh_agent_arm64.pkgproj +++ /dev/null @@ -1,1255 +0,0 @@ - - - - - PACKAGES - - - MUST-CLOSE-APPLICATION-ITEMS - - MUST-CLOSE-APPLICATIONS - - PACKAGE_FILES - - DEFAULT_INSTALL_LOCATION - / - HIERARCHY - - CHILDREN - - - CHILDREN - - GID - 80 - PATH - Applications - PATH_TYPE - 0 - PERMISSIONS - 509 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 80 - PATH - Application Support - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Automator - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Documentation - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Extensions - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Filesystems - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Frameworks - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Input Methods - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Internet Plug-Ins - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - LaunchAgents - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - LaunchDaemons - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/.ssh - PATH_TYPE - 0 - PERMISSIONS - 448 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/active-response - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/agentless - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/bin - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/internal_options.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/localtime - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/client.keys - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/local_internal_options.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/ossec.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/shared - PATH_TYPE - 0 - PERMISSIONS - 504 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/wpk_root.pem - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - EXPANDED - - GID - 0 - PATH - /Library/Ossec/etc - PATH_TYPE - 0 - PERMISSIONS - 504 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/lib - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/logs - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/queue - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/tmp - PATH_TYPE - 0 - PERMISSIONS - 1000 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/packages_files - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/var - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/wodles - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/ruleset - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - EXPANDED - - GID - 0 - PATH - /Library/Ossec - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - PreferencePanes - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Preferences - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 80 - PATH - Printers - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - PrivilegedHelperTools - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - QuickLook - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - QuickTime - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Screen Savers - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Scripts - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Services - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Widgets - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - GID - 0 - PATH - Library - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - Shared - PATH_TYPE - 0 - PERMISSIONS - 1023 - TYPE - 1 - UID - 0 - - - GID - 80 - PATH - Users - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - GID - 0 - PATH - / - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - PAYLOAD_TYPE - 0 - SHOW_INVISIBLE - - SPLIT_FORKS - - TREAT_MISSING_FILES_AS_WARNING - - VERSION - 4 - - PACKAGE_SCRIPTS - - POSTINSTALL_PATH - - PATH - postinstall.sh - PATH_TYPE - 1 - - PREINSTALL_PATH - - PATH - preinstall.sh - PATH_TYPE - 1 - - RESOURCES - - - PACKAGE_SETTINGS - - AUTHENTICATION - 1 - CONCLUSION_ACTION - 0 - FOLLOW_SYMBOLIC_LINKS - - IDENTIFIER - com.wazuh.pkg.wazuh-agent - LOCATION - 0 - NAME - agent - OVERWRITE_PERMISSIONS - - PAYLOAD_SIZE - -1 - RELOCATABLE - - USE_HFS+_COMPRESSION - - VERSION - 4.9.0-1 - - TYPE - 0 - UUID - 7BC88EDC-74AB-498A-992B-DE940686D898 - - - PROJECT - - PROJECT_COMMENTS - - NOTES - - PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M - IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv - c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l - cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7 - IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250 - ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp - dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u - dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD - b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE1MDQuODMiPgo8c3R5bGUg - dHlwZT0idGV4dC9jc3MiPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5 - Pgo8L2JvZHk+CjwvaHRtbD4K - - - PROJECT_PRESENTATION - - BACKGROUND - - INSTALLATION TYPE - - HIERARCHIES - - INSTALLER - - LIST - - - DESCRIPTION - - OPTIONS - - HIDDEN - - STATE - 0 - - PACKAGE_UUID - 7BC88EDC-74AB-498A-992B-DE940686D898 - REQUIREMENTS - - TITLE - - - LANGUAGE - English - VALUE - Wazuh Agent - - - TOOLTIP - - TYPE - 0 - UUID - B5127C49-7EF4-4B73-97D7-2819981073A4 - - - REMOVED - - - - MODE - 0 - - INSTALLATION_STEPS - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewIntroductionController - INSTALLER_PLUGIN - Introduction - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewReadMeController - INSTALLER_PLUGIN - ReadMe - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewLicenseController - INSTALLER_PLUGIN - License - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewDestinationSelectController - INSTALLER_PLUGIN - TargetSelect - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewInstallationTypeController - INSTALLER_PLUGIN - PackageSelection - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewInstallationController - INSTALLER_PLUGIN - Install - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewSummaryController - INSTALLER_PLUGIN - Summary - LIST_TITLE_KEY - InstallerSectionTitle - - - INTRODUCTION - - LOCALIZATIONS - - - LANGUAGE - English - VALUE - - PATH - introduction.txt - PATH_TYPE - 1 - - - - - LICENSE - - LOCALIZATIONS - - MODE - 0 - - README - - LOCALIZATIONS - - - TITLE - - LOCALIZATIONS - - - LANGUAGE - English - VALUE - Wazuh Agent - - - - - PROJECT_REQUIREMENTS - - LIST - - - BEHAVIOR - 3 - DICTIONARY - - IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY - 3 - IC_REQUIREMENT_CPU_INTEL_ARCHITECTURE_TYPE - 0 - IC_REQUIREMENT_CPU_MINIMUM_CPU_CORES_COUNT - 1 - IC_REQUIREMENT_CPU_MINIMUM_FREQUENCY - 866666 - IC_REQUIREMENT_CPU_POWERPC_ARCHITECTURE_TYPE - 0 - - IC_REQUIREMENT_CHECK_TYPE - 0 - IDENTIFIER - fr.whitebox.Packages.requirement.cpu - MESSAGE - - - LANGUAGE - English - SECONDARY_VALUE - - VALUE - This installer has been built for Apple Silicon architecture. It won't install in other platforms. - - - - NAME - Processor - STATE - - - - BEHAVIOR - 3 - DICTIONARY - - IC_REQUIREMENT_OS_DISK_TYPE - 0 - IC_REQUIREMENT_OS_DISTRIBUTION_TYPE - 0 - IC_REQUIREMENT_OS_MINIMUM_VERSION - 100800 - - IC_REQUIREMENT_CHECK_TYPE - 1 - IDENTIFIER - fr.whitebox.Packages.requirement.os - MESSAGE - - NAME - Operating System - STATE - - - - RESOURCES - - ROOT_VOLUME_ONLY - - - PROJECT_SETTINGS - - BUILD_FORMAT - 0 - BUILD_PATH - - PATH - build - PATH_TYPE - 1 - - EXCLUDED_FILES - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - .DS_Store - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove .DS_Store files - PROXY_TOOLTIP - Remove ".DS_Store" files created by the Finder. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - .pbdevelopment - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove .pbdevelopment files - PROXY_TOOLTIP - Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - CVS - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .cvsignore - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - .cvspass - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - .svn - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .git - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .gitignore - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove SCM metadata - PROXY_TOOLTIP - Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - classes.nib - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - designable.db - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - info.nib - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Optimize nib files - PROXY_TOOLTIP - Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - Resources Disabled - TYPE - 1 - - - PROTECTED - - PROXY_NAME - Remove Resources Disabled folders - PROXY_TOOLTIP - Remove "Resources Disabled" folders. - STATE - - - - SEPARATOR - - - - NAME - wazuh-agent-4.9.0-1.arm64 - PAYLOAD_ONLY - - TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING - - - - TYPE - 0 - VERSION - 2 - - diff --git a/packages/macos/specs/wazuh_agent_intel64.pkgproj b/packages/macos/specs/wazuh_agent_intel64.pkgproj deleted file mode 100644 index 743fd71890..0000000000 --- a/packages/macos/specs/wazuh_agent_intel64.pkgproj +++ /dev/null @@ -1,1254 +0,0 @@ - - - - - PACKAGES - - - MUST-CLOSE-APPLICATION-ITEMS - - MUST-CLOSE-APPLICATIONS - - PACKAGE_FILES - - DEFAULT_INSTALL_LOCATION - / - HIERARCHY - - CHILDREN - - - CHILDREN - - GID - 80 - PATH - Applications - PATH_TYPE - 0 - PERMISSIONS - 509 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 80 - PATH - Application Support - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Automator - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Documentation - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Extensions - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Filesystems - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Frameworks - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Input Methods - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Internet Plug-Ins - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - LaunchAgents - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - LaunchDaemons - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/.ssh - PATH_TYPE - 0 - PERMISSIONS - 448 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/active-response - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/agentless - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/bin - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/internal_options.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/localtime - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/client.keys - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/local_internal_options.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/ossec.conf - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/shared - PATH_TYPE - 0 - PERMISSIONS - 504 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/etc/wpk_root.pem - PATH_TYPE - 0 - PERMISSIONS - 416 - TYPE - 3 - UID - 0 - - - EXPANDED - - GID - 0 - PATH - /Library/Ossec/etc - PATH_TYPE - 0 - PERMISSIONS - 504 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/lib - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/logs - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/queue - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/tmp - PATH_TYPE - 0 - PERMISSIONS - 1000 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/packages_files - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/var - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/wodles - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - /Library/Ossec/ruleset - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - EXPANDED - - GID - 0 - PATH - /Library/Ossec - PATH_TYPE - 0 - PERMISSIONS - 488 - TYPE - 3 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - PreferencePanes - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Preferences - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 80 - PATH - Printers - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - PrivilegedHelperTools - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - QuickLook - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - QuickTime - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Screen Savers - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Scripts - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Services - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - GID - 0 - PATH - Widgets - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - GID - 0 - PATH - Library - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - CHILDREN - - - CHILDREN - - GID - 0 - PATH - Shared - PATH_TYPE - 0 - PERMISSIONS - 1023 - TYPE - 1 - UID - 0 - - - GID - 80 - PATH - Users - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - - GID - 0 - PATH - / - PATH_TYPE - 0 - PERMISSIONS - 493 - TYPE - 1 - UID - 0 - - PAYLOAD_TYPE - 0 - SHOW_INVISIBLE - - SPLIT_FORKS - - TREAT_MISSING_FILES_AS_WARNING - - VERSION - 4 - - PACKAGE_SCRIPTS - - POSTINSTALL_PATH - - PATH - postinstall.sh - PATH_TYPE - 1 - - PREINSTALL_PATH - - PATH - preinstall.sh - PATH_TYPE - 1 - - RESOURCES - - - PACKAGE_SETTINGS - - AUTHENTICATION - 1 - CONCLUSION_ACTION - 0 - FOLLOW_SYMBOLIC_LINKS - - IDENTIFIER - com.wazuh.pkg.wazuh-agent - LOCATION - 0 - NAME - agent - OVERWRITE_PERMISSIONS - - PAYLOAD_SIZE - -1 - RELOCATABLE - - USE_HFS+_COMPRESSION - - VERSION - 4.9.0-1 - - TYPE - 0 - UUID - 7BC88EDC-74AB-498A-992B-DE940686D898 - - - PROJECT - - PROJECT_COMMENTS - - NOTES - - PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M - IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv - c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l - cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7 - IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250 - ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp - dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u - dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD - b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE1MDQuODMiPgo8c3R5bGUg - dHlwZT0idGV4dC9jc3MiPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5 - Pgo8L2JvZHk+CjwvaHRtbD4K - - - PROJECT_PRESENTATION - - BACKGROUND - - INSTALLATION TYPE - - HIERARCHIES - - INSTALLER - - LIST - - - DESCRIPTION - - OPTIONS - - HIDDEN - - STATE - 0 - - PACKAGE_UUID - 7BC88EDC-74AB-498A-992B-DE940686D898 - REQUIREMENTS - - TITLE - - - LANGUAGE - English - VALUE - Wazuh Agent - - - TOOLTIP - - TYPE - 0 - UUID - B5127C49-7EF4-4B73-97D7-2819981073A4 - - - REMOVED - - - - MODE - 0 - - INSTALLATION_STEPS - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewIntroductionController - INSTALLER_PLUGIN - Introduction - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewReadMeController - INSTALLER_PLUGIN - ReadMe - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewLicenseController - INSTALLER_PLUGIN - License - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewDestinationSelectController - INSTALLER_PLUGIN - TargetSelect - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewInstallationTypeController - INSTALLER_PLUGIN - PackageSelection - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewInstallationController - INSTALLER_PLUGIN - Install - LIST_TITLE_KEY - InstallerSectionTitle - - - ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS - ICPresentationViewSummaryController - INSTALLER_PLUGIN - Summary - LIST_TITLE_KEY - InstallerSectionTitle - - - INTRODUCTION - - LOCALIZATIONS - - - LANGUAGE - English - VALUE - - PATH - introduction.txt - PATH_TYPE - 1 - - - - - LICENSE - - LOCALIZATIONS - - MODE - 0 - - README - - LOCALIZATIONS - - - TITLE - - LOCALIZATIONS - - - LANGUAGE - English - VALUE - Wazuh Agent - - - - - PROJECT_REQUIREMENTS - - LIST - - - BEHAVIOR - 2 - DICTIONARY - - IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY - 2 - IC_REQUIREMENT_CPU_INTEL_ARCHITECTURE_TYPE - 2 - IC_REQUIREMENT_CPU_MINIMUM_CPU_CORES_COUNT - 1 - IC_REQUIREMENT_CPU_MINIMUM_FREQUENCY - 866666 - IC_REQUIREMENT_CPU_POWERPC_ARCHITECTURE_TYPE - 0 - - IC_REQUIREMENT_CHECK_TYPE - 0 - IDENTIFIER - fr.whitebox.Packages.requirement.cpu - MESSAGE - - - LANGUAGE - English - SECONDARY_VALUE - - VALUE - This installer has been built for 64-bit Intel architecture. - - - NAME - Processor - STATE - - - - BEHAVIOR - 3 - DICTIONARY - - IC_REQUIREMENT_OS_DISK_TYPE - 0 - IC_REQUIREMENT_OS_DISTRIBUTION_TYPE - 0 - IC_REQUIREMENT_OS_MINIMUM_VERSION - 100800 - - IC_REQUIREMENT_CHECK_TYPE - 1 - IDENTIFIER - fr.whitebox.Packages.requirement.os - MESSAGE - - NAME - Operating System - STATE - - - - RESOURCES - - ROOT_VOLUME_ONLY - - - PROJECT_SETTINGS - - BUILD_FORMAT - 0 - BUILD_PATH - - PATH - build - PATH_TYPE - 1 - - EXCLUDED_FILES - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - .DS_Store - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove .DS_Store files - PROXY_TOOLTIP - Remove ".DS_Store" files created by the Finder. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - .pbdevelopment - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove .pbdevelopment files - PROXY_TOOLTIP - Remove ".pbdevelopment" files created by ProjectBuilder or Xcode. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - CVS - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .cvsignore - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - .cvspass - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - .svn - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .git - TYPE - 1 - - - REGULAR_EXPRESSION - - STRING - .gitignore - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Remove SCM metadata - PROXY_TOOLTIP - Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - classes.nib - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - designable.db - TYPE - 0 - - - REGULAR_EXPRESSION - - STRING - info.nib - TYPE - 0 - - - PROTECTED - - PROXY_NAME - Optimize nib files - PROXY_TOOLTIP - Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles. - STATE - - - - PATTERNS_ARRAY - - - REGULAR_EXPRESSION - - STRING - Resources Disabled - TYPE - 1 - - - PROTECTED - - PROXY_NAME - Remove Resources Disabled folders - PROXY_TOOLTIP - Remove "Resources Disabled" folders. - STATE - - - - SEPARATOR - - - - NAME - wazuh-agent-4.9.0-1.intel64 - PAYLOAD_ONLY - - TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING - - - - TYPE - 0 - VERSION - 2 - - diff --git a/packages/macos/uninstall.sh b/packages/macos/uninstall.sh deleted file mode 100755 index b41510375a..0000000000 --- a/packages/macos/uninstall.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -## Stop and remove application -sudo /Library/Ossec/bin/wazuh-control stop -sudo /bin/rm -r /Library/Ossec* - -# remove launchdaemons -/bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist - -## remove StartupItems -/bin/rm -rf /Library/StartupItems/WAZUH - -## Remove User and Groups -/usr/bin/dscl . -delete "/Users/wazuh" -/usr/bin/dscl . -delete "/Groups/wazuh" - -/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent -/usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent-etc - -# In case it was installed via Puppet pkgdmg provider - -if [ -e /var/db/.puppet_pkgdmg_installed_wazuh-agent ]; then - rm -f /var/db/.puppet_pkgdmg_installed_wazuh-agent -fi - -echo -echo "Wazuh agent correctly removed from the system." -echo - -exit 0 diff --git a/packages/rpms/SPECS/wazuh_agent.spec b/packages/rpms/SPECS/wazuh_agent.spec index 469e909f66..793cfb17ce 100644 --- a/packages/rpms/SPECS/wazuh_agent.spec +++ b/packages/rpms/SPECS/wazuh_agent.spec @@ -1,11 +1,11 @@ -%if %{_debugenabled} == yes +%if "%{_debugenabled}" == "yes" %global _enable_debug_package 0 %global debug_package %{nil} %global __os_install_post %{nil} %define __strip /bin/true %endif -%if %{_isstage} == no +%if "%{_isstage}" == "no" %define _rpmfilename %%{NAME}_%%{VERSION}-%%{RELEASE}_%%{ARCH}_%{_hashcommit}.rpm %else %define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm @@ -24,16 +24,8 @@ Vendor: Wazuh, Inc Packager: Wazuh, Inc Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd Requires(postun): /usr/sbin/groupdel /usr/sbin/userdel -Conflicts: ossec-hids ossec-hids-agent wazuh-manager wazuh-local AutoReqProv: no -Requires: coreutils -%if 0%{?el} >= 6 || 0%{?rhel} >= 6 -BuildRequires: coreutils glibc-devel automake autoconf libtool policycoreutils-python perl -%else -BuildRequires: coreutils glibc-devel automake autoconf libtool policycoreutils perl -%endif - ExclusiveOS: linux %description @@ -44,155 +36,19 @@ log analysis, file integrity monitoring, intrusions detection and policy and com %prep %setup -q -./gen_ossec.sh conf agent centos %rhel %{_localstatedir} > etc/ossec-agent.conf - %build pushd src -# Rebuild for agent -make clean - -%if 0%{?el} >= 6 || 0%{?rhel} >= 6 - make deps TARGET=agent - make -j%{_threads} TARGET=agent USE_SELINUX=yes DEBUG=%{_debugenabled} -%else - %ifnarch amd64 - MSGPACK="USE_MSGPACK_OPT=no" - %endif - deps_version=`cat Makefile | grep "DEPS_VERSION =" | cut -d " " -f 3` - make deps RESOURCES_URL=http://packages.wazuh.com/deps/${deps_version} TARGET=agent - make -j%{_threads} TARGET=agent USE_AUDIT=no USE_SELINUX=yes USE_EXEC_ENVIRON=no DEBUG=%{_debugenabled} ${MSGPACK} - -%endif - -popd +git submodule update --init --recursive +mkdir build +pushd build +cmake .. -DINSTALL_ROOT=%{buildroot}%{_localstatedir} && make -j $(nproc) %install # Clean BUILDROOT rm -fr %{buildroot} - -echo 'USER_LANGUAGE="en"' > ./etc/preloaded-vars.conf -echo 'USER_NO_STOP="y"' >> ./etc/preloaded-vars.conf -echo 'USER_INSTALL_TYPE="agent"' >> ./etc/preloaded-vars.conf -echo 'USER_DIR="%{_localstatedir}"' >> ./etc/preloaded-vars.conf -echo 'USER_DELETE_DIR="y"' >> ./etc/preloaded-vars.conf -echo 'USER_ENABLE_ACTIVE_RESPONSE="y"' >> ./etc/preloaded-vars.conf -echo 'USER_ENABLE_SYSCHECK="y"' >> ./etc/preloaded-vars.conf -echo 'USER_ENABLE_ROOTCHECK="y"' >> ./etc/preloaded-vars.conf -echo 'USER_ENABLE_SYSCOLLECTOR="y"' >> ./etc/preloaded-vars.conf -echo 'USER_UPDATE="n"' >> ./etc/preloaded-vars.conf -echo 'USER_AGENT_SERVER_IP="MANAGER_IP"' >> ./etc/preloaded-vars.conf -echo 'USER_CA_STORE="/path/to/my_cert.pem"' >> ./etc/preloaded-vars.conf -echo 'USER_AUTO_START="n"' >> ./etc/preloaded-vars.conf -./install.sh - -%if 0%{?el} < 6 || 0%{?rhel} < 6 - mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir} - touch ${RPM_BUILD_ROOT}%{_sysconfdir}/ossec-init.conf -%endif - -# Create directories -mkdir -p ${RPM_BUILD_ROOT}%{_initrddir} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/.ssh - -# Copy the installed files into RPM_BUILD_ROOT directory -cp -pr %{_localstatedir}/* ${RPM_BUILD_ROOT}%{_localstatedir}/ -mkdir -p ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ -sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/ossec-hids-rh.init -install -m 0755 src/init/templates/ossec-hids-rh.init ${RPM_BUILD_ROOT}%{_initrddir}/wazuh-agent -sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/wazuh-agent.service -install -m 0644 src/init/templates/wazuh-agent.service ${RPM_BUILD_ROOT}/usr/lib/systemd/system/ - -# Clean the preinstalled configuration assesment files -rm -f ${RPM_BUILD_ROOT}%{_localstatedir}/ruleset/sca/* - -# Install configuration assesment files and files templates -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/{generic} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/{1,2,2023} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/{8,7,6,5} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/{9} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/{9,8,7,6,5} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/{11,12,15} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/{11,12} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/{29,30,31,32,33,34} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/{8,9} -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/{8,9} - -cp -r ruleset/sca/{generic,centos,rhel,ol,sles,amazon,rocky,almalinux} ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp - -cp etc/templates/config/generic/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic - -cp etc/templates/config/amzn/1/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1 -cp etc/templates/config/amzn/2/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 -cp etc/templates/config/amzn/2023/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 - -cp etc/templates/config/centos/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos -cp etc/templates/config/centos/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 -cp etc/templates/config/centos/7/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/7 -cp etc/templates/config/centos/6/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/6 -cp etc/templates/config/centos/5/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 - -cp etc/templates/config/ol/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9 - -cp etc/templates/config/rhel/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel -cp etc/templates/config/rhel/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/9 -cp etc/templates/config/rhel/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/8 -cp etc/templates/config/rhel/7/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/7 -cp etc/templates/config/rhel/6/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/6 -cp etc/templates/config/rhel/5/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/5 - -cp etc/templates/config/sles/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles -cp etc/templates/config/sles/11/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/11 -cp etc/templates/config/sles/12/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/12 -cp etc/templates/config/sles/15/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/15 - -cp etc/templates/config/suse/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse -cp etc/templates/config/suse/11/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/11 -cp etc/templates/config/suse/12/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/12 - -cp etc/templates/config/fedora/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora -cp etc/templates/config/fedora/29/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/29 -cp etc/templates/config/fedora/30/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/30 -cp etc/templates/config/fedora/31/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/31 -cp etc/templates/config/fedora/32/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/32 -cp etc/templates/config/fedora/33/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/33 -cp etc/templates/config/fedora/34/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/34 - -cp etc/templates/config/almalinux/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/8 -cp etc/templates/config/almalinux/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/9 - -cp etc/templates/config/rocky/8/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/8 -cp etc/templates/config/rocky/9/sca.files ${RPM_BUILD_ROOT}%{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/9 - -# Add configuration scripts -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/ -cp gen_ossec.sh ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/ -cp add_localfiles.sh ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/ - -# Templates for initscript -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/src/init -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/generic -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/centos -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/rhel -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/suse -mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/sles - -# Add SUSE initscript -sed -i "s:WAZUH_HOME_TMP:%{_localstatedir}:g" src/init/templates/ossec-hids-suse.init -cp -rp src/init/templates/ossec-hids-suse.init ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/src/init/ - -# Copy scap templates -cp -rp etc/templates/config/generic/* ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/generic -cp -rp etc/templates/config/centos/* ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/centos -cp -rp etc/templates/config/rhel/* ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/rhel -cp -rp etc/templates/config/suse/* ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/suse -cp -rp etc/templates/config/sles/* ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/sles - -install -m 0640 src/init/*.sh ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/src/init - -# Add installation scripts -cp src/VERSION ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/src/ -cp src/REVISION ${RPM_BUILD_ROOT}%{_localstatedir}/packages_files/agent_installation_scripts/src/ - +pushd src +pushd build +make install -j $(nproc) exit 0 %pre @@ -202,77 +58,37 @@ if command -v getent > /dev/null 2>&1 && ! getent group wazuh > /dev/null 2>&1; elif ! getent group wazuh > /dev/null 2>&1; then groupadd -r wazuh fi + # Create the wazuh user if it doesn't exists if ! getent passwd wazuh > /dev/null 2>&1; then useradd -g wazuh -G wazuh -d %{_localstatedir} -r -s /sbin/nologin wazuh fi -# Stop the services to upgrade the package -if [ $1 = 2 ]; then - if [ ! -d "%{_localstatedir}" ]; then - echo "Error: Directory %{_localstatedir} does not exist. Cannot perform upgrade" >&2 - exit 1 +## STOP AGENT HERE IF IT EXIST +if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl stop wazuh-agent > /dev/null 2>&1 +# Check for SysV +elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + service wazuh-agent stop > /dev/null 2>&1 +elif /usr/share/wazuh-agent/bin/wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null fi - - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then - systemctl stop wazuh-agent.service > /dev/null 2>&1 - touch %{_localstatedir}/tmp/wazuh.restart - # Check for SysV - elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - service wazuh-agent stop > /dev/null 2>&1 - touch %{_localstatedir}/tmp/wazuh.restart - elif %{_localstatedir}/bin/wazuh-control status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - touch %{_localstatedir}/tmp/wazuh.restart - elif %{_localstatedir}/bin/ossec-control status 2>/dev/null | grep "is running" > /dev/null 2>&1; then - touch %{_localstatedir}/tmp/wazuh.restart - fi - %{_localstatedir}/bin/ossec-control stop > /dev/null 2>&1 || %{_localstatedir}/bin/wazuh-control stop > /dev/null 2>&1 fi %post +# If the package is being upgraded -echo "VERSION=\"$(%{_localstatedir}/bin/wazuh-control info -v)\"" > /etc/ossec-init.conf -if [ $1 = 2 ]; then - if [ -d %{_localstatedir}/logs/ossec ]; then - rm -rf %{_localstatedir}/logs/wazuh - cp -rp %{_localstatedir}/logs/ossec %{_localstatedir}/logs/wazuh - fi - - if [ -d %{_localstatedir}/queue/ossec ]; then - rm -rf %{_localstatedir}/queue/sockets - cp -rp %{_localstatedir}/queue/ossec %{_localstatedir}/queue/sockets - fi -fi # If the package is being installed if [ $1 = 1 ]; then - - touch %{_localstatedir}/logs/active-responses.log - chown wazuh:wazuh %{_localstatedir}/logs/active-responses.log - chmod 0660 %{_localstatedir}/logs/active-responses.log - - . %{_localstatedir}/packages_files/agent_installation_scripts/src/init/dist-detect.sh - - # Generating ossec.conf file - %{_localstatedir}/packages_files/agent_installation_scripts/gen_ossec.sh conf agent ${DIST_NAME} ${DIST_VER}.${DIST_SUBVER} %{_localstatedir} > %{_localstatedir}/etc/ossec.conf - chown root:wazuh %{_localstatedir}/etc/ossec.conf - - # Add default local_files to ossec.conf - %{_localstatedir}/packages_files/agent_installation_scripts/add_localfiles.sh %{_localstatedir} >> %{_localstatedir}/etc/ossec.conf - - - # Register and configure agent if Wazuh environment variables are defined - %{_localstatedir}/packages_files/agent_installation_scripts/src/init/register_configure_agent.sh %{_localstatedir} > /dev/null || : -fi - -if [[ -d /run/systemd/system ]]; then - rm -f %{_initrddir}/wazuh-agent + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then + systemctl daemon-reload + systemctl enable wazuh-agent + fi fi -# Delete the installation files used to configure the agent -rm -rf %{_localstatedir}/packages_files - -# Remove unnecessary files from shared directory -rm -f %{_localstatedir}/etc/shared/*.rpmnew +## SCA RELATED #AlmaLinux if [ -r "/etc/almalinux-release" ]; then @@ -369,61 +185,21 @@ if [ -r ${SCA_TMP_FILE} ]; then done fi -# Set the proper selinux context -if ([ "X${DIST_NAME}" = "Xrhel" ] || [ "X${DIST_NAME}" = "Xcentos" ] || [ "X${DIST_NAME}" = "XCentOS" ]) && [ "${DIST_VER}" == "5" ]; then - if command -v getenforce > /dev/null 2>&1; then - if [ $(getenforce) != "Disabled" ]; then - chcon -t textrel_shlib_t %{_localstatedir}/lib/libwazuhext.so - chcon -t textrel_shlib_t %{_localstatedir}/lib/libwazuhshared.so - fi - fi -else - # Add the SELinux policy - if command -v getenforce > /dev/null 2>&1 && command -v semodule > /dev/null 2>&1; then - if [ $(getenforce) != "Disabled" ]; then - semodule -i %{_localstatedir}/var/selinux/wazuh.pp - semodule -e wazuh - fi - fi -fi - -# Restore ossec.conf permissions after upgrading -chmod 0660 %{_localstatedir}/etc/ossec.conf - -# Remove old ossec user and group if exists and change ownwership of files - -if getent group ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user root -exec chown root:wazuh {} \; > /dev/null 2>&1 || true - if getent passwd ossec > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossec -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - userdel ossec > /dev/null 2>&1 - fi - if getent passwd ossecm > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecm -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - userdel ossecm > /dev/null 2>&1 - fi - if getent passwd ossecr > /dev/null 2>&1; then - find %{_localstatedir}/ -group ossec -user ossecr -exec chown wazuh:wazuh {} \; > /dev/null 2>&1 || true - userdel ossecr > /dev/null 2>&1 - fi - if grep -q ossec /etc/group; then - groupdel ossec > /dev/null 2>&1 - fi -fi - %preun - if [ $1 = 0 ]; then - # Stop the services before uninstall the package # Check for systemd if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-agent > /dev/null 2>&1; then - systemctl stop wazuh-agent.service > /dev/null 2>&1 + systemctl stop wazuh-agent > /dev/null 2>&1 # Check for SysV elif command -v service > /dev/null 2>&1 && service wazuh-agent status 2>/dev/null | grep "is running" > /dev/null 2>&1; then service wazuh-agent stop > /dev/null 2>&1 + elif /usr/share/wazuh-agent/bin/wazuh-agent --status 2>/dev/null | grep "is running" > /dev/null 2>&1; then + pid=$(ps -ef | grep "${BINARY_DIR}wazuh-agent" | grep -v grep | awk '{print $2}') + if [ -n "$pid" ]; then + kill -SIGTERM "$pid" 2>/dev/null + fi fi - %{_localstatedir}/bin/wazuh-control stop > /dev/null 2>&1 # Remove the SELinux policy if command -v getenforce > /dev/null 2>&1 && command -v semodule > /dev/null 2>&1; then @@ -445,38 +221,11 @@ if [ $1 = 0 ]; then # Remove SCA files rm -f %{_localstatedir}/ruleset/sca/* - fi -%triggerin -- glibc -[ -r %{_sysconfdir}/localtime ] && cp -fpL %{_sysconfdir}/localtime %{_localstatedir}/etc - chown root:wazuh %{_localstatedir}/etc/localtime - chmod 0640 %{_localstatedir}/etc/localtime - %postun - -DELETE_WAZUH_USER_AND_GROUP=0 - -# If the upgrade downgrades to earlier versions, it will create the ossec -# group and user, we need to delete wazuh ones -if [ $1 = 1 ]; then - if command -v %{_localstatedir}/bin/ossec-control > /dev/null 2>&1; then - find %{_localstatedir} -group wazuh -exec chgrp ossec {} + - find %{_localstatedir} -user wazuh -exec chown ossec {} + - DELETE_WAZUH_USER_AND_GROUP=1 - fi - - if [ ! -f %{_localstatedir}/etc/client.keys ]; then - if [ -f %{_localstatedir}/etc/client.keys.rpmsave ]; then - mv %{_localstatedir}/etc/client.keys.rpmsave %{_localstatedir}/etc/client.keys - elif [ -f %{_localstatedir}/etc/client.keys.rpmnew ]; then - mv %{_localstatedir}/etc/client.keys.rpmnew %{_localstatedir}/etc/client.keys - fi - fi -fi - -# If the package is been uninstalled or we want to delete wazuh user and group -if [ $1 = 0 ] || [ $DELETE_WAZUH_USER_AND_GROUP = 1 ]; then +# If the package is being uninstalled or we want to delete wazuh user and group +if [ $1 = 0 ]; then # Remove the wazuh user if it exists if getent passwd wazuh > /dev/null 2>&1; then userdel wazuh >/dev/null 2>&1 @@ -490,185 +239,27 @@ if [ $1 = 0 ] || [ $DELETE_WAZUH_USER_AND_GROUP = 1 ]; then if [ $1 = 0 ];then # Remove lingering folders and files - rm -rf %{_localstatedir}/etc/shared/ - rm -rf %{_localstatedir}/queue/ - rm -rf %{_localstatedir}/var/ - rm -rf %{_localstatedir}/bin/ - rm -rf %{_localstatedir}/logs/ - rm -rf %{_localstatedir}/backup/ - rm -rf %{_localstatedir}/ruleset/ - rm -rf %{_localstatedir}/tmp + rm -rf %{_localstatedir}usr/share/wazuh-agent/bin/wazuh-agent + rm -f %{_localstatedir}usr/lib/systemd/system/wazuh-agent.service + rm -rf %{_localstatedir}etc/wazuh-agent + rm -rf %{_localstatedir}var/lib/wazuh-agent fi fi # posttrans code is the last thing executed in a install/upgrade %posttrans -if [ -f %{_sysconfdir}/systemd/system/wazuh-agent.service ]; then - rm -rf %{_sysconfdir}/systemd/system/wazuh-agent.service - systemctl daemon-reload > /dev/null 2>&1 -fi - -if [ -f %{_localstatedir}/tmp/wazuh.restart ]; then - rm -f %{_localstatedir}/tmp/wazuh.restart - if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 ; then - systemctl daemon-reload > /dev/null 2>&1 - systemctl restart wazuh-agent.service > /dev/null 2>&1 - elif command -v service > /dev/null 2>&1; then - service wazuh-agent restart > /dev/null 2>&1 - else - %{_localstatedir}/bin/wazuh-control restart > /dev/null 2>&1 - fi -fi - -if [ -d %{_localstatedir}/logs/ossec ]; then - rm -rf %{_localstatedir}/logs/ossec/ -fi - -if [ -d %{_localstatedir}/queue/ossec ]; then - rm -rf %{_localstatedir}/queue/ossec/ -fi - -if [ -f %{_sysconfdir}/ossec-init.conf ]; then - rm -f %{_sysconfdir}/ossec-init.conf - rm -f %{_localstatedir}/etc/ossec-init.conf -fi +systemctl daemon-reload > /dev/null 2>&1 %clean rm -fr %{buildroot} %files %defattr(-,root,root) -%config(missingok) %{_initrddir}/wazuh-agent -%attr(640, root, wazuh) %verify(not md5 size mtime) %ghost %{_sysconfdir}/ossec-init.conf -/usr/lib/systemd/system/wazuh-agent.service -%dir %attr(750, root, wazuh) %{_localstatedir} -%attr(750, root, wazuh) %{_localstatedir}/agentless -%dir %attr(770, root, wazuh) %{_localstatedir}/.ssh -%dir %attr(750, root, wazuh) %{_localstatedir}/active-response -%dir %attr(750, root, wazuh) %{_localstatedir}/active-response/bin -%attr(750, root, wazuh) %{_localstatedir}/active-response/bin/* -%dir %attr(750, root, root) %{_localstatedir}/bin -%attr(750, root, root) %{_localstatedir}/bin/* -%dir %attr(750, root, wazuh) %{_localstatedir}/backup -%dir %attr(770, wazuh, wazuh) %{_localstatedir}/etc -%attr(640, root, wazuh) %config(noreplace) %{_localstatedir}/etc/client.keys -%attr(640, root, wazuh) %{_localstatedir}/etc/internal_options* -%attr(640, root, wazuh) %{_localstatedir}/etc/localtime -%attr(640, root, wazuh) %config(noreplace) %{_localstatedir}/etc/local_internal_options.conf -%attr(660, root, wazuh) %config(noreplace) %{_localstatedir}/etc/ossec.conf -%attr(640, root, wazuh) %{_localstatedir}/etc/wpk_root.pem -%dir %attr(770, root, wazuh) %{_localstatedir}/etc/shared -%attr(660, root, wazuh) %config(missingok,noreplace) %{_localstatedir}/etc/shared/* -%dir %attr(750, root, wazuh) %{_localstatedir}/lib -%attr(750, root, wazuh) %{_localstatedir}/lib/* -%dir %attr(770, wazuh, wazuh) %{_localstatedir}/logs -%attr(660, wazuh, wazuh) %ghost %{_localstatedir}/logs/active-responses.log -%attr(660, root, wazuh) %ghost %{_localstatedir}/logs/ossec.log -%attr(660, root, wazuh) %ghost %{_localstatedir}/logs/ossec.json -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/logs/wazuh -%dir %attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files -%dir %attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/add_localfiles.sh -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/gen_ossec.sh -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/generic/* -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/centos/* -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/rhel/* -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/sles/* -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/etc/templates/config/suse/* -%attr(750, root, root) %config(missingok) %{_localstatedir}/packages_files/agent_installation_scripts/src/* -%dir %attr(750, root, wazuh) %{_localstatedir}/queue -%dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/sockets -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/diff -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/fim -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/fim/db -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/syscollector -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/syscollector/db -%attr(640, root, wazuh) %{_localstatedir}/queue/syscollector/norm_config.json -%dir %attr(770, wazuh, wazuh) %{_localstatedir}/queue/alerts -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/rids -%dir %attr(750, wazuh, wazuh) %{_localstatedir}/queue/logcollector -%dir %attr(750, root, wazuh) %{_localstatedir}/ruleset/ -%dir %attr(750, root, wazuh) %{_localstatedir}/ruleset/sca -%attr(750, root, wazuh) %{_localstatedir}/lib/libdbsync.so -%attr(750, root, wazuh) %{_localstatedir}/lib/librsync.so -%attr(750, root, wazuh) %{_localstatedir}/lib/libsyscollector.so -%attr(750, root, wazuh) %{_localstatedir}/lib/libsysinfo.so -%attr(750, root, wazuh) %{_localstatedir}/lib/libstdc++.so.6 -%attr(750, root, wazuh) %{_localstatedir}/lib/libgcc_s.so.1 -%attr(750, root, wazuh) %{_localstatedir}/lib/libfimdb.so -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/generic/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/1/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amzn/2023/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/sca.files -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/5/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/6 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/6/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/7 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/7/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/centos/8/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/ol/9/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/sca.files -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/5 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/5/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/6 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/6/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/7 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/7/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/8 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/8/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/9 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rhel/9/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/sca.files -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/11 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/11/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/12 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/12/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/15 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/sles/15/* -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/sca.files -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/11 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/11/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/12 -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/suse/12/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amazon -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/amazon/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/fedora/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/almalinux/* -%dir %attr(750, wazuh, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky -%attr(640, root, wazuh) %config(missingok) %{_localstatedir}/tmp/sca-%{version}-%{release}-tmp/rocky/* -%dir %attr(1770, root, wazuh) %{_localstatedir}/tmp -%dir %attr(750, root, wazuh) %{_localstatedir}/var -%dir %attr(770, root, wazuh) %{_localstatedir}/var/incoming -%dir %attr(770, root, wazuh) %{_localstatedir}/var/run -%dir %attr(770, root, wazuh) %{_localstatedir}/var/selinux -%attr(640, root, wazuh) %{_localstatedir}/var/selinux/* -%dir %attr(770, root, wazuh) %{_localstatedir}/var/upgrade -%dir %attr(770, root, wazuh) %{_localstatedir}/var/wodles -%dir %attr(750, root, wazuh) %{_localstatedir}/wodles -%attr(750, root, wazuh) %{_localstatedir}/wodles/* -%dir %attr(750, root, wazuh) %{_localstatedir}/wodles/aws -%attr(750, root, wazuh) %{_localstatedir}/wodles/aws/* -%dir %attr(750, root, wazuh) %{_localstatedir}/wodles/azure -%attr(750, root, wazuh) %{_localstatedir}/wodles/azure/* -%dir %attr(750, root, wazuh) %{_localstatedir}/wodles/docker -%attr(750, root, wazuh) %{_localstatedir}/wodles/docker/* -%dir %attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud -%attr(750, root, wazuh) %{_localstatedir}/wodles/gcloud/* +%attr(750, root, wazuh) %{_localstatedir}usr/share/wazuh-agent/bin/wazuh-agent +%attr(750, root, wazuh) %{_localstatedir}usr/lib/systemd/system/wazuh-agent.service +%dir %attr(770, root, wazuh) %{_localstatedir}etc/wazuh-agent +%dir %attr(750, root, wazuh) %{_localstatedir}var/lib/wazuh-agent +%attr(750, root, wazuh) %{_localstatedir}etc/wazuh-agent/wazuh-agent.yml %changelog * Wed Jul 10 2024 support - 4.9.0 diff --git a/packages/rpms/amd64/agent/CentOS-Base.repo b/packages/rpms/amd64/agent/CentOS-Base.repo index 96f58800c0..214e0412fe 100644 --- a/packages/rpms/amd64/agent/CentOS-Base.repo +++ b/packages/rpms/amd64/agent/CentOS-Base.repo @@ -9,46 +9,22 @@ # remarked out baseurl= line instead. # # +# Vault -[base] -name=CentOS-$releasever - Base -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/os/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 +[Vault-base] +name=Vault - CentOS-$releasever - Base +baseurl=http://vault.centos.org/centos/$releasever/os/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever -#released updates -[updates] -name=CentOS-$releasever - Updates -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/updates/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 +[Vault-updates] +name=Vault - CentOS-$releasever - Updates +baseurl=http://vault.centos.org/centos/$releasever/updates/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever -#additional packages that may be useful -[extras] -name=CentOS-$releasever - Extras -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/extras/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 - -#additional packages that extend functionality of existing packages -[centosplus] -name=CentOS-$releasever - Plus -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/centosplus/$basearch/ -gpgcheck=1 -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 - -#contrib - packages by Centos Users -[contrib] -name=CentOS-$releasever - Contrib -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/contrib/$basearch/ -gpgcheck=1 -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 - -# SCLO - packages -[centos-sclo-sclo] -name=CentOS-$releasever - SCLO -baseurl=http://mirror.nsc.liu.se/centos-store/6.10/sclo/$basearch/rh/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 +[Vault-extras] +name=Vault - CentOS-$releasever – Extras +baseurl=http://vault.centos.org/centos/$releasever/extras/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever diff --git a/packages/rpms/amd64/agent/Dockerfile b/packages/rpms/amd64/agent/Dockerfile index 298de7014c..8e498ec729 100644 --- a/packages/rpms/amd64/agent/Dockerfile +++ b/packages/rpms/amd64/agent/Dockerfile @@ -1,74 +1,95 @@ -FROM centos:6 +FROM centos:7 # Install all the necessary tools to build the packages RUN rm /etc/yum.repos.d/* && echo "exactarch=1" >> /etc/yum.conf COPY CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo +RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 RUN yum clean all && yum update -y -RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 + RUN yum install -y gcc make wget git \ - openssh-clients sudo gnupg \ + openssh-clients sudo gnupg libdb libdb-devel\ automake autoconf libtool policycoreutils-python \ yum-utils epel-release redhat-rpm-config rpm-devel \ autopoint gettext nspr nspr-devel \ - nss nss-devel kenel-headers magic magic-devel \ + nss nss-devel magic magic-devel \ db4 db4-devel zlib zlib-devel rpm-build bison \ sharutils bzip2-devel xz-devel lzo-devel \ e2fsprogs-devel libacl-devel libattr-devel \ openssl-devel libxml2-devel kexec-tools elfutils \ libarchive-devel elfutils-libelf-devel \ - elfutils-libelf patchelf elfutils-devel libgcrypt-devel + patchelf elfutils-devel libgcrypt-devel \ + file-devel gettext-devel curl-devel systemd-devel RUN yum-builddep python34 -y -RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - -RUN yum install -y nodejs +RUN wget https://ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.gz && \ + tar xzf gcc-13.2.0.tar.gz && cd gcc-13.2.0/ && \ + ./contrib/download_prerequisites && \ + ./configure --prefix=/usr/local/gcc-13.2.0 --enable-languages=c,c++ \ + --disable-multilib --disable-libsanitizer && \ + make -j$(nproc) && make install -j$(nproc) && \ + ln -fs /usr/local/gcc-13.2.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-13.2.0/bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-13.2.0/include/c++/13.2.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-13.2.0/lib64/" +ENV PATH "/usr/local/gcc-13.2.0/bin:${PATH}" +ENV PKG_CONFIG_PATH "/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH}" + +RUN curl -OL https://github.com/Kitware/CMake/releases/download/v3.30.3/cmake-3.30.3.tar.gz && \ + tar -zxf cmake-3.30.3.tar.gz && cd cmake-3.30.3 && \ + ./bootstrap --no-system-curl CC=/usr/local/gcc-13.2.0/bin/gcc \ + CXX=/usr/local/gcc-13.2.0/bin/g++ && \ + make -j$(nproc) && make install && cd / && rm -rf cmake-* + +RUN git clone https://github.com/git/git.git --branch v2.30.2 --single-branch && \ + cd git && make prefix=/usr/local && make install prefix=/usr/local && \ + ln -fs /usr/local/bin/git /usr/bin/git && cd .. && rm -rf git* -RUN curl -OL http://packages.wazuh.com/utils/perl/perl-5.10.1.tar.gz && \ - gunzip perl-5.10.1.tar.gz && tar -xf perl*.tar && \ - cd /perl-5.10.1 && ./Configure -des -Dcc='gcc' -Dusethreads && \ - make -j2 && make install && ln -fs /usr/local/bin/perl /bin/perl && \ - cd / && rm -rf /perl-5.10.1* +RUN git clone https://github.com/Perl/perl5.git --branch v5.34.0 --single-branch && \ + cd perl5 && ./Configure -des -Dcc='gcc' -Dusethreads && \ + make -j$(nproc) && make install && ln -fs /usr/local/bin/perl /bin/perl && \ + cd / && rm -rf perl* -# Update rpmbuild, rpm and autoconf RUN curl -O http://packages.wazuh.com/utils/autoconf/autoconf-2.69.tar.gz && \ gunzip autoconf-2.69.tar.gz && tar xvf autoconf-2.69.tar && \ cd autoconf-2.69 && ./configure && make -j$(nproc) && \ make install && cd / && rm -rf autoconf-* -RUN curl -O https://packages.wazuh.com/utils/libarchive/libarchive-3.1.2-12.el7.src.rpm && \ - rpmbuild --rebuild libarchive-3.1.2-12.el7.src.rpm && rpm -Uvh /root/rpmbuild/RPMS/x86_64/* --nodeps && rm -rf libarchive-* +RUN git clone https://github.com/sqlite/sqlite.git --branch version-3.46.1 --single-branch && \ + cd sqlite && ./configure && make -j$(nproc) && \ + make install -j$(nproc) && ln -fs /usr/local/bin/sqlite3 /usr/bin/sqlite3 && \ + cd / && rm -rf sqlit* -RUN curl -O http://packages.wazuh.com/utils/rpm/rpm-4.15.1.tar.bz2 && \ - tar -xjf rpm-4.15.1.tar.bz2 && cd rpm-4.15.1 && \ - ./configure --without-lua && make -j$(nproc) && make install && cd / && rm -rf rpm-* +RUN curl -sO https://lua.org/ftp/lua-5.4.7.tar.gz && tar -xzvf lua-5.4.7.tar.gz && \ + cd lua-5.4.7 && make -j$(nproc) linux CFLAGS+="-fPIC" LDFLAGS+="-fPIC" && make install && \ + ln -fs /usr/local/bin/lua /usr/bin/lua && cd / && rm -rf lua* + +RUN echo "# Package Information for pkg-config" > /usr/local/lib/pkgconfig/lua.pc && \ + echo "prefix=/usr/local" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "exec_prefix=\${prefix}" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "libdir=\${exec_prefix}/lib" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "includedir=\${prefix}/include" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Name: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Description: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Version: 5.4.7" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Libs: -L\${libdir} -llua -lm" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Cflags: -I\${includedir}" >> /usr/local/lib/pkgconfig/lua.pc + +RUN git clone https://github.com/rpm-software-management/popt.git --branch popt-1.19-release --single-branch && \ + cd popt && ./autogen.sh && ./configure && make -j$(nproc) && make install -j$(nproc) && \ + cd / && rm -rf popt* + +RUN git clone https://github.com/rpm-software-management/rpm.git --branch rpm-4.15.1-release --single-branch && \ + cd rpm && ./autogen.sh && make -j$(nproc) && make install && cd / && rm -rf rpm* RUN mkdir -p /usr/local/var/lib/rpm && \ cp /var/lib/rpm/Packages /usr/local/var/lib/rpm/Packages && \ /usr/local/bin/rpm --rebuilddb && rm -rf /root/rpmbuild -RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ - tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ - ./contrib/download_prerequisites && \ - ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ \ - --disable-multilib --disable-libsanitizer && \ - make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ - ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* - -ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" -ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" -ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" - -RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ - tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ - ./bootstrap --no-system-curl CC=/usr/local/gcc-9.4.0/bin/gcc \ - CXX=/usr/local/gcc-9.4.0/bin/g++ && \ - make -j$(nproc) && make install && cd / && rm -rf cmake-* - -# Add the scripts to build the RPM package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh +RUN rpmkeys --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF" && \ + su -c 'curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo' && \ + yum install mono-devel -y -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] +RUN curl -o /usr/local/bin/nuget https://dist.nuget.org/win-x86-commandline/v6.10.2/nuget.exe diff --git a/packages/rpms/arm64/agent/Dockerfile b/packages/rpms/arm64/agent/Dockerfile index 9d82d2115b..39b7e33b54 100644 --- a/packages/rpms/arm64/agent/Dockerfile +++ b/packages/rpms/arm64/agent/Dockerfile @@ -1,83 +1,91 @@ FROM arm64v8/centos:7 -# Enable EPEL -RUN yum install -y http://packages.wazuh.com/utils/pkg/epel-release-latest-7.noarch.rpm - # Install all the necessary tools to build the packages +RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* +RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* + RUN yum install -y gcc make wget git \ - openssh-clients sudo gnupg file-devel\ + openssh-clients sudo gnupg libdb libdb-devel\ automake autoconf libtool policycoreutils-python \ - yum-utils system-rpm-config rpm-devel \ - gettext nspr nspr-devel \ - nss nss-devel libdb libdb-devel \ - zlib zlib-devel rpm-build bison \ + yum-utils epel-release redhat-rpm-config rpm-devel \ + autopoint gettext nspr nspr-devel \ + nss nss-devel magic magic-devel ninja-build \ + db4 db4-devel zlib zlib-devel rpm-build bison \ sharutils bzip2-devel xz-devel lzo-devel \ e2fsprogs-devel libacl-devel libattr-devel \ openssl-devel libxml2-devel kexec-tools elfutils \ - libcurl-devel elfutils-libelf-devel \ - elfutils-libelf patchelf elfutils-devel libgcrypt-devel \ - libarchive-devel libarchive bluez-libs-devel bzip2 \ - desktop-file-utils expat-devel findutils gcc-c++ gdbm-devel \ - glibc-devel gmp-devel gnupg2 libappstream-glib \ - libffi-devel libtirpc-devel libGL-devel libuuid-devel \ - libX11-devel ncurses-devel pkgconfig readline-devel \ - redhat-rpm-config sqlite-devel gdb tar tcl-devel tix-devel tk-devel \ - valgrind-devel python-rpm-macros python34 nodejs - -RUN curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && \ - tar xzf gcc-9.4.0.tar.gz && cd gcc-9.4.0/ && \ + libarchive-devel elfutils-libelf-devel \ + patchelf elfutils-devel libgcrypt-devel \ + file-devel gettext-devel curl-devel systemd-devel + +RUN yum-builddep python34 -y + +RUN wget https://ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.gz && \ + tar xzf gcc-13.2.0.tar.gz && cd gcc-13.2.0/ && \ ./contrib/download_prerequisites && \ - ./configure --prefix=/usr/local/gcc-9.4.0 --enable-languages=c,c++ --disable-multilib \ - --disable-libsanitizer --disable-bootstrap && \ - make -j$(nproc) && make install && \ - ln -fs /usr/local/gcc-9.4.0/bin/g++ /usr/bin/c++ && \ - ln -fs /usr/local/gcc-9.4.0/bin/gcc /usr/bin/cc && cd / && rm -rf gcc-* - -ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-9.4.0/include/c++/9.4.0/" -ENV LD_LIBRARY_PATH "/usr/local/gcc-9.4.0/lib64/" -ENV PATH "/usr/local/gcc-9.4.0/bin:${PATH}" - -RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ - tar -zxf cmake-3.18.3.tar.gz && cd cmake-3.18.3 && \ - ./bootstrap --no-system-curl CC=/usr/local/gcc-9.4.0/bin/gcc \ - CXX=/usr/local/gcc-9.4.0/bin/g++ && \ - make -j$(nproc) && make install && cd / && rm -rf cmake-* + ./configure --prefix=/usr/local/gcc-13.2.0 --enable-languages=c,c++ \ + --disable-multilib --disable-libsanitizer && \ + make -j$(nproc) && make install -j$(nproc) && \ + ln -fs /usr/local/gcc-13.2.0/bin/g++ /usr/bin/c++ && \ + ln -fs /usr/local/gcc-13.2.0/bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-* + +ENV CPLUS_INCLUDE_PATH "/usr/local/gcc-13.2.0/include/c++/13.2.0/" +ENV LD_LIBRARY_PATH "/usr/local/gcc-13.2.0/lib64/" +ENV PATH "/usr/local/gcc-13.2.0/bin:${PATH}" +ENV PKG_CONFIG_PATH "/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH}" -# Install Perl 5.10 -RUN curl -OL http://packages.wazuh.com/utils/perl/perl-5.10.1.tar.gz && \ - gunzip perl-5.10.1.tar.gz && tar -xf perl*.tar && \ - cd /perl-5.10.1 && ./Configure -des -Dcc='gcc' -Dusethreads && \ - make -j2 && make install && ln -fs /usr/local/bin/perl /bin/perl && \ - cd / && rm -rf /perl-5.10.1* +RUN curl -OL https://github.com/Kitware/CMake/releases/download/v3.30.3/cmake-3.30.3.tar.gz && \ + tar -zxf cmake-3.30.3.tar.gz && cd cmake-3.30.3 && \ + ./bootstrap --no-system-curl CC=/usr/local/gcc-13.2.0/bin/gcc \ + CXX=/usr/local/gcc-13.2.0/bin/g++ && \ + make -j$(nproc) && make install && cd / && rm -rf cmake-* -RUN curl -O http://packages.wazuh.com/utils/openssl/openssl-1.1.1a.tar.gz && \ - tar -xzf openssl-1.1.1a.tar.gz && cd openssl* && \ - ./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' && \ - make -j $(nproc) && make install && cd / && rm -rf openssl-* +RUN git clone https://github.com/git/git.git --branch v2.30.2 --single-branch && \ + cd git && make prefix=/usr/local && make install prefix=/usr/local && \ + ln -fs /usr/local/bin/git /usr/bin/git && cd .. && rm -rf git* -RUN curl -O http://packages.wazuh.com/utils/nodejs/node-v12.16.1-linux-arm64.tar.xz && \ - tar -xJf node-v12.16.1-linux-arm64.tar.xz && \ - cd node-v12.16* && cp -R * /usr/local/ && cd / && rm -rf node-v* +RUN git clone https://github.com/Perl/perl5.git --branch v5.34.0 --single-branch && \ + cd perl5 && ./Configure -des -Dcc='gcc' -Dusethreads && \ + make -j$(nproc) && make install && ln -fs /usr/local/bin/perl /bin/perl && \ + cd / && rm -rf perl* -# Update rpmbuild, rpm and autoconf RUN curl -O http://packages.wazuh.com/utils/autoconf/autoconf-2.69.tar.gz && \ gunzip autoconf-2.69.tar.gz && tar xvf autoconf-2.69.tar && \ - cd autoconf-2.69 && ./configure && \ - make -j $(nproc) && make install && cd / && rm -rf autoconf-* + cd autoconf-2.69 && ./configure && make -j$(nproc) && \ + make install && cd / && rm -rf autoconf-* + +RUN git clone https://github.com/sqlite/sqlite.git --branch version-3.46.1 --single-branch && \ + cd sqlite && ./configure && make -j$(nproc) && \ + make install -j$(nproc) && ln -fs /usr/local/bin/sqlite3 /usr/bin/sqlite3 && \ + cd / && rm -rf sqlit* + +RUN curl -sO https://lua.org/ftp/lua-5.4.7.tar.gz && tar -xzvf lua-5.4.7.tar.gz && \ + cd lua-5.4.7 && make -j$(nproc) linux CFLAGS+="-fPIC" LDFLAGS+="-fPIC" && make install && \ + ln -fs /usr/local/bin/lua /usr/bin/lua && cd / && rm -rf lua* -RUN curl -O http://packages.wazuh.com/utils/rpm/rpm-4.15.1.tar.bz2 && \ - tar -xjf rpm-4.15.1.tar.bz2 && cd rpm-4.15.1 && \ - ./configure --without-lua && make -j $(nproc) && \ - make install && cd / && rm -rf rpm-* +RUN echo "# Package Information for pkg-config" > /usr/local/lib/pkgconfig/lua.pc && \ + echo "prefix=/usr/local" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "exec_prefix=\${prefix}" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "libdir=\${exec_prefix}/lib" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "includedir=\${prefix}/include" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Name: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Description: Lua" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Version: 5.4.7" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Libs: -L\${libdir} -llua -lm" >> /usr/local/lib/pkgconfig/lua.pc && \ + echo "Cflags: -I\${includedir}" >> /usr/local/lib/pkgconfig/lua.pc + +RUN git clone https://github.com/rpm-software-management/popt.git --branch popt-1.19-release --single-branch && \ + cd popt && ./autogen.sh && ./configure && make -j$(nproc) && make install -j$(nproc) && \ + cd / && rm -rf popt* + +RUN git clone https://github.com/rpm-software-management/rpm.git --branch rpm-4.15.1-release --single-branch && \ + cd rpm && ./autogen.sh && make -j$(nproc) && make install && cd / && rm -rf rpm* RUN mkdir -p /usr/local/var/lib/rpm && \ cp /var/lib/rpm/Packages /usr/local/var/lib/rpm/Packages && \ /usr/local/bin/rpm --rebuilddb && rm -rf /root/rpmbuild -# Add the scripts to build the RPM package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] +RUN rpmkeys --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF" && \ + su -c 'curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo' && \ + yum install mono-devel -y diff --git a/packages/rpms/armhf/agent/Dockerfile b/packages/rpms/armhf/agent/Dockerfile index 221cb36cdb..b532df5900 100644 --- a/packages/rpms/armhf/agent/Dockerfile +++ b/packages/rpms/armhf/agent/Dockerfile @@ -57,11 +57,3 @@ RUN echo "%_arch armv7hl" >> /root/.rpmmacros RUN mkdir -p /usr/local/var/lib/rpm && \ cp /var/lib/rpm/Packages /usr/local/var/lib/rpm/Packages && \ /usr/local/bin/rpm --rebuilddb && rm -rf /root/rpmbuild - -# Add the scripts to build the RPM package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/rpms/i386/agent/Dockerfile b/packages/rpms/i386/agent/Dockerfile index 9fa107f380..129864b9f3 100644 --- a/packages/rpms/i386/agent/Dockerfile +++ b/packages/rpms/i386/agent/Dockerfile @@ -64,11 +64,3 @@ RUN curl -OL http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz && \ linux32 ./bootstrap --no-system-curl CC=/usr/local/gcc-9.4.0/bin/gcc \ CXX=/usr/local/gcc-9.4.0/bin/g++ && \ linux32 make -j$(nproc) && linux32 make install && cd / && rm -rf cmake-* - -# Add the scripts to build the RPM package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/rpms/ppc64le/agent/Dockerfile b/packages/rpms/ppc64le/agent/Dockerfile index 923fa769e1..f8f634fe7e 100644 --- a/packages/rpms/ppc64le/agent/Dockerfile +++ b/packages/rpms/ppc64le/agent/Dockerfile @@ -1,6 +1,10 @@ FROM ppc64le/centos:7 # Install all the necessary tools to build the packages +# CentOS 7 is EOL, so we need to change the repositories to use the vault +RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* +RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* + RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 RUN yum -y install centos-release-scl RUN mv /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo.old @@ -47,11 +51,3 @@ RUN curl -OL http://packages.wazuh.com/utils/perl/perl-5.10.1.tar.gz && \ cd /perl-5.10.1 && ./Configure -des -Dcc='gcc' -Dusethreads && \ make -j2 && make install && ln -fs /usr/local/bin/perl /bin/perl && \ cd / && rm -rf /perl-5.10.1* - -# Add the scripts to build the RPM package -ADD build.sh /usr/local/bin/build_package -RUN chmod +x /usr/local/bin/build_package -ADD helper_function.sh /usr/local/bin/helper_function.sh - -# Set the entrypoint -ENTRYPOINT ["/usr/local/bin/build_package"] diff --git a/packages/rpms/utils/helper_function.sh b/packages/rpms/utils/helper_function.sh index 3e4e4a59f2..6bc24433a0 100644 --- a/packages/rpms/utils/helper_function.sh +++ b/packages/rpms/utils/helper_function.sh @@ -23,7 +23,7 @@ setup_build(){ mkdir -p ${rpm_build_dir}/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} - cp ${specs_path}/wazuh-${BUILD_TARGET}.spec ${rpm_build_dir}/SPECS/${package_name}.spec + cp ${specs_path}/wazuh_${BUILD_TARGET}.spec ${rpm_build_dir}/SPECS/${package_name}.spec # Generating source tar.gz cd ${build_dir}/${BUILD_TARGET} && tar czf "${rpm_build_dir}/SOURCES/${package_name}.tar.gz" "${package_name}" @@ -37,19 +37,16 @@ set_debug(){ } build_deps(){ - local legacy="$1" - if [ "${legacy}" = "no" ]; then - echo "%_source_filedigest_algorithm 8" >> /root/.rpmmacros - echo "%_binary_filedigest_algorithm 8" >> /root/.rpmmacros - if [ "${BUILD_TARGET}" = "agent" ]; then - echo " %rhel 6" >> /root/.rpmmacros - echo " %centos 6" >> /root/.rpmmacros - echo " %centos_ver 6" >> /root/.rpmmacros - echo " %dist .el6" >> /root/.rpmmacros - echo " %el6 1" >> /root/.rpmmacros - fi - rpmbuild="/usr/local/bin/rpmbuild" + echo "%_source_filedigest_algorithm 8" >> /root/.rpmmacros + echo "%_binary_filedigest_algorithm 8" >> /root/.rpmmacros + if [ "${BUILD_TARGET}" = "agent" ]; then + echo " %rhel 7" >> /root/.rpmmacros + echo " %centos 7" >> /root/.rpmmacros + echo " %centos_ver 7" >> /root/.rpmmacros + echo " %dist .el7" >> /root/.rpmmacros + echo " %el7 1" >> /root/.rpmmacros fi + rpmbuild="/usr/local/bin/rpmbuild" } build_package(){ diff --git a/packages/windows/entrypoint.sh b/packages/windows/entrypoint.sh index 03e5e5920f..c5a8dbbe81 100755 --- a/packages/windows/entrypoint.sh +++ b/packages/windows/entrypoint.sh @@ -19,7 +19,7 @@ if [ -z "${BRANCH}"]; then mkdir /wazuh-local-src cp -r /local-src/* /wazuh-local-src else - URL_REPO=https://github.com/wazuh/wazuh/archive/${BRANCH}.zip + URL_REPO=https://github.com/wazuh/wazuh-agent/archive/${BRANCH}.zip # Download the wazuh repository wget -O wazuh.zip ${URL_REPO} && unzip wazuh.zip diff --git a/packages/windows/generate_wazuh_msi.ps1 b/packages/windows/generate_wazuh_msi.ps1 index 99ec154b1c..40cecc4b9b 100644 --- a/packages/windows/generate_wazuh_msi.ps1 +++ b/packages/windows/generate_wazuh_msi.ps1 @@ -6,6 +6,8 @@ param ( [string]$SIGN = "no", [string]$WIX_TOOLS_PATH = "", [string]$SIGN_TOOLS_PATH = "", + [string]$CERTIFICATE_PATH = "", + [string]$CERTIFICATE_PASSWORD = "", [switch]$help ) @@ -22,12 +24,13 @@ if(($help.isPresent)) { 2. SIGN: yes or no. By default 'no'. 3. WIX_TOOLS_PATH: Wix tools path. 4. SIGN_TOOLS_PATH: sign tools path. + 5. CERTIFICATE_PATH: Path to the .pfx certificate file. + 6. CERTIFICATE_PASSWORD: Password for the .pfx certificate file. USAGE: * WAZUH: $ ./generate_wazuh_msi.ps1 -MSI_NAME {{ NAME }} -SIGN {{ yes|no }} -WIX_TOOLS_PATH {{ PATH }} -SIGN_TOOLS_PATH {{ PATH }} - Build a devel msi: $ ./generate_wazuh_msi.ps1 -MSI_NAME wazuh-agent_4.9.0-0_windows_0ceb378.msi -SIGN no Build a prod msi: $ ./generate_wazuh_msi.ps1 -MSI_NAME wazuh-agent-4.9.0-1.msi -SIGN yes " @@ -53,19 +56,35 @@ function BuildWazuhMsi(){ } if($SIGN -eq "yes"){ - # Sign .exe files and the InstallerScripts.vbs - Write-Host "Signing .exe files..." - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 ".\*.exe" - Write-Host "Signing .vbs files..." - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 ".\InstallerScripts.vbs" - Write-Host "Signing .dll files..." - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\*.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 ".\*.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\data_provider\build\bin\sysinfo.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\shared_modules\dbsync\build\bin\dbsync.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\shared_modules\rsync\build\bin\rsync.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\wazuh_modules\syscollector\build\bin\syscollector.dll" - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 "..\syscheckd\build\bin\libfimdb.dll" + # Determine signing command options + $signOptions = @() + if ($CERTIFICATE_PATH -ne "" -and $CERTIFICATE_PASSWORD -ne "") { + $signOptions += "/f" + $signOptions += "`"$CERTIFICATE_PATH`"" + $signOptions += "/p" + $signOptions += "`"$CERTIFICATE_PASSWORD`"" + } else { + $signOptions += "/a" + } + + # Define files to sign + $filesToSign = @( + ".\*.exe", + ".\InstallerScripts.vbs", + "..\*.dll", + ".\*.dll", + "..\data_provider\build\bin\sysinfo.dll", + "..\shared_modules\dbsync\build\bin\dbsync.dll", + "..\shared_modules\rsync\build\bin\rsync.dll", + "..\wazuh_modules\syscollector\build\bin\syscollector.dll", + "..\syscheckd\build\bin\libfimdb.dll" + ) + + # Sign the files + foreach ($file in $filesToSign) { + Write-Host "Signing $file..." + & $SIGNTOOL_EXE sign $signOptions /tr http://timestamp.digicert.com /fd SHA256 /td SHA256 $file + } } Write-Host "Building MSI installer..." @@ -75,7 +94,7 @@ function BuildWazuhMsi(){ if($SIGN -eq "yes"){ Write-Host "Signing $MSI_NAME..." - & $SIGNTOOL_EXE sign /a /tr http://timestamp.digicert.com /d $MSI_NAME /fd SHA256 /td SHA256 $MSI_NAME + & $SIGNTOOL_EXE sign $signOptions /tr http://timestamp.digicert.com /d $MSI_NAME /fd SHA256 /td SHA256 $MSI_NAME } } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c813e66fe5..37d5d39037 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,20 +1,71 @@ cmake_minimum_required(VERSION 3.22) set(CMAKE_TOOLCHAIN_FILE "${CMAKE_SOURCE_DIR}/vcpkg/scripts/buildsystems/vcpkg.cmake") - +set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -static-libstdc++") +get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../ ABSOLUTE) +get_filename_component(CONFIG_FOLDER ${CMAKE_SOURCE_DIR}/../etc/config/ ABSOLUTE) project(wazuh-agent) include(cmake/CommonSettings.cmake) set_common_settings() +if(ENABLE_LOGCOLLECTOR OR ENABLE_INVENTORY) + add_subdirectory(common) +else() + add_subdirectory(common/config) + add_subdirectory(common/logger) + add_subdirectory(common/utils) + add_subdirectory(common/data_provider) + add_subdirectory(common/networkHelper) + add_subdirectory(common/filesystem_wrapper) +endif() +add_subdirectory(modules) add_subdirectory(agent) -add_subdirectory(common) add_executable(wazuh-agent agent/src/main.cpp) target_link_libraries(wazuh-agent Agent Logger) +if(WIN32) + include(cmake/SetWindowsManifest.cmake) + set_windows_manifest() +endif() + include(cmake/ConfigureTarget.cmake) -configure_target(Agent) +configure_target(wazuh-agent) + +## Installation +set(INSTALL_ROOT "" CACHE PATH "Root directory for installation") + +if("${INSTALL_ROOT}" STREQUAL "/") + set(INSTALL_ROOT "") +endif() + +install(CODE "file(MAKE_DIRECTORY \"${INSTALL_ROOT}${DATA_INSTALL_DIR}\")") + +install(TARGETS wazuh-agent + DESTINATION ${INSTALL_ROOT}${BIN_INSTALL_DIR}) + +install(CODE "file(MAKE_DIRECTORY \"${INSTALL_ROOT}${CONFIG_INSTALL_DIR}\")") +install(FILES ${CONFIG_FOLDER}/wazuh-agent.yml + DESTINATION ${INSTALL_ROOT}${CONFIG_INSTALL_DIR}) +install(TARGETS wazuh-agent + DESTINATION ${INSTALL_ROOT}${BIN_INSTALL_DIR}) + +message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}") + +if(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR CMAKE_SYSTEM_NAME STREQUAL "Darwin") + get_filename_component(SERVICE_FILENAME "${SERVICE_FILE}" NAME) + set(SOURCE_FILE "${CMAKE_SOURCE_DIR}/agent/service/${SERVICE_FILENAME}") + set(OUTPUT_FILE "${CMAKE_BINARY_DIR}/${SERVICE_FILENAME}") + + file(READ "${SOURCE_FILE}" FILE_CONTENTS) + string(REPLACE "WAZUH_HOME" "${BIN_INSTALL_DIR}" FILE_CONTENTS "${FILE_CONTENTS}") + file(WRITE "${OUTPUT_FILE}" "${FILE_CONTENTS}") + + add_custom_target(generate_service_file ALL DEPENDS "${OUTPUT_FILE}") + install(FILES "${OUTPUT_FILE}" + DESTINATION "${INSTALL_ROOT}${SERVICE_INSTALL_DIR}") +endif() if(BUILD_TESTS) enable_testing() diff --git a/src/REVISION b/src/REVISION new file mode 100644 index 0000000000..573541ac97 --- /dev/null +++ b/src/REVISION @@ -0,0 +1 @@ +0 diff --git a/src/VERSION b/src/VERSION new file mode 100644 index 0000000000..0062ac9718 --- /dev/null +++ b/src/VERSION @@ -0,0 +1 @@ +5.0.0 diff --git a/src/agent/CMakeLists.txt b/src/agent/CMakeLists.txt index 588dcafe25..3fae9c30ca 100644 --- a/src/agent/CMakeLists.txt +++ b/src/agent/CMakeLists.txt @@ -8,33 +8,76 @@ project(Agent) include(../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - add_subdirectory(agent_info) +add_subdirectory(centralized_configuration) add_subdirectory(command_handler) add_subdirectory(communicator) add_subdirectory(configuration_parser) +add_subdirectory(module_command) add_subdirectory(multitype_queue) add_subdirectory(sqlite_manager) add_subdirectory(command_store) find_package(OpenSSL REQUIRED) -find_package(Boost REQUIRED COMPONENTS asio beast) +find_package(Boost REQUIRED COMPONENTS asio beast system program_options) +find_package(nlohmann_json CONFIG REQUIRED) +find_package(fmt REQUIRED) + +if(WIN32) + set(SOURCES + src/windows/windows_api_facade.cpp + src/windows/windows_service.cpp + src/process_options_win.cpp + src/signal_handler_win.cpp + ) +elseif(UNIX) + set(SOURCES + src/unix/unix_daemon.cpp + src/process_options_unix.cpp + src/signal_handler_unix.cpp + ) +endif() -set(SOURCES +list(APPEND SOURCES src/agent.cpp + src/agent_registration.cpp src/command_handler_utils.cpp src/message_queue_utils.cpp - src/register.cpp + src/process_options.cpp src/signal_handler.cpp - $<$>:src/signal_handler_win.cpp> - $<$>:src/signal_handler_unix.cpp> src/task_manager.cpp ) add_library(Agent ${SOURCES}) -target_include_directories(Agent PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) -target_link_libraries(Agent PUBLIC ConfigurationParser Communicator AgentInfo CommandHandler MultiTypeQueue PRIVATE OpenSSL::SSL OpenSSL::Crypto Boost::asio Boost::beast Logger) +target_include_directories(Agent + PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src + ${CMAKE_CURRENT_SOURCE_DIR}/src/unix + ${CMAKE_CURRENT_SOURCE_DIR}/src/windows) +target_link_libraries(Agent + PUBLIC + CentralizedConfiguration + ConfigurationParser + Communicator + AgentInfo + CommandHandler + MultiTypeQueue + ModuleManager + ModuleCommand + CentralizedConfiguration + Boost::asio + sysinfo + PRIVATE + OpenSSL::SSL + OpenSSL::Crypto + Boost::beast + Boost::system + Boost::program_options + nlohmann_json::nlohmann_json + fmt::fmt + Logger + Config +) include(../cmake/ConfigureTarget.cmake) configure_target(Agent) diff --git a/src/agent/agent_info/CMakeLists.txt b/src/agent/agent_info/CMakeLists.txt index 7f77d487a4..d1f5aceac5 100644 --- a/src/agent/agent_info/CMakeLists.txt +++ b/src/agent/agent_info/CMakeLists.txt @@ -8,14 +8,14 @@ project(AgentInfo) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - -find_package(SQLiteCpp REQUIRED) find_package(Boost REQUIRED COMPONENTS uuid) +find_package(nlohmann_json CONFIG REQUIRED) add_library(AgentInfo src/agent_info.cpp src/agent_info_persistance.cpp) -target_include_directories(AgentInfo PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) -target_link_libraries(AgentInfo PRIVATE SQLiteCpp Boost::uuid Logger) +target_include_directories(AgentInfo PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${CMAKE_CURRENT_SOURCE_DIR}/src) +target_link_libraries(AgentInfo PUBLIC nlohmann_json::nlohmann_json Config PRIVATE SQLiteManager Boost::uuid Logger) if(MSVC) target_link_libraries(AgentInfo PRIVATE bcrypt) diff --git a/src/agent/agent_info/include/agent_info.hpp b/src/agent/agent_info/include/agent_info.hpp index 0d3cecedbb..c22287fa10 100644 --- a/src/agent/agent_info/include/agent_info.hpp +++ b/src/agent/agent_info/include/agent_info.hpp @@ -1,23 +1,140 @@ #pragma once +#include +#include + +#include #include +#include +/// @brief Stores and manages information about an agent. +/// +/// This class provides methods for getting and setting the agent's name, key, +/// UUID, and groups. It also includes private methods for creating and +/// validating the key. class AgentInfo { public: - AgentInfo(); - AgentInfo(std::string name, std::string key, std::string uuid); + /// @brief Constructs an AgentInfo object with OS and network information retrieval functions. + /// + /// This constructor initializes the AgentInfo object by setting up OS and network + /// information retrieval functions. It also generates a UUID for the agent if one + /// does not already exist, and loads endpoint, metadata, and header information. + /// + /// @param dbFolderPath Path to the SQLite database folder. + /// @param getOSInfo Function to retrieve OS information in JSON format. + /// @param getNetworksInfo Function to retrieve network information in JSON format. + AgentInfo(std::string dbFolderPath = config::DEFAULT_DATA_PATH, + std::function getOSInfo = nullptr, + std::function getNetworksInfo = nullptr); + /// @brief Gets the agent's name. + /// @return The agent's name. std::string GetName() const; + + /// @brief Gets the agent's key. + /// @return The agent's key. std::string GetKey() const; + + /// @brief Gets the agent's UUID. + /// @return The agent's UUID. std::string GetUUID() const; - void SetName(const std::string& name); - void SetKey(const std::string& key); + /// @brief Gets the agent's groups. + /// @return A vector of the agent's groups. + std::vector GetGroups() const; + + /// @brief Sets the agent's name. The change is not saved to the database until `Save` is called. + /// @param name The agent's new name. + /// @return True if the name was successfully set, false otherwise. + bool SetName(const std::string& name); + + /// @brief Sets the agent's key. The change is not saved to the database until `Save` is called. + /// @param key The agent's new key. + /// @return True if the key was successfully set, false otherwise. + bool SetKey(const std::string& key); + + /// @brief Sets the agent's UUID. The change is not saved to the database until `Save` is called. + /// @param uuid The agent's new UUID. void SetUUID(const std::string& uuid); + /// @brief Sets the agent's groups. The change is not saved to the database until `Save` is called. + /// @param groupList A vector of the agent's new groups. + void SetGroups(const std::vector& groupList); + + /// @brief Gets the agent's type. + /// @return The agent's type. + std::string GetType() const; + + /// @brief Gets the agent's version. + /// @return The agent's version. + std::string GetVersion() const; + + /// @brief Gets the agent information for the request header. + /// @return A string with the information for the request header. + std::string GetHeaderInfo() const; + + /// @brief Gets all the information about the agent. + /// @param agentIsRegistering Indicates if the agent is about to register. + /// @return A string with all information about the agent. + std::string GetMetadataInfo(const bool agentIsRegistering) const; + + /// @brief Saves the agent's information to the database. + void Save() const; + + /// @brief Saves the agent's group information to the database. + /// @return True if the operation was successful, false otherwise. + bool SaveGroups() const; + private: + /// @brief Creates a random key for the agent. + /// + /// The key is 32 alphanumeric characters. + /// + /// @return A randomly generated key. + std::string CreateKey() const; + + /// @brief Validates a given key. + /// @param key The key to validate. + /// @return True if the key is valid (32 alphanumeric characters), false + /// otherwise. + bool ValidateKey(const std::string& key) const; + + /// @brief Loads the endpoint information into `m_endpointInfo`. + void LoadEndpointInfo(); + + /// @brief Loads the header information into `m_headerInfo`. + void LoadHeaderInfo(); + + /// @brief Extracts the active IP address from the network JSON data. + /// @param networksJson JSON object containing network interface information. + /// @return Vector of strings with the active IP addresses. + std::vector GetActiveIPAddresses(const nlohmann::json& networksJson) const; + + /// @brief The agent's data folder path. + std::string m_dataFolderPath; + + /// @brief The agent's name. std::string m_name; + + /// @brief The agent's key. std::string m_key; + + /// @brief The agent's UUID. std::string m_uuid; + + /// @brief The agent's groups. + std::vector m_groups; + + /// @brief The agent's endpoint information. + nlohmann::json m_endpointInfo; + + /// @brief The agent's header information. + std::string m_headerInfo; + + /// @brief The OS information + std::function m_getOSInfo; + + /// @brief The networks information + std::function m_getNetworksInfo; }; diff --git a/src/agent/agent_info/src/agent_info.cpp b/src/agent/agent_info/src/agent_info.cpp index 7a9a8b66fb..ba8a3ea838 100644 --- a/src/agent/agent_info/src/agent_info.cpp +++ b/src/agent/agent_info/src/agent_info.cpp @@ -5,31 +5,45 @@ #include #include #include +#include #include -AgentInfo::AgentInfo() +namespace { - AgentInfoPersistance agentInfoPersistance; + constexpr size_t KEY_LENGTH = 32; + const std::string AGENT_TYPE = "Endpoint"; + const std::string AGENT_VERSION = "5.0.0"; + const std::string PRODUCT_NAME = "WazuhXDR"; +} // namespace + +AgentInfo::AgentInfo(std::string dbFolderPath, + std::function getOSInfo, + std::function getNetworksInfo) + : m_dataFolderPath(std::move(dbFolderPath)) +{ + AgentInfoPersistance agentInfoPersistance(m_dataFolderPath); m_name = agentInfoPersistance.GetName(); m_key = agentInfoPersistance.GetKey(); m_uuid = agentInfoPersistance.GetUUID(); + m_groups = agentInfoPersistance.GetGroups(); if (m_uuid.empty()) { m_uuid = boost::uuids::to_string(boost::uuids::random_generator()()); - agentInfoPersistance.SetUUID(m_uuid); } -} -AgentInfo::AgentInfo(std::string name, std::string key, std::string uuid) - : m_name(std::move(name)) - , m_key(std::move(key)) - , m_uuid(std::move(uuid)) -{ - AgentInfoPersistance agentInfoPersistance; - agentInfoPersistance.SetName(m_name); - agentInfoPersistance.SetKey(m_key); - agentInfoPersistance.SetUUID(m_uuid); + if (getOSInfo != nullptr) + { + m_getOSInfo = std::move(getOSInfo); + } + + if (getNetworksInfo != nullptr) + { + m_getNetworksInfo = std::move(getNetworksInfo); + } + + LoadEndpointInfo(); + LoadHeaderInfo(); } std::string AgentInfo::GetName() const @@ -47,23 +61,187 @@ std::string AgentInfo::GetUUID() const return m_uuid; } -void AgentInfo::SetName(const std::string& name) +std::vector AgentInfo::GetGroups() const +{ + return m_groups; +} + +bool AgentInfo::SetName(const std::string& name) { - AgentInfoPersistance agentInfoPersistance; - agentInfoPersistance.SetName(name); - m_name = name; + if (!name.empty()) + { + m_name = name; + } + else if (m_getOSInfo != nullptr) + { + m_name = m_getOSInfo().value("hostname", "Unknown"); + } + else + { + return false; + } + + return true; } -void AgentInfo::SetKey(const std::string& key) +bool AgentInfo::SetKey(const std::string& key) { - AgentInfoPersistance agentInfoPersistance; - agentInfoPersistance.SetKey(key); - m_key = key; + if (!key.empty()) + { + if (!ValidateKey(key)) + { + return false; + } + m_key = key; + } + else + { + m_key = CreateKey(); + } + + return true; } void AgentInfo::SetUUID(const std::string& uuid) { - AgentInfoPersistance agentInfoPersistance; - agentInfoPersistance.SetUUID(uuid); m_uuid = uuid; } + +void AgentInfo::SetGroups(const std::vector& groupList) +{ + m_groups = groupList; +} + +std::string AgentInfo::CreateKey() const +{ + constexpr std::string_view charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + + std::random_device rd; + std::mt19937 generator(rd()); + std::uniform_int_distribution distribution(0, charset.size() - 1); + + std::string key; + for (size_t i = 0; i < KEY_LENGTH; ++i) + { + key += charset[distribution(generator)]; + } + + return key; +} + +bool AgentInfo::ValidateKey(const std::string& key) const +{ + return key.length() == KEY_LENGTH && std::ranges::all_of(key, ::isalnum); +} + +std::string AgentInfo::GetType() const +{ + return AGENT_TYPE; +} + +std::string AgentInfo::GetVersion() const +{ + return AGENT_VERSION; +} + +std::string AgentInfo::GetHeaderInfo() const +{ + return m_headerInfo; +} + +std::string AgentInfo::GetMetadataInfo(const bool agentIsRegistering) const +{ + nlohmann::json agentMetadataInfo; + auto& target = agentIsRegistering ? agentMetadataInfo : agentMetadataInfo["agent"]; + + target["id"] = GetUUID(); + target["name"] = GetName(); + target["type"] = GetType(); + target["version"] = GetVersion(); + target["groups"] = GetGroups(); + + if (!m_endpointInfo.empty()) + { + target["host"] = m_endpointInfo; + } + + if (agentIsRegistering) + { + target["key"] = GetKey(); + } + + return agentMetadataInfo.dump(); +} + +void AgentInfo::Save() const +{ + AgentInfoPersistance agentInfoPersistance(m_dataFolderPath); + agentInfoPersistance.SetName(m_name); + agentInfoPersistance.SetKey(m_key); + agentInfoPersistance.SetUUID(m_uuid); + agentInfoPersistance.SetGroups(m_groups); +} + +bool AgentInfo::SaveGroups() const +{ + AgentInfoPersistance agentInfoPersistance(m_dataFolderPath); + return agentInfoPersistance.SetGroups(m_groups); +} + +std::vector AgentInfo::GetActiveIPAddresses(const nlohmann::json& networksJson) const +{ + std::vector ipAddresses; + + if (networksJson.contains("iface")) + { + for (const auto& iface : networksJson["iface"]) + { + if (iface.contains("state") && iface["state"] == "up") + { + if (iface.contains("IPv4") && !iface["IPv4"].empty()) + { + ipAddresses.emplace_back(iface["IPv4"][0].value("address", "")); + } + if (iface.contains("IPv6") && !iface["IPv6"].empty()) + { + ipAddresses.emplace_back(iface["IPv6"][0].value("address", "")); + } + } + } + } + return ipAddresses; +} + +void AgentInfo::LoadEndpointInfo() +{ + if (m_getOSInfo != nullptr) + { + nlohmann::json osInfo = m_getOSInfo(); + m_endpointInfo["hostname"] = osInfo.value("hostname", "Unknown"); + m_endpointInfo["architecture"] = osInfo.value("architecture", "Unknown"); + m_endpointInfo["os"] = nlohmann::json::object(); + m_endpointInfo["os"]["name"] = osInfo.value("os_name", "Unknown"); + m_endpointInfo["os"]["type"] = osInfo.value("sysname", "Unknown"); + m_endpointInfo["os"]["version"] = osInfo.value("os_version", "Unknown"); + } + + if (m_getNetworksInfo != nullptr) + { + nlohmann::json networksInfo = m_getNetworksInfo(); + m_endpointInfo["ip"] = GetActiveIPAddresses(networksInfo); + } +} + +void AgentInfo::LoadHeaderInfo() +{ + if (!m_endpointInfo.empty() && m_endpointInfo.contains("os")) + { + m_headerInfo = PRODUCT_NAME + "/" + GetVersion() + " (" + GetType() + "; " + + m_endpointInfo.value("architecture", "Unknown") + "; " + + m_endpointInfo["os"].value("type", "Unknown") + ")"; + } + else + { + m_headerInfo = PRODUCT_NAME + "/" + GetVersion() + " (" + GetType() + "; Unknown; Unknown)"; + } +} diff --git a/src/agent/agent_info/src/agent_info_persistance.cpp b/src/agent/agent_info/src/agent_info_persistance.cpp index 6b200a3b28..12874b8b9f 100644 --- a/src/agent/agent_info/src/agent_info_persistance.cpp +++ b/src/agent/agent_info/src/agent_info_persistance.cpp @@ -1,73 +1,85 @@ #include -#include #include -AgentInfoPersistance::AgentInfoPersistance(const std::string& dbPath) +using namespace sqlite_manager; + +namespace +{ + const std::string AGENT_INFO_TABLE_NAME = "agent_info"; + const std::string AGENT_GROUP_TABLE_NAME = "agent_group"; + const std::string AGENT_INFO_DB_NAME = "agent_info.db"; +} // namespace + +AgentInfoPersistance::AgentInfoPersistance(const std::string& dbFolderPath) { + const auto dbFilePath = dbFolderPath + "/" + AGENT_INFO_DB_NAME; + try { - m_db = std::make_unique(dbPath, SQLite::OPEN_READWRITE | SQLite::OPEN_CREATE); + m_db = std::make_unique(dbFilePath); - if (!AgentInfoTableExists()) + if (!m_db->TableExists(AGENT_INFO_TABLE_NAME)) { CreateAgentInfoTable(); } + if (!m_db->TableExists(AGENT_GROUP_TABLE_NAME)) + { + CreateAgentGroupTable(); + } + if (AgentInfoIsEmpty()) { InsertDefaultAgentInfo(); } } - catch (const std::exception& e) + catch (const std::exception&) { - LogError("Can't open database: {}.", e.what()); - m_db.reset(); + throw std::runtime_error(std::string("Cannot open database: " + dbFilePath)); } } AgentInfoPersistance::~AgentInfoPersistance() = default; -bool AgentInfoPersistance::AgentInfoTableExists() const +bool AgentInfoPersistance::AgentInfoIsEmpty() const { try { - SQLite::Statement query(*m_db, "SELECT name FROM sqlite_master WHERE type='table' AND name='agent_info';"); - return query.executeStep(); + return m_db->GetCount(AGENT_INFO_TABLE_NAME) == 0; } catch (const std::exception& e) { - LogError("Failed to check if table exists: {}.", e.what()); - return false; + LogError("Error fetching: {}.", e.what()); } + + return false; } -bool AgentInfoPersistance::AgentInfoIsEmpty() const +void AgentInfoPersistance::CreateAgentInfoTable() { try { - SQLite::Statement query(*m_db, "SELECT COUNT(*) FROM agent_info;"); - query.executeStep(); - const auto count = query.getColumn(0).getInt(); - return count == 0; + const std::vector columns = {Column("name", ColumnType::TEXT, true, false), + Column("key", ColumnType::TEXT, true, false), + Column("uuid", ColumnType::TEXT, true, false, true)}; + + m_db->CreateTable(AGENT_INFO_TABLE_NAME, columns); } catch (const std::exception& e) { - LogError("Error fetching: {}.", e.what()); + LogError("Error creating table: {}.", e.what()); } - - return false; } -void AgentInfoPersistance::CreateAgentInfoTable() +void AgentInfoPersistance::CreateAgentGroupTable() { try { - m_db->exec("CREATE TABLE IF NOT EXISTS agent_info (" - "name TEXT, " - "key TEXT, " - "uuid TEXT" - ");"); + const std::vector columns = {Column("id", ColumnType::INTEGER, true, true, true), + Column("name", ColumnType::TEXT, true, false)}; + + m_db->CreateTable(AGENT_GROUP_TABLE_NAME, columns); } catch (const std::exception& e) { @@ -79,14 +91,15 @@ void AgentInfoPersistance::InsertDefaultAgentInfo() { try { - SQLite::Statement query(*m_db, "SELECT COUNT(*) FROM agent_info;"); - query.executeStep(); - const auto count = query.getColumn(0).getInt(); + const auto count = m_db->GetCount(AGENT_INFO_TABLE_NAME); if (count == 0) { - SQLite::Statement insert(*m_db, "INSERT INTO agent_info (name, key, uuid) VALUES (?, ?, ?);"); - insert.exec(); + const std::vector columns = {Column("name", ColumnType::TEXT, ""), + Column("key", ColumnType::TEXT, ""), + Column("uuid", ColumnType::TEXT, "")}; + + m_db->Insert(AGENT_INFO_TABLE_NAME, columns); } } catch (const std::exception& e) @@ -99,9 +112,8 @@ void AgentInfoPersistance::SetAgentInfoValue(const std::string& column, const st { try { - SQLite::Statement query(*m_db, "UPDATE agent_info SET " + column + " = ?;"); - query.bind(1, value); - query.exec(); + const std::vector columns = {Column(column, ColumnType::TEXT, value)}; + m_db->Update(AGENT_INFO_TABLE_NAME, columns); } catch (const std::exception& e) { @@ -112,18 +124,22 @@ void AgentInfoPersistance::SetAgentInfoValue(const std::string& column, const st std::string AgentInfoPersistance::GetAgentInfoValue(const std::string& column) const { std::string value; + try { - SQLite::Statement query(*m_db, "SELECT " + column + " FROM agent_info LIMIT 1;"); - if (query.executeStep()) + const std::vector columns = {Column(column, ColumnType::TEXT, "")}; + const std::vector results = m_db->Select(AGENT_INFO_TABLE_NAME, columns); + + if (!results.empty() && !results[0].empty()) { - value = query.getColumn(0).getText(); + value = results[0][0].Value; } } catch (const std::exception& e) { LogError("Error fetching {}: {}.", column, e.what()); } + return value; } @@ -142,6 +158,31 @@ std::string AgentInfoPersistance::GetUUID() const return GetAgentInfoValue("uuid"); } +std::vector AgentInfoPersistance::GetGroups() const +{ + std::vector groupList; + + try + { + const std::vector columns = {Column("name", ColumnType::TEXT, "")}; + const std::vector results = m_db->Select(AGENT_GROUP_TABLE_NAME, columns); + + for (const auto& row : results) + { + if (!row.empty()) + { + groupList.push_back(row[0].Value); + } + } + } + catch (const std::exception& e) + { + LogError("Error getting agent group list: {}.", e.what()); + } + + return groupList; +} + void AgentInfoPersistance::SetName(const std::string& name) { SetAgentInfoValue("name", name); @@ -157,11 +198,39 @@ void AgentInfoPersistance::SetUUID(const std::string& uuid) SetAgentInfoValue("uuid", uuid); } +bool AgentInfoPersistance::SetGroups(const std::vector& groupList) +{ + auto transaction = m_db->BeginTransaction(); + + try + { + m_db->Remove(AGENT_GROUP_TABLE_NAME); + + for (const auto& group : groupList) + { + const std::vector columns = {Column("name", ColumnType::TEXT, group)}; + m_db->Insert(AGENT_GROUP_TABLE_NAME, columns); + } + + m_db->CommitTransaction(transaction); + } + catch (const std::exception& e) + { + LogError("Error inserting group: {}.", e.what()); + m_db->RollbackTransaction(transaction); + return false; + } + return true; +} + void AgentInfoPersistance::ResetToDefault() { try { - m_db->exec("DELETE FROM agent_info;"); + m_db->DropTable(AGENT_INFO_TABLE_NAME); + m_db->DropTable(AGENT_GROUP_TABLE_NAME); + CreateAgentInfoTable(); + CreateAgentGroupTable(); InsertDefaultAgentInfo(); } catch (const std::exception& e) diff --git a/src/agent/agent_info/src/agent_info_persistance.hpp b/src/agent/agent_info/src/agent_info_persistance.hpp index c3b3b99e2f..47f40c8f60 100644 --- a/src/agent/agent_info/src/agent_info_persistance.hpp +++ b/src/agent/agent_info/src/agent_info_persistance.hpp @@ -1,43 +1,94 @@ #pragma once +#include + #include #include +#include -static constexpr char sqlitedb_path[] = "agent_info.db"; - -namespace SQLite -{ - class Database; -} - +/// @brief Manages persistence of agent information and groups in a SQLite database. class AgentInfoPersistance { public: - explicit AgentInfoPersistance(const std::string& dbPath = sqlitedb_path); + /// @brief Constructs the persistence manager for agent info, initializing the database and tables if necessary. + /// @param dbFolderPath Path to the SQLite database folder. + explicit AgentInfoPersistance(const std::string& dbFolderPath); + + /// @brief Destructor for AgentInfoPersistance. ~AgentInfoPersistance(); + /// @brief Deleted copy constructor. AgentInfoPersistance(const AgentInfoPersistance&) = delete; + + /// @brief Deleted copy assignment operator. AgentInfoPersistance& operator=(const AgentInfoPersistance&) = delete; + + /// @brief Deleted move constructor. AgentInfoPersistance(AgentInfoPersistance&&) = delete; + + /// @brief Deleted move assignment operator. AgentInfoPersistance& operator=(AgentInfoPersistance&&) = delete; + /// @brief Retrieves the agent's name from the database. + /// @return The name of the agent as a string. std::string GetName() const; + + /// @brief Retrieves the agent's key from the database. + /// @return The key of the agent as a string. std::string GetKey() const; + + /// @brief Retrieves the agent's UUID from the database. + /// @return The UUID of the agent as a string. std::string GetUUID() const; + /// @brief Retrieves the list of agent groups from the database. + /// @return A vector of strings, each representing a group name. + std::vector GetGroups() const; + + /// @brief Sets the agent's name in the database. + /// @param name The name to set. void SetName(const std::string& name); + + /// @brief Sets the agent's key in the database. + /// @param key The key to set. void SetKey(const std::string& key); + + /// @brief Sets the agent's UUID in the database. + /// @param uuid The UUID to set. void SetUUID(const std::string& uuid); + /// @brief Sets the agent's group list in the database, replacing any existing groups. + /// @param groupList A vector of strings, each representing a group name. + /// @return True if the operation was successful, false otherwise. + bool SetGroups(const std::vector& groupList); + + /// @brief Resets the database tables to default values, clearing all data. void ResetToDefault(); private: - bool AgentInfoTableExists() const; + /// @brief Checks if the agent info table is empty. + /// @return True if the agent info table has no entries, false otherwise. bool AgentInfoIsEmpty() const; + + /// @brief Creates the agent info table if it does not exist. void CreateAgentInfoTable(); + + /// @brief Creates the agent group table if it does not exist. + void CreateAgentGroupTable(); + + /// @brief Inserts default agent information into the database. void InsertDefaultAgentInfo(); + + /// @brief Sets a specific agent info value in the database. + /// @param column The name of the column to set. + /// @param value The value to set in the specified column. void SetAgentInfoValue(const std::string& column, const std::string& value); + + /// @brief Retrieves a specific agent info value from the database. + /// @param column The name of the column to retrieve. + /// @return The value from the specified column as a string. std::string GetAgentInfoValue(const std::string& column) const; - std::unique_ptr m_db; + /// @brief Unique pointer to the SQLite database manager instance. + std::unique_ptr m_db; }; diff --git a/src/agent/agent_info/tests/CMakeLists.txt b/src/agent/agent_info/tests/CMakeLists.txt index cf1316b88e..48f32e71e3 100644 --- a/src/agent/agent_info/tests/CMakeLists.txt +++ b/src/agent/agent_info/tests/CMakeLists.txt @@ -2,12 +2,12 @@ find_package(GTest CONFIG REQUIRED) add_executable(agent_info_test agent_info_test.cpp) configure_target(agent_info_test) -target_include_directories(agent_info_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) -target_link_libraries(agent_info_test PRIVATE AgentInfo GTest::gtest) +target_include_directories(agent_info_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_link_libraries(agent_info_test PRIVATE AgentInfo SQLiteManager GTest::gtest) add_test(NAME AgentInfoTest COMMAND agent_info_test) add_executable(agent_info_persistance_test agent_info_persistance_test.cpp) configure_target(agent_info_persistance_test) -target_include_directories(agent_info_persistance_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) -target_link_libraries(agent_info_persistance_test PRIVATE AgentInfo GTest::gtest) +target_include_directories(agent_info_persistance_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_link_libraries(agent_info_persistance_test PRIVATE AgentInfo SQLiteManager GTest::gtest) add_test(NAME AgentInfoPersistanceTest COMMAND agent_info_persistance_test) diff --git a/src/agent/agent_info/tests/agent_info_persistance_test.cpp b/src/agent/agent_info/tests/agent_info_persistance_test.cpp index 2356f4674c..0abd3a6dd1 100644 --- a/src/agent/agent_info/tests/agent_info_persistance_test.cpp +++ b/src/agent/agent_info/tests/agent_info_persistance_test.cpp @@ -4,13 +4,14 @@ #include #include +#include class AgentInfoPersistanceTest : public ::testing::Test { protected: void SetUp() override { - persistance = std::make_unique("agent_info_test.db"); + persistance = std::make_unique("."); persistance->ResetToDefault(); } @@ -50,6 +51,23 @@ TEST_F(AgentInfoPersistanceTest, TestSetUUID) EXPECT_EQ(persistance->GetUUID(), newUUID); } +TEST_F(AgentInfoPersistanceTest, TestSetGroups) +{ + const std::vector newGroups = {"group_1", "group_2"}; + persistance->SetGroups(newGroups); + EXPECT_EQ(persistance->GetGroups(), newGroups); +} + +TEST_F(AgentInfoPersistanceTest, TestSetGroupsDelete) +{ + const std::vector oldGroups = {"group_1", "group_2"}; + const std::vector newGroups = {"group_3", "group_4"}; + persistance->SetGroups(oldGroups); + EXPECT_EQ(persistance->GetGroups(), oldGroups); + persistance->SetGroups(newGroups); + EXPECT_EQ(persistance->GetGroups(), newGroups); +} + TEST_F(AgentInfoPersistanceTest, TestResetToDefault) { const std::string newName = "new_name"; diff --git a/src/agent/agent_info/tests/agent_info_test.cpp b/src/agent/agent_info/tests/agent_info_test.cpp index 85f7f5f6dc..02524a0792 100644 --- a/src/agent/agent_info/tests/agent_info_test.cpp +++ b/src/agent/agent_info/tests/agent_info_test.cpp @@ -3,85 +3,264 @@ #include #include +#include +#include + class AgentInfoTest : public ::testing::Test { protected: void SetUp() override { // We need to reset the database to the default state before each test - AgentInfoPersistance agentInfoPersistance; + AgentInfoPersistance agentInfoPersistance("."); agentInfoPersistance.ResetToDefault(); } }; -TEST_F(AgentInfoTest, TestDefaultConstructor) -{ - EXPECT_NO_THROW(AgentInfo {}); -} - TEST_F(AgentInfoTest, TestDefaultConstructorDefaultValues) { - const AgentInfo agentInfo; - EXPECT_EQ(agentInfo.GetName(), ""); - EXPECT_EQ(agentInfo.GetKey(), ""); - EXPECT_NE(agentInfo.GetUUID(), ""); -} - -TEST_F(AgentInfoTest, TestParameterizedConstructor) -{ - const std::string name = "new_name"; - const std::string key = "new_key"; - const std::string uuid = "new_uuid"; - - const AgentInfo agentInfo(name, key, uuid); - EXPECT_EQ(agentInfo.GetName(), name); - EXPECT_EQ(agentInfo.GetKey(), key); - EXPECT_EQ(agentInfo.GetUUID(), uuid); + EXPECT_NO_THROW({ + const AgentInfo agentInfo("."); + EXPECT_EQ(agentInfo.GetName(), ""); + EXPECT_EQ(agentInfo.GetKey(), ""); + EXPECT_NE(agentInfo.GetUUID(), ""); + }); } TEST_F(AgentInfoTest, TestPersistedValues) { - const AgentInfo agentInfo("test_name", "test_key", "test_uuid"); - const AgentInfo agentInfoReloaded; + AgentInfo agentInfo("."); + agentInfo.SetName("test_name"); + agentInfo.SetKey("4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj"); + agentInfo.SetUUID("test_uuid"); + agentInfo.Save(); + const AgentInfo agentInfoReloaded("."); EXPECT_EQ(agentInfoReloaded.GetName(), "test_name"); - EXPECT_EQ(agentInfoReloaded.GetKey(), "test_key"); + EXPECT_EQ(agentInfoReloaded.GetKey(), "4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj"); EXPECT_EQ(agentInfoReloaded.GetUUID(), "test_uuid"); } TEST_F(AgentInfoTest, TestSetName) { - AgentInfo agentInfo; + AgentInfo agentInfo("."); + const std::string oldName = agentInfo.GetName(); const std::string newName = "new_name"; agentInfo.SetName(newName); EXPECT_EQ(agentInfo.GetName(), newName); - const AgentInfo agentInfoReloaded; - EXPECT_EQ(agentInfoReloaded.GetName(), newName); + const AgentInfo agentInfoReloaded("."); + EXPECT_EQ(agentInfoReloaded.GetName(), oldName); } TEST_F(AgentInfoTest, TestSetKey) { - AgentInfo agentInfo; - const std::string newKey = "new_key"; + AgentInfo agentInfo("."); + const std::string oldKey = agentInfo.GetKey(); + const std::string newKey = "4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj"; agentInfo.SetKey(newKey); EXPECT_EQ(agentInfo.GetKey(), newKey); - const AgentInfo agentInfoReloaded; - EXPECT_EQ(agentInfoReloaded.GetKey(), newKey); + const AgentInfo agentInfoReloaded("."); + EXPECT_EQ(agentInfoReloaded.GetKey(), oldKey); +} + +TEST_F(AgentInfoTest, TestSetBadKey) +{ + AgentInfo agentInfo("."); + const std::string newKey1 = "4GhT7uFm"; + const std::string newKey2 = "4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrN="; + + ASSERT_FALSE(agentInfo.SetKey(newKey1)); + ASSERT_FALSE(agentInfo.SetKey(newKey2)); +} + +TEST_F(AgentInfoTest, TestSetEmptyKey) +{ + AgentInfo agentInfo("."); + const std::string newKey; + const std::string oldKey = agentInfo.GetKey(); + + agentInfo.SetKey(newKey); + EXPECT_NE(agentInfo.GetKey(), newKey); + + const AgentInfo agentInfoReloaded("."); + EXPECT_EQ(agentInfoReloaded.GetKey(), oldKey); } TEST_F(AgentInfoTest, TestSetUUID) { - AgentInfo agentInfo; + AgentInfo agentInfo("."); const std::string newUUID = "new_uuid"; agentInfo.SetUUID(newUUID); EXPECT_EQ(agentInfo.GetUUID(), newUUID); - const AgentInfo agentInfoReloaded; - EXPECT_EQ(agentInfoReloaded.GetUUID(), newUUID); + const AgentInfo agentInfoReloaded("."); + EXPECT_NE(agentInfoReloaded.GetUUID(), newUUID); +} + +TEST_F(AgentInfoTest, TestSetGroups) +{ + AgentInfo agentInfo("."); + const std::vector oldGroups = agentInfo.GetGroups(); + const std::vector newGroups = {"t_group_1", "t_group_2"}; + + agentInfo.SetGroups(newGroups); + EXPECT_EQ(agentInfo.GetGroups(), newGroups); + + const AgentInfo agentInfoReloaded("."); + EXPECT_EQ(agentInfoReloaded.GetGroups(), oldGroups); +} + +TEST_F(AgentInfoTest, TestSaveGroups) +{ + AgentInfo agentInfo("."); + const std::vector oldGroups = agentInfo.GetGroups(); + const std::vector newGroups = {"t_group_1", "t_group_2"}; + + agentInfo.SetGroups(newGroups); + agentInfo.SaveGroups(); + EXPECT_EQ(agentInfo.GetGroups(), newGroups); + + const AgentInfo agentInfoReloaded("."); + EXPECT_EQ(agentInfoReloaded.GetGroups(), newGroups); +} + +TEST_F(AgentInfoTest, TestLoadMetadataInfoNoSysInfo) +{ + const AgentInfo agentInfo("."); + + auto metadataInfo = nlohmann::json::parse(agentInfo.GetMetadataInfo(true)); + + EXPECT_TRUE(metadataInfo != nullptr); + + // Agent information + EXPECT_EQ(metadataInfo["type"], agentInfo.GetType()); + EXPECT_EQ(metadataInfo["version"], agentInfo.GetVersion()); + EXPECT_EQ(metadataInfo["id"], agentInfo.GetUUID()); + EXPECT_EQ(metadataInfo["name"], agentInfo.GetName()); + EXPECT_EQ(metadataInfo["key"], agentInfo.GetKey()); + EXPECT_TRUE(metadataInfo["groups"] != nullptr); + + // Endpoint information + EXPECT_TRUE(metadataInfo["host"] == nullptr); +} + +TEST_F(AgentInfoTest, TestLoadMetadataInfoRegistration) +{ + nlohmann::json os; + nlohmann::json networks; + nlohmann::json ip; + nlohmann::json address4; + nlohmann::json address6; + + os["hostname"] = "test_name"; + os["os_name"] = "test_os"; + os["sysname"] = "test_type"; + os["os_version"] = "1.0.0"; + os["architecture"] = "test_arch"; + + networks["iface"] = nlohmann::json::array(); + + ip["state"] = "up"; + + ip["IPv4"] = nlohmann::json::array(); + address4["address"] = "127.0.0.1"; + ip["IPv4"].push_back(address4); + + ip["IPv6"] = nlohmann::json::array(); + address6["address"] = "fe80::0000"; + ip["IPv6"].push_back(address6); + + networks["iface"].push_back(ip); + + const AgentInfo agentInfo(".", [os]() { return os; }, [networks]() { return networks; }); + + auto metadataInfo = nlohmann::json::parse(agentInfo.GetMetadataInfo(true)); + + EXPECT_TRUE(metadataInfo != nullptr); + + // Agent information + EXPECT_EQ(metadataInfo["type"], agentInfo.GetType()); + EXPECT_EQ(metadataInfo["version"], agentInfo.GetVersion()); + EXPECT_EQ(metadataInfo["id"], agentInfo.GetUUID()); + EXPECT_EQ(metadataInfo["name"], agentInfo.GetName()); + EXPECT_EQ(metadataInfo["key"], agentInfo.GetKey()); + EXPECT_TRUE(metadataInfo["groups"] != nullptr); + + // Endpoint information + EXPECT_TRUE(metadataInfo["host"] != nullptr); + EXPECT_TRUE(metadataInfo["host"]["os"] != nullptr); + EXPECT_EQ(metadataInfo["host"]["os"]["name"], "test_os"); + EXPECT_EQ(metadataInfo["host"]["os"]["type"], "test_type"); + EXPECT_EQ(metadataInfo["host"]["os"]["version"], "1.0.0"); + EXPECT_TRUE(metadataInfo["host"]["ip"] != nullptr); + EXPECT_EQ(metadataInfo["host"]["ip"][0], "127.0.0.1"); + EXPECT_EQ(metadataInfo["host"]["ip"][1], "fe80::0000"); + EXPECT_TRUE(metadataInfo["host"]["ip"][2] == nullptr); + EXPECT_EQ(metadataInfo["host"]["architecture"], "test_arch"); + EXPECT_EQ(metadataInfo["host"]["hostname"], "test_name"); +} + +TEST_F(AgentInfoTest, TestLoadMetadataInfoConnected) +{ + nlohmann::json os; + nlohmann::json networks; + nlohmann::json ip; + nlohmann::json address; + + os["hostname"] = "test_name"; + os["os_name"] = "test_os"; + os["sysname"] = "test_type"; + os["os_version"] = "1.0.0"; + os["architecture"] = "test_arch"; + + networks["iface"] = nlohmann::json::array(); + + ip["state"] = "up"; + ip["IPv4"] = nlohmann::json::array(); + + address["address"] = "127.0.0.1"; + ip["IPv4"].push_back(address); + + networks["iface"].push_back(ip); + + const AgentInfo agentInfo(".", [os]() { return os; }, [networks]() { return networks; }); + + auto metadataInfo = nlohmann::json::parse(agentInfo.GetMetadataInfo(false)); + + EXPECT_TRUE(metadataInfo["agent"] != nullptr); + + // Agent information + EXPECT_EQ(metadataInfo["agent"]["type"], agentInfo.GetType()); + EXPECT_EQ(metadataInfo["agent"]["version"], agentInfo.GetVersion()); + EXPECT_EQ(metadataInfo["agent"]["id"], agentInfo.GetUUID()); + EXPECT_EQ(metadataInfo["agent"]["name"], agentInfo.GetName()); + EXPECT_TRUE(metadataInfo["agent"]["key"] == nullptr); + EXPECT_TRUE(metadataInfo["agent"]["groups"] != nullptr); + + // Endpoint information + EXPECT_TRUE(metadataInfo["agent"]["host"] != nullptr); + EXPECT_TRUE(metadataInfo["agent"]["host"]["os"] != nullptr); + EXPECT_EQ(metadataInfo["agent"]["host"]["os"]["name"], "test_os"); + EXPECT_EQ(metadataInfo["agent"]["host"]["os"]["type"], "test_type"); + EXPECT_EQ(metadataInfo["agent"]["host"]["os"]["version"], "1.0.0"); + EXPECT_TRUE(metadataInfo["agent"]["host"]["ip"] != nullptr); + EXPECT_EQ(metadataInfo["agent"]["host"]["ip"][0], "127.0.0.1"); + EXPECT_EQ(metadataInfo["agent"]["host"]["architecture"], "test_arch"); + EXPECT_EQ(metadataInfo["agent"]["host"]["hostname"], "test_name"); +} + +TEST_F(AgentInfoTest, TestLoadHeaderInfo) +{ + const AgentInfo agentInfo("."); + + auto headerInfo = agentInfo.GetHeaderInfo(); + + EXPECT_NE(headerInfo, ""); + EXPECT_TRUE(headerInfo.starts_with("WazuhXDR/" + agentInfo.GetVersion() + " (" + agentInfo.GetType() + "; ")); } int main(int argc, char** argv) diff --git a/src/agent/centralized_configuration/CMakeLists.txt b/src/agent/centralized_configuration/CMakeLists.txt new file mode 100644 index 0000000000..32606aca3d --- /dev/null +++ b/src/agent/centralized_configuration/CMakeLists.txt @@ -0,0 +1,21 @@ +cmake_minimum_required(VERSION 3.22) + +project(CentralizedConfiguration) + +include(../../cmake/CommonSettings.cmake) +set_common_settings() + +find_package(Boost REQUIRED COMPONENTS asio) +find_package(nlohmann_json REQUIRED) + +add_library(CentralizedConfiguration src/centralized_configuration.cpp) +target_include_directories(CentralizedConfiguration PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) +target_link_libraries(CentralizedConfiguration PUBLIC ModuleCommand Boost::asio nlohmann_json::nlohmann_json Config FilesystemWrapper PRIVATE Logger) + +include(../../cmake/ConfigureTarget.cmake) +configure_target(CentralizedConfiguration) + +if(BUILD_TESTS) + enable_testing() + add_subdirectory(tests) +endif() diff --git a/src/agent/centralized_configuration/include/centralized_configuration.hpp b/src/agent/centralized_configuration/include/centralized_configuration.hpp new file mode 100644 index 0000000000..57f4645de7 --- /dev/null +++ b/src/agent/centralized_configuration/include/centralized_configuration.hpp @@ -0,0 +1,90 @@ +#pragma once + +#include + +#include + +#include + +#include +#include +#include +#include +#include +#include + +namespace centralized_configuration +{ + /// @brief CentralizedConfiguration class. + class CentralizedConfiguration + { + public: + using SetGroupIdFunctionType = std::function& groupList)>; + using GetGroupIdFunctionType = std::function()>; + using DownloadGroupFilesFunctionType = + std::function; + using ValidateFileFunctionType = std::function; + using ReloadModulesFunctionType = std::function; + + /// @brief Constructor that allows injecting a file system wrapper. + /// @param fileSystemWrapper An optional filesystem wrapper. If nullptr, it will use FileSystemWrapper + explicit CentralizedConfiguration(std::shared_ptr fileSystemWrapper = nullptr) + : m_fileSystemWrapper(fileSystemWrapper ? fileSystemWrapper + : std::make_shared()) + { + } + + /// @brief Executes a command for the centralized configuration system. + /// @param command A string containing a JSON command to execute. + /// @param parameters A json object containing the parameters of the command to be executed. + /// @return An awaitable with the result of executing the command, either success or failure. + boost::asio::awaitable ExecuteCommand(std::string command, + nlohmann::json parameters); + + /// @brief Sets the function to assign group IDs. + /// @details The "set-group" commands requires such function to be set. + /// @param setGroupIdFunction A function to set group IDs. + void SetGroupIdFunction(SetGroupIdFunctionType setGroupIdFunction); + + /// @brief Sets the function to retrieve group IDs. + /// @details The "update-group" commands requires such function to be set. + /// @param getGroupIdFunction A function to get group IDs. + void GetGroupIdFunction(GetGroupIdFunctionType getGroupIdFunction); + + /// @brief Sets the function to download group configuration files. + /// @details Configures how and where to download group configuration files. + /// These will be used to set and update the Agent groups via the "set-group" and "update-group" + /// commands. + /// @param downloadGroupFilesFunction A function to download files for a given group ID. + void SetDownloadGroupFilesFunction(DownloadGroupFilesFunctionType downloadGroupFilesFunction); + + /// @brief Sets the function to validate a file. + /// @details The "set-group" and "update-group" commands requires such function to validate files + /// @param validateFileFunction A function to validate a file. + void ValidateFileFunction(ValidateFileFunctionType validateFileFunction); + + /// @brief Sets the function to reload modules. + /// @details The "set-group" and "update-group" commands requires such function to reload modules + /// @param validateFileFunction A function to reload the modules. + void ReloadModulesFunction(ReloadModulesFunctionType reloadModulesFunction); + + private: + /// @brief Member to interact with the file system. + std::shared_ptr m_fileSystemWrapper; + + /// @brief Function to set group IDs. + SetGroupIdFunctionType m_setGroupIdFunction; + + /// @brief Function to get group IDs. + GetGroupIdFunctionType m_getGroupIdFunction; + + /// @brief Function to download group configuration files. + DownloadGroupFilesFunctionType m_downloadGroupFilesFunction; + + /// @brief Function to validate group configuration files. + ValidateFileFunctionType m_validateFileFunction; + + /// @brief Function to reload modules. + ReloadModulesFunctionType m_reloadModulesFunction; + }; +} // namespace centralized_configuration diff --git a/src/agent/centralized_configuration/src/centralized_configuration.cpp b/src/agent/centralized_configuration/src/centralized_configuration.cpp new file mode 100644 index 0000000000..d907737212 --- /dev/null +++ b/src/agent/centralized_configuration/src/centralized_configuration.cpp @@ -0,0 +1,180 @@ +#include +#include +#include + +#include + +namespace centralized_configuration +{ + boost::asio::awaitable CentralizedConfiguration::ExecuteCommand( + const std::string command, // NOLINT(performance-unnecessary-value-param) + const nlohmann::json parameters) // NOLINT(performance-unnecessary-value-param) + { + try + { + std::vector groupIds {}; + + if (command == "set-group") + { + if (m_setGroupIdFunction && m_downloadGroupFilesFunction && m_validateFileFunction && + m_reloadModulesFunction) + { + if (parameters.empty()) + { + LogWarn("Group set failed, no group list"); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration group set failed, no group list"}; + } + + groupIds = parameters[0].get>(); + + if (!m_setGroupIdFunction(groupIds)) + { + LogWarn("Group set failed, error saving group information"); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration group set failed, error saving group information"}; + } + + try + { + std::filesystem::path sharedDirPath(config::DEFAULT_SHARED_CONFIG_PATH); + + if (m_fileSystemWrapper->exists(sharedDirPath) && + m_fileSystemWrapper->is_directory(sharedDirPath)) + { + for (const auto& entry : std::filesystem::directory_iterator(sharedDirPath)) + { + m_fileSystemWrapper->remove_all(entry); + } + } + } + catch (const std::filesystem::filesystem_error& e) + { + LogWarn("Error while cleaning the shared directory {}.", e.what()); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration group set failed, error while cleaning the shared directory"}; + } + } + else + { + LogWarn("Group set failed, one of the required functions has not been set."); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration group set failed, one of the required functions has not been set."}; + } + } + else if (command == "update-group") + { + if (m_getGroupIdFunction && m_downloadGroupFilesFunction && m_validateFileFunction && + m_reloadModulesFunction) + { + groupIds = m_getGroupIdFunction(); + } + else + { + LogWarn("Group update failed, one of the required functions has not been set."); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration group update failed, one of the required functions has not been " + "set."}; + } + } + else + { + LogWarn("CentralizedConfiguration command not recognized"); + co_return module_command::CommandExecutionResult {module_command::Status::FAILURE, + "CentralizedConfiguration command not recognized"}; + } + + for (const auto& groupId : groupIds) + { + const std::filesystem::path tmpGroupFile = + m_fileSystemWrapper->temp_directory_path() / (groupId + config::DEFAULT_SHARED_FILE_EXTENSION); + m_downloadGroupFilesFunction(groupId, tmpGroupFile.string()); + if (!m_validateFileFunction(tmpGroupFile)) + { + LogWarn("Failed to validate the file for group '{}', invalid group file received: {}", + groupId, + tmpGroupFile.string()); + + try + { + if (m_fileSystemWrapper->exists(tmpGroupFile) && + tmpGroupFile.parent_path() == m_fileSystemWrapper->temp_directory_path()) + { + if (!m_fileSystemWrapper->remove(tmpGroupFile)) + { + LogWarn("Failed to delete invalid group file: {}", tmpGroupFile.string()); + } + } + } + catch (const std::filesystem::filesystem_error& e) + { + LogWarn("Error while trying to delete invalid group file: {}. Exception: {}", + tmpGroupFile.string(), + e.what()); + } + + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, + "CentralizedConfiguration validate file failed, invalid file received."}; + } + + const std::filesystem::path destGroupFile = std::filesystem::path(config::DEFAULT_SHARED_CONFIG_PATH) / + (groupId + config::DEFAULT_SHARED_FILE_EXTENSION); + + try + { + m_fileSystemWrapper->create_directories(destGroupFile.parent_path()); + m_fileSystemWrapper->rename(tmpGroupFile, destGroupFile); + } + catch (const std::filesystem::filesystem_error& e) + { + LogWarn("Failed to move file to destination: {}. Error: {}", destGroupFile.string(), e.what()); + co_return module_command::CommandExecutionResult {module_command::Status::FAILURE, + "Failed to move shared file to destination."}; + } + } + + m_reloadModulesFunction(); + + const std::string messageOnSuccess = "CentralizedConfiguration " + command + " done."; + co_return module_command::CommandExecutionResult {module_command::Status::SUCCESS, messageOnSuccess}; + } + catch (const nlohmann::json::exception&) + { + LogWarn("CentralizedConfiguration error while parsing parameters"); + co_return module_command::CommandExecutionResult { + module_command::Status::FAILURE, "CentralizedConfiguration error while parsing parameters"}; + } + } + + void CentralizedConfiguration::SetGroupIdFunction(SetGroupIdFunctionType setGroupIdFunction) + { + m_setGroupIdFunction = std::move(setGroupIdFunction); + } + + void CentralizedConfiguration::GetGroupIdFunction(GetGroupIdFunctionType getGroupIdFunction) + { + m_getGroupIdFunction = std::move(getGroupIdFunction); + } + + void + CentralizedConfiguration::SetDownloadGroupFilesFunction(DownloadGroupFilesFunctionType downloadGroupFilesFunction) + { + m_downloadGroupFilesFunction = std::move(downloadGroupFilesFunction); + } + + void CentralizedConfiguration::ValidateFileFunction(ValidateFileFunctionType validateFileFunction) + { + m_validateFileFunction = std::move(validateFileFunction); + } + + void CentralizedConfiguration::ReloadModulesFunction(ReloadModulesFunctionType reloadModulesFunction) + { + m_reloadModulesFunction = std::move(reloadModulesFunction); + } +} // namespace centralized_configuration diff --git a/src/agent/centralized_configuration/tests/CMakeLists.txt b/src/agent/centralized_configuration/tests/CMakeLists.txt new file mode 100644 index 0000000000..3330e8e300 --- /dev/null +++ b/src/agent/centralized_configuration/tests/CMakeLists.txt @@ -0,0 +1,6 @@ +find_package(GTest CONFIG REQUIRED) + +add_executable(centralized_configuration_test centralized_configuration_tests.cpp) +configure_target(centralized_configuration_test) +target_link_libraries(centralized_configuration_test PRIVATE CentralizedConfiguration GTest::gtest GTest::gmock GTest::gmock_main) +add_test(NAME CentralizedConfiguration COMMAND centralized_configuration_test) diff --git a/src/agent/centralized_configuration/tests/centralized_configuration_tests.cpp b/src/agent/centralized_configuration/tests/centralized_configuration_tests.cpp new file mode 100644 index 0000000000..cf8506fbc4 --- /dev/null +++ b/src/agent/centralized_configuration/tests/centralized_configuration_tests.cpp @@ -0,0 +1,303 @@ +#include +#include + +#include + +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include +#include + +using centralized_configuration::CentralizedConfiguration; +using namespace testing; + +namespace +{ + // NOLINTBEGIN(cppcoreguidelines-avoid-reference-coroutine-parameters) + boost::asio::awaitable TestExecuteCommand(CentralizedConfiguration& centralizedConfiguration, + const std::string& command, + const nlohmann::json& parameters, + module_command::Status expectedErrorCode, + const std::string& expectedMessage) + { + const auto commandResult = co_await centralizedConfiguration.ExecuteCommand(command, parameters); + EXPECT_EQ(commandResult.ErrorCode, expectedErrorCode); + EXPECT_EQ(commandResult.Message, expectedMessage); + } + + // NOLINTEND(cppcoreguidelines-avoid-reference-coroutine-parameters) +} // namespace + +class MockFileSystem : public IFileSystem +{ +public: + MOCK_METHOD(bool, exists, (const std::filesystem::path& path), (const, override)); + MOCK_METHOD(bool, is_directory, (const std::filesystem::path& path), (const, override)); + MOCK_METHOD(std::uintmax_t, remove_all, (const std::filesystem::path& path), (override)); + MOCK_METHOD(std::filesystem::path, temp_directory_path, (), (const, override)); + MOCK_METHOD(bool, create_directories, (const std::filesystem::path& path), (override)); + MOCK_METHOD(void, rename, (const std::filesystem::path& from, const std::filesystem::path& to), (override)); + MOCK_METHOD(bool, remove, (const std::filesystem::path& path), (override)); +}; + +TEST(CentralizedConfiguration, Constructor) +{ + EXPECT_NO_THROW([[maybe_unused]] CentralizedConfiguration centralizedConfiguration); +} + +TEST(CentralizedConfiguration, ExecuteCommandReturnsFailureOnUnrecognizedCommand) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + CentralizedConfiguration centralizedConfiguration; + co_await TestExecuteCommand(centralizedConfiguration, + "unknown-command", + {}, + module_command::Status::FAILURE, + "CentralizedConfiguration command not recognized"); + }(), + boost::asio::detached); + + io_context.run(); +} + +TEST(CentralizedConfiguration, ExecuteCommandReturnsFailureOnEmptyList) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + CentralizedConfiguration centralizedConfiguration; + centralizedConfiguration.SetGroupIdFunction([](const std::vector&) { return true; }); + centralizedConfiguration.SetDownloadGroupFilesFunction([](const std::string&, const std::string&) + { return true; }); + centralizedConfiguration.ValidateFileFunction([](const std::filesystem::path&) { return true; }); + centralizedConfiguration.ReloadModulesFunction([]() {}); + co_await TestExecuteCommand(centralizedConfiguration, + "set-group", + {}, + module_command::Status::FAILURE, + "CentralizedConfiguration group set failed, no group list"); + }(), + boost::asio::detached); + + io_context.run(); +} + +TEST(CentralizedConfiguration, ExecuteCommandReturnsFailureOnParseParameters) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + CentralizedConfiguration centralizedConfiguration; + centralizedConfiguration.SetGroupIdFunction([](const std::vector&) { return true; }); + centralizedConfiguration.SetDownloadGroupFilesFunction([](const std::string&, const std::string&) + { return true; }); + centralizedConfiguration.ValidateFileFunction([](const std::filesystem::path&) { return true; }); + centralizedConfiguration.ReloadModulesFunction([]() {}); + + const std::vector parameterList = {true, "group2"}; + co_await TestExecuteCommand(centralizedConfiguration, + "set-group", + parameterList, + module_command::Status::FAILURE, + "CentralizedConfiguration error while parsing parameters"); + }(), + boost::asio::detached); + + io_context.run(); +} + +TEST(CentralizedConfiguration, ExecuteCommandHandlesRecognizedCommands) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + auto mockFileSystem = std::make_shared(); + + EXPECT_CALL(*mockFileSystem, exists(_)).WillRepeatedly(Return(false)); + EXPECT_CALL(*mockFileSystem, is_directory(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove_all(_)).WillRepeatedly(Return(0)); + EXPECT_CALL(*mockFileSystem, temp_directory_path()) + .WillRepeatedly(Return(std::filesystem::temp_directory_path())); + EXPECT_CALL(*mockFileSystem, create_directories(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, rename(_, _)).WillRepeatedly(Return()); + + CentralizedConfiguration centralizedConfiguration(std::move(mockFileSystem)); + centralizedConfiguration.SetGroupIdFunction([](const std::vector&) { return true; }); + centralizedConfiguration.GetGroupIdFunction([]() { return std::vector {"group1", "group2"}; }); + centralizedConfiguration.SetDownloadGroupFilesFunction([](const std::string&, const std::string&) + { return true; }); + centralizedConfiguration.ValidateFileFunction([](const std::filesystem::path&) { return true; }); + centralizedConfiguration.ReloadModulesFunction([]() {}); + + const nlohmann::json groupsList = nlohmann::json::parse(R"([["group1", "group2"]])"); + + co_await TestExecuteCommand(centralizedConfiguration, + "set-group", + groupsList, + module_command::Status::SUCCESS, + "CentralizedConfiguration set-group done."); + + co_await TestExecuteCommand(centralizedConfiguration, + "update-group", + {}, + module_command::Status::SUCCESS, + "CentralizedConfiguration update-group done."); + + co_await TestExecuteCommand(centralizedConfiguration, + "unknown-command", + {}, + module_command::Status::FAILURE, + "CentralizedConfiguration command not recognized"); + }(), + boost::asio::detached); + + io_context.run(); +} + +TEST(CentralizedConfiguration, SetFunctionsAreCalledAndReturnsCorrectResultsForSetGroup) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + auto mockFileSystem = std::make_shared(); + + EXPECT_CALL(*mockFileSystem, exists(_)).WillRepeatedly(Return(false)); + EXPECT_CALL(*mockFileSystem, is_directory(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove_all(_)).WillRepeatedly(Return(0)); + EXPECT_CALL(*mockFileSystem, temp_directory_path()) + .WillRepeatedly(Return(std::filesystem::temp_directory_path())); + EXPECT_CALL(*mockFileSystem, create_directories(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, rename(_, _)).WillRepeatedly(Return()); + + CentralizedConfiguration centralizedConfiguration(std::move(mockFileSystem)); + + const nlohmann::json groupsList = nlohmann::json::parse(R"([["group1", "group2"]])"); + + bool wasSetGroupIdFunctionCalled = false; + bool wasDownloadGroupFilesFunctionCalled = false; + + centralizedConfiguration.SetGroupIdFunction( + [&wasSetGroupIdFunctionCalled](const std::vector&) + { + wasSetGroupIdFunctionCalled = true; + return true; + }); + + centralizedConfiguration.SetDownloadGroupFilesFunction( + [&wasDownloadGroupFilesFunctionCalled](const std::string&, const std::string&) + { + wasDownloadGroupFilesFunctionCalled = true; + return wasDownloadGroupFilesFunctionCalled; + }); + + centralizedConfiguration.ValidateFileFunction([](const std::filesystem::path&) { return true; }); + centralizedConfiguration.ReloadModulesFunction([]() {}); + + EXPECT_FALSE(wasSetGroupIdFunctionCalled); + EXPECT_FALSE(wasDownloadGroupFilesFunctionCalled); + + co_await TestExecuteCommand(centralizedConfiguration, + "set-group", + groupsList, + module_command::Status::SUCCESS, + "CentralizedConfiguration set-group done."); + + EXPECT_TRUE(wasSetGroupIdFunctionCalled); + EXPECT_TRUE(wasDownloadGroupFilesFunctionCalled); + }(), + boost::asio::detached); + + io_context.run(); +} + +TEST(CentralizedConfiguration, SetFunctionsAreCalledAndReturnsCorrectResultsForUpdateGroup) +{ + boost::asio::io_context io_context; + + boost::asio::co_spawn( + io_context, + []() -> boost::asio::awaitable + { + auto mockFileSystem = std::make_shared(); + + EXPECT_CALL(*mockFileSystem, exists(_)).WillRepeatedly(Return(false)); + EXPECT_CALL(*mockFileSystem, is_directory(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove_all(_)).WillRepeatedly(Return(0)); + EXPECT_CALL(*mockFileSystem, temp_directory_path()) + .WillRepeatedly(Return(std::filesystem::temp_directory_path())); + EXPECT_CALL(*mockFileSystem, create_directories(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, remove(_)).WillRepeatedly(Return(true)); + EXPECT_CALL(*mockFileSystem, rename(_, _)).WillRepeatedly(Return()); + + CentralizedConfiguration centralizedConfiguration(std::move(mockFileSystem)); + + bool wasGetGroupIdFunctionCalled = false; + bool wasDownloadGroupFilesFunctionCalled = false; + + centralizedConfiguration.GetGroupIdFunction( + [&wasGetGroupIdFunctionCalled]() + { + wasGetGroupIdFunctionCalled = true; + return std::vector {"group1", "group2"}; + }); + + centralizedConfiguration.SetDownloadGroupFilesFunction( + [&wasDownloadGroupFilesFunctionCalled](const std::string&, const std::string&) + { + wasDownloadGroupFilesFunctionCalled = true; + return wasDownloadGroupFilesFunctionCalled; + }); + + centralizedConfiguration.ValidateFileFunction([](const std::filesystem::path&) { return true; }); + centralizedConfiguration.ReloadModulesFunction([]() {}); + + EXPECT_FALSE(wasGetGroupIdFunctionCalled); + EXPECT_FALSE(wasDownloadGroupFilesFunctionCalled); + + co_await TestExecuteCommand(centralizedConfiguration, + "update-group", + {}, + module_command::Status::SUCCESS, + "CentralizedConfiguration update-group done."); + + EXPECT_TRUE(wasGetGroupIdFunctionCalled); + EXPECT_TRUE(wasDownloadGroupFilesFunctionCalled); + }(), + boost::asio::detached); + + io_context.run(); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/agent/command_handler/CMakeLists.txt b/src/agent/command_handler/CMakeLists.txt index c9111b1d92..440b0c14d6 100644 --- a/src/agent/command_handler/CMakeLists.txt +++ b/src/agent/command_handler/CMakeLists.txt @@ -8,13 +8,15 @@ project(CommandHandler) include(../../cmake/CommonSettings.cmake) set_common_settings() +find_package(Boost REQUIRED COMPONENTS asio) + add_library(CommandHandler src/command_handler.cpp) include(../../cmake/ConfigureTarget.cmake) configure_target(CommandHandler) -target_include_directories(CommandHandler PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/../command_store/include) -target_link_libraries(CommandHandler PUBLIC CommandStore) +target_include_directories(CommandHandler PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) +target_link_libraries(CommandHandler PUBLIC CommandStore Boost::asio Logger) if(BUILD_TESTS) enable_testing() diff --git a/src/agent/command_handler/include/command_handler.hpp b/src/agent/command_handler/include/command_handler.hpp index 931cc9d46b..dcd14634ef 100644 --- a/src/agent/command_handler/include/command_handler.hpp +++ b/src/agent/command_handler/include/command_handler.hpp @@ -1,28 +1,56 @@ #pragma once -#include #include #include +#include + #include +#include +#include #include -#include +#include namespace command_handler { + /// @brief CommandHandler class + /// + /// This class is responsible for executing commands retrieved from the command + /// store. It provides a way to dispatch commands to the corresponding + /// command handlers and manage the command execution results. class CommandHandler { public: + /// @brief CommandHandler constructor + /// @param dbFolderPath The path to the database folder + CommandHandler(const std::string& dbFolderPath) + : m_commandStore(dbFolderPath) + { + } + + /// @brief Processes commands asynchronously + /// + /// This task retrieves commands from the queue and dispatches them for execution. + /// If no command is available, it waits for a specified duration before retrying. + /// + /// @tparam T The type of the command to process + /// @param GetCommandFromQueue Function to retrieve a command from the queue + /// @param PopCommandFromQueue Function to remove a command from the queue + /// @param ReportCommandResult Function to report a command result + /// @param DispatchCommand Function to dispatch the command for execution template - boost::asio::awaitable ProcessCommandsFromQueue( + boost::asio::awaitable CommandsProcessingTask( const std::function()> GetCommandFromQueue, const std::function PopCommandFromQueue, - const std::function(T&)> DispatchCommand) + const std::function ReportCommandResult, + const std::function(T&)> DispatchCommand) { using namespace std::chrono_literals; const auto executor = co_await boost::asio::this_coro::executor; std::unique_ptr expTimer = std::make_unique(executor); + CleanUpInProgressCommands(ReportCommandResult); + while (m_keepRunning.load()) { auto cmd = GetCommandFromQueue(); @@ -33,22 +61,67 @@ namespace command_handler continue; } - m_commandStore.StoreCommand(cmd.value()); - PopCommandFromQueue(); - auto result = DispatchCommand(cmd.value()); + if (!m_commandStore.StoreCommand(cmd.value())) + { + cmd.value().ExecutionResult.ErrorCode = module_command::Status::FAILURE; + cmd.value().ExecutionResult.Message = "Agent's database failure"; + LogError("Error storing command: {} {}. Error: {}", + cmd.value().Id, + cmd.value().Command, + cmd.value().ExecutionResult.Message); + ReportCommandResult(cmd.value()); + PopCommandFromQueue(); + continue; + } - cmd.value().m_status = std::get<0>(result); - cmd.value().m_result = std::get<1>(result); - m_commandStore.UpdateCommand(cmd.value()); + PopCommandFromQueue(); - LogInfo("Done processing command: {}({})", cmd.value().m_command, cmd.value().m_module); + co_spawn( + executor, + [cmd, DispatchCommand, this]() mutable -> boost::asio::awaitable + { + cmd.value().ExecutionResult = co_await DispatchCommand(cmd.value()); + m_commandStore.UpdateCommand(cmd.value()); + LogInfo("Done processing command: {}({})", cmd.value().Command, cmd.value().Module); + co_return; + }, + boost::asio::detached); } } + /// @brief Stops the command handler void Stop(); private: + /// @brief Clean up commands that are in progress when the agent is stopped + /// + /// This function will set the status of all commands that are currently in + /// progress to FAILED and update the command store. It will also call the + /// ReportCommandResult function for each command to report the result. + /// + /// @tparam T The type of the command + /// @param ReportCommandResult The function to report the command result + template + void CleanUpInProgressCommands(std::function ReportCommandResult) + { + auto cmds = m_commandStore.GetCommandByStatus(module_command::Status::IN_PROGRESS); + + if (cmds != std::nullopt) + { + for (auto& cmd : *cmds) + { + cmd.ExecutionResult.ErrorCode = module_command::Status::FAILURE; + cmd.ExecutionResult.Message = "Agent stopped during execution"; + ReportCommandResult(cmd); + m_commandStore.UpdateCommand(cmd); + } + } + } + + /// @brief Indicates whether the command handler is running or not std::atomic m_keepRunning = true; + + /// @brief An instance of the command store command_store::CommandStore m_commandStore; }; } // namespace command_handler diff --git a/src/agent/command_handler/tests/command_handler_test.cpp b/src/agent/command_handler/tests/command_handler_test.cpp index 1907bf7b69..bddc071b24 100644 --- a/src/agent/command_handler/tests/command_handler_test.cpp +++ b/src/agent/command_handler/tests/command_handler_test.cpp @@ -4,7 +4,7 @@ TEST(CommandHandlerTest, CommandHandlerConstructor) { - EXPECT_NO_THROW(command_handler::CommandHandler cm); + EXPECT_NO_THROW(command_handler::CommandHandler cm(".")); } int main(int argc, char** argv) diff --git a/src/agent/command_store/CMakeLists.txt b/src/agent/command_store/CMakeLists.txt index 6007738718..677c1d391d 100644 --- a/src/agent/command_store/CMakeLists.txt +++ b/src/agent/command_store/CMakeLists.txt @@ -8,15 +8,13 @@ project(CommandStore) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - add_library(CommandStore src/command_store.cpp) include(../../cmake/ConfigureTarget.cmake) configure_target(CommandStore) target_include_directories(CommandStore PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) -target_link_libraries(CommandStore PUBLIC SQLiteManager PRIVATE Logger) +target_link_libraries(CommandStore PUBLIC SQLiteManager ModuleCommand PRIVATE Logger) if(BUILD_TESTS) enable_testing() diff --git a/src/agent/command_store/include/command.hpp b/src/agent/command_store/include/command.hpp deleted file mode 100644 index 1cdfa09b1b..0000000000 --- a/src/agent/command_store/include/command.hpp +++ /dev/null @@ -1,49 +0,0 @@ -#pragma once - -#include -#include - -namespace command_store -{ - enum class Status - { - SUCCESS, - FAILURE, - IN_PROGRESS, - TIMEOUT, - UNKNOWN - }; - - class Command - { - public: - Command() - : m_status(Status::UNKNOWN) - , m_time(0.0) - { - } - - Command(const std::string& id, - const std::string& module, - const std::string& command, - const std::string& parameters, - const std::string& result, - Status status) - : m_id(id) - , m_module(module) - , m_command(command) - , m_parameters(parameters) - , m_result(result) - , m_status(status) - { - } - - std::string m_id; - std::string m_module; - std::string m_command; - std::string m_parameters; - std::string m_result; - Status m_status; - double m_time; - }; -} // namespace command_store diff --git a/src/agent/command_store/include/command_store.hpp b/src/agent/command_store/include/command_store.hpp index b6e66d6251..aacd769978 100644 --- a/src/agent/command_store/include/command_store.hpp +++ b/src/agent/command_store/include/command_store.hpp @@ -1,6 +1,6 @@ #pragma once -#include +#include #include #include @@ -9,25 +9,66 @@ namespace command_store { - const std::string COMMANDSTORE_DEFAULT_DB_PATH = "command_store.db"; + const std::string COMMANDSTORE_DB_NAME = "command_store.db"; const std::string COMMANDSTORE_TABLE_NAME = "COMMAND"; + /// @brief CommandStore class + /// + /// This class provides methods for storing, retrieving, and deleting commands + /// in the command store database. It uses a SQLite database to store the + /// commands. class CommandStore { private: + /// @brief The SQLite database object std::unique_ptr m_dataBase; + /// @brief Gets the current timestamp in seconds + /// @return The current timestamp in seconds double GetCurrentTimestampAsReal(); - Status StatusFromInt(const int i); + + /// @brief Converts an integer to a module_command::Status value + /// @param i The integer to convert + /// @return The module_command::Status value corresponding + module_command::Status StatusFromInt(const int i); public: - CommandStore(); + /// @brief CommandStore constructor + /// @param dbFolderPath The path to the database folder + CommandStore(const std::string& dbFolderPath); + /// @brief Clears all commands from the database + /// @return True if successful, false otherwise bool Clear(); + + /// @brief Gets the count of commands in the database + /// @return The number of commands in the database int GetCount(); - bool StoreCommand(const Command& cmd); + + /// @brief Stores a command in the database + /// @param cmd The command to store + /// @return True if successful, false otherwise + bool StoreCommand(const module_command::CommandEntry& cmd); + + /// @brief Deletes a command from the database by ID + /// @param id The ID of the command to delete + /// @return True if successful, false otherwise bool DeleteCommand(const std::string& id); - std::optional GetCommand(const std::string& id); - bool UpdateCommand(const Command& cmd); + + /// @brief Retrieves a command from the database by ID + /// @param id The ID of the command to retrieve + /// @return An optional containing the command if found, or nullopt if not + std::optional GetCommand(const std::string& id); + + /// @brief Retrieves a vector of commands from the database by status + /// @param status The status of the commands to retrieve + /// @return An optional containing the commands if found, or nullopt if not + std::optional> + GetCommandByStatus(const module_command::Status& status); + + /// @brief Updates an existing command in the database + /// @param cmd The updated command data + /// @return True if successful, false otherwise + bool UpdateCommand(const module_command::CommandEntry& cmd); }; } // namespace command_store diff --git a/src/agent/command_store/src/command_store.cpp b/src/agent/command_store/src/command_store.cpp index 93b6c33454..e90286f1f3 100644 --- a/src/agent/command_store/src/command_store.cpp +++ b/src/agent/command_store/src/command_store.cpp @@ -3,25 +3,28 @@ #include #include +#include + +#include namespace command_store { constexpr double MILLISECS_IN_A_SEC = 1000.0; - Status CommandStore::StatusFromInt(const int i) + module_command::Status CommandStore::StatusFromInt(const int i) { switch (i) { - case 0: return Status::SUCCESS; break; - case 1: return Status::FAILURE; break; - case 2: return Status::IN_PROGRESS; break; - case 3: return Status::TIMEOUT; break; - default: return Status::UNKNOWN; break; + case 0: return module_command::Status::SUCCESS; break; + case 1: return module_command::Status::FAILURE; break; + case 2: return module_command::Status::IN_PROGRESS; break; + case 3: return module_command::Status::TIMEOUT; break; + default: return module_command::Status::UNKNOWN; break; } } - CommandStore::CommandStore() - : m_dataBase(std::make_unique(COMMANDSTORE_DEFAULT_DB_PATH)) + CommandStore::CommandStore(const std::string& dbFolderPath) + : m_dataBase(std::make_unique(dbFolderPath + "/" + COMMANDSTORE_DB_NAME)) { sqlite_manager::Column colId {"id", sqlite_manager::ColumnType::TEXT, true, false, true}; sqlite_manager::Column colModule {"module", sqlite_manager::ColumnType::TEXT, true, false, false}; @@ -81,17 +84,18 @@ namespace command_store MILLISECS_IN_A_SEC; } - bool CommandStore::StoreCommand(const Command& cmd) + bool CommandStore::StoreCommand(const module_command::CommandEntry& cmd) { std::vector fields; - fields.emplace_back("id", sqlite_manager::ColumnType::TEXT, cmd.m_id); - fields.emplace_back("module", sqlite_manager::ColumnType::TEXT, cmd.m_module); - fields.emplace_back("command", sqlite_manager::ColumnType::TEXT, cmd.m_command); + fields.emplace_back("id", sqlite_manager::ColumnType::TEXT, cmd.Id); + fields.emplace_back("module", sqlite_manager::ColumnType::TEXT, cmd.Module); + fields.emplace_back("command", sqlite_manager::ColumnType::TEXT, cmd.Command); fields.emplace_back("time", sqlite_manager::ColumnType::REAL, std::to_string(GetCurrentTimestampAsReal())); - fields.emplace_back("parameters", sqlite_manager::ColumnType::TEXT, cmd.m_parameters); - fields.emplace_back("result", sqlite_manager::ColumnType::TEXT, cmd.m_result); - fields.emplace_back( - "status", sqlite_manager::ColumnType::INTEGER, std::to_string(static_cast(cmd.m_status))); + fields.emplace_back("parameters", sqlite_manager::ColumnType::TEXT, cmd.Parameters.dump()); + fields.emplace_back("result", sqlite_manager::ColumnType::TEXT, cmd.ExecutionResult.Message); + fields.emplace_back("status", + sqlite_manager::ColumnType::INTEGER, + std::to_string(static_cast(cmd.ExecutionResult.ErrorCode))); try { m_dataBase->Insert(COMMANDSTORE_TABLE_NAME, fields); @@ -120,7 +124,7 @@ namespace command_store return true; } - std::optional CommandStore::GetCommand(const std::string& id) + std::optional CommandStore::GetCommand(const std::string& id) { try { @@ -132,36 +136,36 @@ namespace command_store return std::nullopt; } - Command cmd; + module_command::CommandEntry cmd; for (const sqlite_manager::Column& col : cmdData[0]) { - if (col.m_name == "id") + if (col.Name == "id") { - cmd.m_id = col.m_value; + cmd.Id = col.Value; } - else if (col.m_name == "module") + else if (col.Name == "module") { - cmd.m_module = col.m_value; + cmd.Module = col.Value; } - else if (col.m_name == "command") + else if (col.Name == "command") { - cmd.m_command = col.m_value; + cmd.Command = col.Value; } - else if (col.m_name == "parameters") + else if (col.Name == "parameters") { - cmd.m_parameters = col.m_value; + cmd.Parameters = nlohmann::json::parse(col.Value); } - else if (col.m_name == "result") + else if (col.Name == "result") { - cmd.m_result = col.m_value; + cmd.ExecutionResult.Message = col.Value; } - else if (col.m_name == "status") + else if (col.Name == "status") { - cmd.m_status = StatusFromInt(std::stoi(col.m_value)); + cmd.ExecutionResult.ErrorCode = StatusFromInt(std::stoi(col.Value)); } - else if (col.m_name == "time") + else if (col.Name == "time") { - cmd.m_time = std::stod(col.m_value); + cmd.Time = std::stod(col.Value); } } return cmd; @@ -173,22 +177,88 @@ namespace command_store } } - bool CommandStore::UpdateCommand(const Command& cmd) + std::optional> + CommandStore::GetCommandByStatus(const module_command::Status& status) + { + try + { + auto cmdData = m_dataBase->Select(COMMANDSTORE_TABLE_NAME, + {}, + {sqlite_manager::Column("status", + sqlite_manager::ColumnType::INTEGER, + std::to_string(static_cast(status)))}); + + if (cmdData.empty()) + { + return std::nullopt; + } + + std::vector commands; + + for (const auto& row : cmdData) + { + module_command::CommandEntry cmd; + + for (const sqlite_manager::Column& col : row) + { + if (col.Name == "id") + { + cmd.Id = col.Value; + } + else if (col.Name == "module") + { + cmd.Module = col.Value; + } + else if (col.Name == "command") + { + cmd.Command = col.Value; + } + else if (col.Name == "parameters") + { + cmd.Parameters = nlohmann::json::parse(col.Value); + } + else if (col.Name == "result") + { + cmd.ExecutionResult.Message = col.Value; + } + else if (col.Name == "status") + { + cmd.ExecutionResult.ErrorCode = StatusFromInt(std::stoi(col.Value)); + } + else if (col.Name == "time") + { + cmd.Time = std::stod(col.Value); + } + } + + commands.push_back(cmd); + } + return commands; + } + catch (const std::exception& e) + { + LogError("Select operation failed: {}.", e.what()); + return std::nullopt; + } + } + + bool CommandStore::UpdateCommand(const module_command::CommandEntry& cmd) { std::vector fields; - if (!cmd.m_module.empty()) - fields.emplace_back("module", sqlite_manager::ColumnType::TEXT, cmd.m_module); - if (!cmd.m_command.empty()) - fields.emplace_back("command", sqlite_manager::ColumnType::TEXT, cmd.m_command); - if (!cmd.m_parameters.empty()) - fields.emplace_back("parameters", sqlite_manager::ColumnType::TEXT, cmd.m_parameters); - if (!cmd.m_result.empty()) - fields.emplace_back("result", sqlite_manager::ColumnType::TEXT, cmd.m_result); - if (cmd.m_status != Status::UNKNOWN) - fields.emplace_back( - "status", sqlite_manager::ColumnType::INTEGER, std::to_string(static_cast(cmd.m_status))); - - sqlite_manager::Column condition("id", sqlite_manager::ColumnType::TEXT, cmd.m_id); + if (!cmd.Module.empty()) + fields.emplace_back("module", sqlite_manager::ColumnType::TEXT, cmd.Module); + if (!cmd.Command.empty()) + fields.emplace_back("command", sqlite_manager::ColumnType::TEXT, cmd.Command); + if (!cmd.Parameters.empty()) + fields.emplace_back("parameters", sqlite_manager::ColumnType::TEXT, cmd.Parameters.dump()); + if (!cmd.ExecutionResult.Message.empty()) + fields.emplace_back("result", sqlite_manager::ColumnType::TEXT, cmd.ExecutionResult.Message); + if (cmd.ExecutionResult.ErrorCode != module_command::Status::UNKNOWN) + fields.emplace_back("status", + sqlite_manager::ColumnType::INTEGER, + std::to_string(static_cast(cmd.ExecutionResult.ErrorCode))); + + sqlite_manager::Column condition("id", sqlite_manager::ColumnType::TEXT, cmd.Id); try { m_dataBase->Update(COMMANDSTORE_TABLE_NAME, fields, {condition}); diff --git a/src/agent/command_store/tests/command_store_test.cpp b/src/agent/command_store/tests/command_store_test.cpp index 25622baeb2..415bf26ba4 100644 --- a/src/agent/command_store/tests/command_store_test.cpp +++ b/src/agent/command_store/tests/command_store_test.cpp @@ -1,6 +1,12 @@ #include #include +#include + +#include +#include +#include +#include constexpr char TESTID_5[] = "5"; constexpr char TESTID_9[] = "9"; @@ -13,7 +19,7 @@ class CommandStoreTest : public ::testing::Test void SetUp() override { - m_commandStore = std::make_unique(); + m_commandStore = std::make_unique("."); } void TearDown() override {} @@ -24,62 +30,97 @@ TEST_F(CommandStoreTest, StoreCommandTest) m_commandStore->Clear(); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd1( - TESTID_5, "Module1", "{CommandTextHERE}", "Parameter1", "Result1", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd1( + TESTID_5, "Module1", "{CommandTextHERE}", {"Parameter1"}, "Result1", module_command::Status::IN_PROGRESS); bool retVal = m_commandStore->StoreCommand(cmd1); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd2( - TESTID_9, "Module2", R"({"Some"="thing"})", "Parameter2", "Result2", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd2( + TESTID_9, "Module2", R"({"Some"="thing"})", {"Parameter2"}, "Result2", module_command::Status::IN_PROGRESS); retVal = m_commandStore->StoreCommand(cmd2); ASSERT_EQ(retVal, true); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd3( - TESTID_5, "Module3", "{CommandTextHERE}", "Parameter3", "Result3", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd3( + TESTID_5, "Module3", "{CommandTextHERE}", {"Parameter3"}, "Result3", module_command::Status::IN_PROGRESS); retVal = m_commandStore->StoreCommand(cmd3); ASSERT_EQ(retVal, false); ASSERT_EQ(m_commandStore->GetCount(), 2); } +TEST_F(CommandStoreTest, StoreCommandTestParameters) +{ + m_commandStore->Clear(); + + // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) + module_command::CommandEntry cmd1(TESTID_5, + "Module1", + "{CommandTextHERE}", + {"Parameter1", "Parameter 2", "3"}, + "Result1", + module_command::Status::IN_PROGRESS); + const bool retVal = m_commandStore->StoreCommand(cmd1); + ASSERT_TRUE(retVal); + + ASSERT_EQ(m_commandStore->GetCount(), 1); + + // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) + std::optional retValue = m_commandStore->GetCommand(TESTID_5); + if (retValue.has_value()) + { + const module_command::CommandEntry& cmd = retValue.value(); + ASSERT_EQ(cmd.Id, TESTID_5); + ASSERT_EQ(cmd.Module, "Module1"); + ASSERT_EQ(cmd.Command, "{CommandTextHERE}"); + std::vector expected = {"Parameter1", "Parameter 2", "3"}; + ASSERT_EQ(cmd.Parameters, expected); + ASSERT_EQ(cmd.ExecutionResult.Message, "Result1"); + ASSERT_EQ(cmd.ExecutionResult.ErrorCode, module_command::Status::IN_PROGRESS); + } + else + { + FAIL(); + } +} + TEST_F(CommandStoreTest, UpdateCommandTest) { m_commandStore->Clear(); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd1( - TESTID_5, "Module1", "{CommandTextHERE}", "Parameter1", "Result1", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd1( + TESTID_5, "Module1", "{CommandTextHERE}", {"Parameter1"}, "Result1", module_command::Status::IN_PROGRESS); m_commandStore->StoreCommand(cmd1); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd2( - TESTID_9, "Module2", R"({"Some"="thing"})", "Parameter2", "Result2", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd2( + TESTID_9, "Module2", R"({"Some"="thing"})", {"Parameter2"}, "Result2", module_command::Status::IN_PROGRESS); m_commandStore->StoreCommand(cmd2); ASSERT_EQ(m_commandStore->GetCount(), 2); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmdUpdate(TESTID_9, - "Updated Module", - "Updated Command", - "Updated Parameter", - "Updated Result", - command_store::Status::SUCCESS); + module_command::CommandEntry cmdUpdate(TESTID_9, + "Updated Module", + "Updated CommandEntry", + {"Updated Parameter"}, + "Updated Result", + module_command::Status::SUCCESS); bool retVal = m_commandStore->UpdateCommand(cmdUpdate); ASSERT_EQ(retVal, true); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - std::optional retValue = m_commandStore->GetCommand(TESTID_9); + std::optional retValue = m_commandStore->GetCommand(TESTID_9); if (retValue.has_value()) { - const command_store::Command& cmd = retValue.value(); - ASSERT_EQ(cmd.m_id, TESTID_9); - ASSERT_EQ(cmd.m_module, "Updated Module"); - ASSERT_EQ(cmd.m_command, "Updated Command"); - ASSERT_EQ(cmd.m_parameters, "Updated Parameter"); - ASSERT_EQ(cmd.m_result, "Updated Result"); - ASSERT_EQ(cmd.m_status, command_store::Status::SUCCESS); + const module_command::CommandEntry& cmd = retValue.value(); + ASSERT_EQ(cmd.Id, TESTID_9); + ASSERT_EQ(cmd.Module, "Updated Module"); + ASSERT_EQ(cmd.Command, "Updated CommandEntry"); + ASSERT_EQ(cmd.Parameters, std::vector {"Updated Parameter"}); + ASSERT_EQ(cmd.ExecutionResult.Message, "Updated Result"); + ASSERT_EQ(cmd.ExecutionResult.ErrorCode, module_command::Status::SUCCESS); } else { @@ -87,7 +128,8 @@ TEST_F(CommandStoreTest, UpdateCommandTest) } // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmdUpdate2(TESTID_9, "", "", "", "Newly Updated Result", command_store::Status::UNKNOWN); + module_command::CommandEntry cmdUpdate2( + TESTID_9, "", "", {}, "Newly Updated Result", module_command::Status::UNKNOWN); retVal = m_commandStore->UpdateCommand(cmdUpdate2); ASSERT_EQ(retVal, true); @@ -96,13 +138,13 @@ TEST_F(CommandStoreTest, UpdateCommandTest) retValue = m_commandStore->GetCommand(TESTID_9); if (retValue.has_value()) { - const command_store::Command& cmd = retValue.value(); - ASSERT_EQ(cmd.m_id, TESTID_9); - ASSERT_EQ(cmd.m_module, "Updated Module"); - ASSERT_EQ(cmd.m_command, "Updated Command"); - ASSERT_EQ(cmd.m_parameters, "Updated Parameter"); - ASSERT_EQ(cmd.m_result, "Newly Updated Result"); - ASSERT_EQ(cmd.m_status, command_store::Status::SUCCESS); + const module_command::CommandEntry& cmd = retValue.value(); + ASSERT_EQ(cmd.Id, TESTID_9); + ASSERT_EQ(cmd.Module, "Updated Module"); + ASSERT_EQ(cmd.Command, "Updated CommandEntry"); + ASSERT_EQ(cmd.Parameters, std::vector {"Updated Parameter"}); + ASSERT_EQ(cmd.ExecutionResult.Message, "Newly Updated Result"); + ASSERT_EQ(cmd.ExecutionResult.ErrorCode, module_command::Status::SUCCESS); } else { @@ -125,37 +167,74 @@ TEST_F(CommandStoreTest, GetCommandTest) m_commandStore->Clear(); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd1( - TESTID_5, "Module1", "{CommandTextHERE}", "Parameter1", "Result1", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd1( + TESTID_5, "Module1", "{CommandTextHERE}", {"Parameter1"}, "Result1", module_command::Status::IN_PROGRESS); m_commandStore->StoreCommand(cmd1); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd2( - TESTID_9, "Module2", "TestValue9", "Parameter2", "Result2", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd2( + TESTID_9, "Module2", "TestValue9", {"Parameter2"}, "Result2", module_command::Status::IN_PROGRESS); m_commandStore->StoreCommand(cmd2); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - command_store::Command cmd3( - TESTID_11, "Module3", "{CommandTextHERE}", "Parameter3", "Result3", command_store::Status::IN_PROGRESS); + module_command::CommandEntry cmd3( + TESTID_11, "Module3", "{CommandTextHERE}", {"Parameter3"}, "Result3", module_command::Status::IN_PROGRESS); m_commandStore->StoreCommand(cmd3); ASSERT_EQ(m_commandStore->GetCount(), 3); // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) - std::optional retValue = m_commandStore->GetCommand(TESTID_9); + std::optional retValue = m_commandStore->GetCommand(TESTID_9); if (retValue.has_value()) { - const command_store::Command& cmd = retValue.value(); - ASSERT_EQ(cmd.m_id, TESTID_9); - ASSERT_EQ(cmd.m_module, "Module2"); - ASSERT_EQ(cmd.m_command, "TestValue9"); + const module_command::CommandEntry& cmd = retValue.value(); + ASSERT_EQ(cmd.Id, TESTID_9); + ASSERT_EQ(cmd.Module, "Module2"); + ASSERT_EQ(cmd.Command, "TestValue9"); } // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) retValue = m_commandStore->GetCommand(TESTID_11); if (retValue.has_value()) { - const command_store::Command& cmd = retValue.value(); - ASSERT_EQ(cmd.m_id, TESTID_11); - ASSERT_EQ(cmd.m_module, "Module3"); - ASSERT_EQ(cmd.m_command, "{CommandTextHERE}"); + const module_command::CommandEntry& cmd = retValue.value(); + ASSERT_EQ(cmd.Id, TESTID_11); + ASSERT_EQ(cmd.Module, "Module3"); + ASSERT_EQ(cmd.Command, "{CommandTextHERE}"); + } +} + +TEST_F(CommandStoreTest, GetCommandByStatusTest) +{ + m_commandStore->Clear(); + + // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) + module_command::CommandEntry cmd1( + TESTID_5, "Module1", "{CommandTextHERE}", {"Parameter1"}, "Result1", module_command::Status::SUCCESS); + m_commandStore->StoreCommand(cmd1); + // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) + module_command::CommandEntry cmd2( + TESTID_9, "Module2", "TestValue9", {"Parameter2"}, "Result2", module_command::Status::IN_PROGRESS); + m_commandStore->StoreCommand(cmd2); + // NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers) + module_command::CommandEntry cmd3( + TESTID_11, "Module3", "{CommandTextHERE}", {"Parameter3"}, "Result3", module_command::Status::SUCCESS); + m_commandStore->StoreCommand(cmd3); + ASSERT_EQ(m_commandStore->GetCount(), 3); + + auto retValue = m_commandStore->GetCommandByStatus(module_command::Status::IN_PROGRESS); + if (retValue != std::nullopt && retValue.has_value()) + { + for (auto& cmd : *retValue) + { + ASSERT_EQ(cmd.ExecutionResult.ErrorCode, module_command::Status::IN_PROGRESS); + } + } + + retValue = m_commandStore->GetCommandByStatus(module_command::Status::SUCCESS); + if (retValue != std::nullopt && retValue.has_value()) + { + for (auto& cmd : *retValue) + { + ASSERT_EQ(cmd.ExecutionResult.ErrorCode, module_command::Status::SUCCESS); + } } } diff --git a/src/agent/communicator/CMakeLists.txt b/src/agent/communicator/CMakeLists.txt index 2ef6dc920f..022f60af44 100644 --- a/src/agent/communicator/CMakeLists.txt +++ b/src/agent/communicator/CMakeLists.txt @@ -8,16 +8,20 @@ project(Communicator) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - find_package(OpenSSL REQUIRED) -find_package(Boost REQUIRED COMPONENTS asio beast) +find_package(Boost REQUIRED COMPONENTS asio beast system url) find_package(nlohmann_json CONFIG REQUIRED) find_path(JWT_CPP_INCLUDE_DIRS "jwt-cpp/base.h") -add_library(Communicator src/communicator.cpp src/http_client.cpp) -target_include_directories(Communicator PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include SYSTEM INTERFACE ${JWT_CPP_INCLUDE_DIRS}) -target_link_libraries(Communicator PUBLIC Boost::asio PRIVATE Boost::beast OpenSSL::SSL OpenSSL::Crypto Logger) +add_library(Communicator src/communicator.cpp src/http_client.cpp src/http_request_params.cpp) + +target_include_directories(Communicator PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/include + SYSTEM PRIVATE + ${JWT_CPP_INCLUDE_DIRS}) + +target_compile_definitions(Communicator PRIVATE -DJWT_DISABLE_PICOJSON=ON) +target_link_libraries(Communicator PUBLIC Config Boost::asio Boost::beast Boost::system Boost::url Logger PRIVATE OpenSSL::SSL OpenSSL::Crypto nlohmann_json::nlohmann_json) include(../../cmake/ConfigureTarget.cmake) configure_target(Communicator) diff --git a/src/agent/communicator/include/communicator.hpp b/src/agent/communicator/include/communicator.hpp index a25ab4fbce..cfbcdb5022 100644 --- a/src/agent/communicator/include/communicator.hpp +++ b/src/agent/communicator/include/communicator.hpp @@ -2,57 +2,164 @@ #include +#include +#include + #include #include #include +#include #include +#include #include #include #include -#include #include namespace communicator { + /// @brief Communicator class + /// + /// This class handles communication with the server, manages authentication, + /// and processes messages. It provides methods for authentication, command + /// retrieval, and message processing, both stateful and stateless. It also + /// allows for stopping the communication process. class Communicator { public: + /// @brief Communicator constructor + /// @tparam ConfigGetter Type of the configuration getter function + /// @param httpClient The HTTP client to use for communication + /// @param uuid The unique identifier for the agent + /// @param key The key for authentication + /// @param getHeaderInfo Function to get the user agent header + /// @param getConfigValue Function to retrieve configuration values + template Communicator(std::unique_ptr httpClient, std::string uuid, std::string key, - const std::function& getStringConfigValue); + std::function getHeaderInfo, + const ConfigGetter& getConfigValue) + : m_httpClient(std::move(httpClient)) + , m_uuid(std::move(uuid)) + , m_key(std::move(key)) + , m_getHeaderInfo(std::move(getHeaderInfo)) + , m_token(std::make_shared()) + { + m_serverUrl = getConfigValue.template operator()("agent", "server_url") + .value_or(config::agent::DEFAULT_SERVER_URL); + + if (boost::urls::url_view url(m_serverUrl); url.scheme() != "https") + { + LogInfo("Using insecure connection."); + } + + m_retryInterval = getConfigValue.template operator()("agent", "retry_interval") + .value_or(config::agent::DEFAULT_RETRY_INTERVAL); + + m_batchInterval = getConfigValue.template operator()("events", "batch_interval") + .value_or(config::agent::DEFAULT_BATCH_INTERVAL); + + if (m_batchInterval < 1'000 || m_batchInterval > (1'000 * 60 * 60)) + { + LogWarn("batch_interval must be between 1s and 1h. Using default value."); + m_batchInterval = config::agent::DEFAULT_BATCH_INTERVAL; + } + + m_batchSize = getConfigValue.template operator()("events", "batch_size") + .value_or(config::agent::DEFAULT_BATCH_SIZE); + + if (m_batchSize < 1 || m_batchSize > 1'000'000) + { + LogWarn("batch_size must be between 1 and 1000000. Using default value."); + m_batchSize = config::agent::DEFAULT_BATCH_SIZE; + } + } + /// @brief Sends an authentication request to the manager + /// @return The HTTP status of the authentication request + boost::beast::http::status SendAuthenticationRequest(); + + /// @brief Waits for the authentication token to expire and authenticates again boost::asio::awaitable WaitForTokenExpirationAndAuthenticate(); - boost::asio::awaitable GetCommandsFromManager(std::function onSuccess); - boost::asio::awaitable - StatefulMessageProcessingTask(std::function()> getMessages, - std::function onSuccess); + + /// @brief Retrieves commands from the manager + /// @param onSuccess A callback function to execute when a command is received boost::asio::awaitable - StatelessMessageProcessingTask(std::function()> getMessages, - std::function onSuccess); + GetCommandsFromManager(std::function onSuccess); + + /// @brief Processes messages in a stateful manner + /// @param getMessages A function to retrieve a message from the queue + /// @param onSuccess A callback function to execute when a message is processed + boost::asio::awaitable StatefulMessageProcessingTask( + std::function>(const int)> getMessages, + std::function onSuccess); + + /// @brief Processes messages in a stateless manner + /// @param getMessages A function to retrieve a message from the queue + /// @param onSuccess A callback function to execute when a message is processed + boost::asio::awaitable StatelessMessageProcessingTask( + std::function>(const int)> getMessages, + std::function onSuccess); + + /// @brief Retrieves group configuration from the manager + /// @param groupName The name of the group to retrieve the configuration for + /// @param dstFilePath The path to the file to store the configuration in + /// @return true if the configuration was successfully retrieved, false otherwise + bool GetGroupConfigurationFromManager(const std::string& groupName, const std::string& dstFilePath); + /// @brief Stops the communication process void Stop(); private: + /// @brief Calculates the remaining time (in seconds) until the authentication token expires + /// @return The remaining time in seconds until the authentication token expires long GetTokenRemainingSecs() const; - boost::beast::http::status SendAuthenticationRequest(); - + /// @brief Checks if the authentication token has expired and authenticates again if necessary void TryReAuthenticate(); + /// @brief Indicates if the communication process should keep running std::atomic m_keepRunning = true; + + /// @brief The HTTP client to use for communication std::unique_ptr m_httpClient; + /// @brief Mutex to protect authentication attempts std::mutex m_reAuthMutex; + + /// @brief Indicates if an authentication attempt is currently in progress std::atomic m_isReAuthenticating = false; - std::string m_managerIp; - std::string m_port; + /// @brief Time in milliseconds between authentication attemps in case of failure + std::time_t m_retryInterval = config::agent::DEFAULT_RETRY_INTERVAL; + + /// @brief Time between batch requests + std::time_t m_batchInterval = config::agent::DEFAULT_BATCH_INTERVAL; + + /// @brief Maximum number of messages to batch + int m_batchSize = config::agent::DEFAULT_BATCH_SIZE; + + /// @brief The server URL + std::string m_serverUrl; + + /// @brief The agent's unique identifier std::string m_uuid; + + /// @brief The agent's key std::string m_key; + + /// @brief The user agent header + std::function m_getHeaderInfo; + + /// @brief The authentication token std::shared_ptr m_token; + + /// @brief The time (in seconds) until the authentication token expires long long m_tokenExpTimeInSeconds = 0; + + /// @brief Timer to wait for token expiration std::unique_ptr m_tokenExpTimer; }; } // namespace communicator diff --git a/src/agent/communicator/include/http_client.hpp b/src/agent/communicator/include/http_client.hpp index aa5052e913..cd9857caab 100644 --- a/src/agent/communicator/include/http_client.hpp +++ b/src/agent/communicator/include/http_client.hpp @@ -2,7 +2,6 @@ #include #include -#include #include #include @@ -15,38 +14,97 @@ namespace http_client { + /// @brief HTTP client implementation + /// + /// This class implements the IHttpClient interface, providing + /// functionality for creating and performing HTTP requests. class HttpClient : public IHttpClient { public: + /// @brief Constructs an HttpClient with optional factories + /// @param resolverFactory Factory to create HTTP resolvers + /// @param socketFactory Factory to create HTTP sockets HttpClient(std::shared_ptr resolverFactory = nullptr, std::shared_ptr socketFactory = nullptr); + /// @brief Creates an HTTP request + /// @param params Parameters for constructing the request + /// @return The constructed HTTP request boost::beast::http::request CreateHttpRequest(const HttpRequestParams& params) override; - boost::asio::awaitable - Co_PerformHttpRequest(std::shared_ptr token, - HttpRequestParams params, - std::function()> messageGetter, - std::function onUnauthorized, - std::function onSuccess = {}, - std::function loopRequestCondition = {}) override; + /// @brief Performs an asynchronous HTTP request + /// @param token Authorization token + /// @param params Request parameters + /// @param messageGetter Function to get the message body asynchronously + /// @param onUnauthorized Callback for unauthorized access + /// @param connectionRetry Time in milliseconds to wait before retrying the connection + /// @param batchInterval Time to wait between requests + /// @param batchSize The maximum number of messages to batch + /// @param onSuccess Callback for successful request completion + /// @param loopRequestCondition Condition to continue looping requests + /// @return Awaitable task for the HTTP request + boost::asio::awaitable Co_PerformHttpRequest( + std::shared_ptr token, + HttpRequestParams params, + std::function>(const int)> messageGetter, + std::function onUnauthorized, + std::time_t connectionRetry, + std::time_t batchInterval, + int batchSize, + std::function onSuccess = {}, + std::function loopRequestCondition = {}) override; + /// @brief Performs a synchronous HTTP request + /// @param params Parameters for the request + /// @return The HTTP response boost::beast::http::response PerformHttpRequest(const HttpRequestParams& params) override; - std::optional AuthenticateWithUuidAndKey(const std::string& host, - const std::string& port, + /// @brief Downloads HTTP response to a file + /// @param params Parameters for the request + /// @param dstFilePath Destination file path for the response + /// @return The HTTP response + boost::beast::http::response + PerformHttpRequestDownload(const HttpRequestParams& params, const std::string& dstFilePath) override; + + /// @brief Authenticates using UUID and key + /// @param serverUrl Server URL for authentication + /// @param userAgent User agent header + /// @param uuid Unique user identifier + /// @param key Authentication key + /// @return Authentication token if successful, otherwise nullopt + std::optional AuthenticateWithUuidAndKey(const std::string& serverUrl, + const std::string& userAgent, const std::string& uuid, const std::string& key) override; - std::optional AuthenticateWithUserPassword(const std::string& host, - const std::string& port, + /// @brief Authenticates using username and password + /// @param serverUrl Server URL for authentication + /// @param userAgent User agent header + /// @param user Username for authentication + /// @param password User password + /// @return Authentication token if successful, otherwise nullopt + std::optional AuthenticateWithUserPassword(const std::string& serverUrl, + const std::string& userAgent, const std::string& user, const std::string& password) override; private: + /// @brief Performs an HTTP request with a response handler + /// @param params Parameters for the request + /// @param responseHandler Handler for the response + /// @return The HTTP response + boost::beast::http::response PerformHttpRequestInternal( + const HttpRequestParams& params, + const std::function&, + boost::beast::http::response&, + boost::system::error_code&)>& responseHandler); + + /// @brief HTTP resolver factory std::shared_ptr m_resolverFactory; + + /// @brief HTTP socket factory std::shared_ptr m_socketFactory; }; } // namespace http_client diff --git a/src/agent/communicator/include/http_request_params.hpp b/src/agent/communicator/include/http_request_params.hpp new file mode 100644 index 0000000000..fabd908074 --- /dev/null +++ b/src/agent/communicator/include/http_request_params.hpp @@ -0,0 +1,44 @@ +#pragma once + +#include + +#include + +namespace http_client +{ + /// @struct HttpRequestParams + /// @brief Parameters for HTTP requests + struct HttpRequestParams + { + boost::beast::http::verb Method; + std::string Host; + std::string Port; + std::string Endpoint; + std::string User_agent; + std::string Token; + std::string User_pass; + std::string Body; + bool Use_Https; + + /// @brief Constructs HttpRequestParams with specified parameters + /// @param method The HTTP method to use + /// @param serverUrl The server URL for the request + /// @param endpoint The endpoint for the request + /// @param userAgent The user agent property for the request header + /// @param token Optional token for authorization + /// @param userPass Optional user credentials for basic authentication + /// @param body Optional body for the request + HttpRequestParams(boost::beast::http::verb method, + const std::string& serverUrl, + std::string endpoint, + std::string userAgent, + std::string token = "", + std::string userPass = "", + std::string body = ""); + + /// @brief Equality operator for comparing two HttpRequestParams objects + /// @param other The other HttpRequestParams object to compare with + /// @return True if equal, false otherwise + bool operator==(const HttpRequestParams& other) const; + }; +} // namespace http_client diff --git a/src/agent/communicator/include/ihttp_client.hpp b/src/agent/communicator/include/ihttp_client.hpp index 33c9397536..27a6197ef3 100644 --- a/src/agent/communicator/include/ihttp_client.hpp +++ b/src/agent/communicator/include/ihttp_client.hpp @@ -1,78 +1,91 @@ #pragma once +#include #include #include #include +#include #include #include #include #include +#include namespace http_client { - struct HttpRequestParams - { - boost::beast::http::verb Method; - std::string Host; - std::string Port; - std::string Endpoint; - std::string Token; - std::string User_pass; - std::string Body; - - HttpRequestParams(boost::beast::http::verb method, - const std::string& host, - const std::string& port, - const std::string& endpoint, - const std::string& token = "", - const std::string& user_pass = "", - const std::string& body = "") - : Method(method) - , Host(host) - , Port(port) - , Endpoint(endpoint) - , Token(token) - , User_pass(user_pass) - , Body(body) - { - } - - bool operator==(const HttpRequestParams& other) const - { - return Method == other.Method && Host == other.Host && Port == other.Port && Endpoint == other.Endpoint && - Token == other.Token && User_pass == other.User_pass && Body == other.Body; - } - }; - + /// @brief Interface for HTTP client implementations + /// + /// This interface provides a standard way of performing HTTP requests and + /// retrieving the response. class IHttpClient { public: + /// @brief Destroys the IHttpClient virtual ~IHttpClient() = default; + /// @brief Create an HTTP request + /// @param params The parameters for the request + /// @return The created request virtual boost::beast::http::request CreateHttpRequest(const HttpRequestParams& params) = 0; - virtual boost::asio::awaitable - Co_PerformHttpRequest(std::shared_ptr token, - HttpRequestParams params, - std::function()> messageGetter, - std::function onUnauthorized, - std::function onSuccess = {}, - std::function loopRequestCondition = {}) = 0; + /// @brief Coroutine to perform an HTTP request + /// @param token A shared pointer to the authentication token + /// @param params The parameters for the request + /// @param messageGetter Function to retrieve messages + /// @param onUnauthorized Action to take on unauthorized access + /// @param connectionRetry Time to wait before retrying the connection + /// @param batchInterval Time to wait between requests + /// @param batchSize The maximum number of messages to batch + /// @param onSuccess Action to take on successful request + /// @param loopRequestCondition Condition to continue the request loop + /// @return Awaitable task for the HTTP request + virtual boost::asio::awaitable Co_PerformHttpRequest( + std::shared_ptr token, + HttpRequestParams params, + std::function>(const int)> messageGetter, + std::function onUnauthorized, + std::time_t connectionRetry, + std::time_t batchInterval, + int batchSize, + std::function onSuccess = {}, + std::function loopRequestCondition = {}) = 0; + /// @brief Perform an HTTP request and receive the response + /// @param params The parameters for the request + /// @return The response virtual boost::beast::http::response PerformHttpRequest(const HttpRequestParams& params) = 0; - virtual std::optional AuthenticateWithUuidAndKey(const std::string& host, - const std::string& port, + /// @brief Authenticate with a UUID and key + /// @param serverUrl The URL of the server + /// @param userAgent The user agent header + /// @param uuid The UUID + /// @param key The key + /// @return The authentication token + virtual std::optional AuthenticateWithUuidAndKey(const std::string& serverUrl, + const std::string& userAgent, const std::string& uuid, const std::string& key) = 0; - virtual std::optional AuthenticateWithUserPassword(const std::string& host, - const std::string& port, + /// @brief Authenticate with a user and password + /// @param serverUrl The URL of the server + /// @param userAgent The user agent header + /// @param user The user + /// @param password The password + /// @return The authentication token + virtual std::optional AuthenticateWithUserPassword(const std::string& serverUrl, + const std::string& userAgent, const std::string& user, const std::string& password) = 0; + + /// @brief Perform an HTTP request, receive the response and write it to a file + /// @param params The parameters for the request + /// @param dstFilePath The path to the file where the response should be written + /// @return The response + virtual boost::beast::http::response + PerformHttpRequestDownload(const HttpRequestParams& params, const std::string& dstFilePath) = 0; }; } // namespace http_client diff --git a/src/agent/communicator/include/ihttp_resolver.hpp b/src/agent/communicator/include/ihttp_resolver.hpp index 9a6086cc44..f98f313c7a 100644 --- a/src/agent/communicator/include/ihttp_resolver.hpp +++ b/src/agent/communicator/include/ihttp_resolver.hpp @@ -6,14 +6,24 @@ namespace http_client { + /// @brief Interface for HTTP resolvers class IHttpResolver { public: + /// @brief Destroys the IHttpResolver virtual ~IHttpResolver() = default; + /// @brief Resolves a host and port to a list of endpoints + /// @param host The host to resolve + /// @param port The port to resolve + /// @return Resolved endpoints virtual boost::asio::ip::tcp::resolver::results_type Resolve(const std::string& host, const std::string& port) = 0; + /// @brief Asynchronously resolves a host and port to a list of endpoints + /// @param host The host to resolve + /// @param port The port to resolve + /// @return Awaitable resolved endpoints virtual boost::asio::awaitable AsyncResolve(const std::string& host, const std::string& port) = 0; }; diff --git a/src/agent/communicator/include/ihttp_resolver_factory.hpp b/src/agent/communicator/include/ihttp_resolver_factory.hpp index d248356f19..bd37e434a6 100644 --- a/src/agent/communicator/include/ihttp_resolver_factory.hpp +++ b/src/agent/communicator/include/ihttp_resolver_factory.hpp @@ -8,10 +8,16 @@ namespace http_client { + /// @brief Interface for HTTP resolver factories class IHttpResolverFactory { public: + /// @brief Destroys the IHttpResolverFactory virtual ~IHttpResolverFactory() = default; + + /// @brief Creates a new IHttpResolver + /// @param executor The executor to use for the resolver + /// @return The created IHttpResolver virtual std::unique_ptr Create(const boost::asio::any_io_executor& executor) = 0; }; } // namespace http_client diff --git a/src/agent/communicator/include/ihttp_socket.hpp b/src/agent/communicator/include/ihttp_socket.hpp index 3f46e3f98c..3fa3dc70ea 100644 --- a/src/agent/communicator/include/ihttp_socket.hpp +++ b/src/agent/communicator/include/ihttp_socket.hpp @@ -2,31 +2,64 @@ #include #include +#include + +#include namespace http_client { + /// @brief Interface for HTTP sockets class IHttpSocket { public: + /// @brief Virtual destructor virtual ~IHttpSocket() = default; - virtual void Connect(const boost::asio::ip::tcp::resolver::results_type& endpoints) = 0; + /// @brief Connects the socket to the given endpoints + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred + virtual void Connect(const boost::asio::ip::tcp::resolver::results_type& endpoints, + boost::system::error_code& ec) = 0; + /// @brief Asynchronous version of Connect + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred virtual boost::asio::awaitable AsyncConnect(const boost::asio::ip::tcp::resolver::results_type& endpoints, - boost::system::error_code& code) = 0; + boost::system::error_code& ec) = 0; - virtual void Write(const boost::beast::http::request& req) = 0; + /// @brief Writes the given request to the socket + /// @param req The request to write + /// @param ec The error code, if any occurred + virtual void Write(const boost::beast::http::request& req, + boost::system::error_code& ec) = 0; + /// @brief Asynchronous version of Write + /// @param req The request to write + /// @param ec The error code, if any occurred virtual boost::asio::awaitable AsyncWrite(const boost::beast::http::request& req, - boost::beast::error_code& ec) = 0; + boost::system::error_code& ec) = 0; + + /// @brief Reads a response from the socket + /// @param res The response to read + /// @param ec The error code, if any occurred + virtual void Read(boost::beast::http::response& res, + boost::system::error_code& ec) = 0; - virtual void Read(boost::beast::http::response& res) = 0; + /// @brief Reads a response from the socket and writes it to a file + /// @param res The response to read + /// @param dstFilePath The path to the file to write to + virtual void ReadToFile(boost::beast::http::response& res, + const std::string& dstFilePath) = 0; + /// @brief Asynchronous version of Read + /// @param res The response to read + /// @param ec The error code, if any occurred virtual boost::asio::awaitable AsyncRead(boost::beast::http::response& res, - boost::beast::error_code& ec) = 0; + boost::system::error_code& ec) = 0; + /// @brief Closes the socket virtual void Close() = 0; }; } // namespace http_client diff --git a/src/agent/communicator/include/ihttp_socket_factory.hpp b/src/agent/communicator/include/ihttp_socket_factory.hpp index d8a66e9717..5c6043b7d7 100644 --- a/src/agent/communicator/include/ihttp_socket_factory.hpp +++ b/src/agent/communicator/include/ihttp_socket_factory.hpp @@ -8,10 +8,18 @@ namespace http_client { + /// @brief Interface for HTTP socket factories class IHttpSocketFactory { public: + /// @brief Destroys the IHttpSocketFactory virtual ~IHttpSocketFactory() = default; - virtual std::unique_ptr Create(const boost::asio::any_io_executor& executor) = 0; + + /// @brief Creates a new IHttpSocket + /// @param executor The executor to use for the socket + /// @param use_https Indicates whether to use HTTPS + /// @return The created IHttpSocket + virtual std::unique_ptr Create(const boost::asio::any_io_executor& executor, + const bool use_https) = 0; }; } // namespace http_client diff --git a/src/agent/communicator/src/communicator.cpp b/src/agent/communicator/src/communicator.cpp index 3e28d59647..424b41c3ff 100644 --- a/src/agent/communicator/src/communicator.cpp +++ b/src/agent/communicator/src/communicator.cpp @@ -1,25 +1,13 @@ #include -#include - #include #include -#include - -#if defined(__GNUC__) && !defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" -#endif - #include - -#if defined(__GNUC__) && !defined(__clang__) -#pragma GCC diagnostic pop -#endif +#include #include #include -#include +#include #include #include @@ -28,46 +16,40 @@ namespace communicator constexpr int TOKEN_PRE_EXPIRY_SECS = 2; constexpr int A_SECOND_IN_MILLIS = 1000; - Communicator::Communicator(std::unique_ptr httpClient, - std::string uuid, - std::string key, - const std::function& getStringConfigValue) - : m_httpClient(std::move(httpClient)) - , m_uuid(std::move(uuid)) - , m_key(std::move(key)) - , m_token(std::make_shared()) - { - if (getStringConfigValue != nullptr) - { - m_managerIp = getStringConfigValue("agent", "manager_ip"); - m_port = getStringConfigValue("agent", "agent_comms_api_port"); - } - } - boost::beast::http::status Communicator::SendAuthenticationRequest() { - const auto token = m_httpClient->AuthenticateWithUuidAndKey(m_managerIp, m_port, m_uuid, m_key); + const auto token = m_httpClient->AuthenticateWithUuidAndKey( + m_serverUrl, m_getHeaderInfo ? m_getHeaderInfo() : "", m_uuid, m_key); if (token.has_value()) { *m_token = token.value(); + LogInfo("Successfully authenticated with the manager."); } else { - LogError("Failed to authenticate with the manager."); + LogWarn("Failed to authenticate with the manager. Retrying in {} seconds.", + m_retryInterval / A_SECOND_IN_MILLIS); return boost::beast::http::status::unauthorized; } - if (const auto decoded = jwt::decode(*m_token); decoded.has_payload_claim("exp")) + try { + const auto decoded = jwt::decode(*m_token); + + if (!decoded.has_payload_claim("exp")) + { + throw std::runtime_error("Token does not contain an 'exp' claim."); + } + const auto exp_claim = decoded.get_payload_claim("exp"); const auto exp_time = exp_claim.as_date(); m_tokenExpTimeInSeconds = std::chrono::duration_cast(exp_time.time_since_epoch()).count(); } - else + catch (const std::exception& e) { - LogError("Token does not contain an 'exp' claim."); + LogError("Failed to decode token: {}", e.what()); m_token->clear(); m_tokenExpTimeInSeconds = 1; return boost::beast::http::status::unauthorized; @@ -83,7 +65,8 @@ namespace communicator return std::max(0L, static_cast(m_tokenExpTimeInSeconds - now_seconds)); } - boost::asio::awaitable Communicator::GetCommandsFromManager(std::function onSuccess) + boost::asio::awaitable + Communicator::GetCommandsFromManager(std::function onSuccess) { auto onAuthenticationFailed = [this]() { @@ -95,10 +78,17 @@ namespace communicator return m_keepRunning.load(); }; - const auto reqParams = - http_client::HttpRequestParams(boost::beast::http::verb::get, m_managerIp, m_port, "/api/v1/commands"); - co_await m_httpClient->Co_PerformHttpRequest( - m_token, reqParams, {}, onAuthenticationFailed, onSuccess, loopCondition); + const auto reqParams = http_client::HttpRequestParams( + boost::beast::http::verb::get, m_serverUrl, "/api/v1/commands", m_getHeaderInfo ? m_getHeaderInfo() : ""); + co_await m_httpClient->Co_PerformHttpRequest(m_token, + reqParams, + {}, + onAuthenticationFailed, + m_retryInterval, + m_batchInterval, + m_batchSize, + onSuccess, + loopCondition); } boost::asio::awaitable Communicator::WaitForTokenExpirationAndAuthenticate() @@ -107,19 +97,33 @@ namespace communicator const auto executor = co_await boost::asio::this_coro::executor; m_tokenExpTimer = std::make_unique(executor); + if (auto remainingSecs = GetTokenRemainingSecs(); remainingSecs > TOKEN_PRE_EXPIRY_SECS) + { + m_tokenExpTimer->expires_after( + std::chrono::milliseconds((remainingSecs - TOKEN_PRE_EXPIRY_SECS) * A_SECOND_IN_MILLIS)); + co_await m_tokenExpTimer->async_wait(boost::asio::use_awaitable); + } + while (m_keepRunning.load()) { const auto duration = [this]() { - const auto result = SendAuthenticationRequest(); - if (result != boost::beast::http::status::ok) + try { - return std::chrono::milliseconds(A_SECOND_IN_MILLIS); + const auto result = SendAuthenticationRequest(); + if (result != boost::beast::http::status::ok) + { + return std::chrono::milliseconds(m_retryInterval); + } + else + { + return std::chrono::milliseconds((GetTokenRemainingSecs() - TOKEN_PRE_EXPIRY_SECS) * + A_SECOND_IN_MILLIS); + } } - else + catch (const std::exception&) { - return std::chrono::milliseconds((GetTokenRemainingSecs() - TOKEN_PRE_EXPIRY_SECS) * - A_SECOND_IN_MILLIS); + return std::chrono::milliseconds(m_retryInterval); } }(); @@ -132,19 +136,19 @@ namespace communicator { if (ec == boost::asio::error::operation_aborted) { - LogError("Token expiration timer was canceled."); + LogDebug("Token expiration timer was canceled."); } else { - LogError("Timer wait failed: {}.", ec.message()); + LogDebug("Timer wait failed: {}.", ec.message()); } } } } - boost::asio::awaitable - Communicator::StatefulMessageProcessingTask(std::function()> getMessages, - std::function onSuccess) + boost::asio::awaitable Communicator::StatefulMessageProcessingTask( + std::function>(const int)> getMessages, + std::function onSuccess) { auto onAuthenticationFailed = [this]() { @@ -156,15 +160,24 @@ namespace communicator return m_keepRunning.load(); }; - const auto reqParams = http_client::HttpRequestParams( - boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateful"); - co_await m_httpClient->Co_PerformHttpRequest( - m_token, reqParams, getMessages, onAuthenticationFailed, onSuccess, loopCondition); + const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::post, + m_serverUrl, + "/api/v1/events/stateful", + m_getHeaderInfo ? m_getHeaderInfo() : ""); + co_await m_httpClient->Co_PerformHttpRequest(m_token, + reqParams, + getMessages, + onAuthenticationFailed, + m_retryInterval, + m_batchInterval, + m_batchSize, + onSuccess, + loopCondition); } - boost::asio::awaitable - Communicator::StatelessMessageProcessingTask(std::function()> getMessages, - std::function onSuccess) + boost::asio::awaitable Communicator::StatelessMessageProcessingTask( + std::function>(const int)> getMessages, + std::function onSuccess) { auto onAuthenticationFailed = [this]() { @@ -176,10 +189,19 @@ namespace communicator return m_keepRunning.load(); }; - const auto reqParams = http_client::HttpRequestParams( - boost::beast::http::verb::post, m_managerIp, m_port, "/api/v1/events/stateless"); - co_await m_httpClient->Co_PerformHttpRequest( - m_token, reqParams, getMessages, onAuthenticationFailed, onSuccess, loopCondition); + const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::post, + m_serverUrl, + "/api/v1/events/stateless", + m_getHeaderInfo ? m_getHeaderInfo() : ""); + co_await m_httpClient->Co_PerformHttpRequest(m_token, + reqParams, + getMessages, + onAuthenticationFailed, + m_retryInterval, + m_batchInterval, + m_batchSize, + onSuccess, + loopCondition); } void Communicator::TryReAuthenticate() @@ -199,10 +221,25 @@ namespace communicator std::ostringstream oss; oss << threadId; std::string threadIdStr = oss.str(); - LogError("Re-authentication attempt by thread {} failed.", threadIdStr); + LogDebug("Re-authentication attempt by thread {} failed.", threadIdStr); } } + bool Communicator::GetGroupConfigurationFromManager(const std::string& groupName, const std::string& dstFilePath) + { + const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, + m_serverUrl, + "/api/v1/files?file_name=" + groupName + + config::DEFAULT_SHARED_FILE_EXTENSION, + m_getHeaderInfo ? m_getHeaderInfo() : "", + *m_token); + + const auto result = m_httpClient->PerformHttpRequestDownload(reqParams, dstFilePath); + + return result.result() >= boost::beast::http::status::ok && + result.result() < boost::beast::http::status::multiple_choices; + } + void Communicator::Stop() { m_keepRunning.store(false); diff --git a/src/agent/communicator/src/http_client.cpp b/src/agent/communicator/src/http_client.cpp index 68dab70825..447e16bb91 100644 --- a/src/agent/communicator/src/http_client.cpp +++ b/src/agent/communicator/src/http_client.cpp @@ -2,14 +2,45 @@ #include "http_resolver_factory.hpp" #include "http_socket_factory.hpp" +#include "ihttp_socket.hpp" #include #include #include +#include +#include +#include + +namespace +{ + boost::asio::awaitable WaitForTimer(std::shared_ptr timer, + const std::time_t retryInMillis) + { + if (!timer) + { + LogError("Timer is null."); + co_return; + } + const auto duration = std::chrono::milliseconds(retryInMillis); + (*timer).expires_after(duration); + co_await timer->async_wait(boost::asio::use_awaitable); + } + + std::string ResponseToString(const std::string& endpoint, + const boost::beast::http::response& res) + { + std::ostringstream stream; + stream << "Request endpoint: " << endpoint << "\nResponse: " << res; + return stream.str(); + } +} // namespace + namespace http_client { + constexpr int A_SECOND_IN_MILLIS = 1000; + HttpClient::HttpClient(std::shared_ptr resolverFactory, std::shared_ptr socketFactory) { @@ -40,7 +71,7 @@ namespace http_client boost::beast::http::request req { params.Method, params.Endpoint, HttpVersion1_1}; req.set(boost::beast::http::field::host, params.Host); - req.set(boost::beast::http::field::user_agent, BOOST_BEAST_VERSION_STRING); + req.set(boost::beast::http::field::user_agent, params.User_agent); req.set(boost::beast::http::field::accept, "application/json"); if (!params.Token.empty()) @@ -56,6 +87,7 @@ namespace http_client if (!params.Body.empty()) { req.set(boost::beast::http::field::content_type, "application/json"); + req.set(boost::beast::http::field::transfer_encoding, "chunked"); req.body() = params.Body; req.prepare_payload(); } @@ -63,47 +95,87 @@ namespace http_client return req; } -// Silence false positive warning introduced in newer versions of GCC -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wmismatched-new-delete" -#endif - boost::asio::awaitable - HttpClient::Co_PerformHttpRequest(std::shared_ptr token, - HttpRequestParams reqParams, - std::function()> messageGetter, - std::function onUnauthorized, - std::function onSuccess, - std::function loopRequestCondition) + boost::asio::awaitable HttpClient::Co_PerformHttpRequest( + std::shared_ptr token, + HttpRequestParams reqParams, + std::function>(const int)> messageGetter, + std::function onUnauthorized, + std::time_t connectionRetry, + std::time_t batchInterval, + int batchSize, + std::function onSuccess, + std::function loopRequestCondition) { using namespace std::chrono_literals; auto executor = co_await boost::asio::this_coro::executor; - boost::asio::steady_timer timer(executor); + auto timer = std::make_shared(executor); auto resolver = m_resolverFactory->Create(executor); do { - auto socket = m_socketFactory->Create(executor); + if (!token || token->empty()) + { + co_await WaitForTimer(timer, A_SECOND_IN_MILLIS); + continue; + } const auto results = co_await resolver->AsyncResolve(reqParams.Host, reqParams.Port); - boost::system::error_code code; - co_await socket->AsyncConnect(results, code); + if (results.empty()) + { + LogWarn("Failed to resolve host. Retrying in {} seconds.", connectionRetry / A_SECOND_IN_MILLIS); + co_await WaitForTimer(timer, connectionRetry); + continue; + } + + auto socket = m_socketFactory->Create(executor, reqParams.Use_Https); - if (code != boost::system::errc::success) + if (!socket) { - LogError("Connect failed: {}.", code.message()); - socket->Close(); - const auto duration = std::chrono::milliseconds(1000); - timer.expires_after(duration); - co_await timer.async_wait(boost::asio::use_awaitable); + LogWarn("Failed to create socket. Retrying in {} seconds.", connectionRetry / A_SECOND_IN_MILLIS); + co_await WaitForTimer(timer, connectionRetry); + continue; + } + + boost::system::error_code ec; + + co_await socket->AsyncConnect(results, ec); + + if (ec != boost::system::errc::success) + { + LogWarn("Failed to send http request to endpoint: {}. Retrying in {} seconds.", + reqParams.Endpoint, + connectionRetry / A_SECOND_IN_MILLIS); + LogDebug("Http request failed: {} - {}", ec.message(), ec.what()); + co_await WaitForTimer(timer, connectionRetry); continue; } + auto messagesCount = 0; + if (messageGetter != nullptr) { - reqParams.Body = co_await messageGetter(); + boost::asio::steady_timer refreshTimer(co_await boost::asio::this_coro::executor); + boost::asio::steady_timer batchTimeoutTimer(co_await boost::asio::this_coro::executor); + batchTimeoutTimer.expires_after(std::chrono::milliseconds(batchInterval)); + + while (loopRequestCondition != nullptr && loopRequestCondition()) + { + const auto messages = co_await messageGetter(batchSize); + messagesCount = std::get<0>(messages); + + if (messagesCount >= batchSize || batchTimeoutTimer.expiry() <= std::chrono::steady_clock::now()) + { + LogTrace("Messages count: {}", messagesCount); + reqParams.Body = std::get<1>(messages); + break; + } + + constexpr int refreshInterval = 100; + refreshTimer.expires_after(std::chrono::milliseconds(refreshInterval)); + co_await refreshTimer.async_wait(boost::asio::use_awaitable); + } } else { @@ -111,16 +183,17 @@ namespace http_client } reqParams.Token = *token; - auto req = CreateHttpRequest(reqParams); - boost::beast::error_code ec; + const auto req = CreateHttpRequest(reqParams); + co_await socket->AsyncWrite(req, ec); if (ec) { - LogError("Error writing request ({}): {}.", std::to_string(ec.value()), ec.message()); + LogWarn("Error writing request ({}): {}.", std::to_string(ec.value()), ec.message()); socket->Close(); - co_return; + co_await WaitForTimer(timer, connectionRetry); + continue; } boost::beast::http::response res; @@ -128,16 +201,20 @@ namespace http_client if (ec) { - LogError("Error reading response. Response code: {}.", res.result_int()); + LogWarn("Error reading response. Response code: {}.", res.result_int()); socket->Close(); - co_return; + co_await WaitForTimer(timer, connectionRetry); + continue; } - if (res.result() == boost::beast::http::status::ok) + std::time_t timerSleep = A_SECOND_IN_MILLIS; + + if (res.result() >= boost::beast::http::status::ok && + res.result() < boost::beast::http::status::multiple_choices) { if (onSuccess != nullptr) { - onSuccess(boost::beast::buffers_to_string(res.body().data())); + onSuccess(messagesCount, boost::beast::buffers_to_string(res.body().data())); } } else if (res.result() == boost::beast::http::status::unauthorized || @@ -147,77 +224,90 @@ namespace http_client { onUnauthorized(); } + timerSleep = connectionRetry; } - LogDebug("Response code: {}.", res.result_int()); - LogDebug("Response body: {}.", boost::beast::buffers_to_string(res.body().data())); + LogDebug("Request {}: Status {}", reqParams.Endpoint, res.result_int()); + LogTrace("{}", ResponseToString(reqParams.Endpoint, res)); - const auto duration = std::chrono::milliseconds(1000); - timer.expires_after(duration); - co_await timer.async_wait(boost::asio::use_awaitable); + co_await WaitForTimer(timer, timerSleep); } while (loopRequestCondition != nullptr && loopRequestCondition()); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif boost::beast::http::response HttpClient::PerformHttpRequest(const HttpRequestParams& params) { - boost::beast::http::response res; - - try - { - boost::asio::io_context io_context; - auto resolver = m_resolverFactory->Create(io_context.get_executor()); - - const auto results = resolver->Resolve(params.Host, params.Port); - - auto socket = m_socketFactory->Create(io_context.get_executor()); - socket->Connect(results); - - const auto req = CreateHttpRequest(params); - socket->Write(req); - socket->Read(res); - - LogDebug("Response code: {}.", res.result_int()); - LogDebug("Response body: {}.", boost::beast::buffers_to_string(res.body().data())); - } - catch (std::exception const& e) - { - LogError("Error: {}.", e.what()); - res.result(boost::beast::http::status::internal_server_error); - boost::beast::ostream(res.body()) << "Internal server error: " << e.what(); - res.prepare_payload(); - } + return PerformHttpRequestInternal(params, + [](std::unique_ptr& socket, + boost::beast::http::response& res, + boost::system::error_code& ec) { socket->Read(res, ec); }); + } - return res; + boost::beast::http::response + HttpClient::PerformHttpRequestDownload(const HttpRequestParams& params, const std::string& dstFilePath) + { + return PerformHttpRequestInternal( + params, + [&dstFilePath](std::unique_ptr& socket, + boost::beast::http::response& res, + boost::system::error_code&) { socket->ReadToFile(res, dstFilePath); }); } - std::optional HttpClient::AuthenticateWithUuidAndKey(const std::string& host, - const std::string& port, + std::optional HttpClient::AuthenticateWithUuidAndKey(const std::string& serverUrl, + const std::string& userAgent, const std::string& uuid, const std::string& key) { const std::string body = R"({"uuid":")" + uuid + R"(", "key":")" + key + "\"}"; const auto reqParams = http_client::HttpRequestParams( - boost::beast::http::verb::post, host, port, "/api/v1/authentication", "", "", body); + boost::beast::http::verb::post, serverUrl, "/api/v1/authentication", userAgent, "", "", body); const auto res = PerformHttpRequest(reqParams); - if (res.result() != boost::beast::http::status::ok) + if (res.result() < boost::beast::http::status::ok || + res.result() >= boost::beast::http::status::multiple_choices) { - LogError("Error: {}.", res.result_int()); + if (res.result() == boost::beast::http::status::unauthorized || + res.result() == boost::beast::http::status::forbidden) + { + std::string message {}; + + try + { + message = nlohmann::json::parse(boost::beast::buffers_to_string(res.body().data())) + .at("message") + .get_ref(); + } + catch (const std::exception& e) + { + LogError("Error parsing message in response: {}.", e.what()); + } + + if (message == "Invalid key" || message == "Agent does not exist") + { + throw std::runtime_error(message); + } + } + LogWarn("Error: {}.", res.result_int()); return std::nullopt; } - return nlohmann::json::parse(boost::beast::buffers_to_string(res.body().data())) - .at("token") - .get_ref(); + try + { + return nlohmann::json::parse(boost::beast::buffers_to_string(res.body().data())) + .at("token") + .get_ref(); + } + catch (const std::exception& e) + { + LogError("Error parsing token in response: {}.", e.what()); + } + + return std::nullopt; } - std::optional HttpClient::AuthenticateWithUserPassword(const std::string& host, - const std::string& port, + std::optional HttpClient::AuthenticateWithUserPassword(const std::string& serverUrl, + const std::string& userAgent, const std::string& user, const std::string& password) { @@ -229,19 +319,96 @@ namespace http_client boost::beast::detail::base64::encode(&basicAuth[0], userPass.c_str(), userPass.size()); const auto reqParams = http_client::HttpRequestParams( - boost::beast::http::verb::post, host, port, "/security/user/authenticate", "", basicAuth); + boost::beast::http::verb::post, serverUrl, "/security/user/authenticate", userAgent, "", basicAuth); const auto res = PerformHttpRequest(reqParams); - if (res.result() != boost::beast::http::status::ok) + if (res.result() < boost::beast::http::status::ok || + res.result() >= boost::beast::http::status::multiple_choices) { - LogError("Error: {}.", res.result_int()); + LogWarn("Error: {}.", res.result_int()); return std::nullopt; } - return nlohmann::json::parse(boost::beast::buffers_to_string(res.body().data())) - .at("data") - .at("token") - .get_ref(); + try + { + return nlohmann::json::parse(boost::beast::buffers_to_string(res.body().data())) + .at("data") + .at("token") + .get_ref(); + } + catch (const std::exception& e) + { + LogError("Error parsing token in response: {}.", e.what()); + } + + return std::nullopt; + } + + boost::beast::http::response HttpClient::PerformHttpRequestInternal( + const HttpRequestParams& params, + const std::function&, + boost::beast::http::response&, + boost::system::error_code&)>& responseHandler) + { + boost::beast::http::response res; + + try + { + boost::asio::io_context io_context; + auto resolver = m_resolverFactory->Create(io_context.get_executor()); + + const auto results = resolver->Resolve(params.Host, params.Port); + + if (results.empty()) + { + throw std::runtime_error("Failed to resolve host."); + } + + auto socket = m_socketFactory->Create(io_context.get_executor(), params.Use_Https); + + if (!socket) + { + throw std::runtime_error("Failed to create socket."); + } + + boost::system::error_code ec; + + socket->Connect(results, ec); + + if (ec) + { + throw std::runtime_error("Error connecting to host: " + ec.message()); + } + + const auto req = CreateHttpRequest(params); + + socket->Write(req, ec); + + if (ec) + { + throw std::runtime_error("Error writing request: " + ec.message()); + } + + responseHandler(socket, res, ec); + + if (ec) + { + throw std::runtime_error("Error handling response: " + ec.message()); + } + + LogDebug("Request {}: Status {}", params.Endpoint, res.result_int()); + LogTrace("{}", ResponseToString(params.Endpoint, res)); + } + catch (std::exception const& e) + { + LogError("Error: {}", e.what()); + + res.result(boost::beast::http::status::internal_server_error); + boost::beast::ostream(res.body()) << "Internal server error: " << e.what(); + res.prepare_payload(); + } + + return res; } } // namespace http_client diff --git a/src/agent/communicator/src/http_client_utils.hpp b/src/agent/communicator/src/http_client_utils.hpp new file mode 100644 index 0000000000..d966e1eba4 --- /dev/null +++ b/src/agent/communicator/src/http_client_utils.hpp @@ -0,0 +1,71 @@ +#include + +#include +#include +#include + +#include +#include +#include + +namespace http_client_utils +{ + /// @brief Reads a response from a socket and writes it to a file + /// @param socket The socket to read from + /// @param res The response to use + /// @param dstFilePath The path to the file to write to + template + void ReadToFile(SocketType& socket, + boost::beast::http::response& res, + const std::string& dstFilePath) + { + boost::beast::http::response_parser res_parser; + + res_parser.body_limit(std::numeric_limits::max()); + boost::beast::flat_buffer buffer; + boost::system::error_code error; + + boost::beast::http::read_header(socket, buffer, res_parser, error); + + if (error && error != boost::beast::http::error::need_buffer) + { + throw boost::system::system_error(error); + } + + unsigned int statusCode = res_parser.get().result_int(); + if (statusCode != 200) + { + return; + } + + std::ofstream file(dstFilePath, std::ios::binary); + if (!file) + { + throw std::runtime_error("The file could not be opened for writing: " + dstFilePath); + } + + while (!res_parser.is_done()) + { + boost::beast::http::read(socket, buffer, res_parser, error); + + if (error && error != boost::beast::http::error::need_buffer && error != boost::asio::error::eof) + { + file.close(); + throw boost::system::system_error(error); + } + + auto bodyData = res_parser.get().body().data(); + + for (auto const& bufferSeq : bodyData) + { + std::streamsize chunkSize = static_cast(bufferSeq.size()); + file.write(static_cast(bufferSeq.data()), chunkSize); + } + + res_parser.get().body().consume(res_parser.get().body().size()); + } + + res = res_parser.release(); + file.close(); + } +} // namespace http_client_utils diff --git a/src/agent/communicator/src/http_request_params.cpp b/src/agent/communicator/src/http_request_params.cpp new file mode 100644 index 0000000000..ca15da04d8 --- /dev/null +++ b/src/agent/communicator/src/http_request_params.cpp @@ -0,0 +1,55 @@ +#include + +#include +#include + +namespace http_client +{ + HttpRequestParams::HttpRequestParams(boost::beast::http::verb method, + const std::string& serverUrl, + std::string endpoint, + std::string userAgent, + std::string token, + std::string userPass, + std::string body) + : Method(method) + , Endpoint(std::move(endpoint)) + , User_agent(std::move(userAgent)) + , Token(std::move(token)) + , User_pass(std::move(userPass)) + , Body(std::move(body)) + { + const auto result = boost::urls::parse_uri(serverUrl); + + if (!result) + { + LogError("Invalid URL: {}. Error: {}", serverUrl, result.error().message()); + return; + } + + const auto& url = *result; + + if (url.scheme() != "http" && url.scheme() != "https") + { + LogError("Invalid URL scheme: {}", serverUrl); + return; + } + + if (url.host().empty()) + { + LogError("Invalid URL host: {}", serverUrl); + return; + } + + Use_Https = url.scheme() == "https"; + Host = url.host(); + Port = !url.port().empty() ? url.port() : (Use_Https ? "443" : "80"); + } + + bool HttpRequestParams::operator==(const HttpRequestParams& other) const + { + return Method == other.Method && Host == other.Host && Port == other.Port && Endpoint == other.Endpoint && + User_agent == other.User_agent && Token == other.Token && User_pass == other.User_pass && + Body == other.Body && Use_Https == other.Use_Https; + } +} // namespace http_client diff --git a/src/agent/communicator/src/http_resolver.hpp b/src/agent/communicator/src/http_resolver.hpp index aa5d855618..6489f22594 100644 --- a/src/agent/communicator/src/http_resolver.hpp +++ b/src/agent/communicator/src/http_resolver.hpp @@ -1,31 +1,71 @@ #include +#include #include +#include +#include #include namespace http_client { + /// @brief Implementation of IHttpResolver class HttpResolver : public IHttpResolver { public: + /// @brief Constructs an HttpResolver using the provided executor + /// @param io_context The io context to use for the resolver HttpResolver(const boost::asio::any_io_executor& io_context) : m_resolver(io_context) { } + /// @brief Resolves a host and port to a list of endpoints + /// @param host The host to resolve + /// @param port The port to resolve + /// @return Resolved endpoints boost::asio::ip::tcp::resolver::results_type Resolve(const std::string& host, const std::string& port) override { - return m_resolver.resolve(host, port); + try + { + boost::system::error_code ec; + + const auto results = m_resolver.resolve(host, port, ec); + + if (ec) + { + throw std::runtime_error(ec.message()); + } + + return results; + } + catch (const std::exception& e) + { + LogDebug("Failed to resolve host: {} port: {} with error: {}", host, port, e.what()); + return {}; + } } + /// @brief Asynchronously resolves a host and port to a list of endpoints + /// @param host The host to resolve + /// @param port The port to resolve + /// @return Awaitable resolved endpoints boost::asio::awaitable AsyncResolve(const std::string& host, const std::string& port) override { - co_return co_await m_resolver.async_resolve(host, port, boost::asio::use_awaitable); + try + { + co_return co_await m_resolver.async_resolve(host, port, boost::asio::use_awaitable); + } + catch (const std::exception& e) + { + LogDebug("Failed to asynchronously resolve host: {} port: {} with error: {}", host, port, e.what()); + co_return boost::asio::ip::tcp::resolver::results_type {}; + } } private: + /// @brief The resolver to use for resolving hosts and ports boost::asio::ip::tcp::resolver m_resolver; }; } // namespace http_client diff --git a/src/agent/communicator/src/http_resolver_factory.hpp b/src/agent/communicator/src/http_resolver_factory.hpp index 75f22f76bf..33e3b5bef9 100644 --- a/src/agent/communicator/src/http_resolver_factory.hpp +++ b/src/agent/communicator/src/http_resolver_factory.hpp @@ -10,9 +10,13 @@ namespace http_client { + /// @brief Implementation of IHttpResolverFactory class HttpResolverFactory : public IHttpResolverFactory { public: + /// @brief Creates a new IHttpResolver + /// @param executor The executor to use for the resolver + /// @return The created IHttpResolver std::unique_ptr Create(const boost::asio::any_io_executor& executor) override { return std::make_unique(executor); diff --git a/src/agent/communicator/src/http_socket.hpp b/src/agent/communicator/src/http_socket.hpp index 786bfa9e38..70393a0eda 100644 --- a/src/agent/communicator/src/http_socket.hpp +++ b/src/agent/communicator/src/http_socket.hpp @@ -1,62 +1,162 @@ +#include "http_client_utils.hpp" #include +#include #include #include +#include + +#include +#include namespace http_client { + /// @brief Implementation of IHttpSocket for HTTP requests class HttpSocket : public IHttpSocket { public: + /// @brief Constructor for HttpSocket + /// @param io_context The io context to use for the socket HttpSocket(const boost::asio::any_io_executor& io_context) : m_socket(io_context) { } - void Connect(const boost::asio::ip::tcp::resolver::results_type& endpoints) override + /// @brief Connects the socket to the given endpoints + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred + void Connect(const boost::asio::ip::tcp::resolver::results_type& endpoints, + boost::system::error_code& ec) override { - boost::asio::connect(m_socket, endpoints); + try + { + boost::asio::connect(m_socket, endpoints, ec); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown: {}", e.what()); + } } + /// @brief Asynchronous version of Connect + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred boost::asio::awaitable AsyncConnect(const boost::asio::ip::tcp::resolver::results_type& endpoints, - boost::system::error_code& code) override + boost::system::error_code& ec) override { - co_await boost::asio::async_connect( - m_socket, endpoints, boost::asio::redirect_error(boost::asio::use_awaitable, code)); + try + { + co_await boost::asio::async_connect( + m_socket, endpoints, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during async connect: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } } - void Write(const boost::beast::http::request& req) override + /// @brief Writes the given request to the socket + /// @param req The request to write + /// @param ec The error code, if any occurred + void Write(const boost::beast::http::request& req, + boost::system::error_code& ec) override { - boost::beast::http::write(m_socket, req); + try + { + boost::beast::http::write(m_socket, req, ec); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during write: {}", e.what()); + } } + /// @brief Asynchronous version of Write + /// @param req The request to write + /// @param ec The error code, if any occurred boost::asio::awaitable AsyncWrite(const boost::beast::http::request& req, - boost::beast::error_code& ec) override + boost::system::error_code& ec) override + { + try + { + co_await boost::beast::http::async_write( + m_socket, req, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during async write: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } + } + + /// @brief Reads a response from the socket + /// @param res The response to read + /// @param ec The error code, if any occurred + void Read(boost::beast::http::response& res, + boost::system::error_code& ec) override { - co_await boost::beast::http::async_write( - m_socket, req, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + try + { + boost::beast::flat_buffer buffer; + boost::beast::http::read(m_socket, buffer, res, ec); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during read: {}", e.what()); + } } - void Read(boost::beast::http::response& res) override + /// @brief Reads a response from the socket and writes it to a file + /// @param res The response to read + /// @param dstFilePath The path to the file to write to + void ReadToFile(boost::beast::http::response& res, + const std::string& dstFilePath) override { - boost::beast::flat_buffer buffer; - boost::beast::http::read(m_socket, buffer, res); + try + { + http_client_utils::ReadToFile(m_socket, res, dstFilePath); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during read to file: {}", e.what()); + } } + /// @brief Asynchronous version of Read + /// @param res The response to read + /// @param ec The error code, if any occurred boost::asio::awaitable AsyncRead(boost::beast::http::response& res, - boost::beast::error_code& ec) override + boost::system::error_code& ec) override { - boost::beast::flat_buffer buffer; - co_await boost::beast::http::async_read( - m_socket, buffer, res, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + try + { + boost::beast::flat_buffer buffer; + co_await boost::beast::http::async_read( + m_socket, buffer, res, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during async read: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } } + /// @brief Closes the socket void Close() override { - m_socket.close(); + try + { + m_socket.close(); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown on socket closing: {}", e.what()); + } } private: + /// @brief The socket to use for the HTTP connection boost::asio::ip::tcp::socket m_socket; }; } // namespace http_client diff --git a/src/agent/communicator/src/http_socket_factory.hpp b/src/agent/communicator/src/http_socket_factory.hpp index c65007fc33..157a0e987a 100644 --- a/src/agent/communicator/src/http_socket_factory.hpp +++ b/src/agent/communicator/src/http_socket_factory.hpp @@ -3,6 +3,7 @@ #include #include "http_socket.hpp" +#include "https_socket.hpp" #include @@ -10,11 +11,19 @@ namespace http_client { + /// @brief Implementation of IHttpSocketFactory class HttpSocketFactory : public IHttpSocketFactory { public: - std::unique_ptr Create(const boost::asio::any_io_executor& executor) override + /// @brief Creates a new IHttpSocket + /// @param executor The executor to use for the socket + /// @param use_https Indicates whether to use HTTPS + /// @return The created IHttpSocket + std::unique_ptr Create(const boost::asio::any_io_executor& executor, const bool use_https) override { + if (use_https) + return std::make_unique(executor); + return std::make_unique(executor); } }; diff --git a/src/agent/communicator/src/https_socket.hpp b/src/agent/communicator/src/https_socket.hpp new file mode 100644 index 0000000000..e1ad73be7e --- /dev/null +++ b/src/agent/communicator/src/https_socket.hpp @@ -0,0 +1,189 @@ +#include +#include + +#include +#include +#include +#include + +#include +#include + +namespace http_client +{ + /// @brief Implementation of IHttpSocket for HTTPS requests + class HttpsSocket : public IHttpSocket + { + public: + /// @brief Constructor for HttpsSocket + /// @param io_context The io context to use for the socket + HttpsSocket(const boost::asio::any_io_executor& io_context) + : m_ctx(boost::asio::ssl::context::sslv23) + , m_ssl_socket(io_context, m_ctx) + { + m_ctx.set_verify_mode(boost::asio::ssl::verify_peer); + } + + /// @brief Connects the socket to the given endpoints + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred + void Connect(const boost::asio::ip::tcp::resolver::results_type& endpoints, + boost::system::error_code& ec) override + { + try + { + boost::asio::connect(m_ssl_socket.next_layer(), endpoints.begin(), endpoints.end(), ec); + if (ec) + { + LogDebug("Connect failed: {}", ec.message()); + return; + } + + m_ssl_socket.handshake(boost::asio::ssl::stream_base::client, ec); + if (ec) + { + LogDebug("Handshake failed: {}", ec.message()); + return; + } + } + catch (const std::exception& e) + { + LogDebug("Exception thrown: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } + } + + /// @brief Asynchronous version of Connect + /// @param endpoints The endpoints to connect to + /// @param ec The error code, if any occurred + boost::asio::awaitable AsyncConnect(const boost::asio::ip::tcp::resolver::results_type& endpoints, + boost::system::error_code& ec) override + { + try + { + co_await boost::asio::async_connect(m_ssl_socket.lowest_layer(), + endpoints, + boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + + if (ec) + { + LogDebug("boost::asio::async_connect returned error code: {} {}", ec.value(), ec.message()); + } + + co_await m_ssl_socket.async_handshake(boost::asio::ssl::stream_base::client, + boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } + } + + /// @brief Writes the given request to the socket + /// @param req The request to write + /// @param ec The error code, if any occurred + void Write(const boost::beast::http::request& req, + boost::system::error_code& ec) override + { + try + { + boost::beast::http::write(m_ssl_socket, req, ec); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during write: {}", e.what()); + } + } + + /// @brief Asynchronous version of Write + /// @param req The request to write + /// @param ec The error code, if any occurred + boost::asio::awaitable AsyncWrite(const boost::beast::http::request& req, + boost::system::error_code& ec) override + { + try + { + co_await boost::beast::http::async_write( + m_ssl_socket, req, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during async write: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } + } + + /// @brief Reads a response from the socket + /// @param res The response to read + /// @param ec The error code, if any occurred + void Read(boost::beast::http::response& res, + boost::system::error_code& ec) override + { + try + { + boost::beast::flat_buffer buffer; + boost::beast::http::read(m_ssl_socket, buffer, res, ec); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during read: {}", e.what()); + } + } + + /// @brief Reads a response from the socket and writes it to a file + /// @param res The response to read + /// @param dstFilePath The path to the file to write to + void ReadToFile(boost::beast::http::response& res, + const std::string& dstFilePath) override + { + try + { + http_client_utils::ReadToFile(m_ssl_socket, res, dstFilePath); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during read to file: {}", e.what()); + } + } + + /// @brief Asynchronous version of Read + /// @param res The response to read + /// @param ec The error code, if any occurred + boost::asio::awaitable AsyncRead(boost::beast::http::response& res, + boost::system::error_code& ec) override + { + try + { + boost::beast::flat_buffer buffer; + co_await boost::beast::http::async_read( + m_ssl_socket, buffer, res, boost::asio::redirect_error(boost::asio::use_awaitable, ec)); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown during async read: {}", e.what()); + ec = boost::asio::error::operation_aborted; + } + } + + /// @brief Closes the socket + void Close() override + { + try + { + m_ssl_socket.shutdown(); + } + catch (const std::exception& e) + { + LogDebug("Exception thrown on socket closing: {}", e.what()); + } + } + + private: + /// @brief The SSL context to use for the socket + boost::asio::ssl::context m_ctx; + + /// @brief The SSL socket to use for the connection + boost::asio::ssl::stream m_ssl_socket; + }; +} // namespace http_client diff --git a/src/agent/communicator/tests/CMakeLists.txt b/src/agent/communicator/tests/CMakeLists.txt index cdc64b30f5..81604c072c 100644 --- a/src/agent/communicator/tests/CMakeLists.txt +++ b/src/agent/communicator/tests/CMakeLists.txt @@ -2,12 +2,12 @@ find_package(GTest CONFIG REQUIRED) add_executable(communicator_test communicator_test.cpp) configure_target(communicator_test) -target_include_directories(communicator_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) -target_link_libraries(communicator_test PUBLIC Communicator GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main) +target_include_directories(communicator_test SYSTEM PRIVATE ${JWT_CPP_INCLUDE_DIRS}) +target_compile_definitions(communicator_test PRIVATE -DJWT_DISABLE_PICOJSON=ON) +target_link_libraries(communicator_test PUBLIC Communicator GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main Logger) add_test(NAME CommunicatorTest COMMAND communicator_test) add_executable(http_client_test http_client_test.cpp) configure_target(http_client_test) -target_include_directories(http_client_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) target_link_libraries(http_client_test PUBLIC Communicator GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main) add_test(NAME HttpClientTest COMMAND http_client_test) diff --git a/src/agent/communicator/tests/communicator_test.cpp b/src/agent/communicator/tests/communicator_test.cpp index 470ee85bc2..62a393fb9a 100644 --- a/src/agent/communicator/tests/communicator_test.cpp +++ b/src/agent/communicator/tests/communicator_test.cpp @@ -5,62 +5,83 @@ #include #include +#include #include "mocks/mock_http_client.hpp" +#include +#include + +#include +#include +#include +#include + // NOLINTBEGIN(cppcoreguidelines-avoid-capturing-lambda-coroutines) using namespace testing; +using GetMessagesFuncType = std::function(const int)>; namespace { std::string CreateToken() { const auto now = std::chrono::system_clock::now(); - const auto exp = std::chrono::duration_cast(now.time_since_epoch()).count() + 3600; + const auto exp = std::chrono::duration_cast(now.time_since_epoch()).count() + 10; - return jwt::create() + return jwt::create() .set_issuer("auth0") .set_type("JWS") - .set_payload_claim("exp", jwt::claim(std::to_string(exp))) + .set_payload_claim("exp", jwt::basic_claim(exp)) .sign(jwt::algorithm::hs256 {"secret"}); } + + const auto FUNC = []([[maybe_unused]] const std::string&, + [[maybe_unused]] const std::string&) -> std::optional + { + return T {}; + }; } // namespace TEST(CommunicatorTest, CommunicatorConstructor) { - EXPECT_NO_THROW(communicator::Communicator communicator(nullptr, "uuid", "key", nullptr)); + EXPECT_NO_THROW(communicator::Communicator communicator(nullptr, "uuid", "key", nullptr, FUNC)); } TEST(CommunicatorTest, StatefulMessageProcessingTask_Success) { auto mockHttpClient = std::make_unique(); - auto getMessages = []() -> boost::asio::awaitable + auto getMessages = [](const int) -> boost::asio::awaitable { - co_return std::string("message-content"); + co_return intStringTuple {1, std::string("message-content")}; }; - std::function onSuccess = [](const std::string& message) + std::function onSuccess = [](const int, const std::string& message) { EXPECT_EQ(message, "message-content"); }; - EXPECT_CALL(*mockHttpClient, Co_PerformHttpRequest(_, _, _, _, _, _)) - .WillOnce(Invoke( - [](std::shared_ptr, - http_client::HttpRequestParams, - std::function()> pGetMessages, - std::function, - std::function pOnSuccess, - [[maybe_unused]] std::function loopRequestCondition) -> boost::asio::awaitable - { - const auto message = co_await pGetMessages(); - pOnSuccess(message); - co_return; - })); + auto MockCo_PerformHttpRequest = + [](std::shared_ptr, + http_client::HttpRequestParams, + GetMessagesFuncType pGetMessages, + std::function, + [[maybe_unused]] std::time_t connectionRetry, + [[maybe_unused]] std::time_t batchInterval, + [[maybe_unused]] int batchSize, + std::function pOnSuccess, + [[maybe_unused]] std::function loopRequestCondition) -> boost::asio::awaitable + { + const auto message = co_await pGetMessages(1); + pOnSuccess(std::get<0>(message), std::get<1>(message)); + co_return; + }; - communicator::Communicator communicator(std::move(mockHttpClient), "uuid", "key", nullptr); + EXPECT_CALL(*mockHttpClient, Co_PerformHttpRequest(_, _, _, _, _, _, _, _, _)) + .WillOnce(Invoke(MockCo_PerformHttpRequest)); + + communicator::Communicator communicator(std::move(mockHttpClient), "uuid", "key", nullptr, FUNC); auto task = communicator.StatefulMessageProcessingTask(getMessages, onSuccess); boost::asio::io_context ioContext; @@ -77,13 +98,13 @@ TEST(CommunicatorTest, WaitForTokenExpirationAndAuthenticate_FailedAuthenticatio testing::Mock::AllowLeak(mockHttpClientPtr); auto communicatorPtr = - std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr); + std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr, FUNC); // A failed authentication won't return a token EXPECT_CALL(*mockHttpClientPtr, AuthenticateWithUuidAndKey(_, _, _, _)) .WillOnce(Invoke( [communicatorPtr]([[maybe_unused]] const std::string& host, - [[maybe_unused]] const std::string& port, + [[maybe_unused]] const std::string& userAgent, [[maybe_unused]] const std::string& uuid, [[maybe_unused]] const std::string& key) -> std::optional { @@ -91,36 +112,37 @@ TEST(CommunicatorTest, WaitForTokenExpirationAndAuthenticate_FailedAuthenticatio return std::nullopt; })); + auto MockCo_PerformHttpRequest = + [](std::shared_ptr token, + http_client::HttpRequestParams, + [[maybe_unused]] GetMessagesFuncType pGetMessages, + [[maybe_unused]] std::function onUnauthorized, + [[maybe_unused]] std::time_t connectionRetry, + [[maybe_unused]] std::time_t batchInterval, + [[maybe_unused]] int batchSize, + [[maybe_unused]] std::function onSuccess, + [[maybe_unused]] std::function loopCondition) -> boost::asio::awaitable + { + EXPECT_TRUE(token->empty()); + co_return; + }; + // A following call to Co_PerformHttpRequest should not have a token - EXPECT_CALL(*mockHttpClientPtr, Co_PerformHttpRequest(_, _, _, _, _, _)) - .WillOnce(Invoke( - [](std::shared_ptr token, - http_client::HttpRequestParams, - [[maybe_unused]] std::function()> getMessages, - [[maybe_unused]] std::function onUnauthorized, - [[maybe_unused]] std::function onSuccess, - [[maybe_unused]] std::function loopCondition) -> boost::asio::awaitable - { - EXPECT_TRUE(token->empty()); - co_return; - })); + EXPECT_CALL(*mockHttpClientPtr, Co_PerformHttpRequest(_, _, _, _, _, _, _, _, _)) + .WillOnce(Invoke(MockCo_PerformHttpRequest)); boost::asio::io_context ioContext; - boost::asio::co_spawn( - ioContext, - [communicatorPtr]() mutable -> boost::asio::awaitable - { co_await communicatorPtr->WaitForTokenExpirationAndAuthenticate(); }, - boost::asio::detached); - boost::asio::co_spawn( ioContext, [communicatorPtr]() mutable -> boost::asio::awaitable { - co_await communicatorPtr->StatelessMessageProcessingTask([]() -> boost::asio::awaitable - { co_return "message"; }, - []([[maybe_unused]] const std::string& msg) {}); - }, + co_await communicatorPtr->WaitForTokenExpirationAndAuthenticate(); + co_await communicatorPtr->StatelessMessageProcessingTask( + [](const int) -> boost::asio::awaitable + { co_return intStringTuple(1, std::string {"message"}); }, + []([[maybe_unused]] const int, const std::string&) {}); + }(), boost::asio::detached); ioContext.run(); @@ -135,41 +157,52 @@ TEST(CommunicatorTest, StatelessMessageProcessingTask_CallsWithValidToken) testing::Mock::AllowLeak(mockHttpClientPtr); auto communicatorPtr = - std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr); + std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr, FUNC); const auto mockedToken = CreateToken(); - EXPECT_CALL(*mockHttpClientPtr, AuthenticateWithUuidAndKey(_, _, _, _)).WillOnce(Return(mockedToken)); - - std::string capturedToken; - EXPECT_CALL(*mockHttpClientPtr, Co_PerformHttpRequest(_, _, _, _, _, _)) + EXPECT_CALL(*mockHttpClientPtr, AuthenticateWithUuidAndKey(_, _, _, _)) .WillOnce(Invoke( - [&capturedToken](std::shared_ptr token, - http_client::HttpRequestParams, - [[maybe_unused]] std::function()> getMessages, - [[maybe_unused]] std::function onUnauthorized, - [[maybe_unused]] std::function onSuccess, - [[maybe_unused]] std::function loopCondition) -> boost::asio::awaitable + [communicatorPtr, mockedToken]([[maybe_unused]] const std::string& host, + [[maybe_unused]] const std::string& userAgent, + [[maybe_unused]] const std::string& uuid, + [[maybe_unused]] const std::string& key) -> std::optional { - capturedToken = *token; - co_return; + communicatorPtr->Stop(); + return mockedToken; })); - boost::asio::io_context ioContext; + std::string capturedToken; - boost::asio::co_spawn( - ioContext, - [communicatorPtr]() mutable -> boost::asio::awaitable - { co_await communicatorPtr->WaitForTokenExpirationAndAuthenticate(); }, - boost::asio::detached); + auto MockCo_PerformHttpRequest = + [&capturedToken](std::shared_ptr token, + http_client::HttpRequestParams, + [[maybe_unused]] GetMessagesFuncType pGetMessages, + [[maybe_unused]] std::function onUnauthorized, + [[maybe_unused]] std::time_t connectionRetry, + [[maybe_unused]] std::time_t batchInterval, + [[maybe_unused]] int batchSize, + [[maybe_unused]] std::function onSuccess, + [[maybe_unused]] std::function loopCondition) -> boost::asio::awaitable + { + capturedToken = *token; + co_return; + }; + + EXPECT_CALL(*mockHttpClientPtr, Co_PerformHttpRequest(_, _, _, _, _, _, _, _, _)) + .WillOnce(Invoke(MockCo_PerformHttpRequest)); + + boost::asio::io_context ioContext; boost::asio::co_spawn( ioContext, [communicatorPtr]() mutable -> boost::asio::awaitable { - co_await communicatorPtr->StatelessMessageProcessingTask([]() -> boost::asio::awaitable - { co_return "message"; }, - []([[maybe_unused]] const std::string& msg) {}); - }, + co_await communicatorPtr->WaitForTokenExpirationAndAuthenticate(); + co_await communicatorPtr->StatelessMessageProcessingTask( + [](const int) -> boost::asio::awaitable + { co_return intStringTuple(1, std::string {"message"}); }, + []([[maybe_unused]] const int, const std::string&) {}); + }(), boost::asio::detached); ioContext.run(); @@ -178,6 +211,48 @@ TEST(CommunicatorTest, StatelessMessageProcessingTask_CallsWithValidToken) EXPECT_EQ(capturedToken, mockedToken); } +TEST(CommunicatorTest, GetGroupConfigurationFromManager_Success) +{ + auto mockHttpClient = std::make_unique(); + auto mockHttpClientPtr = mockHttpClient.get(); + + // not really a leak, as its lifetime is managed by the Communicator + testing::Mock::AllowLeak(mockHttpClientPtr); + auto communicatorPtr = + std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr, FUNC); + + std::string groupName = "group1"; + std::string dstFilePath = "/path/to/file"; + + boost::beast::http::response mockResponse; + mockResponse.result(boost::beast::http::status::ok); + + EXPECT_CALL(*mockHttpClientPtr, PerformHttpRequestDownload(_, dstFilePath)).WillOnce(Return(mockResponse)); + + EXPECT_TRUE(communicatorPtr->GetGroupConfigurationFromManager(groupName, dstFilePath)); +} + +TEST(CommunicatorTest, GetGroupConfigurationFromManager_Error) +{ + auto mockHttpClient = std::make_unique(); + auto mockHttpClientPtr = mockHttpClient.get(); + + // not really a leak, as its lifetime is managed by the Communicator + testing::Mock::AllowLeak(mockHttpClientPtr); + auto communicatorPtr = + std::make_shared(std::move(mockHttpClient), "uuid", "key", nullptr, FUNC); + + std::string groupName = "group1"; + std::string dstFilePath = "/path/to/file"; + + boost::beast::http::response mockResponse; + mockResponse.result(boost::beast::http::status::internal_server_error); + + EXPECT_CALL(*mockHttpClientPtr, PerformHttpRequestDownload(_, dstFilePath)).WillOnce(Return(mockResponse)); + + EXPECT_FALSE(communicatorPtr->GetGroupConfigurationFromManager(groupName, dstFilePath)); +} + int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); diff --git a/src/agent/communicator/tests/http_client_test.cpp b/src/agent/communicator/tests/http_client_test.cpp index d4535926ac..f5d23093af 100644 --- a/src/agent/communicator/tests/http_client_test.cpp +++ b/src/agent/communicator/tests/http_client_test.cpp @@ -8,18 +8,30 @@ #include "mocks/mock_http_socket.hpp" #include "mocks/mock_http_socket_factory.hpp" -#include -#include +#include +#include +#include +#include #include +#include // NOLINTBEGIN(cppcoreguidelines-avoid-capturing-lambda-coroutines,cppcoreguidelines-avoid-reference-coroutine-parameters) using namespace testing; -class HttpClientTest : public Test +class HttpClientTest : public TestWithParam { protected: + HttpClientTest() + { + const auto port = 80; + dummyResults = boost::asio::ip::tcp::resolver::results_type::create( + boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string("127.0.0.1"), port), + "127.0.0.1", + "80"); + } + void SetUp() override { mockResolverFactory = std::make_shared(); @@ -42,9 +54,10 @@ class HttpClientTest : public Test void SetupMockSocketFactory() { - EXPECT_CALL(*mockSocketFactory, Create(_)) + EXPECT_CALL(*mockSocketFactory, Create(_, _)) .WillOnce(Invoke( - [&](const auto& executor) -> std::unique_ptr + [&](const auto& executor, + [[maybe_unused]] const bool useHttps) -> std::unique_ptr { EXPECT_TRUE(executor); return std::move(mockSocket); @@ -54,10 +67,9 @@ class HttpClientTest : public Test void SetupMockResolverExpectations() { EXPECT_CALL(*mockResolver, AsyncResolve(_, _)) - .WillOnce( - Invoke([](const std::string&, - const std::string&) -> boost::asio::awaitable - { co_return boost::asio::ip::tcp::resolver::results_type {}; })); + .WillOnce(Invoke([this](const std::string&, const std::string&) + -> boost::asio::awaitable + { co_return dummyResults; })); } void SetupMockSocketConnectExpectations(boost::system::error_code connectEc = {}) @@ -72,23 +84,23 @@ class HttpClientTest : public Test })); } - void SetupMockSocketWriteExpectations(boost::beast::error_code writeEc = {}) + void SetupMockSocketWriteExpectations(boost::system::error_code writeEc = {}) { EXPECT_CALL(*mockSocket, AsyncWrite(_, _)) .WillOnce(Invoke( [writeEc](const boost::beast::http::request&, - boost::beast::error_code& ec) -> boost::asio::awaitable + boost::system::error_code& ec) -> boost::asio::awaitable { ec = writeEc; co_return; })); } - void SetupMockSocketReadExpectations(boost::beast::http::status status, boost::beast::error_code readEc = {}) + void SetupMockSocketReadExpectations(boost::beast::http::status status, boost::system::error_code readEc = {}) { EXPECT_CALL(*mockSocket, AsyncRead(_, _)) .WillOnce(Invoke( - [status, readEc](auto& res, boost::beast::error_code& ec) -> boost::asio::awaitable + [status, readEc](auto& res, boost::system::error_code& ec) -> boost::asio::awaitable { res.result(status); ec = readEc; @@ -101,19 +113,22 @@ class HttpClientTest : public Test std::unique_ptr mockResolver; std::unique_ptr mockSocket; std::unique_ptr client; + + boost::asio::ip::tcp::resolver::results_type dummyResults; }; TEST(CreateHttpRequestTest, BasicGetRequest) { auto httpClient = http_client::HttpClient(); - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/test"); + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost", "/test", "Wazuh 5.0.0"); const auto req = httpClient.CreateHttpRequest(reqParams); EXPECT_EQ(req.method(), boost::beast::http::verb::get); EXPECT_EQ(req.target(), "/test"); EXPECT_EQ(req.version(), 11); EXPECT_EQ(req[boost::beast::http::field::host], "localhost"); - EXPECT_EQ(req[boost::beast::http::field::user_agent], BOOST_BEAST_VERSION_STRING); + EXPECT_EQ(req[boost::beast::http::field::user_agent], "Wazuh 5.0.0"); EXPECT_EQ(req[boost::beast::http::field::accept], "application/json"); } @@ -121,15 +136,15 @@ TEST(CreateHttpRequestTest, PostRequestWithBody) { auto httpClient = http_client::HttpClient(); const std::string body = R"({"key": "value"})"; - const auto reqParams = - http_client::HttpRequestParams(boost::beast::http::verb::post, "localhost", "8080", "/submit", "", "", body); + const auto reqParams = http_client::HttpRequestParams( + boost::beast::http::verb::post, "https://localhost:8080", "/submit", "Wazuh 5.0.0", "", "", body); const auto req = httpClient.CreateHttpRequest(reqParams); EXPECT_EQ(req.method(), boost::beast::http::verb::post); EXPECT_EQ(req.target(), "/submit"); EXPECT_EQ(req.version(), 11); EXPECT_EQ(req[boost::beast::http::field::host], "localhost"); - EXPECT_EQ(req[boost::beast::http::field::user_agent], BOOST_BEAST_VERSION_STRING); + EXPECT_EQ(req[boost::beast::http::field::user_agent], "Wazuh 5.0.0"); EXPECT_EQ(req[boost::beast::http::field::accept], "application/json"); EXPECT_EQ(req[boost::beast::http::field::content_type], "application/json"); EXPECT_EQ(req.body(), body); @@ -140,9 +155,10 @@ TEST(CreateHttpRequestTest, AuthorizationBearerToken) auto httpClient = http_client::HttpClient(); const std::string token = "dummy_token"; const auto reqParams = - http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/secure", token); + http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "/secure", "Wazuh 5.0.0", token); const auto req = httpClient.CreateHttpRequest(reqParams); + EXPECT_EQ(req[boost::beast::http::field::user_agent], "Wazuh 5.0.0"); EXPECT_EQ(req[boost::beast::http::field::authorization], "Bearer dummy_token"); } @@ -150,10 +166,11 @@ TEST(CreateHttpRequestTest, AuthorizationBasic) { auto httpClient = http_client::HttpClient(); const std::string user_pass = "username:password"; - const auto reqParams = - http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/secure", "", user_pass); + const auto reqParams = http_client::HttpRequestParams( + boost::beast::http::verb::get, "https://localhost:8080", "/secure", "Wazuh 5.0.0", "", user_pass); const auto req = httpClient.CreateHttpRequest(reqParams); + EXPECT_EQ(req[boost::beast::http::field::user_agent], "Wazuh 5.0.0"); EXPECT_EQ(req[boost::beast::http::field::authorization], "Basic username:password"); } @@ -162,12 +179,13 @@ TEST_F(HttpClientTest, PerformHttpRequest_Success) SetupMockResolverFactory(); SetupMockSocketFactory(); - EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(boost::asio::ip::tcp::resolver::results_type {})); - EXPECT_CALL(*mockSocket, Connect(_)).Times(1); - EXPECT_CALL(*mockSocket, Write(_)).Times(1); - EXPECT_CALL(*mockSocket, Read(_)).WillOnce([](auto& res) { res.result(boost::beast::http::status::ok); }); + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)).WillOnce([](auto& res, auto&) { res.result(boost::beast::http::status::ok); }); - const http_client::HttpRequestParams params(boost::beast::http::verb::get, "localhost", "80", "/"); + const http_client::HttpRequestParams params( + boost::beast::http::verb::get, "https://localhost:80", "/", "Wazuh 5.0.0"); const auto response = client->PerformHttpRequest(params); EXPECT_EQ(response.result(), boost::beast::http::status::ok); @@ -179,7 +197,8 @@ TEST_F(HttpClientTest, PerformHttpRequest_ExceptionThrown) EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Throw(std::runtime_error("Simulated resolution failure"))); - const http_client::HttpRequestParams params(boost::beast::http::verb::get, "localhost", "80", "/"); + const http_client::HttpRequestParams params( + boost::beast::http::verb::get, "https://localhost:80", "/", "Wazuh 5.0.0"); const auto response = client->PerformHttpRequest(params); EXPECT_EQ(response.result(), boost::beast::http::status::internal_server_error); @@ -187,25 +206,24 @@ TEST_F(HttpClientTest, PerformHttpRequest_ExceptionThrown) std::string::npos); } -TEST_F(HttpClientTest, Co_PerformHttpRequest_Success) +TEST_P(HttpClientTest, Co_PerformHttpRequest_Success) { SetupMockResolverFactory(); SetupMockSocketFactory(); SetupMockResolverExpectations(); SetupMockSocketConnectExpectations(); SetupMockSocketWriteExpectations(); - SetupMockSocketReadExpectations(boost::beast::http::status::ok); + SetupMockSocketReadExpectations(GetParam()); auto getMessagesCalled = false; - auto getMessages = [&getMessagesCalled]() -> boost::asio::awaitable + auto getMessages = [&getMessagesCalled](const int) -> boost::asio::awaitable> { getMessagesCalled = true; - co_return std::string("test message"); + co_return std::tuple(1, "test message"); }; auto onSuccessCalled = false; - std::function onSuccess = - [&onSuccessCalled]([[maybe_unused]] const std::string& responseBody) + std::function onSuccess = [&onSuccessCalled](const int, const std::string&) { onSuccessCalled = true; }; @@ -216,9 +234,24 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_Success) unauthorizedCalled = true; }; - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/"); - auto task = client->Co_PerformHttpRequest( - std::make_shared("token"), reqParams, getMessages, onUnauthorized, onSuccess, nullptr); + auto loopCondition = true; + std::function loopRequestCondition = [&loopCondition]() + { + return std::exchange(loopCondition, false); + }; + + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost:8080", "/", "Wazuh 5.0.0"); + + auto task = client->Co_PerformHttpRequest(std::make_shared("token"), + reqParams, + getMessages, + onUnauthorized, + 5, // NOLINT + 1, // NOLINT + 1, // NOLINT + onSuccess, + loopRequestCondition); boost::asio::io_context ioContext; boost::asio::co_spawn(ioContext, std::move(task), boost::asio::detached); @@ -229,6 +262,13 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_Success) EXPECT_TRUE(onSuccessCalled); } +INSTANTIATE_TEST_SUITE_P(HttpClientTest, + HttpClientTest, + testing::ValuesIn({boost::beast::http::status::ok, + boost::beast::http::status::created, + boost::beast::http::status::accepted, + boost::beast::http::status::no_content})); + TEST_F(HttpClientTest, Co_PerformHttpRequest_CallbacksNotCalledIfCannotConnect) { SetupMockResolverFactory(); @@ -237,15 +277,14 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_CallbacksNotCalledIfCannotConnect) SetupMockSocketConnectExpectations(boost::system::errc::make_error_code(boost::system::errc::bad_address)); auto getMessagesCalled = false; - auto getMessages = [&getMessagesCalled]() -> boost::asio::awaitable + auto getMessages = [&getMessagesCalled](const int) -> boost::asio::awaitable> { getMessagesCalled = true; - co_return std::string("test message"); + co_return std::tuple(1, "test message"); }; auto onSuccessCalled = false; - std::function onSuccess = - [&onSuccessCalled]([[maybe_unused]] const std::string& responseBody) + std::function onSuccess = [&onSuccessCalled](const int, const std::string&) { onSuccessCalled = true; }; @@ -256,9 +295,17 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_CallbacksNotCalledIfCannotConnect) unauthorizedCalled = true; }; - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/"); - auto task = client->Co_PerformHttpRequest( - std::make_shared("token"), reqParams, getMessages, onUnauthorized, onSuccess, nullptr); + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost:8080", "/", "Wazuh 5.0.0"); + auto task = client->Co_PerformHttpRequest(std::make_shared("token"), + reqParams, + getMessages, + onUnauthorized, + 5, // NOLINT + 1, // NOLINT + 1, // NOLINT + onSuccess, + nullptr); boost::asio::io_context ioContext; boost::asio::co_spawn(ioContext, std::move(task), boost::asio::detached); @@ -278,15 +325,14 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_OnSuccessNotCalledIfAsyncWriteFails SetupMockSocketWriteExpectations(boost::system::errc::make_error_code(boost::system::errc::bad_address)); auto getMessagesCalled = false; - auto getMessages = [&getMessagesCalled]() -> boost::asio::awaitable + auto getMessages = [&getMessagesCalled](const int) -> boost::asio::awaitable> { getMessagesCalled = true; - co_return std::string("test message"); + co_return std::tuple(1, "test message"); }; auto onSuccessCalled = false; - std::function onSuccess = - [&onSuccessCalled]([[maybe_unused]] const std::string& responseBody) + std::function onSuccess = [&onSuccessCalled](const int, const std::string&) { onSuccessCalled = true; }; @@ -297,9 +343,23 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_OnSuccessNotCalledIfAsyncWriteFails unauthorizedCalled = true; }; - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/"); - auto task = client->Co_PerformHttpRequest( - std::make_shared("token"), reqParams, getMessages, onUnauthorized, onSuccess, nullptr); + auto loopCondition = true; + std::function loopRequestCondition = [&loopCondition]() + { + return std::exchange(loopCondition, false); + }; + + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost:8080", "/", "Wazuh 5.0.0"); + auto task = client->Co_PerformHttpRequest(std::make_shared("token"), + reqParams, + getMessages, + onUnauthorized, + 5, // NOLINT + 1, // NOLINT + 1, // NOLINT + onSuccess, + loopRequestCondition); boost::asio::io_context ioContext; boost::asio::co_spawn(ioContext, std::move(task), boost::asio::detached); @@ -321,15 +381,14 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_OnSuccessNotCalledIfAsyncReadFails) boost::system::errc::make_error_code(boost::system::errc::bad_address)); auto getMessagesCalled = false; - auto getMessages = [&getMessagesCalled]() -> boost::asio::awaitable + auto getMessages = [&getMessagesCalled](const int) -> boost::asio::awaitable> { getMessagesCalled = true; - co_return std::string("test message"); + co_return std::tuple(1, "test message"); }; auto onSuccessCalled = false; - std::function onSuccess = - [&onSuccessCalled]([[maybe_unused]] const std::string& responseBody) + std::function onSuccess = [&onSuccessCalled](const int, const std::string&) { onSuccessCalled = true; }; @@ -340,9 +399,23 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_OnSuccessNotCalledIfAsyncReadFails) unauthorizedCalled = true; }; - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/"); - auto task = client->Co_PerformHttpRequest( - std::make_shared("token"), reqParams, getMessages, onUnauthorized, onSuccess, nullptr); + auto loopCondition = true; + std::function loopRequestCondition = [&loopCondition]() + { + return std::exchange(loopCondition, false); + }; + + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost:8080", "/", "Wazuh 5.0.0"); + auto task = client->Co_PerformHttpRequest(std::make_shared("token"), + reqParams, + getMessages, + onUnauthorized, + 5, // NOLINT + 1, // NOLINT + 1, // NOLINT + onSuccess, + loopRequestCondition); boost::asio::io_context ioContext; boost::asio::co_spawn(ioContext, std::move(task), boost::asio::detached); @@ -363,15 +436,14 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_UnauthorizedCalledWhenAuthorization SetupMockSocketReadExpectations(boost::beast::http::status::unauthorized); auto getMessagesCalled = false; - auto getMessages = [&getMessagesCalled]() -> boost::asio::awaitable + auto getMessages = [&getMessagesCalled](const int) -> boost::asio::awaitable> { getMessagesCalled = true; - co_return std::string("test message"); + co_return std::tuple(1, "test message"); }; auto onSuccessCalled = false; - std::function onSuccess = - [&onSuccessCalled]([[maybe_unused]] const std::string& responseBody) + std::function onSuccess = [&onSuccessCalled](const int, const std::string&) { onSuccessCalled = true; }; @@ -382,9 +454,23 @@ TEST_F(HttpClientTest, Co_PerformHttpRequest_UnauthorizedCalledWhenAuthorization unauthorizedCalled = true; }; - const auto reqParams = http_client::HttpRequestParams(boost::beast::http::verb::get, "localhost", "8080", "/"); - auto task = client->Co_PerformHttpRequest( - std::make_shared("token"), reqParams, getMessages, onUnauthorized, onSuccess, nullptr); + auto loopCondition = true; + std::function loopRequestCondition = [&loopCondition]() + { + return std::exchange(loopCondition, false); + }; + + const auto reqParams = + http_client::HttpRequestParams(boost::beast::http::verb::get, "https://localhost:8080", "/", "Wazuh 5.0.0"); + auto task = client->Co_PerformHttpRequest(std::make_shared("token"), + reqParams, + getMessages, + onUnauthorized, + 5, // NOLINT + 1, // NOLINT + 1, // NOLINT + onSuccess, + loopRequestCondition); boost::asio::io_context ioContext; boost::asio::co_spawn(ioContext, std::move(task), boost::asio::detached); @@ -400,18 +486,19 @@ TEST_F(HttpClientTest, AuthenticateWithUuidAndKey_Success) SetupMockResolverFactory(); SetupMockSocketFactory(); - EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(boost::asio::ip::tcp::resolver::results_type {})); - EXPECT_CALL(*mockSocket, Connect(_)).Times(1); - EXPECT_CALL(*mockSocket, Write(_)).Times(1); - EXPECT_CALL(*mockSocket, Read(_)) + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)) .WillOnce( - [](auto& res) + [](auto& res, auto&) { res.result(boost::beast::http::status::ok); boost::beast::ostream(res.body()) << R"({"token":"valid_token"})"; }); - const auto token = client->AuthenticateWithUuidAndKey("localhost", "8080", "test-uuid", "test-key"); + const auto token = + client->AuthenticateWithUuidAndKey("https://localhost:8080", "Wazuh 5.0.0", "test-uuid", "test-key"); ASSERT_TRUE(token.has_value()); @@ -424,33 +511,61 @@ TEST_F(HttpClientTest, AuthenticateWithUuidAndKey_Failure) SetupMockResolverFactory(); SetupMockSocketFactory(); - EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(boost::asio::ip::tcp::resolver::results_type {})); - EXPECT_CALL(*mockSocket, Connect(_)).Times(1); - EXPECT_CALL(*mockSocket, Write(_)).Times(1); - EXPECT_CALL(*mockSocket, Read(_)).WillOnce([](auto& res) { res.result(boost::beast::http::status::unauthorized); }); + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)) + .WillOnce( + [](auto& res, auto&) + { + res.result(boost::beast::http::status::unauthorized); + boost::beast::ostream(res.body()) << R"({"message":"Try again"})"; + }); - const auto token = client->AuthenticateWithUuidAndKey("localhost", "8080", "test-uuid", "test-key"); + const auto token = + client->AuthenticateWithUuidAndKey("https://localhost:8080", "Wazuh 5.0.0", "test-uuid", "test-key"); EXPECT_FALSE(token.has_value()); } +TEST_F(HttpClientTest, AuthenticateWithUuidAndKey_FailureThrowsException) +{ + SetupMockResolverFactory(); + SetupMockSocketFactory(); + + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)) + .WillOnce( + [](auto& res, auto&) + { + res.result(boost::beast::http::status::unauthorized); + boost::beast::ostream(res.body()) << R"({"message":"Invalid key"})"; + }); + + EXPECT_THROW(client->AuthenticateWithUuidAndKey("https://localhost:8080", "Wazuh 5.0.0", "test-uuid", "test-key"), + std::runtime_error); +} + TEST_F(HttpClientTest, AuthenticateWithUserPassword_Success) { SetupMockResolverFactory(); SetupMockSocketFactory(); - EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(boost::asio::ip::tcp::resolver::results_type {})); - EXPECT_CALL(*mockSocket, Connect(_)).Times(1); - EXPECT_CALL(*mockSocket, Write(_)).Times(1); - EXPECT_CALL(*mockSocket, Read(_)) + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)) .WillOnce( - [](auto& res) + [](auto& res, auto&) { res.result(boost::beast::http::status::ok); boost::beast::ostream(res.body()) << R"({"data":{"token":"valid_token"}})"; }); - const auto token = client->AuthenticateWithUserPassword("localhost", "8080", "user", "password"); + const auto token = + client->AuthenticateWithUserPassword("https://localhost:8080", "Wazuh 5.0.0", "user", "password"); ASSERT_TRUE(token.has_value()); @@ -463,16 +578,54 @@ TEST_F(HttpClientTest, AuthenticateWithUserPassword_Failure) SetupMockResolverFactory(); SetupMockSocketFactory(); - EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(boost::asio::ip::tcp::resolver::results_type {})); - EXPECT_CALL(*mockSocket, Connect(_)).Times(1); - EXPECT_CALL(*mockSocket, Write(_)).Times(1); - EXPECT_CALL(*mockSocket, Read(_)).WillOnce([](auto& res) { res.result(boost::beast::http::status::unauthorized); }); + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Read(_, _)) + .WillOnce([](auto& res, auto&) { res.result(boost::beast::http::status::unauthorized); }); - const auto token = client->AuthenticateWithUserPassword("localhost", "8080", "user", "password"); + const auto token = + client->AuthenticateWithUserPassword("https://localhost:8080", "Wazuh 5.0.0", "user", "password"); EXPECT_FALSE(token.has_value()); } +TEST_F(HttpClientTest, PerformHttpRequestDownload_Success) +{ + SetupMockResolverFactory(); + SetupMockSocketFactory(); + + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Return(dummyResults)); + EXPECT_CALL(*mockSocket, Connect(_, _)).Times(1); + EXPECT_CALL(*mockSocket, Write(_, _)).Times(1); + EXPECT_CALL(*mockSocket, ReadToFile(_, _)) + .WillOnce([](boost::beast::http::response& res, + [[maybe_unused]] auto& dstFilePath) { res.result(boost::beast::http::status::ok); }); + + const http_client::HttpRequestParams params( + boost::beast::http::verb::get, "https://localhost:80", "/", "Wazuh 5.0.0"); + const std::string dstFilePath = "dstFilePath"; + const auto response = client->PerformHttpRequestDownload(params, dstFilePath); + + EXPECT_EQ(response.result(), boost::beast::http::status::ok); +} + +TEST_F(HttpClientTest, PerformHttpRequestDownload_ExceptionThrown) +{ + SetupMockResolverFactory(); + + EXPECT_CALL(*mockResolver, Resolve(_, _)).WillOnce(Throw(std::runtime_error("Simulated resolution failure"))); + + const http_client::HttpRequestParams params( + boost::beast::http::verb::get, "https://localhost:80", "/", "Wazuh 5.0.0"); + const std::string dstFilePath = "dstFilePath"; + const auto response = client->PerformHttpRequestDownload(params, dstFilePath); + + EXPECT_EQ(response.result(), boost::beast::http::status::internal_server_error); + EXPECT_TRUE(boost::beast::buffers_to_string(response.body().data()).find("Simulated resolution failure") != + std::string::npos); +} + int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); diff --git a/src/agent/communicator/tests/mocks/mock_http_client.hpp b/src/agent/communicator/tests/mocks/mock_http_client.hpp index fa51708f61..01d784e720 100644 --- a/src/agent/communicator/tests/mocks/mock_http_client.hpp +++ b/src/agent/communicator/tests/mocks/mock_http_client.hpp @@ -2,6 +2,8 @@ #include +using intStringTuple = std::tuple; + class MockHttpClient : public http_client::IHttpClient { public: @@ -14,9 +16,12 @@ class MockHttpClient : public http_client::IHttpClient Co_PerformHttpRequest, (std::shared_ptr token, http_client::HttpRequestParams params, - std::function()> messageGetter, + std::function(const int)> messageGetter, std::function onUnauthorized, - std::function onSuccess, + std::time_t connectionRetry, + std::time_t batchInterval, + int batchSize, + std::function onSuccess, std::function loopRequestCondition), (override)); @@ -25,14 +30,20 @@ class MockHttpClient : public http_client::IHttpClient (const http_client::HttpRequestParams& params), (override)); - MOCK_METHOD(std::optional, - AuthenticateWithUuidAndKey, - (const std::string& host, const std::string& port, const std::string& uuid, const std::string& key), - (override)); + MOCK_METHOD( + std::optional, + AuthenticateWithUuidAndKey, + (const std::string& host, const std::string& userAgent, const std::string& uuid, const std::string& key), + (override)); MOCK_METHOD( std::optional, AuthenticateWithUserPassword, - (const std::string& host, const std::string& port, const std::string& user, const std::string& password), + (const std::string& host, const std::string& userAgent, const std::string& user, const std::string& password), (override)); + + MOCK_METHOD(boost::beast::http::response, + PerformHttpRequestDownload, + (const http_client::HttpRequestParams& params, const std::string& dstFilePath), + (override)); }; diff --git a/src/agent/communicator/tests/mocks/mock_http_socket.hpp b/src/agent/communicator/tests/mocks/mock_http_socket.hpp index 341a7c624a..d97915efe4 100644 --- a/src/agent/communicator/tests/mocks/mock_http_socket.hpp +++ b/src/agent/communicator/tests/mocks/mock_http_socket.hpp @@ -5,25 +5,41 @@ class MockHttpSocket : public http_client::IHttpSocket { public: - MOCK_METHOD(void, Connect, (const boost::asio::ip::tcp::resolver::results_type& endpoints), (override)); + MOCK_METHOD(void, + Connect, + (const boost::asio::ip::tcp::resolver::results_type& endpoints, boost::system::error_code& code), + (override)); MOCK_METHOD(boost::asio::awaitable, AsyncConnect, (const boost::asio::ip::tcp::resolver::results_type& endpoints, boost::system::error_code& code), (override)); - MOCK_METHOD(void, Write, (const boost::beast::http::request& req), (override)); + MOCK_METHOD(void, + Write, + (const boost::beast::http::request& req, + boost::system::error_code& ec), + (override)); MOCK_METHOD(boost::asio::awaitable, AsyncWrite, - (const boost::beast::http::request& req, boost::beast::error_code& ec), + (const boost::beast::http::request& req, + boost::system::error_code& ec), (override)); - MOCK_METHOD(void, Read, (boost::beast::http::response & res), (override)); + MOCK_METHOD(void, + Read, + (boost::beast::http::response & res, boost::system::error_code& ec), + (override)); + + MOCK_METHOD(void, + ReadToFile, + (boost::beast::http::response & res, const std::string& dstFilePath), + (override)); MOCK_METHOD(boost::asio::awaitable, AsyncRead, - (boost::beast::http::response & res, boost::beast::error_code& ec), + (boost::beast::http::response & res, boost::system::error_code& ec), (override)); MOCK_METHOD(void, Close, (), (override)); diff --git a/src/agent/communicator/tests/mocks/mock_http_socket_factory.hpp b/src/agent/communicator/tests/mocks/mock_http_socket_factory.hpp index 3781a67029..27cbba4392 100644 --- a/src/agent/communicator/tests/mocks/mock_http_socket_factory.hpp +++ b/src/agent/communicator/tests/mocks/mock_http_socket_factory.hpp @@ -8,6 +8,6 @@ class MockHttpSocketFactory : public http_client::IHttpSocketFactory public: MOCK_METHOD(std::unique_ptr, Create, - (const boost::asio::any_io_executor& executor), + (const boost::asio::any_io_executor& executor, const bool use_https), (override)); }; diff --git a/src/agent/configuration_parser/CMakeLists.txt b/src/agent/configuration_parser/CMakeLists.txt index 64925cdee2..50cf771002 100644 --- a/src/agent/configuration_parser/CMakeLists.txt +++ b/src/agent/configuration_parser/CMakeLists.txt @@ -8,13 +8,11 @@ project(ConfigurationParser) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) +find_package(yaml-cpp CONFIG REQUIRED) -find_package(toml11 CONFIG REQUIRED) - -add_library(ConfigurationParser src/configuration_parser.cpp) +add_library(ConfigurationParser src/configuration_parser.cpp src/configuration_parser_utils.cpp) target_include_directories(ConfigurationParser PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) -target_link_libraries(ConfigurationParser PRIVATE toml11::toml11 Logger) +target_link_libraries(ConfigurationParser PUBLIC yaml-cpp::yaml-cpp Logger PRIVATE Config) include(../../cmake/ConfigureTarget.cmake) configure_target(ConfigurationParser) diff --git a/src/agent/configuration_parser/include/configuration_parser.hpp b/src/agent/configuration_parser/include/configuration_parser.hpp index aac42e0247..551266bbc5 100644 --- a/src/agent/configuration_parser/include/configuration_parser.hpp +++ b/src/agent/configuration_parser/include/configuration_parser.hpp @@ -2,35 +2,139 @@ #include -#include +#include +#include #include +#include +#include #include +#include namespace configuration { + /// @class ConfigurationParser + /// @brief A parser for loading and retrieving configuration values from YAML files or strings. + /// + /// This class allows configuration data to be loaded from a specified file or directly from a YAML string, + /// and provides methods to access configuration parameters. class ConfigurationParser { private: - toml::value tbl; + /// @brief Holds the parsed YAML configuration. + YAML::Node m_config; + + /// @brief Holds the location of the configuration file. + std::filesystem::path m_configFilePath; + + /// @brief Converts a time unit represented as a string to an time_t value (ms). + /// @param option A string representing a time unit. + /// @return The corresponding time_t value. + /// @throws std::invalid_argument if the string does not represent a valid time unit. + /// @details This function parses a string representing a time unit and returns the equivalent time_t + /// value. The time unit can be expressed in milliseconds (e.g. "1ms"), seconds (e.g. "1s"), minutes (e.g. + /// "1m"), hours (e.g. "1h"), or days (e.g. "1d"). If no unit is specified, the value is assumed to be in + /// seconds. + std::time_t ParseTimeUnit(const std::string& option) const; + + /// @brief Function to get the groups information + std::function()> m_getGroups; + + /// @brief Method for loading the configuration from local file + void LoadLocalConfig(); + + /// @brief Loads shared configuration files for specific groups and merges them into the main configuration. + /// + /// This function attempts to load configuration files for each group from a shared directory. + /// The loaded configurations are merged into the main configuration. + /// + /// @throws YAML::Exception If there is an error while loading or parsing a YAML file. + void LoadSharedConfig(); public: + /// @brief Default constructor. Loads configuration from a default file path. + /// + /// Calls the constructor that accepts a file path, using the default configuration file name. + /// If the file cannot be loaded, it falls back to default configuration values. ConfigurationParser(); - ConfigurationParser(std::string stringToParse); - template - auto GetConfig(Ks... ks) const + /// @brief Constructs a ConfigurationParser and loads the configuration from a specified YAML file. + /// @param configFilePath The path to the YAML configuration file. + /// @details This constructor attempts to load configuration data from the specified file path. + /// If loading fails, it logs an error and falls back to a set of predefined default values. + ConfigurationParser(std::filesystem::path configFilePath); + + /// @brief Constructs a ConfigurationParser from a YAML-formatted string. + /// @param stringToParse A string containing YAML data to parse. + /// @throws std::exception if parsing the YAML string fails. + /// @details This constructor allows YAML configuration to be loaded directly from a string. + /// If parsing fails, an error is logged, and the exception is re-thrown. + ConfigurationParser(const std::string& stringToParse); + + /// @brief Retrieves a configuration value by following a sequence of nested keys. + /// @tparam T The expected type of the configuration value to retrieve. + /// @tparam Keys Variadic template parameters representing the hierarchical path to the desired value. + /// @param keys A sequence of keys to locate the configuration value within the YAML structure. + /// @return The configuration value corresponding to the specified keys or std::nullopt. + /// @details This method provides a flexible way to retrieve deeply nested configuration values using + /// a variadic sequence of keys, which allows specifying paths within the YAML structure. + template + std::optional GetConfig(Keys... keys) const { + YAML::Node current = YAML::Clone(m_config); + try { - auto config = toml::find(tbl, ks...); - return config; + ( + [¤t](const auto& key) + { + current = current[key]; + if (!current.IsDefined()) + { + throw YAML::Exception(YAML::Mark::null_mark(), "Key not found: " + std::string(key)); + } + }(keys), + ...); + + if constexpr (std::is_same_v) + { + return ParseTimeUnit(current.as()); + } + else + { + return current.as(); + } + } + catch (const std::invalid_argument& e) + { + LogWarn("Requested setting is invalid, default value used. {}", e.what()); + return std::nullopt; } catch (const std::exception& e) { - LogError("The requested value could not be obtained: {}.", e.what()); - throw; + LogDebug("Requested setting not found, default value used. {}", e.what()); + return std::nullopt; } } + + /// @brief Checks if the specified YAML file is valid. + /// + /// This function attempts to load the YAML file located at the given path. + /// If the file can be loaded without throwing an exception, it is considered valid. + /// + /// @param configFile The path to the YAML file to be validated. + /// @return `true` if the file is a valid YAML file; `false` otherwise. + bool isValidYamlFile(const std::filesystem::path& configFile) const; + + /// @brief Sets the function to get group IDs. + /// + /// This function sets the function to get group IDs, after setting the function the shared configuration will + /// be reloaded using this function. + /// + /// @param getGroupIdsFunction A function to get group IDs. + void SetGetGroupIdsFunction(std::function()> getGroupIdsFunction); + + /// @brief Method for loading the new available configuration + void ReloadConfiguration(); }; } // namespace configuration diff --git a/src/agent/configuration_parser/include/configuration_parser_utils.hpp b/src/agent/configuration_parser/include/configuration_parser_utils.hpp new file mode 100644 index 0000000000..b976176fb1 --- /dev/null +++ b/src/agent/configuration_parser/include/configuration_parser_utils.hpp @@ -0,0 +1,16 @@ +#pragma once + +#include + +/// @brief Merges two YAML nodes, modifying the baseYaml node to include or additionalYaml values from the +/// additionalYaml node. +/// +/// This function traverses the two YAML nodes. If a key exists in both nodes: +/// - If both values are maps, the function recurses to merge their content. +/// - If both values are sequences, their elements are concatenated. +/// - In all other cases (scalars, aliases, null values), the value from the additionalYaml node replaces the value in +/// the baseYaml node. If a key only exists in the additionalYaml node, it is added to the baseYaml node. +/// +/// @param baseYaml Reference to the baseYaml YAML::Node that will be modified. +/// @param additionalYaml Const reference to the YAML::Node containing values to merge into the baseYaml. +void MergeYamlNodes(YAML::Node& baseYaml, const YAML::Node& additionalYaml); diff --git a/src/agent/configuration_parser/src/configuration_parser.cpp b/src/agent/configuration_parser/src/configuration_parser.cpp index 74eb21183b..f1344ca5bc 100644 --- a/src/agent/configuration_parser/src/configuration_parser.cpp +++ b/src/agent/configuration_parser/src/configuration_parser.cpp @@ -1,43 +1,191 @@ #include + +#include +#include +#include +#include + +#include +#include #include namespace { - const std::string CONFIG_FILE_NAME = "wazuh.conf"; -} + constexpr unsigned int A_SECOND_IN_MILLIS = 1000; + constexpr unsigned int A_MINUTE_IN_MILLIS = 60 * A_SECOND_IN_MILLIS; + constexpr unsigned int A_HOUR_IN_MILLIS = 60 * A_MINUTE_IN_MILLIS; + constexpr unsigned int A_DAY_IN_MILLIS = 24 * A_HOUR_IN_MILLIS; + + const std::filesystem::path CONFIG_FILE = std::filesystem::path(config::DEFAULT_CONFIG_PATH) / "wazuh-agent.yml"; +} // namespace namespace configuration { + ConfigurationParser::ConfigurationParser(std::filesystem::path configFilePath) + : m_configFilePath(std::move(configFilePath)) + { + LoadLocalConfig(); + } + ConfigurationParser::ConfigurationParser() + : ConfigurationParser(CONFIG_FILE) + { + } + + ConfigurationParser::ConfigurationParser(const std::string& stringToParse) { try { - tbl = toml::parse(CONFIG_FILE_NAME, toml::spec::v(1, 0, 0)); + m_config = YAML::Load(stringToParse); } catch (const std::exception& e) { - LogError("Using default values due to error parsing wazuh.conf file: {}", e.what()); - - tbl = toml::parse_str( - R"([agent] - server_mgmt_api_port = "55000" - agent_comms_api_port = "27000" - manager_ip = "localhost")", - toml::spec::v(1, 0, 0)); + LogError("Error parsing yaml string: {}.", e.what()); + throw; } } - ConfigurationParser::ConfigurationParser(std::string stringToParse) + void ConfigurationParser::LoadLocalConfig() { + LogDebug("Loading local config file: {}.", m_configFilePath.string()); + try { - tbl = toml::parse_str(std::move(stringToParse), toml::spec::v(1, 0, 0)); + if (!isValidYamlFile(m_configFilePath)) + { + throw std::runtime_error("The file does not contain a valid YAML structure."); + } + m_config = YAML::LoadFile(m_configFilePath.string()); } catch (const std::exception& e) { - LogError("Error parsing wazuh.conf file: {}.", e.what()); - throw; + m_config = YAML::Node(); + LogWarn("Using default values due to error parsing wazuh-agent.yml file: {}", e.what()); + } + } + + std::time_t ConfigurationParser::ParseTimeUnit(const std::string& option) const + { + std::string number; + unsigned int multiplier = 1; + + if (option.ends_with("ms")) + { + number = option.substr(0, option.length() - 2); } + else if (option.ends_with("s")) + { + number = option.substr(0, option.length() - 1); + multiplier = A_SECOND_IN_MILLIS; + } + else if (option.ends_with("m")) + { + number = option.substr(0, option.length() - 1); + multiplier = A_MINUTE_IN_MILLIS; + } + else if (option.ends_with("h")) + { + number = option.substr(0, option.length() - 1); + multiplier = A_HOUR_IN_MILLIS; + } + else if (option.ends_with("d")) + { + number = option.substr(0, option.length() - 1); + multiplier = A_DAY_IN_MILLIS; + } + else + { + // By default, assume seconds + number = option; + multiplier = A_SECOND_IN_MILLIS; + } + + if (!std::all_of(number.begin(), number.end(), static_cast(std::isdigit))) + { + throw std::invalid_argument("Invalid time unit: " + option); + } + + return static_cast(std::stoul(number) * multiplier); + } + + bool ConfigurationParser::isValidYamlFile(const std::filesystem::path& configFile) const + { + try + { + YAML::Node mapToValidte = YAML::LoadFile(configFile.string()); + if (!mapToValidte.IsMap() && !mapToValidte.IsSequence()) + { + throw std::runtime_error("The file does not contain a valid YAML structure."); + } + return true; + } + catch (const std::exception&) + { + return false; + } + } + + void ConfigurationParser::LoadSharedConfig() + { + LogDebug("Loading shared configuration."); + if (m_getGroups == nullptr) + { + LogWarn("Load shared configuration failed, no get groups function set"); + return; + } + + try + { + const std::vector groupIds = m_getGroups(); + YAML::Node tmpConfig = m_config; + + for (const auto& groupId : groupIds) + { + const std::filesystem::path groupFile = std::filesystem::path(config::DEFAULT_SHARED_CONFIG_PATH) / + (groupId + config::DEFAULT_SHARED_FILE_EXTENSION); + + LogDebug("Loading group configuration file: {}.", groupFile.string()); + + YAML::Node fileToAppend = YAML::LoadFile(groupFile.string()); + + if (!tmpConfig.IsDefined() || tmpConfig.IsNull()) + { + tmpConfig = fileToAppend; + } + else + { + MergeYamlNodes(tmpConfig, fileToAppend); + } + } + + m_config = tmpConfig; + } + catch (const YAML::Exception& e) + { + LogWarn("Load shared configuration failed: {}", e.what()); + } + } + + void ConfigurationParser::SetGetGroupIdsFunction(std::function()> getGroupIdsFunction) + { + m_getGroups = std::move(getGroupIdsFunction); + LoadSharedConfig(); + } + + void ConfigurationParser::ReloadConfiguration() + { + LogInfo("Reload configuration."); + + // Reset saved configuration + m_config = YAML::Node(); + + // Load local configuration + LoadLocalConfig(); + + // Load shared configuration + LoadSharedConfig(); + + LogInfo("Reload configuration done."); } } // namespace configuration diff --git a/src/agent/configuration_parser/src/configuration_parser_utils.cpp b/src/agent/configuration_parser/src/configuration_parser_utils.cpp new file mode 100644 index 0000000000..de89ebe3a3 --- /dev/null +++ b/src/agent/configuration_parser/src/configuration_parser_utils.cpp @@ -0,0 +1,112 @@ +#include +#include +#include + +void MergeYamlNodes(YAML::Node& baseYaml, const YAML::Node& additionalYaml) +{ + // Queue to manage nodes to be merged. Pairs of nodes are handled directly. + std::queue> nodesToProcess; + nodesToProcess.emplace(baseYaml, additionalYaml); + + while (!nodesToProcess.empty()) + { + auto [baseNode, additionalNode] = nodesToProcess.front(); + nodesToProcess.pop(); + + // Traverse each key-value pair in the additionalYaml node. + for (auto it = additionalNode.begin(); it != additionalNode.end(); ++it) + { + const auto key = it->first.as(); + YAML::Node value = it->second; + + if (baseNode[key]) + { + // Key exists in the baseYaml node. + if (value.IsMap() && baseNode[key].IsMap()) + { + // Both values are maps: enqueue for further merging. + nodesToProcess.emplace(baseNode[key], value); + } + else if (value.IsSequence() && baseNode[key].IsSequence()) + { + // Merge sequences while preserving the order. + YAML::Node mergedSequence = YAML::Node(YAML::NodeType::Sequence); + + // Collect elements from 'additionalYaml' sequence to preserve insertion order. + std::vector> additionalElements; + for (const YAML::Node& elem : value) + { + if (elem.IsScalar()) + { + additionalElements.emplace_back(elem.as(), elem); + } + else if (elem.IsMap() && elem.begin() != elem.end()) + { + additionalElements.emplace_back(elem.begin()->first.as(), elem); + } + } + + // Track which keys from 'additionalYaml' sequence are merged. + std::unordered_set mergedKeys; + + for (const YAML::Node& elem : baseNode[key]) + { + std::string elemKey; + + // Extract the key based on the type of element. + if (elem.IsScalar()) + { + elemKey = elem.as(); + } + else if (elem.IsMap() && elem.begin() != elem.end()) + { + elemKey = elem.begin()->first.as(); + } + else + { + // Skip elements that don't fit the expected types. + mergedSequence.push_back(elem); + continue; + } + + // Common logic for merging elements. + auto additionalItem = + std::find_if(additionalElements.begin(), + additionalElements.end(), + [&elemKey](const auto& pair) { return pair.first == elemKey; }); + if (additionalItem != additionalElements.end()) + { + mergedSequence.push_back(additionalItem->second); + mergedKeys.insert(additionalItem->first); + } + else + { + mergedSequence.push_back(elem); + } + } + + // Add remaining elements from 'additionalYaml' sequence in order. + for (const auto& [itemKey, itemNode] : additionalElements) + { + if (mergedKeys.find(itemKey) == mergedKeys.end()) + { + mergedSequence.push_back(itemNode); + } + } + + baseNode[key] = mergedSequence; + } + else + { + // Other cases (scalar, alias, null): overwrite the value. + baseNode[key] = value; + } + } + else + { + // Key does not exist in the baseYaml node: add it directly. + baseNode[key] = value; + } + } + } +} diff --git a/src/agent/configuration_parser/tests/CMakeLists.txt b/src/agent/configuration_parser/tests/CMakeLists.txt index d908f35fde..3d8e6b3f0b 100644 --- a/src/agent/configuration_parser/tests/CMakeLists.txt +++ b/src/agent/configuration_parser/tests/CMakeLists.txt @@ -1,7 +1,13 @@ find_package(GTest CONFIG REQUIRED) +find_package(yaml-cpp CONFIG REQUIRED) add_executable(ConfigurationParser_test configuration_parser_test.cpp) configure_target(ConfigurationParser_test) -target_include_directories(ConfigurationParser_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) -target_link_libraries(ConfigurationParser_test PUBLIC ConfigurationParser GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main Logger) +target_link_libraries(ConfigurationParser_test PUBLIC ConfigurationParser Config GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main Logger) add_test(NAME ConfigParserTest COMMAND ConfigurationParser_test) + +add_executable(ConfigurationParserUtils_test configuration_parser_utils_test.cpp ${CMAKE_CURRENT_SOURCE_DIR}/../src/configuration_parser_utils.cpp) +configure_target(ConfigurationParserUtils_test) +target_include_directories(ConfigurationParserUtils_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) +target_link_libraries(ConfigurationParserUtils_test PUBLIC GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main yaml-cpp::yaml-cpp) +add_test(NAME ConfigParserUtilsTest COMMAND ConfigurationParserUtils_test) diff --git a/src/agent/configuration_parser/tests/configuration_parser_test.cpp b/src/agent/configuration_parser/tests/configuration_parser_test.cpp index f89ff157b6..f2a90ff721 100644 --- a/src/agent/configuration_parser/tests/configuration_parser_test.cpp +++ b/src/agent/configuration_parser/tests/configuration_parser_test.cpp @@ -1,33 +1,110 @@ #include +#include #include +#include +#include +#include #include #include +#include +#include using namespace configuration; +class ConfigurationParserFileTest : public ::testing::Test +{ +protected: + std::filesystem::path m_tempConfigFilePath; + + void SetUp() override + { + m_tempConfigFilePath = "temp_wazuh-agent.yml"; + + std::ofstream outFile(m_tempConfigFilePath); + outFile << R"( + agent: + server_url: https://myserver:28000 + inventory: + enabled: false + interval: 7200 + scan_on_start: false + logcollector: + enabled: false + localfiles: + - /var/log/other.log + reload_interval: 120 + file_wait: 1000 + )"; + outFile.close(); + } + + void TearDown() override + { + std::filesystem::remove(m_tempConfigFilePath); + } +}; + +class ConfigurationParserInvalidYamlFileTest : public ::testing::Test +{ +protected: + std::filesystem::path m_tempConfigFilePath; + + void SetUp() override + { + m_tempConfigFilePath = "temp_wazuh-agent.yml"; + + std::ofstream outFile(m_tempConfigFilePath); + // This string does not respect the yaml format in the line of the file_wait field, the field is misaligned. + // With this case we want it to fail when parsing the file. + outFile << R"( + agent: + server_url: https://myserver:28000 + inventory: + enabled: false + interval: 7200 + scan_on_start: false + logcollector: + enabled: false + localfiles: + - /var/log/other.log + reload_interval: 120 + file_wait: 1000 + )"; + outFile.close(); + } + + void TearDown() override + { + std::filesystem::remove(m_tempConfigFilePath); + } +}; + TEST(ConfigurationParser, GetConfigString) { std::string strConfig = R"( - [agent] - manager_ip = "192.168.0.11" - string_conf = "string" + agent: + server_url: 192.168.0.11 + string_conf: string )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig("agent", "manager_ip"); + const auto ret = parserStr->GetConfig("agent", "server_url").value_or("Invalid string"); ASSERT_EQ(ret, "192.168.0.11"); } TEST(ConfigurationParser, GetConfigArrayString) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - string_conf = "string" + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + string_conf: string )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig>("agent_array", "array_manager_ip"); + const auto ret = parserStr->GetConfig>("agent_array", "array_manager_ip") + .value_or(std::vector({"Invalid string1", "Invalid string2"})); ASSERT_EQ(ret[0], "192.168.0.0"); ASSERT_EQ(ret[1], "192.168.0.1"); } @@ -35,77 +112,181 @@ TEST(ConfigurationParser, GetConfigArrayString) TEST(ConfigurationParser, GetConfigInt) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - int_conf = 10 + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + int_conf: 10 )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig("agent_array", "int_conf"); + const auto ret = parserStr->GetConfig("agent_array", "int_conf").value_or(1234); ASSERT_EQ(ret, 10); } +TEST(ConfigurationParser, GetConfigMilliseconds) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + milliseconds_conf: 500ms + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "milliseconds_conf").value_or(1234); + ASSERT_EQ(ret, 500); +} + +TEST(ConfigurationParser, GetConfigSeconds) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + seconds_conf: 45s + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "seconds_conf").value_or(1234); + ASSERT_EQ(ret, 45000); +} + +TEST(ConfigurationParser, GetConfigMinutes) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + minutes_conf: 3m + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "minutes_conf").value_or(1234); + ASSERT_EQ(ret, 180000); +} + +TEST(ConfigurationParser, GetConfigHours) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + hours_conf: 2h + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "hours_conf").value_or(1234); + ASSERT_EQ(ret, 7200000); +} + +TEST(ConfigurationParser, GetConfigDays) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + days_conf: 1d + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "days_conf").value_or(1234); + ASSERT_EQ(ret, 86400000); +} + +TEST(ConfigurationParser, GetConfigTimeInvalid) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + time_invalid_conf: 30k + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig("agent_array", "time_invalid_conf").value_or(1234); + ASSERT_EQ(ret, 1234); +} + TEST(ConfigurationParser, GetConfigFloat) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - float_conf = 12.34 + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + float_conf: 12.34 )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig("agent_array", "float_conf"); + const auto ret = parserStr->GetConfig("agent_array", "float_conf").value_or(1.1f); EXPECT_FLOAT_EQ(ret, 12.34f); } TEST(ConfigurationParser, GetConfigNoKey) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - float_conf = 12.34 + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + float_conf: 12.34 )"; const auto parserStr = std::make_unique(strConfig); - EXPECT_ANY_THROW(parserStr->GetConfig("agent_array", "no_key")); + const auto ret = parserStr->GetConfig("agent_array", "no_key").value_or(1.1f); // NOLINT + EXPECT_FLOAT_EQ(ret, 1.1f); } TEST(ConfigurationParser, GetConfigIntSubTable) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - int_conf = 10 - [agent_array.sub_table] - int_conf = 1234 + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + int_conf: 10 + sub_table: + int_conf: 1234 )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig("agent_array", "sub_table", "int_conf"); + const auto ret = parserStr->GetConfig("agent_array", "sub_table", "int_conf").value_or(0); ASSERT_EQ(ret, 1234); } TEST(ConfigurationParser, GetConfigBoolSubTable) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - int_conf = 10 - [agent_array.sub_table] - int_conf = 1234 - bool_conf = true + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + int_conf: 10 + sub_table: + int_conf: 1234 + bool_conf: true )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig("agent_array", "sub_table", "bool_conf"); + const auto ret = parserStr->GetConfig("agent_array", "sub_table", "bool_conf").value_or(false); ASSERT_EQ(ret, true); } TEST(ConfigurationParser, GetConfigArrayMap) { std::string strConfig = R"( - [agent_array] - array_manager_ip = ["192.168.0.0", "192.168.0.1"] - string_conf = "string" - api_auth = [{org_name = "dummy1", api_token = "api_token1"}, {org_name = "dummy2", api_token = "api_token2"}] + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + string_conf: string + api_auth: + - org_name: dummy1 + api_token: api_token1 + - org_name: dummy2 + api_token: api_token2 )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig>>("agent_array", "api_auth"); + const auto ret = parserStr->GetConfig>>("agent_array", "api_auth") + .value_or(std::vector> { + {{"org_name", "default1"}, {"api_token", "default_token1"}}, + {{"org_name", "default2"}, {"api_token", "default_token2"}}}); ASSERT_EQ(ret[0].at("org_name"), "dummy1"); ASSERT_EQ(ret[0].at("api_token"), "api_token1"); ASSERT_EQ(ret[1].at("org_name"), "dummy2"); @@ -115,12 +296,14 @@ TEST(ConfigurationParser, GetConfigArrayMap) TEST(ConfigurationParser, GetConfigMap) { std::string strConfig = R"( - [map_string] - string_conf_1 = "string_1" - string_conf_2 = "string_2" + map_string: + string_conf_1: string_1 + string_conf_2: string_2 )"; const auto parserStr = std::make_unique(strConfig); - const auto ret = parserStr->GetConfig>("map_string"); + const auto ret = parserStr->GetConfig>("map_string") + .value_or(std::map {{"string_conf_1", "default_1"}, + {"string_conf_2", "default_2"}}); ASSERT_EQ(ret.at("string_conf_1"), "string_1"); ASSERT_EQ(ret.at("string_conf_2"), "string_2"); } @@ -128,12 +311,127 @@ TEST(ConfigurationParser, GetConfigMap) TEST(ConfigurationParser, GetConfigBadCast) { std::string strConfig = R"( - [bad_cast_array] - string_conf_1 = "string_1" - int_conf = 10 + bad_cast_array: + string_conf_1: string_1 + int_conf: 10 )"; const auto parserStr = std::make_unique(strConfig); - EXPECT_ANY_THROW(parserStr->GetConfig>("bad_cast_array")); + const auto ret = parserStr->GetConfig>("bad_cast_array") + .value_or(std::vector {"dummy", "string"}); + ASSERT_EQ(ret[0], "dummy"); + ASSERT_EQ(ret[1], "string"); +} + +TEST(ConfigurationParser, GetConfigMultiNode) +{ + std::string strConfig = R"( + agent_array: + array_manager_ip: + - 192.168.0.0 + - 192.168.0.1 + string_conf: string + logcollector: + enabled: true + localfiles: + - /var/log/auth.log + - /var/log/other.log + reload_interval: 60 + file_wait: 500 + )"; + const auto parserStr = std::make_unique(strConfig); + const auto ret = parserStr->GetConfig>("agent_array", "array_manager_ip") + .value_or(std::vector {}); + const auto retEnabled = parserStr->GetConfig("logcollector", "enabled").value_or(false); + const auto retFileWait = parserStr->GetConfig("logcollector", "file_wait").value_or(0); + const auto retLocalFiles = parserStr->GetConfig>("logcollector", "localfiles") + .value_or(std::vector {}); + ASSERT_EQ(ret[0], "192.168.0.0"); + ASSERT_EQ(ret[1], "192.168.0.1"); + ASSERT_TRUE(retEnabled); + ASSERT_EQ(retLocalFiles[0], "/var/log/auth.log"); + ASSERT_EQ(retLocalFiles[1], "/var/log/other.log"); + ASSERT_EQ(retFileWait, 500); +} + +TEST(ConfigurationParser, ConfigurationParserStringMisaligned) +{ + std::string strConfig = R"( + users: + - name: Alice + - name: Bob + )"; + EXPECT_THROW(std::make_unique(strConfig), std::exception); +} + +TEST_F(ConfigurationParserFileTest, ValidConfigFileLoadsCorrectly) +{ + try + { + const auto parser = std::make_unique(m_tempConfigFilePath); + + EXPECT_EQ(parser->GetConfig("agent", "server_url").value_or(""), "https://myserver:28000"); + EXPECT_FALSE(parser->GetConfig("inventory", "enabled").value_or(true)); + EXPECT_EQ(parser->GetConfig("inventory", "interval").value_or(0), 7200); + EXPECT_FALSE(parser->GetConfig("logcollector", "enabled").value_or(true)); + EXPECT_EQ(parser->GetConfig("logcollector", "file_wait").value_or(0), 1000); + } + catch (const std::exception& e) + { + std::cerr << "Error: " << e.what() << '\n'; + std::filesystem::remove(m_tempConfigFilePath); + throw; + } +} + +TEST_F(ConfigurationParserInvalidYamlFileTest, InvalidConfigFileLoadsDefault) +{ + try + { + const auto parser = std::make_unique(m_tempConfigFilePath); + + EXPECT_EQ(parser->GetConfig("agent", "server_url").value_or("https://localhost:27000"), + "https://localhost:27000"); + EXPECT_TRUE(parser->GetConfig("inventory", "enabled").value_or(true)); + EXPECT_EQ(parser->GetConfig("inventory", "interval").value_or(3600), 3600); + EXPECT_TRUE(parser->GetConfig("logcollector", "enabled").value_or(true)); + EXPECT_EQ(parser->GetConfig("logcollector", "file_wait").value_or(500), 500); + } + catch (const std::exception& e) + { + std::cerr << "Error: " << e.what() << '\n'; + std::filesystem::remove(m_tempConfigFilePath); + throw; + } +} + +TEST_F(ConfigurationParserInvalidYamlFileTest, isValidYamlFileInvalid) +{ + try + { + const auto parser = std::make_unique(); + + EXPECT_FALSE(parser->isValidYamlFile(m_tempConfigFilePath)); + } + catch (const std::exception&) + { + std::filesystem::remove(m_tempConfigFilePath); + throw; + } +} + +TEST_F(ConfigurationParserFileTest, isValidYamlFileValid) +{ + try + { + const auto parser = std::make_unique(); + + EXPECT_TRUE(parser->isValidYamlFile(m_tempConfigFilePath)); + } + catch (const std::exception&) + { + std::filesystem::remove(m_tempConfigFilePath); + throw; + } } int main(int argc, char** argv) diff --git a/src/agent/configuration_parser/tests/configuration_parser_utils_test.cpp b/src/agent/configuration_parser/tests/configuration_parser_utils_test.cpp new file mode 100644 index 0000000000..7a8154685e --- /dev/null +++ b/src/agent/configuration_parser/tests/configuration_parser_utils_test.cpp @@ -0,0 +1,155 @@ +#include +#include +#include + +/// @brief Test for merging two simple YAML maps with unique keys. +TEST(MergeYamlNodesTest, MergeSimpleMaps) +{ + YAML::Node base = YAML::Load(R"( + key1: value1 + key2: value2 + )"); + YAML::Node additional = YAML::Load(R"( + key3: value3 + key4: value4 + )"); + + MergeYamlNodes(base, additional); + + EXPECT_EQ(base["key1"].as(), "value1"); + EXPECT_EQ(base["key2"].as(), "value2"); + EXPECT_EQ(base["key3"].as(), "value3"); + EXPECT_EQ(base["key4"].as(), "value4"); +} + +/// @brief Test for overriding a key in the base YAML with a value from additional YAML. +TEST(MergeYamlNodesTest, OverrideScalarValue) +{ + YAML::Node base = YAML::Load(R"( + key1: value1 + key2: value2 + )"); + YAML::Node additional = YAML::Load(R"( + key2: new_value + )"); + + MergeYamlNodes(base, additional); + + EXPECT_EQ(base["key1"].as(), "value1"); + EXPECT_EQ(base["key2"].as(), "new_value"); +} + +/// @brief Test for merging nested YAML maps. +TEST(MergeYamlNodesTest, MergeNestedMaps) +{ + YAML::Node base = YAML::Load(R"( + parent: + child1: value1 + child2: value2 + )"); + YAML::Node additional = YAML::Load(R"( + parent: + child2: new_value + child3: value3 + )"); + + MergeYamlNodes(base, additional); + + ASSERT_TRUE(base["parent"].IsMap()); + EXPECT_EQ(base["parent"]["child1"].as(), "value1"); + EXPECT_EQ(base["parent"]["child2"].as(), "new_value"); + EXPECT_EQ(base["parent"]["child3"].as(), "value3"); +} + +/// @brief Test for merging YAML sequences while preserving order and avoiding duplicates. +TEST(MergeYamlNodesTest, MergeSequences) +{ + YAML::Node base = YAML::Load(R"( + key: + - item1 + - item2 + )"); + YAML::Node additional = YAML::Load(R"( + key: + - item2 + - item3 + )"); + + MergeYamlNodes(base, additional); + + ASSERT_TRUE(base["key"].IsSequence()); + EXPECT_EQ(base["key"].size(), 3); + EXPECT_EQ(base["key"][0].as(), "item1"); + EXPECT_EQ(base["key"][1].as(), "item2"); + EXPECT_EQ(base["key"][2].as(), "item3"); +} + +/// @brief Test for adding new keys to a base YAML with existing nested maps. +TEST(MergeYamlNodesTest, AddNewKeysToNestedMap) +{ + YAML::Node base = YAML::Load(R"( + parent: + child1: value1 + )"); + YAML::Node additional = YAML::Load(R"( + parent: + child2: value2 + )"); + + MergeYamlNodes(base, additional); + + ASSERT_TRUE(base["parent"].IsMap()); + EXPECT_EQ(base["parent"]["child1"].as(), "value1"); + EXPECT_EQ(base["parent"]["child2"].as(), "value2"); +} + +/// @brief Test for merging when base YAML is empty. +TEST(MergeYamlNodesTest, BaseYamlEmpty) +{ + YAML::Node base = YAML::Load("{}"); + YAML::Node additional = YAML::Load(R"( + key1: value1 + key2: value2 + )"); + + MergeYamlNodes(base, additional); + + EXPECT_EQ(base["key1"].as(), "value1"); + EXPECT_EQ(base["key2"].as(), "value2"); +} + +/// @brief Test for merging when additional YAML is empty. +TEST(MergeYamlNodesTest, AdditionalYamlEmpty) +{ + YAML::Node base = YAML::Load(R"( + key1: value1 + key2: value2 + )"); + YAML::Node additional = YAML::Load("{}"); + + MergeYamlNodes(base, additional); + + EXPECT_EQ(base["key1"].as(), "value1"); + EXPECT_EQ(base["key2"].as(), "value2"); +} + +/// @brief Test for handling edge cases with scalar values. +TEST(MergeYamlNodesTest, ScalarsOverwriteCorrectly) +{ + YAML::Node base = YAML::Load(R"( + key: old_value + )"); + YAML::Node additional = YAML::Load(R"( + key: new_value + )"); + + MergeYamlNodes(base, additional); + + EXPECT_EQ(base["key"].as(), "new_value"); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/agent/include/agent.hpp b/src/agent/include/agent.hpp index ddf805059d..bda3591082 100644 --- a/src/agent/include/agent.hpp +++ b/src/agent/include/agent.hpp @@ -1,31 +1,79 @@ #pragma once #include +#include #include #include #include #include +#include #include #include #include +#include + #include +#include +/// @brief Agent class +/// +/// This class handles the configuration, communication with the manager, +/// command handling, task management, and module management. class Agent { public: - Agent(std::unique_ptr signalHandler = std::make_unique()); + /// @brief Constructor + /// @param configFilePath Path to the configuration file + /// @param signalHandler Pointer to a custom ISignalHandler implementation + /// @throws std::runtime_error If the Agent is not registered + /// @throws Any exception propagated from dependencies used within the constructor + Agent(const std::string& configFilePath, + std::unique_ptr signalHandler = std::make_unique()); + + /// @brief Destructor ~Agent(); + /// @brief Runs the agent + /// + /// This method sets up the agent and starts the task manager. void Run(); + /// @brief Reload the modules + /// + /// This method stops all modules launched by moduleManager, and starts them again. + void ReloadModules(); + private: + /// @brief Task manager + TaskManager m_taskManager; + + /// @brief System info + SysInfo m_sysInfo; + + /// @brief Configuration parser + std::shared_ptr m_configurationParser; + + std::string m_dataPath; + + /// @brief Queue for storing messages std::shared_ptr m_messageQueue; + /// @brief Pointer to a custom ISignalHandler implementation std::unique_ptr m_signalHandler; - TaskManager m_taskManager; + + /// @brief Agent info AgentInfo m_agentInfo; - configuration::ConfigurationParser m_configurationParser; + + /// @brief Communicator communicator::Communicator m_communicator; + + /// @brief Module manager + ModuleManager m_moduleManager; + + /// @brief Command handler command_handler::CommandHandler m_commandHandler; + + /// @brief Centralized configuration + centralized_configuration::CentralizedConfiguration m_centralizedConfiguration; }; diff --git a/src/agent/include/agent_registration.hpp b/src/agent/include/agent_registration.hpp new file mode 100644 index 0000000000..ec5394b8ac --- /dev/null +++ b/src/agent/include/agent_registration.hpp @@ -0,0 +1,65 @@ +#pragma once + +#include +#include + +#include + +#include +#include + +namespace agent_registration +{ + /// @struct UserCredentials + /// @brief Stores the user's credentials. + struct UserCredentials + { + std::string user; + std::string password; + }; + + /// @brief Registers an agent with a manager. + /// + /// This class provides methods for registering the agent and storing its + /// configuration. + class AgentRegistration + { + public: + ///@brief Constructor for the AgentRegistration class. + /// + /// @param url The server URL. + /// @param user The user's username. + /// @param password The user's password. + /// @param key The agent's key. + /// @param name The agent's name. + /// @param dbFolderPath The path to the database folder. + AgentRegistration(std::string url, + std::string user, + std::string password, + const std::string& key, + const std::string& name, + const std::string& dbFolderPath); + + /// @brief Registers the agent with the manager. + /// + /// @param httpClient The HTTP client to use for registration. + /// @return True if the registration was successful, false otherwise. + bool Register(http_client::IHttpClient& httpClient); + + private: + /// @brief The system's information. + SysInfo m_sysInfo; + + /// @brief The agent's information. + AgentInfo m_agentInfo; + + /// @brief The URL of the manager. + std::string m_serverUrl; + + /// @brief The user's username. + std::string m_user; + + /// @brief The user's password. + std::string m_password; + }; +} // namespace agent_registration diff --git a/src/agent/include/cmd_ln_parser.hpp b/src/agent/include/cmd_ln_parser.hpp deleted file mode 100644 index c241f60b42..0000000000 --- a/src/agent/include/cmd_ln_parser.hpp +++ /dev/null @@ -1,39 +0,0 @@ -#pragma once - -#include -#include -#include - -class CommandlineParser -{ -public: - CommandlineParser(int argc, char** argv) - { - for (int i = 1; i < argc; ++i) - { - m_tokens.push_back(std::string(argv[i])); - } - } - - const std::string& GetOptionValue(const std::string& option) const - { - auto itr = std::find(m_tokens.cbegin(), m_tokens.cend(), option); - - if (itr != m_tokens.cend() && ++itr != m_tokens.cend()) - { - return *itr; - } - - static const std::string empty_string(""); - return empty_string; - } - - bool OptionExists(const std::string& option) const - { - auto bExists = std::find(m_tokens.begin(), m_tokens.end(), option) != m_tokens.end(); - return bExists; - } - -private: - std::vector m_tokens; -}; diff --git a/src/agent/include/isignal_handler.hpp b/src/agent/include/isignal_handler.hpp index c01ebd921d..3bea42207e 100644 --- a/src/agent/include/isignal_handler.hpp +++ b/src/agent/include/isignal_handler.hpp @@ -1,8 +1,15 @@ #pragma once +/// @brief Interface for handling signals +/// +/// Classes implementing this interface are responsible for properly handling +/// signals. class ISignalHandler { public: + /// @brief Virtual destructor virtual ~ISignalHandler() = default; + + /// @brief Waits for a signal to be received virtual void WaitForSignal() = 0; }; diff --git a/src/agent/include/itask_manager.hpp b/src/agent/include/itask_manager.hpp index cdeda4e6ed..a1eb23c794 100644 --- a/src/agent/include/itask_manager.hpp +++ b/src/agent/include/itask_manager.hpp @@ -2,15 +2,31 @@ #include +/// @brief Interface for task managers +/// +/// Task managers are responsible for starting and stopping threads and for +/// scheduling tasks to be executed. +/// +/// @tparam CoroutineTaskType The type of coroutine tasks that can be scheduled template class ITaskManager { public: + /// @brief Virtual destructor virtual ~ITaskManager() = default; + /// @brief Starts the task manager + /// @param numThreads The number of threads to start virtual void Start(size_t numThreads) = 0; + + /// @brief Stops the task manager virtual void Stop() = 0; + /// @brief Enqueues a task to be executed + /// @param task The task to enqueue virtual void EnqueueTask(std::function task) = 0; + + /// @brief Enqueues a coroutine task to be executed + /// @param task The coroutine task to enqueue virtual void EnqueueTask(CoroutineTaskType task) = 0; }; diff --git a/src/agent/include/register.hpp b/src/agent/include/register.hpp deleted file mode 100644 index 78de36fea5..0000000000 --- a/src/agent/include/register.hpp +++ /dev/null @@ -1,17 +0,0 @@ -#pragma once - -#include - -#include - -namespace registration -{ - struct UserCredentials - { - std::string user; - std::string password; - }; - - bool RegisterAgent(const UserCredentials& userCredentials, http_client::IHttpClient& httpClient); - -} // namespace registration diff --git a/src/agent/include/signal_handler.hpp b/src/agent/include/signal_handler.hpp index fdf60291c5..8729b35e1a 100644 --- a/src/agent/include/signal_handler.hpp +++ b/src/agent/include/signal_handler.hpp @@ -8,19 +8,32 @@ #include #include +/// @brief Class for handling signals class SignalHandler : public ISignalHandler { public: + /// @brief Constructor + /// @param signalsToHandle The signals to be handled by this class SignalHandler(const std::vector& signalsToHandle = {SIGINT, SIGTERM}); + + /// @brief Waits for a signal to be received void WaitForSignal() override; + /// @brief Handles the given signal + /// @param signalToHandle The signal to be handled static void HandleSignal(int signalToHandle); + /// @brief Keeps track of whether the agent should continue running static std::atomic KeepRunning; private: + /// @brief Initializes signal handling for the specified signals + /// @param signalsToHandle The signals that this handler should manage void Initialize(const std::vector& signalsToHandle); + /// @brief Condition variable for synchronizing signal handling static std::condition_variable m_cv; + + /// @brief Mutex for protecting condition variable access static std::mutex m_cvMutex; }; diff --git a/src/agent/include/task_manager.hpp b/src/agent/include/task_manager.hpp index 78cc15c440..a9dd5ba5c4 100644 --- a/src/agent/include/task_manager.hpp +++ b/src/agent/include/task_manager.hpp @@ -9,19 +9,38 @@ #include #include +/// @brief Task manager class class TaskManager : public ITaskManager> { public: + /// @brief Constructor TaskManager(); + /// @brief Starts the task manager + /// @param numThreads The number of threads to start void Start(size_t numThreads) override; + + /// @brief Stops the task manager void Stop() override; + /// @brief Enqueues a task to be executed + /// @param task The task to enqueue void EnqueueTask(std::function task) override; + + /// @brief Enqueues a coroutine task to be executed + /// @param task The coroutine task to enqueue void EnqueueTask(boost::asio::awaitable task) override; private: + /// @brief The IO context for the task manager boost::asio::io_context m_ioContext; + + /// @brief A work object to keep the IO context running boost::asio::io_context::work m_work; + + /// @brief Threads run by the task manager std::vector m_threads; + + /// @brief Number of enqueued threads + size_t m_numEnqueuedThreads = 0; }; diff --git a/src/agent/module_command/CMakeLists.txt b/src/agent/module_command/CMakeLists.txt new file mode 100644 index 0000000000..04e7bdb4fd --- /dev/null +++ b/src/agent/module_command/CMakeLists.txt @@ -0,0 +1,13 @@ +cmake_minimum_required(VERSION 3.22) + +project(ModuleCommand) + +include(../../cmake/CommonSettings.cmake) +set_common_settings() + +find_package(nlohmann_json REQUIRED) + +add_library(ModuleCommand INTERFACE) + +target_include_directories(ModuleCommand INTERFACE ${CMAKE_CURRENT_SOURCE_DIR}/include) +target_link_libraries(ModuleCommand INTERFACE nlohmann_json::nlohmann_json) diff --git a/src/agent/module_command/include/module_command/command_entry.hpp b/src/agent/module_command/include/module_command/command_entry.hpp new file mode 100644 index 0000000000..0814d19359 --- /dev/null +++ b/src/agent/module_command/include/module_command/command_entry.hpp @@ -0,0 +1,87 @@ +#pragma once + +#include + +#include +#include + +namespace module_command +{ + /// @enum Status of a command execution + enum class Status + { + SUCCESS, + FAILURE, + IN_PROGRESS, + TIMEOUT, + UNKNOWN + }; + + /// @struct Result of a command execution + struct CommandExecutionResult + { + Status ErrorCode = Status::UNKNOWN; + std::string Message; + + /// @brief Construct a CommandExecutionResult object + /// @param code The status of the command execution + /// @param message A message associated with the command execution result + explicit CommandExecutionResult(Status code = Status::UNKNOWN, std::string message = "") + : ErrorCode(code) + , Message(std::move(message)) + { + } + }; + + /// @brief Data structure to hold the command execution entry + class CommandEntry + { + public: + /// @brief Construct a CommandEntry object + CommandEntry() + : Time(0.0) + , ExecutionResult(Status::UNKNOWN, "") + { + } + + /// @brief Construct a CommandEntry object + /// @param id The identifier of the command entry + /// @param module The module of the command + /// @param command The command to be executed + /// @param parameters The parameters for the command + /// @param result The result of the command execution + /// @param status The status of the command execution + CommandEntry(std::string id, + std::string module, + std::string command, + nlohmann::json parameters, + std::string result, + Status status) + : Id(std::move(id)) + , Module(std::move(module)) + , Command(std::move(command)) + , Parameters(std::move(parameters)) + , Time(0.0) + , ExecutionResult(status, std::move(result)) + { + } + + /// @brief Unique identifier of the command entry + std::string Id; + + /// @brief Module the command belongs to + std::string Module; + + /// @brief Command to be executed + std::string Command; + + /// @brief Parameters for the command + nlohmann::json Parameters; + + /// @brief Time of the command execution + double Time; + + /// @brief Result of the command execution + CommandExecutionResult ExecutionResult; + }; +} // namespace module_command diff --git a/src/agent/multitype_queue/CMakeLists.txt b/src/agent/multitype_queue/CMakeLists.txt index 9cee17eb31..6b577431d4 100644 --- a/src/agent/multitype_queue/CMakeLists.txt +++ b/src/agent/multitype_queue/CMakeLists.txt @@ -8,15 +8,13 @@ project(MultiTypeQueue LANGUAGES CXX) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - find_package(SQLiteCpp REQUIRED) find_package(nlohmann_json REQUIRED) find_package(fmt REQUIRED) find_package(Boost REQUIRED COMPONENTS asio) add_library(MultiTypeQueue src/sqlitestorage.cpp src/multitype_queue.cpp src/persistence_factory.cpp) -target_include_directories(MultiTypeQueue PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src ${SQLiteCpp_INCLUDE_DIRS}) +target_include_directories(MultiTypeQueue PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) target_link_libraries(MultiTypeQueue PUBLIC nlohmann_json::nlohmann_json Boost::asio PRIVATE SQLiteCpp fmt::fmt Logger) include(../../cmake/ConfigureTarget.cmake) diff --git a/src/agent/multitype_queue/include/imultitype_queue.hpp b/src/agent/multitype_queue/include/imultitype_queue.hpp index 49e03e7313..23531228ac 100644 --- a/src/agent/multitype_queue/include/imultitype_queue.hpp +++ b/src/agent/multitype_queue/include/imultitype_queue.hpp @@ -51,31 +51,39 @@ class IMultiTypeQueue * @brief Retrieves the next message from the queue. * * @param type The type of the queue to use as the source. - * @param module The name of the module requesting the message. + * @param moduleName The name of the module requesting the message. + * @param moduleType The type of the module requesting the messages. * @return Message The next message from the queue. */ - virtual Message getNext(MessageType type, const std::string module = "") = 0; + virtual Message getNext(MessageType type, const std::string moduleName = "", const std::string moduleType = "") = 0; /** * @brief Retrieves the next message from the queue asynchronously. * * @param type The type of the queue to use as the source. - * @param moduleName The name of the module requesting the message. * @param messageQuantity The quantity of messages to return. - * @return boost::asio::awaitable Awaitable object representing the next message. + * @param moduleName The name of the module requesting the message. + * @param moduleType The type of the module requesting the messages. + * @return boost::asio::awaitable> Awaitable object representing the next N messages. */ - virtual boost::asio::awaitable - getNextNAwaitable(MessageType type, int messageQuantity, const std::string moduleName = "") = 0; + virtual boost::asio::awaitable> getNextNAwaitable(MessageType type, + int messageQuantity, + const std::string moduleName = "", + const std::string moduleType = "") = 0; /** * @brief Retrieves the next N messages from the queue. * * @param type The type of the queue to use as the source. - * @param moduleName The name of the module requesting the messages. * @param messageQuantity The quantity of messages to return. + * @param moduleName The name of the module requesting the messages. + * @param moduleType The type of the module requesting the messages. * @return std::vector A vector of messages fetched from the queue. */ - virtual std::vector getNextN(MessageType type, int messageQuantity, const std::string moduleName = "") = 0; + virtual std::vector getNextN(MessageType type, + int messageQuantity, + const std::string moduleName = "", + const std::string moduleType = "") = 0; /** * @brief Deletes a message from the queue. diff --git a/src/agent/multitype_queue/include/message.hpp b/src/agent/multitype_queue/include/message.hpp index d9443894b5..b6253fe0ee 100644 --- a/src/agent/multitype_queue/include/message.hpp +++ b/src/agent/multitype_queue/include/message.hpp @@ -16,7 +16,8 @@ enum class MessageType }; /** - * @brief Wrapper for Message, contains the message type, the json data and the module name. + * @brief Wrapper for Message, contains the message type, the json data, the + * module name, the module type and the metadata. * */ class Message @@ -25,17 +26,22 @@ class Message MessageType type; nlohmann::json data; std::string moduleName; + std::string moduleType; + std::string metaData; - Message(MessageType t, nlohmann::json d, std::string mN = "") + Message(MessageType t, nlohmann::json d, std::string mN = "", std::string mT = "", std::string mD = "") : type(t) , data(d) , moduleName(mN) + , moduleType(mT) + , metaData(mD) { } // Define equality operator bool operator==(const Message& other) const { - return type == other.type && data == other.data; + return type == other.type && data == other.data && moduleName == other.moduleName && + moduleType == other.moduleType && metaData == other.metaData; } }; diff --git a/src/agent/multitype_queue/include/multitype_queue.hpp b/src/agent/multitype_queue/include/multitype_queue.hpp index 3567718be2..bd16916e22 100644 --- a/src/agent/multitype_queue/include/multitype_queue.hpp +++ b/src/agent/multitype_queue/include/multitype_queue.hpp @@ -4,10 +4,12 @@ #include #include +#include #include #include #include #include +#include #include #include @@ -15,7 +17,7 @@ // TODO: move to a configuration setting constexpr int DEFAULT_MAX = 10000; constexpr int DEFAULT_TIMEOUT_S = 3; -const std::string QUEUE_DEFAULT_DB_PATH = "queue.db"; +const std::string QUEUE_DB_NAME = "queue.db"; /** * @brief MultiTypeQueue implementation that handles multiple types of messages. @@ -42,10 +44,11 @@ class MultiTypeQueue : public IMultiTypeQueue /** * @brief Constructor. * + * @param dbFolderPath The path to the database folder. * @param size The maximum number of items in the queue. * @param timeout The timeout period in seconds. */ - MultiTypeQueue(size_t size = DEFAULT_MAX, int timeout = DEFAULT_TIMEOUT_S); + MultiTypeQueue(const std::string& dbFolderPath, size_t size = DEFAULT_MAX, int timeout = DEFAULT_TIMEOUT_S); /** * @brief Delete copy constructor @@ -88,20 +91,25 @@ class MultiTypeQueue : public IMultiTypeQueue int push(std::vector messages) override; /** - * @copydoc IMultiTypeQueue::getNext(MessageType, const std::string) + * @copydoc IMultiTypeQueue::getNext(MessageType, const std::string, const std::string) */ - Message getNext(MessageType type, const std::string module = "") override; + Message getNext(MessageType type, const std::string moduleName = "", const std::string moduleType = "") override; /** - * @copydoc IMultiTypeQueue::getNextNAwaitable(MessageType, int, const std::string) + * @copydoc IMultiTypeQueue::getNextNAwaitable(MessageType, int, const std::string, const std::string) */ - boost::asio::awaitable - getNextNAwaitable(MessageType type, int messageQuantity, const std::string moduleName = "") override; + boost::asio::awaitable> getNextNAwaitable(MessageType type, + int messageQuantity, + const std::string moduleName = "", + const std::string moduleType = "") override; /** - * @copydoc IMultiTypeQueue::getNextN(MessageType, int, const std::string) + * @copydoc IMultiTypeQueue::getNextN(MessageType, int, const std::string, const std::string) */ - std::vector getNextN(MessageType type, int messageQuantity, const std::string moduleName = "") override; + std::vector getNextN(MessageType type, + int messageQuantity, + const std::string moduleName = "", + const std::string moduleType = "") override; /** * @copydoc IMultiTypeQueue::pop(MessageType, const std::string) diff --git a/src/agent/multitype_queue/include/persistence.hpp b/src/agent/multitype_queue/include/persistence.hpp index 6afff95d54..a1af51e195 100644 --- a/src/agent/multitype_queue/include/persistence.hpp +++ b/src/agent/multitype_queue/include/persistence.hpp @@ -1,11 +1,10 @@ #pragma once #include + #include #include -using json = nlohmann::json; - /** * @brief Interface for persistence storage. * @@ -25,19 +24,28 @@ class Persistence * @param message The JSON message to be stored. * @param queueName The name of the queue. * @param moduleName The name of the module. + * @param moduleType The type of the module. + * @param metadata The metadata message to store. * @return int The number of messages stored. */ - virtual int Store(const json& message, const std::string& queueName, const std::string& moduleName = "") = 0; - + virtual int Store(const nlohmann::json& message, + const std::string& tableName, + const std::string& moduleName = "", + const std::string& moduleType = "", + const std::string& metadata = "") = 0; /** * @brief Retrieve a JSON message from the specified queue. * * @param id rowid of the message to be retrieved. * @param queueName The name of the queue. * @param moduleName The name of the module. - * @return json The retrieved JSON message. + * @param moduleType The type of the module. + * @return nlohmann::json The retrieved JSON message. */ - virtual json Retrieve(int id, const std::string& queueName, const std::string& moduleName = "") = 0; + virtual nlohmann::json Retrieve(int id, + const std::string& queueName, + const std::string& moduleName = "", + const std::string& moduleType = "") = 0; /** * @brief Retrieve multiple JSON messages from the specified queue. @@ -45,9 +53,13 @@ class Persistence * @param n number of messages to be retrieved. * @param queueName The name of the queue. * @param moduleName The name of the module. - * @return json The retrieved JSON messages. + * @param moduleType The type of the module. + * @return nlohmann::json The retrieved JSON messages. */ - virtual json RetrieveMultiple(int n, const std::string& queueName, const std::string& moduleName = "") = 0; + virtual nlohmann::json RetrieveMultiple(int n, + const std::string& queueName, + const std::string& moduleName = "", + const std::string& moduleType = "") = 0; /** * @brief Remove a JSON message from the specified queue. diff --git a/src/agent/multitype_queue/src/multitype_queue.cpp b/src/agent/multitype_queue/src/multitype_queue.cpp index 34973aa63a..e09f36d21e 100644 --- a/src/agent/multitype_queue/src/multitype_queue.cpp +++ b/src/agent/multitype_queue/src/multitype_queue.cpp @@ -3,20 +3,21 @@ #include #include -#include #include #include constexpr int DEFAULT_TIMER_IN_MS = 100; -MultiTypeQueue::MultiTypeQueue(size_t size, int timeout) +MultiTypeQueue::MultiTypeQueue(const std::string& dbFolderPath, size_t size, int timeout) : m_maxItems(size) , m_timeout(timeout) { + const auto dbFilePath = dbFolderPath + "/" + QUEUE_DB_NAME; + try { m_persistenceDest = PersistenceFactory::createPersistence(PersistenceFactory::PersistenceType::SQLITE3, - {QUEUE_DEFAULT_DB_PATH, m_vMessageTypeStrings}); + {dbFilePath, m_vMessageTypeStrings}); } catch (const std::exception& e) { @@ -54,15 +55,19 @@ int MultiTypeQueue::push(Message message, bool shouldWait) { for (const auto& singleMessageData : messageData) { - result += m_persistenceDest->Store(singleMessageData, sMessageType, message.moduleName); + result += m_persistenceDest->Store( + singleMessageData, sMessageType, message.moduleName, message.moduleType, message.metaData); m_cv.notify_all(); } } } else { - result = - m_persistenceDest->Store(message.data, m_mapMessageTypeName.at(message.type), message.moduleName); + result = m_persistenceDest->Store(message.data, + m_mapMessageTypeName.at(message.type), + message.moduleName, + message.moduleType, + message.metaData); m_cv.notify_all(); } } @@ -100,15 +105,19 @@ boost::asio::awaitable MultiTypeQueue::pushAwaitable(Message message) { for (const auto& singleMessageData : messageData) { - result += m_persistenceDest->Store(singleMessageData, sMessageType, message.moduleName); + result += m_persistenceDest->Store( + singleMessageData, sMessageType, message.moduleName, message.moduleType, message.metaData); m_cv.notify_all(); } } } else { - result = - m_persistenceDest->Store(message.data, m_mapMessageTypeName.at(message.type), message.moduleName); + result = m_persistenceDest->Store(message.data, + m_mapMessageTypeName.at(message.type), + message.moduleName, + message.moduleType, + message.metaData); m_cv.notify_all(); } } @@ -130,19 +139,18 @@ int MultiTypeQueue::push(std::vector messages) return result; } -Message MultiTypeQueue::getNext(MessageType type, const std::string moduleName) +Message MultiTypeQueue::getNext(MessageType type, const std::string moduleName, const std::string moduleType) { - Message result(type, "{}"_json, moduleName); + Message result(type, "{}"_json, moduleName, moduleType, ""); if (m_mapMessageTypeName.contains(type)) { - auto resultData = m_persistenceDest->RetrieveMultiple(1, m_mapMessageTypeName.at(type), moduleName); + auto resultData = m_persistenceDest->RetrieveMultiple(1, m_mapMessageTypeName.at(type), moduleName, moduleType); if (!resultData.empty()) { - result.data = resultData; - if (moduleName.empty()) - { - result.moduleName = result.data.at(0).at("module"); - } + result.data = resultData[0]["data"]; + result.metaData = resultData[0]["metadata"]; + result.moduleName = resultData[0]["moduleName"]; + result.moduleType = resultData[0]["moduleType"]; } } else @@ -153,12 +161,14 @@ Message MultiTypeQueue::getNext(MessageType type, const std::string moduleName) return result; } -boost::asio::awaitable -MultiTypeQueue::getNextNAwaitable(MessageType type, int messageQuantity, const std::string moduleName) +boost::asio::awaitable> MultiTypeQueue::getNextNAwaitable(MessageType type, + int messageQuantity, + const std::string moduleName, + const std::string moduleType) { boost::asio::steady_timer timer(co_await boost::asio::this_coro::executor); - Message result(type, "{}"_json, moduleName); + std::vector result; if (m_mapMessageTypeName.contains(type)) { while (isEmpty(type)) @@ -166,17 +176,7 @@ MultiTypeQueue::getNextNAwaitable(MessageType type, int messageQuantity, const s timer.expires_after(std::chrono::milliseconds(DEFAULT_TIMER_IN_MS)); co_await timer.async_wait(boost::asio::use_awaitable); } - - auto resultData = - m_persistenceDest->RetrieveMultiple(messageQuantity, m_mapMessageTypeName.at(type), moduleName); - if (!resultData.empty()) - { - result.data = resultData; - if (moduleName.empty()) - { - result.moduleName = result.data.at(0).at("module"); - } - } + result = getNextN(type, messageQuantity, moduleName, moduleType); } else { @@ -186,21 +186,20 @@ MultiTypeQueue::getNextNAwaitable(MessageType type, int messageQuantity, const s co_return result; } -std::vector MultiTypeQueue::getNextN(MessageType type, int messageQuantity, const std::string moduleName) +std::vector MultiTypeQueue::getNextN(MessageType type, + int messageQuantity, + const std::string moduleName, + const std::string moduleType) { std::vector result; if (m_mapMessageTypeName.contains(type)) { auto arrayData = - m_persistenceDest->RetrieveMultiple(messageQuantity, m_mapMessageTypeName.at(type), moduleName); + m_persistenceDest->RetrieveMultiple(messageQuantity, m_mapMessageTypeName.at(type), moduleName, moduleType); for (auto singleJson : arrayData) { - auto finalModuleName = moduleName; - if (moduleName.empty()) - { - finalModuleName = singleJson["module"]; - } - result.emplace_back(type, singleJson, finalModuleName); + result.emplace_back( + type, singleJson["data"], singleJson["moduleName"], singleJson["moduleType"], singleJson["metadata"]); } } else diff --git a/src/agent/multitype_queue/src/sqlitestorage.cpp b/src/agent/multitype_queue/src/sqlitestorage.cpp index 2de61e9dea..ea0ee67a6f 100644 --- a/src/agent/multitype_queue/src/sqlitestorage.cpp +++ b/src/agent/multitype_queue/src/sqlitestorage.cpp @@ -6,6 +6,8 @@ #include #include +#include +#include SQLiteStorage::SQLiteStorage(const std::string& dbName, const std::vector& tableNames) : m_dbName(dbName) @@ -33,7 +35,7 @@ void SQLiteStorage::InitializeTable(const std::string& tableName) { // TODO: all queries should be in the same place. constexpr std::string_view CREATE_TABLE_QUERY { - "CREATE TABLE IF NOT EXISTS {} (module TEXT, message TEXT NOT NULL);"}; + "CREATE TABLE IF NOT EXISTS {} (module_name TEXT, module_type TEXT, metadata TEXT, message TEXT NOT NULL);"}; auto createTableQuery = fmt::format(CREATE_TABLE_QUERY, tableName); std::lock_guard lock(m_mutex); try @@ -61,10 +63,19 @@ void SQLiteStorage::ReleaseDatabaseAccess() m_cv.notify_one(); } -int SQLiteStorage::Store(const json& message, const std::string& tableName, const std::string& moduleName) +int SQLiteStorage::Store(const nlohmann::json& message, + const std::string& tableName, + const std::string& moduleName, + const std::string& moduleType, + const std::string& metadata) { - constexpr std::string_view INSERT_QUERY {"INSERT INTO {} (module, message) VALUES (\"{}\", ?);"}; - std::string insertQuery = fmt::format(INSERT_QUERY, tableName, moduleName); + + std::string insertQuery; + + constexpr std::string_view INSERT_QUERY { + R"(INSERT INTO {} (module_name, module_type, metadata, message) VALUES ("{}", "{}", '{}', ?);)"}; + insertQuery = fmt::format(INSERT_QUERY, tableName, moduleName, moduleType, metadata); + int result = 0; WaitForDatabaseAccess(); @@ -103,19 +114,22 @@ int SQLiteStorage::Store(const json& message, const std::string& tableName, cons } // TODO: we shouldn't use rowid outside the table itself -json SQLiteStorage::Retrieve(int id, const std::string& tableName, const std::string& moduleName) +nlohmann::json SQLiteStorage::Retrieve(int id, + const std::string& tableName, + const std::string& moduleName, + [[maybe_unused]] const std::string& moduleType) { - std::string selectQuery; if (moduleName.empty()) { - constexpr std::string_view SELECT_QUERY {"SELECT module, message FROM {} WHERE rowid = ?;"}; + constexpr std::string_view SELECT_QUERY {"SELECT module_name, module_type, metadata, message FROM {} WHERE " + "rowid = ?;"}; selectQuery = fmt::format(SELECT_QUERY, tableName); } else { constexpr std::string_view SELECT_QUERY { - "SELECT module, message FROM {} WHERE module LIKE \"{}\" AND rowid = ?;"}; + "SELECT module_name, module_type, metadata, message FROM {} WHERE module_name LIKE \"{}\" AND rowid = ?;"}; selectQuery = fmt::format(SELECT_QUERY, tableName, moduleName); } @@ -123,32 +137,43 @@ json SQLiteStorage::Retrieve(int id, const std::string& tableName, const std::st { SQLite::Statement query(*m_db, selectQuery); query.bind(1, id); - json outputJson = {{"module", ""}, {"data", {}}}; + nlohmann::json outputJson = {{"moduleName", ""}, {"moduleType", ""}, {"metadata", ""}, {"data", {}}}; if (query.executeStep()) { - std::string dataString; - std::string moduleString; - - if (query.getColumnCount() == 2 && query.getColumn(1).getType() == SQLite::TEXT && + if (query.getColumnCount() == 4 && query.getColumn(3).getType() == SQLite::TEXT && + query.getColumn(2).getType() == SQLite::TEXT && query.getColumn(1).getType() == SQLite::TEXT && query.getColumn(0).getType() == SQLite::TEXT) { - moduleString = query.getColumn(0).getString(); - dataString = query.getColumn(1).getString(); + std::string moduleNameString = query.getColumn(0).getString(); + std::string moduleTypeString = query.getColumn(1).getString(); + std::string metadataString = query.getColumn(2).getString(); + std::string dataString = query.getColumn(3).getString(); if (!dataString.empty()) { - outputJson["data"] = json::parse(dataString); + outputJson["data"] = nlohmann::json::parse(dataString); + } + + if (!metadataString.empty()) + { + outputJson["metadata"] = metadataString; + } + + if (!moduleNameString.empty()) + { + outputJson["moduleName"] = moduleNameString; } - if (!moduleString.empty()) + if (!moduleTypeString.empty()) { - outputJson["module"] = moduleString; + outputJson["moduleType"] = moduleTypeString; } } } return outputJson; } + catch (const std::exception& e) { LogError("Error during Retrieve operation: {}.", e.what()); @@ -156,18 +181,23 @@ json SQLiteStorage::Retrieve(int id, const std::string& tableName, const std::st } } -json SQLiteStorage::RetrieveMultiple(int n, const std::string& tableName, const std::string& moduleName) +nlohmann::json SQLiteStorage::RetrieveMultiple(int n, + const std::string& tableName, + const std::string& moduleName, + [[maybe_unused]] const std::string& moduleType) { std::string selectQuery; if (moduleName.empty()) { - constexpr std::string_view SELECT_MULTIPLE_QUERY {"SELECT module, message FROM {} ORDER BY rowid ASC LIMIT ?;"}; + constexpr std::string_view SELECT_MULTIPLE_QUERY { + "SELECT module_name, module_type, metadata, message FROM {} ORDER BY rowid ASC LIMIT ?;"}; selectQuery = fmt::format(SELECT_MULTIPLE_QUERY, tableName); } else { constexpr std::string_view SELECT_MULTIPLE_QUERY { - "SELECT module, message FROM {} WHERE module LIKE \"{}\" ORDER BY rowid ASC LIMIT ?;"}; + "SELECT module_name, module_type, metadata, message FROM {} WHERE " + "module_name LIKE \"{}\" ORDER BY rowid ASC LIMIT ?;"}; selectQuery = fmt::format(SELECT_MULTIPLE_QUERY, tableName, moduleName); } @@ -175,29 +205,38 @@ json SQLiteStorage::RetrieveMultiple(int n, const std::string& tableName, const { SQLite::Statement query(*m_db, selectQuery); query.bind(1, n); - json messages = json::array(); + nlohmann::json messages = nlohmann::json::array(); while (query.executeStep()) { - // getting data json - std::string dataString; - std::string moduleString; - - if (query.getColumnCount() == 2 && query.getColumn(1).getType() == SQLite::TEXT && + if (query.getColumnCount() == 4 && query.getColumn(3).getType() == SQLite::TEXT && + query.getColumn(2).getType() == SQLite::TEXT && query.getColumn(1).getType() == SQLite::TEXT && query.getColumn(0).getType() == SQLite::TEXT) { - moduleString = query.getColumn(0).getString(); - dataString = query.getColumn(1).getString(); + std::string moduleNameString = query.getColumn(0).getString(); + std::string moduleTypeString = query.getColumn(1).getString(); + std::string metadataString = query.getColumn(2).getString(); + std::string dataString = query.getColumn(3).getString(); - json outputJson = {{"module", ""}, {"data", {}}}; + nlohmann::json outputJson = {{"moduleName", ""}, {"moduleType", ""}, {"metadata", ""}, {"data", {}}}; if (!dataString.empty()) { - outputJson["data"] = json::parse(dataString); + outputJson["data"] = nlohmann::json::parse(dataString); + } + + if (!metadataString.empty()) + { + outputJson["metadata"] = metadataString; } - if (!moduleString.empty()) + if (!moduleNameString.empty()) { - outputJson["module"] = moduleString; + outputJson["moduleName"] = moduleNameString; + } + + if (!moduleTypeString.empty()) + { + outputJson["moduleType"] = moduleTypeString; } messages.push_back(outputJson); @@ -223,7 +262,7 @@ int SQLiteStorage::Remove(int id, const std::string& tableName, const std::strin } else { - constexpr std::string_view DELETE_QUERY {"DELETE FROM {} WHERE module LIKE \"{}\" AND rowid = ?;"}; + constexpr std::string_view DELETE_QUERY {"DELETE FROM {} WHERE module_name LIKE \"{}\" AND rowid = ?;"}; deleteQuery = fmt::format(DELETE_QUERY, tableName, moduleName); } @@ -255,9 +294,9 @@ int SQLiteStorage::RemoveMultiple(int n, const std::string& tableName, const std } else { - constexpr std::string_view DELETE_MULTIPLE_QUERY { - "DELETE FROM {} WHERE module LIKE \"{}\" AND rowid IN (SELECT rowid FROM {} WHERE module LIKE \"{}\" ORDER " - "BY rowid ASC LIMIT ?);"}; + constexpr std::string_view DELETE_MULTIPLE_QUERY {"DELETE FROM {} WHERE module_name LIKE \"{}\" AND rowid IN " + "(SELECT rowid FROM {} WHERE module_name LIKE \"{}\" ORDER " + "BY rowid ASC LIMIT ?);"}; deleteQuery = fmt::format(DELETE_MULTIPLE_QUERY, tableName, moduleName, tableName, moduleName); } @@ -289,7 +328,7 @@ int SQLiteStorage::GetElementCount(const std::string& tableName, const std::stri } else { - constexpr std::string_view COUNT_QUERY {"SELECT COUNT(*) FROM {} WHERE module LIKE \"{}\""}; + constexpr std::string_view COUNT_QUERY {"SELECT COUNT(*) FROM {} WHERE module_name LIKE \"{}\""}; countQuery = fmt::format(COUNT_QUERY, tableName, moduleName); } diff --git a/src/agent/multitype_queue/src/sqlitestorage.hpp b/src/agent/multitype_queue/src/sqlitestorage.hpp index e328d0170a..25f2491058 100644 --- a/src/agent/multitype_queue/src/sqlitestorage.hpp +++ b/src/agent/multitype_queue/src/sqlitestorage.hpp @@ -1,17 +1,16 @@ #pragma once -#include -#include -#include -#include -#include -#include +#include #include #include -#include +#include -#include "persistence.hpp" +#include +#include +#include +#include +#include /** * @brief SQLite implementation of the Persistence interface. @@ -55,9 +54,15 @@ class SQLiteStorage : public Persistence * @param message The JSON message to store. * @param tableName The name of the table to store the message in. * @param moduleName The name of the module that created the message. + * @param moduleType The type of the module that created the message. + * @param metadata The metadata message to store. * @return The number of stored elements. */ - int Store(const json& message, const std::string& tableName, const std::string& moduleName = "") override; + int Store(const nlohmann::json& message, + const std::string& tableName, + const std::string& moduleName = "", + const std::string& moduleType = "", + const std::string& metadata = "") override; /** * @brief Retrieve a JSON message by its ID. @@ -65,9 +70,13 @@ class SQLiteStorage : public Persistence * @param id The ID of the message to retrieve. * @param tableName The name of the table to retrieve the message from. * @param moduleName The name of the module that created the message. + * @param moduleType The module type that created the message. * @return The retrieved JSON message. */ - json Retrieve(int id, const std::string& tableName, const std::string& moduleName = "") override; + nlohmann::json Retrieve(int id, + const std::string& tableName, + const std::string& moduleName = "", + const std::string& moduleType = "") override; /** * @brief Retrieve multiple JSON messages. @@ -75,9 +84,13 @@ class SQLiteStorage : public Persistence * @param n The number of messages to retrieve. * @param tableName The name of the table to retrieve the message from. * @param moduleName The name of the module that created the message. + * @param moduleType The module type that created the message. * @return A vector of retrieved JSON messages. */ - json RetrieveMultiple(int n, const std::string& tableName, const std::string& moduleName = "") override; + nlohmann::json RetrieveMultiple(int n, + const std::string& tableName, + const std::string& moduleName = "", + const std::string& moduleType = "") override; /** * @brief Remove a JSON message by its ID. diff --git a/src/agent/multitype_queue/tests/CMakeLists.txt b/src/agent/multitype_queue/tests/CMakeLists.txt index bbe763d5d1..8abc76a1fd 100644 --- a/src/agent/multitype_queue/tests/CMakeLists.txt +++ b/src/agent/multitype_queue/tests/CMakeLists.txt @@ -2,7 +2,7 @@ find_package(GTest REQUIRED) add_executable(test_MultiTypeQueue multitype_queue_test.cpp) configure_target(test_MultiTypeQueue) -target_include_directories(test_MultiTypeQueue PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(test_MultiTypeQueue PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(test_MultiTypeQueue PUBLIC MultiTypeQueue GTest::gtest @@ -13,7 +13,7 @@ add_test(NAME MultiTypeQueueTest COMMAND test_MultiTypeQueue) add_executable(test_sqlitestorage sqlitestorage_test.cpp) configure_target(test_sqlitestorage) -target_include_directories(test_sqlitestorage PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(test_sqlitestorage PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(test_sqlitestorage MultiTypeQueue SQLiteCpp diff --git a/src/agent/multitype_queue/tests/multitype_queue_test.cpp b/src/agent/multitype_queue/tests/multitype_queue_test.cpp index 1ac4e2d9c5..5a43dad0c5 100644 --- a/src/agent/multitype_queue/tests/multitype_queue_test.cpp +++ b/src/agent/multitype_queue/tests/multitype_queue_test.cpp @@ -15,13 +15,11 @@ #include "multitype_queue.hpp" #include "multitype_queue_test.hpp" -using json = nlohmann::json; - constexpr int BIG_QUEUE_CAPACITY = 10; constexpr int SMALL_QUEUE_CAPACITY = 2; -const json BASE_DATA_CONTENT = R"({{"data": "for STATELESS_0"}})"; -const json MULTIPLE_DATA_CONTENT = {"content 1", "content 2", "content 3"}; +const nlohmann::json BASE_DATA_CONTENT = R"({{"data": "for STATELESS_0"}})"; +const nlohmann::json MULTIPLE_DATA_CONTENT = {"content 1", "content 2", "content 3"}; namespace { @@ -62,7 +60,7 @@ namespace for (const auto& entry : std::filesystem::directory_iterator(".")) { const auto fileFullPath = entry.path().string(); - if (fileFullPath.find(QUEUE_DEFAULT_DB_PATH) != std::string::npos) + if (fileFullPath.find(QUEUE_DB_NAME) != std::string::npos) { std::error_code ec; std::filesystem::remove(fileFullPath, ec); @@ -85,36 +83,37 @@ void MultiTypeQueueTest::TearDown() {}; // JSON Basic methods. Move or delete if JSON Wrapper is done TEST_F(JsonTest, JSONConversionComparisson) { - json uj1 = {{"version", 1}, {"type", "integer"}}; + const nlohmann::json uj1 = {{"version", 1}, {"type", "integer"}}; + // From string. If not unescape then it throws errors - json uj2 = json::parse(UnescapeString(R"({\"type\":\"integer\",\"version\":1})")); + const auto uj2 = nlohmann::json::parse(UnescapeString(R"({\"type\":\"integer\",\"version\":1})")); - nlohmann::ordered_json oj1 = {{"version", 1}, {"type", "integer"}}; - nlohmann::ordered_json oj2 = {{"type", "integer"}, {"version", 1}}; + const nlohmann::ordered_json oj1 = {{"version", 1}, {"type", "integer"}}; + const nlohmann::ordered_json oj2 = {{"type", "integer"}, {"version", 1}}; EXPECT_FALSE(oj1 == oj2); auto versionUj1 = uj1["version"].template get(); auto versionUj2 = uj2["version"].template get(); EXPECT_EQ(versionUj1, versionUj2); - auto versionUj12 = uj1.at("version"); - auto versionUj22 = uj2.at("version"); + const auto& versionUj12 = uj1.at("version"); + const auto& versionUj22 = uj2.at("version"); EXPECT_EQ(versionUj12, versionUj22); auto typeUj1 = uj1["type"].template get(); auto typeUj2 = uj2["type"].template get(); EXPECT_EQ(typeUj1, typeUj2); - auto typeUj12 = uj1.at("type"); - auto typeUj22 = uj2.at("type"); + const auto& typeUj12 = uj1.at("type"); + const auto& typeUj22 = uj2.at("type"); EXPECT_EQ(typeUj12, typeUj22); } TEST_F(JsonTest, JSONArrays) { // create JSON values - const json j_object = {{"one", 1}, {"two", 2}, {"three", 3}}; - const json j_array = {1, 2, 4, 8, 16}; + const nlohmann::json j_object = {{"one", 1}, {"two", 2}, {"three", 3}}; + const nlohmann::json j_array = {1, 2, 4, 8, 16}; // TODO: test string: const std::string multipleDataContent = R"({"data": {"content 1", "content 2", "content 3"})"; // call is_array() @@ -133,7 +132,7 @@ TEST_F(JsonTest, JSONArrays) // Push, get and check the queue is not empty TEST_F(MultiTypeQueueTest, SinglePushGetNotEmpty) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const Message messageToSend {messageType, BASE_DATA_CONTENT}; @@ -144,7 +143,7 @@ TEST_F(MultiTypeQueueTest, SinglePushGetNotEmpty) auto typeReceived = messageResponse.type; EXPECT_TRUE(typeSend == typeReceived); - auto dataResponse = messageResponse.data.at(0).at("data"); + auto dataResponse = messageResponse.data; EXPECT_EQ(dataResponse, BASE_DATA_CONTENT); EXPECT_FALSE(multiTypeQueue.isEmpty(MessageType::STATELESS)); @@ -153,13 +152,13 @@ TEST_F(MultiTypeQueueTest, SinglePushGetNotEmpty) // push and pop on a non-full queue TEST_F(MultiTypeQueueTest, SinglePushPopEmpty) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const Message messageToSend {messageType, BASE_DATA_CONTENT}; EXPECT_EQ(multiTypeQueue.push(messageToSend), 1); auto messageResponse = multiTypeQueue.getNext(MessageType::STATELESS); - auto dataResponse = messageResponse.data.at(0).at("data"); + auto dataResponse = messageResponse.data; EXPECT_EQ(dataResponse, BASE_DATA_CONTENT); EXPECT_EQ(messageType, messageResponse.type); @@ -177,7 +176,7 @@ TEST_F(MultiTypeQueueTest, SinglePushPopEmpty) TEST_F(MultiTypeQueueTest, SinglePushGetWithModule) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const std::string moduleFakeName = "fake-module"; const std::string moduleName = "module"; @@ -195,7 +194,7 @@ TEST_F(MultiTypeQueueTest, SinglePushGetWithModule) auto messageResponseCorrectModule = multiTypeQueue.getNext(MessageType::STATELESS, moduleName); - auto dataResponse = messageResponseCorrectModule.data.at(0).at("data"); + auto dataResponse = messageResponseCorrectModule.data; EXPECT_EQ(dataResponse, BASE_DATA_CONTENT); EXPECT_EQ(moduleName, messageResponseCorrectModule.moduleName); @@ -204,17 +203,17 @@ TEST_F(MultiTypeQueueTest, SinglePushGetWithModule) // Push, get and check while the queue is full TEST_F(MultiTypeQueueTest, SinglePushPopFullWithTimeout) { - MultiTypeQueue multiTypeQueue(SMALL_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", SMALL_QUEUE_CAPACITY); // complete the queue with messages const MessageType messageType {MessageType::COMMAND}; for (int i : {1, 2}) { - const json dataContent = R"({"Data" : "for COMMAND)" + std::to_string(i) + R"("})"; + const nlohmann::json dataContent = R"({"Data" : "for COMMAND)" + std::to_string(i) + R"("})"; EXPECT_EQ(multiTypeQueue.push({messageType, dataContent}), 1); } - const json dataContent = R"({"Data" : "for COMMAND3"})"; + const nlohmann::json dataContent = R"({"Data" : "for COMMAND3"})"; Message exampleMessage {messageType, dataContent}; EXPECT_EQ(multiTypeQueue.push({messageType, dataContent}, true), 0); @@ -231,7 +230,7 @@ TEST_F(MultiTypeQueueTest, SinglePushPopFullWithTimeout) // Accesing different types of queues from several threads TEST_F(MultiTypeQueueTest, MultithreadDifferentType) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); auto consumerStateLess = [&](const int& count) { @@ -253,7 +252,7 @@ TEST_F(MultiTypeQueueTest, MultithreadDifferentType) { for (int i = 0; i < count; ++i) { - const json dataContent = R"({{"Data", "Number )" + std::to_string(i) + R"("}})"; + const nlohmann::json dataContent = R"({{"Data", "Number )" + std::to_string(i) + R"("}})"; EXPECT_EQ(multiTypeQueue.push(Message(MessageType::STATELESS, dataContent)), 1); EXPECT_EQ(multiTypeQueue.push(Message(MessageType::STATEFUL, dataContent)), 1); } @@ -301,7 +300,7 @@ TEST_F(MultiTypeQueueTest, MultithreadDifferentType) // Accesing same queue from 2 different threads TEST_F(MultiTypeQueueTest, MultithreadSameType) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); auto messageType = MessageType::COMMAND; auto consumerCommand1 = [&](const int& count) @@ -324,7 +323,7 @@ TEST_F(MultiTypeQueueTest, MultithreadSameType) { for (int i = 0; i < count; ++i) { - const json dataContent = R"({{"Data": "for COMMAND)" + std::to_string(i) + R"("}})"; + const nlohmann::json dataContent = R"({{"Data": "for COMMAND)" + std::to_string(i) + R"("}})"; EXPECT_EQ(multiTypeQueue.push(Message(messageType, dataContent)), 1); } }; @@ -356,7 +355,7 @@ TEST_F(MultiTypeQueueTest, MultithreadSameType) // several gets, checks and pops TEST_F(MultiTypeQueueTest, PushMultipleSeveralSingleGets) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const Message messageToSend {messageType, MULTIPLE_DATA_CONTENT}; @@ -365,7 +364,7 @@ TEST_F(MultiTypeQueueTest, PushMultipleSeveralSingleGets) for (size_t i : {0u, 1u, 2u}) { auto messageResponse = multiTypeQueue.getNext(MessageType::STATELESS); - auto responseData = messageResponse.data.at(0).at("data"); + auto responseData = messageResponse.data; auto sentData = messageToSend.data[i].template get(); EXPECT_EQ(responseData, sentData); multiTypeQueue.pop(MessageType::STATELESS); @@ -376,13 +375,13 @@ TEST_F(MultiTypeQueueTest, PushMultipleSeveralSingleGets) TEST_F(MultiTypeQueueTest, PushMultipleWithMessageVector) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); std::vector messages; const MessageType messageType {MessageType::STATELESS}; for (std::string i : {"0", "1", "2"}) { - const json multipleDataContent = {"content " + i}; + const nlohmann::json multipleDataContent = {"content " + i}; messages.emplace_back(messageType, multipleDataContent); } EXPECT_EQ(messages.size(), 3); @@ -393,7 +392,7 @@ TEST_F(MultiTypeQueueTest, PushMultipleWithMessageVector) // push message vector with a mutiple data element TEST_F(MultiTypeQueueTest, PushVectorWithAMultipleInside) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); std::vector messages; @@ -405,7 +404,7 @@ TEST_F(MultiTypeQueueTest, PushVectorWithAMultipleInside) // triple message vector for (std::string i : {"0", "1", "2"}) { - const json dataContent = {"content " + i}; + const nlohmann::json dataContent = {"content " + i}; messages.emplace_back(messageType, dataContent); } @@ -415,7 +414,7 @@ TEST_F(MultiTypeQueueTest, PushVectorWithAMultipleInside) // Push Multiple, pop multiples TEST_F(MultiTypeQueueTest, PushMultipleGetMultiple) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const Message messageToSend {messageType, MULTIPLE_DATA_CONTENT}; @@ -430,7 +429,7 @@ TEST_F(MultiTypeQueueTest, PushMultipleGetMultiple) // Push Multiple, pop multiples TEST_F(MultiTypeQueueTest, PushMultipleGetMultipleWithModule) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); const MessageType messageType {MessageType::STATELESS}; const std::string moduleName = "testModule"; const Message messageToSend {messageType, MULTIPLE_DATA_CONTENT, moduleName}; @@ -441,9 +440,9 @@ TEST_F(MultiTypeQueueTest, PushMultipleGetMultipleWithModule) auto messagesReceived = multiTypeQueue.getNextN(MessageType::STATELESS, 10); // NOLINT(cppcoreguidelines-avoid-magic-numbers) int i = 0; - for (auto singleMessage : messagesReceived) + for (const auto& singleMessage : messagesReceived) { - EXPECT_EQ("content " + std::to_string(++i), singleMessage.data.at("data").get()); + EXPECT_EQ("content " + std::to_string(++i), singleMessage.data.get()); } EXPECT_EQ(0, multiTypeQueue.storedItems(MessageType::STATELESS, "fakemodule")); @@ -453,14 +452,14 @@ TEST_F(MultiTypeQueueTest, PushMultipleGetMultipleWithModule) TEST_F(MultiTypeQueueTest, PushSinglesleGetMultipleWithModule) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); for (std::string i : {"1", "2", "3", "4", "5"}) { const MessageType messageType {MessageType::STATELESS}; - const json multipleDataContent = {"content-" + i}; + const nlohmann::json multipleDataContent = {"content-" + i}; const std::string moduleName = "module-" + i; - const Message messageToSend {messageType, multipleDataContent, moduleName}; + const Message messageToSend {messageType, multipleDataContent, moduleName, "", ""}; EXPECT_EQ(1, multiTypeQueue.push(messageToSend)); } @@ -468,11 +467,11 @@ TEST_F(MultiTypeQueueTest, PushSinglesleGetMultipleWithModule) multiTypeQueue.getNextN(MessageType::STATELESS, 10); // NOLINT(cppcoreguidelines-avoid-magic-numbers) EXPECT_EQ(5, messagesReceived.size()); int i = 0; - for (auto singleMessage : messagesReceived) + for (const auto& singleMessage : messagesReceived) { auto val = ++i; - EXPECT_EQ("content-" + std::to_string(val), singleMessage.data.at("data").get()); - EXPECT_EQ("module-" + std::to_string(val), singleMessage.data.at("module").get()); + EXPECT_EQ("content-" + std::to_string(val), singleMessage.data.get()); + EXPECT_EQ("module-" + std::to_string(val), singleMessage.moduleName); } auto messageReceivedContent1 = multiTypeQueue.getNextN( @@ -482,7 +481,7 @@ TEST_F(MultiTypeQueueTest, PushSinglesleGetMultipleWithModule) TEST_F(MultiTypeQueueTest, GetNextAwaitableBase) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); boost::asio::io_context io_context; // Coroutine that waits till there's a message of the needed type on the queue @@ -492,8 +491,8 @@ TEST_F(MultiTypeQueueTest, GetNextAwaitableBase) [&multiTypeQueue]() -> boost::asio::awaitable { auto messageReceived = co_await multiTypeQueue.getNextNAwaitable(MessageType::STATELESS, 2); - EXPECT_EQ(messageReceived.data.at(0).at("data"), "content-1"); - EXPECT_EQ(messageReceived.data.at(1).at("data"), "content-2"); + EXPECT_EQ(messageReceived[0].data.at("data"), "content-1"); + EXPECT_EQ(messageReceived[1].data.at("data"), "content-2"); }, boost::asio::detached); @@ -503,7 +502,7 @@ TEST_F(MultiTypeQueueTest, GetNextAwaitableBase) { std::this_thread::sleep_for(std::chrono::seconds(2)); const MessageType messageType {MessageType::STATELESS}; - const json multipleDataContent = {"content-1", "content-2", "content-3"}; + const nlohmann::json multipleDataContent = {"content-1", "content-2", "content-3"}; const Message messageToSend {messageType, multipleDataContent}; EXPECT_EQ(multiTypeQueue.push(messageToSend), 3); }); @@ -514,12 +513,12 @@ TEST_F(MultiTypeQueueTest, GetNextAwaitableBase) TEST_F(MultiTypeQueueTest, PushAwaitable) { - MultiTypeQueue multiTypeQueue(SMALL_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", SMALL_QUEUE_CAPACITY); boost::asio::io_context io_context; for (int i : {1, 2}) { - const json dataContent = R"({"Data" : "for STATEFUL)" + std::to_string(i) + R"("})"; + const nlohmann::json dataContent = R"({"Data" : "for STATEFUL)" + std::to_string(i) + R"("})"; EXPECT_EQ(multiTypeQueue.push({MessageType::STATEFUL, dataContent}), 1); } @@ -532,7 +531,7 @@ TEST_F(MultiTypeQueueTest, PushAwaitable) // NOLINTNEXTLINE(cppcoreguidelines-avoid-capturing-lambda-coroutines) [&multiTypeQueue]() -> boost::asio::awaitable { - const json dataContent = {"content-1"}; + const nlohmann::json dataContent = {"content-1"}; const Message messageToSend {MessageType::STATEFUL, dataContent}; EXPECT_EQ(multiTypeQueue.storedItems(MessageType::STATEFUL), 2); auto messagesPushed = co_await multiTypeQueue.pushAwaitable(messageToSend); @@ -558,13 +557,13 @@ TEST_F(MultiTypeQueueTest, PushAwaitable) TEST_F(MultiTypeQueueTest, FifoOrderCheck) { - MultiTypeQueue multiTypeQueue(BIG_QUEUE_CAPACITY); + MultiTypeQueue multiTypeQueue(".", BIG_QUEUE_CAPACITY); // complete the queue with messages const MessageType messageType {MessageType::STATEFUL}; for (int i : {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}) { - const json dataContent = R"({"Data" : "for STATEFUL)" + std::to_string(i) + R"("})"; + const nlohmann::json dataContent = {{"Data", "for STATEFUL" + std::to_string(i)}}; EXPECT_EQ(multiTypeQueue.push({messageType, dataContent}), 1); } @@ -572,17 +571,17 @@ TEST_F(MultiTypeQueueTest, FifoOrderCheck) multiTypeQueue.getNextN(messageType, 10); // NOLINT(cppcoreguidelines-avoid-magic-numbers) EXPECT_EQ(messageReceivedVector.size(), 10); - std::for_each( - messageReceivedVector.begin(), - messageReceivedVector.end(), - [i = 0](const auto& singleMessage) mutable - { EXPECT_EQ(singleMessage.data.at("data"), R"({"Data" : "for STATEFUL)" + std::to_string(++i) + R"("})"); }); + std::for_each(messageReceivedVector.begin(), + messageReceivedVector.end(), + [i = 0](const auto& singleMessage) mutable { + EXPECT_EQ(singleMessage.data, (nlohmann::json {{"Data", "for STATEFUL" + std::to_string(++i)}})); + }); // Keep the order of the message: FIFO for (int i : {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}) { auto messageReceived = multiTypeQueue.getNextN(messageType, 1); - EXPECT_EQ(messageReceived.at(0).data.at("data"), R"({"Data" : "for STATEFUL)" + std::to_string(i) + R"("})"); + EXPECT_EQ(messageReceived[0].data, (nlohmann::json {{"Data", "for STATEFUL" + std::to_string(i)}})); EXPECT_TRUE(multiTypeQueue.pop(messageType)); } } diff --git a/src/agent/multitype_queue/tests/sqlitestorage_test.cpp b/src/agent/multitype_queue/tests/sqlitestorage_test.cpp index 1e2bab0a72..d021e14713 100644 --- a/src/agent/multitype_queue/tests/sqlitestorage_test.cpp +++ b/src/agent/multitype_queue/tests/sqlitestorage_test.cpp @@ -10,8 +10,6 @@ #include "sqlitestorage.hpp" -using json = nlohmann::json; - class SQLiteStorageTest : public ::testing::Test { protected: @@ -43,7 +41,7 @@ class SQLiteStorageTest : public ::testing::Test std::error_code ec; if (std::filesystem::exists(dbName.c_str())) { - std::filesystem::remove(dbName.c_str()); + std::filesystem::remove(dbName.c_str(), ec); if (ec) { std::cerr << "Error removing file: " << ec.message() << '\n'; @@ -54,7 +52,7 @@ class SQLiteStorageTest : public ::testing::Test TEST_F(SQLiteStorageTest, StoreSingleMessage) { - json message = {{"key", "value"}}; + const nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName), 1); EXPECT_EQ(storage->GetElementCount(tableName), 1); EXPECT_EQ(storage->Store(message, tableName), 1); @@ -63,7 +61,7 @@ TEST_F(SQLiteStorageTest, StoreSingleMessage) TEST_F(SQLiteStorageTest, StoreSingleMessageWithModule) { - json message = {{"key", "value"}}; + const nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName, moduleName), 1); EXPECT_EQ(storage->GetElementCount(tableName), 1); EXPECT_EQ(storage->Store(message, tableName), 1); @@ -74,7 +72,7 @@ TEST_F(SQLiteStorageTest, StoreSingleMessageWithModule) TEST_F(SQLiteStorageTest, StoreMultipleMessages) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); EXPECT_EQ(storage->Store(messages, tableName), 2); @@ -83,7 +81,7 @@ TEST_F(SQLiteStorageTest, StoreMultipleMessages) TEST_F(SQLiteStorageTest, StoreMultipleMessagesWithModule) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); EXPECT_EQ(storage->Store(messages, tableName, moduleName), 2); @@ -94,17 +92,17 @@ TEST_F(SQLiteStorageTest, StoreMultipleMessagesWithModule) TEST_F(SQLiteStorageTest, RetrieveMessage) { - json message = {{"key", "value"}}; + const nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName), 1); - json retrievedMessage = storage->Retrieve(1, tableName); + const auto retrievedMessage = storage->Retrieve(1, tableName); EXPECT_EQ(retrievedMessage.at("data").at("key"), "value"); } TEST_F(SQLiteStorageTest, RetrieveMessageWithModule) { - json message = {{"key", "value"}}; + nlohmann::json message = {{"key", "value"}}; storage->Store(message, tableName, moduleName); - json retrievedMessage = storage->Retrieve(1, tableName, "unavailableModuleName"); + auto retrievedMessage = storage->Retrieve(1, tableName, "unavailableModuleName"); EXPECT_EQ(retrievedMessage.at("data"), nullptr); retrievedMessage = storage->Retrieve(1, tableName, moduleName); EXPECT_EQ(retrievedMessage.at("data").at("key"), "value"); @@ -112,23 +110,25 @@ TEST_F(SQLiteStorageTest, RetrieveMessageWithModule) TEST_F(SQLiteStorageTest, RetrieveMultipleMessages) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); storage->Store(messages, tableName); - json retrievedMessages = storage->RetrieveMultiple(2, tableName); + + const auto retrievedMessages = storage->RetrieveMultiple(2, tableName); EXPECT_EQ(retrievedMessages.size(), 2); } TEST_F(SQLiteStorageTest, RetrieveMultipleMessagesWithModule) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); messages.push_back({{"key", "value3"}}); messages.push_back({{"key", "value4"}}); storage->Store(messages, tableName, moduleName); - json retrievedMessages = storage->RetrieveMultiple(4, tableName, moduleName); + + const auto retrievedMessages = storage->RetrieveMultiple(4, tableName, moduleName); EXPECT_EQ(retrievedMessages.size(), 4); int i = 0; @@ -140,7 +140,7 @@ TEST_F(SQLiteStorageTest, RetrieveMultipleMessagesWithModule) TEST_F(SQLiteStorageTest, RemoveMessage) { - json message = {{"key", "value"}}; + nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName), 1); EXPECT_EQ(storage->Remove(1, tableName), 1); EXPECT_EQ(storage->GetElementCount(tableName), 0); @@ -148,7 +148,7 @@ TEST_F(SQLiteStorageTest, RemoveMessage) TEST_F(SQLiteStorageTest, RemoveMessageWithModule) { - json message = {{"key", "value"}}; + nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName, moduleName), 1); EXPECT_EQ(storage->Remove(1, tableName), 1); EXPECT_EQ(storage->Store(message, tableName, moduleName), 1); @@ -160,7 +160,7 @@ TEST_F(SQLiteStorageTest, RemoveMessageWithModule) TEST_F(SQLiteStorageTest, RemoveMultipleMessages) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); EXPECT_EQ(storage->Store(messages, tableName), 2); @@ -170,7 +170,7 @@ TEST_F(SQLiteStorageTest, RemoveMultipleMessages) TEST_F(SQLiteStorageTest, RemoveMultipleMessagesWithModule) { - json messages = json::array(); + auto messages = nlohmann::json::array(); messages.push_back({{"key", "value1"}}); messages.push_back({{"key", "value2"}}); EXPECT_EQ(storage->Store(messages, tableName, moduleName), 2); @@ -182,14 +182,14 @@ TEST_F(SQLiteStorageTest, RemoveMultipleMessagesWithModule) TEST_F(SQLiteStorageTest, GetElementCount) { - json message = {{"key", "value"}}; + nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName), 1); EXPECT_EQ(storage->GetElementCount(tableName), 1); } TEST_F(SQLiteStorageTest, GetElementCountWithModule) { - json message = {{"key", "value"}}; + nlohmann::json message = {{"key", "value"}}; EXPECT_EQ(storage->Store(message, tableName, moduleName), 1); EXPECT_EQ(storage->GetElementCount(tableName), 1); EXPECT_EQ(storage->GetElementCount(tableName, moduleName), 1); @@ -221,7 +221,7 @@ class SQLiteStorageMultithreadedTest : public ::testing::Test namespace { - void StoreMessages(SQLiteStorage& storage, const json& messages, const std::string& tableName) + void StoreMessages(SQLiteStorage& storage, const nlohmann::json& messages, const std::string& tableName) { for (const auto& message : messages) { @@ -241,8 +241,9 @@ TEST_F(SQLiteStorageMultithreadedTest, MultithreadedStoreAndRetrieve) SQLiteStorage storage1(dbName, m_vMessageTypeStrings); - json messages1 = json::array(); - json messages2 = json::array(); + auto messages1 = nlohmann::json::array(); + auto messages2 = nlohmann::json::array(); + for (size_t i = 0; i < messagesToStore; i++) { messages1.push_back({{"key" + std::to_string(i), "value" + std::to_string(i)}}); diff --git a/src/agent/service/app.manifest b/src/agent/service/app.manifest new file mode 100644 index 0000000000..a644d95277 --- /dev/null +++ b/src/agent/service/app.manifest @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/src/agent/service/com.wazuh.agent.plist b/src/agent/service/com.wazuh.agent.plist new file mode 100644 index 0000000000..4356d8ea09 --- /dev/null +++ b/src/agent/service/com.wazuh.agent.plist @@ -0,0 +1,28 @@ + + + + + Label + com.wazuh.agent + + ProgramArguments + + WAZUH_HOME/wazuh-agent + + + WorkingDirectory + WAZUH_HOME/directory + + StandardOutPath + /var/log/wazuh-output.log + + StandardErrorPath + /var/log/wazuh-error.log + + RunAtLoad + + + KeepAlive + + + diff --git a/src/agent/service/wazuh-agent.service b/src/agent/service/wazuh-agent.service new file mode 100644 index 0000000000..e6a65bf449 --- /dev/null +++ b/src/agent/service/wazuh-agent.service @@ -0,0 +1,20 @@ +[Unit] +Description=Wazuh agent +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=simple + +ExecStart=/usr/bin/env WAZUH_HOME/wazuh-agent + +KillSignal=SIGTERM + +KillMode=process + +SendSIGKILL=no + +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/src/agent/sqlite_manager/CMakeLists.txt b/src/agent/sqlite_manager/CMakeLists.txt index 12702ca137..78305ca9a7 100644 --- a/src/agent/sqlite_manager/CMakeLists.txt +++ b/src/agent/sqlite_manager/CMakeLists.txt @@ -8,8 +8,6 @@ project(SQLiteManager) include(../../cmake/CommonSettings.cmake) set_common_settings() -include_directories(${CMAKE_SOURCE_DIR}/common/logger/include) - find_package(fmt REQUIRED) find_package(SQLiteCpp REQUIRED) @@ -18,7 +16,7 @@ add_library(SQLiteManager src/sqlite_manager.cpp) include(../../cmake/ConfigureTarget.cmake) configure_target(SQLiteManager) -target_include_directories(SQLiteManager PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${SQLiteCpp_INCLUDE_DIRS}) +target_include_directories(SQLiteManager PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) target_link_libraries(SQLiteManager PUBLIC SQLiteCpp PRIVATE fmt::fmt Logger) if(BUILD_TESTS) diff --git a/src/agent/sqlite_manager/include/sqlite_manager.hpp b/src/agent/sqlite_manager/include/sqlite_manager.hpp index 96344a3363..a9c74a2a97 100644 --- a/src/agent/sqlite_manager/include/sqlite_manager.hpp +++ b/src/agent/sqlite_manager/include/sqlite_manager.hpp @@ -9,12 +9,14 @@ namespace sqlite_manager { + /// @brief Logical operators for combining selection criteria in queries. enum class LogicalOperator { AND, OR }; + /// @brief Supported column data types for SQLite tables. enum class ColumnType { INTEGER, @@ -22,80 +24,151 @@ namespace sqlite_manager REAL }; + /// @brief Represents a database column with attributes for table creation and data insertion. class Column { public: + /// @brief Constructor for defining a table column with attributes. + /// @param name The name of the column. + /// @param type The data type of the column (INTEGER, TEXT, or REAL). + /// @param notNull Whether the column has a NOT NULL constraint. + /// @param autoIncr Whether the column is AUTOINCREMENT (relevant for primary keys). + /// @param primary Whether the column is part of the primary key. Column(std::string name, const ColumnType type, const bool notNull, const bool autoIncr, const bool primary = false) - : m_name(std::move(name)) - , m_type(type) - , m_notNull(notNull) - , m_autoIncrement(autoIncr) - , m_primaryKey(primary) + : Name(std::move(name)) + , Type(type) + , NotNull(notNull) + , AutoIncrement(autoIncr) + , PrimaryKey(primary) { } + /// @brief Constructor for defining a column with a specific value for insertion. + /// @param name The name of the column. + /// @param type The data type of the column. + /// @param value The value to insert. Column(std::string name, const ColumnType type, std::string value) - : m_name(std::move(name)) - , m_type(type) - , m_value(std::move(value)) + : Name(std::move(name)) + , Type(type) + , Value(std::move(value)) { } - std::string m_name; - ColumnType m_type; - bool m_notNull; - bool m_autoIncrement; - bool m_primaryKey; - std::string m_value; + /// @brief The name of the column + std::string Name; + + /// @brief The type of the column + ColumnType Type; + + /// @brief Whether the column can contain NULL values + bool NotNull; + + /// @brief Whether the column is an auto-incrementing primary key + bool AutoIncrement; + + /// @brief Whether the column is a primary key + bool PrimaryKey; + + /// @brief The value of the column as a string + std::string Value; }; using Row = std::vector; + /// @brief Manages SQLite database operations, including table creation, data insertion, updating, and selection. class SQLiteManager { public: + /// @brief Initializes a SQLiteManager instance and opens the specified database. + /// @param dbName The name of the SQLite database file. SQLiteManager(const std::string& dbName); + /// @brief Creates a new table with specified columns if it doesn't already exist. + /// @param tableName The name of the table to create. + /// @param cols A vector of columns specifying the table schema. void CreateTable(const std::string& tableName, const std::vector& cols); + + /// @brief Checks if a specified table exists in the database. + /// @param tableName The name of the table to check. + /// @return True if the table exists, false otherwise. + bool TableExists(const std::string& tableName) const; + + /// @brief Inserts data into a specified table. + /// @param tableName The name of the table where data is inserted. + /// @param cols A vector of columns with values to insert. void Insert(const std::string& tableName, const std::vector& cols); + + /// @brief Retrieves the number of rows in a specified table. + /// @param tableName The name of the table to count rows in. + /// @return The number of rows in the table. int GetCount(const std::string& tableName); + + /// @brief Selects rows from a specified table with optional criteria. + /// @param tableName The name of the table to select from. + /// @param fields A vector of columns to retrieve. + /// @param selCriteria Optional selection criteria to filter rows. + /// @param logOp Logical operator to combine selection criteria (AND/OR). + /// @return A vector of rows matching the criteria. std::vector Select(const std::string& tableName, const std::vector& fields, const std::vector& selCriteria = {}, LogicalOperator logOp = LogicalOperator::AND); + + /// @brief Removes rows from a specified table with optional criteria. + /// @param tableName The name of the table to delete from. + /// @param selCriteria Optional criteria to filter rows to delete. + /// @param logOp Logical operator to combine selection criteria. void Remove(const std::string& tableName, const std::vector& selCriteria = {}, LogicalOperator logOp = LogicalOperator::AND); + + /// @brief Updates rows in a specified table with optional criteria. + /// @param tableName The name of the table to update. + /// @param fields A vector of columns with new values to set. + /// @param selCriteria Optional criteria to filter rows to update. + /// @param logOp Logical operator to combine selection criteria. void Update(const std::string& tableName, const std::vector& fields, const std::vector& selCriteria = {}, LogicalOperator logOp = LogicalOperator::AND); + + /// @brief Drops a specified table from the database. + /// @param tableName The name of the table to drop. void DropTable(const std::string& tableName); + + /// @brief Begins a transaction in the SQLite database. + /// @return A SQLite transaction object. SQLite::Transaction BeginTransaction(); + + /// @brief Commits a transaction in the SQLite database. + /// @param transaction The transaction to commit. void CommitTransaction(SQLite::Transaction& transaction); + + /// @brief Rolls back a transaction in the SQLite database. + /// @param transaction The transaction to roll back. void RollbackTransaction(SQLite::Transaction& transaction); private: - /** - * @brief Mutex to ensure thread-safe operations. - */ + /// @brief Converts SQLite data types to ColumnType enums. + /// @param type SQLite data type integer code. + /// @return Corresponding ColumnType enum. + ColumnType ColumnTypeFromSQLiteType(const int type) const; + + /// @brief Executes a raw SQL query on the database. + /// @param query The SQL query string to execute. + void Execute(const std::string& query); + + /// @brief Mutex for thread-safe operations. std::mutex m_mutex; - /** - * @brief The name of the SQLite database file. - */ + /// @brief The name of the SQLite database file. const std::string m_dbName; - /** - * @brief Pointer to the SQLite database connection. - */ + /// @brief Pointer to the SQLite database connection. std::unique_ptr m_db; - - ColumnType ColumnTypeFromSQLiteType(const int type) const; - void Execute(const std::string& query); }; } // namespace sqlite_manager diff --git a/src/agent/sqlite_manager/src/sqlite_manager.cpp b/src/agent/sqlite_manager/src/sqlite_manager.cpp index 9e0bb0fe31..f2b592350e 100644 --- a/src/agent/sqlite_manager/src/sqlite_manager.cpp +++ b/src/agent/sqlite_manager/src/sqlite_manager.cpp @@ -36,11 +36,11 @@ namespace sqlite_manager std::vector fields; for (const Column& col : cols) { - std::string field = fmt::format( - "{} {}{}", col.m_name, MAP_COL_TYPE_STRING.at(col.m_type), (col.m_notNull) ? " NOT NULL" : ""); - if (col.m_primaryKey) + std::string field = + fmt::format("{} {}{}", col.Name, MAP_COL_TYPE_STRING.at(col.Type), (col.NotNull) ? " NOT NULL" : ""); + if (col.PrimaryKey) { - pk.push_back(col.m_autoIncrement ? fmt::format("{} AUTOINCREMENT", col.m_name) : col.m_name); + pk.push_back(col.AutoIncrement ? fmt::format("{} AUTOINCREMENT", col.Name) : col.Name); } fields.push_back(field); } @@ -52,6 +52,21 @@ namespace sqlite_manager Execute(queryString); } + bool SQLiteManager::TableExists(const std::string& table) const + { + try + { + SQLite::Statement query(*m_db, + "SELECT name FROM sqlite_master WHERE type='table' AND name='" + table + "';"); + return query.executeStep(); + } + catch (const std::exception& e) + { + LogError("Failed to check if table exists: {}.", e.what()); + return false; + } + } + void SQLiteManager::Insert(const std::string& tableName, const std::vector& cols) { std::vector names; @@ -59,13 +74,13 @@ namespace sqlite_manager for (const Column& col : cols) { - names.push_back(col.m_name); - if (col.m_type == ColumnType::TEXT) + names.push_back(col.Name); + if (col.Type == ColumnType::TEXT) { - values.push_back(fmt::format("'{}'", col.m_value)); + values.push_back(fmt::format("'{}'", col.Value)); } else - values.push_back(col.m_value); + values.push_back(col.Value); } std::string queryString = @@ -118,7 +133,7 @@ namespace sqlite_manager for (auto& col : fields) { - fieldNames.push_back(col.m_name); + fieldNames.push_back(col.Name); } selectedFields = fmt::format("{}", fmt::join(fieldNames, ", ")); } @@ -129,10 +144,10 @@ namespace sqlite_manager std::vector conditions; for (auto& col : selCriteria) { - if (col.m_type == ColumnType::TEXT) - conditions.push_back(fmt::format("{} = '{}'", col.m_name, col.m_value)); + if (col.Type == ColumnType::TEXT) + conditions.push_back(fmt::format("{} = '{}'", col.Name, col.Value)); else - conditions.push_back(fmt::format("{} = {}", col.m_name, col.m_value)); + conditions.push_back(fmt::format("{} = {}", col.Name, col.Value)); } condition = fmt::format("WHERE {}", fmt::join(conditions, fmt::format(" {} ", MAP_LOGOP_STRING.at(logOp)))); } @@ -177,13 +192,13 @@ namespace sqlite_manager std::vector critFields; for (auto& col : selCriteria) { - if (col.m_type == ColumnType::TEXT) + if (col.Type == ColumnType::TEXT) { - critFields.push_back(fmt::format("{}='{}'", col.m_name, col.m_value)); + critFields.push_back(fmt::format("{}='{}'", col.Name, col.Value)); } else { - critFields.push_back(fmt::format("{}={}", col.m_name, col.m_value)); + critFields.push_back(fmt::format("{}={}", col.Name, col.Value)); } } whereClause = @@ -209,13 +224,13 @@ namespace sqlite_manager std::vector setFields; for (auto& col : fields) { - if (col.m_type == ColumnType::TEXT) + if (col.Type == ColumnType::TEXT) { - setFields.push_back(fmt::format("{}='{}'", col.m_name, col.m_value)); + setFields.push_back(fmt::format("{}='{}'", col.Name, col.Value)); } else { - setFields.push_back(fmt::format("{}={}", col.m_name, col.m_value)); + setFields.push_back(fmt::format("{}={}", col.Name, col.Value)); } } std::string updateValues = fmt::format("{}", fmt::join(setFields, ", ")); @@ -226,13 +241,13 @@ namespace sqlite_manager std::vector conditions; for (auto& col : selCriteria) { - if (col.m_type == ColumnType::TEXT) + if (col.Type == ColumnType::TEXT) { - conditions.push_back(fmt::format("{}='{}'", col.m_name, col.m_value)); + conditions.push_back(fmt::format("{}='{}'", col.Name, col.Value)); } else { - conditions.push_back(fmt::format("{}={}", col.m_name, col.m_value)); + conditions.push_back(fmt::format("{}={}", col.Name, col.Value)); } } whereClause = diff --git a/src/agent/sqlite_manager/tests/CMakeLists.txt b/src/agent/sqlite_manager/tests/CMakeLists.txt index 959296fcda..5f06f13402 100644 --- a/src/agent/sqlite_manager/tests/CMakeLists.txt +++ b/src/agent/sqlite_manager/tests/CMakeLists.txt @@ -2,7 +2,6 @@ find_package(GTest REQUIRED) add_executable(test_SQLiteManager sqlite_manager_test.cpp) configure_target(test_SQLiteManager) -target_include_directories(test_SQLiteManager PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) target_link_libraries(test_SQLiteManager PRIVATE SQLiteManager GTest::gtest diff --git a/src/agent/sqlite_manager/tests/sqlite_manager_test.cpp b/src/agent/sqlite_manager/tests/sqlite_manager_test.cpp index 972d5629f1..ddb1a303e8 100644 --- a/src/agent/sqlite_manager/tests/sqlite_manager_test.cpp +++ b/src/agent/sqlite_manager/tests/sqlite_manager_test.cpp @@ -2,6 +2,10 @@ #include +#include +#include +#include + class SQLiteManagerTest : public ::testing::Test { protected: @@ -59,6 +63,7 @@ TEST_F(SQLiteManagerTest, CreateTableTest) sqlite_manager::Column col5 {"Orden", sqlite_manager::ColumnType::INTEGER, false, false, false}; sqlite_manager::Column col6 {"Amount", sqlite_manager::ColumnType::REAL, false, false, false}; EXPECT_NO_THROW(m_db->CreateTable(m_tableName, {col1, col2, col3, col4, col5, col6})); + EXPECT_TRUE(m_db->TableExists(m_tableName)); sqlite_manager::Column col21 {"Id", sqlite_manager::ColumnType::INTEGER, true, false, true}; sqlite_manager::Column col212 {"Id2", sqlite_manager::ColumnType::INTEGER, true, false, true}; @@ -68,6 +73,7 @@ TEST_F(SQLiteManagerTest, CreateTableTest) sqlite_manager::Column col25 {"Orden", sqlite_manager::ColumnType::INTEGER, false, false, false}; sqlite_manager::Column col26 {"Amount", sqlite_manager::ColumnType::REAL, false, false, false}; EXPECT_NO_THROW(m_db->CreateTable("TableTest2", {col21, col212, col22, col23, col24, col25, col26})); + EXPECT_TRUE(m_db->TableExists("TableTest2")); } TEST_F(SQLiteManagerTest, InsertTest) @@ -124,7 +130,7 @@ static void DumpResults(std::vector& ret) { for (const auto& field : row) { - std::cout << "[" << field.m_name << ": " << field.m_value << "]"; + std::cout << "[" << field.Name << ": " << field.Value << "]"; } std::cout << '\n'; } @@ -340,7 +346,9 @@ TEST_F(SQLiteManagerTest, DropTableTest) sqlite_manager::Column col5 {"Orden", sqlite_manager::ColumnType::INTEGER, false, false, false}; EXPECT_NO_THROW(m_db->CreateTable("DropMe", {col1, col2, col3, col4, col5})); + EXPECT_TRUE(m_db->TableExists("DropMe")); EXPECT_NO_THROW(m_db->DropTable("DropMe")); + EXPECT_FALSE(m_db->TableExists("DropMe")); EXPECT_ANY_THROW(auto ret = m_db->Select("DropMe", {}, {})); } diff --git a/src/agent/src/agent.cpp b/src/agent/src/agent.cpp index 933b53d0a9..9de53fdbe8 100644 --- a/src/agent/src/agent.cpp +++ b/src/agent/src/agent.cpp @@ -1,26 +1,66 @@ #include -#include #include +#include #include #include #include -#include +#include +#include #include -#include -#include -Agent::Agent(std::unique_ptr signalHandler) - : m_messageQueue(std::make_shared()) +Agent::Agent(const std::string& configFilePath, std::unique_ptr signalHandler) + : m_configurationParser(configFilePath.empty() ? std::make_shared() + : std::make_shared( + std::filesystem::path(configFilePath))) + , m_dataPath( + m_configurationParser->GetConfig("agent", "path.data").value_or(config::DEFAULT_DATA_PATH)) + , m_messageQueue(std::make_shared(m_dataPath)) , m_signalHandler(std::move(signalHandler)) - , m_communicator(std::make_unique(), - m_agentInfo.GetUUID(), - m_agentInfo.GetKey(), - [this](std::string table, std::string key) -> std::string - { return m_configurationParser.GetConfig(std::move(table), std::move(key)); }) + , m_agentInfo( + m_dataPath, [this]() { return m_sysInfo.os(); }, [this]() { return m_sysInfo.networks(); }) + , m_communicator( + std::make_unique(), + m_agentInfo.GetUUID(), + m_agentInfo.GetKey(), + [this]() { return m_agentInfo.GetHeaderInfo(); }, + [this](std::string table, std::string key) -> std::optional + { return m_configurationParser->GetConfig(std::move(table), std::move(key)); }) + , m_moduleManager([this](Message message) -> int { return m_messageQueue->push(std::move(message)); }, + m_configurationParser, + [this](std::function task) { m_taskManager.EnqueueTask(std::move(task)); }, + m_agentInfo.GetUUID()) + , m_commandHandler(m_dataPath) { - m_taskManager.Start(std::thread::hardware_concurrency()); + // Check if agent is registered + if (m_agentInfo.GetName().empty() || m_agentInfo.GetKey().empty() || m_agentInfo.GetUUID().empty()) + { + throw std::runtime_error("The agent is not registered"); + } + + m_configurationParser->SetGetGroupIdsFunction([this]() { return m_agentInfo.GetGroups(); }); + + m_centralizedConfiguration.SetGroupIdFunction( + [this](const std::vector& groups) + { + m_agentInfo.SetGroups(groups); + return m_agentInfo.SaveGroups(); + }); + + m_centralizedConfiguration.GetGroupIdFunction([this]() { return m_agentInfo.GetGroups(); }); + + m_centralizedConfiguration.SetDownloadGroupFilesFunction( + [this](const std::string& groupId, const std::string& destinationPath) + { return m_communicator.GetGroupConfigurationFromManager(groupId, destinationPath); }); + + m_centralizedConfiguration.ValidateFileFunction([this](const std::filesystem::path& fileToValidate) + { return m_configurationParser->isValidYamlFile(fileToValidate); }); + + m_centralizedConfiguration.ReloadModulesFunction([this]() { ReloadModules(); }); + + m_taskManager.Start( + m_configurationParser->GetConfig("agent", "thread_count").value_or(config::DEFAULT_THREAD_COUNT)); } Agent::~Agent() @@ -28,29 +68,68 @@ Agent::~Agent() m_taskManager.Stop(); } +void Agent::ReloadModules() +{ + LogInfo("Reloading Modules"); + m_configurationParser->ReloadConfiguration(); + m_moduleManager.Stop(); + m_moduleManager.Setup(); + m_taskManager.EnqueueTask([this]() { m_moduleManager.Start(); }); +} + void Agent::Run() { + // Check if the server recognizes the agent + m_communicator.SendAuthenticationRequest(); + m_taskManager.EnqueueTask(m_communicator.WaitForTokenExpirationAndAuthenticate()); m_taskManager.EnqueueTask(m_communicator.GetCommandsFromManager( - [this](const std::string& response) { PushCommandsToQueue(m_messageQueue, response); })); + [this](const int, const std::string& response) { PushCommandsToQueue(m_messageQueue, response); })); m_taskManager.EnqueueTask(m_communicator.StatefulMessageProcessingTask( - [this]() { return GetMessagesFromQueue(m_messageQueue, MessageType::STATEFUL); }, - [this]([[maybe_unused]] const std::string& response) - { PopMessagesFromQueue(m_messageQueue, MessageType::STATEFUL); })); + [this](const int numMessages) + { + return GetMessagesFromQueue(m_messageQueue, + MessageType::STATEFUL, + numMessages, + [this]() { return m_agentInfo.GetMetadataInfo(false); }); + }, + [this]([[maybe_unused]] const int messageCount, const std::string&) + { PopMessagesFromQueue(m_messageQueue, MessageType::STATEFUL, messageCount); })); m_taskManager.EnqueueTask(m_communicator.StatelessMessageProcessingTask( - [this]() { return GetMessagesFromQueue(m_messageQueue, MessageType::STATELESS); }, - [this]([[maybe_unused]] const std::string& response) - { PopMessagesFromQueue(m_messageQueue, MessageType::STATELESS); })); + [this](const int numMessages) + { + return GetMessagesFromQueue(m_messageQueue, + MessageType::STATELESS, + numMessages, + [this]() { return m_agentInfo.GetMetadataInfo(false); }); + }, + [this]([[maybe_unused]] const int messageCount, const std::string&) + { PopMessagesFromQueue(m_messageQueue, MessageType::STATELESS, messageCount); })); + + m_moduleManager.AddModules(); + m_taskManager.EnqueueTask([this]() { m_moduleManager.Start(); }); - m_taskManager.EnqueueTask(m_commandHandler.ProcessCommandsFromQueue( + m_taskManager.EnqueueTask(m_commandHandler.CommandsProcessingTask( [this]() { return GetCommandFromQueue(m_messageQueue); }, [this]() { return PopCommandFromQueue(m_messageQueue); }, - [](command_store::Command& cmd) { return DispatchCommand(cmd); })); + [this](const module_command::CommandEntry& cmd) { return ReportCommandResult(cmd, m_messageQueue); }, + [this](module_command::CommandEntry& cmd) + { + if (cmd.Module == "CentralizedConfiguration") + { + return DispatchCommand( + cmd, + [this](std::string command, nlohmann::json parameters) + { return m_centralizedConfiguration.ExecuteCommand(std::move(command), std::move(parameters)); }, + m_messageQueue); + } + return DispatchCommand(cmd, m_moduleManager.GetModule(cmd.Module), m_messageQueue); + })); m_signalHandler->WaitForSignal(); + m_moduleManager.Stop(); m_communicator.Stop(); - m_commandHandler.Stop(); } diff --git a/src/agent/src/agent_registration.cpp b/src/agent/src/agent_registration.cpp new file mode 100644 index 0000000000..130efcea99 --- /dev/null +++ b/src/agent/src/agent_registration.cpp @@ -0,0 +1,67 @@ +#include + +#include +#include +#include + +#include + +namespace http = boost::beast::http; + +namespace agent_registration +{ + AgentRegistration::AgentRegistration(std::string url, + std::string user, + std::string password, + const std::string& key, + const std::string& name, + const std::string& dbFolderPath) + : m_agentInfo( + dbFolderPath, [this]() { return m_sysInfo.os(); }, [this]() { return m_sysInfo.networks(); }) + , m_serverUrl(std::move(url)) + , m_user(std::move(user)) + , m_password(std::move(password)) + { + if (!m_agentInfo.SetKey(key)) + { + throw std::invalid_argument("--key argument must be alphanumeric and 32 characters in length"); + } + + if (!m_agentInfo.SetName(name)) + { + throw std::runtime_error("Couldn't set agent name"); + } + } + + bool AgentRegistration::Register(http_client::IHttpClient& httpClient) + { + const auto token = + httpClient.AuthenticateWithUserPassword(m_serverUrl, m_agentInfo.GetHeaderInfo(), m_user, m_password); + + if (!token.has_value()) + { + std::cout << "Failed to authenticate with the manager\n"; + return false; + } + + const auto reqParams = http_client::HttpRequestParams(http::verb::post, + m_serverUrl, + "/agents", + m_agentInfo.GetHeaderInfo(), + token.value(), + "", + m_agentInfo.GetMetadataInfo(true)); + + const auto res = httpClient.PerformHttpRequest(reqParams); + + if (res.result() != http::status::created) + { + std::cout << "Registration error: " << res.result_int() << ".\n"; + return false; + } + + m_agentInfo.Save(); + return true; + } + +} // namespace agent_registration diff --git a/src/agent/src/command_handler_utils.cpp b/src/agent/src/command_handler_utils.cpp index 4af02562ef..831313dd06 100644 --- a/src/agent/src/command_handler_utils.cpp +++ b/src/agent/src/command_handler_utils.cpp @@ -1,9 +1,129 @@ #include + +#include +#include +#include +#include #include -std::tuple DispatchCommand(const command_store::Command& cmd) +#include + +namespace +{ + template + boost::asio::awaitable ExecuteCommandTask(ExecuteFunction executeFunction, + module_command::CommandEntry commandEntry, + std::shared_ptr result, + std::shared_ptr commandCompleted, + std::shared_ptr timer) + { + try + { + *result = co_await executeFunction(commandEntry.Command, commandEntry.Parameters); + *commandCompleted = true; + timer->cancel(); + } + catch (const std::exception& e) + { + result->ErrorCode = module_command::Status::FAILURE; + result->Message = "Error during command execution: " + std::string(e.what()); + } + } + + boost::asio::awaitable TimerTask(std::shared_ptr timer, + std::shared_ptr result, + std::shared_ptr commandCompleted) + { + try + { + co_await timer->async_wait(boost::asio::use_awaitable); + + if (!(*commandCompleted)) + { + result->ErrorCode = module_command::Status::TIMEOUT; + result->Message = "Command timed out"; + } + } + catch (const boost::system::system_error& e) + { + if (!(*commandCompleted) && e.code() != boost::asio::error::operation_aborted) + { + result->ErrorCode = module_command::Status::FAILURE; + result->Message = "System error: " + std::string(e.what()); + } + } + catch (const std::exception& e) + { + if (!(*commandCompleted)) + { + result->ErrorCode = module_command::Status::FAILURE; + result->Message = "Unexpected error: " + std::string(e.what()); + } + } + } +} // namespace + +boost::asio::awaitable +DispatchCommand(module_command::CommandEntry commandEntry, + std::function( + std::string command, nlohmann::json parameters)> executeFunction, + std::shared_ptr messageQueue) { - // TO_DO: Implement real dispatch function. - LogInfo("Dispatching command {}({})", cmd.m_command, cmd.m_module); - return {command_store::Status::SUCCESS, "Successfully executed"}; + using namespace boost::asio::experimental::awaitable_operators; + + LogInfo("Dispatching command {}({})", commandEntry.Command, commandEntry.Module); + + const auto timeout = std::chrono::minutes(60); + auto timer = std::make_shared(co_await boost::asio::this_coro::executor); + timer->expires_after(timeout); + + auto result = std::make_shared(); + auto commandCompleted = std::make_shared(false); + + co_await (TimerTask(timer, result, commandCompleted) || + ExecuteCommandTask(executeFunction, commandEntry, result, commandCompleted, timer)); + + commandEntry.ExecutionResult.ErrorCode = result->ErrorCode; + commandEntry.ExecutionResult.Message = result->Message; + + ReportCommandResult(commandEntry, messageQueue); + + co_return *result; +} + +boost::asio::awaitable +DispatchCommand(module_command::CommandEntry commandEntry, + std::shared_ptr module, + std::shared_ptr messageQueue) +{ + if (!module) + { + LogError("Error dispatching command: module {} not found", commandEntry.Module); + co_return module_command::CommandExecutionResult {module_command::Status::FAILURE, "Module not found"}; + } + + auto moduleExecuteFunction = + [module](const std::string& command, + const nlohmann::json& parameters) -> boost::asio::awaitable + { + return module->ExecuteCommand(command, parameters); + }; + + co_return co_await DispatchCommand(commandEntry, moduleExecuteFunction, messageQueue); +} + +void ReportCommandResult(const module_command::CommandEntry& commandEntry, + std::shared_ptr messageQueue) +{ + auto metadata = nlohmann::json::object(); + metadata["module"] = "command"; + metadata["id"] = commandEntry.Id; + metadata["operation"] = "update"; + + nlohmann::json resultJson; + resultJson["command"]["result"]["code"] = commandEntry.ExecutionResult.ErrorCode; + resultJson["command"]["result"]["message"] = commandEntry.ExecutionResult.Message; + + Message message {MessageType::STATEFUL, {resultJson}, metadata["module"], "", metadata.dump()}; + messageQueue->push(message); } diff --git a/src/agent/src/command_handler_utils.hpp b/src/agent/src/command_handler_utils.hpp index 37304a9488..d6cb7b3aa4 100644 --- a/src/agent/src/command_handler_utils.hpp +++ b/src/agent/src/command_handler_utils.hpp @@ -1,7 +1,50 @@ #pragma once -#include +#include +#include +#include -#include +#include +#include -std::tuple DispatchCommand(const command_store::Command&); +#include +#include +#include + +/// @brief Dispatch a command to be executed locally +/// +/// This function takes a command entry and a function to execute the command. +/// +/// @param commandEntry The command entry to dispatch +/// @param executeFunction The function that will execute the command +/// @param messageQueue The message queue to send the result to +/// @return The result of the command execution +boost::asio::awaitable +DispatchCommand(module_command::CommandEntry commandEntry, + std::function( + std::string command, nlohmann::json parameters)> executeFunction, + std::shared_ptr messageQueue); + +/// @brief Dispatch a command to the proper module +/// +/// This function takes a command entry and a module and dispatches +/// the command to be executed by the module. +/// +/// @param commandEntry The command entry to dispatch +/// @param module The module that will execute the command +/// @param messageQueue The message queue to send the result to +/// @return The result of the command execution +boost::asio::awaitable +DispatchCommand(module_command::CommandEntry commandEntry, + std::shared_ptr module, + std::shared_ptr messageQueue); + +/// @brief Reports the result of a command execution to the message queue +/// +/// This function takes a command entry and a message queue and reports +/// the result of the command execution. +/// +/// @param commandEntry The command entry to report +/// @param messageQueue The message queue to send the result to +void ReportCommandResult(const module_command::CommandEntry& commandEntry, + std::shared_ptr messageQueue); diff --git a/src/agent/src/main.cpp b/src/agent/src/main.cpp index 7343ceb244..cbaed1ae13 100644 --- a/src/agent/src/main.cpp +++ b/src/agent/src/main.cpp @@ -1,70 +1,101 @@ -#include -#include -#include -#include +#include "process_options.hpp" + #include -#include -#include +#include +#include +#include + +namespace program_options = boost::program_options; + +/// Command-line options +static const auto OPT_HELP {"help"}; +static const auto OPT_RUN {"run"}; +static const auto OPT_STATUS {"status"}; +static const auto OPT_CONFIG_FILE {"config-file"}; +static const auto OPT_REGISTER_AGENT {"register-agent"}; +static const auto OPT_URL {"url"}; +static const auto OPT_USER {"user"}; +static const auto OPT_PASS {"password"}; +static const auto OPT_KEY {"key"}; +static const auto OPT_NAME {"name"}; +#ifdef _WIN32 +static const auto OPT_INSTALL_SERVICE {"install-service"}; +static const auto OPT_REMOVE_SERVICE {"remove-service"}; +static const auto OPT_RUN_SERVICE {"run-service"}; +#endif int main(int argc, char* argv[]) { Logger logger; - LogInfo("Starting Wazuh Agent."); try { - CommandlineParser cmdParser(argc, argv); - - if (cmdParser.OptionExists("--register")) - { - LogInfo("Starting registration process"); - - if (cmdParser.OptionExists("--user") && cmdParser.OptionExists("--password") && - cmdParser.OptionExists("--key")) - { - const auto user = cmdParser.GetOptionValue("--user"); - const auto password = cmdParser.GetOptionValue("--password"); + program_options::options_description cmdParser("Allowed options"); + cmdParser.add_options()(OPT_HELP, "Display this help menu")( + OPT_RUN, "Run agent in foreground (this is the default behavior)")( + OPT_STATUS, "Check if the agent is running (running or stopped)")( + OPT_CONFIG_FILE, program_options::value(), "Path to the Wazuh configuration file (optional)")( + OPT_REGISTER_AGENT, "Use this option to register as a new agent")( + OPT_URL, program_options::value(), "URL of the server management API")( + OPT_USER, program_options::value(), "User to authenticate with the server management API")( + OPT_PASS, program_options::value(), "Password to authenticate with the server management API")( + OPT_KEY, program_options::value(), "Key to register the agent (optional)")( + OPT_NAME, program_options::value(), "Name to register the agent (optional)"); - AgentInfo agentInfo; - agentInfo.SetKey(cmdParser.GetOptionValue("--key")); +#ifdef _WIN32 + cmdParser.add_options()(OPT_INSTALL_SERVICE, "Use this option to install Wazuh as a Windows service")( + OPT_REMOVE_SERVICE, "Use this option to remove Wazuh Windows service")( + OPT_RUN_SERVICE, "Use this option to run Wazuh as a Windows service"); +#endif - if (cmdParser.OptionExists("--name")) - { - agentInfo.SetName(cmdParser.GetOptionValue("--name")); - } - else - { - agentInfo.SetName(boost::asio::ip::host_name()); - } + program_options::variables_map validOptions; + program_options::store(program_options::parse_command_line(argc, argv, cmdParser), validOptions); + program_options::notify(validOptions); - http_client::HttpClient httpClient; - const registration::UserCredentials userCredentials {user, password}; - - if (registration::RegisterAgent(userCredentials, httpClient)) - { - LogInfo("Agent registered."); - } - else - { - LogError("Registration fail."); - } - } - else - { - LogError("--user, --password and --key args are mandatory"); - } - - LogInfo("Exiting ..."); - return 0; + if (validOptions.count(OPT_REGISTER_AGENT) > 0) + { + RegisterAgent(validOptions.count(OPT_URL) ? validOptions[OPT_URL].as() : "", + validOptions.count(OPT_USER) ? validOptions[OPT_USER].as() : "", + validOptions.count(OPT_PASS) ? validOptions[OPT_PASS].as() : "", + validOptions.count(OPT_KEY) ? validOptions[OPT_KEY].as() : "", + validOptions.count(OPT_NAME) ? validOptions[OPT_NAME].as() : "", + validOptions.count(OPT_CONFIG_FILE) ? validOptions[OPT_CONFIG_FILE].as() : ""); } + else if (validOptions.count(OPT_STATUS) > 0) + { + StatusAgent(validOptions.count(OPT_CONFIG_FILE) ? validOptions[OPT_CONFIG_FILE].as() : ""); + } +#ifdef _WIN32 + else if (validOptions.count(OPT_INSTALL_SERVICE) > 0) + { + if (!InstallService()) + return 1; + } + else if (validOptions.count(OPT_REMOVE_SERVICE) > 0) + { + if (!RemoveService()) + return 1; + } + else if (validOptions.count(OPT_RUN_SERVICE) > 0) + { + SetDispatcherThread(); + } +#endif + else if (validOptions.count(OPT_HELP) > 0) + { + std::cout << cmdParser << '\n'; + } + else + { + StartAgent(validOptions.count(OPT_CONFIG_FILE) ? validOptions[OPT_CONFIG_FILE].as() : ""); + } + + return 0; } catch (const std::exception& e) { - LogError("An error occurred: {}.", e.what()); + LogCritical("An error occurred: {}.", e.what()); return 1; } - - Agent agent; - agent.Run(); } diff --git a/src/agent/src/message_queue_utils.cpp b/src/agent/src/message_queue_utils.cpp index 85e749423f..fe24f885dc 100644 --- a/src/agent/src/message_queue_utils.cpp +++ b/src/agent/src/message_queue_utils.cpp @@ -1,29 +1,34 @@ #include #include -#include #include -namespace +boost::asio::awaitable> +GetMessagesFromQueue(std::shared_ptr multiTypeQueue, + MessageType messageType, + int numMessages, + std::function getMetadataInfo) { - // This should eventually be replaced with a configuration parameter. - constexpr int NUM_EVENTS = 1; -} // namespace + const auto messages = co_await multiTypeQueue->getNextNAwaitable(messageType, numMessages, "", ""); -boost::asio::awaitable GetMessagesFromQueue(std::shared_ptr multiTypeQueue, - MessageType messageType) -{ - const auto message = co_await multiTypeQueue->getNextNAwaitable(messageType, NUM_EVENTS); + std::string output; + + if (getMetadataInfo != nullptr) + { + output = getMetadataInfo(); + } - nlohmann::json jsonObj; - jsonObj["events"] = message.data; + for (const auto& message : messages) + { + output += "\n" + message.metaData + (message.data.dump() == "{}" ? "" : "\n" + message.data.dump()); + } - co_return jsonObj.dump(); + co_return std::tuple {static_cast(messages.size()), output}; } -void PopMessagesFromQueue(std::shared_ptr multiTypeQueue, MessageType messageType) +void PopMessagesFromQueue(std::shared_ptr multiTypeQueue, MessageType messageType, int numMessages) { - multiTypeQueue->popN(messageType, NUM_EVENTS); + multiTypeQueue->popN(messageType, numMessages); } void PushCommandsToQueue(std::shared_ptr multiTypeQueue, const std::string& commands) @@ -46,7 +51,7 @@ void PushCommandsToQueue(std::shared_ptr multiTypeQueue, const } } -std::optional GetCommandFromQueue(std::shared_ptr multiTypeQueue) +std::optional GetCommandFromQueue(std::shared_ptr multiTypeQueue) { if (multiTypeQueue->isEmpty(MessageType::COMMAND)) { @@ -54,12 +59,12 @@ std::optional GetCommandFromQueue(std::shared_ptrgetNext(MessageType::COMMAND); - nlohmann::json jsonData = m.data.at(0).at("data"); + nlohmann::json jsonData = m.data; std::string id; std::string module; std::string command; - std::string parameters; + nlohmann::json parameters = nlohmann::json::array(); if (jsonData.contains("id") && jsonData["id"].is_string()) { @@ -81,18 +86,12 @@ std::optional GetCommandFromQueue(std::shared_ptr(); break; - default: - if (!parameters.empty()) - parameters += " "; - parameters += arg.is_string() ? arg.get() : arg.dump(); - break; + default: parameters.push_back(arg); break; } } } - command_store::Status status = command_store::Status::IN_PROGRESS; - - command_store::Command cmd(id, module, command, parameters, "", status); + module_command::CommandEntry cmd(id, module, command, parameters, "", module_command::Status::IN_PROGRESS); return cmd; } diff --git a/src/agent/src/message_queue_utils.hpp b/src/agent/src/message_queue_utils.hpp index a10838eb69..a8b4d55a94 100644 --- a/src/agent/src/message_queue_utils.hpp +++ b/src/agent/src/message_queue_utils.hpp @@ -1,23 +1,46 @@ #pragma once -#include #include +#include #include +#include #include #include #include +#include class IMultiTypeQueue; -boost::asio::awaitable GetMessagesFromQueue(std::shared_ptr multiTypeQueue, - MessageType messageType); - -void PopMessagesFromQueue(std::shared_ptr multiTypeQueue, MessageType messageType); - +/// @brief Gets messages from a queue and returns them as a JSON string +/// @param multiTypeQueue The queue to get messages from +/// @param messageType The type of messages to get from the queue +/// @param numMessages The number of messages to get +/// @param getMetadataInfo Function to get the agent metadata +/// @return A string containing the messages from the queue +boost::asio::awaitable> +GetMessagesFromQueue(std::shared_ptr multiTypeQueue, + MessageType messageType, + int numMessages, + std::function getMetadataInfo); + +/// @brief Removes a fixed number of messages from the specified queue +/// @param multiTypeQueue The queue from which to remove messages +/// @param messageType The type of messages to remove +/// @param numMessages The number of messages to remove from the queue +void PopMessagesFromQueue(std::shared_ptr multiTypeQueue, MessageType messageType, int numMessages); + +/// @brief Pushes a batch of commands to the specified queue +/// @param multiTypeQueue The queue to push commands to +/// @param commands A JSON string containing the commands to push void PushCommandsToQueue(std::shared_ptr multiTypeQueue, const std::string& commands); -std::optional GetCommandFromQueue(std::shared_ptr multiTypeQueue); +/// @brief Retrieves the next command from the queue, if available +/// @param multiTypeQueue The queue to retrieve the command from +/// @return An optional containing the next command entry, or nullopt if the queue is empty +std::optional GetCommandFromQueue(std::shared_ptr multiTypeQueue); +/// @brief Removes the next command from the specified queue +/// @param multiTypeQueue The queue from which to remove the command void PopCommandFromQueue(std::shared_ptr multiTypeQueue); diff --git a/src/agent/src/process_options.cpp b/src/agent/src/process_options.cpp new file mode 100644 index 0000000000..2e94d761df --- /dev/null +++ b/src/agent/src/process_options.cpp @@ -0,0 +1,51 @@ +#include + +#include +#include +#include +#include + +#include +#include + +void RegisterAgent(const std::string& url, + const std::string& user, + const std::string& password, + const std::string& key, + const std::string& name, + const std::string& configFilePath) +{ + auto configurationParser = configFilePath.empty() + ? configuration::ConfigurationParser() + : configuration::ConfigurationParser(std::filesystem::path(configFilePath)); + auto dbFolderPath = + configurationParser.GetConfig("agent", "path.data").value_or(config::DEFAULT_DATA_PATH); + + if (!url.empty() && !user.empty() && !password.empty()) + { + try + { + std::cout << "Starting wazuh-agent registration\n"; + + agent_registration::AgentRegistration reg(url, user, password, key, name, dbFolderPath); + + http_client::HttpClient httpClient; + if (reg.Register(httpClient)) + { + std::cout << "wazuh-agent registered\n"; + } + else + { + std::cout << "wazuh-agent registration failed\n"; + } + } + catch (const std::exception& e) + { + std::cerr << "Error: " << e.what() << '\n'; + } + } + else + { + std::cout << "--url, --user and --password args are mandatory\n"; + } +} diff --git a/src/agent/src/process_options.hpp b/src/agent/src/process_options.hpp new file mode 100644 index 0000000000..13df711573 --- /dev/null +++ b/src/agent/src/process_options.hpp @@ -0,0 +1,39 @@ +#pragma once + +#include +#include + +/// @brief Registers the agent with the given parameters. +/// @param url The Server Management API URL. +/// @param user The user to use for authentication with Server Management API. +/// @param password The password to use for authentication with Server Management API. +/// @param key The key to use for registration. +/// @param name The name to use for the agent. +/// @param configFilePath The path to the configuration file. +void RegisterAgent(const std::string& url, + const std::string& user, + const std::string& password, + const std::string& key, + const std::string& name, + const std::string& configFilePath); + +/// @brief Starts the agent using the specified configuration file. +/// @param configFilePath The file path to the configuration file used for starting the agent. +void StartAgent(const std::string& configFilePath); + +/// @brief Displays the current status of the agent. +/// @param configFilePath The file path to the configuration file used to get the status of the agent. +void StatusAgent(const std::string& configFilePath); + +#ifdef _WIN32 +/// @brief Installs the agent as a service. +/// @return True if the installation is successful, false otherwise. +bool InstallService(); + +/// @brief Removes the agent service. +/// @return True if the removal is successful, false otherwise. +bool RemoveService(); + +/// @brief Sets up the dispatcher thread for the agent. +void SetDispatcherThread(); +#endif diff --git a/src/agent/src/process_options_unix.cpp b/src/agent/src/process_options_unix.cpp new file mode 100644 index 0000000000..df99ebeac2 --- /dev/null +++ b/src/agent/src/process_options_unix.cpp @@ -0,0 +1,42 @@ +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +void StartAgent(const std::string& configFilePath) +{ + unix_daemon::LockFileHandler lockFileHandler = unix_daemon::GenerateLockFile(configFilePath); + + if (!lockFileHandler.isLockFileCreated()) + { + std::cout << "wazuh-agent already running\n"; + return; + } + + LogInfo("Starting wazuh-agent"); + + try + { + Agent agent(configFilePath); + agent.Run(); + } + catch (const std::exception& e) + { + LogError("Exception thrown in wazuh-agent: {}", e.what()); + } + + lockFileHandler.removeLockFile(); +} + +void StatusAgent(const std::string& configFilePath) +{ + std::cout << fmt::format("wazuh-agent is {}\n", unix_daemon::GetDaemonStatus(configFilePath)); +} diff --git a/src/agent/src/process_options_win.cpp b/src/agent/src/process_options_win.cpp new file mode 100644 index 0000000000..c96812097a --- /dev/null +++ b/src/agent/src/process_options_win.cpp @@ -0,0 +1,36 @@ +#include + +#include +#include +#include +#include +#include + +#include + +void StartAgent(const std::string& configFilePath) +{ + WindowsService::ServiceStart(configFilePath); +} + +void StatusAgent([[maybe_unused]] const std::string& configFilePath) +{ + WindowsService::ServiceStatus(); +} + +bool InstallService() +{ + windows_api_facade::WindowsApiFacade windowsApiFacade; + return WindowsService::InstallService(windowsApiFacade); +} + +bool RemoveService() +{ + windows_api_facade::WindowsApiFacade windowsApiFacade; + return WindowsService::RemoveService(windowsApiFacade); +} + +void SetDispatcherThread() +{ + WindowsService::SetDispatcherThread(); +} diff --git a/src/agent/src/register.cpp b/src/agent/src/register.cpp deleted file mode 100644 index 4ecfb63d03..0000000000 --- a/src/agent/src/register.cpp +++ /dev/null @@ -1,52 +0,0 @@ -#include - -#include -#include -#include - -#include -#include - -namespace http = boost::beast::http; - -namespace registration -{ - bool RegisterAgent(const UserCredentials& userCredentials, http_client::IHttpClient& httpClient) - { - const configuration::ConfigurationParser configurationParser; - const auto managerIp = configurationParser.GetConfig("agent", "manager_ip"); - const auto managerPort = configurationParser.GetConfig("agent", "server_mgmt_api_port"); - - const auto token = httpClient.AuthenticateWithUserPassword( - managerIp, managerPort, userCredentials.user, userCredentials.password); - - if (!token.has_value()) - { - LogError("Failed to authenticate with the manager"); - return false; - } - - const AgentInfo agentInfo {}; - - nlohmann::json bodyJson = {{"id", agentInfo.GetUUID()}, {"key", agentInfo.GetKey()}}; - - if (!agentInfo.GetName().empty()) - { - bodyJson["name"] = agentInfo.GetName(); - } - - const auto reqParams = http_client::HttpRequestParams( - http::verb::post, managerIp, managerPort, "/agents", token.value(), "", bodyJson.dump()); - - const auto res = httpClient.PerformHttpRequest(reqParams); - - if (res.result() != http::status::ok) - { - LogError("Registration error: {}.", res.result_int()); - return false; - } - - return true; - } - -} // namespace registration diff --git a/src/agent/src/signal_handler_unix.cpp b/src/agent/src/signal_handler_unix.cpp index 1b2a45916a..7700309946 100644 --- a/src/agent/src/signal_handler_unix.cpp +++ b/src/agent/src/signal_handler_unix.cpp @@ -1,7 +1,5 @@ #include -#include - void SignalHandler::Initialize(const std::vector& signalsToHandle) { for (int signal : signalsToHandle) diff --git a/src/agent/src/signal_handler_win.cpp b/src/agent/src/signal_handler_win.cpp index fdb998bc90..008574e040 100644 --- a/src/agent/src/signal_handler_win.cpp +++ b/src/agent/src/signal_handler_win.cpp @@ -7,7 +7,8 @@ void SignalHandler::Initialize([[maybe_unused]] const std::vector& signalsT SetConsoleCtrlHandler( [](DWORD dwCtrlType) -> BOOL { - if (dwCtrlType == CTRL_C_EVENT || dwCtrlType == CTRL_BREAK_EVENT) + if (dwCtrlType == CTRL_C_EVENT || dwCtrlType == CTRL_BREAK_EVENT || dwCtrlType == SERVICE_CONTROL_STOP || + dwCtrlType == SERVICE_CONTROL_SHUTDOWN) { SignalHandler::HandleSignal(dwCtrlType); return TRUE; diff --git a/src/agent/src/task_manager.cpp b/src/agent/src/task_manager.cpp index 5c9b572de9..b8967546db 100644 --- a/src/agent/src/task_manager.cpp +++ b/src/agent/src/task_manager.cpp @@ -1,5 +1,7 @@ #include +#include + #include #include #include @@ -36,6 +38,10 @@ void TaskManager::Stop() void TaskManager::EnqueueTask(std::function task) { + if (++m_numEnqueuedThreads > m_threads.size() - 1) // -1 to account for the coroutines + { + LogError("Enqueued more threaded tasks than available threads"); + } boost::asio::post(m_ioContext, std::move(task)); } diff --git a/src/agent/src/unix/unix_daemon.cpp b/src/agent/src/unix/unix_daemon.cpp new file mode 100644 index 0000000000..86498529c0 --- /dev/null +++ b/src/agent/src/unix/unix_daemon.cpp @@ -0,0 +1,118 @@ +#include + +#include +#include +#include + +#include +#include +#include +#include + +#if defined(__linux__) +#include +#elif defined(__APPLE__) +#include +#else +#error "Unsupported platform" +#endif + +namespace fs = std::filesystem; + +namespace unix_daemon +{ + LockFileHandler::LockFileHandler(std::string lockFilePath) + : m_lockFilePath(std::move(lockFilePath)) + , m_lockFileCreated(createLockFile()) + { + } + + bool LockFileHandler::removeLockFile() const + { + const std::string filePath = fmt::format("{}/wazuh-agent.lock", m_lockFilePath); + try + { + std::filesystem::remove(filePath); + return true; + } + catch (const std::filesystem::filesystem_error& e) + { + LogError("Error removing file: {}", e.what()); + return false; + } + } + + bool LockFileHandler::createDirectory(const std::string& path) const + { + try + { + if (fs::exists(path) && fs::is_directory(path)) + { + return true; + } + + fs::create_directories(path); + return true; + } + catch (const fs::filesystem_error& e) + { + LogCritical("Error creating directory: {}", e.what()); + return false; + } + } + + bool LockFileHandler::createLockFile() + { + if (!createDirectory(m_lockFilePath)) + { + LogError("Unable to create lock directory: {}", m_lockFilePath); + return false; + } + + const std::string filename = fmt::format("{}/wazuh-agent.lock", m_lockFilePath); + + // NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg, cppcoreguidelines-avoid-magic-numbers) + int fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd == -1) + { + LogError("Unable to open lock file: {}. Error: {} ({})", filename.c_str(), errno, std::strerror(errno)); + return false; + } + + if (flock(fd, LOCK_EX | LOCK_NB) == -1) + { + LogDebug("Unable to lock lock file: {}. Error: {} ({})", filename.c_str(), errno, std::strerror(errno)); + close(fd); + return false; + } + + LogDebug("Lock file created: {}", filename); + + return true; + } + + LockFileHandler GenerateLockFile(const std::string& configFilePath) + { + auto configurationParser = configFilePath.empty() + ? configuration::ConfigurationParser() + : configuration::ConfigurationParser(std::filesystem::path(configFilePath)); + + const std::string lockFilePath = + configurationParser.GetConfig("agent", "path.run").value_or(config::DEFAULT_RUN_PATH); + + return {LockFileHandler(lockFilePath)}; + } + + std::string GetDaemonStatus(const std::string& configFilePath) + { + LockFileHandler lockFileHandler = GenerateLockFile(configFilePath); + + if (!lockFileHandler.isLockFileCreated()) + { + return "running"; + } + + lockFileHandler.removeLockFile(); + return "stopped"; + } +} // namespace unix_daemon diff --git a/src/agent/src/unix/unix_daemon.hpp b/src/agent/src/unix/unix_daemon.hpp new file mode 100644 index 0000000000..4c3fa60096 --- /dev/null +++ b/src/agent/src/unix/unix_daemon.hpp @@ -0,0 +1,53 @@ +#pragma once + +#include +#include +#include + +namespace unix_daemon +{ + /// @class LockFileHandler class + /// @brief Handles the creation and deletion of lock files to prevent multiple instances of wazuh agent running + class LockFileHandler + { + public: + /// @brief Default constructor + /// @details Creates a lock file when the instance is created + /// @param lockFilePath The path where the lock file will be created + LockFileHandler(std::string lockFilePath); + + /// @brief Checks if the lock file has been successfully created + /// @return True if the lock file is created, false otherwise + bool isLockFileCreated() const + { + return m_lockFileCreated; + } + + /// @brief Removes the lock file + /// @return True if the file is removed, false otherwise + bool removeLockFile() const; + + private: + /// @brief Creates the directory path for the lock file + /// @param path The path for the lock file + /// @return True if the directory is created, false otherwise + bool createDirectory(const std::string& path) const; + + /// @brief Creates the lock file + /// @return True if the lock file is created, false otherwise + bool createLockFile(); + + std::string m_lockFilePath; + bool m_lockFileCreated; + }; + + /// @brief Gets the status of the daemon + /// @param configFilePath The path to the configuration file + /// @return A string indicating whether the daemon is "running" or "stopped" + std::string GetDaemonStatus(const std::string& configFilePath); + + /// @brief Generates a lock file for the daemon + /// @param configFilePath The path to the configuration file + /// @return A LockFileHandler object + LockFileHandler GenerateLockFile(const std::string& configFilePath); +} // namespace unix_daemon diff --git a/src/agent/src/windows/iwindows_api_facade.hpp b/src/agent/src/windows/iwindows_api_facade.hpp new file mode 100644 index 0000000000..08ff8a0123 --- /dev/null +++ b/src/agent/src/windows/iwindows_api_facade.hpp @@ -0,0 +1,39 @@ +#pragma once + +#include + +namespace windows_api_facade +{ + /// @brief Interface to Windows API for service management. + class IWindowsApiFacade + { + public: + virtual ~IWindowsApiFacade() = default; + + /// @brief Opens a handle to the service control manager. + /// @param desiredAccess The access permission to the service control manager. + /// @return A handle to the service control manager, or NULL if the function fails. + virtual void* OpenSCM(unsigned int desiredAccess) const = 0; + + /// @brief Opens a handle to the specified service. + /// @param serviceHandle A handle to the service control manager. + /// @param serviceName The name of the service to open. + /// @param desiredAccess The access permission to the service. + /// @return A handle to the service, or NULL if the function fails. + virtual void* + OpenSvc(void* serviceHandle, const std::string& serviceName, unsigned int desiredAccess) const = 0; + + /// @brief Creates a new service. + /// @param serviceHandle A handle to the service control manager. + /// @param serviceName The name of the new service. + /// @param exePath The path to the executable file for the new service. + /// @return A handle to the new service, or NULL if the function fails. + virtual void* + CreateSvc(void* serviceHandle, const std::string& serviceName, const std::string& exePath) const = 0; + + /// @brief Deletes the service. + /// @param serviceHandle A handle to the service to delete. + /// @return TRUE if the function succeeds, FALSE if it fails. + virtual bool DeleteSvc(void* serviceHandle) const = 0; + }; +} // namespace windows_api_facade diff --git a/src/agent/src/windows/windows_api_facade.cpp b/src/agent/src/windows/windows_api_facade.cpp new file mode 100644 index 0000000000..9c3b9e7b8d --- /dev/null +++ b/src/agent/src/windows/windows_api_facade.cpp @@ -0,0 +1,42 @@ +#include + +#define WIN32_LEAN_AND_MEAN +#include + +namespace windows_api_facade +{ + void* WindowsApiFacade::OpenSCM(unsigned int desiredAccess) const + { + return ::OpenSCManager(nullptr, nullptr, static_cast(desiredAccess)); + } + + void* + WindowsApiFacade::OpenSvc(void* serviceHandle, const std::string& serviceName, unsigned int desiredAccess) const + { + return ::OpenService( + static_cast(serviceHandle), serviceName.c_str(), static_cast(desiredAccess)); + } + + void* + WindowsApiFacade::CreateSvc(void* serviceHandle, const std::string& serviceName, const std::string& exePath) const + { + return ::CreateService(static_cast(serviceHandle), + serviceName.c_str(), + serviceName.c_str(), + SERVICE_ALL_ACCESS, + SERVICE_WIN32_OWN_PROCESS, + SERVICE_AUTO_START, + SERVICE_ERROR_NORMAL, + exePath.c_str(), + nullptr, + nullptr, + nullptr, + nullptr, + nullptr); + } + + bool WindowsApiFacade::DeleteSvc(void* serviceHandle) const + { + return ::DeleteService(static_cast(serviceHandle)); + } +} // namespace windows_api_facade diff --git a/src/agent/src/windows/windows_api_facade.hpp b/src/agent/src/windows/windows_api_facade.hpp new file mode 100644 index 0000000000..6661cdf283 --- /dev/null +++ b/src/agent/src/windows/windows_api_facade.hpp @@ -0,0 +1,35 @@ +#pragma once + +#include + +namespace windows_api_facade +{ + /// @brief Class that provides an interface to Windows API for service management. + class WindowsApiFacade : public IWindowsApiFacade + { + public: + /// @brief Opens a handle to the service control manager. + /// @param desiredAccess The access permission to the service control manager. + /// @return A handle to the service control manager, or NULL if the function fails. + void* OpenSCM(unsigned int desiredAccess) const override; + + /// @brief Opens a handle to the specified service. + /// @param serviceHandle A handle to the service control manager. + /// @param serviceName The name of the service to open. + /// @param desiredAccess The access permission to the service. + /// @return A handle to the service, or NULL if the function fails. + void* OpenSvc(void* serviceHandle, const std::string& serviceName, unsigned int desiredAccess) const override; + + /// @brief Creates a new service. + /// @param serviceHandle A handle to the service control manager. + /// @param serviceName The name of the new service. + /// @param exePath The path to the executable file for the new service. + /// @return A handle to the new service, or NULL if the function fails. + void* CreateSvc(void* serviceHandle, const std::string& serviceName, const std::string& exePath) const override; + + /// @brief Deletes the service. + /// @param serviceHandle A handle to the service to delete. + /// @return TRUE if the function succeeds, FALSE if it fails. + bool DeleteSvc(void* serviceHandle) const override; + }; +} // namespace windows_api_facade diff --git a/src/agent/src/windows/windows_service.cpp b/src/agent/src/windows/windows_service.cpp new file mode 100644 index 0000000000..8a89616e11 --- /dev/null +++ b/src/agent/src/windows/windows_service.cpp @@ -0,0 +1,330 @@ +#include + +#include "process_options.hpp" +#include +#include +#include + +#include +#include + +namespace +{ + SERVICE_STATUS g_ServiceStatus = {}; + SERVICE_STATUS_HANDLE g_StatusHandle = nullptr; + HANDLE g_ServiceStopEvent = INVALID_HANDLE_VALUE; + SERVICE_DESCRIPTION g_serviceDescription; + const std::string AGENT_SERVICENAME = "Wazuh Agent"; + const std::string AGENT_SERVICEDESCRIPTION = "Wazuh Windows Agent"; + + struct ServiceHandleDeleter + { + void operator()(SC_HANDLE handle) const + { + if (handle) + { + CloseServiceHandle(handle); + } + } + }; + + using ServiceHandle = std::unique_ptr, ServiceHandleDeleter>; + + std::string GetExecutablePath() + { + char buffer[MAX_PATH]; + GetModuleFileName(NULL, buffer, MAX_PATH); + return std::string(buffer); + } + + void ReportServiceStatus(DWORD currentState, DWORD win32ExitCode, DWORD waitHint) + { + static DWORD dwCheckPoint = 1; + + g_ServiceStatus.dwCurrentState = currentState; + g_ServiceStatus.dwWin32ExitCode = win32ExitCode; + g_ServiceStatus.dwWaitHint = waitHint; + + if (currentState == SERVICE_START_PENDING) + g_ServiceStatus.dwControlsAccepted = 0; + else + g_ServiceStatus.dwControlsAccepted = + SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PARAMCHANGE; + + if ((currentState == SERVICE_RUNNING) || (currentState == SERVICE_STOPPED)) + g_ServiceStatus.dwCheckPoint = 0; + else + g_ServiceStatus.dwCheckPoint = dwCheckPoint++; + + if (!SetServiceStatus(g_StatusHandle, &g_ServiceStatus)) + { + LogError("Failed to set service status to {}. Error: {}", g_ServiceStatus.dwCurrentState, GetLastError()); + } + } + + void HandleStopSignal(const char* logMessage, DWORD ctrlCode) + { + if (g_ServiceStatus.dwCurrentState != SERVICE_RUNNING) + { + return; + } + + ReportServiceStatus(SERVICE_STOP_PENDING, NO_ERROR, 0); + + SignalHandler::HandleSignal(ctrlCode); + + LogInfo("{}", logMessage); + + SetEvent(g_ServiceStopEvent); + ReportServiceStatus(g_ServiceStatus.dwCurrentState, NO_ERROR, 0); + } + + std::string ServiceStatusToString(DWORD currentState) + { + static const std::unordered_map statusMap = { + {SERVICE_STOPPED, "Service is stopped."}, + {SERVICE_START_PENDING, "Service is starting..."}, + {SERVICE_STOP_PENDING, "Service is stopping..."}, + {SERVICE_RUNNING, "Service is running."}, + {SERVICE_CONTINUE_PENDING, "Service is resuming..."}, + {SERVICE_PAUSE_PENDING, "Service is pausing..."}, + {SERVICE_PAUSED, "Service is paused."}}; + + auto it = statusMap.find(currentState); + if (it != statusMap.end()) + { + return it->second; + } + else + { + return "Unknown service status."; + } + } + + bool GetService(ServiceHandle& hSCManager, ServiceHandle& hService, DWORD desiredAccess) + { + hSCManager.reset(OpenSCManager(nullptr, nullptr, SC_MANAGER_ALL_ACCESS)); + if (!hSCManager) + { + LogError("Error: Unable to open Service Control Manager. Error: {}", GetLastError()); + return false; + } + + hService.reset(OpenService(hSCManager.get(), AGENT_SERVICENAME.c_str(), desiredAccess)); + if (!hService) + { + LogError("Error: Unable to open service.Error: {}", GetLastError()); + return false; + } + + return true; + } +} // namespace + +namespace WindowsService +{ + bool InstallService(const windows_api_facade::IWindowsApiFacade& windowsApiFacade) + { + const std::string exePath = GetExecutablePath() + " --run-service"; + + SC_HANDLE schSCManager = static_cast(windowsApiFacade.OpenSCM(SC_MANAGER_CREATE_SERVICE)); + if (!schSCManager) + { + LogError("OpenSCManager fail: {}", GetLastError()); + return false; + } + + SC_HANDLE schService = static_cast( + windowsApiFacade.CreateSvc(schSCManager, AGENT_SERVICENAME.c_str(), exePath.c_str())); + + if (!schService) + { + LogError("CreateService fail: {}", GetLastError()); + CloseServiceHandle(schSCManager); + return false; + } + + g_serviceDescription.lpDescription = const_cast(AGENT_SERVICEDESCRIPTION.c_str()); + ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &g_serviceDescription); + + CloseServiceHandle(schService); + CloseServiceHandle(schSCManager); + + LogInfo("Wazuh Agent Service successfully installed."); + + return true; + } + + bool RemoveService(const windows_api_facade::IWindowsApiFacade& windowsApiFacade) + { + SC_HANDLE schSCManager = static_cast(windowsApiFacade.OpenSCM(SC_MANAGER_CREATE_SERVICE)); + if (!schSCManager) + { + LogError("OpenSCManager fail: {}", GetLastError()); + return false; + } + + SC_HANDLE schService = + static_cast(windowsApiFacade.OpenSvc(schSCManager, AGENT_SERVICENAME.c_str(), DELETE)); + if (!schService) + { + LogError("OpenService fail: {}", GetLastError()); + CloseServiceHandle(schSCManager); + return false; + } + + if (!windowsApiFacade.DeleteSvc(schService)) + { + LogError("DeleteService fail: {}", GetLastError()); + CloseServiceHandle(schService); + CloseServiceHandle(schSCManager); + return false; + } + + CloseServiceHandle(schService); + CloseServiceHandle(schSCManager); + + LogInfo("Wazuh Agent Service successfully removed."); + + return true; + } + + void SetDispatcherThread() + { + SERVICE_TABLE_ENTRY ServiceTable[] = {{(LPSTR)AGENT_SERVICENAME.c_str(), (LPSERVICE_MAIN_FUNCTION)ServiceMain}, + {nullptr, nullptr}}; + + if (!StartServiceCtrlDispatcher(ServiceTable)) + { + LogError("Error: StartServiceCtrlDispatcher {}", GetLastError()); + } + } + + void WINAPI ServiceMain(DWORD argc, LPSTR* argv) + { + g_StatusHandle = RegisterServiceCtrlHandler(AGENT_SERVICENAME.c_str(), ServiceCtrlHandler); + + if (!g_StatusHandle) + { + LogError("Failed to register ServiceCtrlHandler. Error: {}", GetLastError()); + return; + } + + g_ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; + g_ServiceStatus.dwServiceSpecificExitCode = 0; + + ReportServiceStatus(SERVICE_START_PENDING, NO_ERROR, 3000); + + g_ServiceStopEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr); + if (!g_ServiceStopEvent) + { + LogError("Failed to create stop event. Error: {}", GetLastError()); + ReportServiceStatus(SERVICE_STOPPED, NO_ERROR, 0); + return; + } + + ReportServiceStatus(SERVICE_RUNNING, NO_ERROR, 0); + + LogInfo("Starting Wazuh Agent."); + + std::string configFilePath; + if (argc > 1 && argv[1] != nullptr) + { + configFilePath = argv[1]; + LogInfo("Config file parameter received: {}", configFilePath); + } + else + { + configFilePath = ""; + LogDebug("Using default configuration."); + } + + auto error = NO_ERROR; + + try + { + Agent agent(configFilePath); + agent.Run(); + } + catch (const std::exception& e) + { + LogError("Exception thrown in wazuh-agent: {}", e.what()); + error = ERROR_EXCEPTION_IN_SERVICE; + } + + WaitForSingleObject(g_ServiceStopEvent, INFINITE); + + CloseHandle(g_ServiceStopEvent); + ReportServiceStatus(SERVICE_STOPPED, error, 0); + } + + void WINAPI ServiceCtrlHandler(DWORD ctrlCode) + { + switch (ctrlCode) + { + case SERVICE_CONTROL_STOP: + HandleStopSignal("Wazuh Agent is stopping. Performing cleanup.", ctrlCode); + break; + case SERVICE_CONTROL_SHUTDOWN: + HandleStopSignal("System is shutting down. Performing cleanup.", ctrlCode); + break; + case SERVICE_CONTROL_PARAMCHANGE: + // TO DO + break; + default: break; + } + } + + void ServiceStart(const std::string& configFilePath) + { + ServiceHandle hService; + ServiceHandle hSCManager; + + if (!GetService(hSCManager, hService, SERVICE_START)) + return; + + bool res; + if (!configFilePath.empty()) + { + const char* args[] = {configFilePath.c_str()}; + res = ::StartService(hService.get(), 1, args); + } + else + { + res = ::StartService(hService.get(), 0, nullptr); + } + + if (!res) + { + LogError("Error: Unable to start service. Error: {}", GetLastError()); + } + else + { + LogInfo("Service {} started successfully.", AGENT_SERVICENAME.c_str()); + } + } + + void ServiceStatus() + { + ServiceHandle hService; + ServiceHandle hSCManager; + + if (!GetService(hSCManager, hService, SERVICE_QUERY_STATUS)) + return; + + SERVICE_STATUS_PROCESS serviceStatus; + DWORD bytesNeeded; + if (!QueryServiceStatusEx(hService.get(), + SC_STATUS_PROCESS_INFO, + (LPBYTE)&serviceStatus, + sizeof(SERVICE_STATUS_PROCESS), + &bytesNeeded)) + { + LogError("Error: Unable to query service status. Error: {}", GetLastError()); + } + else + { + LogInfo("{}", ServiceStatusToString(serviceStatus.dwCurrentState)); + } + } +} // namespace WindowsService diff --git a/src/agent/src/windows/windows_service.hpp b/src/agent/src/windows/windows_service.hpp new file mode 100644 index 0000000000..9a357f062c --- /dev/null +++ b/src/agent/src/windows/windows_service.hpp @@ -0,0 +1,38 @@ +#pragma once + +#include + +#define WIN32_LEAN_AND_MEAN +#include + +namespace WindowsService +{ + /// @brief Installs the Wazuh Agent Service. + /// @param windowsApiFacade The Windows API facade to use. + /// @return True if the installation is successful, false otherwise. + bool InstallService(const windows_api_facade::IWindowsApiFacade& windowsApiFacade); + + /// @brief Removes the Wazuh Agent Service. + /// @param windowsApiFacade The Windows API facade to use. + /// @return True if the removal is successful, false otherwise. + bool RemoveService(const windows_api_facade::IWindowsApiFacade& windowsApiFacade); + + /// @brief Sets the dispatcher thread. + void SetDispatcherThread(); + + /// @brief The service main function. + /// @param argc The number of command line arguments. + /// @param argv The command line arguments. + void WINAPI ServiceMain(DWORD argc, LPSTR* argv); + + /// @brief The service control handler. + /// @param ctrlCode The control code. + void WINAPI ServiceCtrlHandler(DWORD ctrlCode); + + /// @brief Starts the Wazuh Agent Service. + /// @param configFilePath The path to the configuration file. + void ServiceStart(const std::string& configFilePath); + + /// @brief Shows the status of the Wazuh Agent Service. + void ServiceStatus(); +} // namespace WindowsService diff --git a/src/agent/tests/CMakeLists.txt b/src/agent/tests/CMakeLists.txt index 484e49196b..9108bf1027 100644 --- a/src/agent/tests/CMakeLists.txt +++ b/src/agent/tests/CMakeLists.txt @@ -2,36 +2,50 @@ find_package(GTest CONFIG REQUIRED) add_executable(agent_test agent_test.cpp) configure_target(agent_test) -target_include_directories(agent_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(agent_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(agent_test PRIVATE Agent GTest::gtest GTest::gmock) +if(NOT WIN32) add_test(NAME AgentTest COMMAND agent_test) +endif() add_executable(task_manager_test task_manager_test.cpp) configure_target(task_manager_test) -target_include_directories(task_manager_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(task_manager_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(task_manager_test PRIVATE Agent GTest::gtest) add_test(NAME TaskManagerTest COMMAND task_manager_test) -add_executable(register_test register_test.cpp) -configure_target(register_test) -target_include_directories(register_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) -target_link_libraries(register_test PRIVATE Agent GTest::gmock GTest::gtest) -add_test(NAME RegisterTest COMMAND register_test) +add_executable(agent_registration_test agent_registration_test.cpp) +configure_target(agent_registration_test) +target_include_directories(agent_registration_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_link_libraries(agent_registration_test PRIVATE Agent GTest::gmock GTest::gtest) +add_test(NAME AgentRegistrationTest COMMAND agent_registration_test) add_executable(signal_handler_test signal_handler_test.cpp) configure_target(signal_handler_test) -target_include_directories(signal_handler_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(signal_handler_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(signal_handler_test PRIVATE Agent GTest::gtest) add_test(NAME SignalHandlerTest COMMAND signal_handler_test) add_executable(message_queue_utils_test message_queue_utils_test.cpp) configure_target(message_queue_utils_test) -target_include_directories(message_queue_utils_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include ${CMAKE_CURRENT_SOURCE_DIR}/../src) +target_include_directories(message_queue_utils_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src) target_link_libraries(message_queue_utils_test PRIVATE Agent MultiTypeQueue GTest::gtest GTest::gmock) add_test(NAME MessageQueueUtilsTest COMMAND message_queue_utils_test) -add_executable(cmd_ln_parser_test cmd_ln_parser_test.cpp) -configure_target(cmd_ln_parser_test) -target_include_directories(cmd_ln_parser_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) -target_link_libraries(cmd_ln_parser_test PRIVATE GTest::gtest) -add_test(NAME CommandlineParserTest COMMAND cmd_ln_parser_test) +if(UNIX AND NOT APPLE) + add_executable(unix_daemon_test unix/unix_daemon_test.cpp) + configure_target(unix_daemon_test) + target_include_directories(unix_daemon_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src + ${CMAKE_CURRENT_SOURCE_DIR}/../src/unix) + target_link_libraries(unix_daemon_test PRIVATE Agent GTest::gtest) + add_test(NAME UnixDaemonTest COMMAND unix_daemon_test) +endif() + +if(WIN32) + add_executable(windows_service_test windows/windows_service_test.cpp) + configure_target(windows_service_test) + target_include_directories(windows_service_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../src + ${CMAKE_CURRENT_SOURCE_DIR}/../src/windows) + target_link_libraries(windows_service_test PRIVATE Agent GTest::gtest GTest::gtest_main GTest::gmock GTest::gmock_main) + add_test(NAME WindowsServiceTest COMMAND windows_service_test) +endif() diff --git a/src/agent/tests/agent_registration_test.cpp b/src/agent/tests/agent_registration_test.cpp new file mode 100644 index 0000000000..b64e1ec56a --- /dev/null +++ b/src/agent/tests/agent_registration_test.cpp @@ -0,0 +1,153 @@ +#include +#include + +#include +#include +#include +#include +#include + +#include "../communicator/tests/mocks/mock_http_client.hpp" + +#include +#include +#include + +#include +#include +#include + +class RegisterTest : public ::testing::Test +{ +protected: + void SetUp() override {} + + std::unique_ptr agent; + std::unique_ptr registration; +}; + +TEST_F(RegisterTest, RegistrationTestSuccess) +{ + AgentInfoPersistance agentInfoPersistance("."); + agentInfoPersistance.ResetToDefault(); + + SysInfo sysInfo; + agent = std::make_unique( + ".", [&sysInfo]() mutable { return sysInfo.os(); }, [&sysInfo]() mutable { return sysInfo.networks(); }); + + agent->SetKey("4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj"); + agent->SetName("agent_name"); + agent->Save(); + + registration = std::make_unique( + "https://localhost:55000", "user", "password", agent->GetKey(), agent->GetName(), "."); + + MockHttpClient mockHttpClient; + + EXPECT_CALL(mockHttpClient, AuthenticateWithUserPassword(testing::_, testing::_, testing::_, testing::_)) + .WillOnce(testing::Return("token")); + + const auto bodyJson = agent->GetMetadataInfo(true); + + http_client::HttpRequestParams reqParams(boost::beast::http::verb::post, + "https://localhost:55000", + "/agents", + agent->GetHeaderInfo(), + "token", + "", + bodyJson); + + boost::beast::http::response expectedResponse; + expectedResponse.result(boost::beast::http::status::created); + + EXPECT_CALL(mockHttpClient, PerformHttpRequest(testing::Eq(reqParams))).WillOnce(testing::Return(expectedResponse)); + + // NOLINTNEXTLINE(cppcoreguidelines-init-variables) + const bool res = registration->Register(mockHttpClient); + ASSERT_TRUE(res); +} + +TEST_F(RegisterTest, RegistrationFailsIfAuthenticationFails) +{ + AgentInfoPersistance agentInfoPersistance("."); + agentInfoPersistance.ResetToDefault(); + + registration = std::make_unique( + "https://localhost:55000", "user", "password", "4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj", "agent_name", "."); + agent = std::make_unique("."); + + MockHttpClient mockHttpClient; + + EXPECT_CALL(mockHttpClient, AuthenticateWithUserPassword(testing::_, testing::_, "user", "password")) + .WillOnce(testing::Return(std::nullopt)); + + // NOLINTNEXTLINE(cppcoreguidelines-init-variables) + const bool res = registration->Register(mockHttpClient); + ASSERT_FALSE(res); +} + +TEST_F(RegisterTest, RegistrationFailsIfServerResponseIsNotOk) +{ + AgentInfoPersistance agentInfoPersistance("."); + agentInfoPersistance.ResetToDefault(); + + registration = std::make_unique( + "https://localhost:55000", "user", "password", "4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj", "agent_name", "."); + agent = std::make_unique("."); + + MockHttpClient mockHttpClient; + + EXPECT_CALL(mockHttpClient, AuthenticateWithUserPassword(testing::_, testing::_, "user", "password")) + .WillOnce(testing::Return("token")); + + boost::beast::http::response expectedResponse; + expectedResponse.result(boost::beast::http::status::bad_request); + + EXPECT_CALL(mockHttpClient, PerformHttpRequest(testing::_)).WillOnce(testing::Return(expectedResponse)); + + // NOLINTNEXTLINE(cppcoreguidelines-init-variables) + const bool res = registration->Register(mockHttpClient); + ASSERT_FALSE(res); +} + +TEST_F(RegisterTest, RegisteringWithoutAKeyGeneratesOneAutomatically) +{ + AgentInfoPersistance agentInfoPersistance("."); + agentInfoPersistance.ResetToDefault(); + + agent = std::make_unique("."); + EXPECT_TRUE(agent->GetKey().empty()); + + registration = std::make_unique( + "https://localhost:55000", "user", "password", "", "agent_name", "."); + + MockHttpClient mockHttpClient; + + EXPECT_CALL(mockHttpClient, AuthenticateWithUserPassword(testing::_, testing::_, testing::_, testing::_)) + .WillOnce(testing::Return("token")); + + boost::beast::http::response expectedResponse; + expectedResponse.result(boost::beast::http::status::created); + + EXPECT_CALL(mockHttpClient, PerformHttpRequest(testing::_)).WillOnce(testing::Return(expectedResponse)); + + // NOLINTNEXTLINE(cppcoreguidelines-init-variables) + const bool res = registration->Register(mockHttpClient); + ASSERT_TRUE(res); + + agent = std::make_unique("."); + EXPECT_FALSE(agent->GetKey().empty()); +} + +TEST_F(RegisterTest, RegistrationTestFailWithBadKey) +{ + ASSERT_THROW(agent_registration::AgentRegistration( + "https://localhost:55000", "user", "password", "badKey", "agent_name", "."), + std::invalid_argument); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/agent/tests/agent_test.cpp b/src/agent/tests/agent_test.cpp index a958cb7263..daae00d058 100644 --- a/src/agent/tests/agent_test.cpp +++ b/src/agent/tests/agent_test.cpp @@ -1,9 +1,11 @@ #include - -#include - +#include +#include #include #include +#include + +constexpr auto AGENT_CONFIG_PATH {"/tmp/wazuh-agent.yml"}; class MockSignalHandler : public ISignalHandler { @@ -11,20 +13,86 @@ class MockSignalHandler : public ISignalHandler MOCK_METHOD(void, WaitForSignal, (), (override)); }; -TEST(AgentTests, AgentDefaultConstruction) +class AgentTests : public ::testing::Test +{ +protected: + void SetUp() override + { + CreateTempConfigFile(); + + SysInfo sysInfo; + std::unique_ptr agent = std::make_unique( + "/tmp", [&sysInfo]() mutable { return sysInfo.os(); }, [&sysInfo]() mutable { return sysInfo.networks(); }); + + agent->SetKey("4GhT7uFm1zQa9c2Vb7Lk8pYsX0WqZrNj"); + agent->SetName("agent_name"); + agent->Save(); + } + + void TearDown() override + { + CleanUpTempFiles(); + } + + void CreateTempConfigFile() + { + CleanUpTempFiles(); + + std::ofstream configFilePath(AGENT_CONFIG_PATH); + configFilePath << R"( +agent: + server_url: https://localhost:27000 + path.data: /tmp/ + retry_interval: 30s +inventory: + enabled: false + interval: 1h + scan_on_start: true + hardware: true + os: true + network: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true +logcollector: + enabled: false + localfiles: + - /var/log/auth.log + reload_interval: 1m + file_wait: 500ms +)"; + configFilePath.close(); + } + + void CleanUpTempFiles() + { + std::remove(AGENT_CONFIG_PATH); + std::remove("/tmp/agent_info.db"); + } +}; + +TEST_F(AgentTests, AgentDefaultConstruction) { - EXPECT_NO_THROW(Agent {}); + EXPECT_NO_THROW(Agent {AGENT_CONFIG_PATH}); } -TEST(AgentTests, AgentStopsWhenSignalReceived) +TEST_F(AgentTests, AgentStopsWhenSignalReceived) { auto mockSignalHandler = std::make_unique(); MockSignalHandler* mockSignalHandlerPtr = mockSignalHandler.get(); - Agent agent(std::move(mockSignalHandler)); + auto WaitForSignalCalled = false; + + EXPECT_CALL(*mockSignalHandlerPtr, WaitForSignal()) + .Times(1) + .WillOnce([&WaitForSignalCalled]() { WaitForSignalCalled = true; }); + + Agent agent(AGENT_CONFIG_PATH, std::move(mockSignalHandler)); - EXPECT_CALL(*mockSignalHandlerPtr, WaitForSignal()).Times(1); EXPECT_NO_THROW(agent.Run()); + EXPECT_TRUE(WaitForSignalCalled); } int main(int argc, char** argv) diff --git a/src/agent/tests/cmd_ln_parser_test.cpp b/src/agent/tests/cmd_ln_parser_test.cpp deleted file mode 100644 index 13d87ddc08..0000000000 --- a/src/agent/tests/cmd_ln_parser_test.cpp +++ /dev/null @@ -1,50 +0,0 @@ -#include - -#include - -#include -#include - -class CommandlineParserTest : public ::testing::Test -{ -protected: - std::string program = "program"; - std::string option = "--option"; - std::string value = "value"; - std::array args = {program.data(), option.data(), value.data()}; - CommandlineParser parser {static_cast(args.size()), args.data()}; -}; - -TEST_F(CommandlineParserTest, GetOptionValue_OptionExists) -{ - EXPECT_EQ(parser.GetOptionValue(option), value); -} - -TEST_F(CommandlineParserTest, GetOptionValue_OptionDoesNotExist) -{ - EXPECT_EQ(parser.GetOptionValue("--nonexistent"), ""); -} - -TEST_F(CommandlineParserTest, OptionExists_OptionExists) -{ - EXPECT_TRUE(parser.OptionExists(option)); -} - -TEST_F(CommandlineParserTest, OptionExists_OptionDoesNotExist) -{ - EXPECT_FALSE(parser.OptionExists("--nonexistent")); -} - -TEST_F(CommandlineParserTest, GetOptionValue_NoValueForOption) -{ - std::array noValueArgs = {program.data(), option.data()}; - CommandlineParser noValueParser {static_cast(noValueArgs.size()), noValueArgs.data()}; - - EXPECT_EQ(noValueParser.GetOptionValue(option), ""); -} - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} diff --git a/src/agent/tests/message_queue_utils_test.cpp b/src/agent/tests/message_queue_utils_test.cpp index bbca43373a..9f82ff0833 100644 --- a/src/agent/tests/message_queue_utils_test.cpp +++ b/src/agent/tests/message_queue_utils_test.cpp @@ -8,21 +8,26 @@ #include #include -const nlohmann::json BASE_DATA_CONTENT = R"([{"data": {"id":"112233", "args": ["origin_test", - "command_test", "parameters_test"]}}])"_json; +const nlohmann::json BASE_DATA_CONTENT = R"({"id":"112233", "args": ["origin_test", + "command_test", "parameters_test"]})"_json; class MockMultiTypeQueue : public MultiTypeQueue { public: - MOCK_METHOD(boost::asio::awaitable, + MockMultiTypeQueue() + : MultiTypeQueue(".") + { + } + + MOCK_METHOD(boost::asio::awaitable>, getNextNAwaitable, - (MessageType, int, const std::string module), + (MessageType, int, const std::string, const std::string), (override)); - MOCK_METHOD(int, popN, (MessageType, int, const std::string module), (override)); + MOCK_METHOD(int, popN, (MessageType, int, const std::string), (override)); MOCK_METHOD(int, push, (Message, bool), (override)); MOCK_METHOD(int, push, (std::vector), (override)); - MOCK_METHOD(bool, isEmpty, (MessageType, const std::string moduleName), (override)); - MOCK_METHOD(Message, getNext, (MessageType, const std::string moduleName), (override)); + MOCK_METHOD(bool, isEmpty, (MessageType, const std::string), (override)); + MOCK_METHOD(Message, getNext, (MessageType, const std::string, const std::string), (override)); }; class MessageQueueUtilsTest : public ::testing::Test @@ -35,41 +40,118 @@ class MessageQueueUtilsTest : public ::testing::Test boost::asio::io_context io_context; std::shared_ptr mockQueue; + + const int MAX_MESSAGES = 1; }; TEST_F(MessageQueueUtilsTest, GetMessagesFromQueueTest) { - std::vector data {"test_data"}; - Message testMessage {MessageType::STATEFUL, data}; + std::vector data {R"({"event":{"original":"Testing message!"}})"}; + std::string metadata {R"({"module":"logcollector","type":"file"})"}; + std::vector testMessages; + testMessages.emplace_back(MessageType::STATELESS, data, "", "", metadata); + + // NOLINTBEGIN(cppcoreguidelines-avoid-capturing-lambda-coroutines) + EXPECT_CALL(*mockQueue, getNextNAwaitable(MessageType::STATELESS, MAX_MESSAGES, "", "")) + .WillOnce([&testMessages]() -> boost::asio::awaitable> { co_return testMessages; }); + // NOLINTEND(cppcoreguidelines-avoid-capturing-lambda-coroutines) + + auto awaitableResult = + boost::asio::co_spawn(io_context, + GetMessagesFromQueue(mockQueue, MessageType::STATELESS, MAX_MESSAGES, nullptr), + boost::asio::use_future); + + const auto timeout = std::chrono::steady_clock::now() + std::chrono::milliseconds(1); + io_context.run_until(timeout); + + ASSERT_TRUE(awaitableResult.wait_for(std::chrono::milliseconds(1)) == std::future_status::ready); + + const auto result = awaitableResult.get(); + const auto jsonResult = std::get<1>(result); + + std::string expectedString = std::string("\n") + R"({"module":"logcollector","type":"file"})" + std::string("\n") + + R"(["{\"event\":{\"original\":\"Testing message!\"}}"])"; + + ASSERT_EQ(jsonResult, expectedString); +} + +TEST_F(MessageQueueUtilsTest, GetMessagesFromQueueMetadataTest) +{ + std::vector data {R"({"event":{"original":"Testing message!"}})"}; + std::string moduleMetadata {R"({"module":"logcollector","type":"file"})"}; + std::vector testMessages; + testMessages.emplace_back(MessageType::STATELESS, data, "", "", moduleMetadata); + + nlohmann::json metadata; + metadata["agent"] = "test"; + + // NOLINTBEGIN(cppcoreguidelines-avoid-capturing-lambda-coroutines) + EXPECT_CALL(*mockQueue, getNextNAwaitable(MessageType::STATELESS, MAX_MESSAGES, "", "")) + .WillOnce([&testMessages]() -> boost::asio::awaitable> { co_return testMessages; }); + // NOLINTEND(cppcoreguidelines-avoid-capturing-lambda-coroutines) + + io_context.restart(); + + auto awaitableResult = boost::asio::co_spawn( + io_context, + GetMessagesFromQueue( + mockQueue, MessageType::STATELESS, MAX_MESSAGES, [&metadata]() { return metadata.dump(); }), + boost::asio::use_future); + + const auto timeout = std::chrono::steady_clock::now() + std::chrono::milliseconds(1); + io_context.run_until(timeout); + + ASSERT_TRUE(awaitableResult.wait_for(std::chrono::milliseconds(1)) == std::future_status::ready); + + const auto result = awaitableResult.get(); + const auto jsonResult = std::get<1>(result); + + std::string expectedString = R"({"agent":"test"})" + std::string("\n") + + R"({"module":"logcollector","type":"file"})" + std::string("\n") + + R"(["{\"event\":{\"original\":\"Testing message!\"}}"])"; + + ASSERT_EQ(jsonResult, expectedString); +} + +TEST_F(MessageQueueUtilsTest, GetEmptyMessagesFromQueueTest) +{ + nlohmann::json data = nlohmann::json::object(); + std::string moduleMetadata {R"({"operation":"delete"})"}; + std::vector testMessages; + testMessages.emplace_back(MessageType::STATEFUL, data, "", "", moduleMetadata); + + nlohmann::json metadata; + metadata["agent"] = "test"; // NOLINTBEGIN(cppcoreguidelines-avoid-capturing-lambda-coroutines) - EXPECT_CALL(*mockQueue, getNextNAwaitable(MessageType::STATEFUL, 1, "")) - .WillOnce([&testMessage]() -> boost::asio::awaitable { co_return testMessage; }); + EXPECT_CALL(*mockQueue, getNextNAwaitable(MessageType::STATEFUL, MAX_MESSAGES, "", "")) + .WillOnce([&testMessages]() -> boost::asio::awaitable> { co_return testMessages; }); // NOLINTEND(cppcoreguidelines-avoid-capturing-lambda-coroutines) io_context.restart(); - auto result = boost::asio::co_spawn( - io_context, GetMessagesFromQueue(mockQueue, MessageType::STATEFUL), boost::asio::use_future); + auto awaitableResult = boost::asio::co_spawn( + io_context, + GetMessagesFromQueue(mockQueue, MessageType::STATEFUL, MAX_MESSAGES, [&metadata]() { return metadata.dump(); }), + boost::asio::use_future); const auto timeout = std::chrono::steady_clock::now() + std::chrono::milliseconds(1); io_context.run_until(timeout); - ASSERT_TRUE(result.wait_for(std::chrono::milliseconds(1)) == std::future_status::ready); + ASSERT_TRUE(awaitableResult.wait_for(std::chrono::milliseconds(1)) == std::future_status::ready); - const auto jsonResult = result.get(); + const auto result = awaitableResult.get(); + const auto jsonResult = std::get<1>(result); - nlohmann::json expectedJson; - expectedJson["events"] = nlohmann::json::array(); - expectedJson["events"].push_back("test_data"); + std::string expectedString = R"({"agent":"test"})" + std::string("\n") + R"({"operation":"delete"})"; - ASSERT_EQ(jsonResult, expectedJson.dump()); + ASSERT_EQ(jsonResult, expectedString); } TEST_F(MessageQueueUtilsTest, PopMessagesFromQueueTest) { EXPECT_CALL(*mockQueue, popN(MessageType::STATEFUL, 1, "")).Times(1); - PopMessagesFromQueue(mockQueue, MessageType::STATEFUL); + PopMessagesFromQueue(mockQueue, MessageType::STATEFUL, 1); } TEST_F(MessageQueueUtilsTest, PushCommandsToQueueTest) @@ -111,16 +193,17 @@ TEST_F(MessageQueueUtilsTest, GetCommandFromQueueTest) EXPECT_CALL(*mockQueue, isEmpty(MessageType::COMMAND, "")).WillOnce(testing::Return(false)); - EXPECT_CALL(*mockQueue, getNext(MessageType::COMMAND, "")).WillOnce(testing::Return(testMessage)); + EXPECT_CALL(*mockQueue, getNext(MessageType::COMMAND, "", "")).WillOnce(testing::Return(testMessage)); auto cmd = GetCommandFromQueue(mockQueue); - ASSERT_EQ(cmd.has_value() ? cmd.value().m_id : "", "112233"); - ASSERT_EQ(cmd.has_value() ? cmd.value().m_module : "", "origin_test"); - ASSERT_EQ(cmd.has_value() ? cmd.value().m_command : "", "command_test"); - ASSERT_EQ(cmd.has_value() ? cmd.value().m_parameters : "", "parameters_test"); - ASSERT_EQ(cmd.has_value() ? cmd.value().m_status : command_store::Status::UNKNOWN, - command_store::Status::IN_PROGRESS); + ASSERT_EQ(cmd.has_value() ? cmd.value().Id : "", "112233"); + ASSERT_EQ(cmd.has_value() ? cmd.value().Module : "", "origin_test"); + ASSERT_EQ(cmd.has_value() ? cmd.value().Command : "", "command_test"); + ASSERT_EQ(cmd.has_value() ? cmd.value().Parameters : nlohmann::json::array({""}), + nlohmann::json::array({"parameters_test"})); + ASSERT_EQ(cmd.has_value() ? cmd.value().ExecutionResult.ErrorCode : module_command::Status::UNKNOWN, + module_command::Status::IN_PROGRESS); } int main(int argc, char** argv) diff --git a/src/agent/tests/register_test.cpp b/src/agent/tests/register_test.cpp deleted file mode 100644 index bdcc6b7006..0000000000 --- a/src/agent/tests/register_test.cpp +++ /dev/null @@ -1,121 +0,0 @@ -#include -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -class MockHttpClient : public http_client::IHttpClient -{ -public: - MOCK_METHOD(boost::beast::http::request, - CreateHttpRequest, - (const http_client::HttpRequestParams& params), - (override)); - - MOCK_METHOD(boost::asio::awaitable, - Co_PerformHttpRequest, - (std::shared_ptr token, - http_client::HttpRequestParams params, - std::function()> messageGetter, - std::function onUnauthorized, - std::function onSuccess, - std::function loopRequestCondition), - (override)); - - MOCK_METHOD(boost::beast::http::response, - PerformHttpRequest, - (const http_client::HttpRequestParams& params), - (override)); - - MOCK_METHOD(std::optional, - AuthenticateWithUuidAndKey, - (const std::string& host, const std::string& port, const std::string& uuid, const std::string& key), - (override)); - - MOCK_METHOD( - std::optional, - AuthenticateWithUserPassword, - (const std::string& host, const std::string& port, const std::string& user, const std::string& password), - (override)); -}; - -class RegisterTest : public ::testing::Test -{ -protected: - void SetUp() override - { - agent = std::make_unique("agent_name", "agent_key", "agent_uuid"); - } - - MockHttpClient mockHttpClient; - std::unique_ptr agent; - registration::UserCredentials userCredentials {"user", "password"}; -}; - -TEST_F(RegisterTest, RegistrationTestSuccess) -{ - EXPECT_CALL(mockHttpClient, - AuthenticateWithUserPassword(testing::_, testing::_, userCredentials.user, userCredentials.password)) - .WillOnce(testing::Return("token")); - - nlohmann::json bodyJson = {{"id", agent->GetUUID()}, {"key", agent->GetKey()}}; - - if (!agent->GetName().empty()) - { - bodyJson["name"] = agent->GetName(); - } - - http_client::HttpRequestParams reqParams( - boost::beast::http::verb::post, "localhost", "55000", "/agents", "token", "", bodyJson.dump()); - - boost::beast::http::response expectedResponse; - expectedResponse.result(boost::beast::http::status::ok); - - EXPECT_CALL(mockHttpClient, PerformHttpRequest(testing::Eq(reqParams))).WillOnce(testing::Return(expectedResponse)); - - // NOLINTNEXTLINE(cppcoreguidelines-init-variables) - const bool res = registration::RegisterAgent(userCredentials, mockHttpClient); - ASSERT_TRUE(res); -} - -TEST_F(RegisterTest, RegistrationFailsIfAuthenticationFails) -{ - EXPECT_CALL(mockHttpClient, AuthenticateWithUserPassword(testing::_, testing::_, testing::_, testing::_)) - .WillOnce(testing::Return(std::nullopt)); - - // NOLINTNEXTLINE(cppcoreguidelines-init-variables) - const bool res = registration::RegisterAgent(userCredentials, mockHttpClient); - ASSERT_FALSE(res); -} - -TEST_F(RegisterTest, RegistrationFailsIfServerResponseIsNotOk) -{ - EXPECT_CALL(mockHttpClient, - AuthenticateWithUserPassword(testing::_, testing::_, userCredentials.user, userCredentials.password)) - .WillOnce(testing::Return("token")); - - boost::beast::http::response expectedResponse; - expectedResponse.result(boost::beast::http::status::bad_request); - - EXPECT_CALL(mockHttpClient, PerformHttpRequest(testing::_)).WillOnce(testing::Return(expectedResponse)); - - // NOLINTNEXTLINE(cppcoreguidelines-init-variables) - const bool res = registration::RegisterAgent(userCredentials, mockHttpClient); - ASSERT_FALSE(res); -} - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} diff --git a/src/agent/tests/unix/unix_daemon_test.cpp b/src/agent/tests/unix/unix_daemon_test.cpp new file mode 100644 index 0000000000..32e5eefbde --- /dev/null +++ b/src/agent/tests/unix/unix_daemon_test.cpp @@ -0,0 +1,74 @@ +#include + +#include + +#include +#include + +class UnixDaemonTest : public ::testing::Test +{ +protected: + static std::filesystem::path m_tempConfigFilePath; + + static void SetUpTestSuite() + { + m_tempConfigFilePath = "temp_wazuh-agent.yml"; + + std::ofstream outFile(m_tempConfigFilePath); + outFile << R"( + agent: + path.run: "." + )"; + outFile.close(); + } + + static void TearDownTestSuite() + { + std::filesystem::remove(m_tempConfigFilePath); + } +}; + +std::filesystem::path UnixDaemonTest::m_tempConfigFilePath; + +TEST_F(UnixDaemonTest, CreateLockFile) +{ + unix_daemon::LockFileHandler lockFileHandler = unix_daemon::GenerateLockFile("./temp_wazuh-agent.yml"); + bool res = lockFileHandler.isLockFileCreated(); + ASSERT_TRUE(res); + lockFileHandler.removeLockFile(); +} + +TEST_F(UnixDaemonTest, CreateLockFileTwice) +{ + unix_daemon::LockFileHandler lockFileHandler = unix_daemon::GenerateLockFile("./temp_wazuh-agent.yml"); + unix_daemon::LockFileHandler lockFileHandler2 = unix_daemon::GenerateLockFile("./temp_wazuh-agent.yml"); + + bool reslockFileHandler = lockFileHandler.isLockFileCreated(); + bool reslockFileHandler2 = lockFileHandler2.isLockFileCreated(); + + ASSERT_TRUE(reslockFileHandler); + ASSERT_FALSE(reslockFileHandler2); + lockFileHandler.removeLockFile(); +} + +TEST_F(UnixDaemonTest, GetDaemonStatusRunning) +{ + unix_daemon::LockFileHandler lockFileHandler = unix_daemon::GenerateLockFile("./temp_wazuh-agent.yml"); + std::string res = unix_daemon::GetDaemonStatus("./temp_wazuh-agent.yml"); + ASSERT_EQ(res, "running"); + lockFileHandler.removeLockFile(); +} + +TEST_F(UnixDaemonTest, GetDaemonStatusStopped) +{ + unix_daemon::LockFileHandler lockFileHandler = unix_daemon::GenerateLockFile("./temp_wazuh-agent.yml"); + lockFileHandler.removeLockFile(); + std::string res = unix_daemon::GetDaemonStatus("./temp_wazuh-agent.yml"); + ASSERT_EQ(res, "stopped"); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/agent/tests/windows/windows_service_test.cpp b/src/agent/tests/windows/windows_service_test.cpp new file mode 100644 index 0000000000..c19479d4a0 --- /dev/null +++ b/src/agent/tests/windows/windows_service_test.cpp @@ -0,0 +1,117 @@ +#include +#include +#include + +#include + +#define WIN32_LEAN_AND_MEAN +#include + +class MockWindowsApiFacade : public windows_api_facade::IWindowsApiFacade +{ +public: + MOCK_METHOD(void*, OpenSCM, (unsigned int desiredAccess), (const override)); + MOCK_METHOD(void*, + OpenSvc, + (void* serviceHandle, const std::string& serviceName, unsigned int desiredAccess), + (const override)); + MOCK_METHOD(void*, + CreateSvc, + (void* serviceHandle, const std::string& serviceName, const std::string& exePath), + (const override)); + MOCK_METHOD(bool, DeleteSvc, (void* serviceHandle), (const override)); +}; + +class WindowsServiceTest : public ::testing::Test +{ +protected: + MockWindowsApiFacade mockWindowsApiFacade; + + void SetUp() override {} + + void TearDown() override {} +}; + +TEST_F(WindowsServiceTest, InstallService_FailOpenSCM) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)).WillOnce(testing::Return(nullptr)); + + bool result = WindowsService::InstallService(mockWindowsApiFacade); + + EXPECT_FALSE(result); +} + +TEST_F(WindowsServiceTest, InstallService_FailCreateSvc) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, CreateSvc(testing::_, testing::_, testing::_)).WillOnce(testing::Return(nullptr)); + + bool result = WindowsService::InstallService(mockWindowsApiFacade); + + EXPECT_FALSE(result); +} + +TEST_F(WindowsServiceTest, InstallService_Success) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, CreateSvc(testing::_, "Wazuh Agent", testing::_)) + .WillOnce(testing::Return(reinterpret_cast(1))); + + bool result = WindowsService::InstallService(mockWindowsApiFacade); + + EXPECT_TRUE(result); +} + +TEST_F(WindowsServiceTest, RemoveService_FailOpenSCM) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)).WillOnce(testing::Return(nullptr)); + + bool result = WindowsService::RemoveService(mockWindowsApiFacade); + + EXPECT_FALSE(result); +} + +TEST_F(WindowsServiceTest, RemoveService_FailOpenSvc) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, OpenSvc(testing::_, testing::_, DELETE)).WillOnce(testing::Return(nullptr)); + + bool result = WindowsService::RemoveService(mockWindowsApiFacade); + + EXPECT_FALSE(result); +} + +TEST_F(WindowsServiceTest, RemoveService_FailDeleteSvc) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, OpenSvc(testing::_, testing::_, DELETE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, DeleteSvc(reinterpret_cast(1))).WillOnce(testing::Return(false)); + + bool result = WindowsService::RemoveService(mockWindowsApiFacade); + + EXPECT_FALSE(result); +} + +TEST_F(WindowsServiceTest, RemoveService_Success) +{ + EXPECT_CALL(mockWindowsApiFacade, OpenSCM(SC_MANAGER_CREATE_SERVICE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, OpenSvc(testing::_, testing::_, DELETE)) + .WillOnce(testing::Return(reinterpret_cast(1))); + EXPECT_CALL(mockWindowsApiFacade, DeleteSvc(reinterpret_cast(1))).WillOnce(testing::Return(true)); + + bool result = WindowsService::RemoveService(mockWindowsApiFacade); + + EXPECT_TRUE(result); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/agent/testtool/mock_server/README.md b/src/agent/testtool/mock_server/README.md new file mode 100644 index 0000000000..fc2e385fc3 --- /dev/null +++ b/src/agent/testtool/mock_server/README.md @@ -0,0 +1,83 @@ +# Mock Server + +This is a configurable mock server in Python that responds to specific endpoints with predefined responses or files. It can operate over HTTP or HTTPS based on provided arguments. + +## Features + +- **JWT Authentication**: The `/security/user/authenticate` and `/api/v1/authentication` endpoints generate and return a JWT token with a configurable expiration time. +- **File Serving**: The `/api/v1/files` endpoint serves files from a specified directory. +- **Custom Endpoints**: Includes endpoints like `/api/v1/events/commands`, each returning mock JSON responses from local files. + +## Prerequisites + +- **Python 3.6+** +- **Libraries**: Install the required libraries using the following: + + ```bash + pip install pyjwt + ``` + +## Usage +### Generate SSL Certificates for HTTPS +To run the server with HTTPS, you need SSL certificates. You can create a self-signed certificate using OpenSSL: + +```bash +openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem +``` + +### Running the Server +You can configure and start the server by specifying the desired ports and SSL certificate paths through command-line arguments. + +#### Command-Line Arguments + - `--port1`: Port number for the first server instance (default: 55000) + - `--port2`: Port number for the second server instance (default: 27000) + - `--ssl_key`: Path to the SSL key file for HTTPS (default: key.pem) + - `--ssl_cert`: Path to the SSL certificate file for HTTPS (default: cert.pem) + - `--protocol`: Specify the protocol to use (http or https). Defaults to https. + - `--outfile`: File path to save incoming request logs + +#### Examples +Run the server over HTTPS (default): + +```bash +python3 mock_server.py --port1 55000 --port2 27000 +``` + +Run the server over HTTP: + +```bash +python3 mock_server.py --port1 55000 --port2 27000 --protocol http +``` + +## Endpoints + +### POST Endpoints + - `/security/user/authenticate`: Returns a generated JWT token with a configurable expiration time. + - `/agents`: Returns successful response. + - `/api/v1/authentication`: Returns a generated JWT token with a configurable expiration time. + - `/api/v1/events/stateful`: Returns a mock response from `responses/events_stateful.json`. + - `/api/v1/events/stateless`: Returns a mock response from `responses/events_stateless.json`. + +### GET Endpoints + - `/api/v1/commands`: Returns a mock response from `responses/commands.json`. + - `/api/v1/files?file_name=`: Serves a specified file from the `group_files` directory. + +## Directory Structure +To serve files and responses, organize your directory structure as follows: + +``` +mock_server/ + responses/ + commands.json + events_stateful.json + events_stateless.json + group_files/ + file1.txt + file2.conf + cert.pem + key.pem + mock_server.py +``` + +## License +This project is open-source. Use it as a reference for your own mock server setup and customization. diff --git a/src/agent/testtool/mock_server/group_files/invalidYaml.yml b/src/agent/testtool/mock_server/group_files/invalidYaml.yml new file mode 100644 index 0000000000..c9c48d8b35 --- /dev/null +++ b/src/agent/testtool/mock_server/group_files/invalidYaml.yml @@ -0,0 +1,3 @@ +test: + invalid: true + invalid: true diff --git a/src/agent/testtool/mock_server/group_files/validYaml.yml b/src/agent/testtool/mock_server/group_files/validYaml.yml new file mode 100644 index 0000000000..483d0f38e6 --- /dev/null +++ b/src/agent/testtool/mock_server/group_files/validYaml.yml @@ -0,0 +1,2 @@ +test: + valid: true diff --git a/src/agent/testtool/mock_server/mock_server.py b/src/agent/testtool/mock_server/mock_server.py new file mode 100644 index 0000000000..183cb03c22 --- /dev/null +++ b/src/agent/testtool/mock_server/mock_server.py @@ -0,0 +1,255 @@ +# -*- coding: utf-8 -*- +import json +import os +import ssl +import jwt +import threading +import argparse +import time +from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer +from datetime import datetime, timedelta +from urllib.parse import urlparse, parse_qs, unquote + + +# Configuration of paths +RESPONSES_DIR = 'responses' +GROUPS_FILES_DIR = 'group_files' + +# Secret key to sign the JWT (you can change it for a secure key) +SECRET_KEY = "my_secret_key" + +# Default expiration time +EXPIRATION_TIME = 60 + +log_file_path = None + +def generate_authentication_response(expiration_seconds=EXPIRATION_TIME, add_data=False): + # Set the expiration time in seconds + expiration_time = datetime.utcnow() + timedelta(seconds=expiration_seconds) + expiration_timestamp = int(expiration_time.timestamp()) + + # Generate the JWT token with the data and the configured expiration time + payload = { + "iss": "wazuh", + "aud": "Wazuh Comms API", + "iat": datetime.utcnow(), + "exp": expiration_time, + "uuid": "edab9ef6-f02d-4a4b-baa4-f2ad12789890" + } + + token = jwt.encode(payload, SECRET_KEY, algorithm="HS256") + + if add_data: + response = {"data": {"token": token, "error": 0}} + else: + response = {"token": token, "error": 0} + + return json.dumps(response) + +def log_request(method, endpoint, headers, body): + if log_file_path: + with open(log_file_path, 'a') as log_file: + timestamp = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S') + log_file.write(f"\n[{timestamp}] {method} {endpoint}\n") + log_file.write(f"Headers:\n{headers}\n") + log_file.write(f"Body:\n{body}\n\n") + +class MockHandler(BaseHTTPRequestHandler): + def _set_headers(self, code, content_type="application/json", content_length=None): + self.send_response(code) + self.send_header("Content-type", content_type) + if content_length: + self.send_header("Content-Length", str(content_length)) + self.send_header("Connection", "close") + self.end_headers() + + def _load_response(self, filename): + file_path = os.path.join(RESPONSES_DIR, filename) + + try: + with open(file_path, 'r') as f: + lines = f.readlines() + + if not lines: + return json.dumps({}) + + response_line = lines[0].strip() + response = json.loads(response_line) + + with open(file_path, 'w') as f: + f.writelines(lines[1:]) + + return json.dumps(response) + + except (FileNotFoundError, json.JSONDecodeError) as e: + return json.dumps({"error": f"File error: {str(e)}"}) + + def do_POST(self): + content_length = int(self.headers.get('Content-Length', 0)) + body = self.rfile.read(content_length).decode('utf-8') + log_request("POST", self.path, self.headers, body) + + if not self.is_authorized(): + self.send_error(401, f"Unauthorized: {self.path}") + return + + response = None + if self.path == "/security/user/authenticate": + response = generate_authentication_response(add_data=True) + self._set_headers(code=200, content_length=len(response)) + elif self.path == "/agents": + self._set_headers(code=201) + elif self.path == "/api/v1/authentication": + response = generate_authentication_response() + self._set_headers(code=200, content_length=len(response)) + elif self.path == "/api/v1/events/stateful": + response = self._load_response("events_stateful.json") + self._set_headers(code=200, content_length=len(response)) + elif self.path == "/api/v1/events/stateless": + response = self._load_response("events_stateless.json") + self._set_headers(code=200, content_length=len(response)) + else: + self.send_error(404, f"Not found: {self.path}") + return + + if response: + self.wfile.write(response.encode('utf-8')) + self.wfile.flush() + self.close_connection = True + + def do_GET(self): + log_request("GET", self.path, self.headers, "") + + if not self.is_authorized(): + self.send_error(401, f"Unauthorized: {self.path}") + return + + response = None + if self.path == "/api/v1/commands": + time.sleep(EXPIRATION_TIME) + response = self._load_response("commands.json") + self._set_headers(code=200, content_length=len(response)) + elif self.path.startswith("/api/v1/files"): + parsed_url = urlparse(self.path) + query_params = parse_qs(parsed_url.query) + file_name = query_params.get("file_name", [None])[0] + if file_name: + filepath = os.path.join(GROUPS_FILES_DIR, file_name) + filepath = unquote(filepath) + + if os.path.isfile(filepath): + try: + self.send_response(200) + self.send_header('Content-Type', 'application/octet-stream') + self.send_header('Content-Disposition', f'attachment; filename="{os.path.basename(filepath)}"') + self.send_header('Content-Length', str(os.path.getsize(filepath))) + self.send_header('Connection', 'close') + self.end_headers() + + with open(filepath, 'rb') as file: + file_data = file.read() + self.wfile.write(file_data) + + self.wfile.flush() + except Exception as e: + self.send_response(500) + self.end_headers() + self.wfile.write(f'Error reading file: {str(e)}'.encode()) + else: + self._set_headers(code=400) + else: + self.send_error(404, f"Not found: {self.path}") + + if response: + self.wfile.write(response.encode('utf-8')) + self.wfile.flush() + self.close_connection = True + + def is_authorized(self): + if self.path == "/security/user/authenticate": + return True + + if self.path == "/api/v1/authentication": + return True + + auth_header = self.headers.get('Authorization', None) + if not auth_header or not auth_header.startswith("Bearer "): + return False + + token = auth_header.split(" ")[1] + + try: + jwt.decode(token, SECRET_KEY, algorithms=["HS256"], audience=["Wazuh Comms API"]) + except jwt.ExpiredSignatureError: + return False + except jwt.InvalidTokenError: + return False + + return True + +def run_server(port, ssl_key=None, ssl_cert=None, handler_class=MockHandler, use_https=True, outfile=None): + server_address = ('', port) + global log_file_path + log_file_path = outfile + + # Use HTTPS if both an SSL certificate and key are provided and the protocol is HTTPS + if use_https and ssl_key and ssl_cert: + httpd = ThreadingHTTPServer(server_address, handler_class) + context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + context.load_cert_chain(certfile=ssl_cert, keyfile=ssl_key) + httpd.socket = context.wrap_socket(httpd.socket, server_side=True) + protocol = "HTTPS" + else: + # If not using HTTPS, default to HTTP + httpd = ThreadingHTTPServer(server_address, handler_class) + protocol = "HTTP" + + print(f"Mock {protocol} server running on port {port}") + httpd.serve_forever() + +if __name__ == "__main__": + # Argument parser setup + parser = argparse.ArgumentParser(description="Configurable Mock Server") + + # Define command-line arguments + parser.add_argument( + "--port1", type=int, default=55000, + help="Port number for the first server (default: 55000)" + ) + parser.add_argument( + "--port2", type=int, default=27000, + help="Port number for the second server (default: 27000)" + ) + parser.add_argument( + "--ssl_key", type=str, default="key.pem", + help="Path to the SSL key file (default: key.pem)" + ) + parser.add_argument( + "--ssl_cert", type=str, default="cert.pem", + help="Path to the SSL certificate file (default: cert.pem)" + ) + parser.add_argument( + "--protocol", type=str, choices=["http", "https"], default="https", + help="Specify whether to use HTTP or HTTPS (default: https)" + ) + parser.add_argument( + "--outfile", type=str, + help="File path to save incoming request logs" + ) + + # Parse the command-line arguments + args = parser.parse_args() + + use_https = args.protocol == "https" + + # Create threads for each server with the configured parameters + thread1 = threading.Thread(target=run_server, args=(args.port1, args.ssl_key, args.ssl_cert, MockHandler, use_https, args.outfile)) + thread2 = threading.Thread(target=run_server, args=(args.port2, args.ssl_key, args.ssl_cert, MockHandler, use_https, args.outfile)) + + # Start servers + thread1.start() + thread2.start() + + # Wait for both threads to finish + thread1.join() + thread2.join() diff --git a/etc/config/wazuh.conf b/src/agent/testtool/mock_server/responses/commands.json similarity index 100% rename from etc/config/wazuh.conf rename to src/agent/testtool/mock_server/responses/commands.json diff --git a/src/common/debug_op/CMakeLists.txt b/src/agent/testtool/mock_server/responses/events_stateful.json similarity index 100% rename from src/common/debug_op/CMakeLists.txt rename to src/agent/testtool/mock_server/responses/events_stateful.json diff --git a/src/common/expression/CMakeLists.txt b/src/agent/testtool/mock_server/responses/events_stateless.json similarity index 100% rename from src/common/expression/CMakeLists.txt rename to src/agent/testtool/mock_server/responses/events_stateless.json diff --git a/src/agent/testtool/mock_server/responses/templates/commands.templates b/src/agent/testtool/mock_server/responses/templates/commands.templates new file mode 100644 index 0000000000..11c351a944 --- /dev/null +++ b/src/agent/testtool/mock_server/responses/templates/commands.templates @@ -0,0 +1,7 @@ +{"commands":[{"id":"id","status":"sent","info":"string","args":["module","command",["arg1"]],"agent":{"id":"agentID"}}]} + +# CentralizedConfiguration set-group +{"commands":[{"id":"id1234","status":"sent","info":"string","args":["CentralizedConfiguration","set-group",["validYaml", "invalidYaml"]],"agent":{"id":"agentID"}}]} + +# CentralizedConfiguration update-group +{"commands":[{"id":"id123456","status":"sent","info":"string","args":["CentralizedConfiguration","update-group"],"agent":{"id":"agentID"}}]} diff --git a/src/agent/testtool/mock_server/responses/templates/events_stateful.templates b/src/agent/testtool/mock_server/responses/templates/events_stateful.templates new file mode 100644 index 0000000000..81680ce7d7 --- /dev/null +++ b/src/agent/testtool/mock_server/responses/templates/events_stateful.templates @@ -0,0 +1 @@ +{"stateful":"stateful"} diff --git a/src/agent/testtool/mock_server/responses/templates/events_stateless.templates b/src/agent/testtool/mock_server/responses/templates/events_stateless.templates new file mode 100644 index 0000000000..fa5b13e335 --- /dev/null +++ b/src/agent/testtool/mock_server/responses/templates/events_stateless.templates @@ -0,0 +1 @@ +{"stateless":"stateless"} diff --git a/src/cmake/CommonSettings.cmake b/src/cmake/CommonSettings.cmake index a94dc90f0c..ae287403a7 100644 --- a/src/cmake/CommonSettings.cmake +++ b/src/cmake/CommonSettings.cmake @@ -3,6 +3,49 @@ function(set_common_settings) set(CMAKE_CXX_STANDARD_REQUIRED ON PARENT_SCOPE) set(CMAKE_EXPORT_COMPILE_COMMANDS ON PARENT_SCOPE) + if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(BIN_INSTALL_DIR "/usr/share/wazuh-agent/bin" PARENT_SCOPE) + set(CONFIG_INSTALL_DIR "/etc/wazuh-agent" PARENT_SCOPE) + set(SERVICE_INSTALL_DIR "/usr/lib/systemd/system" PARENT_SCOPE) + set(DATA_INSTALL_DIR "/var/lib/wazuh-agent" PARENT_SCOPE) + set(RUN_INSTALL_DIR "/var/run" PARENT_SCOPE) + set(SERVICE_FILE "${CMAKE_SOURCE_DIR}/agent/service/wazuh-agent.service" PARENT_SCOPE) + set(SHARED_CONFIG_INSTALL_DIR "/etc/wazuh-agent/shared" PARENT_SCOPE) + elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin") + set(BIN_INSTALL_DIR "/Library/Application Support/Wazuh agent.app/bin" PARENT_SCOPE) + set(CONFIG_INSTALL_DIR "/Library/Application Support/Wazuh agent.app/etc" PARENT_SCOPE) + set(SERVICE_INSTALL_DIR "/Library/LaunchDaemons" PARENT_SCOPE) + set(DATA_INSTALL_DIR "/Library/Application Support/Wazuh agent.app/var" PARENT_SCOPE) + set(RUN_INSTALL_DIR "/private/var/run" PARENT_SCOPE) + set(SERVICE_FILE "${CMAKE_SOURCE_DIR}/agent/service/com.wazuh.agent.plist" PARENT_SCOPE) + set(SHARED_CONFIG_INSTALL_DIR "/Library/Application Support/Wazuh agent.app/etc/shared" PARENT_SCOPE) + elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows") + if(DEFINED ENV{ProgramFiles}) + set(BIN_INSTALL_DIR "$ENV{ProgramFiles}\\wazuh-agent" PARENT_SCOPE) + else() + set(BIN_INSTALL_DIR "C:\\Program Files\\wazuh-agent" PARENT_SCOPE) + endif() + + if(DEFINED ENV{ProgramData}) + set(CONFIG_INSTALL_DIR "$ENV{ProgramData}\\wazuh-agent\\config" PARENT_SCOPE) + set(DATA_INSTALL_DIR "$ENV{ProgramData}\\wazuh-agent\\var" PARENT_SCOPE) + set(RUN_INSTALL_DIR "$ENV{ProgramData}\\wazuh-agent\\run" PARENT_SCOPE) + set(SHARED_CONFIG_INSTALL_DIR "$ENV{ProgramData}\\wazuh-agent\\config\\shared" PARENT_SCOPE) + else() + set(CONFIG_INSTALL_DIR "C:\\ProgramData\\wazuh-agent\\config" PARENT_SCOPE) + set(DATA_INSTALL_DIR "C:\\ProgramData\\wazuh-agent\\var" PARENT_SCOPE) + set(RUN_INSTALL_DIR "C:\\ProgramData\\wazuh-agent\\run" PARENT_SCOPE) + set(SHARED_CONFIG_INSTALL_DIR "C:\\ProgramData\\wazuh-agent\\config\\shared" PARENT_SCOPE) + endif() + else() + message(FATAL_ERROR "Not supported OS") + endif() + + option(BUILD_TESTS "Enable tests building" OFF) + option(COVERAGE "Enable coverage report" OFF) + option(ENABLE_INVENTORY "Enable Inventory module" ON) + option(ENABLE_LOGCOLLECTOR "Enable Logcollector module" ON) + if(COVERAGE) if(NOT TARGET coverage) set(CMAKE_BUILD_TYPE Debug) @@ -44,4 +87,12 @@ function(set_common_settings) else() set(CMAKE_CXX_FLAGS "-g3" PARENT_SCOPE) endif() + + if(ENABLE_INVENTORY) + add_definitions(-DENABLE_INVENTORY) + endif() + + if(ENABLE_LOGCOLLECTOR) + add_definitions(-DENABLE_LOGCOLLECTOR) + endif() endfunction() diff --git a/src/cmake/ConfigureTarget.cmake b/src/cmake/ConfigureTarget.cmake index 96c89276d4..50cdbc7c89 100644 --- a/src/cmake/ConfigureTarget.cmake +++ b/src/cmake/ConfigureTarget.cmake @@ -37,7 +37,9 @@ function(configure_target target) target_compile_options(${target} PRIVATE ${msvc_warnings}) endif() - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang|GNU") + option(ENABLE_CLANG_TIDY "Enable clang-tidy analysis" ON) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang|GNU" AND ENABLE_CLANG_TIDY) find_program(CLANG_TIDY_EXECUTABLE NAMES clang-tidy-18) if(CLANG_TIDY_EXECUTABLE) diff --git a/src/cmake/SetWindowsManifest.cmake b/src/cmake/SetWindowsManifest.cmake new file mode 100644 index 0000000000..3418b20022 --- /dev/null +++ b/src/cmake/SetWindowsManifest.cmake @@ -0,0 +1,10 @@ +function(set_windows_manifest) + set(MANIFEST_FILE "${CMAKE_SOURCE_DIR}/agent/service/app.manifest") + + add_custom_command(TARGET wazuh-agent POST_BUILD + COMMAND ${CMAKE_COMMAND} -E + echo "Embedding manifest in the executable..." + COMMAND mt.exe -nologo -manifest ${MANIFEST_FILE} -outputresource:$;#1 + COMMENT "Embedding manifest in ${CMAKE_CURRENT_BINARY_DIR}/wazuh-agent" + ) +endfunction() diff --git a/src/cmake/config.cmake b/src/cmake/config.cmake new file mode 100644 index 0000000000..abc1944c63 --- /dev/null +++ b/src/cmake/config.cmake @@ -0,0 +1,55 @@ +# Project name +set(PROJECT_NAME "Wazuh Agent") + +# Project version +set(VERSION "0.1") + +set(DEFAULT_THREAD_COUNT 4 CACHE STRING "Default number of threads (4)") + +string(REPLACE "\\" "\\\\" DEFAULT_DATA_PATH "${DATA_INSTALL_DIR}") + +string(REPLACE "\\" "\\\\" DEFAULT_RUN_PATH "${RUN_INSTALL_DIR}") + +string(REPLACE "\\" "\\\\" DEFAULT_SHARED_CONFIG_PATH "${SHARED_CONFIG_INSTALL_DIR}") + +string(REPLACE "\\" "\\\\" DEFAULT_CONFIG_PATH "${CONFIG_INSTALL_DIR}") + +set(DEFAULT_SHARED_FILE_EXTENSION ".yml" CACHE STRING "Default shared file extension") + +set(DEFAULT_SERVER_URL "https://localhost:27000" CACHE STRING "Default Agent Server Url") + +set(DEFAULT_RETRY_INTERVAL 30000 CACHE STRING "Default Agent retry interval (30s)") + +set(DEFAULT_BATCH_INTERVAL 10000 CACHE STRING "Default Agent batch interval (10s)") + +set(DEFAULT_BATCH_SIZE 1000 CACHE STRING "Default Agent batch size limit (1000)") + +set(DEFAULT_LOGCOLLECTOR_ENABLED true CACHE BOOL "Default Logcollector enabled") + +set(BUFFER_SIZE 4096 CACHE STRING "Default Logcollector reading buffer size") + +set(DEFAULT_FILE_WAIT 500 CACHE STRING "Default Logcollector file reading interval (500ms)") + +set(DEFAULT_RELOAD_INTERVAL 60000 CACHE STRING "Default Logcollector reload interval (1m)") + +set(DEFAULT_INVENTORY_ENABLED true CACHE BOOL "Default inventory enabled") + +set(DEFAULT_INTERVAL 3600000 CACHE STRING "Default inventory interval (1h)") + +set(DEFAULT_SCAN_ON_START true CACHE BOOL "Default inventory scan on start") + +set(DEFAULT_HARDWARE true CACHE BOOL "Default inventory hardware") + +set(DEFAULT_OS true CACHE BOOL "Default inventory os") + +set(DEFAULT_NETWORK true CACHE BOOL "Default inventory network") + +set(DEFAULT_PACKAGES true CACHE BOOL "Default inventory packages") + +set(DEFAULT_PORTS true CACHE BOOL "Default inventory ports") + +set(DEFAULT_PORTS_ALL true CACHE BOOL "Default inventory ports all") + +set(DEFAULT_PROCESSES true CACHE BOOL "Default inventory processes") + +set(DEFAULT_HOTFIXES true CACHE BOOL "Default inventory hotfixes") diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index c19730e280..989c5ff49d 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -1,4 +1,23 @@ +add_subdirectory(binaries_op) +add_subdirectory(bzip2_op) +add_subdirectory(config) +add_subdirectory(data_provider) +add_subdirectory(dbsync) +add_subdirectory(error_messages) +add_subdirectory(file_op) +add_subdirectory(filesystem_wrapper) +add_subdirectory(hashHelper) add_subdirectory(logger) +add_subdirectory(mem_op) +add_subdirectory(networkHelper) +add_subdirectory(privsep_op) +add_subdirectory(pthreads_op) +add_subdirectory(randombytes) +add_subdirectory(regex_op) +add_subdirectory(sqliteWrapper) +add_subdirectory(time_op) +add_subdirectory(utils) +add_subdirectory(version_op) if(BUILD_TESTS) enable_testing() diff --git a/src/common/audit_op/src/audit_op.c b/src/common/audit_op/src/audit_op.c index acee5d6e59..0e9e8f884a 100644 --- a/src/common/audit_op/src/audit_op.c +++ b/src/common/audit_op/src/audit_op.c @@ -82,7 +82,7 @@ int audit_get_rule_list(int fd) { int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0); if (rc < 0 && rc != -EINVAL) { - merror("Error sending rule list data request (%s)",strerror(-rc)); + LogError("Error sending rule list data request (%s)",strerror(-rc)); return -1; } @@ -128,7 +128,7 @@ int audit_print_reply(struct audit_reply *rep) { } } if (path && key) { - mdebug2("Audit rule loaded: -w %s -p %s -k %s",path, perms, key); + LogDebug("Audit rule loaded: -w %s -p %s -k %s",path, perms, key); if (audit_rules_list) { w_audit_rule *rule; os_calloc(1, sizeof(w_audit_rule), rule); @@ -218,19 +218,19 @@ int audit_restart(void) { char *service_path = NULL; if (get_binary_path("service", &service_path) < 0) { - mdebug1("Binary '%s' not found in default paths, the full path will not be used.", service_path); + LogDebug("Binary '%s' not found in default paths, the full path will not be used.", service_path); } char * command[] = { service_path, "auditd", "restart", NULL }; if (wfd = wpopenv(*command, command, W_BIND_STDERR), !wfd) { - merror("Could not launch command to restart Auditd: %s (%d)", strerror(errno), errno); + LogError("Could not launch command to restart Auditd: %s (%d)", strerror(errno), errno); os_free(service_path); return -1; } // Print stderr while (fgets(buffer, sizeof(buffer), wfd->file_out)) { - mdebug1("auditd: %s", buffer); + LogDebug("auditd: %s", buffer); } switch (status = wpclose(wfd), WEXITSTATUS(status)) { @@ -239,11 +239,11 @@ int audit_restart(void) { return 0; case 127: // exec error - merror("Could not launch command to restart Auditd."); + LogError("Could not launch command to restart Auditd."); os_free(service_path); return -1; default: - merror("Could not restart Auditd service."); + LogError("Could not restart Auditd service."); os_free(service_path); return -1; } @@ -270,7 +270,7 @@ int audit_manage_rules(int action, const char *path, int permissions, const char type = AUDIT_DIR; if (stat(path, &buf) != 0) { - mdebug2(FIM_STAT_FAILED, path, errno, strerror(errno)); + LogDebug(FIM_STAT_FAILED, path, errno, strerror(errno)); retval = -1; goto end; } @@ -278,7 +278,7 @@ int audit_manage_rules(int action, const char *path, int permissions, const char // Set watcher output = audit_add_watch_dir(type, &myrule, path); if (output) { - mdebug2("audit_add_watch_dir = (%d) %s", output, audit_errno_to_name(abs(output))); + LogDebug("audit_add_watch_dir = (%d) %s", output, audit_errno_to_name(abs(output))); retval = -1; goto end; } @@ -286,7 +286,7 @@ int audit_manage_rules(int action, const char *path, int permissions, const char // Set permissions output = audit_update_watch_perms(myrule, permissions); if (output) { - mdebug2("audit_update_watch_perms = (%d) %s", output, audit_errno_to_name(abs(output))); + LogDebug("audit_update_watch_perms = (%d) %s", output, audit_errno_to_name(abs(output))); retval = -1; goto end; } @@ -311,7 +311,7 @@ int audit_manage_rules(int action, const char *path, int permissions, const char } else { output = audit_rule_fieldpair_data(&myrule, cmd, flags); if (output) { - mdebug2("audit_rule_fieldpair_data = (%d) %s", output, audit_errno_to_name(abs(output))); + LogDebug("audit_rule_fieldpair_data = (%d) %s", output, audit_errno_to_name(abs(output))); free(cmd); retval = -1; goto end; @@ -330,7 +330,7 @@ int audit_manage_rules(int action, const char *path, int permissions, const char } if (retval <= 0 && retval != -EEXIST) { - mdebug2("Can't add or delete a rule (%d) = %s", retval, audit_errno_to_name(abs(retval))); + LogDebug("Can't add or delete a rule (%d) = %s", retval, audit_errno_to_name(abs(retval))); } end: diff --git a/src/common/binaries_op/CMakeLists.txt b/src/common/binaries_op/CMakeLists.txt index e69de29bb2..701b52afeb 100644 --- a/src/common/binaries_op/CMakeLists.txt +++ b/src/common/binaries_op/CMakeLists.txt @@ -0,0 +1,8 @@ +add_library(binaries_op STATIC src/binaries_op.c) + +target_include_directories(binaries_op PUBLIC include) + +target_link_libraries(binaries_op + utils + Logger + time_op) diff --git a/src/common/byteArrayHelper/tests/main.cpp b/src/common/byteArrayHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/byteArrayHelper/tests/main.cpp +++ b/src/common/byteArrayHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/bzip2_op/CMakeLists.txt b/src/common/bzip2_op/CMakeLists.txt new file mode 100644 index 0000000000..19245ea2b5 --- /dev/null +++ b/src/common/bzip2_op/CMakeLists.txt @@ -0,0 +1,8 @@ +add_library(bzip2_op STATIC src/bzip2_op.c) + +target_include_directories(bzip2_op PUBLIC include) + +target_link_libraries(bzip2_op + utils + Logger + time_op) diff --git a/src/common/bzip2_op/include/bzip2_op.h b/src/common/bzip2_op/include/bzip2_op.h new file mode 100644 index 0000000000..75a81064e5 --- /dev/null +++ b/src/common/bzip2_op/include/bzip2_op.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2015, Wazuh Inc. + * April, 2020. + * + * This program is free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public + * License (version 2) as published by the FSF - Free Software + * Foundation. + */ + +#ifndef BZIP2_OP_H +#define BZIP2_OP_H + +#include + +#define BZIP2_BUFFER_SIZE 4096 + +/** + * @brief bzpi2 library, function to compress + * + * @param file File path to compress + * @param filebz2 File name compressed + * + * @retval 0 on success + * @retval -1 on error + */ +int bzip2_compress(const char *file, const char *filebz2); + +/** + * @brief bzpi2 library, function to uncompress + * + * @param filebz2 File path to uncompress + * @param file File name uncompressed + * + * @retval 0 on success + * @retval -1 on error + */ +int bzip2_uncompress(const char *filebz2, const char *file); + +#endif /* BZIP2_OP_H */ diff --git a/src/common/bzip2_op/src/bzip2_op.c b/src/common/bzip2_op/src/bzip2_op.c new file mode 100644 index 0000000000..dafb51e8b1 --- /dev/null +++ b/src/common/bzip2_op/src/bzip2_op.c @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2015, Wazuh Inc. + * April, 2020. + * + * This program is free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public + * License (version 2) as published by the FSF - Free Software + * Foundation. + */ + +#include "shared.h" + + +int bzip2_compress(const char *file, const char *filebz2) { + FILE* input; + FILE* output; + BZFILE* compressfile; + int bzerror; + + if (!file || !filebz2) { + return -1; + } + + input = wfopen(file, "rb"); + if (!input) { + LogDebug(FOPEN_ERROR, file, errno, strerror(errno)); + return -1; + } + + output = wfopen(filebz2, "wb"); + if (!output) { + LogDebug(FOPEN_ERROR, filebz2, errno, strerror(errno)); + fclose(input); + return -1; + } + + compressfile = BZ2_bzWriteOpen(&bzerror, output, 9, 0, 1); + if (bzerror != BZ_OK) { + LogDebug("Could not open to write bz2 file (%d)'%s': (%d)-%s", + bzerror, filebz2, errno, strerror(errno)); + + // compressfile is null at this point. + BZ2_bzWriteClose(&bzerror, compressfile, 0, NULL, NULL); + + fclose(input); + fclose(output); + return -1; + } + + char buf[BZIP2_BUFFER_SIZE]; + int readbuff; + while (readbuff = fread(buf, sizeof(char), sizeof(buf), input), readbuff > 0) { + BZ2_bzWrite(&bzerror, compressfile, (void*)buf, readbuff); + + if (bzerror != BZ_OK) { + LogDebug("Could not write bz2 file (%d)'%s': (%d)-%s", + bzerror, filebz2, errno, strerror(errno)); + BZ2_bzWriteClose(&bzerror, compressfile, 0, NULL, NULL); + fclose(input); + fclose(output); + return -1; + } + } + + BZ2_bzWriteClose(&bzerror, compressfile, 0, NULL, NULL); + fclose(input); + fclose(output); + return 0; +} + +int bzip2_uncompress(const char *filebz2, const char *file) { + FILE* input; + FILE* output; + BZFILE* compressfile; + int bzerror; + unsigned char unused[BZ_MAX_UNUSED]; + int nUnused = 0; + + if (!file || !filebz2) { + return -1; + } + + input = wfopen(filebz2, "rb"); + if (!input) { + LogDebug(FOPEN_ERROR, filebz2, errno, strerror(errno)); + return -1; + } + + output = wfopen(file, "wb"); + if (!output) { + LogDebug(FOPEN_ERROR, file, errno, strerror(errno)); + fclose(input); + return -1; + } + + compressfile = BZ2_bzReadOpen(&bzerror, input, 0, 0, unused, nUnused); + if (compressfile == NULL || bzerror != BZ_OK) { + LogDebug("BZ2_bzReadOpen(%d)'%s': (%d)-%s", + bzerror, filebz2, errno, strerror(errno)); + + // compressfile is null at this point. + BZ2_bzReadClose(&bzerror, compressfile); + + fclose(input); + fclose(output); + return -1; + } + + char buf[BZIP2_BUFFER_SIZE]; + int readbuff; + do { + readbuff = BZ2_bzRead(&bzerror, compressfile, buf, sizeof(buf)); + if (bzerror == BZ_OK || bzerror == BZ_STREAM_END) { + fwrite(buf, sizeof(char), readbuff, output); + } else { + LogDebug("BZ2_bzRead(%d)'%s': (%d)-%s", + bzerror, filebz2, errno, strerror(errno)); + BZ2_bzReadClose(&bzerror, compressfile); + fclose(input); + fclose(output); + return -1; + } + } while (bzerror == BZ_OK); + + BZ2_bzReadClose(&bzerror, compressfile); + fclose(input); + fclose(output); + return 0; +} diff --git a/src/common/cmdHelper/include/cmdHelper.h b/src/common/cmdHelper/include/cmdHelper.h index dd1653813e..b60159d043 100644 --- a/src/common/cmdHelper/include/cmdHelper.h +++ b/src/common/cmdHelper/include/cmdHelper.h @@ -9,16 +9,21 @@ * Foundation. */ -#ifndef _CMD_HELPER_H -#define _CMD_HELPER_H +#pragma once #include #include #include #include +#include +#ifndef WIN32 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-function" +#else +FILE *popen(const char *command, const char *mode) { return NULL; } +int pclose(FILE *stream){ return 0; } +#endif namespace Utils { @@ -32,14 +37,14 @@ namespace Utils static std::string exec(const std::string& cmd, const size_t bufferSize = 128) { const std::unique_ptr file{popen(cmd.c_str(), "r")}; - char buffer[bufferSize]; + std::vector buffer(bufferSize); std::string result; if (file) { - while (fgets(buffer, bufferSize, file.get())) + while (fgets(buffer.data(), bufferSize, file.get())) { - result += buffer; + result += buffer.data(); } } @@ -49,4 +54,3 @@ namespace Utils #pragma GCC diagnostic pop -#endif // _CMD_HELPER_H \ No newline at end of file diff --git a/src/common/cmdHelper/tests/cmdHelper_test.cpp b/src/common/cmdHelper/tests/cmdHelper_test.cpp index 3ea9a09167..f365841d22 100644 --- a/src/common/cmdHelper/tests/cmdHelper_test.cpp +++ b/src/common/cmdHelper/tests/cmdHelper_test.cpp @@ -27,4 +27,4 @@ TEST_F(CmdUtilsTest, CmdUname) const auto result{Utils::exec("uname")}; EXPECT_FALSE(result.empty()); } -#endif \ No newline at end of file +#endif diff --git a/src/common/cmdHelper/tests/main.cpp b/src/common/cmdHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/cmdHelper/tests/main.cpp +++ b/src/common/cmdHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/commonDefs.h b/src/common/commonDefs.h index 1f0ff13cca..fb4ea158ec 100644 --- a/src/common/commonDefs.h +++ b/src/common/commonDefs.h @@ -12,7 +12,7 @@ #ifndef _COMMON_DEFS_H_ #define _COMMON_DEFS_H_ -#include "cJSON.h" +#include #include /** diff --git a/src/common/config/CMakeLists.txt b/src/common/config/CMakeLists.txt new file mode 100644 index 0000000000..c7e6d8cb49 --- /dev/null +++ b/src/common/config/CMakeLists.txt @@ -0,0 +1,19 @@ +cmake_minimum_required(VERSION 3.22) + +set(CMAKE_TOOLCHAIN_FILE "${CMAKE_SOURCE_DIR}/../../vcpkg/scripts/buildsystems/vcpkg.cmake") +set(VCPKG_MANIFEST_DIR ${CMAKE_SOURCE_DIR}/../../) + +project(Config) + +add_library(Config INTERFACE) + +include(../../cmake/config.cmake) + +configure_file( + "${CMAKE_CURRENT_SOURCE_DIR}/include/config.h.in" + "${CMAKE_CURRENT_BINARY_DIR}/include/config.h" +) + +target_include_directories(Config INTERFACE + "${CMAKE_CURRENT_BINARY_DIR}/include" +) diff --git a/src/common/config/include/config.h.in b/src/common/config/include/config.h.in new file mode 100644 index 0000000000..d4d41fff15 --- /dev/null +++ b/src/common/config/include/config.h.in @@ -0,0 +1,45 @@ +#pragma once + +namespace config +{ + constexpr auto PROJECT_NAME = "@PROJECT_NAME@"; + constexpr auto VERSION = "@VERSION@"; + constexpr auto DEFAULT_THREAD_COUNT = @DEFAULT_THREAD_COUNT@; + constexpr auto DEFAULT_DATA_PATH = "@DEFAULT_DATA_PATH@"; + constexpr auto DEFAULT_RUN_PATH = "@DEFAULT_RUN_PATH@"; + constexpr auto DEFAULT_SHARED_CONFIG_PATH = "@DEFAULT_SHARED_CONFIG_PATH@"; + constexpr auto DEFAULT_CONFIG_PATH = "@DEFAULT_CONFIG_PATH@"; + constexpr auto DEFAULT_SHARED_FILE_EXTENSION = "@DEFAULT_SHARED_FILE_EXTENSION@"; + + namespace agent + { + constexpr auto DEFAULT_SERVER_URL = "@DEFAULT_SERVER_URL@"; + constexpr auto DEFAULT_RETRY_INTERVAL = @DEFAULT_RETRY_INTERVAL@; + constexpr auto DEFAULT_BATCH_INTERVAL = @DEFAULT_BATCH_INTERVAL@; + constexpr auto DEFAULT_BATCH_SIZE = @DEFAULT_BATCH_SIZE@; + } + + namespace logcollector + { + constexpr auto DEFAULT_ENABLED = @DEFAULT_LOGCOLLECTOR_ENABLED@; + constexpr auto BUFFER_SIZE = @BUFFER_SIZE@; + constexpr auto DEFAULT_FILE_WAIT = @DEFAULT_FILE_WAIT@; + constexpr auto DEFAULT_RELOAD_INTERVAL = @DEFAULT_RELOAD_INTERVAL@; + constexpr auto DEFAULT_LOCALFILES = "/var/log/auth.log"; + } + + namespace inventory + { + constexpr auto DEFAULT_ENABLED = @DEFAULT_INVENTORY_ENABLED@; + constexpr auto DEFAULT_INTERVAL = @DEFAULT_INTERVAL@; + constexpr auto DEFAULT_SCAN_ON_START = @DEFAULT_SCAN_ON_START@; + constexpr auto DEFAULT_HARDWARE = @DEFAULT_HARDWARE@; + constexpr auto DEFAULT_OS = @DEFAULT_OS@; + constexpr auto DEFAULT_NETWORK = @DEFAULT_NETWORK@; + constexpr auto DEFAULT_PACKAGES = @DEFAULT_PACKAGES@; + constexpr auto DEFAULT_PORTS = @DEFAULT_PORTS@; + constexpr auto DEFAULT_PORTS_ALL = @DEFAULT_PORTS_ALL@; + constexpr auto DEFAULT_PROCESSES = @DEFAULT_PROCESSES@; + constexpr auto DEFAULT_HOTFIXES = @DEFAULT_HOTFIXES@; + } +} diff --git a/src/common/cryptography/src/cryptography.c b/src/common/cryptography/src/cryptography.c index e721712092..886cc80f68 100644 --- a/src/common/cryptography/src/cryptography.c +++ b/src/common/cryptography/src/cryptography.c @@ -461,12 +461,12 @@ DWORD check_ca_available() { // Close the certificate store. if (!CertCloseStore(cert_store, 0)) { - plain_merror("CertCloseStore failed with error %lu: %s", GetLastError(), win_strerror(GetLastError())); + LogError("CertCloseStore failed with error %lu: %s", GetLastError(), win_strerror(GetLastError())); } } else { // Log error if the certificate store could not be opened. result = GetLastError(); - plain_merror("CertOpenSystemStore failed with error %lu: %s", result, win_strerror(result)); + LogError("CertOpenSystemStore failed with error %lu: %s", result, win_strerror(result)); } return result; @@ -533,14 +533,14 @@ w_err_t verify_hash_and_pe_signature(wchar_t *file_path) { if (ERROR_SUCCESS != pe_result) { hash_result = verify_hash_catalog(file_path, hash_error_message, OS_SIZE_1024); if (ERROR_SUCCESS != hash_result) { - plain_minfo("Trust verification of a module failed by using the signature method. %s", pe_error_message); - plain_minfo("Trust verification of a module failed by using the hash method. %s", hash_error_message); + LogInfo("Trust verification of a module failed by using the signature method. %s", pe_error_message); + LogInfo("Trust verification of a module failed by using the hash method. %s", hash_error_message); retval = OS_INVALID; } else { - plain_mdebug1("%s", hash_error_message); + LogDebug("%s", hash_error_message); } } else { - plain_mdebug1("%s", pe_error_message); + LogDebug("%s", pe_error_message); } return retval; diff --git a/src/common/data_provider/CMakeLists.txt b/src/common/data_provider/CMakeLists.txt index 3522608a01..30449375f8 100644 --- a/src/common/data_provider/CMakeLists.txt +++ b/src/common/data_provider/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysinfo) @@ -8,7 +8,7 @@ endif() enable_testing() -get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../ ABSOLUTE) +get_filename_component(SRC_FOLDER ${CMAKE_CURRENT_SOURCE_DIR}/../../ ABSOLUTE) if(COVERITY) add_definitions(-D__GNUC__=8) @@ -45,167 +45,124 @@ else() endif() set(CMAKE_CXX_STANDARD_REQUIRED ON) -set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2") +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2") + set(CMAKE_CXX_FLAGS_DEBUG "-g") + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set(CMAKE_CXX_FLAGS_RELEASE "-O3") + else() + set(CMAKE_CXX_FLAGS_RELEASE "-O3 -s") + endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") -set(CMAKE_CXX_FLAGS_DEBUG "-g") -if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(CMAKE_CXX_FLAGS_RELEASE "-O3") + if(FSANITIZE) + set(CMAKE_CXX_FLAGS_DEBUG "-g -fsanitize=address,leak,undefined") + endif(FSANITIZE) else() - set(CMAKE_CXX_FLAGS_RELEASE "-O3 -s") -endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-g -fsanitize=address,leak,undefined") -endif(FSANITIZE) + set(CMAKE_CXX_FLAGS "/W4 /permissive- /MT") +endif() set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) -set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) +if(CMAKE_SYSTEM_NAME STREQUAL "Windows") + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}) +else() + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) +endif() + +find_package(cJSON CONFIG REQUIRED) +find_package(LibArchive REQUIRED) +find_package(Lua REQUIRED) +if(APPLE) + find_package(unofficial-libplist CONFIG REQUIRED) +endif() +find_package(nlohmann_json CONFIG REQUIRED) +find_package(unofficial-sqlite3 CONFIG REQUIRED) -include_directories(${CMAKE_SOURCE_DIR}/src/) -include_directories(${CMAKE_SOURCE_DIR}/include/) +find_path(POPT_INCLUDE_DIR include/popt.h) +include_directories(${POPT_INCLUDE_DIR}) + +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/src/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include/) include_directories(${SRC_FOLDER}/headers/) -include_directories(${SRC_FOLDER}/external/sqlite/) -include_directories(${SRC_FOLDER}/external/nlohmann/) -include_directories(${SRC_FOLDER}/external/cJSON/) -include_directories(${SRC_FOLDER}/external/procps/) -include_directories(${SRC_FOLDER}/external/bzip2/) -include_directories(${SRC_FOLDER}/external/openssl/include/) -include_directories(${SRC_FOLDER}/shared_modules/utils) +include_directories(${LUA_INCLUDE_DIR}) +include_directories(${SRC_FOLDER}/common/) +include_directories(${SRC_FOLDER}/common/utils/) +include_directories(${SRC_FOLDER}/common/byteArrayHelper/include/) +include_directories(${SRC_FOLDER}/common/cmdHelper/include/) +include_directories(${SRC_FOLDER}/common/globHelper/include/) +include_directories(${SRC_FOLDER}/common/fileHelper/include/) +include_directories(${SRC_FOLDER}/common/jsonHelper/include/) +include_directories(${SRC_FOLDER}/common/linuxHelper/include/) +include_directories(${SRC_FOLDER}/common/stringHelper/include/) +include_directories(${SRC_FOLDER}/common/timeHelper/include/) include_directories(${SRC_FOLDER}/shared_modules/common/) -include_directories(${SRC_FOLDER}/external/openssl/include/) -include_directories(${SRC_FOLDER}/external/libplist/bin/include/) -include_directories(${SRC_FOLDER}/external/libdb/build_unix/) -if(NOT CMAKE_CHECK_CENTOS5) # Avoid incompatible libraries in CentOS 5 and Red Hat 5 - include_directories(${SRC_FOLDER}/external/pacman/lib/libalpm/) - include_directories(${SRC_FOLDER}/external/libarchive/libarchive/) - include_directories(${SRC_FOLDER}/external/rpm/builddir/output/include/) -endif(NOT CMAKE_CHECK_CENTOS5) -if(CMAKE_SYSTEM_NAME STREQUAL "Linux") - # Avoid download externals from http-request submodule - set(EXTERNAL_RES "") - set(PRECOMPILED_EXTERNAL_RES "") - include_directories(${SRC_FOLDER}/shared_modules/http-request/include/) - include_directories(${SRC_FOLDER}/shared_modules/http-request/shared/) -endif(CMAKE_SYSTEM_NAME STREQUAL "Linux") -if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - link_directories(${INSTALL_PREFIX}/lib) -endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") +if(WIN32) + include_directories(${SRC_FOLDER}/common/time_op/include/) + include_directories(${SRC_FOLDER}/common/file_op/include/) + include_directories(${SRC_FOLDER}/common/regex_op/include/) + include_directories(${SRC_FOLDER}/common/bzip2_op/include/) + include_directories(${SRC_FOLDER}/common/validate_op/include/) + include_directories(${SRC_FOLDER}/common/binaries_op/include/) + include_directories(${SRC_FOLDER}/common/randombytes/include/) + include_directories(${SRC_FOLDER}/common/error_messages/include/) + include_directories(${SRC_FOLDER}/common/registryHelper/include/) + include_directories(${SRC_FOLDER}/common/windowsHelper/include/) + include_directories(${SRC_FOLDER}/common/encodingHelper/include/) + include_directories(${SRC_FOLDER}/common/mem_op/include/) +endif() link_directories(${SRC_FOLDER}) -link_directories(${SRC_FOLDER}/external/sqlite/) -link_directories(${SRC_FOLDER}/external/cJSON/) -link_directories(${SRC_FOLDER}/external/procps/) -link_directories(${SRC_FOLDER}/external/bzip2/) -link_directories(${SRC_FOLDER}/external/libplist/bin/lib/) -link_directories(${SRC_FOLDER}/external/libdb/build_unix/) -if(NOT CMAKE_CHECK_CENTOS5) # Avoid incompatible libraries in CentOS 5 and Red Hat 5 -link_directories(${SRC_FOLDER}/external/pacman/lib/libalpm/) -link_directories(${SRC_FOLDER}/external/libarchive/.libs/) -link_directories(${SRC_FOLDER}/external/rpm/builddir/) -endif(NOT CMAKE_CHECK_CENTOS5) -link_directories(${SRC_FOLDER}/external/openssl/) -if(CMAKE_SYSTEM_NAME STREQUAL "Linux") - link_directories(${SRC_FOLDER}/shared_modules/http-request/build) -endif(CMAKE_SYSTEM_NAME STREQUAL "Linux") - link_directories(${SRC_FOLDER}/external/curl/lib/.libs/) - if(CMAKE_SYSTEM_NAME STREQUAL "Windows") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Win.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsInfoWin.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*Windows.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/*Windows.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*Win.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/osinfo/sysOsInfoWin.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/network/*Windows.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/packages/*Windows.cpp") add_definitions(-DWIN32=1 - -D_WIN32_WINNT=0x600 - -DWIN_EXPORT) -elseif(CMAKE_CHECK_CENTOS5) - file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Linux.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*Linux.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/packageLinuxParser.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/packageLinuxParserRpmLegacy.cpp") - add_definitions(-DLINUX_TYPE=LinuxType::LEGACY) # Partial compilation in legacy systems + -D_WIN32_WINNT=0x600) elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Linux.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*Linux.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/packageLinux*.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/rpm*.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*Linux.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/network/*Linux.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/packages/packageLinux*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/packages/rpm*.cpp") add_definitions(-DLINUX_TYPE=LinuxType::STANDARD) # Standard compilation in compatible systems elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin") if(${CMAKE_HOST_SYSTEM_PROCESSOR} MATCHES "arm64.*|ARM64.*") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Mac.cpp" - "${CMAKE_SOURCE_DIR}/src/*CommonBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/*Mac.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*BSD.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" - "${CMAKE_SOURCE_DIR}/src/hardware/*ARMMac.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*Mac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/*CommonBSD.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/packages/*Mac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/network/*BSD.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/hardware/*ARMMac.cpp") else() file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Mac.cpp" - "${CMAKE_SOURCE_DIR}/src/*CommonBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/*Mac.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*BSD.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" - "${CMAKE_SOURCE_DIR}/src/hardware/*X86_64Mac.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*Mac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/*CommonBSD.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/packages/*Mac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/network/*BSD.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/hardware/*X86_64Mac.cpp") endif() -elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") - file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*FreeBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/*CommonBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*BSD.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") -elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*OpenBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/*CommonBSD.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*BSD.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") -elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS") - file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/UtilsWrapperUnix.cpp" - "${CMAKE_SOURCE_DIR}/src/*Solaris.cpp" - "${CMAKE_SOURCE_DIR}/src/packages/*Solaris.cpp" - "${CMAKE_SOURCE_DIR}/src/network/networkSolarisHelper.cpp" - "${CMAKE_SOURCE_DIR}/src/network/*Solaris.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") else() file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/*Unix.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*Unix.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -add_library(sysinfo SHARED +add_library(sysinfo STATIC ${SYSINFO_SRC} - ${CMAKE_SOURCE_DIR}/src/sysInfo.cpp + ${CMAKE_CURRENT_SOURCE_DIR}/src/sysInfo.cpp ${SRC_FOLDER}/${RESOURCE_OBJ}) +target_include_directories(sysinfo PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include/) + if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - target_link_libraries(sysinfo psapi iphlpapi ws2_32) - set_target_properties(sysinfo PROPERTIES - PREFIX "" - SUFFIX ".dll" - LINK_FLAGS "-Wl,--add-stdcall-alias" - POSITION_INDEPENDENT_CODE 0 # this is to avoid MinGW warning; - # MinGW generates position-independent-code for DLL by default - ) -elseif(UNIX AND NOT APPLE) - if(CMAKE_SYSTEM_NAME STREQUAL "AIX") - string(REPLACE ";" ":" CXX_IMPLICIT_LINK_DIRECTORIES_STR "${CMAKE_CXX_IMPLICIT_LINK_DIRECTORIES}") - string(REPLACE ";" ":" PLATFORM_REQUIRED_RUNTIME_PATH_STR "${CMAKE_PLATFORM_REQUIRED_RUNTIME_PATH}") - target_link_libraries(sysinfo -Wl,-blibpath:${INSTALL_PREFIX}/lib:${CXX_IMPLICIT_LINK_DIRECTORIES_STR}:${PLATFORM_REQUIRED_RUNTIME_PATH_STR}) - elseif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - # Do nothing for HP-UX - else() - string(APPEND CMAKE_SHARED_LINKER_FLAGS " -Wl,-rpath=$ORIGIN") - endif(CMAKE_SYSTEM_NAME STREQUAL "AIX") + target_link_libraries(sysinfo PUBLIC psapi iphlpapi ws2_32) elseif(APPLE) find_library(iokit_lib IOKit) if(NOT iokit_lib) @@ -215,38 +172,54 @@ elseif(APPLE) if(NOT corefoundation_lib) message(FATAL_ERROR "CoreFoundation library not found! Aborting...") endif() - target_link_libraries(sysinfo cjson ${SRC_FOLDER}/external/libplist/bin/lib/libplist-2.0.a ${iokit_lib} ${corefoundation_lib}) + + target_link_libraries(sysinfo PUBLIC + unofficial::libplist::libplist + unofficial::libplist::libplist++ + ${iokit_lib} + ${corefoundation_lib} + sqliteWrapper + LibArchive::LibArchive) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") -target_link_libraries(sysinfo wazuhext) +target_link_libraries(sysinfo PUBLIC + networkHelper + nlohmann_json::nlohmann_json + cjson) if(CMAKE_SYSTEM_NAME STREQUAL "Linux") - set(CURL_DEP "wazuhext") - target_link_libraries(sysinfo urlrequest db) - if(CMAKE_CHECK_CENTOS5) - set(USE_HTTP 1) - endif(CMAKE_CHECK_CENTOS5) - add_subdirectory(${SRC_FOLDER}/shared_modules/http-request ${SRC_FOLDER}/shared_modules/http-request/build) + find_library(POPT_LIBRARY libpopt.a) + find_library(PROC_NG_LIBRARY NAMES proc-ng REQUIRED) + find_library(LIBDB_LIBRARY NAMES db REQUIRED) + find_library(LIBRPM_LIBRARY NAMES rpm REQUIRED) + find_library(LIBRPMIO_LIBRARY NAMES rpmio REQUIRED) + target_link_libraries(sysinfo PUBLIC + ${LIBDB_LIBRARY} + ${PROC_NG_LIBRARY} + ${LIBRPM_LIBRARY} + ${LIBRPMIO_LIBRARY} + LibArchive::LibArchive + ${POPT_LIBRARY} + ${LUA_LIBRARIES} + ) endif(CMAKE_SYSTEM_NAME STREQUAL "Linux") -if(APPLE) - add_custom_command(TARGET sysinfo - POST_BUILD COMMAND - ${CMAKE_INSTALL_NAME_TOOL} -id "@rpath/libsysinfo.dylib" - $) -endif(APPLE) +target_link_libraries(sysinfo PUBLIC + unofficial::sqlite3::sqlite3) -if(UNIT_TEST) - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - target_link_libraries(sysinfo -fprofile-arcs) - else() - target_link_libraries(sysinfo gcov) - endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") +if(BUILD_TESTS) + if(NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + target_link_libraries(sysinfo PRIVATE -fprofile-arcs) + else() + target_link_libraries(sysinfo PRIVATE gcov) + endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - add_subdirectory(tests) + add_subdirectory(tests) + endif(NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") else() if(FSANITIZE) - target_link_libraries(sysinfo gcov) + target_link_libraries(sysinfo PRIVATE gcov) endif(FSANITIZE) add_subdirectory(testtool) -endif(UNIT_TEST) +endif(BUILD_TESTS) diff --git a/src/common/data_provider/include/sysInfo.h b/src/common/data_provider/include/sysInfo.h index 47639027d9..0ff86ed08d 100644 --- a/src/common/data_provider/include/sysInfo.h +++ b/src/common/data_provider/include/sysInfo.h @@ -13,27 +13,9 @@ #ifndef _SYS_INFO_H #define _SYS_INFO_H -// Define EXPORTED for any platform #include "commonDefs.h" -#ifdef WAZUH_UNIT_TESTING -#define EXPORTED -#else -#ifndef EXPORTED -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif -#endif -#endif -#include "cJSON.h" +#include #ifdef __cplusplus extern "C" { #endif @@ -45,7 +27,7 @@ extern "C" { * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_hardware(cJSON** js_result); +int sysinfo_hardware(cJSON** js_result); /** * @brief Obtains the installed packages information from the current OS being analyzed. @@ -54,7 +36,7 @@ EXPORTED int sysinfo_hardware(cJSON** js_result); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_packages(cJSON** js_result); +int sysinfo_packages(cJSON** js_result); /** * @brief Obtains the Operating System information from the current OS being analyzed. @@ -63,7 +45,7 @@ EXPORTED int sysinfo_packages(cJSON** js_result); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_os(cJSON** js_result); +int sysinfo_os(cJSON** js_result); /** * @brief Obtains the processes information from the current OS being analyzed. @@ -72,7 +54,7 @@ EXPORTED int sysinfo_os(cJSON** js_result); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_processes(cJSON** js_result); +int sysinfo_processes(cJSON** js_result); /** * @brief Obtains the network information from the current OS being analyzed. @@ -81,7 +63,7 @@ EXPORTED int sysinfo_processes(cJSON** js_result); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_networks(cJSON** js_result); +int sysinfo_networks(cJSON** js_result); /** * @brief Obtains the ports information from the current OS being analyzed. @@ -90,14 +72,14 @@ EXPORTED int sysinfo_networks(cJSON** js_result); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_ports(cJSON** js_result); +int sysinfo_ports(cJSON** js_result); /** * @brief Frees the \p js_data information. * * @param js_data Information to be freed. */ -EXPORTED void sysinfo_free_result(cJSON** js_data); +void sysinfo_free_result(cJSON** js_data); /** * @brief Obtains the processes information from the current OS being analyzed. @@ -106,7 +88,7 @@ EXPORTED void sysinfo_free_result(cJSON** js_data); * * return 0 on success, -1 otherwhise. */ -EXPORTED int sysinfo_processes_cb(callback_data_t cb); +int sysinfo_processes_cb(callback_data_t cb); /** * @brief Obtains the packages information from the current OS being analyzed. @@ -115,7 +97,7 @@ EXPORTED int sysinfo_processes_cb(callback_data_t cb); * * return 0 on success, -1 otherwhise. */ -EXPORTED int sysinfo_packages_cb(callback_data_t cb); +int sysinfo_packages_cb(callback_data_t cb); /** * @brief Obtains the hotfixes information from the current OS being analyzed. @@ -124,7 +106,7 @@ EXPORTED int sysinfo_packages_cb(callback_data_t cb); * * @return 0 on success, -1 otherwise. */ -EXPORTED int sysinfo_hotfixes(cJSON** js_result); +int sysinfo_hotfixes(cJSON** js_result); typedef int(*sysinfo_networks_func)(cJSON** jsresult); diff --git a/src/common/data_provider/include/sysInfo.hpp b/src/common/data_provider/include/sysInfo.hpp index 025d9a9a8c..ed3dd3a0b5 100644 --- a/src/common/data_provider/include/sysInfo.hpp +++ b/src/common/data_provider/include/sysInfo.hpp @@ -12,27 +12,14 @@ #ifndef _SYS_INFO_HPP #define _SYS_INFO_HPP -// Define EXPORTED for any platform -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif - -#include "sysInfoInterface.h" +#include "sysInfoInterface.hpp" constexpr auto KByte { 1024 }; -class EXPORTED SysInfo: public ISysInfo +class SysInfo: public ISysInfo { public: SysInfo() = default; diff --git a/src/common/data_provider/include/sysInfoInterface.h b/src/common/data_provider/include/sysInfoInterface.hpp similarity index 97% rename from src/common/data_provider/include/sysInfoInterface.h rename to src/common/data_provider/include/sysInfoInterface.hpp index 4ea2caa75f..3d5ee318ef 100644 --- a/src/common/data_provider/include/sysInfoInterface.h +++ b/src/common/data_provider/include/sysInfoInterface.hpp @@ -12,7 +12,7 @@ #ifndef _SYS_INFO_INTERFACE #define _SYS_INFO_INTERFACE -#include "json.hpp" +#include class ISysInfo { diff --git a/src/common/data_provider/src/hardware/factoryHardwareFamilyCreator.h b/src/common/data_provider/src/hardware/factoryHardwareFamilyCreator.h index 137a274247..bc62577773 100644 --- a/src/common/data_provider/src/hardware/factoryHardwareFamilyCreator.h +++ b/src/common/data_provider/src/hardware/factoryHardwareFamilyCreator.h @@ -13,7 +13,7 @@ #define _FACTORY_HARDWARE_FAMILY_CREATOR_H #include -#include "json.hpp" +#include #include "hardwareInterface.h" #include "hardwareWrapperInterface.h" #include "hardwareImplMac.h" diff --git a/src/common/data_provider/src/hardware/hardwareInterface.h b/src/common/data_provider/src/hardware/hardwareInterface.h index 33525165d1..9cef10b41d 100644 --- a/src/common/data_provider/src/hardware/hardwareInterface.h +++ b/src/common/data_provider/src/hardware/hardwareInterface.h @@ -12,7 +12,7 @@ #ifndef _HARDWARE_INTERFACE_H #define _HARDWARE_INTERFACE_H -#include "json.hpp" +#include class IOSHardware { diff --git a/src/common/data_provider/src/network/inetworkInterface.h b/src/common/data_provider/src/network/inetworkInterface.h index c2a3830892..879299c6a3 100644 --- a/src/common/data_provider/src/network/inetworkInterface.h +++ b/src/common/data_provider/src/network/inetworkInterface.h @@ -12,7 +12,7 @@ #ifndef _NETWORK_INTERFACE_H #define _NETWORK_INTERFACE_H -#include "json.hpp" +#include class IOSNetwork { @@ -36,4 +36,4 @@ struct LinkStats unsigned int txDropped; /* no space available in linux */ }; -#endif // _NETWORK_INTERFACE_H \ No newline at end of file +#endif // _NETWORK_INTERFACE_H diff --git a/src/common/data_provider/src/network/networkBSDWrapper.h b/src/common/data_provider/src/network/networkBSDWrapper.h index 7456fe9582..1edf6513be 100644 --- a/src/common/data_provider/src/network/networkBSDWrapper.h +++ b/src/common/data_provider/src/network/networkBSDWrapper.h @@ -25,7 +25,6 @@ #include #include "inetworkWrapper.h" #include "networkHelper.h" -#include "makeUnique.h" #include "sharedDefs.h" #include "stringHelper.h" diff --git a/src/common/data_provider/src/network/networkFamilyDataAFactory.h b/src/common/data_provider/src/network/networkFamilyDataAFactory.h index 5502e75df2..0935d0585f 100644 --- a/src/common/data_provider/src/network/networkFamilyDataAFactory.h +++ b/src/common/data_provider/src/network/networkFamilyDataAFactory.h @@ -13,11 +13,10 @@ #define _NETWORK_FAMILY_DATA_AFACTORY_H #include -#include "json.hpp" +#include #include "networkInterfaceLinux.h" #include "networkInterfaceBSD.h" #include "networkInterfaceWindows.h" -#include "networkInterfaceSolaris.h" #include "sharedDefs.h" template @@ -63,14 +62,4 @@ class FactoryNetworkFamilyCreator final } }; -template <> -class FactoryNetworkFamilyCreator final -{ - public: - static std::shared_ptr create(const std::shared_ptr& interfaceWrapper) - { - return FactorySolarisNetwork::create(interfaceWrapper); - } -}; - #endif // _NETWORK_FAMILY_DATA_AFACTORY_H diff --git a/src/common/data_provider/src/network/networkInterfaceLinux.h b/src/common/data_provider/src/network/networkInterfaceLinux.h index a8652b5e50..18c5f5386e 100644 --- a/src/common/data_provider/src/network/networkInterfaceLinux.h +++ b/src/common/data_provider/src/network/networkInterfaceLinux.h @@ -39,4 +39,4 @@ class LinuxNetworkImpl final : public IOSNetwork } }; -#endif // _NETWORK_LINUX_H \ No newline at end of file +#endif // _NETWORK_LINUX_H diff --git a/src/common/data_provider/src/network/networkInterfaceSolaris.cpp b/src/common/data_provider/src/network/networkInterfaceSolaris.cpp deleted file mode 100644 index 9f9daa157e..0000000000 --- a/src/common/data_provider/src/network/networkInterfaceSolaris.cpp +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * December 21, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "networkInterfaceSolaris.h" -#include "sys/socket.h" - - -std::shared_ptr FactorySolarisNetwork::create(const std::shared_ptr& interfaceWrapper) -{ - std::shared_ptr ret; - - if (interfaceWrapper) - { - const auto family { interfaceWrapper->family() }; - - if (AF_INET == family) - { - ret = std::make_shared>(interfaceWrapper); - } - else if (AF_INET6 == family) - { - ret = std::make_shared>(interfaceWrapper); - } - else if (AF_UNSPEC == family) - { - ret = std::make_shared>(interfaceWrapper); - } - - // else: unknown family - } - else - { - throw std::runtime_error { "Error nullptr interfaceWrapper instance." }; - } - - return ret; -} - -template <> -void SolarisNetworkImpl::buildNetworkData(nlohmann::json& network) -{ - const auto address { m_interfaceAddress->address() }; - - if (!address.empty()) - { - nlohmann::json ipv4JS { }; - ipv4JS["address"] = address; - ipv4JS["netmask"] = m_interfaceAddress->netmask(); - ipv4JS["broadcast"] = m_interfaceAddress->broadcast(); - ipv4JS["metric"] = m_interfaceAddress->metrics(); - ipv4JS["dhcp"] = m_interfaceAddress->dhcp(); - - network["IPv4"].push_back(ipv4JS); - } - else - { - throw std::runtime_error { "Invalid IpV4 address." }; - } -} -template <> -void SolarisNetworkImpl::buildNetworkData(nlohmann::json& network) -{ - const auto address { m_interfaceAddress->addressV6() }; - - if (!address.empty()) - { - nlohmann::json ipv6JS {}; - ipv6JS["address"] = address; - ipv6JS["netmask"] = m_interfaceAddress->netmaskV6(); - ipv6JS["broadcast"] = m_interfaceAddress->broadcastV6(); - ipv6JS["metric"] = m_interfaceAddress->metricsV6(); - ipv6JS["dhcp"] = m_interfaceAddress->dhcp(); - - network["IPv6"].push_back(ipv6JS); - } - else - { - throw std::runtime_error { "Invalid IpV6 address." }; - } -} - -template <> -void SolarisNetworkImpl::buildNetworkData(nlohmann::json& network) -{ - // Extraction of common adapter data - network["name"] = m_interfaceAddress->name(); - network["adapter"] = m_interfaceAddress->adapter(); - network["state"] = m_interfaceAddress->state(); - network["type"] = m_interfaceAddress->type(); - network["mac"] = m_interfaceAddress->MAC(); - - const auto stats { m_interfaceAddress->stats() }; - network["tx_packets"] = stats.txPackets; - network["rx_packets"] = stats.rxPackets; - network["tx_bytes"] = stats.txBytes; - network["rx_bytes"] = stats.rxBytes; - network["tx_errors"] = stats.txErrors; - network["rx_errors"] = stats.rxErrors; - network["tx_dropped"] = stats.txDropped; - network["rx_dropped"] = stats.rxDropped; - - network["mtu"] = m_interfaceAddress->mtu(); - network["gateway"] = m_interfaceAddress->gateway(); -} diff --git a/src/common/data_provider/src/network/networkInterfaceSolaris.h b/src/common/data_provider/src/network/networkInterfaceSolaris.h deleted file mode 100644 index c83a00755b..0000000000 --- a/src/common/data_provider/src/network/networkInterfaceSolaris.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * December 21, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _NETWORK_INTERFACE_SOLARIS_H -#define _NETWORK_INTERFACE_SOLARIS_H -#include - -#include "inetworkInterface.h" -#include "inetworkWrapper.h" - -class FactorySolarisNetwork -{ - public: - static std::shared_ptrcreate(const std::shared_ptr& interfaceWrapper); -}; - -template -class SolarisNetworkImpl final : public IOSNetwork -{ - std::shared_ptr m_interfaceAddress; - public: - explicit SolarisNetworkImpl(const std::shared_ptr& interfaceAddress) - : m_interfaceAddress(interfaceAddress) - { } - // LCOV_EXCL_START - ~SolarisNetworkImpl() = default; - // LCOV_EXCL_STOP - void buildNetworkData(nlohmann::json& /*network*/) override - { - throw std::runtime_error { "Specialization not implemented" }; - } -}; - -#endif // _NETWORK_INTERFACE_SOLARIS_H diff --git a/src/common/data_provider/src/network/networkInterfaceWindows.h b/src/common/data_provider/src/network/networkInterfaceWindows.h index 70bd04e255..bd91f9ab5c 100644 --- a/src/common/data_provider/src/network/networkInterfaceWindows.h +++ b/src/common/data_provider/src/network/networkInterfaceWindows.h @@ -38,4 +38,4 @@ class WindowsNetworkImpl final : public IOSNetwork } }; -#endif // _NETWORK_INTERFACE_WINDOWS_H \ No newline at end of file +#endif // _NETWORK_INTERFACE_WINDOWS_H diff --git a/src/common/data_provider/src/network/networkSolarisHelper.cpp b/src/common/data_provider/src/network/networkSolarisHelper.cpp deleted file mode 100644 index 1d552d6576..0000000000 --- a/src/common/data_provider/src/network/networkSolarisHelper.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * December 16, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include "networkSolarisHelper.hpp" -#include "UtilsWrapperUnix.hpp" -#include - -int NetworkSolarisHelper::getInterfacesCount(int fd, sa_family_t family) -{ - auto interfaceCount { 0 }; - - struct lifnum ifn = { .lifn_family = family, .lifn_flags = 0, .lifn_count = 0 }; - - UtilsWrapperUnix::ioctl(fd, SIOCGLIFNUM, reinterpret_cast(&ifn)); - interfaceCount = ifn.lifn_count; - return interfaceCount; -} - -void NetworkSolarisHelper::getInterfacesConfig(int fd, lifconf& networkInterfacesConf) -{ - UtilsWrapperUnix::ioctl(fd, SIOCGLIFCONF, reinterpret_cast(&networkInterfacesConf)); -} diff --git a/src/common/data_provider/src/network/networkSolarisHelper.hpp b/src/common/data_provider/src/network/networkSolarisHelper.hpp deleted file mode 100644 index d39d6e7ff8..0000000000 --- a/src/common/data_provider/src/network/networkSolarisHelper.hpp +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * December 16, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _NETWORK_SOLARIS_HELPER_H -#define _NETWORK_SOLARIS_HELPER_H - -#include - -class NetworkSolarisHelper final -{ - public: - static int getInterfacesCount(int fd, sa_family_t family); - static void getInterfacesConfig(int fd, lifconf& networkInterface); -}; - -#endif //_NETWORK_SOLARIS_HELPER_H diff --git a/src/common/data_provider/src/network/networkSolarisWrapper.hpp b/src/common/data_provider/src/network/networkSolarisWrapper.hpp deleted file mode 100644 index 106af37adf..0000000000 --- a/src/common/data_provider/src/network/networkSolarisWrapper.hpp +++ /dev/null @@ -1,431 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * December 25, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _NETWORK_SOLARIS_WRAPPER_H -#define _NETWORK_SOLARIS_WRAPPER_H - -#include -#include -#include -#include -#include -#include - -#include "inetworkWrapper.h" -#include "UtilsWrapperUnix.hpp" -#include "sharedDefs.h" -#include "networkHelper.h" -#include "cmdHelper.h" -#include "stringHelper.h" - -enum ROUTING_FIELDS -{ - ROUTING_DESTINATION, - ROUTING_GATEWAY, - ROUTING_FLAGS, - ROUTING_REF, - ROUTING_USE, - ROUTING_IFACE_NAME, - ROUTING_SIZE_FIELDS -}; - -enum MAC_FIELDS -{ - MAC_FIELD_NAME, - MAC_ADDRESS, - MAC_SIZE_FIELDS -}; - -class NetworkSolarisInterface final : public INetworkInterfaceWrapper -{ - lifreq* m_networkInterface; - const int m_fileDescriptor; - const sa_family_t m_family; - const uint64_t m_interfaceFlags; - - public: - explicit NetworkSolarisInterface(const sa_family_t family, int fd, std::pair interface) - : m_networkInterface {interface.first} - , m_fileDescriptor {fd} - , m_family {family} - , m_interfaceFlags {interface.second} - { - } - - std::string name() const override - { - return m_networkInterface->lifr_name ? m_networkInterface->lifr_name : ""; - } - - std::string adapter() const override - { - return ""; - } - - int family() const override - { - return m_family; - } - - std::string address() const override - { - std::string address; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFADDR, reinterpret_cast(m_networkInterface)); - struct sockaddr_in* data = reinterpret_cast(&m_networkInterface->lifr_addr); - address = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin_addr); - } - catch (...) - { - } - - return address; - } - - std::string netmask() const override - { - std::string address; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFNETMASK, reinterpret_cast(m_networkInterface)); - struct sockaddr_in* data = reinterpret_cast(&m_networkInterface->lifr_addr); - address = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin_addr); - } - catch (...) - { - } - - return address; - } - - std::string broadcast() const override - { - std::string retVal { UNKNOWN_VALUE }; - - if (m_interfaceFlags & IFF_BROADCAST) - { - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFBRDADDR, reinterpret_cast(m_networkInterface)); - struct sockaddr_in* data = reinterpret_cast(&m_networkInterface->lifr_broadaddr); - retVal = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin_addr); - } - catch (...) - { - } - } - - return retVal; - } - - std::string addressV6() const override - { - std::string address; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFADDR, reinterpret_cast(m_networkInterface)); - struct sockaddr_in6* data = reinterpret_cast(&m_networkInterface->lifr_addr); - address = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin6_addr); - } - catch (...) - { - } - - return address; - } - - std::string netmaskV6() const override - { - std::string address; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFNETMASK, reinterpret_cast(m_networkInterface)); - struct sockaddr_in6* data = reinterpret_cast(&m_networkInterface->lifr_addr); - address = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin6_addr); - } - catch (...) - { - } - - return address; - } - - std::string broadcastV6() const override - { - std::string retVal; - - if (m_interfaceFlags & IFF_BROADCAST) - { - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFBRDADDR, reinterpret_cast(m_networkInterface)); - struct sockaddr_in6* data = reinterpret_cast(&m_networkInterface->lifr_addr); - retVal = Utils::NetworkHelper::IAddressToBinary(this->family(), &data->sin6_addr); - } - catch (...) - { - } - } - - return retVal; - } - - std::string gateway() const override - { - std::string retVal; - const auto buffer { Utils::exec("netstat -rn") }; - - if (!buffer.empty()) - { - const auto lines { Utils::split(buffer, '\n') }; - - for (auto line : lines) - { - Utils::replaceAll(line, " ", " "); - const auto fields { Utils::split(line, ' ') }; - - if (fields.size() == ROUTING_SIZE_FIELDS && fields.front().compare("default") == 0) - { - if (fields[ROUTING_IFACE_NAME].compare(this->name()) == 0) - { - retVal = fields[ROUTING_GATEWAY]; - } - - break; - } - } - } - - return retVal; - } - - std::string metrics() const override - { - std::string metric; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFMETRIC, reinterpret_cast(m_networkInterface)); - metric = std::to_string(m_networkInterface->lifr_metric); - } - catch (...) - { - } - - return metric; - } - - std::string metricsV6() const override - { - std::string metric; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFMETRIC, reinterpret_cast(m_networkInterface)); - metric = std::to_string(m_networkInterface->lifr_metric); - } - catch (const std::exception& e) - { - std::cerr << e.what() << '\n'; - } - - return metric; - } - - std::string dhcp() const override - { - return m_interfaceFlags & IFF_DHCPRUNNING ? "enabled" : "disabled"; - } - - uint32_t mtu() const override - { - uint32_t retVal { 0 }; - - try - { - UtilsWrapperUnix::ioctl(m_fileDescriptor, SIOCGLIFMTU, reinterpret_cast(m_networkInterface)); - retVal = m_networkInterface->lifr_mtu; - } - catch (...) - { - } - - return retVal; - } - - LinkStats stats() const override - { - auto buffer { Utils::exec("kstat -n " + this->name() + " -c net", 256) }; - LinkStats statistic { 0, 0, 0, 0, 0, 0, 0, 0 }; - - if (!buffer.empty()) - { - constexpr auto RX_PACKET_INDEX { "ipackets64" }; - constexpr auto RX_BYTES_INDEX { "rbytes64" }; - constexpr auto TX_PACKET_INDEX { "opackets64" }; - constexpr auto TX_BYTES_INDEX { "obytes64" }; - constexpr auto RX_DROPS_INDEX { "dl_idrops" }; - constexpr auto TX_DROPS_INDEX { "dl_odrops" }; - constexpr auto RX_ERRORS_INDEX { "ierrors" }; - constexpr auto TX_ERRORS_INDEX { "oerrors" }; - - std::map data; - auto value { 0 }; - size_t valueSize { 0 }; - auto lines { Utils::split(buffer, '\n') }; - - lines.erase(lines.begin()); - lines.erase(lines.begin()); - lines.erase(lines.end()); - - try - { - for (auto& line : lines) - { - Utils::replaceAll(line, "\t", " "); - Utils::replaceAll(line, " ", " "); - auto fields { Utils::split(line, ' ') }; - - value = std::stoi(fields.back(), &valueSize); - - if (fields.back().size() == valueSize) - { - data[fields.at(1)] = value; - } - else - { - data[fields.at(1)] = 0; - } - } - } - catch (...) - { - } - - auto it {data.find(RX_PACKET_INDEX)}; - - statistic.rxPackets = static_cast( it != data.end() ? data.at(RX_PACKET_INDEX) : 0); - it = data.find(RX_BYTES_INDEX); - statistic.rxBytes = static_cast( it != data.end() ? data.at(RX_BYTES_INDEX) : 0); - it = data.find(TX_PACKET_INDEX); - statistic.txPackets = static_cast( it != data.end() ? data.at(TX_PACKET_INDEX) : 0); - it = data.find(TX_BYTES_INDEX); - statistic.txBytes = static_cast( it != data.end() ? data.at(TX_BYTES_INDEX) : 0); - it = data.find(RX_DROPS_INDEX); - statistic.rxDropped = static_cast( it != data.end() ? data.at(RX_DROPS_INDEX) : 0); - it = data.find(TX_DROPS_INDEX); - statistic.txDropped = static_cast( it != data.end() ? data.at(TX_DROPS_INDEX) : 0); - it = data.find(RX_ERRORS_INDEX); - statistic.rxErrors = static_cast( it != data.end() ? data.at(RX_ERRORS_INDEX) : 0); - it = data.find(TX_ERRORS_INDEX); - statistic.txErrors = static_cast( it != data.end() ? data.at(TX_ERRORS_INDEX) : 0); - } - - return statistic; - } - - std::string type() const override - { - const auto buffer { Utils::exec("dladm show-phys " + this->name(), 512) }; - constexpr auto COLUMN_TYPE_INTERFACE { "MEDIA" }; - std::string type; - - if (!buffer.empty() && (buffer.find("unknown subcommand") == std::string::npos)) - { - auto lines { Utils::split(buffer, '\n') }; - std::vector headers; - std::vector values; - - for (auto line : lines) - { - Utils::replaceAll(line, "\t", ""); - Utils::replaceAll(line, " ", " "); - - if (headers.size() == 0) - { - headers = Utils::split(line, ' '); - } - else - { - values = Utils::split(line, ' '); - } - } - - try - { - const auto it = std::find(headers.begin(), headers.end(), COLUMN_TYPE_INTERFACE); - - if (it != headers.end() && values.size() > static_cast(it - headers.begin())) - { - type = values.at(it - headers.begin()); - } - } - catch (...) - { - } - } - - return type; - } - - std::string state() const override - { - return m_interfaceFlags & IFF_UP ? "up" : "down"; - } - - std::string MAC() const override - { - std::string mac { UNKNOWN_VALUE }; - const auto buffer { Utils::exec("ifconfig " + this->name()) }; - - if (!buffer.empty()) - { - const auto lines { Utils::split(buffer, '\n') }; - - for (auto line : lines) - { - Utils::replaceAll(line, "\t", ""); - const auto fields { Utils::split(line, ' ') }; - - if (fields.size() == MAC_SIZE_FIELDS && fields.front().compare("ether") == 0) - { - auto components { Utils::split(fields[MAC_ADDRESS], ':') }; - std::stringstream value { }; - - value << std::hex << std::setfill('0'); - - for (auto& item : components) - { - std::transform(item.begin(), item.end(), item.begin(), ::toupper); - value << std::setw(2) << item; - - if (&item != &components.back()) - { - value << ":"; - } - } - - mac = value.str(); - break; - } - } - } - - return mac; - } -}; - -#endif // _NETWORK_SOLARIS_WRAPPER_H diff --git a/src/common/data_provider/src/network/networkWindowsWrapper.h b/src/common/data_provider/src/network/networkWindowsWrapper.h index dedec064c3..5deb35317e 100644 --- a/src/common/data_provider/src/network/networkWindowsWrapper.h +++ b/src/common/data_provider/src/network/networkWindowsWrapper.h @@ -19,7 +19,6 @@ #include #include "windowsHelper.h" #include "inetworkWrapper.h" -#include "makeUnique.h" #include "sharedDefs.h" static const std::map NETWORK_INTERFACE_TYPES = diff --git a/src/common/data_provider/src/osinfo/sysOsInfoInterface.h b/src/common/data_provider/src/osinfo/sysOsInfoInterface.h index 95c926783d..ee709e0ddd 100644 --- a/src/common/data_provider/src/osinfo/sysOsInfoInterface.h +++ b/src/common/data_provider/src/osinfo/sysOsInfoInterface.h @@ -14,7 +14,7 @@ #include #include -#include "json.hpp" +#include class ISysOsInfoProvider { @@ -55,4 +55,4 @@ class SysOsInfo } }; -#endif //_SYS_OS_INFO_INTERFACE_H \ No newline at end of file +#endif //_SYS_OS_INFO_INTERFACE_H diff --git a/src/common/data_provider/src/osinfo/sysOsInfoWin.h b/src/common/data_provider/src/osinfo/sysOsInfoWin.h index ec22a0c31f..6932e121a6 100644 --- a/src/common/data_provider/src/osinfo/sysOsInfoWin.h +++ b/src/common/data_provider/src/osinfo/sysOsInfoWin.h @@ -41,7 +41,4 @@ class SysOsInfoProviderWindows final : public ISysOsInfoProvider const std::string m_nodeName; }; - - - -#endif //_SYS_OS_INFO_WINDOWS_H \ No newline at end of file +#endif //_SYS_OS_INFO_WINDOWS_H diff --git a/src/common/data_provider/src/osinfo/sysOsParsers.cpp b/src/common/data_provider/src/osinfo/sysOsParsers.cpp index 956a2a0d75..2c419d5576 100644 --- a/src/common/data_provider/src/osinfo/sysOsParsers.cpp +++ b/src/common/data_provider/src/osinfo/sysOsParsers.cpp @@ -254,14 +254,6 @@ bool DebianOsParser::parseFile(std::istream& in, nlohmann::json& output) return findVersionInStream(in, output, PATTERN_MATCH); } -bool ArchOsParser::parseFile(std::istream& in, nlohmann::json& output) -{ - constexpr auto PATTERN_MATCH{R"([0-9].*\.[0-9]*)"}; - output["os_name"] = "Arch Linux"; - output["os_platform"] = "arch"; - return findVersionInStream(in, output, PATTERN_MATCH); -} - bool SlackwareOsParser::parseFile(std::istream& in, nlohmann::json& output) { constexpr auto PATTERN_MATCH{R"([0-9].*\.[0-9]*)"}; @@ -313,63 +305,6 @@ bool FedoraOsParser::parseFile(std::istream& in, nlohmann::json& output) return ret; } -bool SolarisOsParser::parseFile(std::istream& in, nlohmann::json& output) -{ - const std::string HEADER_STRING{"Solaris "}; - output["os_name"] = "SunOS"; - output["os_platform"] = "sunos"; - std::string line; - size_t pos{std::string::npos}; - - while (pos == std::string::npos && std::getline(in, line)) - { - line = Utils::trim(line); - pos = line.find(HEADER_STRING); - - if (std::string::npos != pos) - { - line = line.substr(pos + HEADER_STRING.size()); - pos = line.find(" "); - - if (pos != std::string::npos) - { - line = line.substr(0, pos); - } - - output["os_version"] = Utils::trim(line); - findMajorMinorVersionInString(Utils::trim(line), output); - } - } - - return std::string::npos == pos ? false : true; -} - -bool HpUxOsParser::parseUname(const std::string& in, nlohmann::json& output) -{ - constexpr auto PATTERN_MATCH{R"(B\.([0-9].*\.[0-9]*))"}; - std::string match; - std::regex pattern{PATTERN_MATCH}; - const auto ret {Utils::findRegexInString(in, match, pattern, 1)}; - - if (ret) - { - output["os_version"] = match; - findMajorMinorVersionInString(match, output); - } - - output["os_name"] = "HP-UX"; - output["os_platform"] = "hp-ux"; - return ret; -} - -bool AlpineOsParser::parseFile(std::istream& in, nlohmann::json& output) -{ - constexpr auto PATTERN_MATCH{R"((?:[0-9]+\.)?(?:[0-9]+\.)?(?:[0-9]+))"}; - output["os_name"] = "Alpine Linux"; - output["os_platform"] = "alpine"; - return findVersionInStream(in, output, PATTERN_MATCH); -} - bool MacOsParser::parseSwVersion(const std::string& in, nlohmann::json& output) { constexpr auto SEPARATOR{':'}; diff --git a/src/common/data_provider/src/osinfo/sysOsParsers.h b/src/common/data_provider/src/osinfo/sysOsParsers.h index 448dcee08b..99b674cae1 100644 --- a/src/common/data_provider/src/osinfo/sysOsParsers.h +++ b/src/common/data_provider/src/osinfo/sysOsParsers.h @@ -13,7 +13,7 @@ #define _SYS_OS_PARSERS_H #include -#include "json.hpp" +#include struct ISysOsParser { @@ -78,14 +78,6 @@ class DebianOsParser : public ISysOsParser bool parseFile(std::istream& in, nlohmann::json& output) override; }; -class ArchOsParser : public ISysOsParser -{ - public: - ArchOsParser() = default; - ~ArchOsParser() = default; - bool parseFile(std::istream& in, nlohmann::json& output) override; -}; - class SlackwareOsParser : public ISysOsParser { public: @@ -118,30 +110,6 @@ class FedoraOsParser : public ISysOsParser bool parseFile(std::istream& in, nlohmann::json& output) override; }; -class SolarisOsParser : public ISysOsParser -{ - public: - SolarisOsParser() = default; - ~SolarisOsParser() = default; - bool parseFile(std::istream& in, nlohmann::json& output) override; -}; - -class HpUxOsParser : public ISysOsParser -{ - public: - HpUxOsParser() = default; - ~HpUxOsParser() = default; - bool parseUname(const std::string& in, nlohmann::json& output) override; -}; - -class AlpineOsParser : public ISysOsParser -{ - public: - AlpineOsParser() = default; - ~AlpineOsParser() = default; - bool parseFile(std::istream& in, nlohmann::json& output) override; -}; - class MacOsParser { public: @@ -182,11 +150,6 @@ class FactorySysOsParser final return std::make_unique(); } - if (platform == "solaris") - { - return std::make_unique(); - } - if (platform == "debian") { return std::make_unique(); @@ -207,26 +170,11 @@ class FactorySysOsParser final return std::make_unique(); } - if (platform == "arch") - { - return std::make_unique(); - } - if (platform == "rhel") { return std::make_unique(); } - if (platform == "hp-ux") - { - return std::make_unique(); - } - - if (platform == "alpine") - { - return std::make_unique(); - } - throw std::runtime_error { "Unsupported platform." diff --git a/src/common/data_provider/src/packages/ipackageInterface.h b/src/common/data_provider/src/packages/ipackageInterface.h index fc1b253dde..23771bdef7 100644 --- a/src/common/data_provider/src/packages/ipackageInterface.h +++ b/src/common/data_provider/src/packages/ipackageInterface.h @@ -12,7 +12,7 @@ #ifndef _PACKAGE_INTERFACE_H #define _PACKAGE_INTERFACE_H -#include "json.hpp" +#include class IPackage { @@ -23,4 +23,4 @@ class IPackage virtual void buildPackageData(nlohmann::json& package) = 0; }; -#endif // _PACKAGE_INTERFACE_H \ No newline at end of file +#endif // _PACKAGE_INTERFACE_H diff --git a/src/common/data_provider/src/packages/macportsWrapper.h b/src/common/data_provider/src/packages/macportsWrapper.h index dd89ee0b8a..22fbae57b1 100644 --- a/src/common/data_provider/src/packages/macportsWrapper.h +++ b/src/common/data_provider/src/packages/macportsWrapper.h @@ -30,7 +30,7 @@ const std::map columnIndexes class MacportsWrapper final : public IPackageWrapper { public: - explicit MacportsWrapper(SQLite::IStatement& stmt) + explicit MacportsWrapper(SQLiteLegacy::IStatement& stmt) : m_version{UNKNOWN_VALUE} , m_groups {UNKNOWN_VALUE} , m_description {UNKNOWN_VALUE} @@ -110,7 +110,7 @@ class MacportsWrapper final : public IPackageWrapper return m_multiarch; } private: - void getPkgData(SQLite::IStatement& stmt) + void getPkgData(SQLiteLegacy::IStatement& stmt) { const int& columnsNumber = columnIndexes.size(); diff --git a/src/common/data_provider/src/packages/modernPackageDataRetriever.hpp b/src/common/data_provider/src/packages/modernPackageDataRetriever.hpp index 02d3811b81..fcf2333847 100644 --- a/src/common/data_provider/src/packages/modernPackageDataRetriever.hpp +++ b/src/common/data_provider/src/packages/modernPackageDataRetriever.hpp @@ -12,7 +12,7 @@ #ifndef _MODERN_PACKAGE_DATA_RETRIEVER_HPP #define _MODERN_PACKAGE_DATA_RETRIEVER_HPP -#include "json.hpp" +#include #include "sharedDefs.h" #include #include diff --git a/src/common/data_provider/src/packages/packageFamilyDataAFactory.h b/src/common/data_provider/src/packages/packageFamilyDataAFactory.h index e3ed4a9dd7..a4560f2457 100644 --- a/src/common/data_provider/src/packages/packageFamilyDataAFactory.h +++ b/src/common/data_provider/src/packages/packageFamilyDataAFactory.h @@ -13,9 +13,8 @@ #define _PACKAGE_FAMILY_DATA_AFACTORY_H #include -#include "json.hpp" +#include #include "packageMac.h" -#include "packageSolaris.h" #include "sharedDefs.h" template @@ -47,20 +46,10 @@ class FactoryPackageFamilyCreator final { return FactoryBSDPackage::create(ctx); } - static std::shared_ptr create(const std::pair& ctx) + static std::shared_ptr create(const std::pair& ctx) { return FactoryBSDPackage::create(ctx); } }; -template <> -class FactoryPackageFamilyCreator final -{ - public: - static std::shared_ptr create(const std::shared_ptr& packageWrapper) - { - return FactorySolarisPackage::create(packageWrapper); - } -}; - #endif // _PACKAGE_FAMILY_DATA_AFACTORY_H diff --git a/src/common/data_provider/src/packages/packageLinuxApkParserHelper.h b/src/common/data_provider/src/packages/packageLinuxApkParserHelper.h deleted file mode 100644 index 2b2ed235ef..0000000000 --- a/src/common/data_provider/src/packages/packageLinuxApkParserHelper.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015-2021, Wazuh Inc. - * January 03, 2023. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _PACKAGE_LINUX_APK_PARSER_HELPER_H -#define _PACKAGE_LINUX_APK_PARSER_HELPER_H - -#include "json.hpp" -#include "sharedDefs.h" -#include - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-function" - -namespace PackageLinuxHelper -{ - static const std::map> s_mapAlpineFields = - { - {'P', {typeid(std::string), "name"}}, - {'V', {typeid(std::string), "version"}}, - {'A', {typeid(std::string), "architecture"}}, - {'I', {typeid(int32_t), "size"}}, - {'T', {typeid(std::string), "description"}}, - }; - - static nlohmann::json parseApk(const std::vector>& entries) - { - nlohmann::json packageInfo; - - packageInfo["architecture"] = UNKNOWN_VALUE; - packageInfo["size"] = 0; - packageInfo["format"] = "apk"; - packageInfo["vendor"] = "Alpine Linux"; - packageInfo["install_time"] = UNKNOWN_VALUE; - packageInfo["location"] = UNKNOWN_VALUE; - packageInfo["groups"] = UNKNOWN_VALUE; - packageInfo["priority"] = UNKNOWN_VALUE; - packageInfo["source"] = UNKNOWN_VALUE; - // The multiarch field won't have a default value - - // Lambda to check if a string is empty and assign default value. - const auto loadData = [&packageInfo](const std::pair& key, - const std::string & value) - { - if (!value.empty()) - { - if (key.first == typeid(std::string)) - { - packageInfo[key.second] = value; - } - else if (key.first == typeid(int32_t)) - { - try - { - packageInfo[key.second] = std::stol(value); - } - catch (const std::exception&) - { - packageInfo[key.second] = 0; - } - } - } - }; - - for (const auto& item : entries) - { - loadData(s_mapAlpineFields.at(item.first), item.second); - } - - if (!packageInfo.contains("name") || - !packageInfo.contains("version")) - { - packageInfo.clear(); - } - - return packageInfo; - } -} - -#pragma GCC diagnostic pop - -#endif // _PACKAGE_LINUX_APK_PARSER_HELPER_H diff --git a/src/common/data_provider/src/packages/packageLinuxDataRetriever.h b/src/common/data_provider/src/packages/packageLinuxDataRetriever.h index 3a310ccdc4..830f0f6fe7 100644 --- a/src/common/data_provider/src/packages/packageLinuxDataRetriever.h +++ b/src/common/data_provider/src/packages/packageLinuxDataRetriever.h @@ -14,17 +14,10 @@ #include #include "filesystemHelper.h" -#include "json.hpp" +#include #include "sharedDefs.h" #include "utilsWrapperLinux.hpp" -/** - * @brief Fills a JSON object with all available pacman-related information - * @param libPath Path to pacman's database directory - * @param callback Callback to be called for every single element being found - */ -void getPacmanInfo(const std::string& libPath, std::function callback); - /** * @brief Fills a JSON object with all available rpm-related information * @param callback Callback to be called for every single element being found @@ -44,19 +37,11 @@ void getRpmInfoLegacy(std::function callback); */ void getDpkgInfo(const std::string& libPath, std::function callback); -/** - * @brief Fills a JSON object with all available apk-related information - * @param libPath Path to apk's database directory - * @param callback Callback to be called for every single element being found - */ -void getApkInfo(const std::string& libPath, std::function callback); - - /** * @brief Fills a JSON object with all available snap-related information * @param callback Callback to be called for every single element being found */ -void getSnapInfo(std::function callback); +// void getSnapInfo(std::function callback); // Exception template template @@ -84,25 +69,16 @@ class FactoryPackagesCreator final getDpkgInfo(DPKG_STATUS_PATH, callback); } - if (Utils::existsDir(PACMAN_PATH)) - { - getPacmanInfo(PACMAN_PATH, callback); - } - if (Utils::existsDir(RPM_PATH)) { getRpmInfo(callback); } - if (Utils::existsDir(APK_PATH)) - { - getApkInfo(APK_DB_PATH, callback); - } - - if (Utils::existsDir(SNAP_PATH)) - { - getSnapInfo(callback); - } + // TODO: Implment without http_request library + // if (Utils::existsDir(SNAP_PATH)) + // { + // getSnapInfo(callback); + // } } }; diff --git a/src/common/data_provider/src/packages/packageLinuxParserApk.cpp b/src/common/data_provider/src/packages/packageLinuxParserApk.cpp deleted file mode 100644 index 9b9496f003..0000000000 --- a/src/common/data_provider/src/packages/packageLinuxParserApk.cpp +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * December 19, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "json.hpp" -#include -#include "packageLinuxApkParserHelper.h" - -void getApkInfo(const std::string& fileName, std::function callback) -{ - std::ifstream apkDb(fileName); - std::string line {}; - std::vector> data; - - // https://wiki.alpinelinux.org/wiki/Apk_spec#APKINDEX_Format - std::array keys{'P', 'V', 'A', 'I', 'T'}; - const auto separator = ':'; - - if (apkDb.is_open()) - { - while (getline(apkDb, line)) - { - if (!line.empty()) - { - if (std::find(std::cbegin(keys), std::cend(keys), line.front()) != std::cend(keys)) - { - data.emplace_back(line.front(), line.substr(line.find_first_of(separator) + 1)); - } - } - else - { - auto packageInfo = PackageLinuxHelper::parseApk(data); - data.clear(); - - if (!packageInfo.empty()) - { - callback(packageInfo); - } - } - } - } -} diff --git a/src/common/data_provider/src/packages/packageLinuxParserExtra.cpp b/src/common/data_provider/src/packages/packageLinuxParserExtra.cpp deleted file mode 100644 index 62bab5b234..0000000000 --- a/src/common/data_provider/src/packages/packageLinuxParserExtra.cpp +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * April 16, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "sharedDefs.h" -#include -#include -#include "packageLinuxParserHelperExtra.h" - - -struct AlmpDeleter final -{ - void operator()(alpm_handle_t* pArchHandle) - { - alpm_release(pArchHandle); - } -}; - -void getPacmanInfo(const std::string& libPath, std::function callback) -{ - constexpr auto ROOT_PATH {"/"}; - alpm_errno_t err {ALPM_ERR_OK}; - auto pArchHandle {alpm_initialize(ROOT_PATH, libPath.c_str(), &err)}; - - if (!pArchHandle) - { - throw std::runtime_error - { - std::string{"alpm_initialize failure: "} + alpm_strerror(err) - }; - } - - const std::unique_ptr spDbHandle{pArchHandle}; - auto pDbLocal {alpm_get_localdb(spDbHandle.get())}; - - if (!pDbLocal) - { - throw std::runtime_error - { - std::string{"alpm_get_localdb failure: "} + alpm_strerror(alpm_errno(spDbHandle.get())) - }; - } - - for (auto pArchItem{alpm_db_get_pkgcache(pDbLocal)}; pArchItem; pArchItem = alpm_list_next(pArchItem)) - { - auto packageInfo = PackageLinuxHelper::parsePacman(pArchItem); - - if (!packageInfo.empty()) - { - callback(packageInfo); - } - } -} diff --git a/src/common/data_provider/src/packages/packageLinuxParserHelper.h b/src/common/data_provider/src/packages/packageLinuxParserHelper.h index 13966a4779..3b8e48769b 100644 --- a/src/common/data_provider/src/packages/packageLinuxParserHelper.h +++ b/src/common/data_provider/src/packages/packageLinuxParserHelper.h @@ -14,7 +14,7 @@ #include "sharedDefs.h" #include "stringHelper.h" -#include "json.hpp" +#include #include "timeHelper.h" #include "sharedDefs.h" @@ -91,7 +91,7 @@ namespace PackageLinuxHelper if (it != info.end()) { - size = stol(it->second); + size = stol(it->second) * 1024; } it = info.find("Multi-Arch"); diff --git a/src/common/data_provider/src/packages/packageLinuxParserHelperExtra.h b/src/common/data_provider/src/packages/packageLinuxParserHelperExtra.h deleted file mode 100644 index 0ff307e2f8..0000000000 --- a/src/common/data_provider/src/packages/packageLinuxParserHelperExtra.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * January 28, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _PACKAGE_LINUX_PARSER_HELPER_EXTRA_H -#define _PACKAGE_LINUX_PARSER_HELPER_EXTRA_H - -#include -#include "sharedDefs.h" -#include "cmdHelper.h" -#include "stringHelper.h" -#include "json.hpp" -#include "timeHelper.h" -#include -#include - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-function" - - -// Parse helper for partially incompatible Linux packaging systems (pacman, ...) -namespace PackageLinuxHelper -{ - static nlohmann::json parsePacman(const alpm_list_t* pItem) - { - const auto pArchPkg{reinterpret_cast(pItem->data)}; - nlohmann::json packageInfo; - std::string groups; - static const auto alpmWrapper - { - [] (auto pkgData) - { - return pkgData ? pkgData : ""; - } - }; - - packageInfo["name"] = alpmWrapper(alpm_pkg_get_name(pArchPkg)); - packageInfo["size"] = alpm_pkg_get_isize(pArchPkg); - packageInfo["install_time"] = Utils::getTimestamp(static_cast(alpm_pkg_get_installdate(pArchPkg))); - - for (auto group{alpm_pkg_get_groups(pArchPkg)}; group; group = alpm_list_next(group)) - { - if (group->data) - { - const std::string groupString{reinterpret_cast(group->data)}; - groups += groupString + "-"; - } - } - - packageInfo["groups"] = groups.empty() ? UNKNOWN_VALUE : groups.substr(0, groups.size() - 1); - const std::string version = alpmWrapper(alpm_pkg_get_version(pArchPkg)); - packageInfo["version"] = version.empty() ? UNKNOWN_VALUE : version; - packageInfo["location"] = UNKNOWN_VALUE; - const std::string architecture = alpmWrapper(alpm_pkg_get_arch(pArchPkg)); - packageInfo["architecture"] = architecture.empty() ? UNKNOWN_VALUE : architecture; - packageInfo["priority"] = UNKNOWN_VALUE; - packageInfo["format"] = "pacman"; - packageInfo["vendor"] = "Arch Linux"; - packageInfo["source"] = UNKNOWN_VALUE; - const std::string description = alpmWrapper(alpm_pkg_get_desc(pArchPkg)); - packageInfo["description"] = description.empty() ? UNKNOWN_VALUE : description; - // The multiarch field won't have a default value - - return packageInfo; - } - -}; - -#pragma GCC diagnostic pop - -#endif // _PACKAGE_LINUX_PARSER_HELPER_EXTRA_H diff --git a/src/common/data_provider/src/packages/packageLinuxParserSnap.cpp b/src/common/data_provider/src/packages/packageLinuxParserSnap.cpp index 05ef33a6c2..67b542b401 100644 --- a/src/common/data_provider/src/packages/packageLinuxParserSnap.cpp +++ b/src/common/data_provider/src/packages/packageLinuxParserSnap.cpp @@ -10,34 +10,36 @@ #include "sharedDefs.h" #include "packageLinuxParserHelper.h" -#include "UNIXSocketRequest.hpp" -void getSnapInfo(std::function callback) -{ - UNIXSocketRequest::instance().get( - HttpUnixSocketURL("/run/snapd.socket", "http://localhost/v2/snaps"), - [&](const std::string & result) - { - auto feed = nlohmann::json::parse(result, nullptr, false).at("result"); +// TO DO: Replace UNIXSocketRequest and HttpUnixSocketURL +// #include "UNIXSocketRequest.hpp" - if (feed.is_discarded()) - { - std::cerr << "Error parsing JSON feed\n"; - } +// void getSnapInfo(std::function callback) +// { +// UNIXSocketRequest::instance().get( +// HttpUnixSocketURL("/run/snapd.socket", "http://localhost/v2/snaps"), +// [&](const std::string & result) +// { +// auto feed = nlohmann::json::parse(result, nullptr, false).at("result"); - for (const auto& entry : feed) - { - nlohmann::json mapping = PackageLinuxHelper::parseSnap(entry); +// if (feed.is_discarded()) +// { +// std::cerr << "Error parsing JSON feed\n"; +// } - if (!mapping.empty()) - { - callback(mapping); - } - } - }, - [&](const std::string & result, const long responseCode) - { - std::cerr << "Error retrieving packages using snap unix-socket (" << responseCode << ") " << result << "\n"; - }); -} +// for (const auto& entry : feed) +// { +// nlohmann::json mapping = PackageLinuxHelper::parseSnap(entry); + +// if (!mapping.empty()) +// { +// callback(mapping); +// } +// } +// }, +// [&](const std::string & result, const long responseCode) +// { +// std::cerr << "Error retrieving packages using snap unix-socket (" << responseCode << ") " << result << "\n"; +// }); +// } diff --git a/src/common/data_provider/src/packages/packageLinuxRpmParserHelper.h b/src/common/data_provider/src/packages/packageLinuxRpmParserHelper.h index 024a2738fe..f2f07afcbd 100644 --- a/src/common/data_provider/src/packages/packageLinuxRpmParserHelper.h +++ b/src/common/data_provider/src/packages/packageLinuxRpmParserHelper.h @@ -12,7 +12,7 @@ #ifndef _PACKAGE_LINUX_RPM_PARSER_HELPER_H #define _PACKAGE_LINUX_RPM_PARSER_HELPER_H -#include "json.hpp" +#include #include "rpmPackageManager.h" #include "sharedDefs.h" @@ -49,7 +49,7 @@ namespace PackageLinuxHelper ret["architecture"] = package.architecture; ret["source"] = UNKNOWN_VALUE; ret["format"] = "rpm"; - ret["vendor"] = package.vendor; + ret["vendor"] = package.vendor.empty() ? UNKNOWN_VALUE : package.vendor; ret["description"] = package.description; // The multiarch field won't have a default value } diff --git a/src/common/data_provider/src/packages/packageLinuxRpmParserHelperLegacy.h b/src/common/data_provider/src/packages/packageLinuxRpmParserHelperLegacy.h index 3053aa9051..dde90b7f4f 100644 --- a/src/common/data_provider/src/packages/packageLinuxRpmParserHelperLegacy.h +++ b/src/common/data_provider/src/packages/packageLinuxRpmParserHelperLegacy.h @@ -14,7 +14,7 @@ #include "sharedDefs.h" #include "stringHelper.h" -#include "json.hpp" +#include #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-function" diff --git a/src/common/data_provider/src/packages/packageMac.cpp b/src/common/data_provider/src/packages/packageMac.cpp index 00d86eafe2..8aa1c0f6c3 100644 --- a/src/common/data_provider/src/packages/packageMac.cpp +++ b/src/common/data_provider/src/packages/packageMac.cpp @@ -23,7 +23,7 @@ std::shared_ptr FactoryBSDPackage::create(const std::pair(std::make_shared(ctx.first)); } - else if (ctx.second == PKG) + else if (ctx.second == PKG || ctx.second == RCP) { ret = std::make_shared(std::make_shared(ctx.first)); } @@ -35,7 +35,7 @@ std::shared_ptr FactoryBSDPackage::create(const std::pair FactoryBSDPackage::create(const std::pair& ctx) +std::shared_ptr FactoryBSDPackage::create(const std::pair& ctx) { std::shared_ptr ret; diff --git a/src/common/data_provider/src/packages/packageMac.h b/src/common/data_provider/src/packages/packageMac.h index 987d09b168..23329c9863 100644 --- a/src/common/data_provider/src/packages/packageMac.h +++ b/src/common/data_provider/src/packages/packageMac.h @@ -27,7 +27,7 @@ class FactoryBSDPackage { public: static std::shared_ptrcreate(const std::pair& ctx); - static std::shared_ptrcreate(const std::pair& ctx); + static std::shared_ptrcreate(const std::pair& ctx); }; class BSDPackageImpl final : public IPackage diff --git a/src/common/data_provider/src/packages/packageSolaris.cpp b/src/common/data_provider/src/packages/packageSolaris.cpp deleted file mode 100644 index f815fb5f8d..0000000000 --- a/src/common/data_provider/src/packages/packageSolaris.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * January 11, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "packageSolaris.h" - -std::shared_ptr FactorySolarisPackage::create(const std::shared_ptr& pkgWrapper) -{ - return std::make_shared(pkgWrapper); -} - -SolarisPackageImpl::SolarisPackageImpl(const std::shared_ptr& packageWrapper) - : m_packageWrapper(packageWrapper) -{ } - -void SolarisPackageImpl::buildPackageData(nlohmann::json& package) -{ - package["name"] = m_packageWrapper->name(); - package["version"] = m_packageWrapper->version(); - package["groups"] = m_packageWrapper->groups(); - package["description"] = m_packageWrapper->description(); - package["architecture"] = m_packageWrapper->architecture(); - package["format"] = m_packageWrapper->format(); - package["source"] = m_packageWrapper->source(); - package["location"] = m_packageWrapper->location(); - package["priority"] = m_packageWrapper->priority(); - package["size"] = m_packageWrapper->size(); - package["vendor"] = m_packageWrapper->vendor(); - package["install_time"] = m_packageWrapper->install_time(); - // The multiarch field won't have a default value -} diff --git a/src/common/data_provider/src/packages/packageSolaris.h b/src/common/data_provider/src/packages/packageSolaris.h deleted file mode 100644 index 0104f36739..0000000000 --- a/src/common/data_provider/src/packages/packageSolaris.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * January 11, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - - -#ifndef _PACKAGE_SOLARIS_H -#define _PACKAGE_SOLARIS_H - -#include "ipackageInterface.h" -#include "ipackageWrapper.h" - -class FactorySolarisPackage -{ - public: - static std::shared_ptrcreate(const std::shared_ptr& pkgWrapper); -}; - -class SolarisPackageImpl final : public IPackage -{ - const std::shared_ptr m_packageWrapper; - - public: - explicit SolarisPackageImpl(const std::shared_ptr& packageWrapper); - - // LCOV_EXCL_START - ~SolarisPackageImpl() = default; - // LCOV_EXCL_STOP - - void buildPackageData(nlohmann::json& packge) override; -}; - -#endif // _PACKAGE_SOLARIS_H diff --git a/src/common/data_provider/src/packages/packagesNPM.hpp b/src/common/data_provider/src/packages/packagesNPM.hpp index 4acb9b1359..0ff98aab42 100644 --- a/src/common/data_provider/src/packages/packagesNPM.hpp +++ b/src/common/data_provider/src/packages/packagesNPM.hpp @@ -14,7 +14,7 @@ #include "fileSystem.hpp" #include "stdFileSystemHelper.hpp" -#include "json.hpp" +#include #include "jsonIO.hpp" #include "sharedDefs.h" #include diff --git a/src/common/data_provider/src/packages/packagesPYPI.hpp b/src/common/data_provider/src/packages/packagesPYPI.hpp index 15197ab492..f39d02dc9b 100644 --- a/src/common/data_provider/src/packages/packagesPYPI.hpp +++ b/src/common/data_provider/src/packages/packagesPYPI.hpp @@ -15,7 +15,7 @@ #include "fileIO.hpp" #include "fileSystem.hpp" #include "stdFileSystemHelper.hpp" -#include "json.hpp" +#include #include "sharedDefs.h" #include "stringHelper.h" #include diff --git a/src/common/data_provider/src/packages/packagesWindowsParserHelper.h b/src/common/data_provider/src/packages/packagesWindowsParserHelper.h index e131a82914..f024025dc3 100644 --- a/src/common/data_provider/src/packages/packagesWindowsParserHelper.h +++ b/src/common/data_provider/src/packages/packagesWindowsParserHelper.h @@ -13,7 +13,7 @@ #define _PACKAGES_WINDOWS_PARSER_HELPER_H #include -#include "json.hpp" +#include #include "registryHelper.h" #include "stringHelper.h" diff --git a/src/common/data_provider/src/packages/pkgWrapper.h b/src/common/data_provider/src/packages/pkgWrapper.h index 3fc2879cb1..8e5f3d4177 100644 --- a/src/common/data_provider/src/packages/pkgWrapper.h +++ b/src/common/data_provider/src/packages/pkgWrapper.h @@ -18,12 +18,13 @@ #include "stringHelper.h" #include "ipackageWrapper.h" #include "sharedDefs.h" -#include "plist/plist.h" +#include #include "filesystemHelper.h" static const std::string APP_INFO_PATH { "Contents/Info.plist" }; static const std::string PLIST_BINARY_START { "bplist00" }; static const std::string UTILITIES_FOLDER { "/Utilities" }; +const std::set excludedCategories = {"pkg", "x86_64", "arm64"}; class PKGWrapper final : public IPackageWrapper { @@ -41,7 +42,14 @@ class PKGWrapper final : public IPackageWrapper , m_vendor{UNKNOWN_VALUE} , m_installTime {UNKNOWN_VALUE} { - getPkgData(ctx.filePath + "/" + ctx.package + "/" + APP_INFO_PATH); + if (Utils::endsWith(ctx.package, ".app")) + { + getPkgData(ctx.filePath + "/" + ctx.package + "/" + APP_INFO_PATH); + } + else + { + getPkgDataRcp(ctx.filePath + "/" + ctx.package); + } } ~PKGWrapper() = default; @@ -227,6 +235,102 @@ class PKGWrapper final : public IPackageWrapper } } + void getPkgDataRcp(const std::string& filePath) + { + const auto isBinaryFnc + { + [&filePath]() + { + // If first line is "bplist00" it's a binary plist file + std::fstream file {filePath, std::ios_base::in}; + std::string line; + return std::getline(file, line) && Utils::startsWith(line, PLIST_BINARY_START); + } + }; + const auto isBinary { isBinaryFnc() }; + + static const auto getValueFnc + { + [](const std::string & val) + { + const auto start{val.find(">")}; + const auto end{val.rfind("<")}; + return val.substr(start + 1, end - start - 1); + } + }; + + const auto getDataFncRcp + { + [this, &filePath](std::istream & data) + { + std::string line; + + while (std::getline(data, line)) + { + line = Utils::trim(line, " \t"); + + if (line == "PackageIdentifier" && + std::getline(data, line)) + { + m_description = getValueFnc(line); + auto reverseDomainName = Utils::split(m_description, '.'); + + for (size_t i = 0; i < reverseDomainName.size(); i++) + { + if (i == 1) + { + m_vendor = reverseDomainName[i]; + } + else if (i > 1) + { + const std::string& current = reverseDomainName[i]; + + if (excludedCategories.find(current) == excludedCategories.end()) + { + if (!m_name.empty()) + { + m_name += "."; + } + + m_name += current; + } + } + } + } + else if (line == "PackageVersion" && + std::getline(data, line)) + { + m_version = getValueFnc(line); + } + else if (line == "InstallDate" && + std::getline(data, line)) + { + m_installTime = getValueFnc(line); + } + } + + m_multiarch = UNKNOWN_VALUE; + m_source = "receipts"; + m_location = filePath; + } + }; + + if (isBinary) + { + auto xmlContent { binaryToXML(filePath) }; + getDataFncRcp(xmlContent); + } + else + { + std::fstream file { filePath, std::ios_base::in }; + + if (file.is_open()) + { + getDataFncRcp(file); + } + } + } + std::stringstream binaryToXML(const std::string& filePath) { std::string xmlContent; @@ -250,7 +354,7 @@ class PKGWrapper final : public IPackageWrapper if (nullptr != xml) { xmlContent.assign(xml, xml + length); - plist_to_xml_free(xml); + plist_mem_free(xml); plist_free(rootNode); } } diff --git a/src/common/data_provider/src/packages/solarisWrapper.h b/src/common/data_provider/src/packages/solarisWrapper.h deleted file mode 100644 index 7dde0958a2..0000000000 --- a/src/common/data_provider/src/packages/solarisWrapper.h +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Wazuh SYSINFO - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _SOLARIS_WRAPPER_H -#define _SOLARIS_WRAPPER_H - -#include -#include -#include - -#include "ipackageWrapper.h" -#include "sharedDefs.h" -#include "stringHelper.h" - -constexpr auto NAME_FILE_INFO { "pkginfo" }; -constexpr auto NAME_FIELD { "PKG" }; -constexpr auto ARCH_FIELD { "ARCH" }; -constexpr auto VERSION_FIELD { "VERSION" }; -constexpr auto GROUPS_FIELD { "CATEGORY" }; -constexpr auto DESC_FIELD { "NAME" }; -constexpr auto LOCATION_FIELD { "SUNW_PKG_DIR" }; -constexpr auto VENDOR_FIELD { "VENDOR" }; -constexpr auto INSTALL_TIME_FIELD { "INSTDATE" }; - -// Date format is Oct 06 2015 08:51 -enum DateFormat -{ - MONTH_INDEX, - DAY_INDEX, - YEAR_INDEX, - TIME_INDEX, - DATE_FORMAT_SIZE -}; - -// VERSION=1.2.3,REVISION=1234 -enum VersionFields -{ - VERSION_VALUE_INDEX, - REVISION_KEY_VALUE_INDEX -}; - -static const std::map MONTH = -{ - {"Jan", "01"}, - {"Feb", "02"}, - {"Mar", "03"}, - {"Apr", "04"}, - {"May", "05"}, - {"Jun", "06"}, - {"Jul", "07"}, - {"Aug", "08"}, - {"Sep", "09"}, - {"Oct", "10"}, - {"Nov", "11"}, - {"Dec", "12"} -}; - -class SolarisWrapper final : public IPackageWrapper -{ - public: - SolarisWrapper(const std::string& pkgDirectory) - : m_format{"pkg"} - { - getPkgData(pkgDirectory); - } - - ~SolarisWrapper() = default; - - - std::string name() const override - { - std::string name; - auto it {m_data.find(NAME_FIELD)}; - - if (it != m_data.end()) - { - constexpr auto VENDOR_NAME_PKG_PATTERN { "^[A-Z+-]{1,4}" }; - std::regex namePkgRegex { VENDOR_NAME_PKG_PATTERN }; - std::smatch match; - name = it->second; - - if (std::regex_search(name, match, namePkgRegex)) - { - name = match.suffix(); - } - } - - return name; - } - - std::string version() const override - { - std::string version; - auto it {m_data.find(VERSION_FIELD)}; - - if (it != m_data.end()) - { - version = it->second; - const auto fields { Utils::split(version, ',') }; - - if (fields.size() > 1) - { - version = fields.at(VERSION_VALUE_INDEX); - } - } - - return version; - } - - std::string groups() const override - { - auto it {m_data.find(GROUPS_FIELD)}; - - return it != m_data.end() ? it->second : UNKNOWN_VALUE; - } - - std::string description() const override - { - auto it {m_data.find(DESC_FIELD)}; - - return it != m_data.end() ? it->second : UNKNOWN_VALUE; - } - - std::string architecture() const override - { - auto it {m_data.find(ARCH_FIELD)}; - - return it != m_data.end() ? it->second : UNKNOWN_VALUE; - } - - std::string format() const override - { - return m_format; - } - - std::string osPatch() const override - { - return UNKNOWN_VALUE; - } - - std::string source() const override - { - return UNKNOWN_VALUE; - } - - std::string location() const override - { - std::string retVal {UNKNOWN_VALUE}; - auto it {m_data.find(LOCATION_FIELD)}; - - if (it != m_data.end() && !it->second.empty()) - { - retVal = it->second; - } - - return retVal; - } - - std::string priority() const override - { - return UNKNOWN_VALUE; - } - - int size() const override - { - return 0; - } - - std::string vendor() const override - { - auto it {m_data.find(VENDOR_FIELD)}; - - return it != m_data.end() ? it->second : UNKNOWN_VALUE; - } - - std::string install_time() const override - { - std::stringstream installTime; - auto it { m_data.find(INSTALL_TIME_FIELD) }; - - if (it != m_data.end()) - { - const auto fields { Utils::split(it->second, ' ') }; - - try - { - installTime << std::setw(4) << std::setfill('0') << fields.at(YEAR_INDEX); - installTime << '/' << std::setw(2) << std::setfill('0') << MONTH.at(fields.at(MONTH_INDEX)); - installTime << '/' << std::setw(2) << std::setfill('0') << fields.at(DAY_INDEX); - installTime << ' ' << fields.at(TIME_INDEX) << ":00"; - } - catch (...) - { - } - } - - return installTime.str(); - } - - std::string multiarch() const override - { - return std::string(); - } - - private: - std::string m_format; - std::map m_data; - - void getPkgData(const std::string& pkgDirectory) - { - std::fstream file { pkgDirectory + "/" + NAME_FILE_INFO, std::ios_base::in }; - constexpr auto KEY { 0 }; - constexpr auto VALUE { 1 }; - - if (file.is_open()) - { - std::string line; - - while (file.good()) - { - std::getline(file, line); - // Convert 'line' to UTF-8 - Utils::ISO8859ToUTF8(line); - const auto fields { Utils::split(line, '=') }; - - if (fields.size() > 1) - { - m_data[fields.at(KEY)] = fields.at(VALUE); - } - - } - } - } -}; - -#endif // _SOLARIS_WRAPPER_H diff --git a/src/common/data_provider/src/ports/iportInterface.h b/src/common/data_provider/src/ports/iportInterface.h index 5d03a10fd2..f55da0251f 100644 --- a/src/common/data_provider/src/ports/iportInterface.h +++ b/src/common/data_provider/src/ports/iportInterface.h @@ -13,7 +13,7 @@ #define _PORT_INTERFACE_H #include -#include "json.hpp" +#include class IOSPort { @@ -24,4 +24,4 @@ class IOSPort virtual void buildPortData(nlohmann::json& port) = 0; }; -#endif // _PORT_INTERFACE_H \ No newline at end of file +#endif // _PORT_INTERFACE_H diff --git a/src/common/data_provider/src/ports/portImpl.h b/src/common/data_provider/src/ports/portImpl.h index 6f0f4afa45..322a295da1 100644 --- a/src/common/data_provider/src/ports/portImpl.h +++ b/src/common/data_provider/src/ports/portImpl.h @@ -42,4 +42,4 @@ class PortImpl final : public IOSPort port["process"] = m_spPortRawData->processName(); } }; -#endif // _PORT_IMPL_H \ No newline at end of file +#endif // _PORT_IMPL_H diff --git a/src/common/data_provider/src/ports/portLinuxWrapper.h b/src/common/data_provider/src/ports/portLinuxWrapper.h index 772001c7f3..e238c7eac1 100644 --- a/src/common/data_provider/src/ports/portLinuxWrapper.h +++ b/src/common/data_provider/src/ports/portLinuxWrapper.h @@ -273,5 +273,4 @@ class LinuxPortWrapper final : public IPortWrapper } }; - -#endif //_PORT_LINUX_WRAPPER_H \ No newline at end of file +#endif //_PORT_LINUX_WRAPPER_H diff --git a/src/common/data_provider/src/ports/portWindowsWrapper.h b/src/common/data_provider/src/ports/portWindowsWrapper.h index d8d95b6b6c..51bc34dce7 100644 --- a/src/common/data_provider/src/ports/portWindowsWrapper.h +++ b/src/common/data_provider/src/ports/portWindowsWrapper.h @@ -16,6 +16,8 @@ #include "sharedDefs.h" #include "stringHelper.h" #include "windowsHelper.h" +#include "shared.h" +#include "cust_types.h" static const std::map STATE_TYPE = { diff --git a/src/common/data_provider/src/sharedDefs.h b/src/common/data_provider/src/sharedDefs.h index 08f4dbe45b..cd9264be26 100644 --- a/src/common/data_provider/src/sharedDefs.h +++ b/src/common/data_provider/src/sharedDefs.h @@ -31,10 +31,6 @@ constexpr auto DPKG_STATUS_PATH {"/var/lib/dpkg/status"}; constexpr auto RPM_PATH {"/var/lib/rpm/"}; -constexpr auto PACMAN_PATH {"/var/lib/pacman"}; - -constexpr auto APK_PATH {"/lib/apk/db"}; -constexpr auto APK_DB_PATH {"/lib/apk/db/installed"}; constexpr auto SNAP_PATH {"/var/lib/snapd"}; constexpr auto UNKNOWN_VALUE {" "}; @@ -50,7 +46,6 @@ enum OSPlatformType LINUX, BSDBASED, WINDOWS, - SOLARIS }; enum LinuxType @@ -86,7 +81,8 @@ enum MacOsPackageTypes { PKG, BREW, - MACPORTS + MACPORTS, + RCP }; enum RPMFields @@ -120,6 +116,8 @@ static const std::set UNIX_PYPI_DEFAULT_BASE_DIRS "/opt/homebrew/lib", "/Library/Python", "/Library/Frameworks/Python.framework/Versions/*/lib/python*/*-packages", + "/root/.pyenv/versions/*/lib/python*/*-packages", + "/home/*/.pyenv/versions/*/lib/python*/*-packages" }; static const std::set UNIX_NPM_DEFAULT_BASE_DIRS @@ -132,6 +130,8 @@ static const std::set UNIX_NPM_DEFAULT_BASE_DIRS "/home/*/.nvm/versions/node/v*/lib", "/root/.nvm/versions/node/v*/lib", "/opt/local/lib", + "/Users/*/.nvm/versions/node/v*/lib", + "/private/var/root/.nvm/versions/node/v*/lib" }; #endif //_SHARED_DEFS_H diff --git a/src/common/data_provider/src/sysInfoFreeBSD.cpp b/src/common/data_provider/src/sysInfoFreeBSD.cpp deleted file mode 100644 index 0d3a80bad0..0000000000 --- a/src/common/data_provider/src/sysInfoFreeBSD.cpp +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * October 7, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "sysInfo.hpp" -#include "cmdHelper.h" -#include "stringHelper.h" -#include "osinfo/sysOsParsers.h" -#include -#include -#include -#include "sharedDefs.h" - -static void getMemory(nlohmann::json& info) -{ - constexpr auto vmPageSize{"vm.stats.vm.v_page_size"}; - constexpr auto vmTotal{"vm.vmtotal"}; - uint64_t ram{0}; - const std::vector mib{CTL_HW, HW_PHYSMEM}; - size_t len{sizeof(ram)}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), &ram, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading total RAM." - }; - } - - const auto ramTotal{ram / KByte}; - info["ram_total"] = ramTotal; - u_int pageSize{0}; - len = sizeof(pageSize); - ret = sysctlbyname(vmPageSize, &pageSize, &len, nullptr, 0); - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading page size." - }; - } - - struct vmtotal vmt {}; - - len = sizeof(vmt); - - ret = sysctlbyname(vmTotal, &vmt, &len, nullptr, 0); - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading total memory." - }; - } - - const auto ramFree{(vmt.t_free * pageSize) / KByte}; - info["ram_free"] = ramFree; - info["ram_usage"] = 100 - (100 * ramFree / ramTotal); -} - - -static int getCpuMHz() -{ - unsigned long cpuMHz{0}; - constexpr auto clockRate{"hw.clockrate"}; - size_t len{sizeof(cpuMHz)}; - const auto ret{sysctlbyname(clockRate, &cpuMHz, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading cpu frequency." - }; - } - - return cpuMHz; -} - -static std::string getSerialNumber() -{ - return UNKNOWN_VALUE; -} - -static int getCpuCores() -{ - int cores{0}; - size_t len{sizeof(cores)}; - const std::vector mib{CTL_HW, HW_NCPU}; - const auto ret{sysctl(const_cast(mib.data()), mib.size(), &cores, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading cpu cores number." - }; - } - - return cores; -} - -static std::string getCpuName() -{ - const std::vector mib{CTL_HW, HW_MODEL}; - size_t len{0}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), nullptr, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting cpu name size." - }; - } - - const auto spBuff{std::make_unique(len + 1)}; - - if (!spBuff) - { - throw std::runtime_error - { - "Error allocating memory to read the cpu name." - }; - } - - ret = sysctl(const_cast(mib.data()), mib.size(), spBuff.get(), &len, nullptr, 0); - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting cpu name" - }; - } - - spBuff.get()[len] = 0; - return std::string{reinterpret_cast(spBuff.get())}; -} - -nlohmann::json SysInfo::getHardware() const -{ - nlohmann::json hardware; - hardware["board_serial"] = getSerialNumber(); - hardware["cpu_name"] = getCpuName(); - hardware["cpu_cores"] = getCpuCores(); - hardware["cpu_mhz"] = double(getCpuMHz()); - getMemory(hardware); - return hardware; -} - -nlohmann::json SysInfo::getPackages() const -{ - nlohmann::json ret; - getPackages([&ret](nlohmann::json & data) - { - ret.push_back(data); - }); - return ret; -} - -nlohmann::json SysInfo::getProcessesInfo() const -{ - // Currently not supported for this OS - return nlohmann::json {}; -} - -nlohmann::json SysInfo::getOsInfo() const -{ - nlohmann::json ret; - struct utsname uts {}; - const auto spParser{FactorySysOsParser::create("bsd")}; - - if (!spParser->parseUname(Utils::exec("uname -r"), ret)) - { - ret["os_name"] = "BSD"; - ret["os_platform"] = "bsd"; - ret["os_version"] = UNKNOWN_VALUE; - } - - if (uname(&uts) >= 0) - { - ret["sysname"] = uts.sysname; - ret["hostname"] = uts.nodename; - ret["version"] = uts.version; - ret["architecture"] = uts.machine; - ret["release"] = uts.release; - } - - return ret; -} - -nlohmann::json SysInfo::getPorts() const -{ - // Currently not supported for this OS. - return nlohmann::json {}; -} - -void SysInfo::getProcessesInfo(std::function /*callback*/) const -{ - // Currently not supported for this OS. -} - -void SysInfo::getPackages(std::function callback) const -{ - const auto query{Utils::exec(R"(pkg query -a "%n|%m|%v|%q|%c")")}; - - if (!query.empty()) - { - const auto lines{Utils::split(query, '\n')}; - - for (const auto& line : lines) - { - const auto data{Utils::split(line, '|')}; - nlohmann::json package; - package["name"] = data[0]; - package["vendor"] = data[1]; - package["version"] = data[2]; - package["install_time"] = UNKNOWN_VALUE; - package["location"] = UNKNOWN_VALUE; - package["architecture"] = data[3]; - package["groups"] = UNKNOWN_VALUE; - package["description"] = data[4]; - package["size"] = 0; - package["priority"] = UNKNOWN_VALUE; - package["source"] = UNKNOWN_VALUE; - package["format"] = "pkg"; - // The multiarch field won't have a default value - - callback(package); - } - } -} - -nlohmann::json SysInfo::getHotfixes() const -{ - // Currently not supported for this OS. - return nlohmann::json(); -} diff --git a/src/common/data_provider/src/sysInfoLinux.cpp b/src/common/data_provider/src/sysInfoLinux.cpp index 8a3ad10ba4..db44bbb828 100644 --- a/src/common/data_provider/src/sysInfoLinux.cpp +++ b/src/common/data_provider/src/sysInfoLinux.cpp @@ -19,7 +19,7 @@ #include "cmdHelper.h" #include "osinfo/sysOsParsers.h" #include "sysInfo.hpp" -#include "readproc.h" +#include #include "networkUnixHelper.h" #include "networkHelper.h" #include "network/networkLinuxWrapper.h" @@ -302,11 +302,9 @@ static bool getOsInfoFromFiles(nlohmann::json& info) {"rhel", "/etc/redhat-release" }, {"gentoo", "/etc/gentoo-release" }, {"suse", "/etc/SuSE-release" }, - {"arch", "/etc/arch-release" }, {"debian", "/etc/debian_version" }, {"slackware", "/etc/slackware-version"}, {"ubuntu", "/etc/lsb-release" }, - {"alpine", "/etc/alpine-release" }, }; const auto parseFnc { @@ -437,9 +435,9 @@ ProcessInfo portProcessInfo(const std::string& procPath, const std::deque int64_t { constexpr size_t MAX_LENGTH {256}; - char buffer[MAX_LENGTH]; + char buffer[MAX_LENGTH] = ""; - if (-1 == readlink(filePath.c_str(), buffer, MAX_LENGTH)) + if (-1 == readlink(filePath.c_str(), buffer, MAX_LENGTH - 1)) { throw std::system_error(errno, std::system_category(), "readlink"); } diff --git a/src/common/data_provider/src/sysInfoMac.cpp b/src/common/data_provider/src/sysInfoMac.cpp index 02ef4dd0a5..a404dd0bed 100644 --- a/src/common/data_provider/src/sysInfoMac.cpp +++ b/src/common/data_provider/src/sysInfoMac.cpp @@ -53,6 +53,8 @@ static const std::map s_mapPackagesDirectories = { "/System/Applications", PKG}, { "/System/Applications/Utilities", PKG}, { "/System/Library/CoreServices", PKG}, + { "/private/var/db/receipts", RCP}, + { "/Library/Apple/System/Library/Receipts", RCP}, { "/usr/local/Cellar", BREW}, { "/opt/local/var/macports/registry", MACPORTS} }; @@ -109,15 +111,15 @@ static void getPackagesFromPath(const std::string& pkgDirectory, const int pkgTy { try { - std::shared_ptr sqliteConnection = std::make_shared(pkgDirectory + "/" + MACPORTS_DB_NAME); + std::shared_ptr sqliteConnection = std::make_shared(pkgDirectory + "/" + MACPORTS_DB_NAME); - SQLite::Statement stmt + SQLiteLegacy::Statement stmt { sqliteConnection, MACPORTS_QUERY }; - std::pair pkgContext {std::make_pair(std::ref(stmt), std::cref(pkgType))}; + std::pair pkgContext {std::make_pair(std::ref(stmt), std::cref(pkgType))}; while (SQLITE_ROW == stmt.step()) { @@ -150,26 +152,24 @@ static void getPackagesFromPath(const std::string& pkgDirectory, const int pkgTy for (const auto& package : packages) { - if (PKG == pkgType) + if ((PKG == pkgType && Utils::endsWith(package, ".app")) || + (RCP == pkgType && Utils::endsWith(package, ".plist"))) { - if (Utils::endsWith(package, ".app")) + try { - try - { - nlohmann::json jsPackage; - FactoryPackageFamilyCreator::create(std::make_pair(PackageContext{pkgDirectory, package, ""}, pkgType))->buildPackageData(jsPackage); + nlohmann::json jsPackage; + FactoryPackageFamilyCreator::create(std::make_pair(PackageContext{pkgDirectory, package, ""}, pkgType))->buildPackageData(jsPackage); - if (!jsPackage.at("name").get_ref().empty()) - { - // Only return valid content packages - callback(jsPackage); - } - } - catch (const std::exception& e) + if (!jsPackage.at("name").get_ref().empty()) { - std::cerr << e.what() << std::endl; + // Only return valid content packages + callback(jsPackage); } } + catch (const std::exception& e) + { + std::cerr << e.what() << std::endl; + } } else if (BREW == pkgType) { @@ -440,10 +440,13 @@ void SysInfo::getPackages(std::function callback) const // Add macOS specific paths pypyMacOSPaths.emplace("/Library/Python/*/*-packages"); - pypyMacOSPaths.emplace("/Library/Frameworks/Python.framework/Versions/*/lib/python*/*-packages"); + pypyMacOSPaths.emplace("/Users/*/Library/Python/*/lib/python/*-packages"); + pypyMacOSPaths.emplace("/Users/*/.pyenv/versions/*/lib/python*/*-packages"); + pypyMacOSPaths.emplace("/private/var/root/.pyenv/versions/*/lib/python*/*-packages"); pypyMacOSPaths.emplace( "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/*/lib/python*/*-packages"); pypyMacOSPaths.emplace("/System/Library/Frameworks/Python.framework/*-packages"); + pypyMacOSPaths.emplace("/opt/homebrew/lib/python*/*-packages"); static const std::map> searchPaths = { diff --git a/src/common/data_provider/src/sysInfoOpenBSD.cpp b/src/common/data_provider/src/sysInfoOpenBSD.cpp deleted file mode 100644 index 3dd8131d14..0000000000 --- a/src/common/data_provider/src/sysInfoOpenBSD.cpp +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * October 7, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "sysInfo.hpp" -#include "cmdHelper.h" -#include "timeHelper.h" -#include "osinfo/sysOsParsers.h" -#include "stringHelper.h" -#include "sharedDefs.h" -#include -#include - -static void getMemory(nlohmann::json& info) -{ - uint64_t ram{0}; - const std::vector mib{CTL_HW, HW_PHYSMEM}; - size_t len{sizeof(ram)}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), &ram, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading total RAM." - }; - } - - const auto ramTotal{ram / KByte}; - info["ram_total"] = ramTotal; - info["ram_free"] = 0; - info["ram_usage"] = 0; -} - -static int getCpuMHz() -{ - unsigned long cpuMHz{0}; - const std::vector mib{CTL_HW, HW_CPUSPEED}; - size_t len{sizeof(cpuMHz)}; - const auto ret{sysctl(const_cast(mib.data()), mib.size(), &cpuMHz, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading cpu frequency." - }; - } - - return cpuMHz; -} - -static std::string getSerialNumber() -{ - const std::vector mib{CTL_HW, HW_SERIALNO}; - size_t len{0}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), nullptr, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting board serial size." - }; - } - - const auto spBuff{std::make_unique(len + 1)}; - - if (!spBuff) - { - throw std::runtime_error - { - "Error allocating memory to read the board serial." - }; - } - - ret = sysctl(const_cast(mib.data()), mib.size(), spBuff.get(), &len, nullptr, 0); - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting board serial" - }; - } - - spBuff.get()[len] = 0; - return std::string{reinterpret_cast(spBuff.get())}; -} - -static int getCpuCores() -{ - int cores{0}; - size_t len{sizeof(cores)}; - const std::vector mib{CTL_HW, HW_NCPU}; - const auto ret{sysctl(const_cast(mib.data()), mib.size(), &cores, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error reading cpu cores number." - }; - } - - return cores; -} - -static std::string getCpuName() -{ - const std::vector mib{CTL_HW, HW_MODEL}; - size_t len{0}; - auto ret{sysctl(const_cast(mib.data()), mib.size(), nullptr, &len, nullptr, 0)}; - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting cpu name size." - }; - } - - const auto spBuff{std::make_unique(len + 1)}; - - if (!spBuff) - { - throw std::runtime_error - { - "Error allocating memory to read the cpu name." - }; - } - - ret = sysctl(const_cast(mib.data()), mib.size(), spBuff.get(), &len, nullptr, 0); - - if (ret) - { - throw std::system_error - { - ret, - std::system_category(), - "Error getting cpu name" - }; - } - - spBuff.get()[len] = 0; - return std::string{reinterpret_cast(spBuff.get())}; -} - -nlohmann::json SysInfo::getHardware() const -{ - nlohmann::json hardware; - hardware["board_serial"] = getSerialNumber(); - hardware["cpu_name"] = getCpuName(); - hardware["cpu_cores"] = getCpuCores(); - hardware["cpu_mhz"] = double(getCpuMHz()); - getMemory(hardware); - return hardware; -} - -nlohmann::json SysInfo::getProcessesInfo() const -{ - // Currently not supported for this OS - return nlohmann::json {}; -} - -nlohmann::json SysInfo::getPackages() const -{ - // Currently not supported for this OS - return nlohmann::json {}; -} - -nlohmann::json SysInfo::getOsInfo() const -{ - nlohmann::json ret; - struct utsname uts {}; - const auto spParser{FactorySysOsParser::create("bsd")}; - - if (!spParser->parseUname(Utils::exec("uname -r"), ret)) - { - ret["os_name"] = "BSD"; - ret["os_platform"] = "bsd"; - ret["os_version"] = UNKNOWN_VALUE; - } - - if (uname(&uts) >= 0) - { - ret["sysname"] = uts.sysname; - ret["hostname"] = uts.nodename; - ret["version"] = uts.version; - ret["architecture"] = uts.machine; - ret["release"] = uts.release; - } - - return ret; -} - -nlohmann::json SysInfo::getPorts() const -{ - // Currently not supported for this OS - return nlohmann::json {}; -} - -void SysInfo::getProcessesInfo(std::function /*callback*/) const -{ - // Currently not supported for this OS. -} - -void SysInfo::getPackages(std::function /*callback*/) const -{ - // Currently not supported for this OS. -} - -nlohmann::json SysInfo::getHotfixes() const -{ - // Currently not supported for this OS. - return nlohmann::json(); -} diff --git a/src/common/data_provider/src/sysInfoSolaris.cpp b/src/common/data_provider/src/sysInfoSolaris.cpp deleted file mode 100644 index 9a104400f6..0000000000 --- a/src/common/data_provider/src/sysInfoSolaris.cpp +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * January 11, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include -#include -#include - -#include "osinfo/sysOsParsers.h" -#include "sharedDefs.h" -#include "sysInfo.hpp" -#include "cmdHelper.h" -#include "timeHelper.h" -#include "filesystemHelper.h" -#include "packages/packageSolaris.h" -#include "packages/solarisWrapper.h" -#include "packages/packageFamilyDataAFactory.h" -#include "network/networkSolarisHelper.hpp" -#include "network/networkSolarisWrapper.hpp" -#include "network/networkFamilyDataAFactory.h" -#include "UtilsWrapperUnix.hpp" -#include "uniqueFD.hpp" - -constexpr auto SUN_APPS_PATH {"/var/sadm/pkg/"}; - - -static void getOsInfoFromUname(nlohmann::json& info) -{ - bool result{false}; - std::string platform; - const auto osPlatform{Utils::exec("uname")}; - - constexpr auto SOLARIS_RELEASE_FILE{"/etc/release"}; - const auto spParser{FactorySysOsParser::create("solaris")}; - std::fstream file{SOLARIS_RELEASE_FILE, std::ios_base::in}; - result = spParser && file.is_open() && spParser->parseFile(file, info); - - if (!result) - { - info["os_name"] = "Unix"; - info["os_platform"] = "Unix"; - info["os_version"] = UNKNOWN_VALUE; - } -} - -static std::string getSerialNumber() -{ - return UNKNOWN_VALUE; -} - -static std::string getCpuName() -{ - return UNKNOWN_VALUE; -} - -static int getCpuMHz() -{ - return 0; -} - -static int getCpuCores() -{ - return 0; -} - -static void getMemory(nlohmann::json& /*info*/) -{ - -} - -nlohmann::json SysInfo::getHardware() const -{ - nlohmann::json hardware; - hardware["board_serial"] = getSerialNumber(); - hardware["cpu_name"] = getCpuName(); - hardware["cpu_cores"] = getCpuCores(); - hardware["cpu_mhz"] = double(getCpuMHz()); - getMemory(hardware); - return hardware; -} - -static void getPackagesFromPath(const std::string& pkgDirectory, std::function callback) -{ - const auto packages { Utils::enumerateDir(pkgDirectory) }; - - for (const auto& package : packages) - { - nlohmann::json jsPackage; - const auto fullPath { pkgDirectory + package }; - const auto pkgWrapper{ std::make_shared(fullPath) }; - - FactoryPackageFamilyCreator::create(pkgWrapper)->buildPackageData(jsPackage); - - if (!jsPackage.at("name").get_ref().empty()) - { - // Only return valid content packages - callback(jsPackage); - } - } -} - -nlohmann::json SysInfo::getPackages() const -{ - nlohmann::json packages; - - getPackages([&packages](nlohmann::json & data) - { - packages.push_back(data); - }); - - return packages; -} - -nlohmann::json SysInfo::getOsInfo() const -{ - nlohmann::json ret; - struct utsname uts {}; - getOsInfoFromUname(ret); - - if (uname(&uts) >= 0) - { - ret["sysname"] = uts.sysname; - ret["hostname"] = uts.nodename; - ret["version"] = uts.version; - ret["architecture"] = uts.machine; - ret["release"] = uts.release; - } - - return ret; -} -nlohmann::json SysInfo::getProcessesInfo() const -{ - return nlohmann::json(); -} -nlohmann::json SysInfo::getNetworks() const -{ - nlohmann::json networks; - Utils::UniqueFD socketV4 ( UtilsWrapperUnix::createSocket(AF_INET, SOCK_DGRAM, 0) ); - Utils::UniqueFD socketV6 ( UtilsWrapperUnix::createSocket(AF_INET6, SOCK_DGRAM, 0) ); - const auto interfaceCount { NetworkSolarisHelper::getInterfacesCount(socketV4.get(), AF_UNSPEC) }; - - if (interfaceCount > 0) - { - std::vector buffer(interfaceCount); - lifconf lifc = - { - AF_UNSPEC, - 0, - static_cast(buffer.size() * sizeof(lifreq)), - reinterpret_cast(buffer.data()) - }; - - NetworkSolarisHelper::getInterfacesConfig(socketV4.get(), lifc); - - std::map>> interfaces; - - for (auto& item : buffer) - { - struct lifreq interfaceReq = {}; - std::memcpy(interfaceReq.lifr_name, item.lifr_name, sizeof(item.lifr_name)); - - if (-1 != UtilsWrapperUnix::ioctl(AF_INET == item.lifr_addr.ss_family ? socketV4.get() : socketV6.get(), - SIOCGLIFFLAGS, - reinterpret_cast(&interfaceReq))) - { - if ((IFF_UP & interfaceReq.lifr_flags) && !(IFF_LOOPBACK & interfaceReq.lifr_flags)) - { - interfaces[item.lifr_name].push_back(std::make_pair(&item, interfaceReq.lifr_flags)); - } - } - } - - for (const auto& item : interfaces) - { - if (item.second.size()) - { - const auto firstItem { item.second.front() }; - const auto firstItemFD { AF_INET == firstItem.first->lifr_addr.ss_family ? socketV4.get() : socketV6.get() }; - - nlohmann::json network; - - for (const auto& itemr : item.second) - { - if (AF_INET == itemr.first->lifr_addr.ss_family) - { - // IPv4 data - const auto wrapper { std::make_shared(AF_INET, socketV4.get(), itemr) }; - FactoryNetworkFamilyCreator::create(wrapper)->buildNetworkData(network); - } - else if (AF_INET6 == itemr.first->lifr_addr.ss_family) - { - // IPv6 data - const auto wrapper { std::make_shared(AF_INET6, socketV6.get(), itemr) }; - FactoryNetworkFamilyCreator::create(wrapper)->buildNetworkData(network); - } - } - - const auto wrapper { std::make_shared(AF_UNSPEC, firstItemFD, firstItem) }; - FactoryNetworkFamilyCreator::create(wrapper)->buildNetworkData(network); - - networks["iface"].push_back(network); - } - } - } - - return networks; -} -nlohmann::json SysInfo::getPorts() const -{ - return nlohmann::json(); -} -void SysInfo::getProcessesInfo(std::function /*callback*/) const -{ - // TODO -} - -void SysInfo::getPackages(std::function callback) const -{ - const auto pkgDirectory { SUN_APPS_PATH }; - - if (Utils::existsDir(pkgDirectory)) - { - getPackagesFromPath(pkgDirectory, callback); - } -} - -nlohmann::json SysInfo::getHotfixes() const -{ - // Currently not supported for this OS. - return nlohmann::json(); -} diff --git a/src/common/data_provider/src/sysInfoUnix.cpp b/src/common/data_provider/src/sysInfoUnix.cpp index 45fa2785ed..c6675ad58d 100644 --- a/src/common/data_provider/src/sysInfoUnix.cpp +++ b/src/common/data_provider/src/sysInfoUnix.cpp @@ -18,29 +18,9 @@ static void getOsInfoFromUname(nlohmann::json& info) { - bool result{false}; - std::string platform; - const auto osPlatform{Utils::exec("uname")}; - - if (osPlatform.find("SunOS") != std::string::npos) - { - constexpr auto SOLARIS_RELEASE_FILE{"/etc/release"}; - const auto spParser{FactorySysOsParser::create("solaris")}; - std::fstream file{SOLARIS_RELEASE_FILE, std::ios_base::in}; - result = spParser && file.is_open() && spParser->parseFile(file, info); - } - else if (osPlatform.find("HP-UX") != std::string::npos) - { - const auto spParser{FactorySysOsParser::create("hp-ux")}; - result = spParser && spParser->parseUname(Utils::exec("uname -r"), info); - } - - if (!result) - { - info["os_name"] = "Unix"; - info["os_platform"] = "Unix"; - info["os_version"] = UNKNOWN_VALUE; - } + info["os_name"] = "Unix"; + info["os_platform"] = "Unix"; + info["os_version"] = UNKNOWN_VALUE; } diff --git a/src/common/data_provider/tests/CMakeLists.txt b/src/common/data_provider/tests/CMakeLists.txt index 6e488f0b4a..522c24a6ae 100644 --- a/src/common/data_provider/tests/CMakeLists.txt +++ b/src/common/data_provider/tests/CMakeLists.txt @@ -1,32 +1,19 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(unit_tests) -get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../ ABSOLUTE) - -include_directories(${CMAKE_SOURCE_DIR}) -include_directories(${SRC_FOLDER}/shared_modules/utils) - -include_directories(${SRC_FOLDER}/external/googletest/googletest/include/) -include_directories(${SRC_FOLDER}/external/googletest/googlemock/include/) -link_directories(${SRC_FOLDER}/external/googletest/lib/) +find_package(GTest CONFIG REQUIRED) if(CMAKE_SYSTEM_NAME STREQUAL "Linux") add_subdirectory(sysInfoPackagesLinuxHelper) add_subdirectory(sysInfoPackagesBerkeleyDB) add_subdirectory(sysInfoNetworkLinux) - add_subdirectory(sysInfoNetworkSolaris) add_subdirectory(sysInfoRpmPackageManager) add_subdirectory(sysInfoPackageLinuxParserRpm) - add_subdirectory(sysInfoPackagesSolaris) elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin") add_subdirectory(sysInfoHardwareMac) add_subdirectory(sysInfoNetworkBSD) add_subdirectory(sysInfoPackagesMAC) -elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") - add_subdirectory(sysInfoNetworkBSD) -elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - add_subdirectory(sysInfoNetworkBSD) elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows") add_subdirectory(sysInfoWin) add_subdirectory(sysInfoNetworkWindows) diff --git a/src/common/data_provider/tests/mocks/MockJsonIO.hpp b/src/common/data_provider/tests/mocks/MockJsonIO.hpp index 04843c3a4e..6c97c279ca 100644 --- a/src/common/data_provider/tests/mocks/MockJsonIO.hpp +++ b/src/common/data_provider/tests/mocks/MockJsonIO.hpp @@ -11,7 +11,7 @@ #ifndef _MOCKJSONIO_HPP #define _MOCKJSONIO_HPP -#include "json.hpp" +#include #include "gtest/gtest.h" #include #include "gmock/gmock.h" diff --git a/src/common/data_provider/tests/mocks/sqliteWrapperTempMock.h b/src/common/data_provider/tests/mocks/sqliteWrapperTempMock.h new file mode 100644 index 0000000000..5d7021319e --- /dev/null +++ b/src/common/data_provider/tests/mocks/sqliteWrapperTempMock.h @@ -0,0 +1,143 @@ +/* + * Wazuh DBSYNC + * Copyright (C) 2015, Wazuh Inc. + * July 31, 2023. + * + * This program is free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public + * License (version 2) as published by the FSF - Free Software + * Foundation. + */ + +#ifndef _SQLITEWRAPPERMOCK_H +#define _SQLITEWRAPPERMOCK_H + +#include +#include +#include "sqliteWrapperTemp.h" + +class MockConnection : public SQLiteLegacy::IConnection +{ + public: + MockConnection() = default; + virtual ~MockConnection() = default; + MOCK_METHOD(void, + close, + (), + (override)); + MOCK_METHOD(void, + execute, + (const std::string& query), + (override)); + MOCK_METHOD(int64_t, + changes, + (), + (const override)); + MOCK_METHOD(const std::shared_ptr&, + db, + (), + (const override)); + +}; + +class MockTransaction : public SQLiteLegacy::ITransaction +{ + public: + MOCK_METHOD(void, + commit, + (), + (override)); + MOCK_METHOD(void, + rollback, + (), + (override)); +}; + +class MockColumn : public SQLiteLegacy::IColumn +{ + public: + MOCK_METHOD(bool, + hasValue, + (), + (const override)); + MOCK_METHOD(int32_t, + type, + (), + (const override)); + MOCK_METHOD(std::string, + name, + (), + (const override)); + MOCK_METHOD(int32_t, + value, + (const int32_t&), + (const override)); + MOCK_METHOD(uint64_t, + value, + (const uint64_t&), + (const override)); + MOCK_METHOD(int64_t, + value, + (const int64_t&), + (const override)); + MOCK_METHOD(std::string, + value, + (const std::string&), + (const override)); + MOCK_METHOD(double_t, + value, + (const double_t&), + (const override)); +}; + +class MockStatement : public SQLiteLegacy::IStatement +{ + public: + MockStatement() = default; + virtual ~MockStatement() = default; + MOCK_METHOD(int32_t, + step, + (), + (override)); + MOCK_METHOD(void, + bind, + (const int32_t index, const int32_t value), + (override)); + MOCK_METHOD(void, + bind, + (const int32_t index, const uint64_t value), + (override)); + MOCK_METHOD(void, + bind, + (const int32_t index, const int64_t value), + (override)); + MOCK_METHOD(void, + bind, + (const int32_t index, const std::string& value), + (override)); + MOCK_METHOD(void, + bind, + (const int32_t index, const double_t value), + (override)); + + MOCK_METHOD(std::string, + expand, + (), + (override)); + + MOCK_METHOD(std::unique_ptr, + column, + (const int32_t index), + (override)); + + MOCK_METHOD(void, + reset, + (), + (override)); + MOCK_METHOD(int, + columnsCount, + (), + (const override)); +}; + +#endif //_SQLITEWRAPPERMOCK_H diff --git a/src/common/data_provider/tests/sysInfo/CMakeLists.txt b/src/common/data_provider/tests/sysInfo/CMakeLists.txt index d5cbd20c71..f4fbe2999b 100644 --- a/src/common/data_provider/tests/sysInfo/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfo/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysinfo_unit_test) @@ -8,43 +8,37 @@ file(GLOB sysinfo_UNIT_TEST_SRC "*.cpp") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/sysInfo.cpp" - "${CMAKE_SOURCE_DIR}/src/osinfo/sysOsParsers.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sysInfo.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/osinfo/sysOsParsers.cpp") add_executable(sysinfo_unit_test ${sysinfo_UNIT_TEST_SRC} ${SYSINFO_SRC}) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - target_link_libraries(sysinfo_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + target_link_libraries(sysinfo_unit_test PRIVATE + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson + utils -static-libgcc -static-libstdc++ ) else() - target_link_libraries(sysinfo_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + target_link_libraries(sysinfo_unit_test PRIVATE + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson + utils dl ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") add_test(NAME sysinfo_unit_test - COMMAND sysinfo_unit_test) \ No newline at end of file + COMMAND sysinfo_unit_test) diff --git a/src/common/data_provider/tests/sysInfo/main.cpp b/src/common/data_provider/tests/sysInfo/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfo/main.cpp +++ b/src/common/data_provider/tests/sysInfo/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.cpp b/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.cpp index 39ab2351f0..be43a5b497 100644 --- a/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.cpp +++ b/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.cpp @@ -90,57 +90,6 @@ TEST_F(SysInfoParsersTest, UnixCentos) EXPECT_EQ("8", output["os_major"]); } -TEST_F(SysInfoParsersTest, UnixArch) -{ - constexpr auto UNIX_RELEASE_FILE - { - R"( - NAME="Arch Linux" - PRETTY_NAME="Arch Linux" - ID=arch - BUILD_ID=rolling - ANSI_COLOR="38;2;23;147;209" - HOME_URL="https://www.archlinux.org/" - DOCUMENTATION_URL="https://wiki.archlinux.org/" - SUPPORT_URL="https://bbs.archlinux.org/" - BUG_REPORT_URL="https://bugs.archlinux.org/" - LOGO=archlinux - )" - }; - nlohmann::json output; - std::stringstream info{UNIX_RELEASE_FILE}; - const auto spParser{FactorySysOsParser::create("unix")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("Arch Linux", output["os_name"]); - EXPECT_EQ("arch", output["os_platform"]); -} - -TEST_F(SysInfoParsersTest, UnixAlpine) -{ - constexpr auto UNIX_RELEASE_FILE - { - R"( - NAME="Alpine Linux" - ID=alpine - VERSION_ID=3.17.1 - PRETTY_NAME="Alpine Linux v3.17" - HOME_URL="https://alpinelinux.org/" - BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues" - )" - }; - nlohmann::json output; - std::stringstream info{UNIX_RELEASE_FILE}; - const auto spParser{FactorySysOsParser::create("unix")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("3.17.1", output["os_version"]); - EXPECT_EQ("Alpine Linux", output["os_name"]); - EXPECT_EQ("alpine", output["os_platform"]); - EXPECT_EQ("3", output["os_major"]); - EXPECT_EQ("17", output["os_minor"]); - EXPECT_EQ("1", output["os_patch"]); -} - - TEST_F(SysInfoParsersTest, Ubuntu) { constexpr auto UBUNTU_RELEASE_FILE @@ -254,38 +203,6 @@ TEST_F(SysInfoParsersTest, CentosBased) EXPECT_EQ("8.8", output["os_version"]); } -TEST_F(SysInfoParsersTest, BSDFreeBSD) -{ - constexpr auto FREE_BSD_UNAME - { - "12.1-STABLE" - }; - nlohmann::json output; - const auto spParser{FactorySysOsParser::create("bsd")}; - EXPECT_TRUE(spParser->parseUname(FREE_BSD_UNAME, output)); - EXPECT_EQ("12.1", output["os_version"]); - EXPECT_EQ("BSD", output["os_name"]); - EXPECT_EQ("bsd", output["os_platform"]); - EXPECT_EQ("12", output["os_major"]); - EXPECT_EQ("1", output["os_minor"]); -} - -TEST_F(SysInfoParsersTest, BSDOpenBSD) -{ - constexpr auto FREE_BSD_UNAME - { - "6.6" - }; - nlohmann::json output; - const auto spParser{FactorySysOsParser::create("bsd")}; - EXPECT_TRUE(spParser->parseUname(FREE_BSD_UNAME, output)); - EXPECT_EQ("6.6", output["os_version"]); - EXPECT_EQ("BSD", output["os_name"]); - EXPECT_EQ("bsd", output["os_platform"]); - EXPECT_EQ("6", output["os_major"]); - EXPECT_EQ("6", output["os_minor"]); -} - TEST_F(SysInfoParsersTest, RedHatCentos) { constexpr auto REDHAT_RELEASE_FILE @@ -373,23 +290,6 @@ TEST_F(SysInfoParsersTest, Debian) EXPECT_EQ("6", output["os_minor"]); } -TEST_F(SysInfoParsersTest, Arch) -{ - constexpr auto ARCH_VERSION_FILE - { - "10.6" - }; - nlohmann::json output; - std::stringstream info{ARCH_VERSION_FILE}; - const auto spParser{FactorySysOsParser::create("arch")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("10.6", output["os_version"]); - EXPECT_EQ("Arch Linux", output["os_name"]); - EXPECT_EQ("arch", output["os_platform"]); - EXPECT_EQ("10", output["os_major"]); - EXPECT_EQ("6", output["os_minor"]); -} - TEST_F(SysInfoParsersTest, Slackware) { constexpr auto SLACKWARE_VERSION_FILE @@ -463,105 +363,6 @@ TEST_F(SysInfoParsersTest, Fedora) EXPECT_EQ("22", output["os_major"]); } -TEST_F(SysInfoParsersTest, Solaris) -{ - constexpr auto SOLARIS_VERSION_FILE - { - R"( - Oracle Solaris 11.3 X86 - Copyright (c) 1983, 2015, Oracle and/or its affiliates. All rights reserved. - Assembled 06 October 2015 - )" - }; - nlohmann::json output; - std::stringstream info{SOLARIS_VERSION_FILE}; - const auto spParser{FactorySysOsParser::create("solaris")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("11.3", output["os_version"]); - EXPECT_EQ("SunOS", output["os_name"]); - EXPECT_EQ("sunos", output["os_platform"]); - EXPECT_EQ("11", output["os_major"]); - EXPECT_EQ("3", output["os_minor"]); -} - -TEST_F(SysInfoParsersTest, Solaris1) -{ - constexpr auto SOLARIS_VERSION_FILE - { - R"( - Oracle Solaris 10 1/13 s10x_u11wos_24a X86 - Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved. - Assembled 17 January 2013 - )" - }; - nlohmann::json output; - std::stringstream info{SOLARIS_VERSION_FILE}; - const auto spParser{FactorySysOsParser::create("solaris")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("10", output["os_version"]); - EXPECT_EQ("SunOS", output["os_name"]); - EXPECT_EQ("sunos", output["os_platform"]); - EXPECT_EQ("10", output["os_major"]); -} - -TEST_F(SysInfoParsersTest, Solaris2) -{ - constexpr auto SOLARIS_VERSION_FILE - { - R"( - Solaris 10 5/09 s10x_u7wos_08 X86 - Copyright 2009 Sun Microsystems, Inc. All rights reserved. - Use is subject to license terms. - Assembled 17 January 2013 - )" - }; - nlohmann::json output; - std::stringstream info{SOLARIS_VERSION_FILE}; - const auto spParser{FactorySysOsParser::create("solaris")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("10", output["os_version"]); - EXPECT_EQ("SunOS", output["os_name"]); - EXPECT_EQ("sunos", output["os_platform"]); - EXPECT_EQ("10", output["os_major"]); -} - -TEST_F(SysInfoParsersTest, HPUX) -{ - // https://docstore.mik.ua/manuals/hp-ux/en/5992-4826/pr01s02.html - constexpr auto HPUX_UNAME - { - "B.11.23" - }; - nlohmann::json output; - const auto spParser{FactorySysOsParser::create("hp-ux")}; - EXPECT_TRUE(spParser->parseUname(HPUX_UNAME, output)); - EXPECT_EQ("11.23", output["os_version"]); - EXPECT_EQ("HP-UX", output["os_name"]); - EXPECT_EQ("hp-ux", output["os_platform"]); - EXPECT_EQ("11", output["os_major"]); - EXPECT_EQ("23", output["os_minor"]); -} - -TEST_F(SysInfoParsersTest, Alpine) -{ - constexpr auto ALPINE_RELEASE_FILE - { - R"( - 3.17.1 - )" - }; - nlohmann::json output; - std::stringstream info{ALPINE_RELEASE_FILE}; - const auto spParser{FactorySysOsParser::create("alpine")}; - EXPECT_TRUE(spParser->parseFile(info, output)); - EXPECT_EQ("3.17.1", output["os_version"]); - EXPECT_EQ("Alpine Linux", output["os_name"]); - EXPECT_EQ("alpine", output["os_platform"]); - EXPECT_EQ("3", output["os_major"]); - EXPECT_EQ("17", output["os_minor"]); - EXPECT_EQ("1", output["os_patch"]); -} - TEST_F(SysInfoParsersTest, UknownPlatform) { EXPECT_THROW(FactorySysOsParser::create("some unknown platform"), std::runtime_error); diff --git a/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.h b/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.h index fac7e670ea..0137305122 100644 --- a/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.h +++ b/src/common/data_provider/tests/sysInfo/sysInfoParsers_test.h @@ -25,4 +25,4 @@ class SysInfoParsersTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_PARSERS_TEST_H \ No newline at end of file +#endif //_SYSINFO_PARSERS_TEST_H diff --git a/src/common/data_provider/tests/sysInfo/sysInfo_test.h b/src/common/data_provider/tests/sysInfo/sysInfo_test.h index 6ba3147aaf..760f431b50 100644 --- a/src/common/data_provider/tests/sysInfo/sysInfo_test.h +++ b/src/common/data_provider/tests/sysInfo/sysInfo_test.h @@ -26,4 +26,4 @@ class SysInfoTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_TEST_H \ No newline at end of file +#endif //_SYSINFO_TEST_H diff --git a/src/common/data_provider/tests/sysInfo/sysOsInfo_test.cpp b/src/common/data_provider/tests/sysInfo/sysOsInfo_test.cpp index 851d2597cb..1ff45f8d07 100644 --- a/src/common/data_provider/tests/sysInfo/sysOsInfo_test.cpp +++ b/src/common/data_provider/tests/sysInfo/sysOsInfo_test.cpp @@ -63,4 +63,4 @@ TEST_F(SysOsInfoTest, setOsInfoSchema) EXPECT_EQ("1903", output.at("os_release")); EXPECT_EQ("19H1", output.at("os_display_version")); EXPECT_EQ("10.0.18362", output.at("os_version")); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfo/sysOsInfo_test.h b/src/common/data_provider/tests/sysInfo/sysOsInfo_test.h index 319da6e280..80717efd36 100644 --- a/src/common/data_provider/tests/sysInfo/sysOsInfo_test.h +++ b/src/common/data_provider/tests/sysInfo/sysOsInfo_test.h @@ -25,4 +25,4 @@ class SysOsInfoTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_OS_TEST_H \ No newline at end of file +#endif //_SYSINFO_OS_TEST_H diff --git a/src/common/data_provider/tests/sysInfoHardwareMac/CMakeLists.txt b/src/common/data_provider/tests/sysInfoHardwareMac/CMakeLists.txt index 78e1e264cb..f22e8a07ad 100644 --- a/src/common/data_provider/tests/sysInfoHardwareMac/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoHardwareMac/CMakeLists.txt @@ -1,11 +1,11 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoHardwareMac_unit_test) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") file(GLOB sysinfo_UNIT_TEST_SRC - "${CMAKE_SOURCE_DIR}/src/hardware/*X86_64Mac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/hardware/*X86_64Mac.cpp" "sysInfoHardwareMac_test.cpp" "sysInfoHardwareWrapperMac_test.cpp" "main.cpp") @@ -13,17 +13,12 @@ file(GLOB sysinfo_UNIT_TEST_SRC add_executable(sysInfoHardwareMac_unit_test ${sysinfo_UNIT_TEST_SRC}) -target_link_libraries(sysInfoHardwareMac_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - cjson +target_link_libraries(sysInfoHardwareMac_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoHardwareMac_unit_test @@ -31,7 +26,7 @@ add_test(NAME sysInfoHardwareMac_unit_test if(${CMAKE_HOST_SYSTEM_PROCESSOR} MATCHES "arm64.*|ARM64.*") file(GLOB sysinfo_ARM_UNIT_TEST_SRC - "${CMAKE_SOURCE_DIR}/src/hardware/*ARMMac.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/hardware/*ARMMac.cpp" "sysInfoHardwareWrapperARMMac_test.cpp" "main.cpp") @@ -46,20 +41,13 @@ if(${CMAKE_HOST_SYSTEM_PROCESSOR} MATCHES "arm64.*|ARM64.*") if(NOT corefoundation_lib) message(FATAL_ERROR "CoreFoundation library not found! Aborting...") endif() - - target_link_libraries(sysInfoHardwareARMMac_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - cjson - ${iokit_lib} - ${corefoundation_lib} + + target_link_libraries(sysInfoHardwareARMMac_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoHardwareARMMac_unit_test diff --git a/src/common/data_provider/tests/sysInfoHardwareMac/sysInfoHardwareMac_test.cpp b/src/common/data_provider/tests/sysInfoHardwareMac/sysInfoHardwareMac_test.cpp index 074fa4df4e..ec45666713 100644 --- a/src/common/data_provider/tests/sysInfoHardwareMac/sysInfoHardwareMac_test.cpp +++ b/src/common/data_provider/tests/sysInfoHardwareMac/sysInfoHardwareMac_test.cpp @@ -12,7 +12,7 @@ #include "sysInfoHardwareMac_test.h" #include "hardware/factoryHardwareFamilyCreator.h" #include "hardware/hardwareWrapperInterface.h" -#include "json.hpp" +#include void SysInfoHardwareMacTest::SetUp() {}; diff --git a/src/common/data_provider/tests/sysInfoNetworkBSD/CMakeLists.txt b/src/common/data_provider/tests/sysInfoNetworkBSD/CMakeLists.txt index e01b9d528b..d4aa9020ce 100644 --- a/src/common/data_provider/tests/sysInfoNetworkBSD/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoNetworkBSD/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoNetworkBSD_unit_test) @@ -8,25 +8,18 @@ file(GLOB sysinfo_UNIT_TEST_SRC "*.cpp") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/network/networkInterfaceBSD.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/network/networkInterfaceBSD.cpp") -add_executable(sysInfoNetworkBSD_unit_test +add_executable(sysInfoNetworkBSD_unit_test ${sysinfo_UNIT_TEST_SRC} ${SYSINFO_SRC}) -target_link_libraries(sysInfoNetworkBSD_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - dl +target_link_libraries(sysInfoNetworkBSD_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoNetworkBSD_unit_test - COMMAND sysInfoNetworkBSD_unit_test) \ No newline at end of file + COMMAND sysInfoNetworkBSD_unit_test) diff --git a/src/common/data_provider/tests/sysInfoNetworkBSD/main.cpp b/src/common/data_provider/tests/sysInfoNetworkBSD/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfoNetworkBSD/main.cpp +++ b/src/common/data_provider/tests/sysInfoNetworkBSD/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoNetworkBSD/sysInfoNetworkBSD_test.h b/src/common/data_provider/tests/sysInfoNetworkBSD/sysInfoNetworkBSD_test.h index 967390c30e..7c99eb1636 100644 --- a/src/common/data_provider/tests/sysInfoNetworkBSD/sysInfoNetworkBSD_test.h +++ b/src/common/data_provider/tests/sysInfoNetworkBSD/sysInfoNetworkBSD_test.h @@ -25,4 +25,4 @@ class SysInfoNetworkBSDTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_NETWORK_BSD_TEST_H \ No newline at end of file +#endif //_SYSINFO_NETWORK_BSD_TEST_H diff --git a/src/common/data_provider/tests/sysInfoNetworkLinux/CMakeLists.txt b/src/common/data_provider/tests/sysInfoNetworkLinux/CMakeLists.txt index 603fa88635..4e4be39255 100644 --- a/src/common/data_provider/tests/sysInfoNetworkLinux/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoNetworkLinux/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoNetworkLinux_unit_test) @@ -10,24 +10,17 @@ file(GLOB sysinfo_UNIT_TEST_SRC file(GLOB SYSINFO_SRC "${CMAKE_SOURCE_DIR}/src/network/networkInterfaceLinux.cpp") -add_executable(sysInfoNetworkLinux_unit_test +add_executable(sysInfoNetworkLinux_unit_test ${sysinfo_UNIT_TEST_SRC} ${SYSINFO_SRC}) -target_link_libraries(sysInfoNetworkLinux_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - dl +target_link_libraries(sysInfoNetworkLinux_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoNetworkLinux_unit_test - COMMAND sysInfoNetworkLinux_unit_test) \ No newline at end of file + COMMAND sysInfoNetworkLinux_unit_test) diff --git a/src/common/data_provider/tests/sysInfoNetworkLinux/main.cpp b/src/common/data_provider/tests/sysInfoNetworkLinux/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfoNetworkLinux/main.cpp +++ b/src/common/data_provider/tests/sysInfoNetworkLinux/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoNetworkLinux/sysInfoNetworkLinux_test.h b/src/common/data_provider/tests/sysInfoNetworkLinux/sysInfoNetworkLinux_test.h index bc2deff3fe..4b91ec6bde 100644 --- a/src/common/data_provider/tests/sysInfoNetworkLinux/sysInfoNetworkLinux_test.h +++ b/src/common/data_provider/tests/sysInfoNetworkLinux/sysInfoNetworkLinux_test.h @@ -25,4 +25,4 @@ class SysInfoNetworkLinuxTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_NETWORK_LINUX_TEST_H \ No newline at end of file +#endif //_SYSINFO_NETWORK_LINUX_TEST_H diff --git a/src/common/data_provider/tests/sysInfoNetworkSolaris/CMakeLists.txt b/src/common/data_provider/tests/sysInfoNetworkSolaris/CMakeLists.txt deleted file mode 100644 index 175f51814f..0000000000 --- a/src/common/data_provider/tests/sysInfoNetworkSolaris/CMakeLists.txt +++ /dev/null @@ -1,33 +0,0 @@ -cmake_minimum_required(VERSION 3.12.4) - -project(sysInfoNetworkSolaris_unit_test) - -set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") - -file(GLOB sysinfo_UNIT_TEST_SRC - "*.cpp") - -file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/network/networkInterfaceSolaris.cpp") - -add_executable(sysInfoNetworkSolaris_unit_test - ${sysinfo_UNIT_TEST_SRC} - ${SYSINFO_SRC}) - -target_link_libraries(sysInfoNetworkSolaris_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - dl -) - -add_test(NAME sysInfoNetworkSolaris_unit_test - COMMAND sysInfoNetworkSolaris_unit_test) diff --git a/src/common/data_provider/tests/sysInfoNetworkSolaris/main.cpp b/src/common/data_provider/tests/sysInfoNetworkSolaris/main.cpp deleted file mode 100644 index 08fb839052..0000000000 --- a/src/common/data_provider/tests/sysInfoNetworkSolaris/main.cpp +++ /dev/null @@ -1,7 +0,0 @@ -#include "gtest/gtest.h" - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} diff --git a/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.cpp b/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.cpp deleted file mode 100644 index 5cd4baa14d..0000000000 --- a/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.cpp +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * October 28, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include - -#include "sysInfoNetworkSolaris_test.h" -#include "network/networkFamilyDataAFactory.h" - -void SysInfoNetworkSolarisTest::SetUp() {}; - -void SysInfoNetworkSolarisTest::TearDown() -{ -}; - -using ::testing::_; -using ::testing::Return; - -class sysInfoNetworkSolarisWrapperMock : public INetworkInterfaceWrapper -{ - public: - sysInfoNetworkSolarisWrapperMock() = default; - virtual ~sysInfoNetworkSolarisWrapperMock() = default; - MOCK_METHOD( int, family, (), (const, override)); - MOCK_METHOD( std::string, name, (), (const, override)); - MOCK_METHOD( std::string, adapter, (), (const, override)); - MOCK_METHOD( std::string, address, (), (const, override)); - MOCK_METHOD( std::string, netmask, (), (const, override)); - MOCK_METHOD( std::string, broadcast, (), (const, override)); - MOCK_METHOD( std::string, addressV6, (), (const, override)); - MOCK_METHOD( std::string, netmaskV6, (), (const, override)); - MOCK_METHOD( std::string, broadcastV6, (), (const, override)); - MOCK_METHOD( std::string, gateway, (), (const, override)); - MOCK_METHOD( std::string, metrics, (), (const, override)); - MOCK_METHOD( std::string, metricsV6, (), (const, override)); - MOCK_METHOD( std::string, dhcp, (), (const, override)); - MOCK_METHOD( uint32_t, mtu, (), (const, override)); - MOCK_METHOD( LinkStats, stats, (), (const, override)); - MOCK_METHOD( std::string, type, (), (const, override)); - MOCK_METHOD( std::string, state, (), (const, override)); - MOCK_METHOD( std::string, MAC, (), (const, override)); -}; - -TEST_F(SysInfoNetworkSolarisTest, Test_AF_INET_THROW) -{ - auto mock { std::make_shared() }; - nlohmann::json ifaddr { }; - EXPECT_CALL(*mock, family()).Times(1).WillOnce(Return(AF_INET)); - EXPECT_CALL(*mock, address()).Times(1).WillOnce(Return("")); - EXPECT_ANY_THROW(FactoryNetworkFamilyCreator::create(mock)->buildNetworkData(ifaddr)); -} - -TEST_F(SysInfoNetworkSolarisTest, Test_AF_INET) -{ - auto mock { std::make_shared() }; - nlohmann::json ifaddr { }; - EXPECT_CALL(*mock, family()).Times(1).WillOnce(Return(AF_INET)); - EXPECT_CALL(*mock, address()).Times(1).WillOnce(Return("192.168.0.47")); - EXPECT_CALL(*mock, netmask()).Times(1).WillOnce(Return("255.255.255.0")); - EXPECT_CALL(*mock, broadcast()).Times(1).WillOnce(Return("192.168.0.255")); - EXPECT_CALL(*mock, metrics()).Times(1).WillOnce(Return("0")); - EXPECT_CALL(*mock, dhcp()).Times(1).WillOnce(Return("disabled")); - EXPECT_NO_THROW(FactoryNetworkFamilyCreator::create(mock)->buildNetworkData(ifaddr)); - - for (auto& element : ifaddr.at("IPv4")) - { - EXPECT_EQ("192.168.0.47", element.at("address").get_ref()); - EXPECT_EQ("255.255.255.0", element.at("netmask").get_ref()); - EXPECT_EQ("192.168.0.255", element.at("broadcast").get_ref()); - EXPECT_EQ("0", element.at("metric").get_ref()); - EXPECT_EQ("disabled", element.at("dhcp").get_ref()); - } -} - -TEST_F(SysInfoNetworkSolarisTest, Test_AF_INET6_THROW) -{ - auto mock { std::make_shared() }; - nlohmann::json ifaddr { }; - EXPECT_CALL(*mock, family()).Times(1).WillOnce(Return(AF_INET6)); - EXPECT_CALL(*mock, addressV6()).Times(1).WillOnce(Return("")); - EXPECT_ANY_THROW(FactoryNetworkFamilyCreator::create(mock)->buildNetworkData(ifaddr)); -} - -TEST_F(SysInfoNetworkSolarisTest, Test_AF_INET6) -{ - auto mock { std::make_shared() }; - nlohmann::json ifaddr { }; - EXPECT_CALL(*mock, family()).Times(1).WillOnce(Return(AF_INET6)); - EXPECT_CALL(*mock, addressV6()).Times(1).WillOnce(Return("fe80::a00:27ff:fedd:cc5b")); - EXPECT_CALL(*mock, netmaskV6()).Times(1).WillOnce(Return("ffc0::")); - EXPECT_CALL(*mock, broadcastV6()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, metricsV6()).Times(1).WillOnce(Return("0")); - EXPECT_CALL(*mock, dhcp()).Times(1).WillOnce(Return("enabled")); - EXPECT_NO_THROW(FactoryNetworkFamilyCreator::create(mock)->buildNetworkData(ifaddr)); - - for (auto& element : ifaddr.at("IPv6")) - { - EXPECT_EQ("fe80::a00:27ff:fedd:cc5b", element.at("address").get_ref()); - EXPECT_EQ("ffc0::", element.at("netmask").get_ref()); - EXPECT_EQ("", element.at("broadcast").get_ref()); - EXPECT_EQ("0", element.at("metric").get_ref()); - EXPECT_EQ("enabled", element.at("dhcp").get_ref()); - } -} - -TEST_F(SysInfoNetworkSolarisTest, Test_AF_UNSPEC) -{ - auto mock { std::make_shared() }; - nlohmann::json ifaddr { }; - EXPECT_CALL(*mock, family()).Times(1).WillOnce(Return(AF_UNSPEC)); - EXPECT_CALL(*mock, name()).Times(1).WillOnce(Return("net0")); - EXPECT_CALL(*mock, adapter()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, state()).Times(1).WillOnce(Return("up")); - EXPECT_CALL(*mock, type()).Times(1).WillOnce(Return("Ethernet")); - EXPECT_CALL(*mock, MAC()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, stats()).Times(1).WillOnce(Return(LinkStats{436300, 220902, 641204623, 12252455, 0, 0, 0, 0})); - EXPECT_CALL(*mock, mtu()).Times(1).WillOnce(Return(1500u)); - EXPECT_CALL(*mock, gateway()).Times(1).WillOnce(Return("10.0.2.2")); - EXPECT_NO_THROW(FactoryNetworkFamilyCreator::create(mock)->buildNetworkData(ifaddr)); - - EXPECT_EQ("net0", ifaddr.at("name").get_ref()); - EXPECT_EQ("", ifaddr.at("adapter").get_ref()); - EXPECT_EQ("up", ifaddr.at("state").get_ref()); - EXPECT_EQ("Ethernet", ifaddr.at("type").get_ref()); - EXPECT_EQ("", ifaddr.at("mac").get_ref()); - - EXPECT_EQ(220902u, ifaddr.at("tx_packets").get()); - EXPECT_EQ(436300u, ifaddr.at("rx_packets").get()); - EXPECT_EQ(12252455u, ifaddr.at("tx_bytes").get()); - EXPECT_EQ(641204623u, ifaddr.at("rx_bytes").get()); - EXPECT_EQ(0u, ifaddr.at("tx_errors").get()); - EXPECT_EQ(0u, ifaddr.at("rx_errors").get()); - EXPECT_EQ(0u, ifaddr.at("tx_dropped").get()); - EXPECT_EQ(0u, ifaddr.at("rx_dropped").get()); - - EXPECT_EQ(1500u, ifaddr.at("mtu").get()); - EXPECT_EQ("10.0.2.2", ifaddr.at("gateway").get_ref()); -} - -TEST_F(SysInfoNetworkSolarisTest, Test_THROW_NULLPTR) -{ - nlohmann::json ifaddr { }; - EXPECT_ANY_THROW(FactoryNetworkFamilyCreator::create(nullptr)->buildNetworkData(ifaddr)); -} diff --git a/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.h b/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.h deleted file mode 100644 index 46e47bac28..0000000000 --- a/src/common/data_provider/tests/sysInfoNetworkSolaris/sysInfoNetworkSolaris_test.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * October 28, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#ifndef _SYSINFO_NETWORK_SOLARIS_TEST_H -#define _SYSINFO_NETWORK_SOLARIS_TEST_H -#include "gtest/gtest.h" -#include "gmock/gmock.h" - -class SysInfoNetworkSolarisTest : public ::testing::Test -{ - - protected: - - SysInfoNetworkSolarisTest() = default; - virtual ~SysInfoNetworkSolarisTest() = default; - - void SetUp() override; - void TearDown() override; -}; - -#endif //_SYSINFO_NETWORK_SOLARIS_TEST_H diff --git a/src/common/data_provider/tests/sysInfoNetworkWindows/CMakeLists.txt b/src/common/data_provider/tests/sysInfoNetworkWindows/CMakeLists.txt index 46774207b0..a6027a791c 100644 --- a/src/common/data_provider/tests/sysInfoNetworkWindows/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoNetworkWindows/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoNetworkWindows_unit_test) @@ -30,4 +30,4 @@ target_link_libraries(sysInfoNetworkWindows_unit_test ) add_test(NAME sysInfoNetworkWindows_unit_test - COMMAND sysInfoNetworkWindows_unit_test) \ No newline at end of file + COMMAND sysInfoNetworkWindows_unit_test) diff --git a/src/common/data_provider/tests/sysInfoNetworkWindows/main.cpp b/src/common/data_provider/tests/sysInfoNetworkWindows/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfoNetworkWindows/main.cpp +++ b/src/common/data_provider/tests/sysInfoNetworkWindows/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.cpp b/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.cpp index 4127913b96..f365d0a64e 100644 --- a/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.cpp +++ b/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.cpp @@ -161,4 +161,4 @@ TEST_F(SysInfoNetworkWindowsTest, Test_COMMON_DATA) EXPECT_EQ(mtu, networkInfo.at("mtu").get()); EXPECT_EQ(gateway, networkInfo.at("gateway").get_ref()); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.h b/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.h index 988b0206f6..1529b26b9c 100644 --- a/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.h +++ b/src/common/data_provider/tests/sysInfoNetworkWindows/sysInfoNetworkWindows_test.h @@ -26,4 +26,4 @@ class SysInfoNetworkWindowsTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_NETWORK_WINDOWS_TEST_H \ No newline at end of file +#endif //_SYSINFO_NETWORK_WINDOWS_TEST_H diff --git a/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/CMakeLists.txt index c241b184c3..9e2d5321d3 100644 --- a/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoPackageLinuxParserRPM_unit_test) @@ -15,17 +15,12 @@ add_executable(sysInfoPackageLinuxParserRPM_unit_test ${RPM_SRC} ${PARSER_SRC}) set_property(TARGET sysInfoPackageLinuxParserRPM_unit_test PROPERTY COMPILE_FLAGS "-Wno-unused-parameter") -target_link_libraries(sysInfoPackageLinuxParserRPM_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - dl +target_link_libraries(sysInfoPackageLinuxParserRPM_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoPackageLinuxParserRPM_unit_test diff --git a/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/sysInfoPackageLinuxParserRPM_test.cpp b/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/sysInfoPackageLinuxParserRPM_test.cpp index c532a3a381..cbca096c7b 100644 --- a/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/sysInfoPackageLinuxParserRPM_test.cpp +++ b/src/common/data_provider/tests/sysInfoPackageLinuxParserRpm/sysInfoPackageLinuxParserRPM_test.cpp @@ -235,16 +235,16 @@ TEST(SysInfoPackageLinuxParserRPM_test, rpmFromBerkleyDB) const auto total_len {FIRST_ENTRY_OFFSET + ENTRY_SIZE* total_fields + total_fields_len + 1}; DBT data {}, key {}; - char bytes[total_len] {}; + std::vector bytes(total_len, 0); int bytes_count {}; char* cp; int* ip; - data.data = bytes; + data.data = bytes.data(); data.size = total_len; - cp = bytes; + cp = bytes.data(); auto entry { diff --git a/src/common/data_provider/tests/sysInfoPackages/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackages/CMakeLists.txt index ea4aff7097..866da024b9 100644 --- a/src/common/data_provider/tests/sysInfoPackages/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPackages/CMakeLists.txt @@ -1,11 +1,11 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoPackages_unit_test) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") -include_directories(${CMAKE_SOURCE_DIR}/src/packages) -include_directories(${CMAKE_SOURCE_DIR}/../shared_modules/utils/tests/mocks) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../src/packages) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../mocks) file(GLOB sysinfo_UNIT_TEST_SRC "*.cpp") @@ -13,16 +13,12 @@ file(GLOB sysinfo_UNIT_TEST_SRC add_executable(sysInfoPackages_unit_test ${sysinfo_UNIT_TEST_SRC}) -target_link_libraries(sysInfoPackages_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread +target_link_libraries(sysInfoPackages_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoPackages_unit_test COMMAND sysInfoPackages_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPackagesBerkeleyDB/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackagesBerkeleyDB/CMakeLists.txt index 96a4b131cf..8661e19b07 100644 --- a/src/common/data_provider/tests/sysInfoPackagesBerkeleyDB/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPackagesBerkeleyDB/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoPackagesBerkeleyDB_unit_test) @@ -10,21 +10,13 @@ file(GLOB sysinfo_UNIT_TEST_SRC add_executable(sysInfoPackagesBerkeleyDB_unit_test ${sysinfo_UNIT_TEST_SRC}) -target_link_libraries(sysInfoPackagesBerkeleyDB_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - proc - dl +target_link_libraries(sysInfoPackagesBerkeleyDB_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoPackagesBerkeleyDB_unit_test - COMMAND sysInfoPackagesBerkeleyDB_unit_test) \ No newline at end of file + COMMAND sysInfoPackagesBerkeleyDB_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/CMakeLists.txt index e551503966..5b2e3c7c8a 100644 --- a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoPackagesLinuxHelper_unit_test) @@ -10,25 +10,13 @@ file(GLOB sysinfo_UNIT_TEST_SRC add_executable(sysInfoPackagesLinuxHelper_unit_test ${sysinfo_UNIT_TEST_SRC}) -target_link_libraries(sysInfoPackagesLinuxHelper_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - alpm - archive - ssl - crypto - cjson - proc - dl +target_link_libraries(sysInfoPackagesLinuxHelper_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoPackagesLinuxHelper_unit_test - COMMAND sysInfoPackagesLinuxHelper_unit_test) \ No newline at end of file + COMMAND sysInfoPackagesLinuxHelper_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/main.cpp b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/main.cpp +++ b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.cpp b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.cpp index c18cb3bea7..0f6f3998e6 100644 --- a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.cpp +++ b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.cpp @@ -11,14 +11,9 @@ #include "sysInfoPackagesLinuxHelper_test.h" #include "packages/packageLinuxParserHelper.h" -#include "packages/packageLinuxParserHelperExtra.h" #include "packages/packageLinuxRpmParserHelper.h" #include "packages/packageLinuxRpmParserHelperLegacy.h" -#include "packages/packageLinuxApkParserHelper.h" #include "packages/rpmPackageManager.h" -#include -#include -#include #include "sharedDefs.h" using ::testing::_; @@ -318,7 +313,7 @@ TEST_F(SysInfoPackagesLinuxHelperTest, parseDpkgInformation) EXPECT_FALSE(jsPackageInfo.empty()); EXPECT_EQ("zlib1g-dev", jsPackageInfo["name"]); EXPECT_EQ("optional", jsPackageInfo["priority"]); - EXPECT_EQ(591, jsPackageInfo["size"]); + EXPECT_EQ(605184, jsPackageInfo["size"]); EXPECT_EQ("libdevel", jsPackageInfo["groups"]); EXPECT_EQ("same", jsPackageInfo["multiarch"]); EXPECT_EQ("1:1.2.11.dfsg-2ubuntu1.2", jsPackageInfo["version"]); @@ -329,218 +324,6 @@ TEST_F(SysInfoPackagesLinuxHelperTest, parseDpkgInformation) EXPECT_EQ("zlib", jsPackageInfo["source"]); } -TEST_F(SysInfoPackagesLinuxHelperTest, parsePacmanInformation) -{ - __alpm_list_t mock {}; - __alpm_pkg_t data {}; - __alpm_handle_t dataHandle {}; - __alpm_list_t dataGroups {}; - - constexpr auto PKG_GROUP {"wazuh"}; - constexpr auto PKG_ARCH {"x86_64"}; - constexpr auto PKG_NAME {"firefox"}; - constexpr auto PKG_DESC {"Standalone web browser from mozilla.org"}; - constexpr auto PKG_VERSION {"86.0-2"}; - - data.handle = &dataHandle; - data.groups = &dataGroups; - data.isize = 1; - data.installdate = 0; - data.groups->next = nullptr; - data.name = const_cast(PKG_NAME); - data.groups->data = const_cast(PKG_GROUP); - data.version = const_cast(PKG_VERSION); - data.arch = const_cast(PKG_ARCH); - data.desc = const_cast(PKG_DESC); - mock.data = &data; - data.ops = &default_pkg_ops; - - const auto& jsPackageInfo { PackageLinuxHelper::parsePacman(&mock) }; - EXPECT_FALSE(jsPackageInfo.empty()); - EXPECT_EQ(PKG_NAME, jsPackageInfo["name"]); - EXPECT_EQ(1, jsPackageInfo["size"]); - EXPECT_EQ("1970/01/01 00:00:00", jsPackageInfo["install_time"]); - EXPECT_EQ(PKG_GROUP, jsPackageInfo["groups"]); - EXPECT_EQ(PKG_VERSION, jsPackageInfo["version"]); - EXPECT_EQ(PKG_ARCH, jsPackageInfo["architecture"]); - EXPECT_EQ("pacman", jsPackageInfo["format"]); - EXPECT_EQ("Arch Linux", jsPackageInfo["vendor"]); - EXPECT_EQ(PKG_DESC, jsPackageInfo["description"]); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parsePacmanMultipleGroups) -{ - __alpm_list_t mock {}; - __alpm_pkg_t data {}; - __alpm_handle_t dataHandle {}; - __alpm_list_t dataFirstGroup {}; - __alpm_list_t dataSecondGroup {}; - __alpm_list_t dataThirdGroup {}; - __alpm_list_t dataFourthGroup {}; - - dataFirstGroup.data = const_cast("Wazuh"); - dataFirstGroup.next = &dataSecondGroup; - dataSecondGroup.data = const_cast("test"); - dataSecondGroup.next = &dataThirdGroup; - dataThirdGroup.data = const_cast("Arch"); - dataThirdGroup.next = &dataFourthGroup; - dataFourthGroup.data = const_cast("lorem"); - dataFourthGroup.next = nullptr; - - data.isize = 0; - data.installdate = 0; - data.name = nullptr; - data.version = nullptr; - data.arch = nullptr; - data.desc = nullptr; - data.handle = &dataHandle; - data.groups = &dataFirstGroup; - mock.data = &data; - data.ops = &default_pkg_ops; - - const auto& jsPackageInfo { PackageLinuxHelper::parsePacman(&mock) }; - EXPECT_FALSE(jsPackageInfo.empty()); - EXPECT_EQ("Wazuh-test-Arch-lorem", jsPackageInfo["groups"]); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parsePacmanInformationNull) -{ - __alpm_list_t mock {}; - __alpm_pkg_t data {}; - __alpm_handle_t dataHandle {}; - __alpm_list_t dataGroups {}; - - data.handle = &dataHandle; - data.groups = &dataGroups; - data.isize = 0; - data.installdate = 0; - data.groups->next = nullptr; - data.name = nullptr; - data.groups->data = nullptr; - data.version = nullptr; - data.arch = nullptr; - data.desc = nullptr; - mock.data = &data; - data.ops = &default_pkg_ops; - - const auto& jsPackageInfo { PackageLinuxHelper::parsePacman(&mock) }; - EXPECT_FALSE(jsPackageInfo.empty()); - EXPECT_EQ("", jsPackageInfo["name"]); - EXPECT_EQ(0, jsPackageInfo["size"]); - EXPECT_EQ("1970/01/01 00:00:00", jsPackageInfo["install_time"]); - EXPECT_EQ(UNKNOWN_VALUE, jsPackageInfo["groups"]); - EXPECT_EQ(UNKNOWN_VALUE, jsPackageInfo["version"]); - EXPECT_EQ(UNKNOWN_VALUE, jsPackageInfo["architecture"]); - EXPECT_EQ("pacman", jsPackageInfo["format"]); - EXPECT_EQ("Arch Linux", jsPackageInfo["vendor"]); - EXPECT_EQ(UNKNOWN_VALUE, jsPackageInfo["description"]); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkNameKeyNotFound) -{ - std::vector> input; - input.push_back(std::pair('V', "1.2.3-r4")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ(true, jsPackageInfo.empty()); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkVersionKeyNotFound) -{ - std::vector> input; - input.push_back(std::pair('P', "musl")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ(true, jsPackageInfo.empty()); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkArchitectureKeyNotFound) -{ - std::vector> input; - input.push_back(std::pair('P', "musl")); - input.push_back(std::pair('V', "1.2.3-r4")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ("musl", jsPackageInfo.at("name")); - EXPECT_EQ("1.2.3-r4", jsPackageInfo.at("version")); - EXPECT_EQ(UNKNOWN_VALUE, jsPackageInfo.at("architecture")); - EXPECT_EQ(634880, jsPackageInfo.at("size")); - EXPECT_EQ("the musl c library (libc) implementation", jsPackageInfo.at("description")); - EXPECT_EQ("apk", jsPackageInfo.at("format")); - EXPECT_EQ("Alpine Linux", jsPackageInfo.at("vendor")); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkNameValueEmpty) -{ - std::vector> input; - input.push_back(std::pair('P', "")); - input.push_back(std::pair('V', "1.2.3-r4")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ(true, jsPackageInfo.empty()); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkVersionValueEmpty) -{ - std::vector> input; - input.push_back(std::pair('P', "musl")); - input.push_back(std::pair('V', "")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ(true, jsPackageInfo.empty()); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkSizeValueEmpty) -{ - std::vector> input; - input.push_back(std::pair('P', "musl")); - input.push_back(std::pair('V', "1.2.3-r4")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ("musl", jsPackageInfo.at("name")); - EXPECT_EQ("1.2.3-r4", jsPackageInfo.at("version")); - EXPECT_EQ("x86_64", jsPackageInfo.at("architecture")); - EXPECT_EQ(0, jsPackageInfo.at("size")); - EXPECT_EQ("the musl c library (libc) implementation", jsPackageInfo.at("description")); - EXPECT_EQ("apk", jsPackageInfo.at("format")); - EXPECT_EQ("Alpine Linux", jsPackageInfo.at("vendor")); -} - -TEST_F(SysInfoPackagesLinuxHelperTest, parseApkSuccess) -{ - std::vector> input; - input.push_back(std::pair('P', "musl")); - input.push_back(std::pair('V', "1.2.3-r4")); - input.push_back(std::pair('A', "x86_64")); - input.push_back(std::pair('I', "634880")); - input.push_back(std::pair('T', "the musl c library (libc) implementation")); - - const auto& jsPackageInfo { PackageLinuxHelper::parseApk(input) }; - EXPECT_EQ("musl", jsPackageInfo.at("name")); - EXPECT_EQ("1.2.3-r4", jsPackageInfo.at("version")); - EXPECT_EQ(634880, jsPackageInfo.at("size")); - EXPECT_EQ("the musl c library (libc) implementation", jsPackageInfo.at("description")); - EXPECT_EQ("apk", jsPackageInfo.at("format")); - EXPECT_EQ("Alpine Linux", jsPackageInfo.at("vendor")); -} - TEST_F(SysInfoPackagesLinuxHelperTest, parseSnapCorrectMapping) { const auto& jsPackageInfo { PackageLinuxHelper::parseSnap( R"( diff --git a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.h b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.h index 8e5d72e5a0..43e8c93782 100644 --- a/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.h +++ b/src/common/data_provider/tests/sysInfoPackagesLinuxHelper/sysInfoPackagesLinuxHelper_test.h @@ -25,4 +25,4 @@ class SysInfoPackagesLinuxHelperTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_PACKAGES_LINUX_HELPER_TEST_H \ No newline at end of file +#endif //_SYSINFO_PACKAGES_LINUX_HELPER_TEST_H diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackagesMAC/CMakeLists.txt index 00efe06ffc..bdef465be6 100644 --- a/src/common/data_provider/tests/sysInfoPackagesMAC/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoMacPackage_unit_test) @@ -7,31 +7,25 @@ file(COPY input_files DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../mocks) + file(GLOB sysinfo_UNIT_TEST_SRC "*.cpp") file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/packages/packageMac.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/packages/packageMac.cpp") -add_executable(sysInfoMacPackage_unit_test +add_executable(sysInfoMacPackage_unit_test ${sysinfo_UNIT_TEST_SRC} ${SYSINFO_SRC}) -target_link_libraries(sysInfoMacPackage_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread +target_link_libraries(sysInfoMacPackage_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) -if(APPLE) - target_link_libraries(sysInfoMacPackage_unit_test ${SRC_FOLDER}/external/libplist/bin/lib/libplist-2.0.a) -endif(APPLE) - add_test(NAME sysInfoMacPackage_unit_test - COMMAND sysInfoMacPackage_unit_test) \ No newline at end of file + COMMAND sysInfoMacPackage_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/com.wazuh.pkg.wazuh-agent.plist b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/com.wazuh.pkg.wazuh-agent.plist new file mode 100644 index 0000000000..bf413f2002 --- /dev/null +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/com.wazuh.pkg.wazuh-agent.plist @@ -0,0 +1,18 @@ + + + + + InstallDate + 2024-11-07T08:58:38Z + InstallPrefixPath + + InstallProcessName + installer + PackageFileName + wazuh-agent_4.10.1-0_intel64_36ce5ed34f.pkg + PackageIdentifier + com.wazuh.pkg.wazuh-agent + PackageVersion + 4.10.1 + + diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/org.R-project.x86_64.R.GUI.pkg.plist b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/org.R-project.x86_64.R.GUI.pkg.plist new file mode 100644 index 0000000000..ffa57f40f5 Binary files /dev/null and b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/org.R-project.x86_64.R.GUI.pkg.plist differ diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/us.zoom.pkg.videomeeting.plist b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/us.zoom.pkg.videomeeting.plist new file mode 100644 index 0000000000..b117aa21e3 Binary files /dev/null and b/src/common/data_provider/tests/sysInfoPackagesMAC/input_files/us.zoom.pkg.videomeeting.plist differ diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/main.cpp b/src/common/data_provider/tests/sysInfoPackagesMAC/main.cpp index cefdb8183b..b3eeae63d4 100644 --- a/src/common/data_provider/tests/sysInfoPackagesMAC/main.cpp +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/main.cpp @@ -15,4 +15,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/pkgWrapper_test.cpp b/src/common/data_provider/tests/sysInfoPackagesMAC/pkgWrapper_test.cpp index f9c39d1be1..0b9b91e5c2 100644 --- a/src/common/data_provider/tests/sysInfoPackagesMAC/pkgWrapper_test.cpp +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/pkgWrapper_test.cpp @@ -224,3 +224,90 @@ TEST_F(PKGWrapperTest, NoVendor) EXPECT_EQ(wrapper->install_time(), UNKNOWN_VALUE); EXPECT_EQ(wrapper->multiarch(), UNKNOWN_VALUE); } + +TEST_F(PKGWrapperTest, pkgVersionXML) +{ + std::string inputPath; + inputPath += getwd(NULL); + inputPath += "/input_files"; + std::string package { "com.wazuh.pkg.wazuh-agent.plist" }; + + struct PackageContext ctx + { + inputPath, package, "" + }; + std::shared_ptr wrapper; + EXPECT_NO_THROW(wrapper = std::make_shared(ctx)); + EXPECT_EQ(wrapper->name(), "wazuh-agent"); + EXPECT_EQ(wrapper->version(), "4.10.1"); + EXPECT_EQ(wrapper->groups(), " "); + EXPECT_EQ(wrapper->description(), "com.wazuh.pkg.wazuh-agent"); + EXPECT_EQ(wrapper->architecture(), " "); + EXPECT_EQ(wrapper->format(), "pkg"); + EXPECT_EQ(wrapper->osPatch(), ""); + EXPECT_EQ(wrapper->source(), "receipts"); + EXPECT_EQ(wrapper->location(), inputPath + "/" + package); + EXPECT_EQ(wrapper->vendor(), "wazuh"); + EXPECT_EQ(wrapper->priority(), " "); + EXPECT_EQ(wrapper->size(), 0); + EXPECT_EQ(wrapper->install_time(), "2024-11-07T08:58:38Z"); + EXPECT_EQ(wrapper->multiarch(), " "); +} + +TEST_F(PKGWrapperTest, pkgVersionBin) +{ + std::string inputPath; + inputPath += getwd(NULL); + inputPath += "/input_files"; + std::string package { "us.zoom.pkg.videomeeting.plist" }; + + struct PackageContext ctx + { + inputPath, package, "" + }; + std::shared_ptr wrapper; + EXPECT_NO_THROW(wrapper = std::make_shared(ctx)); + EXPECT_EQ(wrapper->name(), "videomeeting"); + EXPECT_EQ(wrapper->version(), "6.2.6.41824"); + EXPECT_EQ(wrapper->groups(), " "); + EXPECT_EQ(wrapper->description(), "us.zoom.pkg.videomeeting"); + EXPECT_EQ(wrapper->architecture(), " "); + EXPECT_EQ(wrapper->format(), "pkg"); + EXPECT_EQ(wrapper->osPatch(), ""); + EXPECT_EQ(wrapper->source(), "receipts"); + EXPECT_EQ(wrapper->location(), inputPath + "/" + package); + EXPECT_EQ(wrapper->vendor(), "zoom"); + EXPECT_EQ(wrapper->priority(), " "); + EXPECT_EQ(wrapper->size(), 0); + EXPECT_EQ(wrapper->install_time(), "2024-11-08T11:44:04Z"); + EXPECT_EQ(wrapper->multiarch(), " "); +} + +TEST_F(PKGWrapperTest, pkgVersionLong) +{ + std::string inputPath; + inputPath += getwd(NULL); + inputPath += "/input_files"; + std::string package { "org.R-project.x86_64.R.GUI.pkg.plist" }; + + struct PackageContext ctx + { + inputPath, package, "" + }; + std::shared_ptr wrapper; + EXPECT_NO_THROW(wrapper = std::make_shared(ctx)); + EXPECT_EQ(wrapper->name(), "R.GUI"); + EXPECT_EQ(wrapper->version(), "1.81"); + EXPECT_EQ(wrapper->groups(), " "); + EXPECT_EQ(wrapper->description(), "org.R-project.x86_64.R.GUI.pkg"); + EXPECT_EQ(wrapper->architecture(), " "); + EXPECT_EQ(wrapper->format(), "pkg"); + EXPECT_EQ(wrapper->osPatch(), ""); + EXPECT_EQ(wrapper->source(), "receipts"); + EXPECT_EQ(wrapper->location(), inputPath + "/" + package); + EXPECT_EQ(wrapper->vendor(), "R-project"); + EXPECT_EQ(wrapper->priority(), " "); + EXPECT_EQ(wrapper->size(), 0); + EXPECT_EQ(wrapper->install_time(), "2024-11-13T10:59:10Z"); + EXPECT_EQ(wrapper->multiarch(), " "); +} diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.cpp b/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.cpp index f73a30cf32..a852425ae9 100644 --- a/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.cpp +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.cpp @@ -12,7 +12,7 @@ #include "sysInfoMacPackages_test.h" #include "packages/packageMac.h" #include "packages/macportsWrapper.h" -#include "mocks/sqliteWrapperTempMock.h" +#include "sqliteWrapperTempMock.h" #include "sqliteWrapperTemp.h" void SysInfoMacPackagesTest::SetUp() {}; diff --git a/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.h b/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.h index bae4bb4841..e45bfe6b9d 100644 --- a/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.h +++ b/src/common/data_provider/tests/sysInfoPackagesMAC/sysInfoMacPackages_test.h @@ -26,4 +26,4 @@ class SysInfoMacPackagesTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_MAC_PACKAGES_TEST_H \ No newline at end of file +#endif //_SYSINFO_MAC_PACKAGES_TEST_H diff --git a/src/common/data_provider/tests/sysInfoPackagesSolaris/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPackagesSolaris/CMakeLists.txt deleted file mode 100644 index a3e3c0a43b..0000000000 --- a/src/common/data_provider/tests/sysInfoPackagesSolaris/CMakeLists.txt +++ /dev/null @@ -1,31 +0,0 @@ -cmake_minimum_required(VERSION 3.12.4) - -project(sysInfoSolarisPackage_unit_test) - -set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") - -file(GLOB sysinfo_UNIT_TEST_SRC - "*.cpp") - -file(GLOB SYSINFO_SRC - "${CMAKE_SOURCE_DIR}/src/packages/packageSolaris.cpp") - -add_executable(sysInfoSolarisPackage_unit_test - ${sysinfo_UNIT_TEST_SRC} - ${SYSINFO_SRC}) - -target_link_libraries(sysInfoSolarisPackage_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 -) - -add_test(NAME sysInfoSolarisPackage_unit_test - COMMAND sysInfoSolarisPackage_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPackagesSolaris/main.cpp b/src/common/data_provider/tests/sysInfoPackagesSolaris/main.cpp deleted file mode 100644 index 4e4f649247..0000000000 --- a/src/common/data_provider/tests/sysInfoPackagesSolaris/main.cpp +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "gtest/gtest.h" - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} diff --git a/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.cpp b/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.cpp deleted file mode 100644 index ba18c78cc7..0000000000 --- a/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.cpp +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "sysInfoSolarisPackages_test.h" -#include "packages/packageFamilyDataAFactory.h" -#include "packages/packageSolaris.h" - -void SysInfoSolarisPackagesTest::SetUp() {}; - -void SysInfoSolarisPackagesTest::TearDown() {}; - -using ::testing::_; -using ::testing::Return; - -class SysInfoSolarisPackagesWrapperMock: public IPackageWrapper -{ - public: - SysInfoSolarisPackagesWrapperMock() = default; - virtual ~SysInfoSolarisPackagesWrapperMock() = default; - MOCK_METHOD(std::string, name, (), (const override)); - MOCK_METHOD(std::string, version, (), (const override)); - MOCK_METHOD(std::string, groups, (), (const override)); - MOCK_METHOD(std::string, description, (), (const override)); - MOCK_METHOD(std::string, architecture, (), (const override)); - MOCK_METHOD(std::string, format, (), (const override)); - MOCK_METHOD(std::string, osPatch, (), (const override)); - MOCK_METHOD(std::string, source, (), (const override)); - MOCK_METHOD(std::string, location, (), (const override)); - MOCK_METHOD(std::string, priority, (), (const override)); - MOCK_METHOD(int, size, (), (const override)); - MOCK_METHOD(std::string, vendor, (), (const override)); - MOCK_METHOD(std::string, install_time, (), (const override)); - MOCK_METHOD(std::string, multiarch, (), (const override)); -}; - -TEST_F(SysInfoSolarisPackagesTest, Test_Success_Data) -{ - auto mock { std::make_shared() }; - nlohmann::json packages {}; - - EXPECT_CALL(*mock, name()).Times(1).WillOnce(Return("libstdc++6")); - EXPECT_CALL(*mock, version()).Times(1).WillOnce(Return("5.5.0")); - EXPECT_CALL(*mock, groups()).Times(1).WillOnce(Return("application")); - EXPECT_CALL(*mock, description()).Times(1).WillOnce(Return("libstdc++6 - The GNU Compiler Collection, libstdc++.so.6")); - EXPECT_CALL(*mock, architecture()).Times(1).WillOnce(Return("i386")); - EXPECT_CALL(*mock, format()).Times(1).WillOnce(Return("pkg")); - EXPECT_CALL(*mock, source()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, location()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, priority()).Times(1).WillOnce(Return("")); - EXPECT_CALL(*mock, size()).Times(1).WillOnce(Return(0)); - EXPECT_CALL(*mock, vendor()).Times(1).WillOnce(Return("Oracle corporation")); - EXPECT_CALL(*mock, install_time()).Times(1).WillOnce(Return("2022/01/13 14:48:58")); - - EXPECT_NO_THROW(FactoryPackageFamilyCreator::create(mock)->buildPackageData(packages)); - - EXPECT_EQ("libstdc++6", packages.at("name").get_ref()); - EXPECT_EQ("5.5.0", packages.at("version").get_ref()); - EXPECT_EQ("application", packages.at("groups").get_ref()); - EXPECT_EQ("libstdc++6 - The GNU Compiler Collection, libstdc++.so.6", packages.at("description").get_ref()); - EXPECT_EQ("i386", packages.at("architecture").get_ref()); - EXPECT_EQ("pkg", packages.at("format").get_ref()); - EXPECT_EQ("", packages.at("source").get_ref()); - EXPECT_EQ("", packages.at("location").get_ref()); - EXPECT_EQ("", packages.at("priority").get_ref()); - EXPECT_EQ(0, packages.at("size").get()); - EXPECT_EQ("Oracle corporation", packages.at("vendor").get_ref()); - EXPECT_EQ("2022/01/13 14:48:58", packages.at("install_time").get_ref()); -} diff --git a/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.h b/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.h deleted file mode 100644 index ee94b89dd6..0000000000 --- a/src/common/data_provider/tests/sysInfoPackagesSolaris/sysInfoSolarisPackages_test.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Wazuh SysInfo - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2022. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _SYSINFO_SOLARIS_PACKAGES_TEST_H -#define _SYSINFO_SOLARIS_PACKAGES_TEST_H -#include "gtest/gtest.h" -#include "gmock/gmock.h" - -class SysInfoSolarisPackagesTest : public ::testing::Test -{ - - protected: - - SysInfoSolarisPackagesTest() = default; - virtual ~SysInfoSolarisPackagesTest() = default; - - void SetUp() override; - void TearDown() override; -}; - -#endif //_SYSINFO_SOLARIS_PACKAGES_TEST_H diff --git a/src/common/data_provider/tests/sysInfoPorts/CMakeLists.txt b/src/common/data_provider/tests/sysInfoPorts/CMakeLists.txt index 8c9b37eeff..f56aec98c5 100644 --- a/src/common/data_provider/tests/sysInfoPorts/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoPorts/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoPort_unit_test) @@ -14,19 +14,13 @@ add_executable(sysInfoPort_unit_test ${sysinfo_UNIT_TEST_SRC} ${SYSINFO_SRC}) -target_link_libraries(sysInfoPort_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson +target_link_libraries(sysInfoPort_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME sysInfoPort_unit_test - COMMAND sysInfoPort_unit_test) \ No newline at end of file + COMMAND sysInfoPort_unit_test) diff --git a/src/common/data_provider/tests/sysInfoPorts/main.cpp b/src/common/data_provider/tests/sysInfoPorts/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/data_provider/tests/sysInfoPorts/main.cpp +++ b/src/common/data_provider/tests/sysInfoPorts/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.cpp b/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.cpp index 4a7feb0b7c..fb6ee91693 100644 --- a/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.cpp +++ b/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.cpp @@ -66,4 +66,4 @@ TEST_F(SysInfoPortTest, Test_SPEC_Data) EXPECT_EQ("9", port.at("state").get_ref()); EXPECT_EQ(10, port.at("pid").get()); EXPECT_EQ("11", port.at("process").get_ref()); -} \ No newline at end of file +} diff --git a/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.h b/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.h index 442020f4a9..c50c760c97 100644 --- a/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.h +++ b/src/common/data_provider/tests/sysInfoPorts/sysInfoPort_test.h @@ -25,4 +25,4 @@ class SysInfoPortTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_PORT_TEST_H \ No newline at end of file +#endif //_SYSINFO_PORT_TEST_H diff --git a/src/common/data_provider/tests/sysInfoRpmPackageManager/CMakeLists.txt b/src/common/data_provider/tests/sysInfoRpmPackageManager/CMakeLists.txt index 9615a5dc21..5bc192e6ee 100644 --- a/src/common/data_provider/tests/sysInfoRpmPackageManager/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoRpmPackageManager/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(RpmPackageManager_unit_test) @@ -9,20 +9,12 @@ file(GLOB RPM_SRC "${CMAKE_SOURCE_DIR}/src/packages/rpm*.cpp") add_executable(Rpm_unit_test ${RPM_UNIT_TEST_SRC} ${RPM_SRC}) -target_link_libraries(Rpm_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - proc - dl +target_link_libraries(Rpm_unit_test PRIVATE + sysinfo + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main ) add_test(NAME Rpm_unit_test diff --git a/src/common/data_provider/tests/sysInfoWin/CMakeLists.txt b/src/common/data_provider/tests/sysInfoWin/CMakeLists.txt index dac07faab4..f2572b41d8 100644 --- a/src/common/data_provider/tests/sysInfoWin/CMakeLists.txt +++ b/src/common/data_provider/tests/sysInfoWin/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysInfoWindows_unit_test) @@ -26,4 +26,4 @@ target_link_libraries(sysInfoWindows_unit_test ) add_test(NAME sysInfoWindows_unit_test - COMMAND sysInfoWindows_unit_test) \ No newline at end of file + COMMAND sysInfoWindows_unit_test) diff --git a/src/common/data_provider/tests/sysInfoWin/sysInfoWin_test.h b/src/common/data_provider/tests/sysInfoWin/sysInfoWin_test.h index e2364e3c38..dfdfefa8fd 100644 --- a/src/common/data_provider/tests/sysInfoWin/sysInfoWin_test.h +++ b/src/common/data_provider/tests/sysInfoWin/sysInfoWin_test.h @@ -26,4 +26,4 @@ class SysInfoWinTest : public ::testing::Test void TearDown() override; }; -#endif //_SYSINFO_WIN_TEST_H \ No newline at end of file +#endif //_SYSINFO_WIN_TEST_H diff --git a/src/common/data_provider/testtool/CMakeLists.txt b/src/common/data_provider/testtool/CMakeLists.txt index 3a86541ec5..6424b918bd 100644 --- a/src/common/data_provider/testtool/CMakeLists.txt +++ b/src/common/data_provider/testtool/CMakeLists.txt @@ -1,23 +1,23 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sysinfo_test_tool) include_directories(${CMAKE_SOURCE_DIR}/include/) include_directories(${CMAKE_SOURCE_DIR}/src/) include_directories(${SRC_FOLDER}/shared_modules/common/) -include_directories(${SRC_FOLDER}/external/nlohmann/) - -link_directories(${SRC_FOLDER}/external/procps/) if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-pthread -fsanitize=address,leak,undefined") -endif(FSANITIZE) +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14") + if(FSANITIZE) + set(CMAKE_CXX_FLAGS_DEBUG "-pthread -fsanitize=address,leak,undefined") + endif(FSANITIZE) +else() + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT /EHsc") +endif() if(CMAKE_SYSTEM_NAME STREQUAL "Windows") add_definitions(-DWIN32=1) @@ -25,7 +25,7 @@ endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") add_executable(sysinfo_test_tool ${sysinfo_TESTTOOL_SRC} - ${CMAKE_SOURCE_DIR}/testtool/main.cpp) + ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(sysinfo_test_tool @@ -33,42 +33,11 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Windows") psapi iphlpapi ws2_32 - -static-libstdc++ - ) -elseif (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - target_link_libraries(sysinfo_test_tool - sysinfo - pthread) -elseif (CMAKE_SYSTEM_NAME STREQUAL "AIX" OR CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - target_link_libraries(sysinfo_test_tool - sysinfo - dl - pthread ) else() target_link_libraries(sysinfo_test_tool sysinfo dl pthread - proc ) - - if(SOLARIS) - target_link_libraries(sysinfo_test_tool - sysinfo - nsl - socket - ) - endif(SOLARIS) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -if(APPLE) - add_custom_command(TARGET sysinfo_test_tool - POST_BUILD COMMAND - ${CMAKE_INSTALL_NAME_TOOL} -change "@rpath/libsysinfo.dylib" "@executable_path/../lib/libsysinfo.dylib" - $) -add_custom_command(TARGET sysinfo_test_tool - POST_BUILD COMMAND - ${CMAKE_INSTALL_NAME_TOOL} -change "@rpath/libwazuhext.dylib" "@executable_path/../../../libwazuhext.dylib" - $) -endif(APPLE) diff --git a/src/common/dbsync/CMakeLists.txt b/src/common/dbsync/CMakeLists.txt index 5844620ea6..a790519e24 100644 --- a/src/common/dbsync/CMakeLists.txt +++ b/src/common/dbsync/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbsync) @@ -8,102 +8,85 @@ if(NOT CMAKE_BUILD_TYPE) set(CMAKE_BUILD_TYPE Release) endif() -get_filename_component(SHARED_MODULES ${CMAKE_SOURCE_DIR}/../ ABSOLUTE) -get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../../ ABSOLUTE) +get_filename_component(COMMON_FOLDER ${CMAKE_CURRENT_SOURCE_DIR}/../ ABSOLUTE) +get_filename_component(SRC_FOLDER ${CMAKE_CURRENT_SOURCE_DIR}/../../ ABSOLUTE) if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") + set(CMAKE_CXX_FLAGS_DEBUG "-g") + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set(CMAKE_CXX_FLAGS_RELEASE "-O3") + else() + set(CMAKE_CXX_FLAGS_RELEASE "-O3 -s") + endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") -set(CMAKE_CXX_FLAGS_DEBUG "-g") -if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(CMAKE_CXX_FLAGS_RELEASE "-O3") + if(FSANITIZE) + set(CMAKE_CXX_FLAGS_DEBUG "-g -fsanitize=address,leak,undefined") + endif(FSANITIZE) else() - set(CMAKE_CXX_FLAGS_RELEASE "-O3 -s") -endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-g -fsanitize=address,leak,undefined") -endif(FSANITIZE) + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT /EHsc") +endif() set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) -set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) +if(CMAKE_SYSTEM_NAME STREQUAL "Windows") + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}) +else() + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) +endif() if(APPLE) set(CMAKE_MACOSX_RPATH 1) endif(APPLE) -include_directories(${SRC_FOLDER}/external/sqlite/) -include_directories(${SRC_FOLDER}/external/nlohmann/) -include_directories(${SRC_FOLDER}/external/cJSON/) -include_directories(${CMAKE_SOURCE_DIR}/include/) -include_directories(${CMAKE_SOURCE_DIR}/src/) -include_directories(${SHARED_MODULES}/utils/) -include_directories(${SHARED_MODULES}/common/) - -if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - link_directories(${INSTALL_PREFIX}/lib) - add_definitions(-DPROMISE_TYPE=PromiseType::SLEEP) -else() - add_definitions(-DPROMISE_TYPE=PromiseType::NORMAL) -endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") +find_package(cJSON CONFIG REQUIRED) +find_package(nlohmann_json CONFIG REQUIRED) +find_package(unofficial-sqlite3 CONFIG REQUIRED) + +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/src/) +include_directories(${COMMON_FOLDER}) +include_directories(${COMMON_FOLDER}/mapWrapper/include/) +include_directories(${COMMON_FOLDER}/pipelineHelper/include/) +include_directories(${COMMON_FOLDER}/stringHelper/include/) +include_directories(${COMMON_FOLDER}/threadDispatcher/include/) +include_directories(${COMMON_FOLDER}/utils/) + +add_definitions(-DPROMISE_TYPE=PromiseType::NORMAL) link_directories(${SRC_FOLDER}) -link_directories(${SRC_FOLDER}/external/sqlite/) -link_directories(${SRC_FOLDER}/external/cJSON/) file(GLOB DBSYNC_SRC - "${CMAKE_SOURCE_DIR}/src/*.cpp" - "${CMAKE_SOURCE_DIR}/src/sqlite/*.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/src/*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/src/sqlite/*.cpp") -add_library(dbsync SHARED +add_library(dbsync STATIC ${DBSYNC_SRC} ${SRC_FOLDER}/${RESOURCE_OBJ}) -if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - add_definitions(-DWIN_EXPORT) - set_target_properties(dbsync PROPERTIES - PREFIX "" - SUFFIX ".dll" - LINK_FLAGS "-Wl,--add-stdcall-alias" - POSITION_INDEPENDENT_CODE 0 # this is to avoid MinGW warning; - # MinGW generates position-independent-code for DLL by default - ) -elseif(UNIX AND NOT APPLE) - if(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX" AND NOT CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - string(APPEND CMAKE_SHARED_LINKER_FLAGS " -Wl,-rpath=$ORIGIN") - endif(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX" AND NOT CMAKE_SYSTEM_NAME STREQUAL "HP-UX") -endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -target_link_libraries(dbsync wazuhext) - -if(CMAKE_BUILD_TYPE STREQUAL "Release") - if(CMAKE_SYSTEM_NAME STREQUAL "AIX") - string(REPLACE ";" ":" CXX_IMPLICIT_LINK_DIRECTORIES_STR "${CMAKE_CXX_IMPLICIT_LINK_DIRECTORIES}") - string(REPLACE ";" ":" PLATFORM_REQUIRED_RUNTIME_PATH_STR "${CMAKE_PLATFORM_REQUIRED_RUNTIME_PATH}") - target_link_libraries(dbsync -Wl,-blibpath:${INSTALL_PREFIX}/lib:${CXX_IMPLICIT_LINK_DIRECTORIES_STR}:${PLATFORM_REQUIRED_RUNTIME_PATH_STR}) - endif(CMAKE_SYSTEM_NAME STREQUAL "AIX") -endif(CMAKE_BUILD_TYPE STREQUAL "Release") - - -if(UNIT_TEST) - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - target_link_libraries(dbsync -fprofile-arcs) - else() - target_link_libraries(dbsync gcov) - endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") +target_link_libraries(dbsync utils nlohmann_json::nlohmann_json cjson unofficial::sqlite3::sqlite3) + +if(BUILD_TESTS) + if(NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + target_link_libraries(dbsync -fprofile-arcs) + else() + target_link_libraries(dbsync gcov) + endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - add_subdirectory(tests) - add_subdirectory(integrationTests) -endif(UNIT_TEST) + add_subdirectory(tests) + add_subdirectory(integrationTests) + endif(NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") +endif(BUILD_TESTS) -if(NOT DEFINED COVERITY AND NOT DEFINED UNIT_TEST) +if(NOT DEFINED COVERITY AND NOT DEFINED BUILD_TESTS) if(FSANITIZE) target_link_libraries(dbsync gcov) endif(FSANITIZE) add_subdirectory(example) add_subdirectory(testtool) -endif(NOT DEFINED COVERITY AND NOT DEFINED UNIT_TEST) +endif(NOT DEFINED COVERITY AND NOT DEFINED BUILD_TESTS) diff --git a/src/common/dbsync/example/CMakeLists.txt b/src/common/dbsync/example/CMakeLists.txt index c3f1d5ed95..4487b0a017 100644 --- a/src/common/dbsync/example/CMakeLists.txt +++ b/src/common/dbsync/example/CMakeLists.txt @@ -1,29 +1,28 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbsync_example) -include_directories(${CMAKE_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include/) link_directories(${CMAKE_BINARY_DIR}/lib) if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-Wall -Wextra -std=c++14") +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -std=c++14") +else() + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT") +endif() -add_executable(dbsync_example - "${CMAKE_SOURCE_DIR}/example/main.cpp" ) +add_executable(dbsync_example + "${CMAKE_CURRENT_SOURCE_DIR}/main.cpp" ) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(dbsync_example dbsync - pthread -static-libgcc -static-libstdc++ ) -elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - target_link_libraries(dbsync_example - dbsync - pthread) else() target_link_libraries(dbsync_example dbsync diff --git a/src/common/dbsync/example/main.cpp b/src/common/dbsync/example/main.cpp index 3dd87a28ea..618fc4f50d 100644 --- a/src/common/dbsync/example/main.cpp +++ b/src/common/dbsync/example/main.cpp @@ -75,4 +75,4 @@ int main() cJSON_Delete(json_insert); return 0; -} \ No newline at end of file +} diff --git a/src/common/dbsync/include/db_exception.h b/src/common/dbsync/include/db_exception.h index 1295089cad..bee9eb3b69 100644 --- a/src/common/dbsync/include/db_exception.h +++ b/src/common/dbsync/include/db_exception.h @@ -14,6 +14,12 @@ #include #include +#if defined(__GNUC__) || defined(__clang__) +#define ATTR_RET_NONNULL __attribute__((__returns_nonnull__)) +#else +#define ATTR_RET_NONNULL +#endif + using DBSyncExceptionType = const std::pair; DBSyncExceptionType FACTORY_INSTANTATION { std::make_pair(1, "Unspecified type during factory instantiation") }; @@ -48,7 +54,7 @@ namespace DbSync class dbsync_error : public std::exception { public: - __attribute__((__returns_nonnull__)) + ATTR_RET_NONNULL const char* what() const noexcept override { return m_error.what(); @@ -82,7 +88,7 @@ namespace DbSync class max_rows_error : public std::exception { public: - __attribute__((__returns_nonnull__)) + ATTR_RET_NONNULL const char* what() const noexcept override { return m_error.what(); diff --git a/src/common/dbsync/include/dbsync.h b/src/common/dbsync/include/dbsync.h index 6c9a093f1a..f3bf34e663 100644 --- a/src/common/dbsync/include/dbsync.h +++ b/src/common/dbsync/include/dbsync.h @@ -12,21 +12,6 @@ #ifndef _DBSYNC_H_ #define _DBSYNC_H_ -// Define EXPORTED for any platform -#ifndef EXPORTED -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif -#endif - #include "commonDefs.h" #ifdef __cplusplus @@ -38,7 +23,7 @@ extern "C" { * * @param log_function pointer to log function to be used by the dbsync. */ -EXPORTED void dbsync_initialize(log_fnc_t log_function); +void dbsync_initialize(log_fnc_t log_function); /** * @brief Creates a new DBSync instance (wrapper) @@ -52,7 +37,7 @@ EXPORTED void dbsync_initialize(log_fnc_t log_function); * * @return Handle instance to be used for common sql operations (cannot be used by more than 1 thread). */ -EXPORTED DBSYNC_HANDLE dbsync_create(const HostType host_type, +DBSYNC_HANDLE dbsync_create(const HostType host_type, const DbEngineType db_type, const char* path, const char* sql_statement); @@ -70,7 +55,7 @@ EXPORTED DBSYNC_HANDLE dbsync_create(const HostType host_type, * * @return Handle instance to be used for common sql operations (cannot be used by more than 1 thread). */ -EXPORTED DBSYNC_HANDLE dbsync_create_persistent(const HostType host_type, +DBSYNC_HANDLE dbsync_create_persistent(const HostType host_type, const DbEngineType db_type, const char* path, const char* sql_statement, @@ -79,7 +64,7 @@ EXPORTED DBSYNC_HANDLE dbsync_create_persistent(const HostType host_type, /** * @brief Turns off the services provided by the shared library. */ -EXPORTED void dbsync_teardown(void); +void dbsync_teardown(void); /** * @brief Creates a database transaction based on the supplied information. @@ -94,7 +79,7 @@ EXPORTED void dbsync_teardown(void); * * @return Handle instance to be used in transacted operations. */ -EXPORTED TXN_HANDLE dbsync_create_txn(const DBSYNC_HANDLE handle, +TXN_HANDLE dbsync_create_txn(const DBSYNC_HANDLE handle, const cJSON* tables, const unsigned int thread_number, const unsigned int max_queue_size, @@ -108,7 +93,7 @@ EXPORTED TXN_HANDLE dbsync_create_txn(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_close_txn(const TXN_HANDLE txn); +int dbsync_close_txn(const TXN_HANDLE txn); /** * @brief Synchronizes the \p js_input data using the \p txn current @@ -120,7 +105,7 @@ EXPORTED int dbsync_close_txn(const TXN_HANDLE txn); * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_sync_txn_row(const TXN_HANDLE txn, +int dbsync_sync_txn_row(const TXN_HANDLE txn, const cJSON* js_input); /** @@ -132,7 +117,7 @@ EXPORTED int dbsync_sync_txn_row(const TXN_HANDLE txn, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_add_table_relationship(const DBSYNC_HANDLE handle, +int dbsync_add_table_relationship(const DBSYNC_HANDLE handle, const cJSON* js_input); /** @@ -144,7 +129,7 @@ EXPORTED int dbsync_add_table_relationship(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_insert_data(const DBSYNC_HANDLE handle, +int dbsync_insert_data(const DBSYNC_HANDLE handle, const cJSON* js_insert); /** @@ -157,7 +142,7 @@ EXPORTED int dbsync_insert_data(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_set_table_max_rows(const DBSYNC_HANDLE handle, +int dbsync_set_table_max_rows(const DBSYNC_HANDLE handle, const char* table, const long long max_rows); @@ -172,7 +157,7 @@ EXPORTED int dbsync_set_table_max_rows(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_sync_row(const DBSYNC_HANDLE handle, +int dbsync_sync_row(const DBSYNC_HANDLE handle, const cJSON* js_input, callback_data_t callback_data); @@ -187,7 +172,7 @@ EXPORTED int dbsync_sync_row(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_select_rows(const DBSYNC_HANDLE handle, +int dbsync_select_rows(const DBSYNC_HANDLE handle, const cJSON* js_data_input, callback_data_t callback_data); @@ -200,7 +185,7 @@ EXPORTED int dbsync_select_rows(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_delete_rows(const DBSYNC_HANDLE handle, +int dbsync_delete_rows(const DBSYNC_HANDLE handle, const cJSON* js_key_values); /** @@ -213,7 +198,7 @@ EXPORTED int dbsync_delete_rows(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_get_deleted_rows(const TXN_HANDLE txn, +int dbsync_get_deleted_rows(const TXN_HANDLE txn, callback_data_t callback_data); /** @@ -229,7 +214,7 @@ EXPORTED int dbsync_get_deleted_rows(const TXN_HANDLE txn, * * @details The \p js_result resulting data should be freed using the \ref dbsync_free_result function. */ -EXPORTED int dbsync_update_with_snapshot(const DBSYNC_HANDLE handle, +int dbsync_update_with_snapshot(const DBSYNC_HANDLE handle, const cJSON* js_snapshot, cJSON** js_result); @@ -244,7 +229,7 @@ EXPORTED int dbsync_update_with_snapshot(const DBSYNC_HANDLE handle, * @return 0 if succeeded, * specific error code (OS dependent) otherwise. */ -EXPORTED int dbsync_update_with_snapshot_cb(const DBSYNC_HANDLE handle, +int dbsync_update_with_snapshot_cb(const DBSYNC_HANDLE handle, const cJSON* js_snapshot, callback_data_t callback_data); @@ -256,7 +241,7 @@ EXPORTED int dbsync_update_with_snapshot_cb(const DBSYNC_HANDLE handle, * @details This function should only be used to free result objects obtained * from the interface. */ -EXPORTED void dbsync_free_result(cJSON** js_data); +void dbsync_free_result(cJSON** js_data); #ifdef __cplusplus } diff --git a/src/common/dbsync/include/dbsync.hpp b/src/common/dbsync/include/dbsync.hpp index be4c493989..f074c658fc 100644 --- a/src/common/dbsync/include/dbsync.hpp +++ b/src/common/dbsync/include/dbsync.hpp @@ -12,28 +12,15 @@ #ifndef _DBSYNC_HPP_ #define _DBSYNC_HPP_ -// Define EXPORTED for any platform -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif - #include -#include "json.hpp" +#include #include "db_exception.h" #include "commonDefs.h" #include "builder.hpp" using ResultCallbackData = const std::function; -class EXPORTED DBSync +class DBSync { public: /** @@ -168,7 +155,7 @@ class EXPORTED DBSync bool m_shouldBeRemoved; }; -class EXPORTED DBSyncTxn +class DBSyncTxn { public: /** @@ -236,7 +223,7 @@ class EXPORTED DBSyncTxn }; template -class EXPORTED Query : public Utils::Builder +class Query : public Utils::Builder { protected: nlohmann::json m_jsQuery; @@ -264,7 +251,7 @@ class EXPORTED Query : public Utils::Builder }; -class EXPORTED SelectQuery final : public Query +class SelectQuery final : public Query { public: SelectQuery() = default; @@ -314,7 +301,7 @@ class EXPORTED SelectQuery final : public Query }; -class EXPORTED DeleteQuery final : public Query +class DeleteQuery final : public Query { public: DeleteQuery() = default; @@ -344,7 +331,7 @@ class EXPORTED DeleteQuery final : public Query DeleteQuery& reset(); }; -class EXPORTED InsertQuery final : public Query +class InsertQuery final : public Query { public: InsertQuery() = default; @@ -366,7 +353,7 @@ class EXPORTED InsertQuery final : public Query InsertQuery& reset(); }; -class EXPORTED SyncRowQuery final : public Query +class SyncRowQuery final : public Query { public: SyncRowQuery() = default; diff --git a/src/common/dbsync/integrationTests/CMakeLists.txt b/src/common/dbsync/integrationTests/CMakeLists.txt index a9dfc84ad8..15713dae31 100644 --- a/src/common/dbsync/integrationTests/CMakeLists.txt +++ b/src/common/dbsync/integrationTests/CMakeLists.txt @@ -1,12 +1,10 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(integration_tests) include_directories(${CMAKE_SOURCE_DIR}/include/) -include_directories(${SRC_FOLDER}/external/googletest/googletest/include/) -include_directories(${SRC_FOLDER}/external/googletest/googlemock/include/) -link_directories(${SRC_FOLDER}/external/googletest/lib/) +find_package(GTest CONFIG REQUIRED) if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") string(APPEND CMAKE_EXE_LINKER_FLAGS " -fprofile-arcs ") diff --git a/src/common/dbsync/integrationTests/fim/CMakeLists.txt b/src/common/dbsync/integrationTests/fim/CMakeLists.txt index 6dc5e99630..5b4164a218 100644 --- a/src/common/dbsync/integrationTests/fim/CMakeLists.txt +++ b/src/common/dbsync/integrationTests/fim/CMakeLists.txt @@ -1,53 +1,47 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(fim_integration_test) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") -include_directories(${CMAKE_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../include/) link_directories(${CMAKE_BINARY_DIR}/lib) file(GLOB INTERFACE_UNITTEST_SRC "*.cpp") file(GLOB DBSYNC_IMP_SRC - "${SRC_FOLDER}/shared_modules/dbsync/src/*.cpp" - "${SRC_FOLDER}/shared_modules/dbsync/src/sqlite/*.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/*.cpp") -add_executable(fim_integration_test - ${INTERFACE_UNITTEST_SRC} +add_executable(fim_integration_test + ${INTERFACE_UNITTEST_SRC} ${DBSYNC_IMP_SRC}) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(fim_integration_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main cjson - sqlite3 + unofficial::sqlite3::sqlite3 pthread + utils -static-libgcc -static-libstdc++ ) else() target_link_libraries(fim_integration_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main cjson - sqlite3 + unofficial::sqlite3::sqlite3 pthread dl + utils ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") add_test(NAME fim_integration_test - COMMAND fim_integration_test) \ No newline at end of file + COMMAND fim_integration_test) diff --git a/src/common/dbsync/integrationTests/fim/fimIntegrationTest.cpp b/src/common/dbsync/integrationTests/fim/fimIntegrationTest.cpp index 5cf55ffa46..1ed42fda36 100644 --- a/src/common/dbsync/integrationTests/fim/fimIntegrationTest.cpp +++ b/src/common/dbsync/integrationTests/fim/fimIntegrationTest.cpp @@ -11,7 +11,7 @@ #include #include -#include "json.hpp" +#include #include "dbsync.h" #include "fimIntegrationTest.h" #include "fimDbDump.h" diff --git a/src/common/dbsync/integrationTests/fim/main.cpp b/src/common/dbsync/integrationTests/fim/main.cpp index ab2080e354..0f361a25f2 100644 --- a/src/common/dbsync/integrationTests/fim/main.cpp +++ b/src/common/dbsync/integrationTests/fim/main.cpp @@ -15,4 +15,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowInsert.json b/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowInsert.json index b14f118717..42624c1a82 100644 --- a/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowInsert.json +++ b/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowInsert.json @@ -133,4 +133,4 @@ } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowModified.json b/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowModified.json index ecc876f59e..ccc2cdac39 100644 --- a/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowModified.json +++ b/src/common/dbsync/smokeTests/InsertionUpdateDeleteSelect/inputSyncRowModified.json @@ -34,7 +34,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/config.json b/src/common/dbsync/smokeTests/config.json index 54ff376547..55b2c59b69 100644 --- a/src/common/dbsync/smokeTests/config.json +++ b/src/common/dbsync/smokeTests/config.json @@ -1,7 +1,7 @@ { "db_name": "temp.db", "db_type": "1", - "host_type": "1", + "host_type": "1", "persistance": "", "sql_statement":"CREATE TABLE processes(`pid` BIGINT, `name` TEXT, `path` TEXT, `cmdline` TEXT, `state` TEXT, `cwd` TEXT, `root` TEXT, `uid` BIGINT, `gid` BIGINT, `euid` BIGINT, `egid` BIGINT, `suid` BIGINT, `sgid` BIGINT, `on_disk` INTEGER, `wired_size` BIGINT, `resident_size` BIGINT, `total_size` BIGINT, `user_time` BIGINT, `system_time` BIGINT, `disk_bytes_read` BIGINT, `disk_bytes_written` BIGINT, `start_time` BIGINT, `parent` BIGINT, `pgroup` BIGINT, `threads` INTEGER, `nice` INTEGER, `is_elevated_token` INTEGER, `elapsed_time` BIGINT, `handle_count` BIGINT, `percent_processor_time` BIGINT, `upid` BIGINT HIDDEN, `uppid` BIGINT HIDDEN, `cpu_type` INTEGER HIDDEN, `cpu_subtype` INTEGER HIDDEN, `phys_footprint` BIGINT HIDDEN, PRIMARY KEY (`pid`)) WITHOUT ROWID;CREATE TABLE processes_sockets(`socket_id` BIGINT, `pid` BIGINT, PRIMARY KEY (`socket_id`)) WITHOUT ROWID;" -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/snapshotsUpdate/insertData.json b/src/common/dbsync/smokeTests/snapshotsUpdate/insertData.json index 71ccf64a50..eb10a9e8b7 100644 --- a/src/common/dbsync/smokeTests/snapshotsUpdate/insertData.json +++ b/src/common/dbsync/smokeTests/snapshotsUpdate/insertData.json @@ -194,7 +194,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} +} diff --git a/src/common/dbsync/smokeTests/snapshotsUpdate/updateWithSnapshot.json b/src/common/dbsync/smokeTests/snapshotsUpdate/updateWithSnapshot.json index 02df113cbb..1d683d1536 100644 --- a/src/common/dbsync/smokeTests/snapshotsUpdate/updateWithSnapshot.json +++ b/src/common/dbsync/smokeTests/snapshotsUpdate/updateWithSnapshot.json @@ -101,5 +101,4 @@ } ] } - - } \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/triggerActions/Readme.md b/src/common/dbsync/smokeTests/triggerActions/Readme.md index a2bdf5358b..74433613db 100644 --- a/src/common/dbsync/smokeTests/triggerActions/Readme.md +++ b/src/common/dbsync/smokeTests/triggerActions/Readme.md @@ -4,11 +4,10 @@ This test represents a trigger action use case where the following steps will be 2) Insert the `insertDataProcesses.json` file's data into the DB. 3) Insert the `insertDataSocket.json` file's data into the DB. 4) Add relationship in tables based on `addTableRelationship.json` file's data. -5) Delete data in table processes based on `deleteRows.json`, which should implicitly delete the data in the socket table. +5) Delete data in table processes based on `deleteRows.json`, which should implicitly delete the data in the socket table. # Execution In order to execute this test it would be needed the `dbsync_test_tool` binary and the command line will look like the following one: ``` $> ./dbsync_test_tool -c config.json -a insertDataProcesses.json,insertDataSocket.json,addTableRelationship.json,deleteRows.json -o ./output ``` - diff --git a/src/common/dbsync/smokeTests/triggerActions/addTableRelationship.json b/src/common/dbsync/smokeTests/triggerActions/addTableRelationship.json index 67d306c2a3..8e2dcc457b 100644 --- a/src/common/dbsync/smokeTests/triggerActions/addTableRelationship.json +++ b/src/common/dbsync/smokeTests/triggerActions/addTableRelationship.json @@ -1,16 +1,16 @@ { "action": "dbsync_add_table_relationship", - "body": { + "body": { "base_table":"processes", "relationed_tables": [ { "table": "processes_sockets", - "field_match": + "field_match": { "pid": "pid" } } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/triggerActions/deleteRows.json b/src/common/dbsync/smokeTests/triggerActions/deleteRows.json index 0277cd843f..c14705e7d0 100644 --- a/src/common/dbsync/smokeTests/triggerActions/deleteRows.json +++ b/src/common/dbsync/smokeTests/triggerActions/deleteRows.json @@ -10,4 +10,4 @@ "where_filter_opt":"" } } - } \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/triggerActions/insertDataProcesses.json b/src/common/dbsync/smokeTests/triggerActions/insertDataProcesses.json index ca8b227f62..89deb40345 100644 --- a/src/common/dbsync/smokeTests/triggerActions/insertDataProcesses.json +++ b/src/common/dbsync/smokeTests/triggerActions/insertDataProcesses.json @@ -34,8 +34,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } - } - \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/triggerActions/insertDataSocket.json b/src/common/dbsync/smokeTests/triggerActions/insertDataSocket.json index b6b6607b44..beab245746 100644 --- a/src/common/dbsync/smokeTests/triggerActions/insertDataSocket.json +++ b/src/common/dbsync/smokeTests/triggerActions/insertDataSocket.json @@ -6,8 +6,7 @@ { "pid":4, "socket_id":1 - } + } ] } - } - \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/txnOperation/closeTxn.json b/src/common/dbsync/smokeTests/txnOperation/closeTxn.json index 77cb64e300..ec8ad649c3 100644 --- a/src/common/dbsync/smokeTests/txnOperation/closeTxn.json +++ b/src/common/dbsync/smokeTests/txnOperation/closeTxn.json @@ -1,3 +1,3 @@ { "action": "dbsync_close_txn" -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/txnOperation/createTxn.json b/src/common/dbsync/smokeTests/txnOperation/createTxn.json index 368c9af083..68275eea63 100644 --- a/src/common/dbsync/smokeTests/txnOperation/createTxn.json +++ b/src/common/dbsync/smokeTests/txnOperation/createTxn.json @@ -3,4 +3,4 @@ "body": { "tables": ["processes"] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/txnOperation/inputSyncRowInsertTxn.json b/src/common/dbsync/smokeTests/txnOperation/inputSyncRowInsertTxn.json index 79030efc64..adfc24765e 100644 --- a/src/common/dbsync/smokeTests/txnOperation/inputSyncRowInsertTxn.json +++ b/src/common/dbsync/smokeTests/txnOperation/inputSyncRowInsertTxn.json @@ -66,7 +66,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/smokeTests/txnOperation/inputSyncRowModifiedTxn.json b/src/common/dbsync/smokeTests/txnOperation/inputSyncRowModifiedTxn.json index 3d0c608429..e8f7370ae1 100644 --- a/src/common/dbsync/smokeTests/txnOperation/inputSyncRowModifiedTxn.json +++ b/src/common/dbsync/smokeTests/txnOperation/inputSyncRowModifiedTxn.json @@ -34,7 +34,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/src/dbengine.h b/src/common/dbsync/src/dbengine.h index da4c55fa6e..b961566999 100644 --- a/src/common/dbsync/src/dbengine.h +++ b/src/common/dbsync/src/dbengine.h @@ -17,7 +17,7 @@ #include #include #include -#include "json.hpp" +#include #include "commonDefs.h" #include "abstractLocking.hpp" diff --git a/src/common/dbsync/src/dbsync_implementation.h b/src/common/dbsync/src/dbsync_implementation.h index 0a7a09ac87..727272f860 100644 --- a/src/common/dbsync/src/dbsync_implementation.h +++ b/src/common/dbsync/src/dbsync_implementation.h @@ -18,7 +18,7 @@ #include #include "dbengine_factory.h" #include "commonDefs.h" -#include "json.hpp" +#include namespace DbSync { diff --git a/src/common/dbsync/src/sqlite/isqlite_wrapper.h b/src/common/dbsync/src/sqlite/isqlite_wrapper.h index c18f5f486f..72271f881e 100644 --- a/src/common/dbsync/src/sqlite/isqlite_wrapper.h +++ b/src/common/dbsync/src/sqlite/isqlite_wrapper.h @@ -16,7 +16,7 @@ #include #include "db_exception.h" -namespace SQLite +namespace SQLiteLegacy { const constexpr auto MAX_ROWS_ERROR_STRING {"Too Many Rows."}; @@ -90,4 +90,4 @@ namespace SQLite }; -}//namespace SQLite +}//namespace SQLiteLegacy diff --git a/src/common/dbsync/src/sqlite/sqlite_dbengine.cpp b/src/common/dbsync/src/sqlite/sqlite_dbengine.cpp index 210882507f..f8ebda3cc3 100644 --- a/src/common/dbsync/src/sqlite/sqlite_dbengine.cpp +++ b/src/common/dbsync/src/sqlite/sqlite_dbengine.cpp @@ -377,7 +377,10 @@ void SQLiteDBEngine::returnRowsMarkedForDelete(const nlohmann::json& tableNames, const DbSync::ResultCallback callback, std::unique_lock& lock) { - m_transaction->commit(); + if (m_transaction) + { + m_transaction->commit(); + } m_transaction = m_sqliteFactory->createTransaction(m_sqliteConnection); for (const auto& tableValue : tableNames) @@ -793,7 +796,7 @@ ColumnType SQLiteDBEngine::columnTypeName(const std::string& type) return retVal; } -bool SQLiteDBEngine::bindJsonData(const std::shared_ptr stmt, +bool SQLiteDBEngine::bindJsonData(const std::shared_ptr stmt, const ColumnData& cd, const nlohmann::json::value_type& valueType, const unsigned int cid) @@ -984,7 +987,7 @@ bool SQLiteDBEngine::getPrimaryKeysFromTable(const std::string& table, return retVal; } -void SQLiteDBEngine::getTableData(std::shared_ptrconst stmt, +void SQLiteDBEngine::getTableData(std::shared_ptrconst stmt, const int32_t index, const ColumnType& type, const std::string& fieldName, @@ -1225,7 +1228,7 @@ void SQLiteDBEngine::deleteRowsbyPK(const std::string& table, } } -void SQLiteDBEngine::bindFieldData(const std::shared_ptr stmt, +void SQLiteDBEngine::bindFieldData(const std::shared_ptr stmt, const int32_t index, const TableField& fieldData) { @@ -1980,14 +1983,14 @@ void SQLiteDBEngine::getFieldValueFromTuple(const Field& value, } } -std::shared_ptrconst SQLiteDBEngine::getStatement(const std::string& sql) +std::shared_ptrconst SQLiteDBEngine::getStatement(const std::string& sql) { std::lock_guard lock(m_stmtMutex); const auto it { std::find_if(m_statementsCache.begin(), m_statementsCache.end(), - [sql](const std::pair>& pair) + [sql](const std::pair>& pair) { return 0 == pair.first.compare(sql); }) @@ -2136,7 +2139,7 @@ void SQLiteDBEngine::updateTableRowCounter(const std::string& table, const long { if (it->second.currentRows + rowModifyCount > it->second.maxRows) { - throw DbSync::max_rows_error { SQLite::MAX_ROWS_ERROR_STRING }; + throw DbSync::max_rows_error { SQLiteLegacy::MAX_ROWS_ERROR_STRING }; } it->second.currentRows += rowModifyCount; diff --git a/src/common/dbsync/src/sqlite/sqlite_dbengine.h b/src/common/dbsync/src/sqlite/sqlite_dbengine.h index c4de7b9e8d..8dddf8c703 100644 --- a/src/common/dbsync/src/sqlite/sqlite_dbengine.h +++ b/src/common/dbsync/src/sqlite/sqlite_dbengine.h @@ -181,7 +181,7 @@ class SQLiteDBEngine final : public DbSync::IDbEngine ColumnType columnTypeName(const std::string& type); - bool bindJsonData(const std::shared_ptr stmt, + bool bindJsonData(const std::shared_ptr stmt, const ColumnData& cd, const nlohmann::json::value_type& valueType, const unsigned int cid); @@ -222,13 +222,13 @@ class SQLiteDBEngine final : public DbSync::IDbEngine void deleteRowsbyPK(const std::string& table, const nlohmann::json& data); - void getTableData(std::shared_ptrconst stmt, + void getTableData(std::shared_ptrconst stmt, const int32_t index, const ColumnType& type, const std::string& fieldName, Row& row); - void bindFieldData(const std::shared_ptr stmt, + void bindFieldData(const std::shared_ptr stmt, const int32_t index, const TableField& fieldData); @@ -295,7 +295,7 @@ class SQLiteDBEngine final : public DbSync::IDbEngine SQLiteDBEngine& operator=(const SQLiteDBEngine&) = delete; - std::shared_ptrconst getStatement(const std::string& sql); + std::shared_ptrconst getStatement(const std::string& sql); std::string getSelectAllQuery(const std::string& table, const TableColumns& tableFields) const; @@ -316,11 +316,11 @@ class SQLiteDBEngine final : public DbSync::IDbEngine const std::function callback = {}); Utils::MapWrapperSafe m_tableFields; - std::deque>> m_statementsCache; + std::deque>> m_statementsCache; const std::shared_ptr m_sqliteFactory; - std::shared_ptr m_sqliteConnection; + std::shared_ptr m_sqliteConnection; std::mutex m_stmtMutex; - std::unique_ptr m_transaction; + std::unique_ptr m_transaction; std::mutex m_maxRowsMutex; std::map m_maxRows; }; diff --git a/src/common/dbsync/src/sqlite/sqlite_wrapper.cpp b/src/common/dbsync/src/sqlite/sqlite_wrapper.cpp index feabdb1227..9546a0f0cb 100644 --- a/src/common/dbsync/src/sqlite/sqlite_wrapper.cpp +++ b/src/common/dbsync/src/sqlite/sqlite_wrapper.cpp @@ -11,7 +11,6 @@ #include "sqlite_wrapper.h" #include "db_exception.h" -#include "makeUnique.h" #include "customDeleter.hpp" #include #include @@ -24,7 +23,7 @@ constexpr auto DB_PERMISSIONS 0640 }; -using namespace SQLite; +using namespace SQLiteLegacy; using ExpandedSQLPtr = std::unique_ptr>; static void checkSqliteResult(const int result, @@ -271,7 +270,7 @@ std::string Statement::expand() std::unique_ptr Statement::column(const int32_t index) { - return std::make_unique(m_stmt, index); + return std::make_unique(m_stmt, index); } int Statement::columnsCount() const diff --git a/src/common/dbsync/src/sqlite/sqlite_wrapper.h b/src/common/dbsync/src/sqlite/sqlite_wrapper.h index c020b97ea5..0937c19690 100644 --- a/src/common/dbsync/src/sqlite/sqlite_wrapper.h +++ b/src/common/dbsync/src/sqlite/sqlite_wrapper.h @@ -13,11 +13,11 @@ #define _SQLITE_WRAPPER_H #include "isqlite_wrapper.h" -#include "sqlite3.h" +#include #include #include -namespace SQLite +namespace SQLiteLegacy { class Connection : public IConnection { diff --git a/src/common/dbsync/src/sqlite/sqlite_wrapper_factory.h b/src/common/dbsync/src/sqlite/sqlite_wrapper_factory.h index 7a1ab215b4..d65a71fc81 100644 --- a/src/common/dbsync/src/sqlite/sqlite_wrapper_factory.h +++ b/src/common/dbsync/src/sqlite/sqlite_wrapper_factory.h @@ -13,16 +13,16 @@ #define _SQLITE_WRAPPER_FACTORY_H #include "sqlite_wrapper.h" -#include "makeUnique.h" + class ISQLiteFactory { public: // LCOV_EXCL_START virtual ~ISQLiteFactory() = default; // LCOV_EXCL_STOP - virtual std::shared_ptr createConnection(const std::string& path) = 0; - virtual std::unique_ptr createTransaction(std::shared_ptr& connection) = 0; - virtual std::unique_ptr createStatement(std::shared_ptr& connection, + virtual std::shared_ptr createConnection(const std::string& path) = 0; + virtual std::unique_ptr createTransaction(std::shared_ptr& connection) = 0; + virtual std::unique_ptr createStatement(std::shared_ptr& connection, const std::string& query) = 0; }; @@ -36,19 +36,19 @@ class SQLiteFactory : public ISQLiteFactory SQLiteFactory(const SQLiteFactory&) = delete; SQLiteFactory& operator=(const SQLiteFactory&) = delete; - std::shared_ptr createConnection(const std::string& path) override + std::shared_ptr createConnection(const std::string& path) override { - return std::make_shared(path); + return std::make_shared(path); } - std::unique_ptr createTransaction(std::shared_ptr& connection) override + std::unique_ptr createTransaction(std::shared_ptr& connection) override { - return std::make_unique(connection); + return std::make_unique(connection); } - std::unique_ptr createStatement(std::shared_ptr& connection, + std::unique_ptr createStatement(std::shared_ptr& connection, const std::string& query) override { - return std::make_unique(connection, query); + return std::make_unique(connection, query); } }; diff --git a/src/common/dbsync/tests/CMakeLists.txt b/src/common/dbsync/tests/CMakeLists.txt index 7746c89e74..a8e147c950 100644 --- a/src/common/dbsync/tests/CMakeLists.txt +++ b/src/common/dbsync/tests/CMakeLists.txt @@ -1,13 +1,11 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(unit_tests) -include_directories(${CMAKE_SOURCE_DIR}/src/) -include_directories(${CMAKE_SOURCE_DIR}/src/sqlite/) -include_directories(${SRC_FOLDER}/external/googletest/googletest/include/) -include_directories(${SRC_FOLDER}/external/googletest/googlemock/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../src/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../src/sqlite/) -link_directories(${SRC_FOLDER}/external/googletest/lib/) +find_package(GTest CONFIG REQUIRED) if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") string(APPEND CMAKE_EXE_LINKER_FLAGS " -fprofile-arcs ") @@ -18,4 +16,4 @@ endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") add_subdirectory(sqlite) add_subdirectory(interface) add_subdirectory(pipelineFactory) -add_subdirectory(dbengine) \ No newline at end of file +add_subdirectory(dbengine) diff --git a/src/common/dbsync/tests/dbengine/CMakeLists.txt b/src/common/dbsync/tests/dbengine/CMakeLists.txt index c9337f798c..b60d0825bb 100644 --- a/src/common/dbsync/tests/dbengine/CMakeLists.txt +++ b/src/common/dbsync/tests/dbengine/CMakeLists.txt @@ -1,52 +1,53 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbengine_unit_test) - if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-Wall -Wextra -std=c++14 --coverage") +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -std=c++14 --coverage") +else() + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT /coverage") +endif() -include_directories(${CMAKE_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../include/) link_directories(${CMAKE_BINARY_DIR}/lib) - file(GLOB DBENGINE_UNITTEST_SRC "*.cpp") file(GLOB SQLITE_ENGINE_SRC - "${CMAKE_SOURCE_DIR}/src/sqlite/sqlite_dbengine.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/*.cpp") -add_executable(dbengine_unit_test - ${DBENGINE_UNITTEST_SRC} +add_executable(dbengine_unit_test + ${DBENGINE_UNITTEST_SRC} ${SQLITE_ENGINE_SRC}) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(dbengine_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main + unofficial::sqlite3::sqlite3 + cjson pthread + utils -static-libgcc -static-libstdc++ ) else() target_link_libraries(dbengine_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main + unofficial::sqlite3::sqlite3 + cjson pthread dl + utils ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") diff --git a/src/common/dbsync/tests/dbengine/dbengine_test.h b/src/common/dbsync/tests/dbengine/dbengine_test.h index f340c8c74c..480b65c05f 100644 --- a/src/common/dbsync/tests/dbengine/dbengine_test.h +++ b/src/common/dbsync/tests/dbengine/dbengine_test.h @@ -21,4 +21,4 @@ class DBEngineTest : public ::testing::Test virtual ~DBEngineTest() = default; }; -#endif //_DBENGINE_TEST_H \ No newline at end of file +#endif //_DBENGINE_TEST_H diff --git a/src/common/dbsync/tests/dbengine/main.cpp b/src/common/dbsync/tests/dbengine/main.cpp index d6fc27ef1c..11671c3d24 100644 --- a/src/common/dbsync/tests/dbengine/main.cpp +++ b/src/common/dbsync/tests/dbengine/main.cpp @@ -15,4 +15,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/dbsync/tests/interface/CMakeLists.txt b/src/common/dbsync/tests/interface/CMakeLists.txt index 49f9a2290a..2cac2a5ee9 100644 --- a/src/common/dbsync/tests/interface/CMakeLists.txt +++ b/src/common/dbsync/tests/interface/CMakeLists.txt @@ -1,49 +1,43 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbsync_unit_test) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") -include_directories(${CMAKE_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../include/) link_directories(${CMAKE_BINARY_DIR}/lib) file(GLOB INTERFACE_UNITTEST_SRC "*.cpp" - "${CMAKE_SOURCE_DIR}/src/*.cpp" - "${CMAKE_SOURCE_DIR}/src/sqlite/*.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/*.cpp") -add_executable(dbsync_unit_test +add_executable(dbsync_unit_test ${INTERFACE_UNITTEST_SRC} ) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(dbsync_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - sqlite3 + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main + unofficial::sqlite3::sqlite3 cjson pthread + utils -static-libgcc -static-libstdc++ ) else() target_link_libraries(dbsync_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - sqlite3 + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main + unofficial::sqlite3::sqlite3 cjson pthread dl + utils ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") diff --git a/src/common/dbsync/tests/interface/dbsync_test.cpp b/src/common/dbsync/tests/interface/dbsync_test.cpp index 20470c1aeb..4029c2a21f 100644 --- a/src/common/dbsync/tests/interface/dbsync_test.cpp +++ b/src/common/dbsync/tests/interface/dbsync_test.cpp @@ -10,11 +10,10 @@ */ #include -#include "json.hpp" +#include #include "dbsync_test.h" #include "dbsync.h" #include "dbsync.hpp" -#include "makeUnique.h" #include "test_inputs.h" #include "cjsonSmartDeleter.hpp" diff --git a/src/common/dbsync/tests/interface/main.cpp b/src/common/dbsync/tests/interface/main.cpp index d6fc27ef1c..11671c3d24 100644 --- a/src/common/dbsync/tests/interface/main.cpp +++ b/src/common/dbsync/tests/interface/main.cpp @@ -15,4 +15,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/dbsync/tests/mocks/sqlitefactory_mock.h b/src/common/dbsync/tests/mocks/sqlitefactory_mock.h index 41ed10c701..cd99337827 100644 --- a/src/common/dbsync/tests/mocks/sqlitefactory_mock.h +++ b/src/common/dbsync/tests/mocks/sqlitefactory_mock.h @@ -19,18 +19,18 @@ class MockSQLiteFactory : public ISQLiteFactory { public: - MOCK_METHOD(std::shared_ptr, + MOCK_METHOD(std::shared_ptr, createConnection, (const std::string& path), (override)); - MOCK_METHOD(std::unique_ptr, + MOCK_METHOD(std::unique_ptr, createTransaction, - (std::shared_ptr& connection), + (std::shared_ptr& connection), (override)); - MOCK_METHOD(std::unique_ptr, + MOCK_METHOD(std::unique_ptr, createStatement, - (std::shared_ptr& connection, + (std::shared_ptr& connection, const std::string& query), (override)); }; -#endif //_MOCKSQLITEFACTORY_TEST_H \ No newline at end of file +#endif //_MOCKSQLITEFACTORY_TEST_H diff --git a/src/common/dbsync/tests/mocks/sqlitewrapper_mock.h b/src/common/dbsync/tests/mocks/sqlitewrapper_mock.h index d258b4a387..f78ac3d2f1 100644 --- a/src/common/dbsync/tests/mocks/sqlitewrapper_mock.h +++ b/src/common/dbsync/tests/mocks/sqlitewrapper_mock.h @@ -16,7 +16,7 @@ #include #include "sqlite/isqlite_wrapper.h" -class MockConnection : public SQLite::IConnection +class MockConnection : public SQLiteLegacy::IConnection { public: MockConnection() = default; @@ -40,7 +40,7 @@ class MockConnection : public SQLite::IConnection }; -class MockTransaction : public SQLite::ITransaction +class MockTransaction : public SQLiteLegacy::ITransaction { public: MOCK_METHOD(void, @@ -53,7 +53,7 @@ class MockTransaction : public SQLite::ITransaction (override)); }; -class MockColumn : public SQLite::IColumn +class MockColumn : public SQLiteLegacy::IColumn { public: MOCK_METHOD(bool, @@ -90,7 +90,7 @@ class MockColumn : public SQLite::IColumn (const override)); }; -class MockStatement : public SQLite::IStatement +class MockStatement : public SQLiteLegacy::IStatement { public: MockStatement() = default; @@ -125,7 +125,7 @@ class MockStatement : public SQLite::IStatement (), (override)); - MOCK_METHOD(std::unique_ptr, + MOCK_METHOD(std::unique_ptr, column, (const int32_t index), (override)); diff --git a/src/common/dbsync/tests/pipelineFactory/CMakeLists.txt b/src/common/dbsync/tests/pipelineFactory/CMakeLists.txt index 7dc559e83a..d45fd202a7 100644 --- a/src/common/dbsync/tests/pipelineFactory/CMakeLists.txt +++ b/src/common/dbsync/tests/pipelineFactory/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbsyncPipelineFactory_unit_test) @@ -12,48 +12,41 @@ link_directories(${CMAKE_BINARY_DIR}/lib) file(GLOB PIPELINE_FACTORY_UNITTEST_SRC "*.cpp") -include_directories(${CMAKE_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../include/) link_directories(${CMAKE_BINARY_DIR}/lib) file(GLOB PIPELINE_FACTORY_SRC - "${CMAKE_SOURCE_DIR}/src/*.cpp" - "${CMAKE_SOURCE_DIR}/src/sqlite/*.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/*.cpp" + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/*.cpp") -add_executable(dbsyncPipelineFactory_unit_test +add_executable(dbsyncPipelineFactory_unit_test ${PIPELINE_FACTORY_UNITTEST_SRC} ${PIPELINE_FACTORY_SRC}) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(dbsyncPipelineFactory_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson + utils -static-libgcc -static-libstdc++ ) else() target_link_libraries(dbsyncPipelineFactory_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson dl + utils ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - add_test(NAME dbsyncPipelineFactory_unit_test COMMAND dbsyncPipelineFactory_unit_test) diff --git a/src/common/dbsync/tests/pipelineFactory/dbsyncPipelineFactory_test.h b/src/common/dbsync/tests/pipelineFactory/dbsyncPipelineFactory_test.h index 8e2f4706e4..b509b82f44 100644 --- a/src/common/dbsync/tests/pipelineFactory/dbsyncPipelineFactory_test.h +++ b/src/common/dbsync/tests/pipelineFactory/dbsyncPipelineFactory_test.h @@ -28,4 +28,4 @@ class DBSyncPipelineFactoryTest : public ::testing::Test DbSync::PipelineFactory& m_pipelineFactory; DBSYNC_HANDLE m_dbHandle; }; -#endif //DBSYNC_PIPELINE_FACTORY_TESTS_H \ No newline at end of file +#endif //DBSYNC_PIPELINE_FACTORY_TESTS_H diff --git a/src/common/dbsync/tests/pipelineFactory/main.cpp b/src/common/dbsync/tests/pipelineFactory/main.cpp index d6fc27ef1c..11671c3d24 100644 --- a/src/common/dbsync/tests/pipelineFactory/main.cpp +++ b/src/common/dbsync/tests/pipelineFactory/main.cpp @@ -15,4 +15,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/dbsync/tests/sqlite/CMakeLists.txt b/src/common/dbsync/tests/sqlite/CMakeLists.txt index d0811739cb..00b8220e78 100644 --- a/src/common/dbsync/tests/sqlite/CMakeLists.txt +++ b/src/common/dbsync/tests/sqlite/CMakeLists.txt @@ -1,49 +1,43 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(sqlite_unit_test) set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") -include_directories(${CMAKE_SOURCE_DIR}/include/) -include_directories(${CMAKE_SOURCE_DIR}/src/sqlite/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/) file(GLOB SQLITE_UNIT_TEST_SRC "*.cpp") file(GLOB SQLITE_SRC - "${CMAKE_SOURCE_DIR}/src/sqlite/sqlite_wrapper.cpp") + "${CMAKE_CURRENT_SOURCE_DIR}/../../src/sqlite/sqlite_wrapper.cpp") add_executable(sqlite_unit_test ${SQLITE_UNIT_TEST_SRC} ${SQLITE_SRC}) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(sqlite_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson + utils -static-libgcc -static-libstdc++ ) else() target_link_libraries(sqlite_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main + GTest::gtest + GTest::gmock + GTest::gtest_main + GTest::gmock_main pthread - sqlite3 + unofficial::sqlite3::sqlite3 cjson dl + utils ) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") diff --git a/src/common/dbsync/tests/sqlite/main.cpp b/src/common/dbsync/tests/sqlite/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/dbsync/tests/sqlite/main.cpp +++ b/src/common/dbsync/tests/sqlite/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/dbsync/tests/sqlite/sqlite_test.cpp b/src/common/dbsync/tests/sqlite/sqlite_test.cpp index 776bae6898..71f53dc263 100644 --- a/src/common/dbsync/tests/sqlite/sqlite_test.cpp +++ b/src/common/dbsync/tests/sqlite/sqlite_test.cpp @@ -24,7 +24,7 @@ void SQLiteTest::TearDown() }; using ::testing::_; using ::testing::Return; -using namespace SQLite; +using namespace SQLiteLegacy; using namespace DbSync; class ConnectionWrapper: public IConnection diff --git a/src/common/dbsync/tests/sqlite/sqlite_test.h b/src/common/dbsync/tests/sqlite/sqlite_test.h index fb4c75bfbb..b5360fdd7a 100644 --- a/src/common/dbsync/tests/sqlite/sqlite_test.h +++ b/src/common/dbsync/tests/sqlite/sqlite_test.h @@ -25,4 +25,4 @@ class SQLiteTest : public ::testing::Test void TearDown() override; }; -#endif //_SQLITE_TEST_H \ No newline at end of file +#endif //_SQLITE_TEST_H diff --git a/src/common/dbsync/testtool/CMakeLists.txt b/src/common/dbsync/testtool/CMakeLists.txt index 952decf282..5e89372f45 100644 --- a/src/common/dbsync/testtool/CMakeLists.txt +++ b/src/common/dbsync/testtool/CMakeLists.txt @@ -1,34 +1,33 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(dbsync_test_tool) -include_directories(${CMAKE_SOURCE_DIR}/include/) -include_directories(${CMAKE_SOURCE_DIR}/utils/) -include_directories(${CMAKE_SOURCE_DIR}/testtool/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/utils/) +include_directories(${CMAKE_CURRENT_SOURCE_DIR}/testtool/) link_directories(${CMAKE_BINARY_DIR}/lib) if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -std=c++14 -pthread") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-fsanitize=address,leak,undefined") -endif(FSANITIZE) +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -std=c++14 -pthread") +else() + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT /EHsc") + if(FSANITIZE) + set(CMAKE_CXX_FLAGS_DEBUG "-fsanitize=address,leak,undefined") + endif(FSANITIZE) +endif() add_executable(dbsync_test_tool - ${CMAKE_SOURCE_DIR}/testtool/main.cpp ) + ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp ) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") target_link_libraries(dbsync_test_tool dbsync -static-libstdc++ ) -elseif (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - target_link_libraries(dbsync_test_tool - dbsync - pthread) else() target_link_libraries(dbsync_test_tool dbsync diff --git a/src/common/dbsync/testtool/action.h b/src/common/dbsync/testtool/action.h index b09721b757..a7b77cdb4f 100644 --- a/src/common/dbsync/testtool/action.h +++ b/src/common/dbsync/testtool/action.h @@ -8,12 +8,10 @@ * License (version 2) as published by the FSF - Free Software * Foundation. */ -#ifndef _ACTION_H -#define _ACTION_H -#include +#pragma once +#include #include #include "dbsync.h" -#include "makeUnique.h" #include "cjsonSmartDeleter.hpp" namespace TestDeleters @@ -828,5 +826,3 @@ struct SelectRowsActionCPP final : public IAction } }; - -#endif //_ACTION_H diff --git a/src/common/dbsync/testtool/cmdArgsHelper.h b/src/common/dbsync/testtool/cmdArgsHelper.h index 46a3128f2c..9ba9192627 100644 --- a/src/common/dbsync/testtool/cmdArgsHelper.h +++ b/src/common/dbsync/testtool/cmdArgsHelper.h @@ -97,4 +97,4 @@ class CmdLineArgs const std::vector m_actions; }; -#endif // _CMD_LINE_ARGS_HELPER_H_ \ No newline at end of file +#endif // _CMD_LINE_ARGS_HELPER_H_ diff --git a/src/common/dbsync/testtool/factoryAction.h b/src/common/dbsync/testtool/factoryAction.h index c5ab4191f8..f1379b54d7 100644 --- a/src/common/dbsync/testtool/factoryAction.h +++ b/src/common/dbsync/testtool/factoryAction.h @@ -112,4 +112,4 @@ class FactoryAction } }; -#endif //_FACTORY_ACTION_H \ No newline at end of file +#endif //_FACTORY_ACTION_H diff --git a/src/common/dbsync/testtool/input/closeTxn.json b/src/common/dbsync/testtool/input/closeTxn.json index 77cb64e300..ec8ad649c3 100644 --- a/src/common/dbsync/testtool/input/closeTxn.json +++ b/src/common/dbsync/testtool/input/closeTxn.json @@ -1,3 +1,3 @@ { "action": "dbsync_close_txn" -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/config.json b/src/common/dbsync/testtool/input/config.json index 71b020384e..8cb7e64669 100644 --- a/src/common/dbsync/testtool/input/config.json +++ b/src/common/dbsync/testtool/input/config.json @@ -1,7 +1,7 @@ { "db_name": "temp.db", "db_type": "1", - "host_type": "1", + "host_type": "1", "persistance": "", "sql_statement":"CREATE TABLE processes(`pid` BIGINT, `name` TEXT, `path` TEXT, `cmdline` TEXT, `state` TEXT, `cwd` TEXT, `root` TEXT, `uid` BIGINT, `gid` BIGINT, `euid` BIGINT, `egid` BIGINT, `suid` BIGINT, `sgid` BIGINT, `on_disk` INTEGER, `wired_size` BIGINT, `resident_size` BIGINT, `total_size` BIGINT, `user_time` BIGINT, `system_time` BIGINT, `disk_bytes_read` BIGINT, `disk_bytes_written` BIGINT, `start_time` BIGINT, `parent` BIGINT, `pgroup` BIGINT, `threads` INTEGER, `nice` INTEGER, `is_elevated_token` INTEGER, `elapsed_time` BIGINT, `handle_count` BIGINT, `percent_processor_time` BIGINT, `upid` BIGINT HIDDEN, `uppid` BIGINT HIDDEN, `cpu_type` INTEGER HIDDEN, `cpu_subtype` INTEGER HIDDEN, `phys_footprint` BIGINT HIDDEN, PRIMARY KEY (`pid`)) WITHOUT ROWID;" -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/config_template.json b/src/common/dbsync/testtool/input/config_template.json index 224bc5197f..3bfdf58035 100644 --- a/src/common/dbsync/testtool/input/config_template.json +++ b/src/common/dbsync/testtool/input/config_template.json @@ -4,4 +4,4 @@ "host_type": "<0|1>", "persistance": "", "sql_statement":"" -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/createTxn.json b/src/common/dbsync/testtool/input/createTxn.json index 368c9af083..68275eea63 100644 --- a/src/common/dbsync/testtool/input/createTxn.json +++ b/src/common/dbsync/testtool/input/createTxn.json @@ -3,4 +3,4 @@ "body": { "tables": ["processes"] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/input2.json b/src/common/dbsync/testtool/input/input2.json index 9fcb621395..0bab26b92b 100644 --- a/src/common/dbsync/testtool/input/input2.json +++ b/src/common/dbsync/testtool/input/input2.json @@ -69,5 +69,4 @@ } ] } - -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/input3.json b/src/common/dbsync/testtool/input/input3.json index 841ac56b33..2f0a60266c 100644 --- a/src/common/dbsync/testtool/input/input3.json +++ b/src/common/dbsync/testtool/input/input3.json @@ -1,4 +1,4 @@ -{ +{ "action": "dbsync_update_with_snapshot", "body": { "table":"processes", @@ -101,5 +101,4 @@ } ] } - - } \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/input6.json b/src/common/dbsync/testtool/input/input6.json index 7e3f9642e0..20fae854ac 100644 --- a/src/common/dbsync/testtool/input/input6.json +++ b/src/common/dbsync/testtool/input/input6.json @@ -4,4 +4,4 @@ "table": "processes", "max_rows":100 } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/inputSyncRowInsert.json b/src/common/dbsync/testtool/input/inputSyncRowInsert.json index b14f118717..42624c1a82 100644 --- a/src/common/dbsync/testtool/input/inputSyncRowInsert.json +++ b/src/common/dbsync/testtool/input/inputSyncRowInsert.json @@ -133,4 +133,4 @@ } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/inputSyncRowInsertTxn.json b/src/common/dbsync/testtool/input/inputSyncRowInsertTxn.json index 79030efc64..adfc24765e 100644 --- a/src/common/dbsync/testtool/input/inputSyncRowInsertTxn.json +++ b/src/common/dbsync/testtool/input/inputSyncRowInsertTxn.json @@ -66,7 +66,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/inputSyncRowModified.json b/src/common/dbsync/testtool/input/inputSyncRowModified.json index ecc876f59e..ccc2cdac39 100644 --- a/src/common/dbsync/testtool/input/inputSyncRowModified.json +++ b/src/common/dbsync/testtool/input/inputSyncRowModified.json @@ -34,7 +34,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/inputSyncRowModifiedTxn.json b/src/common/dbsync/testtool/input/inputSyncRowModifiedTxn.json index 3d0c608429..e8f7370ae1 100644 --- a/src/common/dbsync/testtool/input/inputSyncRowModifiedTxn.json +++ b/src/common/dbsync/testtool/input/inputSyncRowModifiedTxn.json @@ -34,7 +34,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/input/insertData.json b/src/common/dbsync/testtool/input/insertData.json index 71ccf64a50..eb10a9e8b7 100644 --- a/src/common/dbsync/testtool/input/insertData.json +++ b/src/common/dbsync/testtool/input/insertData.json @@ -194,7 +194,7 @@ "elapsed_time":-1, "handle_count":-1, "percent_processor_time":-1 - } + } ] } -} +} diff --git a/src/common/dbsync/testtool/input/updateWithSnapshot.json b/src/common/dbsync/testtool/input/updateWithSnapshot.json index 02df113cbb..1d683d1536 100644 --- a/src/common/dbsync/testtool/input/updateWithSnapshot.json +++ b/src/common/dbsync/testtool/input/updateWithSnapshot.json @@ -101,5 +101,4 @@ } ] } - - } \ No newline at end of file +} diff --git a/src/common/dbsync/testtool/main.cpp b/src/common/dbsync/testtool/main.cpp index d5481595f6..35452813e9 100644 --- a/src/common/dbsync/testtool/main.cpp +++ b/src/common/dbsync/testtool/main.cpp @@ -12,8 +12,7 @@ #include #include #include -#include -#include "makeUnique.h" +#include #include "dbsync.h" #include "cmdArgsHelper.h" #include "testContext.h" diff --git a/src/common/dbsync/testtool/testContext.h b/src/common/dbsync/testtool/testContext.h index a7abb59f38..2820f511c3 100644 --- a/src/common/dbsync/testtool/testContext.h +++ b/src/common/dbsync/testtool/testContext.h @@ -21,4 +21,4 @@ struct TestContext std::string outputPath; }; -#endif //_TEST_CONTEXT_H \ No newline at end of file +#endif //_TEST_CONTEXT_H diff --git a/src/common/debug_op/include/debug_op.h b/src/common/debug_op/include/debug_op.h deleted file mode 100644 index a948700b2c..0000000000 --- a/src/common/debug_op/include/debug_op.h +++ /dev/null @@ -1,131 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Functions to generate debug/information/error/warning/critical reports - * - * We have two debug levels (1 and 2), a verbose mode and functions to catch warnings, errors, and critical situations - * - * To see these messages, use the "-d","-v" options (or "-d" twice to see debug2) - * The merror is printed by default when an important error occurs - */ - -#ifndef DEBUG_H -#define DEBUG_H - -#ifndef __GNUC__ -#define __attribute__(x) -#endif - -#include -#include -/* For internal logs */ -#ifndef LOGFILE -#ifndef WIN32 -#define LOGFILE "logs/ossec.log" -#define LOGJSONFILE "logs/ossec.json" -#define _PRINTF_FORMAT printf -#else -#define LOGFILE "ossec.log" -#define LOGJSONFILE "ossec.json" -#define _PRINTF_FORMAT __MINGW_PRINTF_FORMAT -#endif -#endif - -#define mdebug1(msg, ...) _mdebug1(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define plain_mdebug1(msg, ...) _plain_mdebug1(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mtdebug1(tag, msg, ...) _mtdebug1(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mdebug2(msg, ...) _mdebug2(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mtdebug2(tag, msg, ...) _mtdebug2(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define merror(msg, ...) _merror(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define plain_merror(msg, ...) _plain_merror(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mterror(tag, msg, ...) _mterror(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mwarn(msg, ...) _mwarn(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define plain_mwarn(msg, ...) _plain_mwarn(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mtwarn(tag, msg, ...) _mtwarn(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define minfo(msg, ...) _minfo(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define plain_minfo(msg, ...) _plain_minfo(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mtinfo(tag, msg, ...) _mtinfo(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mferror(msg, ...) _mferror(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mtferror(tag, msg, ...) _mtferror(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define merror_exit(msg, ...) _merror_exit(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define plain_merror_exit(msg, ...) _plain_merror_exit(__FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mterror_exit(tag, msg, ...) _mterror_exit(tag, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mlerror_exit(level, msg, ...) _mlerror_exit(level, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) - -void _mdebug1(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _plain_mdebug1(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mtdebug1(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _mdebug2(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mtdebug2(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _merror(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _plain_merror(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mterror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _mverror(const char * file, int line, const char * func, const char *msg, va_list args) __attribute__((nonnull)); -void _mwarn(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _plain_mwarn(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mtwarn(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _mvwarn(const char * file, int line, const char * func, const char *msg, va_list args) __attribute__((nonnull)); -void _minfo(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _plain_minfo(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mtinfo(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _mvinfo(const char * file, int line, const char * func, const char *msg, va_list args) __attribute__((nonnull)); -void print_out(const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 1, 2))) __attribute__((nonnull)); -void _mferror(const char * file, int line, const char * func, const char *msg, ... ) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)); -void _mtferror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)); -void _merror_exit(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)) __attribute__ ((noreturn)); -void _plain_merror_exit(const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 4, 5))) __attribute__((nonnull)) __attribute__ ((noreturn)); -void _mterror_exit(const char *tag, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)) __attribute__ ((noreturn)); -void _mlerror_exit(const int level, const char * file, int line, const char * func, const char *msg, ...) __attribute__((format(_PRINTF_FORMAT, 5, 6))) __attribute__((nonnull)) __attribute__ ((noreturn)); - -/** - * @brief Logging module initializer - */ -void w_logging_init(); - -/* Function to read the logging format configuration */ -void os_logging_config(); -cJSON *getLoggingConfig(void); - -#ifdef WIN32 -char * win_strerror(unsigned long error); -#endif - -/* Use these three functions to set when you - * enter in debug, chroot or daemon mode - */ -void nowDebug(void); -int isDebug(void); - -void nowChroot(void); -void nowDaemon(void); - -int isChroot(void); - -/* Debug analysisd */ -#ifdef DEBUGAD -#define DEBUG_MSG(x,y,z) minfo(x,y,z) -#else -#define DEBUG_MSG(x,y,z) -#endif /* end debug analysisd */ - -/** - * @brief Wrapper for the tagged log functions. - * - * @param level Log level. - * @param tag Tag representing the module sending the log. - * @param file File name. - * @param line Line number. - * @param func Function name. - * @param msg Message to send into the log. - * @param args Variable arguments list. - */ -void mtLoggingFunctionsWrapper(int level, const char* tag, const char* file, int line, const char* func, const char* msg, va_list args); - -#endif /* DEBUG_H */ diff --git a/src/common/debug_op/src/debug_op.c b/src/common/debug_op/src/debug_op.c deleted file mode 100644 index e549b09ef7..0000000000 --- a/src/common/debug_op/src/debug_op.c +++ /dev/null @@ -1,725 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "headers/shared.h" -#include - -#ifdef WIN32 -#define localtime_r(x, y) localtime_s(y, x) -#endif - -static int dbg_flag = 0; -static int chroot_flag = 0; -static int daemon_flag = 0; -static int pid; - -static struct{ - unsigned int log_plain:1; - unsigned int log_json:1; - unsigned int initialized:1; - unsigned int mutex_initialized:1; -} flags; - -static pthread_mutex_t logging_mutex; - -static void _log_function(int level, const char *tag, const char * file, int line, const char * func, const char *msg, bool plain_only, va_list args) __attribute__((format(printf, 5, 0))) __attribute__((nonnull)); - -// Wrapper for the real _log_function -static void _log(int level, const char *tag, const char * file, int line, const char * func, const char *msg, va_list args) __attribute__((format(printf, 5, 0))) __attribute__((nonnull)); -static void _log(int level, const char *tag, const char * file, int line, const char * func, const char *msg, va_list args) { - _log_function(level, tag, file, line, func, msg, false, args); -} - - -#ifdef WIN32 -void WinSetError(); -#endif - -static void print_stderr_msg(char* timestamp, const char *tag, const char * file, int line, const char * func, const char* level, const char *msg, bool use_va_list, va_list args2) { - (void)fprintf(stderr, "%s ", timestamp); - - if (dbg_flag > 0) { - (void)fprintf(stderr, "%s[%d] %s:%d at %s(): ", tag, pid, file, line, func); - } else { - (void)fprintf(stderr, "%s: ", tag); - } - - (void)fprintf(stderr, "%s: ", level); - if (use_va_list) { - (void)vfprintf(stderr, msg, args2); - } else { - (void)fprintf(stderr, "%s", msg); - } -#ifdef WIN32 - (void)fprintf(stderr, "\r\n"); -#else - (void)fprintf(stderr, "\n"); -#endif -} - -static void _log_function(int level, const char *tag, const char * file, int line, const char * func, const char *msg, bool plain_only, va_list args) -{ - va_list args2; /* For the stderr print */ - va_list args3; /* For the JSON output */ - FILE *fp; - char jsonstr[OS_MAXSTR]; - char *output; - char logfile[PATH_MAX + 1]; - char * filename; - char *timestamp = w_get_timestamp(time(NULL)); - - const char *strlevel[5]={ - "DEBUG", - "INFO", - "WARNING", - "ERROR", - "CRITICAL", - }; - const char *strleveljson[5]={ - "debug", - "info", - "warning", - "error", - "critical" - }; - - /* Duplicate args */ - va_copy(args2, args); - va_copy(args3, args); - - if (!flags.initialized) { - /* If not initialized and plain_only is true, we avoid reading the - the ossec.conf file due to the call to many shared libraries (XML read, etc.). - The module will be initialized later. */ - if(plain_only) { - flags.log_plain = 1; - flags.log_json = 0; - if(!flags.mutex_initialized) { - flags.mutex_initialized = 1; - int error_code = pthread_mutex_init(&logging_mutex, NULL); - if (error_code != 0 && daemon_flag == 0) { - char err_msg[OS_SIZE_128] = {0}; - snprintf(err_msg, OS_SIZE_128, "Failed to initialize logging mutex (%d).", error_code); - print_stderr_msg(timestamp, __local_name, __FILE__, __LINE__, __func__, strlevel[LOGLEVEL_ERROR], - err_msg, false, args); - } - } - } else { - w_logging_init(); - mdebug1("Logging module auto-initialized"); - } - } - - if (filename = strrchr(file, '/'), filename) { - file = filename + 1; - } - - /* The plain_only flag allows to bypass the JSON output even when it's enabled to - avoid the call to external libraries like cJSON. */ - if (!plain_only && flags.log_json) { - -#ifndef WIN32 - int oldmask; - - strncpy(logfile, LOGJSONFILE, sizeof(logfile) - 1); - logfile[sizeof(logfile) - 1] = '\0'; - - if (!IsFile(logfile)) { - fp = wfopen(logfile, "a"); - } else { - oldmask = umask(0006); - fp = wfopen(logfile, "w"); - umask(oldmask); - - // Make sure that the group is ossec - - if (fp && getuid() == 0) { - gid_t group; - - if (group = Privsep_GetGroup(GROUPGLOBAL), group != (gid_t)-1) { - if (chown(logfile, 0, group)) { - // Don't log anything - } - } - } - } -#else - strncpy(logfile, LOGJSONFILE, sizeof(logfile) - 1); - logfile[sizeof(logfile) - 1] = '\0'; - fp = wfopen(logfile, "a"); -#endif - - if (fp) { - cJSON *json_log = cJSON_CreateObject(); - - vsnprintf(jsonstr, OS_MAXSTR, msg, args3); - - cJSON_AddStringToObject(json_log, "timestamp", timestamp); - cJSON_AddStringToObject(json_log, "tag", tag); - - if (dbg_flag > 0) { - cJSON_AddNumberToObject(json_log, "pid", pid); - cJSON_AddStringToObject(json_log, "file", file); - cJSON_AddNumberToObject(json_log, "line", line); - cJSON_AddStringToObject(json_log, "routine", func); - } - - cJSON_AddStringToObject(json_log, "level", strleveljson[level]); - cJSON_AddStringToObject(json_log, "description", jsonstr); - - output = cJSON_PrintUnformatted(json_log); - - w_mutex_lock(&logging_mutex); - (void)fprintf(fp, "%s", output); - (void)fprintf(fp, "\n"); - fflush(fp); - w_mutex_unlock(&logging_mutex); - - cJSON_Delete(json_log); - free(output); - fclose(fp); - } - } - - if (flags.log_plain) { - /* If under chroot, log directly to /logs/ossec.log */ - -#ifndef WIN32 - int oldmask; - - strncpy(logfile, LOGFILE, sizeof(logfile) - 1); - logfile[sizeof(logfile) - 1] = '\0'; - - if (!IsFile(logfile)) { - fp = wfopen(logfile, "a"); - } else { - oldmask = umask(0006); - fp = wfopen(logfile, "w"); - umask(oldmask); - - // Make sure that the group is ossec - - if (fp && getuid() == 0) { - gid_t group; - - if (group = Privsep_GetGroup(GROUPGLOBAL), group != (gid_t)-1) { - if (chown(logfile, 0, group)) { - // Don't log anything - } - } - } - } -#else - strncpy(logfile, LOGFILE, sizeof(logfile) - 1); - logfile[sizeof(logfile) - 1] = '\0'; - fp = wfopen(logfile, "a"); -#endif - - /* Maybe log to syslog if the log file is not available */ - if (fp) { - // Not using w_ variant to avoid calling this same method again. - int error_code = pthread_mutex_lock(&logging_mutex); - if (error_code != 0 && daemon_flag == 0) { - char err_msg[OS_SIZE_128] = {0}; - snprintf(err_msg, OS_SIZE_128, "Failed to lock logging mutex (%d).", error_code); - print_stderr_msg(timestamp, __local_name, __FILE__, __LINE__, __func__, strlevel[LOGLEVEL_ERROR], - err_msg, false, args); - } - (void)fprintf(fp, "%s ", timestamp); - - if (dbg_flag > 0) { - (void)fprintf(fp, "%s[%d] %s:%d at %s(): ", tag, pid, file, line, func); - } else { - (void)fprintf(fp, "%s: ", tag); - } - - (void)fprintf(fp, "%s: ", strlevel[level]); - (void)vfprintf(fp, msg, args); - (void)fprintf(fp, "\n"); - fflush(fp); - // Not using w_ variant to avoid calling this same method again. - error_code = pthread_mutex_unlock(&logging_mutex); - if (error_code != 0 && daemon_flag == 0) { - char err_msg[OS_SIZE_128] = {0}; - snprintf(err_msg, OS_SIZE_128, "Failed to unlock logging mutex (%d).", error_code); - print_stderr_msg(timestamp, __local_name, __FILE__, __LINE__, __func__, strlevel[LOGLEVEL_ERROR], - err_msg, false, args); - } - - fclose(fp); - } - } - - /* Only if not in daemon mode */ - if (daemon_flag == 0) { - print_stderr_msg(timestamp, tag, file, line, func, strlevel[level], msg, true, args2); - } - - free(timestamp); - /* args must be ended here */ - va_end(args2); - va_end(args3); -} - -void w_logging_init(){ - flags.initialized = 1; - if(!flags.mutex_initialized) { - flags.mutex_initialized = 1; - w_mutex_init(&logging_mutex, NULL); - } - os_logging_config(); -} - -void os_logging_config(){ - OS_XML xml; - const char * xmlf[] = {"ossec_config", "logging", "log_format", NULL}; - char * logformat; - char ** parts = NULL; - int i; - - pid = (int)getpid(); - - if (OS_ReadXML(OSSECCONF, &xml) < 0){ - flags.log_plain = 1; - flags.log_json = 0; - OS_ClearXML(&xml); - mlerror_exit(LOGLEVEL_ERROR, XML_ERROR, OSSECCONF, xml.err, xml.err_line); - } - - logformat = OS_GetOneContentforElement(&xml, xmlf); - - if (!logformat || logformat[0] == '\0'){ - - flags.log_plain = 1; - flags.log_json = 0; - - free(logformat); - OS_ClearXML(&xml); - mdebug1(XML_NO_ELEM, "log_format"); - - }else{ - - parts = OS_StrBreak(',', logformat, 2); - char * part; - if (parts){ - for (i=0; parts[i]; i++){ - part = w_strtrim(parts[i]); - if (!strcmp(part, "plain")){ - flags.log_plain = 1; - }else if(!strcmp(part, "json")){ - flags.log_json = 1; - }else{ - flags.log_plain = 1; - flags.log_json = 0; - mlerror_exit(LOGLEVEL_ERROR, XML_VALUEERR, "log_format", part); - } - } - for (i=0; parts[i]; i++){ - free(parts[i]); - } - free(parts); - } - - free(logformat); - OS_ClearXML(&xml); - } -} - -cJSON *getLoggingConfig(void) { - - cJSON *root = cJSON_CreateObject(); - cJSON *logg = cJSON_CreateObject(); - - if (flags.log_plain) cJSON_AddStringToObject(logg,"plain","yes"); else cJSON_AddStringToObject(logg,"plain","no"); - if (flags.log_json) cJSON_AddStringToObject(logg,"json","yes"); else cJSON_AddStringToObject(logg,"json","no"); - - cJSON_AddItemToObject(root,"logging",logg); - - return root; -} - -void _mdebug1(const char * file, int line, const char * func, const char *msg, ...) -{ - if (dbg_flag >= 1) { - va_list args; - int level = LOGLEVEL_DEBUG; - const char *tag = __local_name; - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - } -} - -void _plain_mdebug1(const char * file, int line, const char * func, const char *msg, ...) -{ - if (dbg_flag >= 1) { - va_list args; - int level = LOGLEVEL_DEBUG; - const char *tag = __local_name; - va_start(args, msg); - _log_function(level, tag, file, line, func, msg, true, args); - va_end(args); - } -} - -void _mtdebug1(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - if (dbg_flag >= 1) { - va_list args; - int level = LOGLEVEL_DEBUG; - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - } -} - -void _mdebug2(const char * file, int line, const char * func, const char *msg, ...) -{ - if (dbg_flag >= 2) { - va_list args; - int level = LOGLEVEL_DEBUG; - const char *tag = __local_name; - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - } -} - -void _mtdebug2(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - if (dbg_flag >= 2) { - va_list args; - int level = LOGLEVEL_DEBUG; - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - } -} - -void _merror(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_ERROR; - const char *tag = __local_name; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _plain_merror(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_ERROR; - const char *tag = __local_name; - - va_start(args, msg); - _log_function(level, tag, file, line, func, msg, true, args); - va_end(args); -} - -void _mterror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_ERROR; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _mverror(const char * file, int line, const char * func, const char *msg, va_list args) -{ - int level = LOGLEVEL_ERROR; - const char *tag = __local_name; - _log(level, tag, file, line, func, msg, args); -} - -void _mwarn(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_WARNING; - const char *tag = __local_name; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _plain_mwarn(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_WARNING; - const char *tag = __local_name; - - va_start(args, msg); - _log_function(level, tag, file, line, func, msg, true, args); - va_end(args); -} - -void _mtwarn(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_WARNING; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _mvwarn(const char * file, int line, const char * func, const char *msg, va_list args) -{ - int level = LOGLEVEL_WARNING; - const char *tag = __local_name; - _log(level, tag, file, line, func, msg, args); -} - -void _minfo(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_INFO; - const char *tag = __local_name; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _plain_minfo(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_INFO; - const char *tag = __local_name; - - va_start(args, msg); - _log_function(level, tag, file, line, func, msg, true, args); - va_end(args); -} - -void _mtinfo(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_INFO; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); -} - -void _mvinfo(const char * file, int line, const char * func, const char *msg, va_list args) -{ - int level = LOGLEVEL_INFO; - const char *tag = __local_name; - _log(level, tag, file, line, func, msg, args); -} - -/* Only logs to a file */ -void _mferror(const char * file, int line, const char * func, const char *msg, ...) -{ - int level = LOGLEVEL_ERROR; - const char *tag = __local_name; - int dbg_tmp; - va_list args; - va_start(args, msg); - - /* We set daemon flag to 1, so nothing is printed to the terminal */ - dbg_tmp = daemon_flag; - daemon_flag = 1; - _log(level, tag, file, line, func, msg, args); - - daemon_flag = dbg_tmp; - - va_end(args); -} - -/* Only logs to a file */ -void _mtferror(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - int level = LOGLEVEL_ERROR; - int dbg_tmp; - va_list args; - va_start(args, msg); - - /* We set daemon flag to 1, so nothing is printed to the terminal */ - dbg_tmp = daemon_flag; - daemon_flag = 1; - _log(level, tag, file, line, func, msg, args); - - daemon_flag = dbg_tmp; - - va_end(args); -} - -void _merror_exit(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_CRITICAL; - const char *tag = __local_name; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - -#ifdef WIN32 - /* If not MA */ -#ifndef MA - WinSetError(); -#endif -#endif - - exit(1); -} - -void _plain_merror_exit(const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_CRITICAL; - const char *tag = __local_name; - - va_start(args, msg); - _log_function(level, tag, file, line, func, msg, true, args); - va_end(args); - -#ifdef WIN32 - /* If not MA */ -#ifndef MA - WinSetError(); -#endif -#endif - - exit(1); -} - -void _mterror_exit(const char *tag, const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - int level = LOGLEVEL_CRITICAL; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - -#ifdef WIN32 - /* If not MA */ -#ifndef MA - WinSetError(); -#endif -#endif - - exit(1); -} - -void _mlerror_exit(const int level, const char * file, int line, const char * func, const char *msg, ...) -{ - va_list args; - const char *tag = __local_name; - - va_start(args, msg); - _log(level, tag, file, line, func, msg, args); - va_end(args); - -#ifdef WIN32 - /* If not MA */ -#ifndef MA - WinSetError(); -#endif -#endif - - exit(1); -} - -void nowChroot() -{ - chroot_flag = 1; -} - -void nowDaemon() -{ - daemon_flag = 1; -} - -void print_out(const char *msg, ...) -{ - va_list args; - va_start(args, msg); - - /* Print to stderr */ - (void)vfprintf(stderr, msg, args); - -#ifdef WIN32 - (void)fprintf(stderr, "\r\n"); -#else - (void)fprintf(stderr, "\n"); -#endif - - va_end(args); -} - -void nowDebug() -{ - dbg_flag++; -} - -int isDebug(void) -{ - return dbg_flag; -} - -int isChroot() -{ - return (chroot_flag); -} - -#ifdef WIN32 -char * win_strerror(unsigned long error) { - static TCHAR messageBuffer[4096]; - LPSTR end; - - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, 0, messageBuffer, sizeof(messageBuffer) / sizeof(TCHAR), NULL); - - if (end = strchr(messageBuffer, '\r'), end) { - *end = '\0'; - } - - return messageBuffer; -} -#endif - -void mtLoggingFunctionsWrapper(int level, const char* tag, const char* file, int line, const char* func, const char* msg, va_list args) { - switch(level) { - case(LOGLEVEL_DEBUG): - if (dbg_flag >= 1) { - _log(level, tag, file, line, func, msg, args); - } - break; - case(LOGLEVEL_DEBUG_VERBOSE): - if (dbg_flag >= 2) { - _log(LOGLEVEL_DEBUG, tag, file, line, func, msg, args); - } - break; - case(LOGLEVEL_INFO): - case(LOGLEVEL_WARNING): - case(LOGLEVEL_ERROR): - _log(level, tag, file, line, func, msg, args); - break; - case(LOGLEVEL_CRITICAL): - _log(level, tag, file, line, func, msg, args); -#ifdef WIN32 - /* If not MA */ -#ifndef MA - WinSetError(); -#endif -#endif - exit(1); - break; - default: - break; - } -} diff --git a/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.c b/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.c deleted file mode 100644 index ba7494bed9..0000000000 --- a/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.c +++ /dev/null @@ -1,226 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "debug_op_wrappers.h" -#include -#include -#include -#include -#include -#include - -int __wrap_isChroot() { - return mock(); -} - -void __wrap__mdebug1(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mdebug2(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__merror(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__merror_exit(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); - mock_assert(0, "merror_exit called", file, line); -} - -void __wrap__mferror(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__minfo(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mtdebug1(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mtdebug2(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mterror(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mterror_exit(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mtinfo(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mtwarn(const char *tag, - __attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - check_expected(tag); - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -void __wrap__mwarn(__attribute__((unused)) const char * file, - __attribute__((unused)) int line, - __attribute__((unused)) const char * func, - const char *msg, ...) { - char formatted_msg[OS_MAXSTR]; - va_list args; - - va_start(args, msg); - vsnprintf(formatted_msg, OS_MAXSTR, msg, args); - va_end(args); - - check_expected(formatted_msg); -} - -char * __wrap_win_strerror(__attribute__((unused)) unsigned long error) { - return mock_type(char*); -} - diff --git a/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.h b/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.h deleted file mode 100644 index aed66bcdd8..0000000000 --- a/src/common/debug_op/tests/unit/wrappers/debug_op_wrappers.h +++ /dev/null @@ -1,91 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - - -#ifndef DEBUG_OP_WRAPPERS_H -#define DEBUG_OP_WRAPPERS_H - -#include "../headers/defs.h" - -int __wrap_isChroot(); - -void __wrap__mdebug1(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mdebug2(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__merror(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__merror_exit(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mferror(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__minfo(const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mtdebug1(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mtdebug2(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mterror(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mterror_exit(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mtinfo(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mtwarn(const char *tag, - const char * file, - int line, - const char * func, - const char *msg, ...); - -void __wrap__mwarn(const char * file, - int line, - const char * func, - const char *msg, ...); - -char * __wrap_win_strerror(unsigned long error); - -#endif diff --git a/src/common/dll_load_notify/src/dll_load_notify.c b/src/common/dll_load_notify/src/dll_load_notify.c index 3d69e9fbff..591c32b994 100644 --- a/src/common/dll_load_notify/src/dll_load_notify.c +++ b/src/common/dll_load_notify/src/dll_load_notify.c @@ -53,12 +53,12 @@ static void loaded_modules_verification() if (verify_hash_and_pe_signature(module_name) != OS_SUCCESS) { const char* ERROR_MESSAGE = "The file '%S' is not signed or its signature is invalid."; #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE, module_name); + LogCritical(ERROR_MESSAGE, module_name); #else - plain_mwarn(ERROR_MESSAGE, module_name); + LogWarn(ERROR_MESSAGE, module_name); #endif // IMAGE_TRUST_CHECKS == 2 } else { - plain_mdebug1("The file '%S' is signed and its signature is valid.", module_name); + LogDebug("The file '%S' is signed and its signature is valid.", module_name); } } } @@ -66,9 +66,9 @@ static void loaded_modules_verification() const char* ERROR_MESSAGE = "The mechanism of signature validation for loaded modules at startup failed because" " the modules of the process couldn't be enumerated. Error: %lu"; #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE, GetLastError()); + LogCritical(ERROR_MESSAGE, GetLastError()); #else - plain_mwarn(ERROR_MESSAGE, GetLastError()); + LogWarn(ERROR_MESSAGE, GetLastError()); #endif // IMAGE_TRUST_CHECKS == 2 } @@ -93,18 +93,18 @@ void CALLBACK dll_notification(ULONG reason, #if IMAGE_TRUST_CHECKS != 0 if (verify_hash_and_pe_signature(notification_data->loaded.full_dll_name->Buffer) != OS_SUCCESS) { #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE, notification_data->loaded.full_dll_name->Buffer); + LogCritical(ERROR_MESSAGE, notification_data->loaded.full_dll_name->Buffer); #else - plain_mwarn(ERROR_MESSAGE, notification_data->loaded.full_dll_name->Buffer); + LogWarn(ERROR_MESSAGE, notification_data->loaded.full_dll_name->Buffer); #endif // IMAGE_TRUST_CHECKS == 2 } else { - plain_mdebug1("The file '%S' is signed and its signature is valid.", + LogDebug("The file '%S' is signed and its signature is valid.", notification_data->loaded.full_dll_name->Buffer); } #endif // IMAGE_TRUST_CHECKS != 0 break; case LDR_DLL_NOTIFICATION_REASON_UNLOADED: - plain_mdebug1("Unloaded: '%S'", notification_data->unloaded.full_dll_name->Buffer); + LogDebug("Unloaded: '%S'", notification_data->unloaded.full_dll_name->Buffer); break; } } @@ -121,9 +121,9 @@ void enable_dll_verification() CA_NAME "') is not available."; #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE); + LogCritical(ERROR_MESSAGE); #else - plain_mwarn(ERROR_MESSAGE); + LogWarn(ERROR_MESSAGE); #endif } else { loaded_modules_verification(); @@ -141,9 +141,9 @@ void enable_dll_verification() const char* ERROR_MESSAGE = "The dynamic signature validation is not available for this system. Error" " %lu: %s"; #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); + LogCritical(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); #else - plain_mwarn(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); + LogWarn(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); #endif // IMAGE_TRUST_CHECKS == 2 } } else { @@ -151,9 +151,9 @@ void enable_dll_verification() "initiated because it wasn't possible to get the handle of 'ntdll.dll'. " "Error %lu: %s"; #if IMAGE_TRUST_CHECKS == 2 - plain_merror_exit(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); + LogCritical(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); #else - plain_mwarn(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); + LogWarn(ERROR_MESSAGE, GetLastError(), win_strerror(GetLastError())); #endif // IMAGE_TRUST_CHECKS == 2 } } diff --git a/src/common/encodingHelper/tests/encodingWindows_test.cpp b/src/common/encodingHelper/tests/encodingWindows_test.cpp index 48331e22a4..261338b708 100644 --- a/src/common/encodingHelper/tests/encodingWindows_test.cpp +++ b/src/common/encodingHelper/tests/encodingWindows_test.cpp @@ -42,4 +42,4 @@ TEST_F(EncodingWindowsHelperTest, ReturnValueEmptyConversion) EXPECT_EQ(Utils::EncodingWindowsHelper::stringAnsiToStringUTF8(""), ""); } -#endif \ No newline at end of file +#endif diff --git a/src/common/encodingHelper/tests/encodingWindows_test.h b/src/common/encodingHelper/tests/encodingWindows_test.h index 0d8d8f2893..a31870b313 100644 --- a/src/common/encodingHelper/tests/encodingWindows_test.h +++ b/src/common/encodingHelper/tests/encodingWindows_test.h @@ -25,4 +25,4 @@ class EncodingWindowsHelperTest : public ::testing::Test void TearDown() override; }; -#endif //ENCODING_WINDOWS_HELPER_TEST_H \ No newline at end of file +#endif //ENCODING_WINDOWS_HELPER_TEST_H diff --git a/src/common/encodingHelper/tests/main.cpp b/src/common/encodingHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/encodingHelper/tests/main.cpp +++ b/src/common/encodingHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/error_messages/CMakeLists.txt b/src/common/error_messages/CMakeLists.txt index fd8f24c852..29e930fd73 100644 --- a/src/common/error_messages/CMakeLists.txt +++ b/src/common/error_messages/CMakeLists.txt @@ -1,5 +1,3 @@ -cmake_minimum_required(VERSION 3.12.4) +add_library(error_messages INTERFACE) -if(UNIT_TEST) - add_subdirectory(tests) -endif() +target_include_directories(error_messages INTERFACE include) diff --git a/src/common/error_messages/include/debug_messages.h b/src/common/error_messages/include/debug_messages.h index 83d4f48810..7e4e2fae17 100644 --- a/src/common/error_messages/include/debug_messages.h +++ b/src/common/error_messages/include/debug_messages.h @@ -135,7 +135,7 @@ #define FIM_PROCESS_PRIORITY "(6320): Setting process priority to: '%d'" #define FIM_SEND "(6321): Sending FIM event: %s" #define FIM_AUDIT_ALREADY_ADDED "(6322): Already added audit rule for monitoring directory: '%s'" -#define FIM_REALTIME_DIRECTORYCHANGES "(6323): Unable to set 'ReadDirectoryChangesW' for directory: '%s'" +#define FIM_REALTIME_DIRECTORYCHANGES "(6323): Unable to set 'ReadDirectoryChangesW' for path: '%s'. Error(%lu): '%s'" #define FIM_HASHES_FAIL "(6324): Couldn't generate hashes for '%s'" #define FIM_EXTRACT_PERM_FAIL "(6325): It was not possible to extract the permissions of '%s'. Error: %d" #define FIM_RBTREE_DUPLICATE_INSERT "(6326): Couldn't insert entry, duplicate path: '%s'" diff --git a/src/common/error_messages/include/warning_messages.h b/src/common/error_messages/include/warning_messages.h index 056024a8ed..7a86e25b25 100644 --- a/src/common/error_messages/include/warning_messages.h +++ b/src/common/error_messages/include/warning_messages.h @@ -73,6 +73,7 @@ #define FIM_EMPTY_CHANGED_ATTRIBUTES "(6954): Entry '%s' does not have any modified fields. No event will be generated." #define FIM_INVALID_FILE_NAME "(6955): Ignoring file '%s' due to unsupported name (non-UTF8)." #define FIM_FULL_AUDIT_QUEUE "(6956): Internal audit queue is full. Some events may be lost. Next scheduled scan will recover lost data." +#define FIM_REALTIME_FILE_NOT_SUPPORTED "(6957): Realtime mode only supports directories, not files. Switching to scheduled mode. File: '%s'" /* Monitord warning messages */ #define ROTATE_LOG_LONG_PATH "(7500): The path of the rotated log is too long." diff --git a/src/common/exec_op/src/exec_op.c b/src/common/exec_op/src/exec_op.c index 0cada856d4..d94970561a 100644 --- a/src/common/exec_op/src/exec_op.c +++ b/src/common/exec_op/src/exec_op.c @@ -29,26 +29,26 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { if (flags & (W_BIND_STDOUT | W_BIND_STDERR)) { if (!CreatePipe(&hPipeOut[0], &hPipeOut[1], NULL, 0)) { - merror("CreatePipe(): %ld", GetLastError()); + LogError("CreatePipe(): %ld", GetLastError()); return NULL; } if (!SetHandleInformation(hPipeOut[1], HANDLE_FLAG_INHERIT, 1)) { - merror("SetHandleInformation(): %ld", GetLastError()); + LogError("SetHandleInformation(): %ld", GetLastError()); CloseHandle(hPipeOut[0]); CloseHandle(hPipeOut[1]); return NULL; } if (fd = _open_osfhandle((int)hPipeOut[0], 0), fd < 0) { - merror("_open_osfhandle(): %ld", GetLastError()); + LogError("_open_osfhandle(): %ld", GetLastError()); CloseHandle(hPipeOut[0]); CloseHandle(hPipeOut[1]); return NULL; } if (fp_out = _fdopen(fd, "r"), !fp_out) { - merror("_fdopen(): %ld", GetLastError()); + LogError("_fdopen(): %ld", GetLastError()); _close(fd); CloseHandle(hPipeOut[1]); return NULL; @@ -60,7 +60,7 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { if (flags & W_BIND_STDIN) { if (!CreatePipe(&hPipeIn[0], &hPipeIn[1], NULL, 0)) { - merror("CreatePipe(): %ld", GetLastError()); + LogError("CreatePipe(): %ld", GetLastError()); if (flags & (W_BIND_STDOUT | W_BIND_STDERR)) { fclose(fp_out); @@ -71,7 +71,7 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { } if (!SetHandleInformation(hPipeIn[0], HANDLE_FLAG_INHERIT, 1)) { - merror("SetHandleInformation(): %ld", GetLastError()); + LogError("SetHandleInformation(): %ld", GetLastError()); CloseHandle(hPipeIn[0]); CloseHandle(hPipeIn[1]); @@ -84,7 +84,7 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { } if (fd = _open_osfhandle((int)hPipeIn[1], 0), fd < 0) { - merror("_open_osfhandle(): %ld", GetLastError()); + LogError("_open_osfhandle(): %ld", GetLastError()); CloseHandle(hPipeIn[0]); CloseHandle(hPipeIn[1]); @@ -97,7 +97,7 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { } if (fp_in = _fdopen(fd, "w"), !fp_in) { - merror("_fdopen(): %ld", GetLastError()); + LogError("_fdopen(): %ld", GetLastError()); _close(fd); CloseHandle(hPipeIn[0]); @@ -128,11 +128,11 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { zcommand += zarg; } - mdebug2("path = '%s', command = '%s'", path, lpCommandLine); + LogDebug("path = '%s', command = '%s'", path, lpCommandLine); } if (!CreateProcess(NULL, lpCommandLine, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &pinfo)) { - mdebug1("CreateProcess(): %ld", GetLastError()); + LogDebug("CreateProcess(): %ld", GetLastError()); if (flags & (W_BIND_STDOUT | W_BIND_STDERR)) { fclose(fp_out); @@ -224,14 +224,14 @@ wfd_t * wpopenv(const char * path, char * const * argv, int flags) { // Child code if (flags & W_CHECK_WRITE && !access(path, W_OK)) { - merror("At wpopenv(): file '%s' has write permissions.", path); + LogError("At wpopenv(): file '%s' has write permissions.", path); _exit(127); } int fd_null = open("/dev/null", O_RDWR, 0); if (fd_null < 0) { - merror_exit(FOPEN_ERROR, "/dev/null", errno, strerror(errno)); + LogCritical(FOPEN_ERROR, "/dev/null", errno, strerror(errno)); } if (flags & W_BIND_STDOUT) { @@ -345,7 +345,7 @@ int wpclose(wfd_t * wfd) { wstatus = exitcode; break; default: - merror("WaitForSingleObject(): %ld", GetLastError()); + LogError("WaitForSingleObject(): %ld", GetLastError()); wstatus = -1; } diff --git a/src/common/expression/include/expression.h b/src/common/expression/include/expression.h deleted file mode 100644 index 12b69b2772..0000000000 --- a/src/common/expression/include/expression.h +++ /dev/null @@ -1,143 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - - -#ifndef EXPRESSION_H_ -#define EXPRESSION_H_ -#define PCRE2_CODE_UNIT_WIDTH 8 - -#include "../external/libpcre2/include/pcre2.h" -#include "../os_regex/os_regex.h" -#include "os_ip.h" - -#define OSMATCH_STR "osmatch" -#define OSREGEX_STR "osregex" -#define PCRE2_STR "pcre2" -#define STRING_STR "string" - -/** - * @brief Determine the types of expression allowed - */ -typedef enum { - EXP_TYPE_INVALID = -1, - EXP_TYPE_OSREGEX, - EXP_TYPE_OSMATCH, - EXP_TYPE_STRING, - EXP_TYPE_OSIP_ARRAY, - EXP_TYPE_PCRE2, -} w_exp_type_t; - -/** - * @brief Store information regarding to PCRE2 regex. - * Only for internal use in expression.c - */ -typedef struct { - pcre2_code * code; - char * raw_pattern; -} w_pcre2_code_t; - -/** - * @brief Represent the expressions used in rules and decoders. - * - * It can be OSRegex, OSMatch, string or array of os_ip. - */ -typedef struct { - w_exp_type_t exp_type; ///< Determine the type of expression - - union { ///< The expression which analysisd works - OSRegex * regex; - OSMatch * match; - char * string; - os_ip ** ips; - w_pcre2_code_t * pcre2; - }; - - bool negate; ///< Determine if the expression is afirmative or negative -} w_expression_t; - - -/** - * @brief Allocate zero-initialized memory for a w_expression_t variable - * @param var variable to initialize - * @param type type of expression. - */ -void w_calloc_expression_t(w_expression_t ** var, w_exp_type_t type); - -/** - * @brief Frees memory for a w_expression_t variable - * @param var variable to free - */ -void w_free_expression_t(w_expression_t ** var); - -/** - * @brief Call the free function w_free_expression_t with expression type reference - * @param var variable to free - */ -void w_free_expression(w_expression_t * var); - -/** - * @brief add ip to os_ip array - * @param ips array which save ip - * @param ip ip to save - * @return true on success, otherwise false - */ -bool w_expression_add_osip(w_expression_t ** var, char * ip); - -/** - * @brief Compile an expression - * @param expression Expression to compile - * @param pattern Regular expression pattern - * @param flags Compilation flags (dependent on expression type) - * @return false on error. True otherwise - */ -bool w_expression_compile(w_expression_t * expression, const char * pattern, int flags); - -/** - * @brief Test match a compiled pattern to string - * @param expression expression with compiled pattern - * @param str_test string to test - * @param regex_match Structure to manage pattern matches. NULL is accepted - * @param end_match if match, returns end of matched (Only PCRE2 & OSRegex). NULL is accepted - * @return true if match. false otherwise - */ -bool w_expression_match(w_expression_t * expression, const char * str_test, const char ** end_match, - regex_matching * regex_match); - -/** - * @brief Frees regex_matching object - * @param expression expression with compiled pattern - * @param regex_match Structure to manage pattern matches. - */ -void w_free_expression_match(w_expression_t * expression, regex_matching **reg); - -/** - * @brief Fill a match_data with PCRE2 result - * @param captured_groups number of matches of PCRE2 execute - * @param str_test string to test - * @param match_data PCRE2 block data - * @param regex_match to fill - */ -void w_expression_PCRE2_fill_regex_match(int captured_groups, const char * str_test, pcre2_match_data * match_data, - regex_matching * regex_match); - -/** - * @brief Get regex pattern of the expression - * @param expression expression with compiled pattern - * @return Returns raw regex pattern - */ -const char * w_expression_get_regex_pattern(w_expression_t * expression); - -/** - * @brief Get regex type of the expression (string format) - * @param expression expression with compiled pattern - * @return Returns type of the expression - */ -const char * w_expression_get_regex_type(w_expression_t * expression); - -#endif diff --git a/src/common/expression/src/expression.c b/src/common/expression/src/expression.c deleted file mode 100644 index 363f317688..0000000000 --- a/src/common/expression/src/expression.c +++ /dev/null @@ -1,362 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "expression.h" - -#ifdef WAZUH_UNIT_TESTING -#include "unit_tests/wrappers/externals/pcre2/pcre2_wrappers.h" -#else -#define w_pcre2_match_data_create_from_pattern pcre2_match_data_create_from_pattern -#define w_pcre2_match pcre2_match -#define w_pcre2_match_data_free pcre2_match_data_free -#define w_pcre2_get_ovector_pointer pcre2_get_ovector_pointer -#endif - -void w_calloc_expression_t(w_expression_t ** var, w_exp_type_t type) { - - os_calloc(1, sizeof(w_expression_t), *var); - (*var)->exp_type = type; - - switch (type) { - - case EXP_TYPE_OSMATCH: - os_calloc(1, sizeof(OSMatch), (*var)->match); - break; - - case EXP_TYPE_OSREGEX: - os_calloc(1, sizeof(OSRegex), (*var)->regex); - break; - - case EXP_TYPE_PCRE2: - os_calloc(1, sizeof(w_pcre2_code_t), (*var)->pcre2); - break; - - default: - break; - } -} - -void w_free_expression_t(w_expression_t ** var) { - - if (var == NULL || *var == NULL) { - return; - } - - switch ((*var)->exp_type) { - - case EXP_TYPE_OSMATCH: - OSMatch_FreePattern((*var)->match); - os_free((*var)->match); - break; - - case EXP_TYPE_OSREGEX: - OSRegex_FreePattern((*var)->regex); - os_free((*var)->regex); - break; - - case EXP_TYPE_PCRE2: - pcre2_code_free((*var)->pcre2->code); - os_free((*var)->pcre2->raw_pattern); - os_free((*var)->pcre2); - break; - - case EXP_TYPE_STRING: - os_free((*var)->string); - break; - - case EXP_TYPE_OSIP_ARRAY: - - if ((*var)->ips == NULL) { - break; - } - - for (int i = 0; (*var)->ips[i]; i++) { - w_free_os_ip((*var)->ips[i]); - } - os_free((*var)->ips); - break; - - default: - break; - } - os_free(*var); -} - -void w_free_expression(w_expression_t * var) { - w_free_expression_t(&var); -} - -void w_free_expression_match(w_expression_t * expression, regex_matching **reg){ - if (expression == NULL) { - return; - } - - switch (expression->exp_type) { - case EXP_TYPE_OSMATCH: - OSRegex_free_regex_matching(*reg); - os_free(*reg); - break; - - case EXP_TYPE_OSREGEX: - OSRegex_free_regex_matching(*reg); - os_free(*reg); - break; - - case EXP_TYPE_PCRE2: - OSRegex_free_regex_matching(*reg); - os_free(*reg); - break; - - case EXP_TYPE_STRING: - break; - - case EXP_TYPE_OSIP_ARRAY: - break; - - default: - break; - } -} - -bool w_expression_add_osip(w_expression_t ** var, char * ip) { - - unsigned int ip_s = 0; - - if ((*var) == NULL) { - w_calloc_expression_t(var, EXP_TYPE_OSIP_ARRAY); - } - - while ((*var)->ips && (*var)->ips[ip_s]) { - ip_s++; - } - - os_realloc((*var)->ips, (ip_s + 2) * sizeof(os_ip *), (*var)->ips); - os_calloc(1, sizeof(os_ip), (*var)->ips[ip_s]); - (*var)->ips[ip_s + 1] = NULL; - - if (!OS_IsValidIP(ip, (*var)->ips[ip_s])) { - w_free_expression_t(var); - return false; - } - - return true; -} - -bool w_expression_compile(w_expression_t * expression, const char * pattern, int flags) { - - bool retval = true; - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - - switch (expression->exp_type) { - - case EXP_TYPE_OSMATCH: - if (!OSMatch_Compile(pattern, expression->match, flags)) { - retval = false; - } - break; - - case EXP_TYPE_OSREGEX: - if (!OSRegex_Compile(pattern, expression->regex, flags)) { - retval = false; - } - break; - - case EXP_TYPE_PCRE2: - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - os_strdup(pattern, expression->pcre2->raw_pattern); - - if (!expression->pcre2->code) { - retval = false; - } - - break; - - case EXP_TYPE_STRING: - os_strdup(pattern, expression->string); - break; - - default: - break; - } - - return retval; -} - -bool w_expression_match(w_expression_t * expression, const char * str_test, const char ** end_match, - regex_matching * regex_match) { - - bool retval = false; - const char * ret_match = NULL; - - regex_matching status_match = { .sub_strings = NULL }; - pcre2_match_data * match_data = NULL; - PCRE2_SIZE * ovector = NULL; - int captured_groups = 0; - - if (expression == NULL || str_test == NULL) { - return retval; - } - - switch (expression->exp_type) { - - case EXP_TYPE_OSMATCH: - retval = (OSMatch_Execute(str_test, strlen(str_test), expression->match)) ? true : false; - break; - - case EXP_TYPE_OSREGEX: - if (regex_match == NULL) { - regex_match = &status_match; - } - - if (ret_match = OSRegex_Execute_ex(str_test, expression->regex, regex_match), ret_match) { - retval = true; - } - - if (status_match.sub_strings != NULL) { - OSRegex_free_regex_matching(&status_match); - } - break; - - case EXP_TYPE_PCRE2: - - if (match_data = w_pcre2_match_data_create_from_pattern(expression->pcre2->code, NULL), !match_data) { - break; - } - captured_groups = w_pcre2_match(expression->pcre2->code, (PCRE2_SPTR) str_test, - strlen(str_test), 0, 0, match_data, NULL); - - /* successful match */ - if (captured_groups > 0) { - retval = true; - ovector = w_pcre2_get_ovector_pointer(match_data); - ret_match = str_test + ovector[1] - 1; - - if (regex_match) { - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - } - } - w_pcre2_match_data_free(match_data); - break; - - case EXP_TYPE_STRING: - retval = (strcmp(expression->string, str_test) != 0) ? false : true; - break; - - case EXP_TYPE_OSIP_ARRAY: - retval = OS_IPFoundList(str_test, expression->ips) ? true: false; - break; - - default: - break; - } - - if (end_match && ret_match) { - *end_match = ret_match; - } - - return retval; -} - -void w_expression_PCRE2_fill_regex_match(int captured_groups, const char * str_test, pcre2_match_data * match_data, - regex_matching * regex_match) { - - PCRE2_SIZE * ovector; - char *** sub_strings; - regex_dynamic_size * str_sizes; - - /* Check if captured at least one group besides matching */ - if (captured_groups < 2 || !str_test || !match_data || !regex_match) { - return; - } - - sub_strings = ®ex_match->sub_strings; - str_sizes = ®ex_match->d_size; - - w_FreeArray(*sub_strings); - os_realloc(*sub_strings, sizeof(char *) * captured_groups, *sub_strings); - memset((void *) *sub_strings, 0, sizeof(char *) * captured_groups); - str_sizes->sub_strings_size = sizeof(char *) * captured_groups; - - ovector = w_pcre2_get_ovector_pointer(match_data); - for (int i = 1; i < captured_groups; i++) { - size_t substring_length = ovector[2 * i + 1] - ovector[2 * i]; - regex_match->sub_strings[i - 1] = w_strndup(str_test + ovector[2 * i], substring_length); - } - regex_match->sub_strings[captured_groups - 1] = NULL; -} - -const char * w_expression_get_regex_pattern(w_expression_t * expression) { - - const char * retval = NULL; - - if (!expression) { - return retval; - } - - switch (expression->exp_type) { - - case EXP_TYPE_OSREGEX: - retval = expression->regex->raw; - break; - - case EXP_TYPE_OSMATCH: - retval = expression->match->raw; - break; - - case EXP_TYPE_PCRE2: - retval = expression->pcre2->raw_pattern; - break; - - case EXP_TYPE_STRING: - retval = expression->string; - break; - - default: - break; - } - - return retval; -} - -const char * w_expression_get_regex_type(w_expression_t * expression) { - - const char * retval = NULL; - - if (!expression) { - return retval; - } - - switch (expression->exp_type) { - - case EXP_TYPE_OSMATCH: - retval = OSMATCH_STR; - break; - - case EXP_TYPE_OSREGEX: - retval = OSREGEX_STR; - break; - - case EXP_TYPE_PCRE2: - retval = PCRE2_STR; - break; - - case EXP_TYPE_STRING: - retval = STRING_STR; - break; - - default: - break; - } - - return retval; -} diff --git a/src/common/expression/tests/unit/tests/CMakeLists.txt b/src/common/expression/tests/unit/tests/CMakeLists.txt deleted file mode 100644 index f53377d531..0000000000 --- a/src/common/expression/tests/unit/tests/CMakeLists.txt +++ /dev/null @@ -1,54 +0,0 @@ -#include wrappers -include(${SRC_FOLDER}/unit_tests/wrappers/wazuh/shared/shared.cmake) - -if(${TARGET} STREQUAL "winagent") - link_directories(${SRC_FOLDER}/syscheckd/build/bin) -endif(${TARGET} STREQUAL "winagent") - -# Tests list and flags -list(APPEND shared_tests_names "test_expression") -set(EXPRESSION_BASE_FLAGS "-Wl,--wrap,OS_IsValidIP -Wl,--wrap,OSMatch_Execute -Wl,--wrap,OSRegex_Compile \ - -Wl,--wrap,OSRegex_Execute -Wl,--wrap,OSRegex_Execute_ex -Wl,--wrap,OSMatch_Compile") -if(${TARGET} STREQUAL "winagent") -list(APPEND shared_tests_flags "${EXPRESSION_BASE_FLAGS} -Wl,--wrap,syscom_dispatch -Wl,--wrap,Start_win32_Syscheck \ - -Wl,--wrap=is_fim_shutdown -Wl,--wrap=_imp__dbsync_initialize \ - -Wl,--wrap=_imp__rsync_initialize -Wl,--wrap=fim_db_teardown") -else() -list(APPEND shared_tests_flags "${EXPRESSION_BASE_FLAGS}") -endif() - -# Compiling tests -list(LENGTH shared_tests_names count) -math(EXPR count "${count} - 1") -foreach(counter RANGE ${count}) - list(GET shared_tests_names ${counter} test_name) - list(GET shared_tests_flags ${counter} test_flags) - - add_executable(${test_name} ${test_name}.c) - - if(${TARGET} STREQUAL "server") - target_link_libraries( - ${test_name} - ${WAZUHLIB} - ${WAZUHEXT} - ANALYSISD_O - ${TEST_DEPS} - ) - else() - target_link_libraries( - ${test_name} - ${TEST_DEPS} - ) - if(${TARGET} STREQUAL "winagent") - target_link_libraries(${test_name} fimdb) - endif(${TARGET} STREQUAL "winagent") - endif() - - if(NOT test_flags STREQUAL " ") - target_link_libraries( - ${test_name} - ${test_flags} - ) - endif() - add_test(NAME ${test_name} COMMAND ${test_name}) -endforeach() diff --git a/src/common/expression/tests/unit/tests/test_expression.c b/src/common/expression/tests/unit/tests/test_expression.c deleted file mode 100644 index 14a73ecb00..0000000000 --- a/src/common/expression/tests/unit/tests/test_expression.c +++ /dev/null @@ -1,1176 +0,0 @@ - -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include - -#include "shared.h" -#include "expression.h" -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/debug_op_wrappers.h" -#include "../wrappers/wazuh/os_regex/os_regex_wrappers.h" -#include "../wrappers/externals/pcre2/pcre2_wrappers.h" - - -void w_calloc_expression_t(w_expression_t ** var, w_exp_type_t type); -bool w_expression_add_osip(w_expression_t ** var, char * ip); -void w_free_expression_t(w_expression_t ** var); -bool w_expression_match(w_expression_t * expression, const char * str_test, const char ** end_match, - regex_matching * regex_match); -void w_expression_PCRE2_fill_regex_match(int captured_groups, const char * str_test, pcre2_match_data * match_data, - regex_matching * regex_match); -const char * w_expression_get_regex_pattern(w_expression_t * expression); - - -/* setup/teardown */ - -/* tests */ - -// w_calloc_expression_t - -void w_calloc_expression_t_match(void ** state) -{ - w_expression_t * var = NULL; - - w_calloc_expression_t(&var, EXP_TYPE_OSMATCH); - - assert_non_null(var); - assert_non_null(var->match); - assert_int_equal(var->exp_type, EXP_TYPE_OSMATCH); - - os_free(var->match); - os_free(var); -} - -void w_calloc_expression_t_regex(void ** state) -{ - w_expression_t * var = NULL; - - w_calloc_expression_t(&var, EXP_TYPE_OSREGEX); - - assert_non_null(var); - assert_non_null(var->regex); - assert_int_equal(var->exp_type, EXP_TYPE_OSREGEX); - - os_free(var->regex); - os_free(var); -} - -void w_calloc_expression_t_string(void ** state) -{ - w_expression_t * var = NULL; - - w_calloc_expression_t(&var, EXP_TYPE_STRING); - - assert_non_null(var); - assert_int_equal(var->exp_type, EXP_TYPE_STRING); - - os_free(var); -} - -void w_calloc_expression_t_osip(void ** state) -{ - w_expression_t * var = NULL; - - w_calloc_expression_t(&var, EXP_TYPE_OSIP_ARRAY); - - assert_non_null(var); - assert_int_equal(var->exp_type, EXP_TYPE_OSIP_ARRAY); - - os_free(var); -} - -void w_calloc_expression_t_pcre2(void ** state) -{ - w_expression_t * var = NULL; - - w_calloc_expression_t(&var, EXP_TYPE_PCRE2); - - assert_non_null(var); - assert_int_equal(var->exp_type, EXP_TYPE_PCRE2); - - os_free(var->pcre2); - os_free(var); -} - -// w_expression_add_osip - -void w_expression_add_osip_empty_ok(void ** state) -{ - w_expression_t * list_ips = NULL; - bool retval; - - expect_any(__wrap_OS_IsValidIP, ip_address); - expect_not_value(__wrap_OS_IsValidIP, final_ip, NULL); - will_return(__wrap_OS_IsValidIP, 1); - - retval = w_expression_add_osip(&list_ips, NULL); - - assert_true(retval); - assert_int_equal(list_ips->exp_type, EXP_TYPE_OSIP_ARRAY); - assert_null(list_ips->ips[1]); - assert_non_null(list_ips->ips[0]); - - os_free(list_ips->ips[0]); - os_free(list_ips->ips) os_free(list_ips); -} - -void w_expression_add_osip_empty_fail(void ** state) -{ - w_expression_t * list_ips = NULL; - bool retval; - - expect_any(__wrap_OS_IsValidIP, ip_address); - expect_not_value(__wrap_OS_IsValidIP, final_ip, NULL); - will_return(__wrap_OS_IsValidIP, 0); - - retval = w_expression_add_osip(&list_ips, NULL); - - assert_false(retval); - assert_null(list_ips); -} - -void w_expression_add_osip_non_empty_ok(void ** state) -{ - w_expression_t * list_ips = NULL; - bool retval; - - os_calloc(1, sizeof(w_expression_t), list_ips); - list_ips->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(2, sizeof(os_ip *), list_ips->ips); - os_calloc(1, sizeof(os_ip), list_ips->ips[0]); - - expect_any(__wrap_OS_IsValidIP, ip_address); - expect_not_value(__wrap_OS_IsValidIP, final_ip, NULL); - will_return(__wrap_OS_IsValidIP, 1); - - retval = w_expression_add_osip(&list_ips, NULL); - - assert_true(retval); - - assert_int_equal(list_ips->exp_type, EXP_TYPE_OSIP_ARRAY); - assert_null(list_ips->ips[2]); - assert_non_null(list_ips->ips[1]); - assert_non_null(list_ips->ips[0]); - - os_free(list_ips->ips[1]); - os_free(list_ips->ips[0]); - os_free(list_ips->ips) os_free(list_ips); -} - -void w_expression_add_osip_non_empty_fail(void ** state) -{ - w_expression_t * list_ips = NULL; - bool retval; - - os_calloc(1, sizeof(w_expression_t), list_ips); - list_ips->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(2, sizeof(os_ip *), list_ips->ips); - os_calloc(1, sizeof(os_ip), list_ips->ips[0]); - - expect_any(__wrap_OS_IsValidIP, ip_address); - expect_not_value(__wrap_OS_IsValidIP, final_ip, NULL); - will_return(__wrap_OS_IsValidIP, 0); - - retval = w_expression_add_osip(&list_ips, NULL); - - assert_false(retval); - assert_null(list_ips); -} - -//w_free_expression_t - -void w_free_expression_t_NULL(void ** state) -{ - w_expression_t * var = NULL; - - w_free_expression_t(&var); -} - -void w_free_expression_t_osmatch(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_OSMATCH; - - os_calloc(1, sizeof(OSMatch), var->match); - os_strdup("test", var->match->raw); - - w_free_expression_t(&var); -} - -void w_free_expression_t_osregex(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_OSREGEX; - - os_calloc(1, sizeof(OSRegex), var->regex); - os_strdup("test", var->regex->raw); - - w_free_expression_t(&var); -} - -void w_free_expression_t_string(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_STRING; - - os_strdup("test", var->string); - - w_free_expression_t(&var); -} - -void w_free_expression_t_exp_type_osip_array_NULL(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_OSIP_ARRAY; - - var->ips = NULL; - - w_free_expression_t(&var); -} - -void w_free_expression_t_exp_type_osip_array(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(2, sizeof(os_ip *), var->ips); - os_calloc(1, sizeof(os_ip), var->ips[0]); - os_strdup("test", var->ips[0]->ip); - - w_free_expression_t(&var); -} - -void w_free_expression_t_exp_type_pcre2(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = EXP_TYPE_PCRE2; - os_calloc(1, sizeof(w_pcre2_code_t), var->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - var->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - w_free_expression_t(&var); - - os_free(pattern); -} - -void w_free_expression_t_default(void ** state) -{ - w_expression_t * var = NULL; - - os_calloc(1, sizeof(w_expression_t), var); - var->exp_type = 55; - - w_free_expression_t(&var); -} - -// w_expression_compile - -void w_expression_compile_osregex_fail(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSREGEX; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - expect_string(__wrap_OSRegex_Compile, pattern,"test"); - will_return(__wrap_OSRegex_Compile, 0); - - bool ret = w_expression_compile(expression, pattern, flags); - assert_false(ret); - - os_free(pattern); - os_free(expression); -} - -void w_expression_compile_osregex(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSREGEX; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - expect_string(__wrap_OSRegex_Compile, pattern,"test"); - will_return(__wrap_OSRegex_Compile, 1); - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression); -} - -void w_expression_compile_osmatch_fail(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSMATCH; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - expect_string(__wrap_OSMatch_Compile, pattern,"test"); - will_return(__wrap_OSMatch_Compile, 0); - - bool ret = w_expression_compile(expression, pattern, flags); - assert_false(ret); - - os_free(pattern); - os_free(expression); -} - -void w_expression_compile_osmatch(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSMATCH; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - expect_string(__wrap_OSMatch_Compile, pattern,"test"); - will_return(__wrap_OSMatch_Compile, 1); - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression); -} - -void w_expression_compile_pcre2(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression->pcre2->code); - os_free(expression->pcre2->raw_pattern); - os_free(expression->pcre2); - os_free(expression); -} - -void w_expression_compile_string(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_STRING; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression->string); - os_free(expression); -} - -void w_expression_compile_osip_array(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSIP_ARRAY; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression); -} - -void w_expression_compile_default(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = 55; - - char * pattern = NULL; - os_strdup("test", pattern); - - int flags = 0; - - bool ret = w_expression_compile(expression, pattern, flags); - assert_true(ret); - - os_free(pattern); - os_free(expression); -} - -// w_expression_match - -void w_expression_match_NULL(void ** state) -{ - w_expression_t * expression = NULL; - char * str_test = NULL; - - const char* end_match = "test_end_match"; - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); -} - -void w_expression_match_osmatch(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSMATCH; - - const char* end_match = "test_end_match"; - - char * str_test = NULL; - os_strdup("test", str_test); - - expect_string(__wrap_OSMatch_Execute, str,"test"); - will_return(__wrap_OSMatch_Execute, 1); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_true(ret); - - os_free(str_test); - os_free(expression); -} - -void w_expression_match_osregex(void ** state) -{ - test_mode = 1; - - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSREGEX; - - os_calloc(1, sizeof(OSRegex), expression->regex); - - const char* end_match = "test_end_match"; - - char * str_test = NULL; - os_strdup("test", str_test); - - expect_string(__wrap_OSRegex_Execute_ex, str,"test"); - will_return(__wrap_OSRegex_Execute_ex, "test_osregex"); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_true(ret); - - os_free(str_test); - os_free(expression->regex); - os_free(expression); -} - -void w_expression_match_pcre2_match_data_NULL(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - const char* end_match = "test_end_match"; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - - char * str_test = NULL; - os_strdup("test", str_test); - - will_return(wrap_pcre2_match_data_create_from_pattern, NULL); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); - - os_free(str_test); - os_free(pattern); - w_free_expression_t(&expression); -} - -void w_expression_match_pcre2_match_no_captured_groups(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - const char* end_match = "test_end_match"; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - - char * str_test = NULL; - os_strdup("test", str_test); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 0); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); - - os_free(str_test); - os_free(pattern); - w_free_expression_t(&expression); -} - -void w_expression_match_pcre2_match_captured_groups(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - const char* end_match = "test_end_match"; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - - char * str_test = NULL; - os_strdup("test", str_test); - - char * aux[2]; - aux[0] = str_test; - aux[1] = str_test+1; - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 1); - will_return(wrap_pcre2_get_ovector_pointer, aux); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_true(ret); - - os_free(str_test); - os_free(pattern); - w_free_expression_t(&expression); -} - -void w_expression_match_pcre2_match_regex_matching(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - const char* end_match = "test_end_match"; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - - char * str_test = NULL; - os_strdup("test", str_test); - - char * aux[2] ; - aux[0] = str_test; - aux[1] = str_test+1; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 1); - will_return(wrap_pcre2_get_ovector_pointer, aux); - - bool ret = w_expression_match(expression, str_test, &end_match, regex_match); - assert_true(ret); - - os_free(str_test); - os_free(pattern); - os_free(regex_match); - w_free_expression_t(&expression); -} - -void w_expression_match_string(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_STRING; - - os_calloc(1, sizeof(char), expression->string); - - const char* end_match = "test_end_match"; - - char * str_test = NULL; - os_strdup("test", str_test); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); - - os_free(str_test); - os_free(expression->string); - os_free(expression); -} - -void w_expression_match_osip_array(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(1, sizeof(os_ip*), expression->ips); - - const char* end_match = "test_end_match"; - - char * str_test = NULL; - os_strdup("test", str_test); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); - - os_free(str_test); - os_free(expression->ips); - os_free(expression); -} - -/* - case EXP_TYPE_STRING: - retval = (strcmp(expression->string, str_test) != 0) ? false : true; - break; - - case EXP_TYPE_OSIP_ARRAY: - retval = OS_IPFoundList(str_test, expression->ips) ? true: false; - break; -*/ - -void w_expression_match_default(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = 55; - - const char* end_match = "test_end_match"; - - char * str_test = NULL; - os_strdup("test", str_test); - - bool ret = w_expression_match(expression, str_test, &end_match, NULL); - assert_false(ret); - - os_free(str_test); - os_free(expression); -} - -void w_expression_match_end_match_NULL(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - os_calloc(1, sizeof(w_pcre2_code_t), expression->pcre2); - - int errornumber = 0; - PCRE2_SIZE erroroffset = 0; - char* pattern = NULL; - os_strdup("test", pattern); - - expression->pcre2->code = pcre2_compile((PCRE2_SPTR) pattern, PCRE2_ZERO_TERMINATED, - 0, &errornumber, &erroroffset, NULL); - - char * str_test = NULL; - os_strdup("test", str_test); - - char * aux[2]; - aux[0] = str_test; - aux[1] = str_test+1; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 1); - will_return(wrap_pcre2_get_ovector_pointer, aux); - - bool ret = w_expression_match(expression, str_test, NULL, regex_match); - assert_true(ret); - - os_free(str_test); - os_free(pattern); - os_free(regex_match); - w_free_expression_t(&expression); -} - -// w_expression_PCRE2_fill_regex_match - -void w_expression_PCRE2_fill_regex_match_no_capture_groups(void ** state) -{ - int captured_groups = 0; - - const char * str_test = "test"; - - pcre2_match_data * match_data = (pcre2_match_data*)1; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - - os_free(regex_match); -} - -void w_expression_PCRE2_fill_regex_match_str_test_NULL(void ** state) -{ - int captured_groups = 2; - - const char * str_test = NULL; - - pcre2_match_data * match_data = (pcre2_match_data*)1; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - - os_free(regex_match); -} - -void w_expression_PCRE2_fill_regex_match_match_data_NULL(void ** state) -{ - int captured_groups = 2; - - const char * str_test = "test"; - - pcre2_match_data * match_data = NULL; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - - os_free(regex_match); -} - -void w_expression_PCRE2_fill_regex_match_regex_match_NULL(void ** state) -{ - int captured_groups = 2; - - const char * str_test = "test"; - - pcre2_match_data * match_data = (pcre2_match_data*)1; - - regex_matching * regex_match = NULL; - - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - - os_free(regex_match); -} - -void w_expression_PCRE2_fill_regex_match_done(void ** state) -{ - int captured_groups = 2; - - const char * str_test = "test"; - - pcre2_match_data * match_data = (pcre2_match_data*)1; - - regex_matching * regex_match; - os_calloc(1, sizeof(regex_matching), regex_match); - - char * str_aux = NULL; - os_strdup("test_regex_match", str_aux); - - char * aux[4]; - aux[0] = (char*)0; - aux[1] = (char*)1; - aux[2] = (char*)2; - aux[3] = (char*)3; - - will_return(wrap_pcre2_get_ovector_pointer, aux); - - w_expression_PCRE2_fill_regex_match(captured_groups, str_test, match_data, regex_match); - - os_free(str_aux); - os_free(regex_match->sub_strings[0]); - os_free(regex_match->sub_strings); - os_free(regex_match); -} - -// w_expression_get_regex_pattern - -void w_expression_get_regex_pattern_expression_NULL(void ** state) -{ - w_expression_t * expression = NULL; - - w_expression_get_regex_pattern(expression); -} - -void w_expression_get_regex_pattern_exp_type_osregex(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSREGEX; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_string_equal(ret, "test"); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -void w_expression_get_regex_pattern_exp_type_osmatch(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSMATCH; - - os_calloc(1, sizeof(OSMatch), expression->match); - os_strdup("test", expression->match->raw); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_string_equal(ret, "test"); - - os_free(expression->match->raw); - os_free(expression->match); - os_free(expression); -} - -void w_expression_get_regex_pattern_exp_type_pcre2(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - os_calloc(1, sizeof(OSMatch), expression->pcre2); - os_strdup("test", expression->pcre2->raw_pattern); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_string_equal(ret, "test"); - - os_free(expression->pcre2->raw_pattern); - os_free(expression->pcre2); - os_free(expression); -} - -void w_expression_get_regex_pattern_exp_type_string(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_STRING; - - os_strdup("test", expression->string); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_string_equal("test", ret); - - os_free(expression->string); - os_free(expression); -} - -void w_expression_get_regex_pattern_exp_type_osip_array(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_null(ret); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -void w_expression_get_regex_pattern_exp_type_default(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = 55; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_pattern(expression); - assert_null(ret); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -// w_expression_get_regex_type - -void w_expression_get_regex_type_expression_NULL(void ** state) -{ - w_expression_t * expression = NULL; - - w_expression_get_regex_type(expression); -} - -void w_expression_get_regex_type_exp_type_osregex(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSREGEX; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_type(expression); - assert_string_equal(ret, "osregex"); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -void w_expression_get_regex_type_exp_type_osmatch(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSMATCH; - - os_calloc(1, sizeof(OSMatch), expression->match); - os_strdup("test", expression->match->raw); - - const char* ret = w_expression_get_regex_type(expression); - assert_string_equal(ret, "osmatch"); - - os_free(expression->match->raw); - os_free(expression->match); - os_free(expression); -} - -void w_expression_get_regex_type_exp_type_pcre2(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_PCRE2; - - os_calloc(1, sizeof(OSMatch), expression->pcre2); - os_strdup("test", expression->pcre2->raw_pattern); - - const char* ret = w_expression_get_regex_type(expression); - assert_string_equal(ret, "pcre2"); - - os_free(expression->pcre2->raw_pattern); - os_free(expression->pcre2); - os_free(expression); -} - -void w_expression_get_regex_type_exp_type_string(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_STRING; - - os_strdup("test", expression->string); - - const char* ret = w_expression_get_regex_type(expression); - assert_string_equal("string", ret); - - os_free(expression->string); - os_free(expression); -} - -void w_expression_get_regex_type_exp_type_osip_array(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = EXP_TYPE_OSIP_ARRAY; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_type(expression); - assert_null(ret); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -void w_expression_get_regex_type_exp_type_default(void ** state) -{ - w_expression_t * expression = NULL; - os_calloc(1, sizeof(w_expression_t), expression); - expression->exp_type = 55; - - os_calloc(1, sizeof(OSRegex), expression->regex); - os_strdup("test", expression->regex->raw); - - const char* ret = w_expression_get_regex_type(expression); - assert_null(ret); - - os_free(expression->regex->raw); - os_free(expression->regex); - os_free(expression); -} - -int main(void) -{ - const struct CMUnitTest tests[] = { - - // Test w_calloc_expression_t - cmocka_unit_test(w_calloc_expression_t_match), - cmocka_unit_test(w_calloc_expression_t_regex), - cmocka_unit_test(w_calloc_expression_t_string), - cmocka_unit_test(w_calloc_expression_t_osip), - cmocka_unit_test(w_calloc_expression_t_pcre2), - - // Tests w_add_ip_to_array - cmocka_unit_test(w_expression_add_osip_empty_ok), - cmocka_unit_test(w_expression_add_osip_empty_fail), - cmocka_unit_test(w_expression_add_osip_non_empty_ok), - cmocka_unit_test(w_expression_add_osip_non_empty_fail), - - //Test w_free_expression_t - cmocka_unit_test(w_free_expression_t_NULL), - cmocka_unit_test(w_free_expression_t_osmatch), - cmocka_unit_test(w_free_expression_t_osregex), - cmocka_unit_test(w_free_expression_t_string), - cmocka_unit_test(w_free_expression_t_exp_type_osip_array_NULL), - cmocka_unit_test(w_free_expression_t_exp_type_osip_array), - cmocka_unit_test(w_free_expression_t_exp_type_pcre2), - cmocka_unit_test(w_free_expression_t_default), - - //Test w_expression_compile - cmocka_unit_test(w_expression_compile_osregex_fail), - cmocka_unit_test(w_expression_compile_osregex), - cmocka_unit_test(w_expression_compile_osmatch_fail), - cmocka_unit_test(w_expression_compile_osmatch), - cmocka_unit_test(w_expression_compile_pcre2), - cmocka_unit_test(w_expression_compile_string), - cmocka_unit_test(w_expression_compile_osip_array), - cmocka_unit_test(w_expression_compile_default), - - //Test w_expression_match - cmocka_unit_test(w_expression_match_NULL), - cmocka_unit_test(w_expression_match_osmatch), - cmocka_unit_test(w_expression_match_osregex), - cmocka_unit_test(w_expression_match_pcre2_match_data_NULL), - cmocka_unit_test(w_expression_match_pcre2_match_no_captured_groups), - cmocka_unit_test(w_expression_match_pcre2_match_captured_groups), - cmocka_unit_test(w_expression_match_pcre2_match_regex_matching), - cmocka_unit_test(w_expression_match_string), - cmocka_unit_test(w_expression_match_osip_array), - cmocka_unit_test(w_expression_match_default), - cmocka_unit_test(w_expression_match_end_match_NULL), - - //Test w_expression_PCRE2_fill_regex_match - cmocka_unit_test(w_expression_PCRE2_fill_regex_match_no_capture_groups), - cmocka_unit_test(w_expression_PCRE2_fill_regex_match_str_test_NULL), - cmocka_unit_test(w_expression_PCRE2_fill_regex_match_match_data_NULL), - cmocka_unit_test(w_expression_PCRE2_fill_regex_match_regex_match_NULL), - cmocka_unit_test(w_expression_PCRE2_fill_regex_match_done), - - //Test w_expression_PCRE2_fill_regex_match - cmocka_unit_test(w_expression_get_regex_pattern_expression_NULL), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_osregex), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_osmatch), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_pcre2), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_string), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_osip_array), - cmocka_unit_test(w_expression_get_regex_pattern_exp_type_default), - - //Test w_expression_get_regex_type - cmocka_unit_test(w_expression_get_regex_type_expression_NULL), - cmocka_unit_test(w_expression_get_regex_type_exp_type_osregex), - cmocka_unit_test(w_expression_get_regex_type_exp_type_osmatch), - cmocka_unit_test(w_expression_get_regex_type_exp_type_pcre2), - cmocka_unit_test(w_expression_get_regex_type_exp_type_string), - cmocka_unit_test(w_expression_get_regex_type_exp_type_osip_array), - cmocka_unit_test(w_expression_get_regex_type_exp_type_default) - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/src/common/expression/tests/unit/wrappers/expression_wrappers.c b/src/common/expression/tests/unit/wrappers/expression_wrappers.c deleted file mode 100644 index 6ffdacb5d1..0000000000 --- a/src/common/expression/tests/unit/wrappers/expression_wrappers.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "expression_wrappers.h" -#include -#include -#include -#include - -bool __wrap_w_expression_match(__attribute__((unused))w_expression_t * expression, __attribute__((unused))const char * str_test, - __attribute__((unused))const char ** end_match, regex_matching * regex_match) { - int ret = mock(); - - if(ret < 0) { - if (ret == -3) { - regex_match->d_size.prts_str_alloc_size = 0; - ret = 1; - } else { - ret *= (-1); - - regex_match->d_size.prts_str_alloc_size = ret *sizeof(char *); - os_calloc(1, sizeof(char *) * (ret + 1), regex_match->sub_strings); - - regex_match->sub_strings[0] = w_strndup((char*)mock(), 128); - - if (ret > 1) { - regex_match->sub_strings[1] = w_strndup((char*)mock(), 128); - regex_match->sub_strings[2] = NULL; - } else { - regex_match->sub_strings[1] = NULL; - } - } - } - return ret; -} - -void __wrap_w_calloc_expression_t(__attribute__((unused))w_expression_t ** var, w_exp_type_t type) { - check_expected(type); - return; -} - -void __wrap_w_free_expression_t(__attribute__((unused))w_expression_t ** var) { - return; -} - -bool __wrap_w_expression_compile(__attribute__((unused))w_expression_t * expression, __attribute__((unused))char * pattern, - __attribute__((unused))int flags) { - return mock_type(bool); -} \ No newline at end of file diff --git a/src/common/expression/tests/unit/wrappers/expression_wrappers.h b/src/common/expression/tests/unit/wrappers/expression_wrappers.h deleted file mode 100644 index cdbc94e2b1..0000000000 --- a/src/common/expression/tests/unit/wrappers/expression_wrappers.h +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef EXPRESSION_WRAPPERS_H -#define EXPRESSION_WRAPPERS_H - -#include -#include "../headers/shared.h" -#include "../headers/expression.h" - -bool __wrap_w_expression_match(__attribute__((unused))w_expression_t * expression, __attribute__((unused))const char * str_test, - __attribute__((unused))const char ** end_match, regex_matching * regex_match); - -void __wrap_w_calloc_expression_t(__attribute__((unused))w_expression_t ** var, w_exp_type_t type); - -void __wrap_w_free_expression_t(__attribute__((unused))w_expression_t ** var); - -bool __wrap_w_expression_compile(__attribute__((unused))w_expression_t * expression, __attribute__((unused))char * pattern, - __attribute__((unused))int flags); - -#endif diff --git a/src/common/fileHelper/tests/main.cpp b/src/common/fileHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/fileHelper/tests/main.cpp +++ b/src/common/fileHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/file_op/CMakeLists.txt b/src/common/file_op/CMakeLists.txt index e69de29bb2..4854afcc4f 100644 --- a/src/common/file_op/CMakeLists.txt +++ b/src/common/file_op/CMakeLists.txt @@ -0,0 +1,7 @@ +find_package(ZLIB REQUIRED) + +add_library(file_op STATIC src/file_op.c) + +target_include_directories(file_op PUBLIC include) + +target_link_libraries(file_op utils time_op version_op ZLIB::ZLIB Logger) diff --git a/src/common/file_op/include/file_op.h b/src/common/file_op/include/file_op.h index b8eb89ec16..ff4a902597 100644 --- a/src/common/file_op/include/file_op.h +++ b/src/common/file_op/include/file_op.h @@ -10,14 +10,13 @@ /* Functions to handle operation with files */ -#ifndef FILE_OP_H -#define FILE_OP_H +#pragma once #include #include #include #include -#include +#include #ifdef WIN32 #include @@ -41,6 +40,16 @@ extern int isVista; typedef ino_t wino_t; #endif +#if defined(__GNUC__) || defined(__clang__) +#define ATTR_NONNULL __attribute__((nonnull)) +#define ATTR_NONNULL_ONE __attribute__((nonnull(1))) +#define ATTR_NONNULL_ONE_TWO __attribute__((nonnull(1, 2))) +#else +#define ATTR_NONNULL +#define ATTR_NONNULL_ONE +#define ATTR_NONNULL_ONE_TWO +#endif + typedef struct File { char *name; FILE *fp; @@ -51,7 +60,7 @@ typedef struct File { * * @param name Program name. */ -void OS_SetName(const char *name) __attribute__((nonnull)); +void OS_SetName(const char *name) ATTR_NONNULL; /** @@ -68,7 +77,7 @@ cJSON* getunameJSON(); * @param file File name. * @return Time of last modification or -1 on error. */ -time_t File_DateofChange(const char *file) __attribute__((nonnull)); +time_t File_DateofChange(const char *file) ATTR_NONNULL; /** @@ -77,7 +86,7 @@ time_t File_DateofChange(const char *file) __attribute__((nonnull)); * @param file File name. * @return File inode or 0 on error. */ -ino_t File_Inode(const char *file) __attribute__((nonnull)); +ino_t File_Inode(const char *file) ATTR_NONNULL; /** @@ -135,7 +144,7 @@ long get_fp_size(FILE * fp); * @param file File path. * @return 0 if it is a directory, -1 otherwise. */ -int IsDir(const char *file) __attribute__((nonnull)); +int IsDir(const char *file) ATTR_NONNULL; /** @@ -144,7 +153,7 @@ int IsDir(const char *file) __attribute__((nonnull)); * @param file File path. * @return 0 if it is a regular file, -1 otherwise. */ -int IsFile(const char *file) __attribute__((nonnull)); +int IsFile(const char *file) ATTR_NONNULL; /** @@ -153,7 +162,7 @@ int IsFile(const char *file) __attribute__((nonnull)); * @param file File path. * @return 0 if it is a socket, -1 otherwise. */ -int IsSocket(const char * file) __attribute__((nonnull)); +int IsSocket(const char * file) ATTR_NONNULL; /** @@ -162,7 +171,7 @@ int IsSocket(const char * file) __attribute__((nonnull)); * @param dir File path. * @return 1 if it is a file, 2 if it is a directory, 0 otherwise. */ -int check_path_type(const char *dir) __attribute__((nonnull)); +int check_path_type(const char *dir) ATTR_NONNULL; #ifndef WIN32 @@ -172,7 +181,7 @@ int check_path_type(const char *dir) __attribute__((nonnull)); * @param file File path. * @return 0 if it is a link, -1 otherwise. */ -int IsLink(const char * file) __attribute__((nonnull)); +int IsLink(const char * file) ATTR_NONNULL; #endif @@ -191,7 +200,7 @@ char *GetRandomNoise(); * @param pid Service PID. * @return 0 if the file was created, -1 on error. */ -int CreatePID(const char *name, int pid) __attribute__((nonnull)); +int CreatePID(const char *name, int pid) ATTR_NONNULL; /** @@ -200,7 +209,7 @@ int CreatePID(const char *name, int pid) __attribute__((nonnull)); * @param name Service name. * @return 0 if the file was deleted, -1 on error. */ -int DeletePID(const char *name) __attribute__((nonnull)); +int DeletePID(const char *name) ATTR_NONNULL; /** @@ -219,7 +228,7 @@ void DeleteState(); * @param path_offset Offset for recursion. * @return 1 if the merged file was created, 0 on error. */ -int MergeAppendFile(FILE *finalfp, const char *files, int path_offset) __attribute__((nonnull(1, 2))); +int MergeAppendFile(FILE *finalfp, const char *files, int path_offset) ATTR_NONNULL_ONE_TWO; /** @@ -230,7 +239,7 @@ int MergeAppendFile(FILE *finalfp, const char *files, int path_offset) __attribu * @param mode Indicates if the merged file must be readed as a binary file or not. Use `#OS_TEXT`, `#OS_BINARY`. * @return 1 if the file was unmerged, 0 on error. */ -int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***unmerged_files) __attribute__((nonnull(1))); +int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***unmerged_files) ATTR_NONNULL_ONE; /** @@ -240,7 +249,7 @@ int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***un * @param mode Indicates if the merged file must be readed as a binary file or not. Use `#OS_TEXT`, `#OS_BINARY`. * @return 1 if the merged file is valid, 0 if not. */ -int TestUnmergeFiles(const char *finalpath, int mode) __attribute__((nonnull(1))); +int TestUnmergeFiles(const char *finalpath, int mode) ATTR_NONNULL_ONE; /** @@ -274,7 +283,7 @@ const char *getuname(void); * string such as "/usr/". * @return Pointer to the path basename. */ -char *basename_ex(char *path) __attribute__((nonnull)); +char *basename_ex(char *path) ATTR_NONNULL; /** @@ -284,7 +293,7 @@ char *basename_ex(char *path) __attribute__((nonnull)); * @param destination Path of the renamed file/folder. * @return 0 on success and -1 on error. */ -int rename_ex(const char *source, const char *destination) __attribute__((nonnull)); +int rename_ex(const char *source, const char *destination) ATTR_NONNULL; /** @@ -293,7 +302,7 @@ int rename_ex(const char *source, const char *destination) __attribute__((nonnul * @param tmp_path Temporary file path. * @return 0 on success and -1 on error. */ -int mkstemp_ex(char *tmp_path) __attribute__((nonnull)); +int mkstemp_ex(char *tmp_path) ATTR_NONNULL; /** @@ -638,4 +647,4 @@ int w_is_compressed_bz2_file(const char * path); * @return Pointer to the Wazuh installation path on success */ char *w_homedir(char *arg); -#endif /* FILE_OP_H */ + diff --git a/src/common/file_op/src/file_op.c b/src/common/file_op/src/file_op.c index 24b2b7aea8..df31c91065 100644 --- a/src/common/file_op/src/file_op.c +++ b/src/common/file_op/src/file_op.c @@ -12,9 +12,10 @@ */ #include "shared.h" +#include "cust_types.h" #include "version_op.h" -#include "../external/zlib/zlib.h" +#include #ifdef WAZUH_UNIT_TESTING #ifdef WIN32 @@ -26,8 +27,28 @@ #ifndef WIN32 #include +#define ATTR_UNUSED __attribute__((unused)) #else +#define ATTR_UNUSED #include +typedef int DIR; +struct dirent { + unsigned short d_reclen; /* length of this record */ + unsigned char d_type; /* type of file; not supported + by all file system types */ + char d_name[256]; /* filename */ +}; +DIR * opendir(DIR *dir){ return NULL; } +int closedir(DIR *dir){ return 0; } +static char *dirname(char *s){ return NULL; } +static struct dirent *readdir(DIR *dir){ return NULL; } +static int64_t ftello64(FILE *x){ return 0; } +static int64_t fseeko64(FILE *x, int64_t pos, int mode){ return 0; } +static int64_t S_ISREG(int64_t flags){ return 0; } +static int64_t S_ISDIR(int64_t flags){ return 0; } +static char * PathFindFileNameA_(char *s){ return NULL; } +static void PathRemoveFileSpec_(char *path){} +static int wm_strcat(char **str1, const char *str2, char sep){ return 0;} #endif /* Vista product information */ @@ -492,7 +513,7 @@ float DirSize(const char *path) { char *entry; if (directory = opendir(path), directory == NULL) { - mdebug2("Couldn't open directory '%s'.", path); + LogDebug("Couldn't open directory '%s'.", path); return -1; } @@ -550,13 +571,13 @@ int CreatePID(const char *name, int pid) fprintf(fp, "%d\n", pid); if (chmod(file, 0640) != 0) { - merror(CHMOD_ERROR, file, errno, strerror(errno)); + LogError(CHMOD_ERROR, file, errno, strerror(errno)); fclose(fp); return (-1); } if (fclose(fp)) { - merror("Could not write PID file '%s': %s (%d)", file, strerror(errno), errno); + LogError("Could not write PID file '%s': %s (%d)", file, strerror(errno), errno); return -1; } @@ -599,7 +620,7 @@ int DeletePID(const char *name) } if (unlink(file)) { - mferror(DELETE_ERROR, file, errno, strerror(errno)); + LogError(DELETE_ERROR, file, errno, strerror(errno)); return (-1); } @@ -618,7 +639,7 @@ void DeleteState() { #endif unlink(path); } else { - merror("At DeleteState(): __local_name is unset."); + LogError("At DeleteState(): __local_name is unset."); } } @@ -639,7 +660,7 @@ int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***un finalfp = wfopen(finalpath, mode == OS_BINARY ? "rb" : "r"); if (!finalfp) { - merror("Unable to read merged file: '%s' due to [(%d)-(%s)].", finalpath, errno, strerror(errno)); + LogError("Unable to read merged file: '%s' due to [(%d)-(%s)].", finalpath, errno, strerror(errno)); return (0); } @@ -681,7 +702,7 @@ int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***un // Check that final_name is inside optdir if (w_ref_parent_folder(final_name)) { - merror("Unmerging '%s': unable to unmerge '%s' (it contains '..')", finalpath, final_name); + LogError("Unmerging '%s': unable to unmerge '%s' (it contains '..')", finalpath, final_name); state_ok = 0; } } else { @@ -694,27 +715,34 @@ int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***un copy = strdup(final_name); if (mkdir_ex(dirname(copy))) { - merror("Unmerging '%s': couldn't create directory '%s'", finalpath, files); + LogError("Unmerging '%s': couldn't create directory '%s'", finalpath, files); state_ok = 0; } free(copy); /* Create temporary file */ - char tmp_file[strlen(final_name) + 7]; - snprintf(tmp_file, sizeof(tmp_file), "%sXXXXXX", final_name); + unsigned long tmp_file_size = strlen(final_name) + 7; + char *tmp_file = malloc(tmp_file_size); + if(!tmp_file){ + LogError("Unmerging '%s': could not reserve temporary memory for '%s'", finalpath, files); + state_ok = 0; + continue; + } + snprintf(tmp_file, tmp_file_size, "%sXXXXXX", final_name); if (mkstemp_ex(tmp_file) == -1) { - merror("Unmerging '%s': could not create temporary file for '%s'", finalpath, files); + LogError("Unmerging '%s': could not create temporary file for '%s'", finalpath, files); state_ok = 0; } /* Open filename */ if (state_ok) { - if (fp = wfopen(tmp_file, mode == OS_BINARY ? "wb" : "w"), !fp) { + fp = wfopen(tmp_file, mode == OS_BINARY ? "wb" : "w"); + if (!fp) { ret = 0; - merror("Unable to unmerge file '%s' due to [(%d)-(%s)].", tmp_file, errno, strerror(errno)); + LogError("Unable to unmerge file '%s' due to [(%d)-(%s)].", tmp_file, errno, strerror(errno)); } } else { fp = NULL; @@ -775,6 +803,7 @@ int UnmergeFiles(const char *finalpath, const char *optdir, int mode, char ***un os_strdup(file_name, *(*unmerged_files + file_count)); file_count++; } + free(tmp_file); } if (unmerged_files != NULL) { @@ -796,7 +825,7 @@ int TestUnmergeFiles(const char *finalpath, int mode) finalfp = wfopen(finalpath, mode == OS_BINARY ? "rb" : "r"); if (!finalfp) { - merror("Unable to read merged file: '%s'.", finalpath); + LogError("Unable to read merged file: '%s'.", finalpath); return (0); } @@ -903,25 +932,25 @@ int MergeAppendFile(FILE *finalfp, const char *files, int path_offset) } if (fp = wfopen(files, "r"), fp == NULL) { - merror("Unable to open file: '%s' due to [(%d)-(%s)].", files, errno, strerror(errno)); + LogError("Unable to open file: '%s' due to [(%d)-(%s)].", files, errno, strerror(errno)); return (0); } if (fseek(fp, 0, SEEK_END) != 0) { - merror("Unable to set EOF offset in file: '%s', due to [(%d)-(%s)].", files, errno, strerror(errno)); + LogError("Unable to set EOF offset in file: '%s', due to [(%d)-(%s)].", files, errno, strerror(errno)); fclose(fp); return (0); } files_size = ftell(fp); if (files_size == 0) { - mwarn("File '%s' is empty.", files); + LogWarn("File '%s' is empty.", files); } fprintf(finalfp, "!%ld %s\n", files_size, files + path_offset); if (fseek(fp, 0, SEEK_SET) != 0) { - merror("Unable to set the offset in file: '%s', due to [(%d)-(%s)].", files, errno, strerror(errno)); + LogError("Unable to set the offset in file: '%s', due to [(%d)-(%s)].", files, errno, strerror(errno)); fclose(fp); return (0); } @@ -936,7 +965,7 @@ int MergeAppendFile(FILE *finalfp, const char *files, int path_offset) fclose(fp); if (files_size != files_final_size) { - merror("File '%s' was modified after getting its size.", files); + LogError("File '%s' was modified after getting its size.", files); return (0); } @@ -956,7 +985,7 @@ int checkBinaryFile(const char *f_name) { fp = wfopen(f_name, "r"); if (!fp) { - merror("Unable to open file '%s' due to [(%d)-(%s)].", f_name, errno, strerror(errno)); + LogError("Unable to open file '%s' due to [(%d)-(%s)].", f_name, errno, strerror(errno)); return 1; } @@ -978,7 +1007,7 @@ int checkBinaryFile(const char *f_name) { if ((long)strlen(str) != rbytes - 1) { - mdebug2("Line contains some zero-bytes (valid=" FTELL_TT "/ total=" FTELL_TT ").", FTELL_INT64 strlen(str), FTELL_INT64 rbytes - 1); + LogDebug("Line contains some zero-bytes (valid=" FTELL_TT "/ total=" FTELL_TT ").", FTELL_INT64 strlen(str), FTELL_INT64 rbytes - 1); fclose(fp); return 1; } @@ -1000,7 +1029,7 @@ char *basename_ex(char *path) int rename_ex(const char *source, const char *destination) { if (rename(source, destination)) { - mferror(RENAME_ERROR, source, destination, errno, strerror(errno)); + LogError(RENAME_ERROR, source, destination, errno, strerror(errno)); return (-1); } @@ -1018,7 +1047,7 @@ int mkstemp_ex(char *tmp_path) umask(old_mask); if (fd == -1) { - mferror(MKSTEMP_ERROR, tmp_path, errno, strerror(errno)); + LogError(MKSTEMP_ERROR, tmp_path, errno, strerror(errno)); return (-1); } @@ -1027,10 +1056,10 @@ int mkstemp_ex(char *tmp_path) if (fchmod(fd, 0600) == -1) { close(fd); - mferror(CHMOD_ERROR, tmp_path, errno, strerror(errno)); + LogError(CHMOD_ERROR, tmp_path, errno, strerror(errno)); if (unlink(tmp_path)) { - mferror(DELETE_ERROR, tmp_path, errno, strerror(errno)); + LogError(DELETE_ERROR, tmp_path, errno, strerror(errno)); } return (-1); @@ -1089,7 +1118,7 @@ void goDaemonLight() pid = fork(); if (pid < 0) { - merror(FORK_ERROR, errno, strerror(errno)); + LogError(FORK_ERROR, errno, strerror(errno)); return; } else if (pid) { exit(0); @@ -1097,14 +1126,14 @@ void goDaemonLight() /* Become session leader */ if (setsid() < 0) { - merror(SETSID_ERROR, errno, strerror(errno)); + LogError(SETSID_ERROR, errno, strerror(errno)); return; } /* Fork again */ pid = fork(); if (pid < 0) { - merror(FORK_ERROR, errno, strerror(errno)); + LogError(FORK_ERROR, errno, strerror(errno)); return; } else if (pid) { exit(0); @@ -1112,7 +1141,8 @@ void goDaemonLight() dup2(1, 2); - nowDaemon(); + // Deleted alongside the old debugger. + // nowDaemon(); } /* Daemonize a process */ @@ -1123,7 +1153,7 @@ void goDaemon() pid = fork(); if (pid < 0) { - merror(FORK_ERROR, errno, strerror(errno)); + LogError(FORK_ERROR, errno, strerror(errno)); return; } else if (pid) { exit(0); @@ -1131,14 +1161,14 @@ void goDaemon() /* Become session leader */ if (setsid() < 0) { - merror(SETSID_ERROR, errno, strerror(errno)); + LogError(SETSID_ERROR, errno, strerror(errno)); return; } /* Fork again */ pid = fork(); if (pid < 0) { - merror(FORK_ERROR, errno, strerror(errno)); + LogError(FORK_ERROR, errno, strerror(errno)); return; } else if (pid) { exit(0); @@ -1153,7 +1183,8 @@ void goDaemon() close(fd); } - nowDaemon(); + // Deleted alongside the old debugger. + // nowDaemon(); } #else /* WIN32 */ @@ -1169,7 +1200,7 @@ int checkVista() if (bOsVersionInfoEx = GetVersionEx ((OSVERSIONINFO *) &osvi), !bOsVersionInfoEx) { osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if (!GetVersionEx((OSVERSIONINFO *)&osvi)) { - merror("Cannot get Windows version number."); + LogError("Cannot get Windows version number."); return -1; } } @@ -1208,13 +1239,13 @@ time_t get_UTC_modification_time(const char *file){ FILETIME modification_date; if (hdle = CreateFile(file, GENERIC_READ, FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL), \ hdle == INVALID_HANDLE_VALUE) { - mferror(FIM_WARN_OPEN_HANDLE_FILE, file, GetLastError()); + LogError(FIM_WARN_OPEN_HANDLE_FILE, file, GetLastError()); return 0; } if (!GetFileTime(hdle, NULL, NULL, &modification_date)) { CloseHandle(hdle); - mferror(FIM_WARN_GET_FILETIME, file, GetLastError()); + LogError(FIM_WARN_GET_FILETIME, file, GetLastError()); return 0; } @@ -1226,7 +1257,7 @@ time_t get_UTC_modification_time(const char *file){ char *basename_ex(char *path) { - return (PathFindFileNameA(path)); + return (PathFindFileNameA_(path)); } @@ -1246,7 +1277,7 @@ int rename_ex(const char *source, const char *destination) HANDLE hFile = CreateFile(destination, dwDesiredAccess, dwShareMode, NULL, dwCreationDisposition, dwFlagsAndAttributes, NULL); if (hFile == INVALID_HANDLE_VALUE) { - mferror("Could not create file (%s) which returned (%lu)", destination, GetLastError()); + LogError("Could not create file (%s) which returned (%lu)", destination, GetLastError()); return -1; } @@ -1255,7 +1286,7 @@ int rename_ex(const char *source, const char *destination) } if (!ReplaceFile(destination, source, NULL, 0, NULL, NULL)) { - mferror("Could not move (%s) to (%s) which returned (%lu)", source, destination, GetLastError()); + LogError("Could not move (%s) to (%s) which returned (%lu)", source, destination, GetLastError()); if (file_created) { // Delete the destination file as it's been created by this function. @@ -1287,7 +1318,7 @@ int mkstemp_ex(char *tmp_path) if (result = _mktemp_s(tmp_path, strlen(tmp_path) + 1), result) { - mferror("Could not create temporary file (%s) which returned %d [(%d)-(%s)].", tmp_path, result, errno, strerror(errno)); + LogError("Could not create temporary file (%s) which returned %d [(%d)-(%s)].", tmp_path, result, errno, strerror(errno)); return (-1); } @@ -1302,7 +1333,7 @@ int mkstemp_ex(char *tmp_path) ); if (!result) { - mferror("Could not create BUILTIN\\Administrators group SID which returned (%lu)", GetLastError()); + LogError("Could not create BUILTIN\\Administrators group SID which returned (%lu)", GetLastError()); goto cleanup; } @@ -1317,7 +1348,7 @@ int mkstemp_ex(char *tmp_path) ); if (!result) { - mferror("Could not create SYSTEM group SID which returned (%lu)", GetLastError()); + LogError("Could not create SYSTEM group SID which returned (%lu)", GetLastError()); goto cleanup; } @@ -1345,7 +1376,7 @@ int mkstemp_ex(char *tmp_path) dwResult = SetEntriesInAcl(2, ea, NULL, &pACL); if (dwResult != ERROR_SUCCESS) { - mferror("Could not set ACL entries which returned (%lu)", dwResult); + LogError("Could not set ACL entries which returned (%lu)", dwResult); goto cleanup; } @@ -1357,34 +1388,34 @@ int mkstemp_ex(char *tmp_path) ); if (pSD == NULL) { - mferror("Could not initialize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)", GetLastError()); + LogError("Could not initialize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)", GetLastError()); goto cleanup; } if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { - mferror("Could not initialize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)", GetLastError()); + LogError("Could not initialize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)", GetLastError()); goto cleanup; } /* Set owner */ if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) { - mferror("Could not set owner which returned (%lu)", GetLastError()); + LogError("Could not set owner which returned (%lu)", GetLastError()); goto cleanup; } /* Set group owner */ if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) { - mferror("Could not set group owner which returned (%lu)", GetLastError()); + LogError("Could not set group owner which returned (%lu)", GetLastError()); goto cleanup; } /* Add ACL to security descriptor */ if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) { - mferror("Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)", GetLastError()); + LogError("Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)", GetLastError()); goto cleanup; } @@ -1405,13 +1436,13 @@ int mkstemp_ex(char *tmp_path) ); if (h == INVALID_HANDLE_VALUE) { - mferror("Could not create temporary file (%s) which returned (%lu)", tmp_path, GetLastError()); + LogError("Could not create temporary file (%s) which returned (%lu)", tmp_path, GetLastError()); goto cleanup; } if (!CloseHandle(h)) { - mferror("Could not close file handle to (%s) which returned (%lu)", tmp_path, GetLastError()); + LogError("Could not close file handle to (%s) which returned (%lu)", tmp_path, GetLastError()); goto cleanup; } @@ -1628,18 +1659,18 @@ const char *getuname() // Read Windows Version from registry DWORD dwRet; HKEY RegistryKey; - const DWORD size = 1024; - TCHAR value[size]; - DWORD dwCount = size; + #define VALUE_SIZE 1024 + TCHAR value[VALUE_SIZE]; + DWORD dwCount = VALUE_SIZE; add_infoEx = 0; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"), 0, KEY_READ | KEY_WOW64_64KEY , &RegistryKey) != ERROR_SUCCESS) { - merror("Error opening Windows registry."); + LogError("Error opening Windows registry."); } dwRet = RegQueryValueEx(RegistryKey, TEXT("ProductName"), NULL, NULL, (LPBYTE)value, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading Windows registry. (Error %u)",(unsigned int)dwRet); strncat(ret, "Microsoft Windows undefined version", ret_size - 1); } else { @@ -1655,7 +1686,7 @@ const char *getuname() if (NULL != pGNSI) { pGNSI(&si); } else { - mwarn("It was not possible to retrieve GetNativeSystemInfo from kernek32.dll"); + LogWarn("It was not possible to retrieve GetNativeSystemInfo from kernek32.dll"); } if ( GetSystemMetrics(89) ) @@ -1846,36 +1877,36 @@ const char *getuname() memset(__wp, '\0', 64); DWORD dwRet; HKEY RegistryKey; - const DWORD size = 30; - TCHAR winver[size]; - TCHAR wincomp[size]; + #define WIN_SIZE 30 + TCHAR winver[WIN_SIZE]; + TCHAR wincomp[WIN_SIZE]; DWORD winMajor = 0; DWORD winMinor = 0; DWORD buildRevision = 0; - DWORD dwCount = size; + DWORD dwCount = WIN_SIZE; unsigned long type=REG_DWORD; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"), 0, KEY_READ | KEY_WOW64_64KEY, &RegistryKey) != ERROR_SUCCESS) { - merror("Error opening Windows registry."); + LogError("Error opening Windows registry."); } // Windows 10 dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentMajorVersionNumber"), NULL, &type, (LPBYTE)&winMajor, &dwCount); if (dwRet == ERROR_SUCCESS) { - dwCount = size; + dwCount = WIN_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentMinorVersionNumber"), NULL, &type, (LPBYTE)&winMinor, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentMinorVersionNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentMinorVersionNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { - dwCount = size; + dwCount = WIN_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentBuildNumber"), NULL, NULL, (LPBYTE)wincomp, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); snprintf(__wp, 63, " [Ver: %d.%d]", (unsigned int)winMajor, (unsigned int)winMinor); } else { - dwCount = size; + dwCount = WIN_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("UBR"), NULL, &type, (LPBYTE)&buildRevision, &dwCount); if (dwRet != ERROR_SUCCESS) { snprintf(__wp, sizeof(__wp), " [Ver: %d.%d.%s]", (unsigned int)winMajor, (unsigned int)winMinor, wincomp); @@ -1900,18 +1931,18 @@ const char *getuname() else { dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentVersion"), NULL, NULL, (LPBYTE)winver, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'Current Version' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'Current Version' from Windows registry. (Error %u)",(unsigned int)dwRet); snprintf(__wp, 63, " [Ver: 6.2]"); } else { - dwCount = size; + dwCount = WIN_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentBuildNumber"), NULL, NULL, (LPBYTE)wincomp, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); snprintf(__wp, 63, " [Ver: 6.2]"); } else { - dwCount = size; + dwCount = WIN_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("UBR"), NULL, &type, (LPBYTE)&buildRevision, &dwCount); if (dwRet != ERROR_SUCCESS) { snprintf(__wp, sizeof(__wp), " [Ver: %s.%s]", winver,wincomp); @@ -2004,7 +2035,7 @@ void w_ch_exec_dir() { } /* Remove file name from path */ - PathRemoveFileSpec(path); + PathRemoveFileSpec_(path); /* Move to correct directory */ if (chdir(path)) { @@ -2030,17 +2061,17 @@ FILE * w_fopen_r(const char *file, const char * mode, BY_HANDLE_FILE_INFORMATION } if (GetFileInformationByHandle(h, lpFileInformation) == 0) { - merror(FILE_ERROR, file); + LogError(FILE_ERROR, file); } if (fd = _open_osfhandle((intptr_t)h, 0), fd == -1) { - merror(FOPEN_ERROR, file, errno, strerror(errno)); + LogError(FOPEN_ERROR, file, errno, strerror(errno)); CloseHandle(h); return NULL; } if (fp = _fdopen(fd, mode), fp == NULL) { - merror(FOPEN_ERROR, file, errno, strerror(errno)); + LogError(FOPEN_ERROR, file, errno, strerror(errno)); CloseHandle(h); return NULL; } @@ -2099,11 +2130,11 @@ char **expand_win32_wildcards(const char *path) { if (hFind == INVALID_HANDLE_VALUE) { long unsigned errcode = GetLastError(); if (errcode == 2) { - mdebug2("No file that matches %s.", pattern); + LogDebug("No file that matches %s.", pattern); } else if (errcode == 3) { - mdebug2("No folder that matches %s.", pattern); + LogDebug("No folder that matches %s.", pattern); } else { - mdebug2("FindFirstFile failed (%lu) - '%s'\n", errcode, pattern); + LogDebug("FindFirstFile failed (%lu) - '%s'\n", errcode, pattern); } os_free(pattern); @@ -2202,7 +2233,9 @@ int cldir_ex_ignore(const char * name, const char ** ignore) { while (dirent = readdir(dir), dirent) { // Skip "." and ".." - if ((dirent->d_name[0] == '.' && (dirent->d_name[1] == '\0' || (dirent->d_name[1] == '.' && dirent->d_name[2] == '\0'))) || w_str_in_array(dirent->d_name, ignore)) { + // TODO: replace function w_str_in_array + // if ((dirent->d_name[0] == '.' && (dirent->d_name[1] == '\0' || (dirent->d_name[1] == '.' && dirent->d_name[2] == '\0'))) || w_str_in_array(dirent->d_name, ignore)) { + if (dirent->d_name[0] == '.' && (dirent->d_name[1] == '\0' || (dirent->d_name[1] == '.' && dirent->d_name[2] == '\0'))) { continue; } @@ -2252,7 +2285,7 @@ int TempFile(File *file, const char *source, int copy) { return -1; } } else { - mdebug1(FSTAT_ERROR, source, errno, strerror(errno)); + LogDebug(FSTAT_ERROR, source, errno, strerror(errno)); } #endif @@ -2315,19 +2348,19 @@ int OS_MoveFile(const char *src, const char *dst) { return 0; } - mdebug1("Couldn't rename %s: %s", dst, strerror(errno)); + LogDebug("Couldn't rename %s: %s", dst, strerror(errno)); fp_src = wfopen(src, "r"); if (!fp_src) { - merror("Couldn't open file '%s'", src); + LogError("Couldn't open file '%s'", src); return -1; } fp_dst = wfopen(dst, "w"); if (!fp_dst) { - merror("Couldn't open file '%s'", dst); + LogError("Couldn't open file '%s'", dst); fclose(fp_src); unlink(src); return -1; @@ -2337,7 +2370,7 @@ int OS_MoveFile(const char *src, const char *dst) { count_r = fread(buffer, 1, 4096, fp_src); if (ferror(fp_src)) { - merror("Couldn't read file '%s'", src); + LogError("Couldn't read file '%s'", src); status = -1; break; } @@ -2345,7 +2378,7 @@ int OS_MoveFile(const char *src, const char *dst) { count_w = fwrite(buffer, 1, count_r, fp_dst); if (count_w != count_r || ferror(fp_dst)) { - merror("Couldn't write file '%s'", dst); + LogError("Couldn't write file '%s'", dst); status = -1; break; } @@ -2369,7 +2402,7 @@ int w_copy_file(const char *src, const char *dst, char mode, char * message, int if (!fp_src) { if(!silent) { - merror("At w_copy_file(): Couldn't open file '%s'", src); + LogError("At w_copy_file(): Couldn't open file '%s'", src); } return -1; } @@ -2385,7 +2418,7 @@ int w_copy_file(const char *src, const char *dst, char mode, char * message, int if (!fp_dst) { if (!silent) { - merror("At w_copy_file(): Couldn't open file '%s'", dst); + LogError("At w_copy_file(): Couldn't open file '%s'", dst); } fclose(fp_src); return -1; @@ -2398,7 +2431,7 @@ int w_copy_file(const char *src, const char *dst, char mode, char * message, int if (count_w != count_r || ferror(fp_dst)) { if (!silent) { - merror("Couldn't write file '%s'", dst); + LogError("Couldn't write file '%s'", dst); } status = -1; fclose(fp_src); @@ -2412,7 +2445,7 @@ int w_copy_file(const char *src, const char *dst, char mode, char * message, int if (ferror(fp_src)) { if (!silent) { - merror("Couldn't read file '%s'", src); + LogError("Couldn't read file '%s'", src); } status = -1; break; @@ -2422,7 +2455,7 @@ int w_copy_file(const char *src, const char *dst, char mode, char * message, int if (count_w != count_r || ferror(fp_dst)) { if (!silent) { - merror("Couldn't write file '%s'", dst); + LogError("Couldn't write file '%s'", dst); } status = -1; break; @@ -2454,7 +2487,7 @@ int mkdir_ex(const char * path) { switch (errno) { case EEXIST: if (IsDir(temp) < 0) { - merror("Couldn't make dir '%s': not a directory.", temp); + LogError("Couldn't make dir '%s': not a directory.", temp); free(temp); return -1; } @@ -2465,7 +2498,7 @@ int mkdir_ex(const char * path) { break; default: - merror("Couldn't make dir '%s': %s", temp, strerror(errno)); + LogError("Couldn't make dir '%s': %s", temp, strerror(errno)); free(temp); return -1; } @@ -2480,7 +2513,7 @@ int mkdir_ex(const char * path) { switch (errno) { case EEXIST: if (IsDir(path) < 0) { - merror("Couldn't make dir '%s': not a directory.", path); + LogError("Couldn't make dir '%s': not a directory.", path); return -1; } @@ -2490,7 +2523,7 @@ int mkdir_ex(const char * path) { break; default: - merror("Couldn't make dir '%s': %s", path, strerror(errno)); + LogError("Couldn't make dir '%s': %s", path, strerror(errno)); return -1; } } @@ -2704,7 +2737,7 @@ char ** wreaddir(const char * name) { os_realloc(files, (i + 2) * sizeof(char *), files); if(!files){ - merror_exit(MEM_ERROR, errno, strerror(errno)); + LogCritical(MEM_ERROR, errno, strerror(errno)); } files[i++] = strdup(dirent->d_name); } @@ -2806,7 +2839,7 @@ int w_compress_gzfile(const char *filesrc, const char *filedst) { /* Read file */ fd = wfopen(filesrc, "rb"); if (!fd) { - merror("in w_compress_gzfile(): fopen error %s (%d):'%s'", + LogError("in w_compress_gzfile(): fopen error %s (%d):'%s'", filesrc, errno, strerror(errno)); @@ -2817,7 +2850,7 @@ int w_compress_gzfile(const char *filesrc, const char *filedst) { gz_fd = gzopen(filedst, "w"); if (!gz_fd) { fclose(fd); - merror("in w_compress_gzfile(): gzopen error %s (%d):'%s'", + LogError("in w_compress_gzfile(): gzopen error %s (%d):'%s'", filedst, errno, strerror(errno)); @@ -2832,7 +2865,7 @@ int w_compress_gzfile(const char *filesrc, const char *filedst) { } if (gzwrite(gz_fd, buf, (unsigned)len) != len) { - merror("in w_compress_gzfile(): Compression error: %s", + LogError("in w_compress_gzfile(): Compression error: %s", gzerror(gz_fd, &err)); fclose(fd); gzclose(gz_fd); @@ -2871,7 +2904,7 @@ int w_uncompress_gzfile(const char *gzfilesrc, const char *gzfiledst) { /* Read file */ fd = wfopen(gzfiledst, "wb"); if (!fd) { - merror("in w_uncompress_gzfile(): fopen error %s (%d):'%s'", + LogError("in w_uncompress_gzfile(): fopen error %s (%d):'%s'", gzfiledst, errno, strerror(errno)); @@ -2881,7 +2914,7 @@ int w_uncompress_gzfile(const char *gzfilesrc, const char *gzfiledst) { /* Open compressed file */ gz_fd = gzopen(gzfilesrc, "rb"); if (!gz_fd) { - merror("in w_uncompress_gzfile(): gzopen error %s (%d):'%s'", + LogError("in w_uncompress_gzfile(): gzopen error %s (%d):'%s'", gzfilesrc, errno, strerror(errno)); @@ -2902,7 +2935,7 @@ int w_uncompress_gzfile(const char *gzfilesrc, const char *gzfiledst) { if (!gzeof(gz_fd)) { const char * gzerr = gzerror(gz_fd, &err); if (err) { - merror("in w_uncompress_gzfile(): gzread error: '%s'", gzerr); + LogError("in w_uncompress_gzfile(): gzread error: '%s'", gzerr); fclose(fd); gzclose(gz_fd); os_free(buf); @@ -2930,7 +2963,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int fp = wfopen(file, "r"); if (!fp) { - mdebug1(OPEN_UNABLE, file); + LogDebug(OPEN_UNABLE, file); retval = 1; goto end; } @@ -2982,7 +3015,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int /* Check for UTF-8 BOM */ if (b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF) { if (fseek(fp, -1, SEEK_CUR) != 0) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -2990,7 +3023,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int /* Valid ASCII */ if (b[0] == 0x09 || b[0] == 0x0A || b[0] == 0x0D || (0x20 <= b[0] && b[0] <= 0x7E)) { if (fseek(fp, -nbytes + 1, SEEK_CUR) != 0) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -2999,7 +3032,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int if (b[0] >= 0xC2 && b[0] <= 0xDF) { if (b[1] >= 0x80 && b[1] <= 0xBF) { if (fseek(fp, -2, SEEK_CUR) != 0) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -3010,7 +3043,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int if ( b[1] >= 0xA0 && b[1] <= 0xBF) { if ( b[2] >= 0x80 && b[2] <= 0xBF ) { if (fseek(fp, -1, SEEK_CUR) != 0 ) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -3022,7 +3055,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int if (b[1] >= 0x80 && b[1] <= 0xBF) { if (b[2] >= 0x80 && b[2] <= 0xBF) { if (fseek(fp, -1, SEEK_CUR) != 0 ) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -3034,7 +3067,7 @@ int is_ascii_utf8(const char * file, unsigned int max_lines_ascii, unsigned int if ( b[1] >= 0x80 && b[1] <= 0x9F) { if ( b[2] >= 0x80 && b[2] <= 0xBF) { if (fseek(fp, -1, SEEK_CUR) != 0 ) { - merror(FSEEK_ERROR, file, errno, strerror(errno)); + LogError(FSEEK_ERROR, file, errno, strerror(errno)); } goto next; } @@ -3099,7 +3132,7 @@ int is_usc2(const char * file) { fp = wfopen(file, "r"); if (!fp) { - mdebug1(OPEN_UNABLE, file); + LogDebug(OPEN_UNABLE, file); retval = 1; goto end; } @@ -3143,10 +3176,10 @@ DWORD FileSizeWin(const char * file) { FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (h1 == INVALID_HANDLE_VALUE) { - merror(FILE_ERROR, file); + LogError(FILE_ERROR, file); } else if (GetFileInformationByHandle(h1, &lpFileInfo) == 0) { CloseHandle(h1); - merror(FILE_ERROR, file); + LogError(FILE_ERROR, file); } else { CloseHandle(h1); return lpFileInfo.nFileSizeHigh + lpFileInfo.nFileSizeLow; @@ -3167,7 +3200,7 @@ float DirSize(const char *path) { sprintf(sPath, "%s\\*.*", path); if ((hFind = FindFirstFile(sPath, &fdFile)) == INVALID_HANDLE_VALUE) { - merror(FILE_ERROR, path); + LogError(FILE_ERROR, path); return 0; } @@ -3205,7 +3238,7 @@ int64_t w_ftell(FILE *x) { #endif if (z < 0) { - merror("Ftell function failed due to [(%d)-(%s)]", errno, strerror(errno)); + LogError("Ftell function failed due to [(%d)-(%s)]", errno, strerror(errno)); return -1; } else { return z; @@ -3220,7 +3253,7 @@ int w_fseek(FILE *x, int64_t pos, int mode) { int64_t z = fseeko64(x, pos, mode); #endif if (z < 0) { - mwarn("Fseek function failed due to [(%d)-(%s)]", errno, strerror(errno)); + LogWarn("Fseek function failed due to [(%d)-(%s)]", errno, strerror(errno)); return -1; } else { return z; @@ -3228,17 +3261,17 @@ int w_fseek(FILE *x, int64_t pos, int mode) { } /* Prevent children processes from inheriting a file pointer */ -void w_file_cloexec(__attribute__((unused)) FILE * fp) { +void w_file_cloexec(ATTR_UNUSED FILE * fp) { #ifndef WIN32 w_descriptor_cloexec(fileno(fp)); #endif } /* Prevent children processes from inheriting a file descriptor */ -void w_descriptor_cloexec(__attribute__((unused)) int fd){ +void w_descriptor_cloexec(ATTR_UNUSED int fd){ #ifndef WIN32 if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { - mwarn("Cannot set close-on-exec flag to the descriptor: %s (%d)", strerror(errno), errno); + LogWarn("Cannot set close-on-exec flag to the descriptor: %s (%d)", strerror(errno), errno); } #endif } @@ -3327,25 +3360,25 @@ char * w_get_file_content(const char * path, unsigned long max_size) { // Check if path is NULL if (path == NULL) { - mdebug1("Cannot open NULL path"); + LogDebug("Cannot open NULL path"); goto end; } // Load file if (fp = wfopen(path, "r"), !fp) { - mdebug1(FOPEN_ERROR, path, errno, strerror(errno)); + LogDebug(FOPEN_ERROR, path, errno, strerror(errno)); goto end; } // Get file size if (size = get_fp_size(fp), size < 0) { - mdebug1(FSEEK_ERROR, path, errno, strerror(errno)); + LogDebug(FSEEK_ERROR, path, errno, strerror(errno)); goto end; } // Check file size limit if ((unsigned long)size > max_size) { - mdebug1("Cannot load file '%s': it exceeds %ld MiB", path, (max_size / (1024 * 1024))); + LogDebug("Cannot load file '%s': it exceeds %ld MiB", path, (max_size / (1024 * 1024))); goto end; } @@ -3354,7 +3387,7 @@ char * w_get_file_content(const char * path, unsigned long max_size) { // Get file content if (read = fread(buffer, 1, size, fp), read != (size_t)size && !feof(fp)) { - mdebug1(FREAD_ERROR, path, errno, strerror(errno)); + LogDebug(FREAD_ERROR, path, errno, strerror(errno)); os_free(buffer); goto end; } @@ -3375,13 +3408,13 @@ FILE * w_get_file_pointer(const char * path) { // Check if path is NULL if (path == NULL) { - mdebug1("Cannot open NULL path"); + LogDebug("Cannot open NULL path"); return NULL; } // Load file if (fp = wfopen(path, "r"), !fp) { - mdebug1(FOPEN_ERROR, path, errno, strerror(errno)); + LogDebug(FOPEN_ERROR, path, errno, strerror(errno)); return NULL; } @@ -3449,25 +3482,30 @@ char *w_homedir(char *arg) { #ifdef __MACH__ pid_t pid = getpid(); if (proc_pidpath(pid, buff, PATH_MAX) > 0) { - buff = w_strtok_r_str_delim(delim, &buff); + // TODO: replace function w_strtok_r_str_delim + //buff = w_strtok_r_str_delim(delim, &buff); } #else if (realpath("/proc/self/exe", buff) != NULL) { dirname(buff); - buff = w_strtok_r_str_delim(delim, &buff); + // TODO: replace function w_strtok_r_str_delim + //buff = w_strtok_r_str_delim(delim, &buff); } else if (realpath("/proc/curproc/file", buff) != NULL) { dirname(buff); - buff = w_strtok_r_str_delim(delim, &buff); + // TODO: replace function w_strtok_r_str_delim + //buff = w_strtok_r_str_delim(delim, &buff); } else if (realpath("/proc/self/path/a.out", buff) != NULL) { dirname(buff); - buff = w_strtok_r_str_delim(delim, &buff); + // TODO: replace function w_strtok_r_str_delim + //buff = w_strtok_r_str_delim(delim, &buff); } #endif else if (realpath(arg, buff) != NULL) { dirname(buff); - buff = w_strtok_r_str_delim(delim, &buff); + // TODO: replace function w_strtok_r_str_delim + //buff = w_strtok_r_str_delim(delim, &buff); } else { // The path was not found so read WAZUH_HOME env var char * home_env = NULL; @@ -3478,7 +3516,7 @@ char *w_homedir(char *arg) { if ((stat(buff, &buff_stat) < 0) || !S_ISDIR(buff_stat.st_mode)) { os_free(buff); - merror_exit(HOME_ERROR); + LogCritical(HOME_ERROR); } return buff; diff --git a/src/common/file_op/tests/unit/tests/test_file_op.c b/src/common/file_op/tests/unit/tests/test_file_op.c index 795ea17738..fea8fbdc71 100644 --- a/src/common/file_op/tests/unit/tests/test_file_op.c +++ b/src/common/file_op/tests/unit/tests/test_file_op.c @@ -709,7 +709,7 @@ void test_get_file_content(void **state) void test_get_file_pointer_NULL(void **state) { const char * path = NULL; - + expect_string(__wrap__mdebug1, formatted_msg, "Cannot open NULL path"); FILE * fp = w_get_file_pointer(path); diff --git a/src/common/filesystem_wrapper/CMakeLists.txt b/src/common/filesystem_wrapper/CMakeLists.txt new file mode 100644 index 0000000000..69809e8fb1 --- /dev/null +++ b/src/common/filesystem_wrapper/CMakeLists.txt @@ -0,0 +1,19 @@ +cmake_minimum_required(VERSION 3.22) + +set(CMAKE_TOOLCHAIN_FILE "${CMAKE_SOURCE_DIR}/../../vcpkg/scripts/buildsystems/vcpkg.cmake") +set(VCPKG_MANIFEST_DIR ${CMAKE_SOURCE_DIR}/../../) + +project(FilesystemWrapper) + +include(../../cmake/CommonSettings.cmake) +set_common_settings() + +add_library(FilesystemWrapper STATIC + src/filesystem_wrapper.cpp +) + +target_include_directories(FilesystemWrapper PUBLIC include) +target_link_libraries(FilesystemWrapper PUBLIC utils) + +include(../../cmake/ConfigureTarget.cmake) +configure_target(FilesystemWrapper) diff --git a/src/common/filesystem_wrapper/include/filesystem_wrapper.hpp b/src/common/filesystem_wrapper/include/filesystem_wrapper.hpp new file mode 100644 index 0000000000..5aea65670c --- /dev/null +++ b/src/common/filesystem_wrapper/include/filesystem_wrapper.hpp @@ -0,0 +1,50 @@ +#pragma once + +#include +#include + +namespace filesystem_wrapper +{ + /// @brief A wrapper class for file system operations, implementing the IFileSystem interface. + /// + /// This class provides methods for file system operations such as checking if a file exists, + /// removing directories, creating directories, and renaming files, among others. It is designed + /// to be used as a concrete implementation of the IFileSystem interface, encapsulating the actual + /// file system operations. + class FileSystemWrapper : public IFileSystem { + public: + /// @brief Checks if the specified path exists in the file system. + /// @param path The path to check. + /// @return Returns true if the path exists, otherwise false. + bool exists(const std::filesystem::path& path) const override; + + /// @brief Checks if the specified path is a directory. + /// @param path The path to check. + /// @return Returns true if the path is a directory, otherwise false. + bool is_directory(const std::filesystem::path& path) const override; + + /// @brief Removes all files and subdirectories in the specified directory. + /// @param path The directory path to remove. + /// @return Returns the number of files and directories removed. + std::uintmax_t remove_all(const std::filesystem::path& path) override; + + /// @brief Retrieves the system's temporary directory path. + /// @return Returns the path of the system's temporary directory. + std::filesystem::path temp_directory_path() const override; + + /// @brief Creates a new directory at the specified path. + /// @param path The path of the directory to create. + /// @return Returns true if the directory was successfully created, otherwise false. + bool create_directories(const std::filesystem::path& path) override; + + /// @brief Renames a file or directory from the 'from' path to the 'to' path. + /// @param from The current path of the file or directory. + /// @param to The new path for the file or directory. + void rename(const std::filesystem::path& from, const std::filesystem::path& to) override; + + /// @brief Removes the specified file or directory. + /// @param path The file or directory to remove. + /// @return Returns true if the file or directory was successfully removed, otherwise false. + bool remove(const std::filesystem::path& path) override; + }; +} diff --git a/src/common/filesystem_wrapper/include/ifilesystem.hpp b/src/common/filesystem_wrapper/include/ifilesystem.hpp new file mode 100644 index 0000000000..04a4b48782 --- /dev/null +++ b/src/common/filesystem_wrapper/include/ifilesystem.hpp @@ -0,0 +1,51 @@ +#pragma once + +#include + +/// @brief Interface for file system operations. +/// +/// This interface defines a set of file system operations such as checking if a file exists, +/// removing files or directories, creating directories, and renaming files. Any concrete class +/// that implements this interface will be expected to provide the actual functionality for these +/// operations. This allows for abstraction and easier testing or swapping of file system implementations. +class IFileSystem { +public: + /// @brief Virtual destructor for IFileSystem. + /// + /// Ensures that any derived classes with their own resources are correctly cleaned up. + virtual ~IFileSystem() = default; + + /// @brief Checks if the specified path exists in the file system. + /// @param path The path to check. + /// @return Returns true if the path exists, otherwise false. + virtual bool exists(const std::filesystem::path& path) const = 0; + + /// @brief Checks if the specified path is a directory. + /// @param path The path to check. + /// @return Returns true if the path is a directory, otherwise false. + virtual bool is_directory(const std::filesystem::path& path) const = 0; + + /// @brief Removes all files and subdirectories in the specified directory. + /// @param path The directory path to remove. + /// @return Returns the number of files and directories removed. + virtual std::uintmax_t remove_all(const std::filesystem::path& path) = 0; + + /// @brief Retrieves the system's temporary directory path. + /// @return Returns the path of the system's temporary directory. + virtual std::filesystem::path temp_directory_path() const = 0; + + /// @brief Creates a new directory at the specified path. + /// @param path The path of the directory to create. + /// @return Returns true if the directory was successfully created, otherwise false. + virtual bool create_directories(const std::filesystem::path& path) = 0; + + /// @brief Renames a file or directory from the 'from' path to the 'to' path. + /// @param from The current path of the file or directory. + /// @param to The new path for the file or directory. + virtual void rename(const std::filesystem::path& from, const std::filesystem::path& to) = 0; + + /// @brief Removes the specified file or directory. + /// @param path The file or directory to remove. + /// @return Returns true if the file or directory was successfully removed, otherwise false. + virtual bool remove(const std::filesystem::path& path) = 0; +}; diff --git a/src/common/filesystem_wrapper/src/filesystem_wrapper.cpp b/src/common/filesystem_wrapper/src/filesystem_wrapper.cpp new file mode 100644 index 0000000000..5ffe3c2d5c --- /dev/null +++ b/src/common/filesystem_wrapper/src/filesystem_wrapper.cpp @@ -0,0 +1,41 @@ +#include +#include + + +namespace filesystem_wrapper +{ + bool FileSystemWrapper::exists(const std::filesystem::path& path) const + { + return std::filesystem::exists(path); + } + + bool FileSystemWrapper::is_directory(const std::filesystem::path& path) const + { + return std::filesystem::is_directory(path); + } + + std::uintmax_t FileSystemWrapper::remove_all(const std::filesystem::path& path) + { + return std::filesystem::remove_all(path); + } + + std::filesystem::path FileSystemWrapper::temp_directory_path() const + { + return std::filesystem::temp_directory_path(); + } + + bool FileSystemWrapper::create_directories(const std::filesystem::path& path) + { + return std::filesystem::create_directories(path); + } + + void FileSystemWrapper::rename(const std::filesystem::path& from, const std::filesystem::path& to) + { + std::filesystem::rename(from, to); + } + + bool FileSystemWrapper::remove(const std::filesystem::path& path) + { + return std::filesystem::remove(path); + } +} diff --git a/src/common/fs_op/src/fs_op.c b/src/common/fs_op/src/fs_op.c index eb7f920af3..7cc23176ca 100755 --- a/src/common/fs_op/src/fs_op.c +++ b/src/common/fs_op/src/fs_op.c @@ -83,12 +83,12 @@ short IsNFS(const char *dir_name) /* If the file exists, throw an error and retreat! If the file does not exist, there * is no reason to spam the log with these errors. */ if(errno != ENOENT) { - merror("statfs('%s') produced error: %s", dir_name, strerror(errno)); + LogError("statfs('%s') produced error: %s", dir_name, strerror(errno)); } return(-1); } #else - mdebug2("Attempted to check NFS status for '%s', but we don't know how on this OS.", dir_name); + LogDebug("Attempted to check NFS status for '%s', but we don't know how on this OS.", dir_name); #endif return(0); } @@ -103,7 +103,7 @@ short skipFS(const char *dir_name) int i; for ( i=0; skip_file_systems[i].name != NULL; i++ ) { if(skip_file_systems[i].f_type == stfs.f_type ) { - mdebug1("Skipping dir (FS %s): %s ", skip_file_systems[i].name, dir_name); + LogDebug("Skipping dir (FS %s): %s ", skip_file_systems[i].name, dir_name); return skip_file_systems[i].flag; } } @@ -114,12 +114,12 @@ short skipFS(const char *dir_name) /* If the file exists, throw an error and retreat! If the file does not exist, there * is no reason to spam the log with these errors. */ if(errno != ENOENT) { - merror("statfs('%s') produced error: %s", dir_name, strerror(errno)); + LogError("statfs('%s') produced error: %s", dir_name, strerror(errno)); } return(-1); } #else - mdebug2("Attempted to check FS status for '%s', but we don't know how on this OS.", dir_name); + LogDebug("Attempted to check FS status for '%s', but we don't know how on this OS.", dir_name); #endif return(0); } @@ -129,7 +129,7 @@ bool HasFilesystem(__attribute__((unused))const char * path, __attribute__((unus struct statfs stfs; if (statfs(path, &stfs) == -1) { - mdebug2("statfs(%s): %s", path, strerror(errno)); + LogDebug("statfs(%s): %s", path, strerror(errno)); return false; } diff --git a/src/common/globHelper/tests/main.cpp b/src/common/globHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/globHelper/tests/main.cpp +++ b/src/common/globHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/hashHelper/CMakeLists.txt b/src/common/hashHelper/CMakeLists.txt index fd8f24c852..99869a08c3 100644 --- a/src/common/hashHelper/CMakeLists.txt +++ b/src/common/hashHelper/CMakeLists.txt @@ -1,5 +1,3 @@ -cmake_minimum_required(VERSION 3.12.4) +add_library(hashHelper INTERFACE) -if(UNIT_TEST) - add_subdirectory(tests) -endif() +target_include_directories(hashHelper INTERFACE include) diff --git a/src/common/hashHelper/include/hashHelper.h b/src/common/hashHelper/include/hashHelper.h index c210be9b75..ef442dbdaf 100644 --- a/src/common/hashHelper/include/hashHelper.h +++ b/src/common/hashHelper/include/hashHelper.h @@ -107,6 +107,14 @@ namespace Utils } static void initializeContext(const HashType hashType, std::unique_ptr& spCtx) { + static auto cryptoInitialized { false }; + + if (!cryptoInitialized) + { + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_NO_ATEXIT, nullptr); + cryptoInitialized = true; + } + auto ret{0}; switch (hashType) @@ -148,9 +156,9 @@ namespace Utils HashData hash; while (inputFile.read(buffer.data(), buffer.size())) { - hash.update(buffer.data(), inputFile.gcount()); + hash.update(buffer.data(), static_cast(inputFile.gcount())); } - hash.update(buffer.data(), inputFile.gcount()); + hash.update(buffer.data(), static_cast(inputFile.gcount())); return hash.hash(); } diff --git a/src/common/hashHelper/tests/hashHelper_test.h b/src/common/hashHelper/tests/hashHelper_test.h index fe2b2da3a5..726d1d1f45 100644 --- a/src/common/hashHelper/tests/hashHelper_test.h +++ b/src/common/hashHelper/tests/hashHelper_test.h @@ -24,4 +24,5 @@ class HashHelperTest : public ::testing::Test void SetUp() override; void TearDown() override; }; -#endif //HASH_HELPER_TESTS_H \ No newline at end of file + +#endif //HASH_HELPER_TESTS_H diff --git a/src/common/hashHelper/tests/main.cpp b/src/common/hashHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/hashHelper/tests/main.cpp +++ b/src/common/hashHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/hash_op/src/hash_op.c b/src/common/hash_op/src/hash_op.c index 690a3850c2..f0f952b122 100644 --- a/src/common/hash_op/src/hash_op.c +++ b/src/common/hash_op/src/hash_op.c @@ -273,7 +273,7 @@ int _OSHash_Add(OSHash *self, const char *key, void *data, int update) /* Create new node */ new_node = (OSHashNode *) calloc(1, sizeof(OSHashNode)); if (!new_node) { - mdebug1("hash_op: calloc() failed!"); + LogDebug("hash_op: calloc() failed!"); return (0); } new_node->next = NULL; @@ -282,7 +282,7 @@ int _OSHash_Add(OSHash *self, const char *key, void *data, int update) new_node->key = strdup(key); if ( new_node->key == NULL ) { free(new_node); - mdebug1("hash_op: strdup() failed!"); + LogDebug("hash_op: strdup() failed!"); return (0); } diff --git a/src/common/json_op/src/json_op.c b/src/common/json_op/src/json_op.c index 6175f51eb5..d2c8dbd75e 100644 --- a/src/common/json_op/src/json_op.c +++ b/src/common/json_op/src/json_op.c @@ -17,17 +17,17 @@ cJSON * json_fread(const char * path, char retry) { const char *jsonErrPtr; if (buffer = w_get_file_content(path, JSON_MAX_FSIZE), !buffer) { - mdebug1("Cannot get the content of the file: %s", path); + LogDebug("Cannot get the content of the file: %s", path); return NULL; } if (item = cJSON_ParseWithOpts(buffer, &jsonErrPtr, 0), !item) { if (retry) { - mdebug1("Couldn't parse JSON file '%s'. Trying to clear comments.", path); + LogDebug("Couldn't parse JSON file '%s'. Trying to clear comments.", path); json_strip(buffer); if (item = cJSON_ParseWithOpts(buffer, &jsonErrPtr, 0), !item) { - mdebug1("Couldn't parse JSON file '%s'.", path); + LogDebug("Couldn't parse JSON file '%s'.", path); } } } @@ -43,19 +43,19 @@ int json_fwrite(const char * path, const cJSON * item) { int retval = -1; if (buffer = cJSON_PrintUnformatted(item), !buffer) { - mdebug1("Internal error dumping JSON into file '%s'", path); + LogDebug("Internal error dumping JSON into file '%s'", path); return -1; } size = strlen(buffer); if (fp = wfopen(path, "w"), !fp) { - mdebug1(FOPEN_ERROR, path, errno, strerror(errno)); + LogDebug(FOPEN_ERROR, path, errno, strerror(errno)); goto end; } if (fwrite(buffer, 1, size, fp) != size) { - mdebug1("Couldn't write JSON into '%s': %s (%d)", path, strerror(errno), errno); + LogDebug("Couldn't write JSON into '%s': %s (%d)", path, strerror(errno), errno); goto end; } diff --git a/src/common/linuxHelper/tests/main.cpp b/src/common/linuxHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/linuxHelper/tests/main.cpp +++ b/src/common/linuxHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/list_op/src/list_op.c b/src/common/list_op/src/list_op.c index 4e916eb49b..0148100d44 100644 --- a/src/common/list_op/src/list_op.c +++ b/src/common/list_op/src/list_op.c @@ -174,7 +174,7 @@ void OSList_DeleteOldestNode(OSList *list) free(list->first_node); list->first_node = next; } else { - merror("No Oldest node to delete"); + LogError("No Oldest node to delete"); } w_mutex_unlock((pthread_mutex_t *)&list->mutex); w_rwlock_unlock((pthread_rwlock_t *)&list->wr_mutex); @@ -291,7 +291,7 @@ void *OSList_AddData(OSList *list, void *data) /* Allocate memory for new node */ newnode = (OSListNode *) calloc(1, sizeof(OSListNode)); if (!newnode) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); w_mutex_unlock((pthread_mutex_t *)&list->mutex); w_rwlock_unlock((pthread_rwlock_t *)&list->wr_mutex); return NULL; @@ -458,7 +458,7 @@ static int _OSList_InsertData(OSList *list, OSListNode *node, void *data) { newnode = (OSListNode *) calloc(1, sizeof(OSListNode)); if (newnode == NULL) { // LCOV_EXCL_START - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); return 1; // LCOV_EXCL_STOP } diff --git a/src/common/logger/CMakeLists.txt b/src/common/logger/CMakeLists.txt index c39d39dfbc..9decba13bb 100644 --- a/src/common/logger/CMakeLists.txt +++ b/src/common/logger/CMakeLists.txt @@ -8,31 +8,26 @@ project(Logger) include(../../cmake/CommonSettings.cmake) set_common_settings() -find_package(fmt REQUIRED) find_package(spdlog REQUIRED) set(LIBRARIES spdlog::spdlog - fmt::fmt ) if(UNIX AND NOT APPLE) find_package(PkgConfig REQUIRED) - pkg_check_modules(SYSTEMD REQUIRED libsystemd) - list(APPEND LIBRARIES ${SYSTEMD_LIBRARIES}) + list(APPEND LIBRARIES) endif() if(WIN32) set(SOURCES src/logger_win.cpp) -elseif(APPLE) - set(SOURCES src/logger_macos.cpp) -elseif(UNIX) - set(SOURCES src/logger_linux.cpp) +else() + set(SOURCES src/logger_unix.cpp) endif() add_library(Logger ${SOURCES}) -target_include_directories(Logger PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/include) -target_link_libraries(Logger PUBLIC ${LIBRARIES}) +target_include_directories(Logger PUBLIC include) +target_link_libraries(Logger PUBLIC ${LIBRARIES} utils) include(../../cmake/ConfigureTarget.cmake) configure_target(Logger) diff --git a/src/common/logger/include/logger.hpp b/src/common/logger/include/logger.hpp index c9508ad921..06bce99707 100644 --- a/src/common/logger/include/logger.hpp +++ b/src/common/logger/include/logger.hpp @@ -1,32 +1,65 @@ #pragma once -#include +#include +// Extract file name from path (inline function for C++ and macro for C) +#ifdef __cplusplus #include - inline const char* GetFileName(const char* path) { const char* file = strrchr(path, '/'); return file ? file + 1 : path; } +#else +#define GetFileName(path) (strrchr((path), '/') ? strrchr((path), '/') + 1 : (path)) +#endif #define LOG_FILE_NAME GetFileName(__FILE__) -#define LogTrace(message, ...) \ - spdlog::trace("[TRACE] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) -#define LogDebug(message, ...) \ - spdlog::debug("[DEBUG] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) -#define LogInfo(message, ...) \ - spdlog::info("[INFO] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) -#define LogWarn(message, ...) \ - spdlog::warn("[WARN] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) -#define LogError(message, ...) \ - spdlog::error("[ERROR] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) -#define LogCritical(message, ...) \ - spdlog::critical("[CRITICAL] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#ifdef __cplusplus +extern "C" { +#endif + +#define LOG_BUFFER_SIZE 1024 // Buffer size for formatted log messages + +void LogTrace_C(const char* file, int line, const char* func, const char* message, ...); +void LogDebug_C(const char* file, int line, const char* func, const char* message, ...); +void LogInfo_C(const char* file, int line, const char* func, const char* message, ...); +void LogWarn_C(const char* file, int line, const char* func, const char* message, ...); +void LogError_C(const char* file, int line, const char* func, const char* message, ...); +void LogCritical_C(const char* file, int line, const char* func, const char* message, ...); + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus + +#include + +#define LogTrace(message, ...) spdlog::trace("[TRACE] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#define LogDebug(message, ...) spdlog::debug("[DEBUG] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#define LogInfo(message, ...) spdlog::info("[INFO] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#define LogWarn(message, ...) spdlog::warn("[WARN] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#define LogError(message, ...) spdlog::error("[ERROR] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) +#define LogCritical(message, ...) spdlog::critical("[CRITICAL] [{}:{}] [{}] " message, LOG_FILE_NAME, __LINE__, __func__ __VA_OPT__(, ) __VA_ARGS__) class Logger : public Ilogger { public: Logger(); }; + +#else + +#define LogTrace(message, ...) LogTrace_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) +#define LogDebug(message, ...) LogDebug_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) +#define LogInfo(message, ...) LogInfo_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) +#define LogWarn(message, ...) LogWarn_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) +#define LogError(message, ...) LogError_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) +#define LogCritical(message, ...) LogCritical_C(LOG_FILE_NAME, __LINE__, __func__, message, ##__VA_ARGS__) + +#endif + +#define LOG_FILE_NAME GetFileName(__FILE__) + diff --git a/src/common/logger/src/logger.cpp b/src/common/logger/src/logger.cpp new file mode 100644 index 0000000000..459c56e0eb --- /dev/null +++ b/src/common/logger/src/logger.cpp @@ -0,0 +1,62 @@ +#include + + +void LogTrace_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::trace("[TRACE] [{}:{}] [{}] {}", file, line, func, buffer); +}; + +void LogDebug_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::debug("[DEBUG] [{}:{}] [{}] {}", file, line, func, buffer); +}; + +void LogInfo_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::info("[INFO] [{}:{}] [{}] {}", file, line, func, buffer); +}; + +void LogWarn_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::warn("[WARN] [{}:{}] [{}] {}", file, line, func, buffer); +}; + +void LogError_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::error("[ERROR] [{}:{}] [{}] {}", file, line, func, buffer); +}; + +void LogCritical_C(const char* file, int line, const char* func, const char* message, ...) +{ + char buffer[LOG_BUFFER_SIZE]; + va_list args; + va_start(args, message); + vsnprintf(buffer, LOG_BUFFER_SIZE, message, args); + va_end(args); + spdlog::critical("[CRITICAL] [{}:{}] [{}] {}", file, line, func, buffer); +}; diff --git a/src/common/logger/src/logger_linux.cpp b/src/common/logger/src/logger_linux.cpp deleted file mode 100644 index 51a0d5ccca..0000000000 --- a/src/common/logger/src/logger_linux.cpp +++ /dev/null @@ -1,12 +0,0 @@ -#include - -#include - -Logger::Logger() -{ - auto sink = std::make_shared(); - auto logger = std::make_shared("wazuh-agent", sink); - - spdlog::set_default_logger(logger); - spdlog::set_level(spdlog::level::trace); -} diff --git a/src/common/logger/src/logger_macos.cpp b/src/common/logger/src/logger_macos.cpp deleted file mode 100644 index 5e3d32d20b..0000000000 --- a/src/common/logger/src/logger_macos.cpp +++ /dev/null @@ -1,12 +0,0 @@ -#include - -#include - -Logger::Logger() -{ - auto sink = std::make_shared("wazuh-agent", LOG_PID, LOG_USER, true); - auto logger = std::make_shared("wazuh-agent", sink); - - spdlog::set_default_logger(logger); - spdlog::set_level(spdlog::level::trace); -} diff --git a/src/common/logger/src/logger_unix.cpp b/src/common/logger/src/logger_unix.cpp new file mode 100644 index 0000000000..fd86e84232 --- /dev/null +++ b/src/common/logger/src/logger_unix.cpp @@ -0,0 +1,16 @@ +#include + +#include +#include + +#include + +Logger::Logger() +{ + auto console_sink = std::make_shared(); + auto logger = std::make_shared("wazuh-agent", console_sink); + + spdlog::set_default_logger(logger); + spdlog::set_level(spdlog::level::info); + spdlog::cfg::load_env_levels(); +} diff --git a/src/common/logger/src/logger_win.cpp b/src/common/logger/src/logger_win.cpp index 3a50ddcb6b..1f1169a7bf 100644 --- a/src/common/logger/src/logger_win.cpp +++ b/src/common/logger/src/logger_win.cpp @@ -1,12 +1,16 @@ #include +#include #include +#include + Logger::Logger() { auto sink = std::make_shared("Wazuh-Agent"); auto logger = std::make_shared("wazuh-agent", sink); spdlog::set_default_logger(logger); - spdlog::set_level(spdlog::level::trace); + spdlog::set_level(spdlog::level::info); + spdlog::cfg::load_env_levels(); } diff --git a/src/common/logger/tests/logger_test.cpp b/src/common/logger/tests/logger_test.cpp index 96941658aa..33ce70622c 100644 --- a/src/common/logger/tests/logger_test.cpp +++ b/src/common/logger/tests/logger_test.cpp @@ -2,17 +2,15 @@ #include #include -#ifdef __APPLE__ -#include -#endif -#ifdef __linux__ -#include -#include -#endif + #ifdef _WIN32 #include +#else // __linux__ || __APPLE__ +#include #endif + #include +#include class LoggerConstructorTest : public ::testing::Test { @@ -51,63 +49,46 @@ class LoggerMessageTest : public ::testing::Test } }; -#ifdef __linux__ -TEST_F(LoggerConstructorTest, LinuxLoggerConstructor) -{ - auto current_logger = spdlog::default_logger(); - EXPECT_EQ(current_logger->name(), "wazuh-agent"); - - EXPECT_EQ(spdlog::get_level(), spdlog::level::trace); - - auto sinks = current_logger->sinks(); - ASSERT_FALSE(sinks.empty()); - auto systemd_sink = std::dynamic_pointer_cast(sinks[0]); - EXPECT_NE(systemd_sink, nullptr); -} - -TEST_F(LoggerConstructorTest, LinuxLoggerConstructorFail) +#ifdef _WIN32 +TEST_F(LoggerConstructorTest, WindowsLoggerConstructor) { auto current_logger = spdlog::default_logger(); EXPECT_EQ(current_logger->name(), "wazuh-agent"); - EXPECT_EQ(spdlog::get_level(), spdlog::level::trace); + EXPECT_EQ(spdlog::get_level(), spdlog::level::info); auto sinks = current_logger->sinks(); ASSERT_FALSE(sinks.empty()); - auto systemd_sink = std::dynamic_pointer_cast(sinks[0]); - EXPECT_EQ(systemd_sink, nullptr); + auto win_sink = std::dynamic_pointer_cast(sinks[0]); + EXPECT_NE(win_sink, nullptr); } -#endif // __linux__ - -#ifdef _WIN32 -TEST_F(LoggerConstructorTest, WindowsLoggerConstructor) +#else // __linux__ || __APPLE__ +TEST_F(LoggerConstructorTest, UnixLoggerConstructor) { auto current_logger = spdlog::default_logger(); EXPECT_EQ(current_logger->name(), "wazuh-agent"); - EXPECT_EQ(spdlog::get_level(), spdlog::level::trace); + EXPECT_EQ(spdlog::get_level(), spdlog::level::info); auto sinks = current_logger->sinks(); ASSERT_FALSE(sinks.empty()); - auto win_sink = std::dynamic_pointer_cast(sinks[0]); - EXPECT_NE(win_sink, nullptr); + auto sink = std::dynamic_pointer_cast(sinks[0]); + EXPECT_NE(sink, nullptr); } -#endif // _WIN32 -#ifdef __APPLE__ -TEST_F(LoggerConstructorTest, MacOSLoggerConstructor) +TEST_F(LoggerConstructorTest, UnixLoggerConstructorFail) { auto current_logger = spdlog::default_logger(); EXPECT_EQ(current_logger->name(), "wazuh-agent"); - EXPECT_EQ(spdlog::get_level(), spdlog::level::trace); + EXPECT_EQ(spdlog::get_level(), spdlog::level::info); auto sinks = current_logger->sinks(); ASSERT_FALSE(sinks.empty()); - auto syslog_sink = std::dynamic_pointer_cast(sinks[0]); - EXPECT_NE(syslog_sink, nullptr); + auto sink = std::dynamic_pointer_cast(sinks[0]); + EXPECT_EQ(sink, nullptr); } -#endif // __APPLE__ +#endif // __linux__ || __APPLE__ TEST_F(LoggerMessageTest, LogsTraceMessage) { diff --git a/src/common/logging_helper/CMakeLists.txt b/src/common/logging_helper/CMakeLists.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/common/logging_helper/include/logging_helper.h b/src/common/logging_helper/include/logging_helper.h deleted file mode 100644 index 2f1b9e7d5e..0000000000 --- a/src/common/logging_helper/include/logging_helper.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Wazuh shared modules utils - * Copyright (C) 2015-2021, Wazuh Inc. - * Oct 6, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef _LOGGINGHELPER_H -#define _LOGGINGHELPER_H - -typedef enum modules_log_level_t -{ - LOG_DEBUG, - LOG_INFO, - LOG_WARNING, - LOG_ERROR, - LOG_ERROR_EXIT, - LOG_DEBUG_VERBOSE -} modules_log_level_t; - -/** - * @brief Global function to send a log message - * - * @param level Represent the log mode: ERROR, ERROR_EXIT, INFO, WARNING, DEBUG and DEBUG_VERBOSE - * @param log Message to send into the log - * @param tag Tag representing the module sending the log - */ -void taggedLogFunction(modules_log_level_t level, const char* log, const char* tag); - -/** - * @brief Global function to send a log message - * - * @param level Represent the log mode: ERROR, ERROR_EXIT, INFO, WARNING, DEBUG and DEBUG_VERBOSE - * @param log Message to send into the log - */ -void loggingFunction(modules_log_level_t level, const char* log); - -/** - * @brief Global function to send a error log message - * - * @param log Message to send into the log as error - */ -void loggingErrorFunction(const char* log); - -#endif //_LOGGINGHELPER_H diff --git a/src/common/logging_helper/src/logging_helper.c b/src/common/logging_helper/src/logging_helper.c deleted file mode 100644 index de97a805b7..0000000000 --- a/src/common/logging_helper/src/logging_helper.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Wazuh shared modules utils - * Copyright (C) 2015-2021, Wazuh Inc. - * Oct 6, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "logging_helper.h" -#include "debug_op.h" - -void loggingErrorFunction(const char * log) { - if (log) { - merror("%s", log); - } -} - -void taggedLogFunction(modules_log_level_t level, const char* log, const char* tag) { - - switch(level) { - case LOG_ERROR: - mterror(tag, "%s", log); - break; - case LOG_ERROR_EXIT: - mterror_exit(tag, "%s", log); - break; - case LOG_INFO: - mtinfo(tag, "%s", log); - break; - case LOG_WARNING: - mtwarn(tag, "%s", log); - break; - case LOG_DEBUG: - mtdebug1(tag, "%s", log); - break; - case LOG_DEBUG_VERBOSE: - mtdebug2(tag, "%s", log); - break; - default:; - } -} - -void loggingFunction(modules_log_level_t level, const char* log) { - - switch(level) { - case LOG_ERROR: - merror("%s", log); - break; - case LOG_ERROR_EXIT: - merror_exit("%s", log); - break; - case LOG_INFO: - minfo("%s", log); - break; - case LOG_WARNING: - mwarn("%s", log); - break; - case LOG_DEBUG: - mdebug1("%s", log); - break; - case LOG_DEBUG_VERBOSE: - mdebug2("%s", log); - break; - default:; - } -} diff --git a/src/common/mapWrapper/include/mapWrapperSafe.h b/src/common/mapWrapper/include/mapWrapperSafe.h index 5d2fe609d8..fc95d44b3c 100644 --- a/src/common/mapWrapper/include/mapWrapperSafe.h +++ b/src/common/mapWrapper/include/mapWrapperSafe.h @@ -46,5 +46,4 @@ namespace Utils }; }; - -#endif //_MAP_WRAPPER_SAFE_H_ \ No newline at end of file +#endif //_MAP_WRAPPER_SAFE_H_ diff --git a/src/common/mapWrapper/tests/main.cpp b/src/common/mapWrapper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/mapWrapper/tests/main.cpp +++ b/src/common/mapWrapper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/mapWrapper/tests/mapWrapperSafe_test.h b/src/common/mapWrapper/tests/mapWrapperSafe_test.h index 4d4ec37359..b5646281bb 100644 --- a/src/common/mapWrapper/tests/mapWrapperSafe_test.h +++ b/src/common/mapWrapper/tests/mapWrapperSafe_test.h @@ -24,4 +24,5 @@ class MapWrapperSafeTest : public ::testing::Test void SetUp() override; void TearDown() override; }; -#endif //MAP_WRAPPER_SAFE_TESTS_H \ No newline at end of file + +#endif //MAP_WRAPPER_SAFE_TESTS_H diff --git a/src/common/mem_op/CMakeLists.txt b/src/common/mem_op/CMakeLists.txt index e69de29bb2..aa786d6cd1 100644 --- a/src/common/mem_op/CMakeLists.txt +++ b/src/common/mem_op/CMakeLists.txt @@ -0,0 +1,5 @@ +add_library(mem_op STATIC src/mem_op.c) + +target_include_directories(mem_op PUBLIC include) + +target_link_libraries(mem_op utils Logger time_op) diff --git a/src/common/mem_op/include/mem_op.h b/src/common/mem_op/include/mem_op.h index 07d87b526e..56e0fb2863 100644 --- a/src/common/mem_op/include/mem_op.h +++ b/src/common/mem_op/include/mem_op.h @@ -8,12 +8,16 @@ * Foundation */ -#ifndef MEM_H -#define MEM_H +#pragma once #include -#ifdef WIN32 +#if defined(__GNUC__) || defined(__clang__) +#define ATTR_NONNULL __attribute__((nonnull)) +#define ATTR_NONNULL_TWO __attribute__((nonnull(2))) +#else +#define ATTR_NONNULL +#define ATTR_NONNULL_TWO #define win_alloc(x) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (x)) #define win_free(x) HeapFree(GetProcessHeap(), 0, (x)) #endif @@ -24,7 +28,6 @@ void **os_AddPtArray(void *pt, void **array); char **os_AddStrArray(const char *str, char **array); void os_FreeArray(char *ch1, char **ch2); int os_IsStrOnArray(const char *str, char **array); -char *os_LoadString(char *at, const char *str) __attribute__((nonnull(2))); -void *memset_secure(void *v, int c, size_t n) __attribute__((nonnull)); +char *os_LoadString(char *at, const char *str) ATTR_NONNULL_TWO; +void *memset_secure(void *v, int c, size_t n) ATTR_NONNULL; -#endif /* MEM_H */ diff --git a/src/common/mem_op/src/mem_op.c b/src/common/mem_op/src/mem_op.c index 2802cabc36..97a54ebdf1 100644 --- a/src/common/mem_op/src/mem_op.c +++ b/src/common/mem_op/src/mem_op.c @@ -93,7 +93,7 @@ char *os_LoadString(char *at, const char *str) if (at == NULL) { at = strdup(str); if (!at) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); } return (at); } else { /* at is not null. Need to reallocate its memory and copy str to it */ @@ -104,7 +104,7 @@ char *os_LoadString(char *at, const char *str) newat = (char *) realloc(at, finalsize * sizeof(char)); if (newat == NULL) { free(at); - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); return (NULL); } at = newat; diff --git a/src/common/networkHelper/CMakeLists.txt b/src/common/networkHelper/CMakeLists.txt index fd8f24c852..df0b6d4a4d 100644 --- a/src/common/networkHelper/CMakeLists.txt +++ b/src/common/networkHelper/CMakeLists.txt @@ -1,5 +1,5 @@ -cmake_minimum_required(VERSION 3.12.4) +add_library(networkHelper INTERFACE) -if(UNIT_TEST) - add_subdirectory(tests) -endif() +target_include_directories(networkHelper INTERFACE include) + +target_link_libraries(networkHelper INTERFACE utils) diff --git a/src/common/networkHelper/include/networkHelper.h b/src/common/networkHelper/include/networkHelper.h index 9ca12b124f..d91ad2f233 100644 --- a/src/common/networkHelper/include/networkHelper.h +++ b/src/common/networkHelper/include/networkHelper.h @@ -9,17 +9,17 @@ * Foundation. */ -#ifndef _NETWORK_HELPER_H -#define _NETWORK_HELPER_H +#pragma once #include #include #include #include -#include "makeUnique.h" +#ifndef WIN32 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-function" +#endif namespace Utils { @@ -81,6 +81,6 @@ namespace Utils }; } +#ifndef WIN32 #pragma GCC diagnostic pop - -#endif // _NETWORK_HELPER_H \ No newline at end of file +#endif diff --git a/src/common/os_crypto/src/md5_sha1_sha256_op.c b/src/common/os_crypto/src/md5_sha1_sha256_op.c index e44d4be15e..ec87699677 100644 --- a/src/common/os_crypto/src/md5_sha1_sha256_op.c +++ b/src/common/os_crypto/src/md5_sha1_sha256_op.c @@ -87,7 +87,7 @@ int OS_MD5_SHA1_SHA256_File(const char *fname, if (max_size > 0) { read = read + n; if (read >= max_size) { // Maximum filesize error - mwarn("'%s' filesize is larger than the maximum allowed (%d MB). File skipped.", fname, (int)max_size/1048576); // max_size is in bytes + LogWarn("'%s' filesize is larger than the maximum allowed (%d MB). File skipped.", fname, (int)max_size/1048576); // max_size is in bytes if (prefilter_cmd == NULL) { fclose(fp); } else { diff --git a/src/common/os_crypto/src/sha1_op.c b/src/common/os_crypto/src/sha1_op.c index d977aef069..58bf1f5441 100644 --- a/src/common/os_crypto/src/sha1_op.c +++ b/src/common/os_crypto/src/sha1_op.c @@ -147,7 +147,7 @@ int OS_SHA1_File_Nbytes_with_fp_check(const char * fname, EVP_MD_CTX ** c, os_sh unsigned char md[SHA_DIGEST_LENGTH]; if (c == NULL || *c == NULL) { - mdebug1("Context for file '%s' can not be NULL.", fname); + LogDebug("Context for file '%s' can not be NULL.", fname); return -3; } @@ -178,16 +178,16 @@ int OS_SHA1_File_Nbytes_with_fp_check(const char * fname, EVP_MD_CTX ** c, os_sh struct stat tmp_stat; if ((fstat(fileno(fp), &tmp_stat)) == -1) { - merror(FSTAT_ERROR, fname, errno, strerror(errno)); + LogError(FSTAT_ERROR, fname, errno, strerror(errno)); } else if (fd_check != tmp_stat.st_ino) { - mdebug1("The inode does not belong to file '%s'. The hash of the file will be ignored.", fname); + LogDebug("The inode does not belong to file '%s'. The hash of the file will be ignored.", fname); fclose(fp); return -2; } #else if (open_fd != 0 && fd_check != open_fd) { - mdebug1("The inode does not belong to file '%s'. The hash of the file will be ignored.", fname); + LogDebug("The inode does not belong to file '%s'. The hash of the file will be ignored.", fname); fclose(fp); return -2; } diff --git a/src/common/os_crypto/src/signature.c b/src/common/os_crypto/src/signature.c index dcda3e755b..17b8b04dab 100644 --- a/src/common/os_crypto/src/signature.c +++ b/src/common/os_crypto/src/signature.c @@ -38,26 +38,26 @@ int w_wpk_unsign(const char * source, const char * target, const char ** ca_stor // Read signed file if (filein = wfopen(source, "rb"), !filein) { - merror("opening input file: %s", strerror(errno)); + LogError("opening input file: %s", strerror(errno)); goto cleanup; } // Check magic number if (length = fread(buffer, 1, sizeof(MAGIC), filein), length < (ssize_t)sizeof(MAGIC)) { - merror("Invalid input file (reading magic number)."); + LogError("Invalid input file (reading magic number)."); goto cleanup; } if (memcmp(buffer, MAGIC, sizeof(MAGIC))) { - merror("Invalid input file (bad magic number)."); + LogError("Invalid input file (bad magic number)."); goto cleanup; } // Get certificate if (cert = w_wpk_cert(filein), !cert) { - merror("Couldn't extract certificate at file '%s'.", source); + LogError("Couldn't extract certificate at file '%s'.", source); goto cleanup; } @@ -65,107 +65,107 @@ int w_wpk_unsign(const char * source, const char * target, const char ** ca_stor if (ca_store) { if (wpk_verify_cert(cert, ca_store) < 0) { - merror("Error verifying WPK certificate."); + LogError("Error verifying WPK certificate."); goto cleanup; } } else { - mwarn("No root CA defined to verify file '%s'.", source); + LogWarn("No root CA defined to verify file '%s'.", source); } // Read signature if (length = fread(signature, 1, SIGNLEN, filein), length < SIGNLEN) { - merror("Invalid input file (reading signature)."); + LogError("Invalid input file (reading signature)."); goto cleanup; } // Hash of file content if (offset = ftell(filein), offset < 0) { - merror(FTELL_ERROR, source, errno, strerror(errno)); + LogError(FTELL_ERROR, source, errno, strerror(errno)); goto cleanup; } if (hash = EVP_MD_CTX_new(), !hash) { - merror("Couldn't create hash context."); + LogError("Couldn't create hash context."); goto cleanup; } if (1 != EVP_DigestInit(hash, EVP_sha256())) { - merror("Couldn't initialize hash context."); + LogError("Couldn't initialize hash context."); goto cleanup; } while (length = fread(buffer, 1, BUFLEN, filein), length > 0) { if (1 != EVP_DigestUpdate(hash, buffer, length)) { - merror("Couldn't update hash."); + LogError("Couldn't update hash."); goto cleanup; } } if (length < 0) { - merror("Invalid input file (reading content)."); + LogError("Invalid input file (reading content)."); goto cleanup; } if (1 != EVP_DigestFinal(hash, digest, NULL)) { - merror("Couldn't finalize hash."); + LogError("Couldn't finalize hash."); goto cleanup; } // Verify signature (PKCS1) if (pkey = X509_get0_pubkey(cert), !pkey) { - merror("Couldn't get public key from certificate."); + LogError("Couldn't get public key from certificate."); goto cleanup; } if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - merror("Public key is not RSA."); + LogError("Public key is not RSA."); goto cleanup; } if (ctx = EVP_PKEY_CTX_new(pkey, NULL), !ctx) { - merror("Couldn't create public key context."); + LogError("Couldn't create public key context."); goto cleanup; } if (EVP_PKEY_verify_init(ctx) <= 0) { - merror("Failed to initialize public key context."); + LogError("Failed to initialize public key context."); goto cleanup; } if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) { - merror("Failed to set signature digest type."); + LogError("Failed to set signature digest type."); goto cleanup; } if (1 != EVP_PKEY_verify(ctx, signature, SIGNLEN, digest, SHA256_DIGEST_LENGTH)) { - merror("Failed to verify signature."); + LogError("Failed to verify signature."); goto cleanup; } // Extract file if (fileout = wfopen(target, "wb"), !fileout) { - merror("Opening output file: %s", strerror(errno)); + LogError("Opening output file: %s", strerror(errno)); goto cleanup; } if (fseek(filein, offset, SEEK_SET) < 0) { - merror(FSEEK_ERROR, source, errno, strerror(errno)); + LogError(FSEEK_ERROR, source, errno, strerror(errno)); goto cleanup; } while (length = fread(buffer, 1, BUFLEN, filein), length > 0) { if (fwrite(buffer, 1, length, fileout) != (size_t)length) { - merror("writing output file."); + LogError("writing output file."); goto cleanup; } } if (length < 0) { - merror("Invalid input file (writing output)."); + LogError("Invalid input file (writing output)."); goto cleanup; } @@ -228,7 +228,7 @@ X509 * w_wpk_cert(FILE * fp) { } if (buffer[i]) { - merror("Couldn't get certificate from WPK file."); + LogError("Couldn't get certificate from WPK file."); free(buffer); return NULL; } @@ -236,7 +236,7 @@ X509 * w_wpk_cert(FILE * fp) { bio = BIO_new_mem_buf(buffer, (int)i); if (cert = PEM_read_bio_X509(bio, NULL, NULL, NULL), !cert) { - merror("Invalid certificate in WPK file."); + LogError("Invalid certificate in WPK file."); BIO_free_all(bio); free(buffer); return NULL; @@ -268,14 +268,14 @@ int wpk_verify_cert(X509 * cert, const char ** ca_store) { } if (store = X509_STORE_new(), !store) { - merror("Couldn't create new store."); + LogError("Couldn't create new store."); return -1; } int r; if (stat(ca_store[i], &statbuf) < 0) { - merror(FSTAT_ERROR, ca_store[i], errno, strerror(errno)); + LogError(FSTAT_ERROR, ca_store[i], errno, strerror(errno)); continue; } @@ -289,12 +289,12 @@ int wpk_verify_cert(X509 * cert, const char ** ca_store) { break; default: - merror("Loading CA '%s': it's neither file nor directory.", ca_store[i]); + LogError("Loading CA '%s': it's neither file nor directory.", ca_store[i]); continue; } if (r < 0) { - merror("Couldn't add CA '%s'", ca_store[i]); + LogError("Couldn't add CA '%s'", ca_store[i]); X509_STORE_free(store); continue; } @@ -307,21 +307,21 @@ int wpk_verify_cert(X509 * cert, const char ** ca_store) { ERR_load_crypto_strings(); while (err = ERR_get_error(), err) { - mdebug1("At wpk_verify_cert(): %s (%lu)", ERR_reason_error_string(err), err); + LogDebug("At wpk_verify_cert(): %s (%lu)", ERR_reason_error_string(err), err); } } else if (r == 0) { ERR_load_crypto_strings(); err = X509_STORE_CTX_get_error(store_ctx); - mdebug1("Certificate couldn't be verified by CA '%s': %s (%lu)", ca_store[i], X509_verify_cert_error_string(err), err); + LogDebug("Certificate couldn't be verified by CA '%s': %s (%lu)", ca_store[i], X509_verify_cert_error_string(err), err); } else if (r == 1) { result = 0; } else { - mdebug1("At wpk_verify_cert(): unexpected result."); + LogDebug("At wpk_verify_cert(): unexpected result."); } X509_STORE_CTX_cleanup(store_ctx); diff --git a/src/common/os_crypto/tests/unit/tests/sha1/test_sha1_op.c b/src/common/os_crypto/tests/unit/tests/sha1/test_sha1_op.c index 317a6b0461..1cc8f4ff29 100644 --- a/src/common/os_crypto/tests/unit/tests/sha1/test_sha1_op.c +++ b/src/common/os_crypto/tests/unit/tests/sha1/test_sha1_op.c @@ -51,7 +51,7 @@ void OS_SHA1_File_Nbytes_unable_open_file (void **state) const char *path = "/home/test_file"; EVP_MD_CTX *context = EVP_MD_CTX_new(); os_sha1 output; - ssize_t nbytes = 4096; + int64_t nbytes = 4096; int mode = OS_BINARY; diff --git a/src/common/os_utils/src/os_utils.c b/src/common/os_utils/src/os_utils.c index 123c0fea92..939a987dd8 100644 --- a/src/common/os_utils/src/os_utils.c +++ b/src/common/os_utils/src/os_utils.c @@ -83,7 +83,7 @@ OSList *w_os_get_process_list() if (!w_is_file(ps)) { strncpy(ps, "/usr/bin/ps", OS_SIZE_1024); if (!w_is_file(ps)) { - mterror(ARGV0, "'ps' not found."); + LogError(ARGV0, "'ps' not found."); return (NULL); } } @@ -91,7 +91,7 @@ OSList *w_os_get_process_list() /* Create process list */ p_list = OSList_Create(); if (!p_list) { - mterror(ARGV0, LIST_ERROR); + LogError(ARGV0, LIST_ERROR); return (NULL); } @@ -238,25 +238,25 @@ OSList *w_os_get_process_list() TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) { if (GetLastError() == ERROR_NO_TOKEN) { if (!ImpersonateSelf(SecurityImpersonation)) { - mterror(ARGV0, "os_get_win32_process_list -> ImpersonateSelf"); + LogError(ARGV0, "os_get_win32_process_list -> ImpersonateSelf"); return (NULL); } if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) { - mterror(ARGV0, "os_get_win32_process_list -> OpenThread"); + LogError(ARGV0, "os_get_win32_process_list -> OpenThread"); return (NULL) ; } } else { - mterror(ARGV0, "os_get_win32_process_list -> OpenThread"); + LogError(ARGV0, "os_get_win32_process_list -> OpenThread"); return (NULL); } } /* Enable debug privilege */ if (!w_os_win32_setdebugpriv(hpriv, 1)) { - mterror(ARGV0, "w_os_win32_setdebugpriv"); + LogError(ARGV0, "w_os_win32_setdebugpriv"); CloseHandle(hpriv); return (NULL); } @@ -264,13 +264,13 @@ OSList *w_os_get_process_list() /* Make a snapshot of every process */ hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hsnap == INVALID_HANDLE_VALUE) { - mterror(ARGV0, "CreateToolhelp32Snapshot"); + LogError(ARGV0, "CreateToolhelp32Snapshot"); return (NULL); } /* Get first and second processes -- system entries */ if (!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry )) { - mterror(ARGV0, "Process32First"); + LogError(ARGV0, "Process32First"); CloseHandle(hsnap); return (NULL); } @@ -279,7 +279,7 @@ OSList *w_os_get_process_list() p_list = OSList_Create(); if (!p_list) { CloseHandle(hsnap); - mterror(ARGV0, LIST_ERROR); + LogError(ARGV0, LIST_ERROR); return (0); } diff --git a/src/common/pipelineHelper/include/pipelinePattern.h b/src/common/pipelineHelper/include/pipelinePattern.h index 820555736b..997fa2ad47 100644 --- a/src/common/pipelineHelper/include/pipelinePattern.h +++ b/src/common/pipelineHelper/include/pipelinePattern.h @@ -95,4 +95,4 @@ namespace Utils } }//namespace Utils -#endif //PIPELINE_PATTERN_H \ No newline at end of file +#endif //PIPELINE_PATTERN_H diff --git a/src/common/pipelineHelper/tests/main.cpp b/src/common/pipelineHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/pipelineHelper/tests/main.cpp +++ b/src/common/pipelineHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/pipelineHelper/tests/pipelineNodes_test.cpp b/src/common/pipelineHelper/tests/pipelineNodes_test.cpp index a3de94f101..3acbf32f90 100644 --- a/src/common/pipelineHelper/tests/pipelineNodes_test.cpp +++ b/src/common/pipelineHelper/tests/pipelineNodes_test.cpp @@ -187,4 +187,4 @@ static void ReadWriteNodeBehaviour(FunctorWrapper& functor, std::shared_ptr& spReadNode->rundown(); EXPECT_EQ(0ul, spReadNode->size()); EXPECT_TRUE(spReadNode->cancelled()); -} \ No newline at end of file +} diff --git a/src/common/pipelineHelper/tests/pipelineNodes_test.h b/src/common/pipelineHelper/tests/pipelineNodes_test.h index 95f5cf8f29..1e682678d1 100644 --- a/src/common/pipelineHelper/tests/pipelineNodes_test.h +++ b/src/common/pipelineHelper/tests/pipelineNodes_test.h @@ -25,4 +25,4 @@ class PipelineNodesTest : public ::testing::Test void TearDown() override; }; -#endif //PIPELINE_NODE_TESTS_H \ No newline at end of file +#endif //PIPELINE_NODE_TESTS_H diff --git a/src/common/privsep_op/CMakeLists.txt b/src/common/privsep_op/CMakeLists.txt index e69de29bb2..94378204ca 100644 --- a/src/common/privsep_op/CMakeLists.txt +++ b/src/common/privsep_op/CMakeLists.txt @@ -0,0 +1,5 @@ +add_library(privsep_op STATIC src/privsep_op.c) + +target_include_directories(privsep_op PUBLIC include) + +target_link_libraries(privsep_op utils time_op Logger) diff --git a/src/common/privsep_op/include/privsep_op.h b/src/common/privsep_op/include/privsep_op.h index 57af0d7774..2999bf92a8 100644 --- a/src/common/privsep_op/include/privsep_op.h +++ b/src/common/privsep_op/include/privsep_op.h @@ -13,15 +13,10 @@ #ifndef PRIV_H #define PRIV_H +#include "cust_types.h" #include "shared.h" -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) -#define w_ctime(x,y,z) ctime_r(x,y,z) -#else #define w_ctime(x,y,z) ctime_r(x,y) -#endif /** * @brief Find a user by name diff --git a/src/common/privsep_op/src/privsep_op.c b/src/common/privsep_op/src/privsep_op.c index e7e0391565..56ab99b1b4 100644 --- a/src/common/privsep_op/src/privsep_op.c +++ b/src/common/privsep_op/src/privsep_op.c @@ -19,14 +19,10 @@ #include #include "privsep_op.h" -#include "headers/os_err.h" +#include "os_err.h" struct passwd *w_getpwnam(const char *name, struct passwd *pwd, char *buf, size_t buflen) { -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) - return getpwnam_r(name, pwd, buf, buflen); -#else + struct passwd *result = NULL; int retval = getpwnam_r(name, pwd, buf, buflen, &result); @@ -35,15 +31,10 @@ struct passwd *w_getpwnam(const char *name, struct passwd *pwd, char *buf, size_ } return result; -#endif } struct passwd *w_getpwuid(uid_t uid, struct passwd *pwd, char *buf, int buflen) { -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) - return getpwuid_r(uid, pwd, buf, buflen); -#else + struct passwd *result = NULL; int retval = getpwuid_r(uid, pwd, buf, buflen, &result); @@ -52,15 +43,10 @@ struct passwd *w_getpwuid(uid_t uid, struct passwd *pwd, char *buf, int bufle } return result; -#endif } struct group *w_getgrnam(const char *name, struct group *grp, char *buf, int buflen) { -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) - return getgrnam_r(name, grp, buf, buflen); -#else + struct group *result = NULL; int retval = getgrnam_r(name, grp, buf, buflen, &result); @@ -69,15 +55,10 @@ struct group *w_getgrnam(const char *name, struct group *grp, char *buf, int } return result; -#endif } struct group *w_getgrgid(gid_t gid, struct group *grp, char *buf, int buflen) { -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) - return getgrgid_r(gid, grp, buf, buflen); -#else + struct group *result = NULL; int retval = getgrgid_r(gid, grp, buf, buflen, &result); @@ -86,7 +67,6 @@ struct group *w_getgrgid(gid_t gid, struct group *grp, char *buf, int buflen) { } return result; -#endif } uid_t Privsep_GetUser(const char *name) @@ -178,7 +158,8 @@ int Privsep_Chroot(const char *path) return (OS_INVALID); } - nowChroot(); + // Deleted alongside the old debugger. + // nowChroot(); return (OS_SUCCESS); } diff --git a/src/common/pthreads_op/CMakeLists.txt b/src/common/pthreads_op/CMakeLists.txt index e69de29bb2..0568493a49 100644 --- a/src/common/pthreads_op/CMakeLists.txt +++ b/src/common/pthreads_op/CMakeLists.txt @@ -0,0 +1,5 @@ +add_library(pthreads_op STATIC src/pthreads_op.c) + +target_include_directories(pthreads_op PUBLIC include) + +target_link_libraries(pthreads_op utils time_op Logger) diff --git a/src/common/pthreads_op/include/pthreads_op.h b/src/common/pthreads_op/include/pthreads_op.h index 58598afd17..66070cb854 100644 --- a/src/common/pthreads_op/include/pthreads_op.h +++ b/src/common/pthreads_op/include/pthreads_op.h @@ -12,27 +12,27 @@ #define PTHREADS_OP_H #ifndef WIN32 -#define w_create_thread(x, y) if (!CreateThread((void * (*) (void *))x, y)) merror_exit(THREAD_ERROR); +#define w_create_thread(x, y) if (!CreateThread((void * (*) (void *))x, y)) LogCritical(THREAD_ERROR); #else -#define w_create_thread(x, y, z, a, b, c) ({HANDLE hd; if (!(hd = CreateThread(x,y,z,a,b,c))) merror_exit(THREAD_ERROR); hd;}) +#define w_create_thread(x, y, z, a, b, c) ({HANDLE hd; if (!(hd = CreateThread(x,y,z,a,b,c))) LogCritical(THREAD_ERROR); hd;}) #endif -#define w_mutex_init(x, y) { int error = pthread_mutex_init(x, y); if (error) merror_exit("At pthread_mutex_init(): %s", strerror(error)); } -#define w_mutex_lock(x) { int error = pthread_mutex_lock(x); if (error) merror_exit("At pthread_mutex_lock(): %s", strerror(error)); } -#define w_mutex_unlock(x) { int error = pthread_mutex_unlock(x); if (error) merror_exit("At pthread_mutex_unlock(): %s", strerror(error)); } -#define w_mutex_destroy(x) { int error = pthread_mutex_destroy(x); if (error) merror_exit("At pthread_mutex_destroy(): %s", strerror(error)); } -#define w_cond_init(x, y) { int error = pthread_cond_init(x, y); if (error) merror_exit("At pthread_cond_init(): %s", strerror(error)); } -#define w_cond_wait(x, y) { int error = pthread_cond_wait(x, y); if (error) merror_exit("At pthread_cond_wait(): %s", strerror(error)); } -#define w_cond_signal(x) { int error = pthread_cond_signal(x); if (error) merror_exit("At pthread_cond_signal(): %s", strerror(error)); } -#define w_cond_broadcast(x) { int error = pthread_cond_broadcast(x); if (error) merror_exit("At pthread_cond_broadcast(): %s", strerror(error)); } -#define w_cond_destroy(x) { int error = pthread_cond_destroy(x); if (error) merror_exit("At pthread_cond_destroy(): %s", strerror(error)); } -#define w_rwlock_init(x, y) { int error = pthread_rwlock_init(x, y); if (error) merror_exit("At pthread_rwlock_init(): %s", strerror(error)); } -#define w_rwlock_rdlock(x) { int error = pthread_rwlock_rdlock(x); if (error) merror_exit("At pthread_rwlock_rdlock(): %s", strerror(error)); } -#define w_rwlock_wrlock(x) { int error = pthread_rwlock_wrlock(x); if (error) merror_exit("At pthread_rwlock_wrlock(): %s", strerror(error)); } -#define w_rwlock_unlock(x) { int error = pthread_rwlock_unlock(x); if (error) merror_exit("At pthread_rwlock_unlock(): %s", strerror(error)); } -#define w_rwlock_destroy(x) { int error = pthread_rwlock_destroy(x); if (error) merror_exit("At pthread_rwlock_destroy(" #x "): %s", strerror(error)); } -#define w_mutexattr_init(x) { int error = pthread_mutexattr_init(x); if (error) merror_exit("At pthread_mutexattr_init(): %s", strerror(error)); } -#define w_mutexattr_settype(x, y) { int error = pthread_mutexattr_settype(x, y); if (error) merror_exit("At pthread_mutexattr_settype(): %s", strerror(error)); } -#define w_mutexattr_destroy(x) { int error = pthread_mutexattr_destroy(x); if (error) merror_exit("At pthread_mutexattr_destroy(): %s", strerror(error)); } +#define w_mutex_init(x, y) { int error = pthread_mutex_init(x, y); if (error) LogCritical("At pthread_mutex_init(): %s", strerror(error)); } +#define w_mutex_lock(x) { int error = pthread_mutex_lock(x); if (error) LogCritical("At pthread_mutex_lock(): %s", strerror(error)); } +#define w_mutex_unlock(x) { int error = pthread_mutex_unlock(x); if (error) LogCritical("At pthread_mutex_unlock(): %s", strerror(error)); } +#define w_mutex_destroy(x) { int error = pthread_mutex_destroy(x); if (error) LogCritical("At pthread_mutex_destroy(): %s", strerror(error)); } +#define w_cond_init(x, y) { int error = pthread_cond_init(x, y); if (error) LogCritical("At pthread_cond_init(): %s", strerror(error)); } +#define w_cond_wait(x, y) { int error = pthread_cond_wait(x, y); if (error) LogCritical("At pthread_cond_wait(): %s", strerror(error)); } +#define w_cond_signal(x) { int error = pthread_cond_signal(x); if (error) LogCritical("At pthread_cond_signal(): %s", strerror(error)); } +#define w_cond_broadcast(x) { int error = pthread_cond_broadcast(x); if (error) LogCritical("At pthread_cond_broadcast(): %s", strerror(error)); } +#define w_cond_destroy(x) { int error = pthread_cond_destroy(x); if (error) LogCritical("At pthread_cond_destroy(): %s", strerror(error)); } +#define w_rwlock_init(x, y) { int error = pthread_rwlock_init(x, y); if (error) LogCritical("At pthread_rwlock_init(): %s", strerror(error)); } +#define w_rwlock_rdlock(x) { int error = pthread_rwlock_rdlock(x); if (error) LogCritical("At pthread_rwlock_rdlock(): %s", strerror(error)); } +#define w_rwlock_wrlock(x) { int error = pthread_rwlock_wrlock(x); if (error) LogCritical("At pthread_rwlock_wrlock(): %s", strerror(error)); } +#define w_rwlock_unlock(x) { int error = pthread_rwlock_unlock(x); if (error) LogCritical("At pthread_rwlock_unlock(): %s", strerror(error)); } +#define w_rwlock_destroy(x) { int error = pthread_rwlock_destroy(x); if (error) LogCritical("At pthread_rwlock_destroy(" #x "): %s", strerror(error)); } +#define w_mutexattr_init(x) { int error = pthread_mutexattr_init(x); if (error) LogCritical("At pthread_mutexattr_init(): %s", strerror(error)); } +#define w_mutexattr_settype(x, y) { int error = pthread_mutexattr_settype(x, y); if (error) LogCritical("At pthread_mutexattr_settype(): %s", strerror(error)); } +#define w_mutexattr_destroy(x) { int error = pthread_mutexattr_destroy(x); if (error) LogCritical("At pthread_mutexattr_destroy(): %s", strerror(error)); } #ifndef WIN32 int CreateThread(void * (*function_pointer)(void *), void * data) __attribute__((nonnull(1))); diff --git a/src/common/pthreads_op/src/pthreads_op.c b/src/common/pthreads_op/src/pthreads_op.c index 3d379e47a6..aa3846d48c 100644 --- a/src/common/pthreads_op/src/pthreads_op.c +++ b/src/common/pthreads_op/src/pthreads_op.c @@ -25,28 +25,30 @@ int CreateThreadJoinable(pthread_t *lthread, void * (*function_pointer)(void *), int ret = 0; if (pthread_attr_init(&attr)) { - merror(THREAD_ERROR " Cannot initialize attributes."); + LogError(THREAD_ERROR " Cannot initialize attributes."); return -1; } - read_size = 1024 * (size_t)getDefine_Int("wazuh", "thread_stack_size", 2048, 65536); + // TODO: replace function getDefine_Int + read_size = 1024 * (size_t) 65536; + // read_size = 1024 * (size_t)getDefine_Int("wazuh", "thread_stack_size", 2048, 65536); /* Set the maximum stack limit to new threads */ if (pthread_attr_setstacksize(&attr, read_size)) { - merror(THREAD_ERROR " Cannot set stack size to %d KB.", (int)read_size); + LogError(THREAD_ERROR " Cannot set stack size to %d KB.", (int)read_size); return -1; } if (pthread_attr_getstacksize(&attr, &stacksize)) { - merror(THREAD_ERROR " Cannot confirm stack size setting."); + LogError(THREAD_ERROR " Cannot confirm stack size setting."); return -1; } - mdebug2("Thread stack size set to: %d KiB", (int)stacksize / 1024); + LogDebug("Thread stack size set to: %d KiB", (int)stacksize / 1024); ret = pthread_create(lthread, &attr, function_pointer, (void *)data); if (ret != 0) { - merror(THREAD_ERROR " %s (%d)", strerror(ret), ret); + LogError(THREAD_ERROR " %s (%d)", strerror(ret), ret); return -1; } @@ -64,7 +66,7 @@ int CreateThread(void * (*function_pointer)(void *), void *data) } if (pthread_detach(lthread) != 0) { - merror(THREAD_ERROR " Cannot detach thread."); + LogError(THREAD_ERROR " Cannot detach thread."); return 0; } diff --git a/src/common/queue_op/include/queue_op.h b/src/common/queue_op/include/queue_op.h index c0c5ce93b5..5de14042af 100644 --- a/src/common/queue_op/include/queue_op.h +++ b/src/common/queue_op/include/queue_op.h @@ -20,7 +20,7 @@ #include /** - * queue main structure + * queue main structure * */ typedef struct w_queue_s { void ** data; ///> Pointer to the circular buffer @@ -35,7 +35,7 @@ typedef struct w_queue_s { /** * @brief Initializes a new queue structure - * + * * @param n size of the circular queue (fits n - 1 elements) * @return initialize queue structure * */ @@ -43,14 +43,14 @@ w_queue_t * queue_init(size_t n); /** * @brief Frees an existent queue - * - * @param queue + * + * @param queue * */ void queue_free(w_queue_t * queue); /** * @brief Evaluates whether the queue is full or not - * + * * @param queue * @return 1 if true, 0 if false * */ @@ -58,15 +58,15 @@ int queue_full(const w_queue_t * queue); /** * @brief Evaluates whether the queue is empty or not - * + * * @param queue * @return 1 if true, 0 if false * */ int queue_empty(const w_queue_t * queue); -/** +/** * @brief Tries to insert an element into the queue - * + * * @param queue the queue * @param data data to be inserted * @return -1 if queue is full @@ -74,10 +74,10 @@ int queue_empty(const w_queue_t * queue); * */ int queue_push(w_queue_t * queue, void * data); -/** - * @brief Same as queue_push but with mutual exclusion +/** + * @brief Same as queue_push but with mutual exclusion * for multithreaded applications - * + * * @param queue the queue * @param data data to be inserted * @return -1 if queue is full @@ -85,10 +85,10 @@ int queue_push(w_queue_t * queue, void * data); * */ int queue_push_ex(w_queue_t * queue, void * data); -/** +/** * @brief Same as queue_push_ex but if queue is full will * wait until there is space for the element (THREAD BLOCK) - * + * * @param queue the queue * @param data data to be inserted * @return 0 always @@ -97,7 +97,7 @@ int queue_push_ex_block(w_queue_t * queue, void * data); /** * @brief Retrieves next item in the queue - * + * * @param queue the queue * @return element if queue has a next * NULL if queue is empty @@ -105,9 +105,9 @@ int queue_push_ex_block(w_queue_t * queue, void * data); void * queue_pop(w_queue_t * queue); /** - * @brief Same as queue_pop but with mutual exclusion + * @brief Same as queue_pop but with mutual exclusion * for multithreaded applications. If queue is empty THREAD WILL BLOCK - * + * * @param queue the queue * @return next element in the queue * */ @@ -116,7 +116,7 @@ void * queue_pop_ex(w_queue_t * queue); /** * @brief Same as queue_pop_ex but with a configured timeout for the * wait. If queue is empty THREAD WILL BLOCK - * + * * @param queue the queue * @param abstime timeout specification * @return next element in the queue diff --git a/src/common/randombytes/CMakeLists.txt b/src/common/randombytes/CMakeLists.txt index e69de29bb2..49b44b0897 100644 --- a/src/common/randombytes/CMakeLists.txt +++ b/src/common/randombytes/CMakeLists.txt @@ -0,0 +1,8 @@ +add_library(randombytes STATIC src/randombytes.c) + +target_include_directories(randombytes PUBLIC include) + +target_link_libraries(randombytes + utils + Logger + time_op) diff --git a/src/common/randombytes/src/randombytes.c b/src/common/randombytes/src/randombytes.c index e40de3c3e8..b3d43c6164 100644 --- a/src/common/randombytes/src/randombytes.c +++ b/src/common/randombytes/src/randombytes.c @@ -29,25 +29,25 @@ void randombytes(void *ptr, size_t length) if (prov == 0) { if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, 0)) { if (GetLastError() == (DWORD)NTE_BAD_KEYSET) { - mdebug1("No default container was found. Attempting to create default container."); + LogDebug("No default container was found. Attempting to create default container."); if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { - merror("CryptAcquireContext Flag: NewKeySet (1): (%lx)", GetLastError()); + LogError("CryptAcquireContext Flag: NewKeySet (1): (%lx)", GetLastError()); failed = 1; } }else if(GetLastError() == (DWORD)NTE_KEYSET_ENTRY_BAD){ - mwarn("The agent's RSA key container for the random generator is corrupt. Resetting container..."); + LogWarn("The agent's RSA key container for the random generator is corrupt. Resetting container..."); if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_DELETEKEYSET)){ - merror("CryptAcquireContext Flag: DeleteKeySet: (%lx)", GetLastError()); + LogError("CryptAcquireContext Flag: DeleteKeySet: (%lx)", GetLastError()); failed = 1; } if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { - merror("CryptAcquireContext Flag: NewKeySet (2): (%lx)", GetLastError()); + LogError("CryptAcquireContext Flag: NewKeySet (2): (%lx)", GetLastError()); failed = 1; } } else { - merror("CryptAcquireContext no Flag: (%lx)", GetLastError()); + LogError("CryptAcquireContext no Flag: (%lx)", GetLastError()); failed = 1; } } @@ -72,7 +72,7 @@ void randombytes(void *ptr, size_t length) #endif if (failed) { - merror_exit("randombytes failed for all possible methods for accessing random data"); + LogCritical("randombytes failed for all possible methods for accessing random data"); } } diff --git a/src/common/read_alert/src/read_alert.c b/src/common/read_alert/src/read_alert.c index 4a6e070737..4395aecf2f 100644 --- a/src/common/read_alert/src/read_alert.c +++ b/src/common/read_alert/src/read_alert.c @@ -201,14 +201,14 @@ alert_data *GetAlertData(int flag, FILE *fp) { p++; } else { /* If p is null it is because strchr failed */ - merror("date or location not NULL"); + LogError("date or location not NULL"); goto l_error; } } /* If not, str is date and p is the location */ if (al_data->date || al_data->location || !p) { - merror("date or location not NULL or p is NULL"); + LogError("date or location not NULL or p is NULL"); goto l_error; } diff --git a/src/common/regex_op/CMakeLists.txt b/src/common/regex_op/CMakeLists.txt index e69de29bb2..86687261a1 100644 --- a/src/common/regex_op/CMakeLists.txt +++ b/src/common/regex_op/CMakeLists.txt @@ -0,0 +1,5 @@ +add_library(regex_op STATIC src/regex_op.c) + +target_include_directories(regex_op PUBLIC include) + +target_link_libraries(regex_op utils Logger time_op) diff --git a/src/common/regex_op/include/regex_op.h b/src/common/regex_op/include/regex_op.h index f8aa375736..8512e6f5b5 100644 --- a/src/common/regex_op/include/regex_op.h +++ b/src/common/regex_op/include/regex_op.h @@ -13,7 +13,7 @@ #ifndef WIN32 #include -#include "../external/sqlite/sqlite3.h" +#include /** * @brief Compare a string with a regular expression. diff --git a/src/common/regex_op/src/regex_op.c b/src/common/regex_op/src/regex_op.c index 5eafa60a57..0d04a37df2 100644 --- a/src/common/regex_op/src/regex_op.c +++ b/src/common/regex_op/src/regex_op.c @@ -22,7 +22,7 @@ int OS_PRegex(const char *str, const char *regex) } if (regcomp(&preg, regex, REG_EXTENDED | REG_NOSUB) != 0) { - merror("Posix Regex compile error (%s).", regex); + LogError("Posix Regex compile error (%s).", regex); return (0); } @@ -46,7 +46,7 @@ int w_regexec(const char * pattern, const char * string, size_t nmatch, regmatch } if (regcomp(®ex, pattern, REG_EXTENDED)) { - merror("Couldn't compile regular expression '%s'", pattern); + LogError("Couldn't compile regular expression '%s'", pattern); return 0; } diff --git a/src/common/registryHelper/tests/main.cpp b/src/common/registryHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/registryHelper/tests/main.cpp +++ b/src/common/registryHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/rwlock_op/src/rwlock_op.c b/src/common/rwlock_op/src/rwlock_op.c index 840ad4cce2..edfc41da34 100644 --- a/src/common/rwlock_op/src/rwlock_op.c +++ b/src/common/rwlock_op/src/rwlock_op.c @@ -20,12 +20,12 @@ void rwlock_init(rwlock_t * rwlock) { errno = pthread_mutex_init(&rwlock->mutex, NULL); if (errno != 0) { - merror_exit(MUTEX_INIT, strerror(errno), errno); + LogCritical(MUTEX_INIT, strerror(errno), errno); } errno = pthread_rwlock_init(&rwlock->rwlock, NULL); if (errno != 0) { - merror_exit(RWLOCK_INIT, strerror(errno), errno); + LogCritical(RWLOCK_INIT, strerror(errno), errno); } } @@ -34,17 +34,17 @@ void rwlock_init(rwlock_t * rwlock) { void rwlock_lock_read(rwlock_t * rwlock) { errno = pthread_mutex_lock(&rwlock->mutex); if (errno != 0) { - merror_exit(MUTEX_LOCK, strerror(errno), errno); + LogCritical(MUTEX_LOCK, strerror(errno), errno); } errno = pthread_rwlock_rdlock(&rwlock->rwlock); if (errno != 0) { - merror_exit(RWLOCK_LOCK_RD, strerror(errno), errno); + LogCritical(RWLOCK_LOCK_RD, strerror(errno), errno); } errno = pthread_mutex_unlock(&rwlock->mutex); if (errno != 0) { - merror_exit(MUTEX_UNLOCK, strerror(errno), errno); + LogCritical(MUTEX_UNLOCK, strerror(errno), errno); } } @@ -53,17 +53,17 @@ void rwlock_lock_read(rwlock_t * rwlock) { void rwlock_lock_write(rwlock_t * rwlock) { errno = pthread_mutex_lock(&rwlock->mutex); if (errno != 0) { - merror_exit(MUTEX_LOCK, strerror(errno), errno); + LogCritical(MUTEX_LOCK, strerror(errno), errno); } errno = pthread_rwlock_wrlock(&rwlock->rwlock); if (errno != 0) { - merror_exit(RWLOCK_LOCK_WR, strerror(errno), errno); + LogCritical(RWLOCK_LOCK_WR, strerror(errno), errno); } errno = pthread_mutex_unlock(&rwlock->mutex); if (errno != 0) { - merror_exit(MUTEX_UNLOCK, strerror(errno), errno); + LogCritical(MUTEX_UNLOCK, strerror(errno), errno); } } @@ -72,7 +72,7 @@ void rwlock_lock_write(rwlock_t * rwlock) { void rwlock_unlock(rwlock_t * rwlock) { errno = pthread_rwlock_unlock(&rwlock->rwlock); if (errno != 0) { - merror_exit(RWLOCK_UNLOCK, strerror(errno), errno); + LogCritical(RWLOCK_UNLOCK, strerror(errno), errno); } } @@ -81,11 +81,11 @@ void rwlock_unlock(rwlock_t * rwlock) { void rwlock_destroy(rwlock_t * rwlock) { errno = pthread_mutex_destroy(&rwlock->mutex); if (errno != 0) { - merror_exit(MUTEX_DESTROY, strerror(errno), errno); + LogCritical(MUTEX_DESTROY, strerror(errno), errno); } errno = pthread_rwlock_destroy(&rwlock->rwlock); if (errno != 0) { - merror_exit(RWLOCK_DESTROY, strerror(errno), errno); + LogCritical(RWLOCK_DESTROY, strerror(errno), errno); } } diff --git a/src/common/schedule_scan/src/schedule_scan.c b/src/common/schedule_scan/src/schedule_scan.c index 5e01868b39..7b9d7d297c 100644 --- a/src/common/schedule_scan/src/schedule_scan.c +++ b/src/common/schedule_scan/src/schedule_scan.c @@ -49,25 +49,25 @@ int sched_scan_read(sched_scan_config *scan_config, xml_node **nodes, const char for (i = 0; nodes[i]; i++) { if (!strcmp(nodes[i]->element, XML_SCAN_DAY)) { // if (!OS_StrIsNum(nodes[i]->content)) { - merror(XML_VALUEERR, nodes[i]->element, nodes[i]->content); + LogError(XML_VALUEERR, nodes[i]->element, nodes[i]->content); return (OS_INVALID); } else { scan_config->scan_day = atoi(nodes[i]->content); if (scan_config->scan_day < 1 || scan_config->scan_day > 31) { - merror(XML_VALUEERR, nodes[i]->element, nodes[i]->content); + LogError(XML_VALUEERR, nodes[i]->element, nodes[i]->content); return (OS_INVALID); } } } else if (!strcmp(nodes[i]->element, XML_WEEK_DAY)) { // scan_config->scan_wday = w_validate_wday(nodes[i]->content); if (scan_config->scan_wday < 0 || scan_config->scan_wday > 6) { - merror(XML_VALUEERR, nodes[i]->element, nodes[i]->content); + LogError(XML_VALUEERR, nodes[i]->element, nodes[i]->content); return OS_INVALID; } } else if (!strcmp(nodes[i]->element, XML_TIME)) { // scan_config->scan_time = w_validate_time(nodes[i]->content); if (!scan_config->scan_time) { - merror(XML_VALUEERR, nodes[i]->element, nodes[i]->content); + LogError(XML_VALUEERR, nodes[i]->element, nodes[i]->content); return (OS_INVALID); } } else if (!strcmp(nodes[i]->element, XML_INTERVAL)) { // @@ -75,7 +75,7 @@ int sched_scan_read(sched_scan_config *scan_config, xml_node **nodes, const char scan_config->interval = strtoul(nodes[i]->content, &endptr, 0); if (scan_config->interval <= 0 || scan_config->interval >= UINT_MAX) { - merror("Invalid interval value at module '%s'", MODULE_NAME); + LogError("Invalid interval value at module '%s'", MODULE_NAME); return OS_INVALID; } @@ -100,7 +100,7 @@ int sched_scan_read(sched_scan_config *scan_config, xml_node **nodes, const char case '\0': break; default: - merror("Invalid interval value at module '%s'", MODULE_NAME); + LogError("Invalid interval value at module '%s'", MODULE_NAME); return OS_INVALID; } } @@ -150,11 +150,11 @@ static time_t _get_next_time(const sched_scan_config *config, const char *MODULE return (time_t)config->interval; } } else { - mtwarn(MODULE_TAG, "Interval overtaken."); + LogWarn(MODULE_TAG, "Interval overtaken."); return 0; } } else { - merror_exit("Invalid Scheduling option for module %s. Exiting.", MODULE_TAG); + LogCritical("Invalid Scheduling option for module %s. Exiting.", MODULE_TAG); } return 0; } @@ -163,11 +163,11 @@ static time_t _get_next_time(const sched_scan_config *config, const char *MODULE static int _sched_scan_validate_parameters(sched_scan_config *scan_config) { // Validate scheduled scan parameters and interval value if (scan_config->scan_day && (scan_config->scan_wday >= 0)) { - merror("Options 'day' and 'wday' are not compatible."); + LogError("Options 'day' and 'wday' are not compatible."); return OS_INVALID; } else if (scan_config->scan_day) { if (!scan_config->month_interval) { - mwarn("Interval must be a multiple of one month. New interval value: 1M"); + LogWarn("Interval must be a multiple of one month. New interval value: 1M"); scan_config->interval = 1; // 1 month scan_config->month_interval = true; } @@ -176,7 +176,7 @@ static int _sched_scan_validate_parameters(sched_scan_config *scan_config) { } else if (scan_config->scan_wday >= 0) { if (w_validate_interval(scan_config->interval, 1) != 0) { scan_config->interval = 604800; // 1 week - mwarn("Interval must be a multiple of one week. New interval value: 1w"); + LogWarn("Interval must be a multiple of one week. New interval value: 1w"); } if (scan_config->interval == 0) scan_config->interval = 604800; @@ -185,10 +185,10 @@ static int _sched_scan_validate_parameters(sched_scan_config *scan_config) { } else if (scan_config->scan_time) { if (w_validate_interval(scan_config->interval, 0) != 0) { scan_config->interval = WM_DEF_INTERVAL; // 1 day - mwarn("Interval must be a multiple of one day. New interval value: 1d"); + LogWarn("Interval must be a multiple of one day. New interval value: 1d"); } } else if (scan_config->month_interval) { - mwarn("Interval value is in months. Setting scan day to first day of the month."); + LogWarn("Interval value is in months. Setting scan day to first day of the month."); scan_config->scan_day = 1; scan_config->scan_time = strdup("00:00"); } diff --git a/src/common/sig_op/src/sig_op.c b/src/common/sig_op/src/sig_op.c index da26bdda40..df3a31de7d 100644 --- a/src/common/sig_op/src/sig_op.c +++ b/src/common/sig_op/src/sig_op.c @@ -20,7 +20,6 @@ #include "shared.h" #include "sig_op.h" #include "file_op.h" -#include "debug_op.h" #include "error_messages/error_messages.h" #include "error_messages/debug_messages.h" @@ -46,7 +45,7 @@ void HandleExit() { void HandleSIG(int sig) { - minfo(SIGNAL_RECV, sig, strsignal(sig)); + LogInfo(SIGNAL_RECV, sig, strsignal(sig)); exit(1); } diff --git a/src/common/sqliteWrapper/CMakeLists.txt b/src/common/sqliteWrapper/CMakeLists.txt index fd8f24c852..a7cac715f7 100644 --- a/src/common/sqliteWrapper/CMakeLists.txt +++ b/src/common/sqliteWrapper/CMakeLists.txt @@ -1,5 +1,3 @@ -cmake_minimum_required(VERSION 3.12.4) +add_library(sqliteWrapper INTERFACE) -if(UNIT_TEST) - add_subdirectory(tests) -endif() +target_include_directories(sqliteWrapper INTERFACE include) diff --git a/src/common/sqliteWrapper/include/sqliteWrapperTemp.h b/src/common/sqliteWrapper/include/sqliteWrapperTemp.h index 280df56af9..9862099a37 100644 --- a/src/common/sqliteWrapper/include/sqliteWrapperTemp.h +++ b/src/common/sqliteWrapper/include/sqliteWrapperTemp.h @@ -12,10 +12,9 @@ #ifndef _SQLITE_WRAPPER_TEMP_H #define _SQLITE_WRAPPER_TEMP_H -#include "sqlite3.h" +#include #include #include -#include "makeUnique.h" #include "customDeleter.hpp" #include #include @@ -23,6 +22,12 @@ #include #include +#if defined(__GNUC__) || defined(__clang__) +#define ATTR_RET_NONNULL __attribute__((__returns_nonnull__)) +#else +#define ATTR_RET_NONNULL +#endif + using DBSyncExceptionType = const std::pair; DBSyncExceptionType FACTORY_INSTANTATION { std::make_pair(1, "Unspecified type during factory instantiation") }; @@ -56,7 +61,7 @@ namespace DbSync class dbsync_error : public std::exception { public: - __attribute__((__returns_nonnull__)) + ATTR_RET_NONNULL const char* what() const noexcept override { return m_error.what(); @@ -90,7 +95,7 @@ namespace DbSync class max_rows_error : public std::exception { public: - __attribute__((__returns_nonnull__)) + ATTR_RET_NONNULL const char* what() const noexcept override { return m_error.what(); @@ -114,7 +119,7 @@ constexpr auto DB_PERMISSIONS }; -namespace SQLite +namespace SQLiteLegacy { const constexpr auto MAX_ROWS_ERROR_STRING {"Too Many Rows."}; @@ -188,9 +193,9 @@ namespace SQLite }; -}//namespace SQLite +}//namespace SQLiteLegacy -using namespace SQLite; +using namespace SQLiteLegacy; using ExpandedSQLPtr = std::unique_ptr>; static void checkSqliteResult(const int result, @@ -228,7 +233,7 @@ static sqlite3_stmt* prepareSQLiteStatement(std::shared_ptr& connec return pStatement; } -namespace SQLite +namespace SQLiteLegacy { class Connection : public IConnection { @@ -506,7 +511,7 @@ namespace SQLite std::unique_ptr column(const int32_t index) { - return std::make_unique(m_stmt, index); + return std::make_unique(m_stmt, index); } int columnsCount() const diff --git a/src/common/store_op/src/store_op.c b/src/common/store_op/src/store_op.c index aa7d2e2c17..b8f513a662 100644 --- a/src/common/store_op/src/store_op.c +++ b/src/common/store_op/src/store_op.c @@ -319,7 +319,7 @@ int OSStore_Put(OSStore *list, const char *key, void *data) /* Allocate memory for new node */ newnode = (OSStoreNode *) calloc(1, sizeof(OSStoreNode)); if (!newnode) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); return (0); } @@ -329,7 +329,7 @@ int OSStore_Put(OSStore *list, const char *key, void *data) newnode->key = strdup(key); if (!newnode->key) { free(newnode); - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); return (0); } newnode->key_size = strlen(key); diff --git a/src/common/stringHelper/include/stringHelper.h b/src/common/stringHelper/include/stringHelper.h index 28dfb807a9..fe8e727482 100644 --- a/src/common/stringHelper/include/stringHelper.h +++ b/src/common/stringHelper/include/stringHelper.h @@ -46,21 +46,21 @@ namespace Utils for (auto it = data.begin(); it != data.end(); ++it) { - const uint8_t ch = *it; + const uint8_t ch = static_cast(static_cast(*it)); // ASCII character if (ch < UTF8_2BYTE_FIRST_CODE_VALUE) { - strOut.push_back(ch); + strOut.push_back(static_cast(ch)); } // Extended ASCII else { // 2-byte sequence // 110xxxxx - strOut.push_back(UTF8_2BYTE_SEQ | ch >> UTF8_2BYTE_SEQ_VALUE_LEN); + strOut.push_back(static_cast(UTF8_2BYTE_SEQ | (ch >> UTF8_2BYTE_SEQ_VALUE_LEN))); // 10xxxxxx - strOut.push_back(UTF8_2BYTE_FIRST_CODE_VALUE | (ch & UTF8_2BYTE_MASK)); + strOut.push_back(static_cast(UTF8_2BYTE_FIRST_CODE_VALUE | (ch & UTF8_2BYTE_MASK))); } } diff --git a/src/common/stringHelper/tests/main.cpp b/src/common/stringHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/stringHelper/tests/main.cpp +++ b/src/common/stringHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/stringHelper/tests/stringHelper_test.h b/src/common/stringHelper/tests/stringHelper_test.h index 44c5ae6086..9320578307 100644 --- a/src/common/stringHelper/tests/stringHelper_test.h +++ b/src/common/stringHelper/tests/stringHelper_test.h @@ -23,4 +23,5 @@ class StringUtilsTest : public ::testing::Test void SetUp() override; void TearDown() override; }; -#endif //STRING_HELPER_TESTS_H \ No newline at end of file + +#endif //STRING_HELPER_TESTS_H diff --git a/src/common/string_op/CMakeLists.txt b/src/common/string_op/CMakeLists.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/common/string_op/include/string_op.h b/src/common/string_op/include/string_op.h deleted file mode 100644 index 51c142ac38..0000000000 --- a/src/common/string_op/include/string_op.h +++ /dev/null @@ -1,406 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef H_STRINGOP_OS -#define H_STRINGOP_OS - -#include -#include - -#ifdef WIN32 -#include -#include - -#ifndef WC_ERR_INVALID_CHARS -#define WC_ERR_INVALID_CHARS 0x80 -#endif - -/* converts a Windows format string to char* */ -char *convert_windows_string(LPCWSTR string); -#endif - -// Time values for conversion -#define W_WEEK_SECONDS 604800 -#define W_DAY_SECONDS 86400 -#define W_HOUR_SECONDS 3600 -#define W_MINUTE_SECONDS 60 - -// Time units -#define W_WEEKS_L "week(s)" -#define W_WEEKS_S "w" -#define W_DAYS_L "day(s)" -#define W_DAYS_S "d" -#define W_HOURS_L "hour(s)" -#define W_HOURS_S "h" -#define W_MINUTES_L "minute(s)" -#define W_MINUTES_S "m" -#define W_SECONDS_L "second(s)" -#define W_SECONDS_S "s" - -// Convert string to lowercase -#define str_lowercase(str_lc) { char *x = str_lc; while (*x != '\0') { *x = tolower(*x); x++; } } - -// Convert string to uppercase -#define str_uppercase(str_lc) { char *x = str_lc; while (*x != '\0') { *x = toupper(*x); x++; } } - -// Convert double to string -#define w_double_str(x) ({char *do_str; os_calloc(20, sizeof(char),do_str); snprintf(do_str, 19, "%f", x); do_str;}) - -// Convert long to string -#define w_long_str(x) ({char *do_str; os_calloc(32, sizeof(char),do_str); snprintf(do_str, 31, "%ld", x); do_str;}) - -// Replace a character in a string -#define wchr_replace(x, y, z) { char *x_it; for (x_it = x; *x_it != '\0'; x_it++) if (*x_it == y) *x_it = z; } - -// Count the words of a string -#define w_word_counter(x) ({ int w_count = 0; char *w_it = x; \ - while (*w_it) { if (*w_it != ' ') { w_count++; while (*w_it != ' ' && *w_it != '\0') w_it++; continue;} w_it++;} w_count;}) - -// Check if a string is a number. It does not work with signs (+/-) -#define w_str_is_number(str) ({char *x = str; for (; *x != '\0'; x++) if (!isdigit(*x)) { x = NULL; break;} x;}) - -/* Trim the CR and/or LF from the last positions of a string */ -void os_trimcrlf(char *str); - -/* Similiar to Perl's substr() function */ -int os_substr(char *dest, const char *src, size_t position, ssize_t length) __attribute__((nonnull(1))); - -/* Remove a character from a string */ -char *os_strip_char(const char *source, char remove) __attribute__((nonnull)); - -/* Escape a list of characters with a backslash */ -char *os_shell_escape(const char *src); - -/* Count the number of repetitions of needle at haystack */ -size_t os_strcnt(const char *haystack, char needle); - -// Trim whitespaces from string -char * w_strtrim(char * string); - -// Add a dynamic field with object nesting -void W_JSON_AddField(cJSON *root, const char *key, const char *value); - -// Converts a CSV list into JSON style string array ("a,s,d" -> ["a","s","d"]) -void csv_list_to_json_str_array(char * const csv_list, char **buffer); - -// Searches haystack for needle. Returns 1 if needle is found in haystack. -int w_str_in_array(const char * needle, const char ** haystack); - -/* Filter escape characters */ -char* filter_special_chars(const char *string); - -// Replace substrings -char * wstr_replace(const char * string, const char * search, const char * replace); - -// Locate first occurrence of non escaped character in string -char * wstr_chr(const char * str, char character); - -/** - * @brief Locate first occurrence of non escaped character in string. - * - * @param str A valid pointer to a string where look for a non escaped character. - * @param character The non escaped character. - * @param escape The character used to escape. - * @return The position of the non escaped character, or NULL if fail. - */ -char * wstr_chr_escape(const char * str, char character, char escape); - -/** - * @brief Escape a specific character from a character string. - * - * @param dststr A valid pointer to a char buffer where escaped string will be stored. - * @param dst_size The dststr size to control buffer overflow. - * @param str A valid pointer to a string to escape. - * @param escape The character used to escape. - * @param match The value to escape. - * @return The size of the dststr if success, or OS_INVALID if fail. - */ -ssize_t wstr_escape(char *dststr, size_t dst_size, const char *str, char escape, char match); - -/** - * @brief Unescape a specific character from a character string. - * - * @param dststr A valid pointer to a char buffer where unescaped string will be stored. - * @param dst_size The dststr size to control buffer overflow. - * @param str A valid pointer to a string to unescape. - * @param escape The character used to unescape. - * @return The size of the dststr if success, or OS_INVALID if fail. - */ -ssize_t wstr_unescape(char *dststr, size_t dst_size, const char *str, char escape); - -// Free string array -void free_strarray(char ** array); - -// Get the size of a string array -size_t strarray_size(char ** array); - -// Delete last occurrence of duplicated string -char * wstr_delete_repeated_groups(const char * string); - -/* Concatenate strings with optional separator - * - * str1 must be a valid pointer to NULL or a string at heap - * Returns 0 if success, or -1 if fail. - */ -int wm_strcat(char **str1, const char *str2, char sep); - -// Check if str ends in str_end -int wstr_end(char *str, const char *str_end); - -/* Split a string within splitted_str - * - delim: Words delimiter - * - occurrences: Words by division - * - replace_delim: (Optional) Replace the delimiter with a new one -*/ - -void wstr_split(char *str, char *delim, char *replace_delim, int occurrences, char ***splitted_str); - -// Check if the specified string is already in the array -int w_is_str_in_array(char *const *ar, const char *str); - -// Remove zeros from the end of the decimal number -void w_remove_zero_dec(char *str_number); - -/* Similar to strtok_r but checks for full delim appearances */ -char *w_strtok_r_str_delim(const char *delim, char **remaining_str); - -// Returns the characters number of the string source if, only if, source is included completely in str, 0 in other case. -int w_compare_str(const char * source, const char * str); -const char * find_string_in_array(char * const string_array[], size_t array_len, const char * const str, const size_t str_len); - -char *decode_hex_buffer_2_ascii_buffer(const char * const encoded_buffer, const size_t buffer_size); - -/** - * @brief Parse boolean string - * - * @param string Input string. - * @pre string is not null. - * @retval 1 True. - * @retval 0 False. - * @retval -1 Cannot parse string. - */ -int w_parse_bool(const char * string); - -/** - * @brief Parse positive time string into seconds - * - * Format: ^[0-9]+(s|m|h|d|w)? - * - * s: seconds - * m: minutes - * h: hours - * d: days - * w: weeks - * - * Any character after the first byte is ignored. - * - * @param string Input string. - * @pre string is not null. - * @return Time represented in seconds. - * @retval -1 Cannot parse string, or value is negative. - */ -long w_parse_time(const char * string); - -/** - * @brief Parse positive size string into bytes - * - * Format: ^[0-9]+(b|B|k|K|m|M|g|G)? - * - * b/B: bytes - * k/K: kilobytes - * m/M: megabytes - * g/G: gigabytes - * - * Any character after the first byte is ignored. - * - * @param string Input string. - * @pre string is not null. - * @return Size represented in bytes. - * @retval -1 Cannot parse string, or value is negative. - */ -ssize_t w_parse_size(const char * string); - -/** - * @brief Convert seconds into the greater valid time unit (s|m|h|d|w). - * The conversion will always round down the output. - * - * s: seconds - * m: minutes - * h: hours - * d: days - * w: weeks - * - * @param seconds Positive amount of seconds. - * @param long_format Format of the output. - * TRUE: long format ("second(s)"). - * FALSE: short format ("s") - * @return String with the time unit. - * @retval "invalid" if the input is negative. A time unit if the input is valid. - */ -char* w_seconds_to_time_unit(long seconds, bool long_format); - -/** - * @brief Convert seconds into the greater time value. - * * The conversion will always round down the output. - * - * @param seconds Positive amount of seconds. - * @return Value of the seconds converted to the greater time unit. - * @retval - if the input is negative. A time value if the input is valid. - */ -long w_seconds_to_time_value(long seconds); - -/* - * @brief Length of the initial segment of s which consists entirely of non-escaped bytes different from reject - * - * @param s String. - * @param reject String delimiter. - * @return size_t Number of bytes in s that are not reject. - */ -size_t strcspn_escaped(const char * s, char reject); - -/** - * @brief Escape JSON reserved characters - * - * Add an escape to the following bytes: \b \t \n \f \r " \ - * - * @param string Input string - * @return Pointer to a new string containg an escaped copy of "string" - */ -char * wstr_escape_json(const char * string); - -/** - * @brief Unescape JSON reserved characters - * - * Unescape sets '\b', '\t', '\n', '\f', '\r', '\"' and '\\'. - * Bypass any other escape attempt. - * - * @param string Input string - * @return Pointer to a new string containg an unescaped copy of "string" - */ -char * wstr_unescape_json(const char * string); - -/** - * @brief Lowercase a string - * - * @param string Input string - * @return Pointer to a new string containing a lowercased copy of "string" - */ -char * w_tolower_str(const char *string); - -/* b64 function prototypes */ -char *decode_base64(const char *src); -char *encode_base64(int size, const char *src); - -/** - * @brief Verify the string is not truncated after executing snprintf - * - * @param str Pointer to a buffer where the resulting string is stored. - * @param size Maximum number of bytes to be used in the buffer. - * @param format String that contains a format string that follows the same specifications as format in printf. - * @param ... Depending on the format string, the function may expect a sequence of additional arguments. - * @return int The number of characters that would have been written if size had been sufficiently large. - */ -int os_snprintf(char *str, size_t size, const char *format, ...); - -/** - * @brief Remove a substring from a string. - * - * @param str Original string. - * @param sub Substring to remove from the string. - * @return char* String after removing the substring. - */ -char * w_remove_substr(char *str, const char *sub); - -/** - * @brief Returns a copy of the first n characters of str. - * - * If str is longer than n, only n characters are copied (a terminating character ('\0') is added). - * if n is zero an empty string is returned. - * @param str String to copy. - * @param n Maximum number of characters to copy. - * @return char* New string copy of str[:n] or NULL if str is null - */ -char * w_strndup(const char *str, size_t n); - -/** - * @brief Split a string into an array of strings separated by given delimiters. - * @param string_to_split String to split. - * @param delim String with the delimiters used to split. - * @param max_array_size Maximum number of strings returned in the array, if it is 0 no limit will be applied. - * @return char** Returns an array of string. - */ -char ** w_string_split(const char *string_to_split, const char *delim, int max_array_size); - -/** - * @brief Append two strings - * - * This function produces a string with length #a + n, and joins the content - * of a and the first n bytes of b. - * Semantics are like: a += b[:n]. - * - * @param a First string. - * @param b Second string. - * @param n Length of the left-substring in b that will be copied. - * @return Pointer to a zero-ended string that contains the concatenation of a + b. - * @pre a may be NULL. In that case, this function returns strdup(b). - * @pre b must contain at less n valid bytes. - * @post String a is freed and it's not valid after calling this function. - */ -char* w_strcat(char *a, const char *b, size_t n); - -/** - * @brief Append a string into the n-th position of a string array - * - * Extends the size of the array to (n + 1) pointers, sets array[n] to string, - * and terminates the array with NULL. - * - * @param array Pointer to the source string array, that will be extended. - * @param string Pointer to the string that will be inserted into the array. - * @param n Position of the current tail of the array (null pointer). - * @return A pointer to a string array. - * @pre array has n valid positions before calling this function. - * @post array holds the same pointer that this function received, i.e. strings are not duplicated. - * @post The pointer to array is no longer valid as it's resized. - */ -char** w_strarray_append(char **array, char *string, int n); - -/** - * @brief Tokenize string separated by spaces, respecting double-quotes - * - * Splits words in a string separated by spaces into an array. - * Parts within double-quotes are not splitted. - * The backslash character escapes spaces, double-quotes and backslashes. - * - * @param string Pointer to the source string. - * @return Pointer to a NULL-terminated string array. - * @post The structure returned must be freed with free_strarray(). - */ -char** w_strtok(const char *string); - -/** - * @brief Concatenate a NULL-terminated string list into a single string - * - * @param list String list to concatenate - * @param sep Optional separator. Set to 0 if unused. - * @return Allocated string with list concatenation. - */ -char* w_strcat_list(char ** list, char sep); - -/** - * @brief Convert a given string to hexadecimal and store it in a buffer - * @param src_buf Input buffer containing the string to be converted - * @param src_size Input buffer size - * @param dst_buf Output buffer where to store the converted string - * @param dst_size Output buffer size - * @return OS_SUCCESS on success, OS_INVALID on failure - */ -int print_hex_string(const char *src_buf, unsigned int src_size, char *dst_buf, unsigned int dst_size); - -#endif diff --git a/src/common/string_op/src/string_op.c b/src/common/string_op/src/string_op.c deleted file mode 100644 index 584620f131..0000000000 --- a/src/common/string_op/src/string_op.c +++ /dev/null @@ -1,1233 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "string.h" -#include "../os_regex/os_regex.h" -#include "string_op.h" - -#ifdef WIN32 -#ifdef EVENTCHANNEL_SUPPORT -#define _WIN32_WINNT 0x0600 -#endif -#endif - -/* Trim CR and/or LF from the last positions of a string */ -void os_trimcrlf(char *str) -{ - if (str == NULL) { - return; - } - - if (*str == '\0') { - return; - } - - size_t len = strlen(str); - len--; - - while (str[len] == '\n' || str[len] == '\r') { - str[len] = '\0'; - - if (len == 0) { - break; - } - - len--; - } -} - -/* Remove offending char (e.g., double quotes) from source */ -char *os_strip_char(const char *source, char remove) -{ - char *clean; - const char *iterator = source; - size_t length = 0; - int i; - - /* Figure out how much memory to allocate */ - for ( ; *iterator; iterator++ ) { - if ( *iterator != remove ) { - length++; - } - } - - /* Allocate the memory */ - if ( (clean = (char *) malloc( length + 1 )) == NULL ) { - // Return NULL - return NULL; - } - memset(clean, '\0', length + 1); - - /* Remove the characters */ - iterator = source; - for ( i = 0; *iterator; iterator++ ) { - if ( *iterator != remove ) { - clean[i] = *iterator; - i++; - } - } - - return clean; -} - -/* Do a substring */ -int os_substr(char *dest, const char *src, size_t position, ssize_t length) -{ - dest[0] = '\0'; - - if ( length <= 0 ) { - /* Unsupported negative length string */ - return -3; - } - if ( src == NULL ) { - return -2; - } - if ( position >= strlen(src) ) { - return -1; - } - - strncat(dest, (src + position), (size_t) length); - - return 0; -} - -/* Escape a set of characters */ -char *os_shell_escape(const char *src) -{ - /* Maximum Length of the String is 2 times the current length */ - char shell_escapes[22] = { '\\', '"', '\'', '\t', ';', '`', '>', '<', '|', '#', - '*', '[', ']', '{', '}', '&', '$', '!', ':', '(', ')' - }; - - char *escaped_string; - size_t length = 0; - int i = 0; - - if (src == NULL) { - return NULL; - } - - /* Determine how long the string will be */ - const char *iterator = src; - for (; *iterator; iterator++) { - if (strchr(shell_escapes, *iterator)) { - if ((*iterator == '\\') && *(iterator+1) && strchr(shell_escapes, *(iterator+1))) { - // avoid scape because it's already scaped - iterator++; - } - length++; - } - length++; - } - /* Allocate memory */ - if ((escaped_string = (char *) calloc(1, length + 1 )) == NULL) { - return NULL; - } - - /* Escape the escapable characters */ - iterator = src; - for (i = 0; *iterator; iterator++) { - if (strchr(shell_escapes, *iterator)) { - if ((*iterator == '\\') && *(iterator+1) && strchr(shell_escapes, *(iterator+1))) { - // avoid scape because it's already scaped - escaped_string[i] = *iterator; - i++; - iterator++; - } else { - escaped_string[i] = '\\'; - i++; - } - } - escaped_string[i] = *iterator; - i++; - } - - return escaped_string; -} - -/* Count the number of repetitions of needle at haystack */ -size_t os_strcnt(const char *haystack, char needle) { - size_t count = 0; - char *ptr; - - for (ptr = strchr(haystack, needle); ptr; ptr = strchr(ptr + 1, needle)) - count++; - - return count; -} - -// Trim whitespaces from string - -char * w_strtrim(char * string) { - char *c; - char *d; - - if(string != NULL) { - string = &string[strspn(string, " ")]; - for (c = string + strcspn(string, " "); *(d = c + strspn(c, " ")); c = d + strcspn(d, " ")); - *c = '\0'; - } - return string; -} - -// Add a dynamic field with object nesting -void W_JSON_AddField(cJSON *root, const char *key, const char *value) { - - cJSON *object; - char *current; - char *nest = strchr(key, '.'); - size_t length; - - if (nest) { - length = nest - key; - os_malloc(length + 1, current); - strncpy(current, key, length); - current[length] = '\0'; - - if (object = cJSON_GetObjectItem(root, current), object) { - if (cJSON_IsObject(object)) { - W_JSON_AddField(object, nest + 1, value); - } - } else { - cJSON_AddItemToObject(root, current, object = cJSON_CreateObject()); - W_JSON_AddField(object, nest + 1, value); - } - - free(current); - } else if (!cJSON_GetObjectItem(root, key)) { - const char *jsonErrPtr; - cJSON * value_json = NULL; - - if (*value == '[' && - (value_json = cJSON_ParseWithOpts(value, &jsonErrPtr, 0), value_json) && - (*jsonErrPtr == '\0')) { - cJSON_AddItemToObject(root, key, value_json); - } else { - if (value_json) { - cJSON_Delete(value_json); - } - cJSON_AddStringToObject(root, key, value); - } - } -} - -void csv_list_to_json_str_array(char * const csv_list, char **buffer) -{ - cJSON *array = cJSON_CreateArray(); - char *remaining_str = NULL; - char *element = strtok_r(csv_list, ",", &remaining_str); - - while (element) { - cJSON *obj = cJSON_CreateString(element); - cJSON_AddItemToArray(array, obj); - element = strtok_r(NULL, ",", &remaining_str); - } - *buffer = cJSON_Print(array); - cJSON_Delete(array); -} - -// Searches haystack for needle. Returns 1 if needle is found in haystack. -int w_str_in_array(const char * needle, const char ** haystack) { - int i; - - if (!(needle && haystack)) { - return 0; - } - - for (i = 0; haystack[i]; i++) { - if (strcmp(needle, haystack[i]) == 0) { - return 1; - } - } - - return 0; -} - -/* Filter escape characters */ - -char* filter_special_chars(const char *string) { - int i, j = 0; - int n = strlen(string); - char *filtered = malloc(n + 1); - - if (!filtered) - return NULL; - - for (i = 0; i <= n; i++) - filtered[j++] = (string[i] == '\\') ? string[++i] : string[i]; - - return filtered; -} - -// Replace substrings - -char * wstr_replace(const char * string, const char * search, const char * replace) { - char * result; - const char * scur; - const char * snext; - size_t wi = 0; - size_t zcur; - - if (!(string && search && replace)) { - return NULL; - } - - const size_t ZSEARCH = strlen(search); - const size_t ZREPLACE = strlen(replace); - - os_malloc(sizeof(char), result); - - for (scur = string; snext = strstr(scur, search), snext; scur = snext + ZSEARCH) { - zcur = snext - scur; - os_realloc(result, wi + zcur + ZREPLACE + 1, result); - memcpy(result + wi, scur, zcur); - wi += zcur; - memcpy(result + wi, replace, ZREPLACE); - wi += ZREPLACE; - } - - // Copy last chunk - - zcur = strlen(scur); - os_realloc(result, wi + zcur + 1, result); - memcpy(result + wi, scur, zcur); - wi += zcur; - - result[wi] = '\0'; - return result; -} - -// Locate first occurrence of non '\\' escaped character in string - -char * wstr_chr(const char * str, char character) { - - return wstr_chr_escape(str, character, '\\'); -} - -// Locate first occurrence of non escaped character in string - -char * wstr_chr_escape(const char * str, char character, char escape) { - bool escaped = false; - - for (;*str != '\0'; str++) { - if (!escaped) { - if (*str == character) { - return (char *)str; - } - if (*str == escape) { - escaped = true; - } - } else { - escaped = false; - } - } - return NULL; -} - -// Escape a specific character from a character string - -ssize_t wstr_escape(char *dststr, size_t dst_size, const char *str, char escape, char match) { - - if (str == NULL || dststr == NULL) { - return OS_INVALID; - } - - size_t i = 0; // Read position - size_t j = 0; // Write position - size_t z; // Span length - - char charset[3] = {escape, match, '\0'}; - - do { - z = strcspn(str + i, charset); - - if (str[i + z] == '\0' || (j + z) >= (dst_size - 2)) { - z = (z + j <= dst_size - 1) ? z : (dst_size - j - 1); - // End of str - strncpy(dststr + j, str + i, z); - } else { - // Reserved character - strncpy(dststr + j, str + i, z); - dststr[j + z] = escape; - if (str[i + z] == escape) { - dststr[j + z + 1] = escape; - } else { - dststr[j + z + 1] = match; - } - z++; - j++; - } - - j += z; - i += z; - } while (str[i] != '\0' && j < (dst_size - 2)); - - dststr[j] = '\0'; - return j; -} - -// Unescape a specific character from a character string - -ssize_t wstr_unescape(char *dststr, size_t dst_size, const char *str, char escape) { - - if (str == NULL || dststr == NULL) { - return OS_INVALID; - } - - size_t i = 0; // Read position - size_t j = 0; // Write position - size_t z; // Span length - - char charset[2] = {escape, '\0'}; - - do { - z = strcspn(str + i, charset); - z = (z + j <= dst_size - 1) ? z : (dst_size - j - 1); - - strncpy(dststr + j, str + i, z); - j += z; - i += z; - - if (str[i] != '\0' && j < (dst_size - 1)) { - - if (str[i + 1] == escape) { - dststr[j++] = str[i++]; - } - else if (str[i + 1] == '\0') { - dststr[j++] = str[i]; - } - i++; - } - - } while (str[i] != '\0' && j < (dst_size - 1)); - - dststr[j] = '\0'; - return j; -} - -#ifdef WIN32 - -char *convert_windows_string(LPCWSTR string) -{ - char *dest = NULL; - size_t size = 0; - int result = 0; - - if (string == NULL) { - return (NULL); - } - - /* Determine size required */ - size = WideCharToMultiByte(CP_UTF8, - WC_ERR_INVALID_CHARS, - string, - -1, - NULL, - 0, - NULL, - NULL); - - if (size == 0) { - mferror( - "Could not WideCharToMultiByte() when determining size which returned (%lu)", - GetLastError()); - return (NULL); - } - - if ((dest = calloc(size, sizeof(char))) == NULL) { - mferror( - "Could not calloc() memory for WideCharToMultiByte() which returned [(%d)-(%s)]", - errno, - strerror(errno) - ); - return (NULL); - } - - result = WideCharToMultiByte(CP_UTF8, - WC_ERR_INVALID_CHARS, - string, - -1, - dest, - size, - NULL, - NULL); - - if (result == 0) { - mferror( - "Could not WideCharToMultiByte() which returned (%lu)", - GetLastError()); - free(dest); - return (NULL); - } - - return (dest); -} - -#endif - -// Free string array -void free_strarray(char ** array) { - int i; - - if (array) { - for (i = 0; array[i]; ++i) { - free(array[i]); - } - - free(array); - } -} - -// Get the size of a string array -size_t strarray_size(char ** array) { - size_t size = 0; - - if (array) { - while (array[size]) { - size++; - } - } - return size; -} - -char * wstr_delete_repeated_groups(const char * string){ - char **aux; - char *result = NULL; - int i, k; - - aux = OS_StrBreak(MULTIGROUP_SEPARATOR, string, MAX_GROUPS_PER_MULTIGROUP); - - for (i=0; aux[i] != NULL; i++) { - for (k=0; k < i; k++){ - if (!strcmp(aux[k], aux[i])) { - break; - } - } - - // If no duplicate found, append - if (k == i) { - wm_strcat(&result, aux[i], MULTIGROUP_SEPARATOR); - } - } - - free_strarray(aux); - return result; -} - - -// Concatenate strings with optional separator - -int wm_strcat(char **str1, const char *str2, char sep) { - size_t len1; - size_t len2; - - if (str2) { - len2 = strlen(str2); - - if (*str1) { - len1 = strlen(*str1); - os_realloc(*str1, len1 + len2 + (sep ? 2 : 1), *str1); - - if (sep) - memcpy(*str1 + (len1++), &sep, 1); - } else { - len1 = 0; - os_malloc(len2 + 1, *str1); - } - - memcpy(*str1 + len1, str2, len2 + 1); - return 0; - } else - return -1; -} - -int wstr_end(char *str, const char *str_end) { - size_t str_len = strlen(str); - size_t str_end_len = strlen(str_end); - return str_end_len <= str_len && !strcmp(str + str_len - str_end_len, str_end); -} - -void wstr_split(char *str, char *delim, char *replace_delim, int occurrences, char ***splitted_str) { - char *new_delim = replace_delim ? replace_delim : delim; - size_t new_delim_size = strlen(replace_delim ? replace_delim : delim); - int count = 0; - int splitted_count; - char *str_cpy, *str_cpy_ref; - char *str_it; - char **acc_strs; - char *saveptr; - - if (occurrences < 1) { - return; - } - - os_strdup(str, str_cpy); - str_cpy_ref = str_cpy; - str_it = strtok_r(str_cpy, delim, &saveptr); - - os_calloc(occurrences, sizeof(char *), acc_strs); - - for (splitted_count = 0; *splitted_str && (*splitted_str)[splitted_count]; splitted_count++); - - for (; str_it && *str_it; count++) { - os_strdup(str_it, acc_strs[count]); - - if (count == occurrences - 1) { - // Add a new term - size_t term_size; - char *new_term_it; - - for (count = term_size = 0; count < occurrences; count++) { - term_size += strlen(acc_strs[count]); - } - - term_size += (occurrences - 1) * new_delim_size + 1; - - os_realloc(*splitted_str, (splitted_count + 2) * sizeof(char *), *splitted_str); - os_calloc(term_size, sizeof(char), (*splitted_str)[splitted_count]); - (*splitted_str)[splitted_count + 1] = NULL; - - for (count = 0, new_term_it = (*splitted_str)[splitted_count]; count < occurrences; count++) { - if (count) { - strncpy(new_term_it, new_delim, term_size); - term_size -= new_delim_size; - new_term_it += new_delim_size; - } - strncpy(new_term_it, acc_strs[count], term_size); - term_size -= strlen(acc_strs[count]); - new_term_it += strlen(acc_strs[count]); - os_free(acc_strs[count]); - } - - splitted_count++; - count = -1; - } - str_it = strtok_r(NULL, delim, &saveptr); - } - - // Remove residual terms (they are discarded) - for (count = 0; acc_strs[count]; count++) { - free(acc_strs[count]); - } - free(acc_strs); - free(str_cpy_ref); -} - -/* Check if the specified string is already in the array */ -int w_is_str_in_array(char *const *ar, const char *str) -{ - while (*ar) { - if (strcmp(*ar, str) == 0) { - return (1); - } - ar++; - } - return (0); -} - -// Remove zeros from the end of the decimal number -void w_remove_zero_dec(char *str_number) { - char *base; - char *number_end; - - if (base = strchr(str_number, '.'), base) { - for (number_end = base; *number_end; number_end++); - for (--number_end; base != number_end && *number_end == '0'; number_end--) { - *number_end = '\0'; - } - } -} - -/* Similar to strtok_r but checks for full delim appearances */ -char *w_strtok_r_str_delim(const char *delim, char **remaining_str) -{ - if (!*remaining_str) { - return NULL; - } - - if (!delim || *delim == '\0') { - char *str = *remaining_str; - *remaining_str = NULL; - return str; - } - - char *delim_found = NULL; - size_t delim_len = strlen(delim); - - while ((delim_found = strstr(*remaining_str, delim))) { - if (*remaining_str == delim_found) { - *remaining_str += delim_len; - continue; - } - break; - } - - if (**remaining_str == '\0') { - return NULL; - } - - char *token = *remaining_str; - - if((delim_found = strstr(*remaining_str, delim))) { - *delim_found = '\0'; - *remaining_str = delim_found + delim_len; - } else { - *remaining_str = NULL; - } - - return token; -} - - -// Returns the characters number of the string source if, only if, source is included completely in str, 0 in other case. -int w_compare_str(const char * source, const char * str) { - int matching = 0; - size_t source_lenght; - - if (!(source && str)) { - return -1; - } - - source_lenght = strlen(source); - if (source_lenght > strlen(str)) { - return -2; - } - - // Match if result is 0 - matching = strncmp(source, str, source_lenght); - - return matching == 0 ? source_lenght : 0; -} - -const char * find_string_in_array(char * const string_array[], size_t array_len, const char * const str, const size_t str_len) -{ - if (!string_array || !str){ - return NULL; - } - - size_t i; - for (i = 0; i < array_len; ++i) { - if (strncmp(str, string_array[i], str_len) == 0) { - return string_array[i]; - } - } - - return NULL; -} - -// Parse boolean string - -int w_parse_bool(const char * string) { - return (strcmp(string, "yes") == 0) ? 1 : (strcmp(string, "no") == 0) ? 0 : -1; -} - -// Parse positive time string into seconds - -long w_parse_time(const char * string) { - char * end; - long seconds = strtol(string, &end, 10); - - if (seconds < 0 || (seconds == LONG_MAX && errno == ERANGE)) { - return -1; - } - - switch (*end) { - case '\0': - break; - case 'w': - seconds *= W_WEEK_SECONDS; - break; - case 'd': - seconds *= W_DAY_SECONDS; - break; - case 'h': - seconds *= W_HOUR_SECONDS; - break; - case 'm': - seconds *= W_MINUTE_SECONDS; - break; - case 's': - break; - default: - return -1; - } - - return seconds >= 0 ? seconds : -1; -} - -// Parse positive size string into bytes - -ssize_t w_parse_size(const char * string) { - char c; - ssize_t size; - - switch (sscanf(string, "%zd%c", &size, &c)) { - case 1: - break; - - case 2: - switch (c) { - case 'G': - case 'g': - size *= 1073741824; - break; - case 'M': - case 'm': - size *= 1048576; - break; - case 'K': - case 'k': - size *= 1024; - break; - case 'B': - case 'b': - break; - default: - return -1; - } - - break; - - default: - return -1; - } - - return size >= 0 ? size : -1; -} - -// Get time unit from seconds - -char* w_seconds_to_time_unit(long seconds, bool long_format) { - - if (seconds < 0) { - return "invalid"; - } - else if (seconds >= W_WEEK_SECONDS) { - return long_format ? W_WEEKS_L : W_WEEKS_S ; - } - else if (seconds >= W_DAY_SECONDS) { - return long_format ? W_DAYS_L : W_DAYS_S ; - } - else if (seconds >= W_HOUR_SECONDS) { - return long_format ? W_HOURS_L : W_HOURS_S ; - } - else if (seconds >= W_MINUTE_SECONDS) { - return long_format ? W_MINUTES_L : W_MINUTES_S ; - } - else { - return long_format ? W_SECONDS_L : W_SECONDS_S ; - } -} - -// Get time value from seconds - -long w_seconds_to_time_value(long seconds) { - - if(seconds < 0) { - return -1; - } - else if (seconds >= W_WEEK_SECONDS) { - return seconds/W_WEEK_SECONDS; - } - else if (seconds >= W_DAY_SECONDS) { - return seconds/W_DAY_SECONDS; - } - else if (seconds >= W_HOUR_SECONDS) { - return seconds/W_HOUR_SECONDS; - } - else if (seconds >= W_MINUTE_SECONDS) { - return seconds/W_MINUTE_SECONDS; - } - else { - return seconds; - } -} - -char* decode_hex_buffer_2_ascii_buffer(const char * const encoded_buffer, const size_t buffer_size) -{ - if (!encoded_buffer) { - return NULL; - } - - /* each ASCII character has 2 digits in its HEX form, hence its length must be even */ - if (buffer_size % 2 != 0) { - return NULL; - } - - const size_t decoded_len = buffer_size / 2; - char *decoded_buffer; - os_calloc(decoded_len + 1, sizeof(char), decoded_buffer); - - size_t i; - for(i = 0; i < decoded_len; ++i) { - if (1 != sscanf(encoded_buffer + 2 * i, "%2hhx", decoded_buffer + i)) { - os_free(decoded_buffer); - return NULL; - } - } - - return decoded_buffer; -} - -// Length of the initial segment of s which consists entirely of non-escaped bytes different from reject - -size_t strcspn_escaped(const char * s, char reject) { - char charset[3] = { '\\', reject }; - - size_t len = strlen(s); - size_t spn_len = 0; - - do { - spn_len += strcspn(s + spn_len, charset); - - if (s[spn_len] == '\\') { - spn_len += 2; - } else { - return spn_len; - } - } while (spn_len < len); - - return len; -} - -// Escape JSON reserved characters - -char * wstr_escape_json(const char * string) { - const char escape_map[] = { - ['\b'] = 'b', - ['\t'] = 't', - ['\n'] = 'n', - ['\f'] = 'f', - ['\r'] = 'r', - ['\"'] = '\"', - ['\\'] = '\\' - }; - - size_t i = 0; // Read position - size_t j = 0; // Write position - size_t z; // Span length - - char * output; - os_malloc(1, output); - - do { - z = strcspn(string + i, "\b\t\n\f\r\"\\"); - - if (string[i + z] == '\0') { - // End of string - os_realloc(output, j + z + 1, output); - strncpy(output + j, string + i, z); - } else { - // Reserved character - os_realloc(output, j + z + 3, output); - strncpy(output + j, string + i, z); - output[j + z] = '\\'; - output[j + z + 1] = escape_map[(int)string[i + z]]; - z++; - j++; - } - - j += z; - i += z; - } while (string[i] != '\0'); - - output[j] = '\0'; - return output; -} - -// Unescape JSON reserved characters - -char * wstr_unescape_json(const char * string) { - const char UNESCAPE_MAP[] = { - ['b'] = '\b', - ['t'] = '\t', - ['n'] = '\n', - ['f'] = '\f', - ['r'] = '\r', - ['\"'] = '\"', - ['\\'] = '\\' - }; - - size_t i = 0; // Read position - size_t j = 0; // Write position - size_t z; // Span length - - char * output; - os_malloc(1, output); - - do { - z = strcspn(string + i, "\\"); - - // Extend output and copy - os_realloc(output, j + z + 3, output); - strncpy(output + j, string + i, z); - - i += z; - j += z; - - if (string[i] != '\0') { - // Peek byte following '\' - switch (string[++i]) { - case '\0': - // End of string - output[j++] = '\\'; - break; - - case 'b': - case 't': - case 'n': - case 'f': - case 'r': - case '\"': - case '\\': - // Escaped character - output[j++] = UNESCAPE_MAP[(int)string[i++]]; - break; - - default: - // Bad escape - output[j++] = '\\'; - output[j++] = string[i++]; - } - } - } while (string[i] != '\0'); - - output[j] = '\0'; - return output; -} - -// Lowercase a string - -char * w_tolower_str(const char *string) { - char *tolower_str; - int count; - - if (!string) { - return NULL; - } - - os_malloc(1, tolower_str); - - for(count = 0; string[count]; count++) { - os_realloc(tolower_str, count + 2, tolower_str); - tolower_str[count] = tolower(string[count]); - } - - tolower_str[count] = '\0'; - - return tolower_str; -} - -// Verify the string is not truncated after executing snprintf - -int os_snprintf(char *str, size_t size, const char *format, ...) { - size_t ret; - va_list args; - - va_start(args, format); - ret = vsnprintf(str, size, format, args); - if (ret >= size) { - mwarn("String may be truncated because it is too long."); - } - va_end(args); - - return ret; -} - -// Remove a substring from a string - -char * w_remove_substr(char *str, const char *sub) { - char *p, *q, *r; - - if (!str || !sub) { - return NULL; - } - - if ((q = r = strstr(str, sub)) != NULL) { - size_t len = strlen(sub); - while ((r = strstr(p = r + len, sub)) != NULL) { - while (p < r) - *q++ = *p++; - } - while ((*q++ = *p++) != '\0') - continue; - } - return str; -} - -char * w_strndup(const char * str, size_t n) { - - char * str_cpy = NULL; - size_t str_len; - - if (str == NULL) { - return str_cpy; - } - - if (str_len = strlen(str), str_len > n) { - str_len = n; - } - - os_malloc(str_len + 1, str_cpy); - if (str_len > 0) { - memcpy(str_cpy, str, str_len); - } - - str_cpy[str_len] = '\0'; - - return str_cpy; -} - -char ** w_string_split(const char *string_to_split, const char *delim, int max_array_size) { - char **paths = NULL; - char *state; - char *token; - int i = 0; - char *aux; - - os_calloc(1, sizeof(char *), paths); - - if (!string_to_split || !delim) { - return paths; - } - os_strdup(string_to_split, aux); - - for(token = strtok_r(aux, delim, &state); token; token = strtok_r(NULL, delim, &state)){ - os_realloc(paths, (i + 2) * sizeof(char *), paths); - os_strdup(token, paths[i]); - paths[i + 1] = NULL; - i++; - if (max_array_size && i >= max_array_size) break; - } - os_free(aux); - - return paths; -} - -// Append two strings - -char* w_strcat(char *a, const char *b, size_t n) { - if (a == NULL) { - return w_strndup(b, n); - } - - size_t a_len = strlen(a); - size_t output_len = a_len + n; - - os_realloc(a, output_len + 1, a); - - memcpy(a + a_len, b, n); - a[output_len] = '\0'; - - return a; -} - -// Append a string into the n-th position of a string array - -char** w_strarray_append(char **array, char *string, int n) { - os_realloc(array, sizeof(char *) * (n + 2), array); - array[n] = string; - array[n + 1] = NULL; - - return array; -} - -// Tokenize string separated by spaces, respecting double-quotes - -char** w_strtok(const char *string) { - bool quoting = false; - int output_n = 0; - char *accum = NULL; - char **output; - - os_calloc(1, sizeof(char*), output); - - const char *i; - const char *j; - - for (i = string; (j = strpbrk(i, " \"\\")) != NULL; i = j + 1) { - switch (*j) { - case ' ': - if (quoting) { - accum = w_strcat(accum, i, j - i + 1); - } else { - if (j > i) { - accum = w_strcat(accum, i, j - i); - } - - if (accum != NULL) { - output = w_strarray_append(output, accum, output_n++); - accum = NULL; - } - } - - break; - - case '\"': - if (j > i || quoting) { - accum = w_strcat(accum, i, j - i); - } - - quoting = !quoting; - break; - - case '\\': - if (j > i) { - accum = w_strcat(accum, i, j - i); - } - - if (j[1] != '\0') { - accum = w_strcat(accum, ++j, 1); - } - } - } - - if (*i != '\0') { - accum = w_strcat(accum, i, strlen(i)); - } - - if (accum != NULL) { - output = w_strarray_append(output, accum, output_n); - } - - return output; -} - -char* w_strcat_list(char ** list, char sep_char) { - - char * concatenation = NULL; - char sep[] = {sep_char, '\0'}; - - if (list != NULL) { - char ** FIRST_ELEMENT = list; - while (*list != NULL) { - if (list != FIRST_ELEMENT) { - concatenation = w_strcat(concatenation, sep, 1); - } - concatenation = w_strcat(concatenation, *list, w_strlen(*list)); - list++; - } - } - - return concatenation; -} - -int print_hex_string(const char *src_buf, unsigned int src_size, char *dst_buf, unsigned int dst_size) { - if (src_buf && dst_buf) { - unsigned int i = 0; - for (; (i < (dst_size-1)/2) && (i < src_size); ++i) { - sprintf(dst_buf+2*i, "%.2x", src_buf[i]); - } - dst_buf[i * 2] = '\0'; - return OS_SUCCESS; - } - return OS_INVALID; -} diff --git a/src/common/string_op/tests/unit/tests/CMakeLists.txt b/src/common/string_op/tests/unit/tests/CMakeLists.txt deleted file mode 100644 index 1fdfc0568e..0000000000 --- a/src/common/string_op/tests/unit/tests/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ -#include wrappers -include(${SRC_FOLDER}/unit_tests/wrappers/wazuh/shared/shared.cmake) - -if(${TARGET} STREQUAL "winagent") - link_directories(${SRC_FOLDER}/syscheckd/build/bin) -endif(${TARGET} STREQUAL "winagent") - -# Tests list and flags -list(APPEND shared_tests_names "test_string_op") -set(STRING_OP_BASE_FLAGS "${DEBUG_OP_WRAPPERS} -Wl,--wrap,syscom_dispatch") -if(${TARGET} STREQUAL "winagent") -list(APPEND shared_tests_flags "${STRING_OP_BASE_FLAGS} -Wl,--wrap,Start_win32_Syscheck \ - -Wl,--wrap=is_fim_shutdown -Wl,--wrap=_imp__dbsync_initialize \ - -Wl,--wrap=_imp__rsync_initialize -Wl,--wrap=fim_db_teardown") -else() -list(APPEND shared_tests_flags "${STRING_OP_BASE_FLAGS}") -endif() - -# Compiling tests -list(LENGTH shared_tests_names count) -math(EXPR count "${count} - 1") -foreach(counter RANGE ${count}) - list(GET shared_tests_names ${counter} test_name) - list(GET shared_tests_flags ${counter} test_flags) - - add_executable(${test_name} ${test_name}.c) - - if(${TARGET} STREQUAL "server") - target_link_libraries( - ${test_name} - ${WAZUHLIB} - ${WAZUHEXT} - ANALYSISD_O - ${TEST_DEPS} - ) - else() - target_link_libraries( - ${test_name} - ${TEST_DEPS} - ) - if(${TARGET} STREQUAL "winagent") - target_link_libraries(${test_name} fimdb) - endif(${TARGET} STREQUAL "winagent") - endif() - - if(NOT test_flags STREQUAL " ") - target_link_libraries( - ${test_name} - ${test_flags} - ) - endif() - add_test(NAME ${test_name} COMMAND ${test_name}) -endforeach() diff --git a/src/common/string_op/tests/unit/tests/test_string_op.c b/src/common/string_op/tests/unit/tests/test_string_op.c deleted file mode 100644 index f5bc9e5f75..0000000000 --- a/src/common/string_op/tests/unit/tests/test_string_op.c +++ /dev/null @@ -1,1207 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include - -#include "../headers/shared.h" - -char * w_tolower_str(const char *string); - -/* setup/teardown */ - -int teardown_free_paths(void **state) { - char **paths = *state; - free_strarray(paths); - - return 0; -} - -/* tests */ - -/* w_tolower_str */ -void test_w_tolower_str_NULL(void **state) -{ - char * string = NULL; - - char* ret = w_tolower_str(string); - assert_null(ret); - -} - -void test_w_tolower_str_empty(void **state) -{ - char * string = ""; - - char* ret = w_tolower_str(string); - assert_string_equal(ret, ""); - - os_free(ret); - -} - -void test_w_tolower_str_caps(void **state) -{ - char * string = "TEST"; - - char* ret = w_tolower_str(string); - assert_string_equal(ret, "test"); - - os_free(ret); - -} - -void test_os_snprintf_short(void **state) -{ - int ret; - size_t size = 10; - char str[size + 1]; - - ret = os_snprintf(str, size, "%s%3d", "agent", 1); - assert_int_equal(ret, 8); -} - -void test_os_snprintf_long(void **state) -{ - int ret; - size_t size = 5; - char str[size + 1]; - - expect_string(__wrap__mwarn, formatted_msg,"String may be truncated because it is too long."); - ret = os_snprintf(str, size, "%s%3d", "agent", 1); - assert_int_equal(ret, 8); -} - -void test_os_snprintf_more_parameters(void **state) -{ - int ret; - size_t size = 100; - char str[size + 1]; - - ret = os_snprintf(str, size, "%s%3d:%s%s", "agent", 1, "sent ", "message"); - assert_int_equal(ret, 21); -} - -/* w_remove_substr */ - -void test_w_remove_substr_null_sub(void **state) -{ - int i; - char * ret; - char * sub = NULL; - char * str = "This is a test"; - - ret = w_remove_substr(str, sub); - assert_null(ret); -} - -void test_w_remove_substr_success(void **state) -{ - int i; - char * ret; - char * strings[] = { - "remove thisThis is the principal string.", - "This is the principal string.remove this", - "This isremove this the principal string." - }; - int size_array = sizeof(strings) / sizeof(strings[0]); - char * substr = "remove this"; - char * string; - char * str_cpy; - - for (i = 0; i < size_array; i++) { - w_strdup(strings[i], string); - str_cpy = string; - ret = w_remove_substr(str_cpy, substr); - assert_string_equal(ret, "This is the principal string."); - os_free(str_cpy); - } -} - -// Tests W_JSON_AddField - -void test_W_JSON_AddField_nest_object(void **state) -{ - cJSON * root = cJSON_CreateObject(); - cJSON_AddObjectToObject(root, "test"); - const char * key = "test.files"; - const char * value = "[\"file1\",\"file2\",\"file3\"]"; - char * output = NULL; - - W_JSON_AddField(root, key, value); - output = cJSON_PrintUnformatted(root); - assert_string_equal(output, "{\"test\":{\"files\":[\"file1\",\"file2\",\"file3\"]}}"); - - os_free(output); - cJSON_Delete(root); -} - -void test_W_JSON_AddField_nest_no_object(void **state) -{ - cJSON * root = cJSON_CreateObject(); - const char * key = "test.files"; - const char * value = "[\"file1\",\"file2\",\"file3\"]"; - char * output = NULL; - - W_JSON_AddField(root, key, value); - output = cJSON_PrintUnformatted(root); - assert_string_equal(output, "{\"test\":{\"files\":[\"file1\",\"file2\",\"file3\"]}}"); - - os_free(output); - cJSON_Delete(root); -} - -void test_W_JSON_AddField_JSON_valid(void **state) -{ - cJSON * root = cJSON_CreateObject(); - const char * key = "files"; - const char * value = "[\"file1\",\"file2\",\"file3\"]"; - char * output = NULL; - - W_JSON_AddField(root, key, value); - output = cJSON_PrintUnformatted(root); - assert_string_equal(output, "{\"files\":[\"file1\",\"file2\",\"file3\"]}"); - - os_free(output); - cJSON_Delete(root); -} - -void test_W_JSON_AddField_JSON_invalid(void **state) -{ - cJSON * root = cJSON_CreateObject(); - const char * key = "files"; - const char * value = "[\"file1\",\"file2\"],\"file3\"]"; - char * output = NULL; - - W_JSON_AddField(root, key, value); - output = cJSON_PrintUnformatted(root); - assert_string_equal(output, "{\"files\":\"[\\\"file1\\\",\\\"file2\\\"],\\\"file3\\\"]\"}"); - - os_free(output); - cJSON_Delete(root); -} - -void test_W_JSON_AddField_string_time(void **state) -{ - cJSON * root = cJSON_CreateObject(); - const char * key = "time"; - const char * value = "[28/Oct/2020:10:22:11 +0000]"; - char * output = NULL; - - W_JSON_AddField(root, key, value); - output = cJSON_PrintUnformatted(root); - assert_string_equal(output, "{\"time\":\"[28/Oct/2020:10:22:11 +0000]\"}"); - - os_free(output); - cJSON_Delete(root); -} -/* w_strndup */ -void test_w_strndup_null_str(void ** state) -{ - const char * str = NULL; - assert_null(w_strndup(NULL, 5)); -} - -void test_w_strndup_str_less_than_n(void ** state) -{ - const char * str = "Test"; - const char * expected_str = "Test"; - char * retval; - - retval = w_strndup(str, strlen(str)+10); - assert_string_equal(retval, expected_str); - assert_int_equal(strlen(retval), strlen(expected_str)); - os_free(retval); -} - -void test_w_strndup_str_greater_than_n(void ** state) { - const char * str = "Test Test Test Test"; - const char * expected_str = "Test Test "; - char * retval; - - retval = w_strndup(str, 10); - assert_string_equal(retval, expected_str); - assert_int_equal(strlen(retval), 10); - os_free(retval); -} - -void test_w_strndup_str_equal_to_n(void ** state) { - const char * str = "Test Test Test Test"; - const char * expected_str = "Test Test Test Test"; - char * retval; - - retval = w_strndup(str, strlen(expected_str)); - assert_string_equal(retval, expected_str); - assert_int_equal(strlen(retval), strlen(expected_str)); - os_free(retval); -} - - -void test_w_strndup_str_zero_n(void ** state) { - const char * str = "Test Test Test Test"; - const char * expected_str = "Test Test Test Test"; - char * retval; - - retval = w_strndup(str, 0); - assert_string_equal(retval, ""); - assert_int_equal(strlen(retval), 0); - os_free(retval); -} - -void test_w_strcat_null_input(void ** state) { - const char * B = "Hello World"; - char * a = w_strcat(NULL, B, strlen(B)); - - assert_string_equal(a, B); - - free(a); -} - -void test_w_strcat_string_input(void ** state) { - char * a = strdup("Hello"); - const char * B = "World"; - a = w_strcat(a, B, strlen(B)); - - assert_string_equal(a, "HelloWorld"); - - free(a); -} - -void test_w_strarray_append(void ** state) { - char ** array = NULL; - char *a, *b; - int n = 0; - - os_strdup("Hello", a); - os_strdup("World", b); - - array = w_strarray_append(array, a, n++); - array = w_strarray_append(array, b, n++); - - assert_ptr_equal(array[0], a); - assert_ptr_equal(array[1], b); - assert_null(array[2]); - - free_strarray(array); -} - -void test_w_strtok_empty(void ** state) { - char ** array = w_strtok(""); - assert_null(array[0]); - free_strarray(array); -} - -void test_w_strtok_nospaces(void ** state) { - char ** array = w_strtok("Hello"); - assert_string_equal(array[0], "Hello"); - assert_null(array[1]); - free_strarray(array); -} - -void test_w_strtok_string(void ** state) { - char ** array = w_strtok("BB\"B BBB BBE\" \"\" F \"\\\"G\\\"\" \"BB\"B BB\\\\E\\ GGF D B"); - assert_string_equal(array[0], "BBB BBB BBE"); - assert_string_equal(array[1], ""); - assert_string_equal(array[2], "F"); - assert_string_equal(array[3], "\"G\""); - assert_string_equal(array[4], "BBB"); - assert_string_equal(array[5], "BB\\E GGF"); - assert_string_equal(array[6], "D"); - assert_string_equal(array[7], "B"); - assert_null(array[8]); - free_strarray(array); -} - -void test_w_string_split_str_null(void ** state) { - const char *str = NULL; - char **paths = NULL; - const char *delim = ","; - - paths = w_string_split(str, delim, 0); - *state = paths; - assert_null(paths[0]); -} - -void test_w_string_split_delim_null(void ** state) { - const char *str = "test1,test2,test3"; - char **paths = NULL; - const char *delim = NULL; - - paths = w_string_split(str, delim, 0); - *state = paths; - assert_null(paths[0]); -} - -void test_w_string_split_normal(void ** state) { - const char *str = "test1,test2,test3"; - char *expected_str[] = {"test1","test2","test3"}; - char **paths = NULL; - const char *delim = ","; - - paths = w_string_split(str, delim, 0); - *state = paths; - - assert_non_null(paths[0]); - for (int i = 0; paths[i]; i++){ - assert_string_equal(paths[i], expected_str[i]); - } -} - -void test_w_string_split_max_array_size(void ** state) { - const char *str = "test1,test2,test3,outofarray"; - char *expected_str[] = {"test1","test2","test3"}; - char **paths = NULL; - const char *delim = ","; - - paths = w_string_split(str, delim, 3); - *state = paths; - - assert_non_null(paths[0]); - for (int i = 0; paths[i]; i++){ - assert_string_equal(paths[i], expected_str[i]); - } -} - - -void test_strnspn_escaped(void ** state) -{ - assert_int_equal(strcspn_escaped("ABC\\D ", ' '), 5); - assert_int_equal(strcspn_escaped("ABC\\ D", ' '), 6); - assert_int_equal(strcspn_escaped("ABCD\\", ' '), 5); - assert_int_equal(strcspn_escaped("ABCDE \\ ", ' '), 5); - assert_int_equal(strcspn_escaped("ABCDE\\\\ F", ' '), 7); - assert_int_equal(strcspn_escaped("ABCDE\\\\", ' '), 7); - assert_int_equal(strcspn_escaped("ABC\\ D E", ' '), 6); - assert_int_equal(strcspn_escaped("ABCDE", ' '), 5); -} - -void test_json_escape(void ** state) -{ - const char * INPUTS[] = { "\b\tHello \n\f\r \"World\".\\", "Hello\b\t \n\f\r \"World\"\\.", NULL }; - const char * EXPECTED_OUTPUTS[] = { "\\b\\tHello \\n\\f\\r \\\"World\\\".\\\\", "Hello\\b\\t \\n\\f\\r \\\"World\\\"\\\\.", NULL }; - int i; - - for (i = 0; INPUTS[i] != NULL; i++) { - char * output = wstr_escape_json(INPUTS[i]); - assert_string_equal(output, EXPECTED_OUTPUTS[i]); - free(output); - } -} - -void test_json_unescape(void ** state) -{ - const char * INPUTS[] = { "\\b\\tHello \\n\\f\\r \\\"World\\\".\\\\", "Hello\\b\\t \\n\\f\\r \\\"World\\\"\\\\.", "Hello \\World", "Hello World\\", NULL }; - const char * EXPECTED_OUTPUTS[] = { "\b\tHello \n\f\r \"World\".\\", "Hello\b\t \n\f\r \"World\"\\.", "Hello \\World", "Hello World\\", NULL }; - int i; - - for (i = 0; INPUTS[i] != NULL; i++) { - char * output = wstr_unescape_json(INPUTS[i]); - assert_string_equal(output, EXPECTED_OUTPUTS[i]); - free(output); - } -} - -/* Test for wstr_replace */ - -void test_wstr_replace_valid(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo /var"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - - os_free(ret); - os_free(subject); -} - -void test_wstr_replace_double_$(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo $/var"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $$file", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - - os_free(ret); - os_free(subject); -} - -void test_wstr_replace_surround_$(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo $/var$"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $$file$", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - - os_free(ret); - os_free(subject); -} - -void test_wstr_replace_multiples_variable(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo /var /var"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file $file", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - os_free(ret); - os_free(subject); -} - -void test_wstr_replace_multiples_variables_surround_$(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo /var$ $/var$"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file$ $$file$", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - os_free(ret); - os_free(subject); -} - -void test_wstr_replace_different_variables(void **state) -{ - const char * INPUTS[] = {"$file","$home",NULL}; - const char * replace[] = {"/var","/home"}; - const char EXPECTED_OUTPUT[] = "echo /var /home"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file $home", subject); - - for (int i = 0; INPUTS[i] != NULL; i++) { - ret = wstr_replace(subject, INPUTS[i], replace[i]); - os_free(subject); - subject = ret; - } - assert_string_equal(subject, EXPECTED_OUTPUT); - os_free(subject); -} - -void test_wstr_replace_different_variables_surround_$(void **state) -{ - const char * INPUTS[] = {"$file","$home",NULL}; - const char * replace[] = {"/var","/home"}; - const char EXPECTED_OUTPUT[] = "echo $/var$ /home$"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $$file$ $home$", subject); - - for (int i = 0; INPUTS[i] != NULL; i++) { - ret = wstr_replace(subject, INPUTS[i], replace[i]); - os_free(subject); - subject = ret; - } - assert_string_equal(subject, EXPECTED_OUTPUT); - os_free(subject); -} - -void test_wstr_replace_different_variables_$(void **state) -{ - const char * INPUTS[] = {"$file","$home","$$",NULL}; - const char * replace[] = {"/var","/home","/etc"}; - const char EXPECTED_OUTPUT[] = "echo $/var /home/etc /etc"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $$file $home$$ $$", subject); - - for (int i = 0; INPUTS[i] != NULL; i++) { - ret = wstr_replace(subject, INPUTS[i], replace[i]); - os_free(subject); - subject = ret; - } - assert_string_equal(subject, EXPECTED_OUTPUT); - os_free(subject); -} - -void test_wstr_replace_different_variables_empty(void **state) -{ - const char * INPUTS[] = {"$file","$home","$empty",NULL}; - const char * replace[] = {"/var","/home",""}; - const char EXPECTED_OUTPUT[] = "echo /var /home "; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file $home $empty", subject); - - for (int i = 0; INPUTS[i] != NULL; i++) { - ret = wstr_replace(subject, INPUTS[i], replace[i]); - os_free(subject); - subject = ret; - } - assert_string_equal(subject, EXPECTED_OUTPUT); - os_free(subject); -} - -void test_wstr_replace_contained_variables(void **state) -{ - const char * INPUTS[] = {"$file_new","$file",NULL}; - const char * replace[] = {"/var","/home",""}; - const char EXPECTED_OUTPUT[] = "echo /var"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $file_new", subject); - - for (int i = 0; INPUTS[i] != NULL; i++) { - ret = wstr_replace(subject, INPUTS[i], replace[i]); - os_free(subject); - subject = ret; - } - assert_string_equal(subject, EXPECTED_OUTPUT); - os_free(subject); -} - -void test_wstr_replace_not_found(void **state) -{ - const char * search = "$file"; - const char * replace = "/var"; - const char EXPECTED_OUTPUT[] = "echo $fake"; - char * subject = NULL; - char * ret = NULL; - - os_strdup("echo $fake", subject); - ret = wstr_replace(subject, search, replace); - assert_string_equal(ret, EXPECTED_OUTPUT); - os_free(ret); - os_free(subject); -} - -void test_w_strcat_list_null_list(void ** state) { - - char ** list = NULL; - char * retstr; - - retstr = w_strcat_list(list, ' '); - - assert_null(retstr); -} - -void test_w_strcat_list_empty_list(void ** state) { - - char ** list = {NULL}; - char * retstr; - - retstr = w_strcat_list(list, ' '); - - assert_null(retstr); -} - -void test_w_strcat_list_one_element_list(void ** state) { - - char * list[] = {"TestString", NULL}; - char * retstr; - - retstr = w_strcat_list(list, ' '); - - assert_non_null(retstr); - assert_string_equal(retstr, "TestString"); - - os_free(retstr); -} - -void test_w_strcat_list_large_list(void ** state) { - - char * list[] = {"A", "large", "test", "string", "to", "be", "concatenated", "in", "this", "function", NULL}; - char * retstr; - - retstr = w_strcat_list(list, ' '); - - assert_non_null(retstr); - assert_string_equal(retstr, "A large test string to be concatenated in this function"); - - os_free(retstr); -} - -// Test os_shell_escape - -void test_os_shell_escape_already_escaped(void ** state) { - - const char *src = "\\'"; // to scape: \' - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\\'"); // espected: \' - - os_free(ret); -} - -void test_os_shell_escape_not_escaped(void ** state) { - - const char *src = "\'"; // to escape: ' - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\\\'"); // espected: \' - - os_free(ret); -} - -void test_os_shell_escape_border(void ** state) { - - const char *src = "$ border case `"; // to scape: $ border case ` - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\\$ border case \\`"); // espected: \$ border case \` - - os_free(ret); -} - -void test_os_shell_escape_all(void ** state) { - - const char *src = "\" \' \t ; ` > < | # * [ ] { } & $ ! : ( )"; - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\\\" \\\' \\\t \\; \\` \\> \\< \\| \\# \\* \\[ \\] \\{ \\} \\& \\$ \\! \\: \\( \\)"); - - os_free(ret); -} - -void test_os_shell_avoid_escape_all(void ** state) { - - const char *src = "\\\" \\\' \\\t \\; \\` \\> \\< \\| \\# \\* \\[ \\] \\{ \\} \\& \\$ \\! \\: \\( \\)"; - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\\\" \\\' \\\t \\; \\` \\> \\< \\| \\# \\* \\[ \\] \\{ \\} \\& \\$ \\! \\: \\( \\)"); - - os_free(ret); -} - -void test_os_shell_escape_backslash(void ** state) { - - const char *src = "\a \t \\a \\t"; - - char * ret = os_shell_escape(src); - - assert_non_null(ret); - assert_string_equal(ret, "\a \\\t \\\\a \\\\t"); - - os_free(ret); -} - -void test_os_shell_double_escape(void ** state) { - - const char *src = "\" \' \t ; ` > < | # * [ ] { } & $ ! : ( )"; - - char * ret1 = os_shell_escape(src); - - assert_non_null(ret1); - - char * ret2 = os_shell_escape(ret1); - - assert_non_null(ret2); - assert_string_equal(ret1, ret2); - - os_free(ret1); - os_free(ret2); -} - -void test_strarray_size_null(void ** state) { - assert_int_equal(strarray_size(0), 0); -} - -void test_strarray_size_zero(void ** state) { - char *str_array[] = {0}; - assert_int_equal(strarray_size(str_array), 0); -} - -void test_strarray_size(void ** state) { - char *str_array[] = {"one", "two", "three", "four", "five", 0}; - assert_int_equal(strarray_size(str_array), 5); -} - -void test_wstr_escape_dststr_null(void ** state) { - - ssize_t ret = wstr_escape(NULL, 0, "test string without colons", '\\', ':'); - assert_int_equal(ret, OS_INVALID); -} - -void test_wstr_escape_str_null(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), NULL, '\\', ':'); - assert_int_equal(ret, OS_INVALID); -} - -void test_wstr_escape_not_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "test string without colons", '\\', ':'); - assert_string_equal(dststr, "test string without colons"); - assert_int_equal(ret, 26); -} - -void test_wstr_escape_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "test string with one : colons", '\\', ':'); - assert_string_equal(dststr, "test string with one \\: colons"); - assert_int_equal(ret, 30); -} - -void test_wstr_escape_corner_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), ":::test string with multi : colons:::", '|', ':'); - assert_string_equal(dststr, "|:|:|:test string with multi |: colons|:|:|:"); - assert_int_equal(ret, 44); -} - -void test_wstr_escape_backslash_and_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "\\ \\ \\\\ \\: \\", '\\', ':'); - assert_string_equal(dststr, "\\\\ \\\\ \\\\\\\\ \\\\\\: \\\\"); - assert_int_equal(ret, 18); -} - -void test_wstr_escape_at_sign_and_asterisk(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "@ @@ * # * @@ @", '*', '@'); - assert_string_equal(dststr, "*@ *@*@ ** # ** *@*@ *@"); - assert_int_equal(ret, 23); -} - -void test_wstr_escape_buff_overflow(void ** state) { - - char dststr[10]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "1 2 3 4 5 6 7", '*', '@'); - assert_string_equal(dststr, "1 2 3 4 5"); - assert_int_equal(ret, 9); -} - -void test_wstr_escape_buff_overflow_escape_same_size(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "123456789", '\\', ':'); - assert_string_equal(dststr, "12345678"); - assert_int_equal(ret, 8); -} - - -void test_wstr_escape_buff_overflow_escape_same_size_colons(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "12345678:", '\\', ':'); - assert_string_equal(dststr, "12345678"); - assert_int_equal(ret, 8); -} - -void test_wstr_escape_buff_overflow_escape_same_size_before_last_colons(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "1234567:9", '\\', ':'); - assert_string_equal(dststr, "1234567"); - assert_int_equal(ret, 7); -} - -void test_wstr_escape_buff_overflow_escape_same_size_last_before_last_colons(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "1234567::", '\\', ':'); - assert_string_equal(dststr, "1234567"); - assert_int_equal(ret, 7); -} - -void test_wstr_escape_buff_overflow_escape_same_size_multi_colons(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "123456:::", '\\', ':'); - assert_string_equal(dststr, "123456\\:"); - assert_int_equal(ret, 8); -} - -void test_wstr_escape_buff_overflow_escape(void ** state) { - - char dststr[10]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "1 : 3 : 5 6 7", '\\', ':'); - assert_string_equal(dststr, "1 \\: 3 \\:"); - assert_int_equal(ret, 9); -} - -void test_wstr_escape_one_scape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_escape(dststr, sizeof(dststr), "\\", '\\', ':'); - assert_string_equal(dststr, "\\\\"); - assert_int_equal(ret, 2); -} - -void test_wstr_unescape_dststr_null(void ** state) { - - ssize_t ret = wstr_unescape(NULL, 0, "test string without colons", '\\'); - assert_int_equal(ret, OS_INVALID); -} - -void test_wstr_unescape_str_null(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), NULL, '\\'); - assert_int_equal(ret, OS_INVALID); -} - -void test_wstr_unescape_not_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "test string without colons", '\\'); - assert_string_equal(dststr, "test string without colons"); - assert_int_equal(ret, 26); -} - -void test_wstr_unescape_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "test string with one \\: colons", '\\'); - assert_string_equal(dststr, "test string with one : colons"); - assert_int_equal(ret, 29); -} - -void test_wstr_unescape_corner_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "|:|:|:test string with multi |: colons|:|:|:", '|'); - assert_string_equal(dststr, ":::test string with multi : colons:::"); - assert_int_equal(ret, 37); -} - -void test_wstr_unescape_backslash_and_colons_escape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "\\\\ \\\\ \\\\\\\\ \\\\\\: \\\\", '\\'); - assert_string_equal(dststr, "\\ \\ \\\\ \\: \\"); - assert_int_equal(ret, 11); -} - -void test_wstr_unescape_at_sign_and_asterisk(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "*@ *@*@ ** # ** *@*@ *@", '*'); - assert_string_equal(dststr, "@ @@ * # * @@ @"); - assert_int_equal(ret, 15); -} - -void test_wstr_unescape_buff_overflow(void ** state) { - - char dststr[10]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "1 2 3 4 5 6 7", '*'); - assert_string_equal(dststr, "1 2 3 4 5"); - assert_int_equal(ret, 9); -} - -void test_wstr_unescape_buff_overflow_same_size(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "1234567*9", '*'); - assert_string_equal(dststr, "12345679"); - assert_int_equal(ret, 8); -} - -void test_wstr_unescape_buff_overflow_same_size_last_escape(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "12345678*", '*'); - assert_string_equal(dststr, "12345678"); - assert_int_equal(ret, 8); -} - -void test_wstr_unescape_buff_overflow_same_size_last_escape_asterisk(void ** state) { - - char dststr[9]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "1234567**", '*'); - assert_string_equal(dststr, "1234567*"); - assert_int_equal(ret, 8); -} - -void test_wstr_unescape_buff_overflow_escape(void ** state) { - - char dststr[10]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "1 \\: 3 \\: 5 6 7", '\\'); - assert_string_equal(dststr, "1 : 3 : 5"); - assert_int_equal(ret, 9); -} - -void test_wstr_unescape_one_scape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "\\", '\\'); - assert_string_equal(dststr, "\\"); - assert_int_equal(ret, 1); -} - -void test_wstr_unescape_end_scape(void ** state) { - - char dststr[OS_BUFFER_SIZE]; - - ssize_t ret = wstr_unescape(dststr, sizeof(dststr), "test \\a b\\", '\\'); - assert_string_equal(dststr, "test a b\\"); - assert_int_equal(ret, 9); -} - -void test_wstr_chr_str_eof(void ** state) { - - char * ret = wstr_chr_escape("\0", ':', '\\'); - assert_null(ret); -} - -void test_wstr_chr_str_without_character(void ** state) { - - char str[OS_BUFFER_SIZE] = "test string without colons"; - char * ret = wstr_chr_escape(str, ':', '\\'); - assert_null(ret); -} - -void test_wstr_chr_str_without_escaped_colons(void ** state) { - - char str[OS_BUFFER_SIZE] = "test string with : escaped colons"; - char * ret = wstr_chr_escape(str, ':', '\\'); - assert_non_null(ret); - assert_ptr_equal(ret, str+17); - assert_int_equal(*ret, str[17]); -} - -void test_wstr_chr_str_with_escaped_colons(void ** state) { - - char str[OS_BUFFER_SIZE] = "test string with \\: escaped : colons"; - char * ret = wstr_chr_escape(str, ':', '\\'); - assert_non_null(ret); - assert_ptr_equal(ret, str+28); - assert_int_equal(*ret, str[28]); -} - -void test_print_hex_string_ok(void ** state) { - char *str = "pj01W-923rjwqdoOS=ADJFj3209das.;a12['2.z"; - char hex[OS_SIZE_2048 + 1] = {0}; - int ret = print_hex_string(str, 40, hex, sizeof(hex)); - assert_int_equal(ret, OS_SUCCESS); - assert_string_equal(hex, "706a3031572d393233726a7771646f4f533d41444a466a333230396461732e3b6131325b27322e7a"); -} - -void test_print_hex_string_partial_ok(void ** state) { - char *str = "pj01W-923rjwqdoOS=ADJFj3209das.;a12['2.z"; - char hex[OS_SIZE_2048 + 1] = {0}; - int ret = print_hex_string(str, 20, hex, sizeof(hex)); - assert_int_equal(ret, OS_SUCCESS); - assert_string_equal(hex, "706a3031572d393233726a7771646f4f533d4144"); -} - -void test_print_hex_string_equal_dest_ok(void ** state) { - char *str = "pj01W-923rjwqdoOS=ADJFj3209das.;a12['2.z"; - char hex[80 + 1] = {0}; - int ret = print_hex_string(str, 40, hex, sizeof(hex)); - assert_int_equal(ret, OS_SUCCESS); - assert_string_equal(hex, "706a3031572d393233726a7771646f4f533d41444a466a333230396461732e3b6131325b27322e7a"); -} - -void test_print_hex_string_miss_last_dest_ok(void ** state) { - char *str = "pj01W-923rjwqdoOS=ADJFj3209das.;a12['2.z"; - char hex[80] = {0}; - int ret = print_hex_string(str, 40, hex, sizeof(hex)); - assert_int_equal(ret, OS_SUCCESS); - assert_string_equal(hex, "706a3031572d393233726a7771646f4f533d41444a466a333230396461732e3b6131325b27322e"); -} - -void test_print_hex_string_null_src_err(void ** state) { - char *str = NULL; - char hex[OS_SIZE_2048 + 1] = {0}; - int ret = print_hex_string(str, 40, hex, sizeof(hex)); - assert_int_equal(ret, OS_INVALID); -} - -void test_print_hex_string_null_dst_err(void ** state) { - char *str = "pj01W-923rjwqdoOS=ADJFj3209das.;a12['2.z"; - char *hex = NULL; - int ret = print_hex_string(str, 40, hex, sizeof(hex)); - assert_int_equal(ret, OS_INVALID); -} - -/* Tests */ - -int main(void) { - - const struct CMUnitTest tests[] = { - //Tests w_tolower_str - cmocka_unit_test(test_w_tolower_str_NULL), - cmocka_unit_test(test_w_tolower_str_empty), - cmocka_unit_test(test_w_tolower_str_caps), - // Tests os_snprintf - cmocka_unit_test(test_os_snprintf_short), - cmocka_unit_test(test_os_snprintf_long), - cmocka_unit_test(test_os_snprintf_more_parameters), - // Tests w_remove_substr - cmocka_unit_test(test_w_remove_substr_null_sub), - cmocka_unit_test(test_w_remove_substr_success), - // Tests W_JSON_AddField - cmocka_unit_test(test_W_JSON_AddField_nest_object), - cmocka_unit_test(test_W_JSON_AddField_nest_no_object), - cmocka_unit_test(test_W_JSON_AddField_JSON_valid), - cmocka_unit_test(test_W_JSON_AddField_JSON_invalid), - cmocka_unit_test(test_W_JSON_AddField_string_time), - // Tests w_strndup - cmocka_unit_test(test_w_strndup_null_str), - cmocka_unit_test(test_w_strndup_str_less_than_n), - cmocka_unit_test(test_w_strndup_str_greater_than_n), - cmocka_unit_test(test_w_strndup_str_equal_to_n), - cmocka_unit_test(test_w_strndup_str_zero_n), - // Tests w_strcat - cmocka_unit_test(test_w_strcat_null_input), - cmocka_unit_test(test_w_strcat_string_input), - // Tests w_strarray_append - cmocka_unit_test(test_w_strarray_append), - // Tests w_strtok - cmocka_unit_test(test_w_strtok_empty), - cmocka_unit_test(test_w_strtok_nospaces), - cmocka_unit_test(test_w_strtok_string), - // Tests w_string_split - cmocka_unit_test_teardown(test_w_string_split_str_null, teardown_free_paths), - cmocka_unit_test_teardown(test_w_string_split_delim_null, teardown_free_paths), - cmocka_unit_test_teardown(test_w_string_split_normal, teardown_free_paths), - cmocka_unit_test_teardown(test_w_string_split_max_array_size, teardown_free_paths), - // Tests escape/unescape - cmocka_unit_test(test_strnspn_escaped), - cmocka_unit_test(test_json_escape), - cmocka_unit_test(test_json_unescape), - // Tests wstr_replace - cmocka_unit_test(test_wstr_replace_valid), - cmocka_unit_test(test_wstr_replace_double_$), - cmocka_unit_test(test_wstr_replace_surround_$), - cmocka_unit_test(test_wstr_replace_multiples_variable), - cmocka_unit_test(test_wstr_replace_different_variables_surround_$), - cmocka_unit_test(test_wstr_replace_different_variables_$), - cmocka_unit_test(test_wstr_replace_different_variables_empty), - cmocka_unit_test(test_wstr_replace_different_variables), - cmocka_unit_test(test_wstr_replace_multiples_variables_surround_$), - cmocka_unit_test(test_wstr_replace_contained_variables), - cmocka_unit_test(test_wstr_replace_not_found), - // Tests w_strcat_list - cmocka_unit_test(test_w_strcat_list_null_list), - cmocka_unit_test(test_w_strcat_list_empty_list), - cmocka_unit_test(test_w_strcat_list_one_element_list), - cmocka_unit_test(test_w_strcat_list_large_list), - // Test os_shell_escape - cmocka_unit_test(test_os_shell_escape_already_escaped), - cmocka_unit_test(test_os_shell_escape_not_escaped), - cmocka_unit_test(test_os_shell_escape_border), - cmocka_unit_test(test_os_shell_escape_all), - cmocka_unit_test(test_os_shell_avoid_escape_all), - cmocka_unit_test(test_os_shell_escape_backslash), - cmocka_unit_test(test_os_shell_double_escape), - // Test strarray_size - cmocka_unit_test(test_strarray_size_null), - cmocka_unit_test(test_strarray_size_zero), - cmocka_unit_test(test_strarray_size), - // Test wstr_escape - cmocka_unit_test(test_wstr_escape_dststr_null), - cmocka_unit_test(test_wstr_escape_str_null), - cmocka_unit_test(test_wstr_escape_not_escape), - cmocka_unit_test(test_wstr_escape_colons_escape), - cmocka_unit_test(test_wstr_escape_corner_colons_escape), - cmocka_unit_test(test_wstr_escape_backslash_and_colons_escape), - cmocka_unit_test(test_wstr_escape_at_sign_and_asterisk), - cmocka_unit_test(test_wstr_escape_buff_overflow), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape_same_size), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape_same_size_colons), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape_same_size_before_last_colons), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape_same_size_last_before_last_colons), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape_same_size_multi_colons), - cmocka_unit_test(test_wstr_escape_buff_overflow_escape), - cmocka_unit_test(test_wstr_escape_one_scape), - // Test wstr_unescape - cmocka_unit_test(test_wstr_unescape_dststr_null), - cmocka_unit_test(test_wstr_unescape_str_null), - cmocka_unit_test(test_wstr_unescape_not_escape), - cmocka_unit_test(test_wstr_unescape_colons_escape), - cmocka_unit_test(test_wstr_unescape_corner_colons_escape), - cmocka_unit_test(test_wstr_unescape_backslash_and_colons_escape), - cmocka_unit_test(test_wstr_unescape_at_sign_and_asterisk), - cmocka_unit_test(test_wstr_unescape_buff_overflow), - cmocka_unit_test(test_wstr_unescape_buff_overflow_same_size), - cmocka_unit_test(test_wstr_unescape_buff_overflow_same_size_last_escape), - cmocka_unit_test(test_wstr_unescape_buff_overflow_same_size_last_escape_asterisk), - cmocka_unit_test(test_wstr_unescape_buff_overflow_escape), - cmocka_unit_test(test_wstr_unescape_one_scape), - cmocka_unit_test(test_wstr_unescape_end_scape), - // Test wstr_chr - cmocka_unit_test(test_wstr_chr_str_eof), - cmocka_unit_test(test_wstr_chr_str_without_character), - cmocka_unit_test(test_wstr_chr_str_without_escaped_colons), - cmocka_unit_test(test_wstr_chr_str_with_escaped_colons), - // Test print_hex_string - cmocka_unit_test(test_print_hex_string_ok), - cmocka_unit_test(test_print_hex_string_partial_ok), - cmocka_unit_test(test_print_hex_string_equal_dest_ok), - cmocka_unit_test(test_print_hex_string_miss_last_dest_ok), - cmocka_unit_test(test_print_hex_string_null_src_err), - cmocka_unit_test(test_print_hex_string_null_dst_err), - - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/src/common/string_op/tests/unit/wrappers/string_op_wrappers.c b/src/common/string_op/tests/unit/wrappers/string_op_wrappers.c deleted file mode 100644 index afb3840cc3..0000000000 --- a/src/common/string_op/tests/unit/wrappers/string_op_wrappers.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "string_op_wrappers.h" -#include -#include -#include -#include - -#ifdef WIN32 -char *__wrap_convert_windows_string(LPCWSTR string) { - check_expected(string); - return mock_type(char*); -} -#endif - -int __wrap_wstr_end(char *str, const char *str_end) { - if (str) { - check_expected(str); - } - - if (str_end) { - check_expected(str_end); - } - - return mock(); -} - -char *__wrap_wstr_escape_json(__attribute__ ((__unused__)) const char * string) { - return mock_type(char *); -} - -char *__wrap_wstr_replace(const char * string, const char * search, const char * replace) { - check_expected(string); - check_expected(search); - check_expected(replace); - - return mock_type(char*); -} - -void __real_wstr_split(char *str, char *delim, char *replace_delim, int occurrences, char ***splitted_str); -void __wrap_wstr_split(char *str, char *delim, char *replace_delim, int occurrences, char ***splitted_str) { - if(mock()) { - __real_wstr_split(str, delim, replace_delim, occurrences, splitted_str); - } - else { - *splitted_str = NULL; - } -} diff --git a/src/common/string_op/tests/unit/wrappers/string_op_wrappers.h b/src/common/string_op/tests/unit/wrappers/string_op_wrappers.h deleted file mode 100644 index 2a38469943..0000000000 --- a/src/common/string_op/tests/unit/wrappers/string_op_wrappers.h +++ /dev/null @@ -1,31 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - - -#ifndef STRING_OP_WRAPPERS_h -#define STRING_OP_WRAPPERS_h - -#include - -#ifdef WIN32 -#include -#include - -char *__wrap_convert_windows_string(LPCWSTR string); -#endif - -int __wrap_wstr_end(char *str, const char *str_end); - -char *__wrap_wstr_escape_json(const char * string); - -char *__wrap_wstr_replace(const char * string, const char * search, const char * replace); - -void __wrap_wstr_split(char *str, char *delim, char *replace_delim, int occurrences, char ***splitted_str); - -#endif diff --git a/src/common/syscheck_op/src/syscheck_op.c b/src/common/syscheck_op/src/syscheck_op.c index d0d10c5cd6..6e2f397a2e 100644 --- a/src/common/syscheck_op/src/syscheck_op.c +++ b/src/common/syscheck_op/src/syscheck_op.c @@ -97,9 +97,9 @@ int remove_empty_folders(const char *path) { subdir = wreaddir(parent); if (!(subdir && *subdir)) { // Remove empty folder - mdebug1("Removing empty directory '%s'.", parent); + LogDebug("Removing empty directory '%s'.", parent); if (rmdir_ex(parent) != 0) { - mwarn("Empty directory '%s' couldn't be deleted. ('%s')", parent, strerror(errno)); + LogWarn("Empty directory '%s' couldn't be deleted. ('%s')", parent, strerror(errno)); retval = -1; } else { // Get parent and remove it if it's empty @@ -131,19 +131,14 @@ char *get_user(int uid) { os_calloc(bufsize, sizeof(char), buf); -#if defined(SUN_MAJOR_VERSION) && defined(SUN_MINOR_VERSION) && \ - (SUN_MAJOR_VERSION < 11) || \ - ((SUN_MAJOR_VERSION == 11) && (SUN_MINOR_VERSION < 4)) - result = getpwuid_r(uid, &pwd, buf, bufsize); -#else errno = getpwuid_r(uid, &pwd, buf, bufsize, &result); -#endif + if (result == NULL) { if (errno == 0) { - mdebug2("User with uid '%d' not found.\n", uid); + LogDebug("User with uid '%d' not found.\n", uid); } else { - mdebug2("Failed getting user_name for uid %d: (%d): '%s'\n", uid, errno, strerror(errno)); + LogDebug("Failed getting user_name for uid %d: (%d): '%s'\n", uid, errno, strerror(errno)); } } else { os_strdup(pwd.pw_name, user_name); @@ -172,9 +167,9 @@ char *get_group(int gid) { if (result == NULL) { if (errno == 0) { - mdebug2("Group with gid '%d' not found.\n", gid); + LogDebug("Group with gid '%d' not found.\n", gid); } else { - mdebug2("Failed getting group_name for gid %d: (%d): '%s'\n", gid, errno, strerror(errno)); + LogDebug("Failed getting group_name for gid %d: (%d): '%s'\n", gid, errno, strerror(errno)); } } else { os_strdup(grp.gr_name, group_name); @@ -190,12 +185,12 @@ void ag_send_syscheck(char * message) { int sock = OS_ConnectUnixDomain(SYS_LOCAL_SOCK, SOCK_STREAM, OS_MAXSTR); if (sock < 0) { - mwarn("dbsync: cannot connect to syscheck: %s (%d)", strerror(errno), errno); + LogWarn("dbsync: cannot connect to syscheck: %s (%d)", strerror(errno), errno); return; } if (OS_SendSecureTCP(sock, strlen(message), message) < 0) { - mwarn("Cannot send message to syscheck: %s (%d)", strerror(errno), errno); + LogWarn("Cannot send message to syscheck: %s (%d)", strerror(errno), errno); } close(sock); @@ -238,10 +233,10 @@ char *get_file_user(const char *path, char **sid) { switch (dwErrorCode) { case ERROR_ACCESS_DENIED: // 5 case ERROR_SHARING_VIOLATION: // 32 - mdebug1("At get_user(%s): CreateFile(): %s (%lu)", path, messageBuffer, dwErrorCode); + LogDebug("At get_user(%s): CreateFile(): %s (%lu)", path, messageBuffer, dwErrorCode); break; default: - mwarn("At get_user(%s): CreateFile(): %s (%lu)", path, messageBuffer, dwErrorCode); + LogWarn("At get_user(%s): CreateFile(): %s (%lu)", path, messageBuffer, dwErrorCode); } LocalFree(messageBuffer); @@ -285,14 +280,14 @@ char *get_user(const char *path, char **sid, HANDLE hndl, SE_OBJECT_TYPE object_ if (!ConvertSidToStringSid(pSidOwner, &local_sid)) { os_strdup("", *sid); - mdebug1("The user's SID could not be extracted."); + LogDebug("The user's SID could not be extracted."); } else { os_strdup(local_sid, *sid); LocalFree(local_sid); } if (dwRtnCode != ERROR_SUCCESS) { - mdebug1("GetSecurityInfo error code = (%lu), '%s'", dwRtnCode, win_strerror(dwRtnCode)); + LogDebug("GetSecurityInfo error code = (%lu), '%s'", dwRtnCode, win_strerror(dwRtnCode)); *AcctName = '\0'; goto end; } @@ -313,7 +308,7 @@ char *get_user(const char *path, char **sid, HANDLE hndl, SE_OBJECT_TYPE object_ dwErrorCode = GetLastError(); if (dwErrorCode == ERROR_NONE_MAPPED) { - mdebug1("Account owner not found for '%s'", path); + LogDebug("Account owner not found for '%s'", path); } else { LPSTR messageBuffer = NULL; @@ -325,7 +320,7 @@ char *get_user(const char *path, char **sid, HANDLE hndl, SE_OBJECT_TYPE object_ *end = '\0'; } - mwarn(FIM_REGISTRY_ACC_SID, "user", dwErrorCode, messageBuffer); + LogWarn(FIM_REGISTRY_ACC_SID, "user", dwErrorCode, messageBuffer); LocalFree(messageBuffer); } @@ -360,7 +355,7 @@ static void add_ace_to_json(cJSON *acl_json, char *sid, char *account_name, cons if (ace_json == NULL) { ace_json = cJSON_CreateObject(); if (ace_json == NULL) { - mwarn(FIM_CJSON_ERROR_CREATE_ITEM); + LogWarn(FIM_CJSON_ERROR_CREATE_ITEM); return; } cJSON_AddStringToObject(ace_json, "name", account_name); @@ -406,21 +401,21 @@ static int process_ace_info(void *ace, cJSON *acl_json) { mask = denied_ace->Mask; ace_type = 1; } else { - mdebug2("Invalid ACE type."); + LogDebug("Invalid ACE type."); return 1; } if (!IsValidSid(sid)) { - mdebug2("Invalid SID found in ACE."); + LogDebug("Invalid SID found in ACE."); return 1; } if (error = w_get_account_info(sid, &account_name, &domain_name), error) { - mdebug2("No information could be extracted from the account linked to the SID. Error: %d.", error); + LogDebug("No information could be extracted from the account linked to the SID. Error: %d.", error); } if (!ConvertSidToStringSid(sid, &sid_str)) { - mdebug2("Could not extract the SID."); + LogDebug("Could not extract the SID."); os_free(account_name); os_free(domain_name); return 1; @@ -457,7 +452,7 @@ static int get_win_permissions(PSECURITY_DESCRIPTOR pSecurityDescriptor, cJSON * cJSON *acl_json = cJSON_CreateObject(); if (acl_json == NULL) { - mwarn(FIM_CJSON_ERROR_CREATE_ITEM); + LogWarn(FIM_CJSON_ERROR_CREATE_ITEM); return -1; } @@ -469,7 +464,7 @@ static int get_win_permissions(PSECURITY_DESCRIPTOR pSecurityDescriptor, cJSON * if (bRtnBool == FALSE) { dwErrorCode = GetLastError(); - mdebug2("GetSecurityDescriptorDacl failed. GetLastError returned: %ld", dwErrorCode); + LogDebug("GetSecurityDescriptorDacl failed. GetLastError returned: %ld", dwErrorCode); cJSON_Delete(acl_json); return dwErrorCode; @@ -477,7 +472,7 @@ static int get_win_permissions(PSECURITY_DESCRIPTOR pSecurityDescriptor, cJSON * // Check whether no DACL or a NULL DACL was retrieved from the security descriptor buffer. if (fDaclPresent == FALSE || pDacl == NULL) { - mdebug2("No DACL was found (all access is denied), or a NULL DACL (unrestricted access) was found."); + LogDebug("No DACL was found (all access is denied), or a NULL DACL (unrestricted access) was found."); cJSON_Delete(acl_json); return -2; @@ -491,7 +486,7 @@ static int get_win_permissions(PSECURITY_DESCRIPTOR pSecurityDescriptor, cJSON * if (bRtnBool == FALSE) { dwErrorCode = GetLastError(); - mdebug2("GetAclInformation failed. GetLastError returned: %ld", dwErrorCode); + LogDebug("GetAclInformation failed. GetLastError returned: %ld", dwErrorCode); cJSON_Delete(acl_json); return dwErrorCode; @@ -501,11 +496,11 @@ static int get_win_permissions(PSECURITY_DESCRIPTOR pSecurityDescriptor, cJSON * for (cAce = 0; cAce < aclsizeinfo.AceCount; cAce++) { // Get ACE info if (GetAce(pDacl, cAce, (LPVOID*)&pAce) == FALSE) { - mdebug2("GetAce failed. GetLastError returned: %ld", GetLastError()); + LogDebug("GetAce failed. GetLastError returned: %ld", GetLastError()); continue; } if (process_ace_info(pAce, acl_json)) { - mdebug1("ACE number %lu could not be processed.", cAce); + LogDebug("ACE number %lu could not be processed.", cAce); } } @@ -584,7 +579,7 @@ unsigned int w_get_file_attrs(const char *file_path) { if (attrs = GetFileAttributesA(file_path), attrs == INVALID_FILE_ATTRIBUTES) { attrs = 0; - mdebug2("The attributes for '%s' could not be obtained. Error '%ld'.", file_path, GetLastError()); + LogDebug("The attributes for '%s' could not be obtained. Error '%ld'.", file_path, GetLastError()); } return attrs; @@ -622,14 +617,14 @@ char *get_registry_group(char **sid, HANDLE hndl) { if (!ConvertSidToStringSid(pSidGroup, &local_sid)) { os_strdup("", *sid); - mdebug1("The user's SID could not be extracted."); + LogDebug("The user's SID could not be extracted."); } else { os_strdup(local_sid, *sid); LocalFree(local_sid); } if (dwRtnCode != ERROR_SUCCESS) { - mdebug1("GetSecurityInfo error code = (%lu), '%s'", dwRtnCode, win_strerror(dwRtnCode)); + LogDebug("GetSecurityInfo error code = (%lu), '%s'", dwRtnCode, win_strerror(dwRtnCode)); *GrpName = '\0'; goto end; } @@ -653,7 +648,7 @@ char *get_registry_group(char **sid, HANDLE hndl) { dwErrorCode = GetLastError(); if (dwErrorCode == ERROR_NONE_MAPPED) { - mdebug1("Group not found for registry key"); + LogDebug("Group not found for registry key"); } else { LPSTR messageBuffer = NULL; @@ -665,7 +660,7 @@ char *get_registry_group(char **sid, HANDLE hndl) { *end = '\0'; } - mwarn(FIM_REGISTRY_ACC_SID, "group", dwErrorCode, messageBuffer); + LogWarn(FIM_REGISTRY_ACC_SID, "group", dwErrorCode, messageBuffer); LocalFree(messageBuffer); } @@ -725,7 +720,7 @@ unsigned int get_registry_mtime(HKEY hndl) { dwRtnCode = RegQueryInfoKeyA(hndl, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, &lpftLastWriteTime); if (dwRtnCode != ERROR_SUCCESS) { - mwarn("Couldn't get modification time for registry key."); + LogWarn("Couldn't get modification time for registry key."); return 0; } @@ -756,7 +751,7 @@ HKEY w_switch_root_key(char* str_rootkey) { return HKEY_USERS; } else { - mdebug1("Invalid value of root Handle to Registry Key."); + LogDebug("Invalid value of root Handle to Registry Key."); return NULL; } } @@ -1166,7 +1161,7 @@ void make_mask_readable (cJSON *ace_json, int mask, char *ace_type) { cJSON *perm_array = cJSON_CreateArray(); if (perm_array == NULL) { - mwarn(FIM_CJSON_ERROR_CREATE_ITEM); + LogWarn(FIM_CJSON_ERROR_CREATE_ITEM); return; } @@ -1315,7 +1310,7 @@ char *decode_win_permissions(char *raw_perm) { error: free(decoded_perm); free(account_name); - mdebug1("The file permissions could not be decoded: '%s'.", raw_perm); + LogDebug("The file permissions could not be decoded: '%s'.", raw_perm); return NULL; } @@ -1440,7 +1435,7 @@ cJSON *win_perm_to_json(char *perms) { char *username = perm_node; perm_node = strchr(perm_node, '('); if (!perm_node) { - mdebug1("Uncontrolled condition when parsing the username from '%s'. Skipping permission.", username); + LogDebug("Uncontrolled condition when parsing the username from '%s'. Skipping permission.", username); continue; } *(perm_node++) = '\0'; @@ -1455,7 +1450,7 @@ cJSON *win_perm_to_json(char *perms) { char *perm_type = perm_node; perm_node = strchr(perm_node, ')'); if (!perm_node) { - mdebug1("Uncontrolled condition when parsing the permission type from '%s'. Skipping permission.", perm_type); + LogDebug("Uncontrolled condition when parsing the permission type from '%s'. Skipping permission.", perm_type); continue; } *(perm_node++) = '\0'; @@ -1486,7 +1481,7 @@ cJSON *win_perm_to_json(char *perms) { if (!strcmp(obj->valuestring, username)) { user_obj = json_it; if (obj = cJSON_GetObjectItem(json_it, perm_type), obj) { - mdebug1("ACL [%s] fragmented. All permissions may not be displayed.", perms); + LogDebug("ACL [%s] fragmented. All permissions may not be displayed.", perms); next_it = 1; } break; @@ -1542,7 +1537,7 @@ cJSON *win_perm_to_json(char *perms) { return perms_json; error: - mdebug1("Uncontrolled condition when parsing a Windows permission from '%s'.", perms); + LogDebug("Uncontrolled condition when parsing a Windows permission from '%s'.", perms); cJSON_Delete(perms_json); free(perms_cpy); return NULL; diff --git a/src/common/sysinfo_utils/tests/unit/wrappers/sysInfo_wrappers.h b/src/common/sysinfo_utils/tests/unit/wrappers/sysInfo_wrappers.h index 38708fdec7..45aff9dc53 100644 --- a/src/common/sysinfo_utils/tests/unit/wrappers/sysInfo_wrappers.h +++ b/src/common/sysinfo_utils/tests/unit/wrappers/sysInfo_wrappers.h @@ -21,4 +21,4 @@ int __wrap_sysinfo_networks(cJSON** js_result); int __wrap_sysinfo_ports(cJSON** js_result); void __wrap_sysinfo_free_result(cJSON** js_data); -#endif \ No newline at end of file +#endif diff --git a/src/common/threadDispatcher/tests/main.cpp b/src/common/threadDispatcher/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/threadDispatcher/tests/main.cpp +++ b/src/common/threadDispatcher/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/threadDispatcher/tests/threadDispatcher_test.h b/src/common/threadDispatcher/tests/threadDispatcher_test.h index ae4ee170a7..2c9a9ffd4c 100644 --- a/src/common/threadDispatcher/tests/threadDispatcher_test.h +++ b/src/common/threadDispatcher/tests/threadDispatcher_test.h @@ -24,4 +24,5 @@ class ThreadDispatcherTest : public ::testing::Test void SetUp() override; void TearDown() override; }; -#endif //THREAD_DISPATCHER_TESTS_H \ No newline at end of file + +#endif //THREAD_DISPATCHER_TESTS_H diff --git a/src/common/threadDispatcher/tests/threadSafeQueue_test.cpp b/src/common/threadDispatcher/tests/threadSafeQueue_test.cpp index fbe8f57643..62d3afa349 100644 --- a/src/common/threadDispatcher/tests/threadSafeQueue_test.cpp +++ b/src/common/threadDispatcher/tests/threadSafeQueue_test.cpp @@ -115,4 +115,4 @@ TEST_F(ThreadSafeQueueTest, CancelBlockingPop) queue.cancel(); t1.join(); t2.join(); -} \ No newline at end of file +} diff --git a/src/common/threadDispatcher/tests/threadSafeQueue_test.h b/src/common/threadDispatcher/tests/threadSafeQueue_test.h index 58ee8db315..f84af57fcf 100644 --- a/src/common/threadDispatcher/tests/threadSafeQueue_test.h +++ b/src/common/threadDispatcher/tests/threadSafeQueue_test.h @@ -23,4 +23,5 @@ class ThreadSafeQueueTest : public ::testing::Test void SetUp() override; void TearDown() override; }; -#endif //THREAD_SAFE_QUEUE_TESTS_H \ No newline at end of file + +#endif //THREAD_SAFE_QUEUE_TESTS_H diff --git a/src/common/timeHelper/tests/main.cpp b/src/common/timeHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/timeHelper/tests/main.cpp +++ b/src/common/timeHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/time_op/CMakeLists.txt b/src/common/time_op/CMakeLists.txt index e69de29bb2..50f0043c29 100644 --- a/src/common/time_op/CMakeLists.txt +++ b/src/common/time_op/CMakeLists.txt @@ -0,0 +1,5 @@ +add_library(time_op STATIC src/time_op.c) + +target_include_directories(time_op PUBLIC include) + +target_link_libraries(time_op utils Logger file_op) diff --git a/src/common/time_op/include/time_op.h b/src/common/time_op/include/time_op.h index 35fa3bcc28..c69af60cea 100644 --- a/src/common/time_op/include/time_op.h +++ b/src/common/time_op/include/time_op.h @@ -13,8 +13,7 @@ * @date October 4, 2017 */ -#ifndef TIME_OP_H -#define TIME_OP_H +#pragma once #include @@ -87,5 +86,3 @@ long long int get_windows_file_time_epoch(FILETIME ft); * @return Boolean indicating whether the year is leap. */ bool is_leap_year(int year); - -#endif // TIME_OP_H diff --git a/src/common/time_op/src/time_op.c b/src/common/time_op/src/time_op.c index 2f12fc264f..ed9ae6c5c9 100644 --- a/src/common/time_op/src/time_op.c +++ b/src/common/time_op/src/time_op.c @@ -14,6 +14,7 @@ */ #include "shared.h" +#include "time_op.h" #ifndef WIN32 @@ -42,7 +43,7 @@ void gettime(struct timespec *ts) { #include #define EPOCH_DIFFERENCE 11644473600LL - +struct tm *localtime_r(const time_t *timer, struct tm *result){} // Get the epoch time long long int get_windows_time_epoch() { diff --git a/src/common/url/src/url.c b/src/common/url/src/url.c index 342051cea0..b6d7a2bfb0 100644 --- a/src/common/url/src/url.c +++ b/src/common/url/src/url.c @@ -34,7 +34,7 @@ static size_t WriteMemoryCallback(void *contents, size_t size, size_t nmemb, voi struct MemoryStruct *mem = (struct MemoryStruct *)userp; if ((mem->size + realsize) > mem->max_response_size) { - mwarn("Response buffer size limit reached."); + LogWarn("Response buffer size limit reached."); mem->max_size_error = true; return 0; } @@ -97,7 +97,7 @@ int wurl_get(const char * url, const char * dest, const char * header, const cha fp = wfopen(dest, "wb"); umask(old_mask); if (!fp) { - mdebug1(FOPEN_ERROR, dest, errno, strerror(errno)); + LogDebug(FOPEN_ERROR, dest, errno, strerror(errno)); curl_easy_cleanup(curl); return OS_FILERR; } @@ -130,7 +130,7 @@ int wurl_get(const char * url, const char * dest, const char * header, const cha res += curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); if (res != 0) { - mdebug1("Parameter setup error at CURL"); + LogDebug("Parameter setup error at CURL"); curl_easy_cleanup(curl); fclose(fp); unlink(dest); @@ -143,13 +143,13 @@ int wurl_get(const char * url, const char * dest, const char * header, const cha case CURLE_OK: break; case CURLE_OPERATION_TIMEDOUT: - mdebug1("CURL ERROR: %s", errbuf); + LogDebug("CURL ERROR: %s", errbuf); curl_easy_cleanup(curl); fclose(fp); unlink(dest); return OS_TIMEOUT; default: - mdebug1("CURL ERROR: %s",errbuf); + LogDebug("CURL ERROR: %s",errbuf); curl_easy_cleanup(curl); fclose(fp); unlink(dest); @@ -167,10 +167,10 @@ int w_download_status(int status,const char *url,const char *dest) { switch(status) { case OS_FILERR: - mwarn(WURL_WRITE_FILE_ERROR,dest); + LogWarn(WURL_WRITE_FILE_ERROR,dest); break; case OS_CONNERR: - mwarn(WURL_DOWNLOAD_FILE_ERROR, dest, url); + LogWarn(WURL_DOWNLOAD_FILE_ERROR, dest, url); break; } @@ -223,14 +223,14 @@ int wurl_request(const char * url, const char * dest, const char *header, const // Connect to downlod module if (sock = OS_ConnectUnixDomain(WM_DOWNLOAD_SOCK, SOCK_STREAM, OS_MAXSTR), sock < 0) { - mwarn("Couldn't connect to download module socket '%s'", WM_DOWNLOAD_SOCK); + LogWarn("Couldn't connect to download module socket '%s'", WM_DOWNLOAD_SOCK); goto end; } // Send request if (send(sock, srequest, zrequest - 1, 0) != (ssize_t)(zrequest - 1)) { - merror("Couldn't send request to download module."); + LogError("Couldn't send request to download module."); goto end; } @@ -238,11 +238,11 @@ int wurl_request(const char * url, const char * dest, const char *header, const switch (zrecv = recv(sock, response, sizeof(response) - 1, 0), zrecv) { case -1: - merror("Couldn't receive URL response from download module."); + LogError("Couldn't receive URL response from download module."); goto end; case 0: - merror("Couldn't receive URL response from download module (closed unexpectedly)."); + LogError("Couldn't receive URL response from download module (closed unexpectedly)."); goto end; default: @@ -259,7 +259,7 @@ int wurl_request(const char * url, const char * dest, const char *header, const } else if (!strcmp(response, "err timeout")) { retval = OS_TIMEOUT; } else { - mdebug1("Couldn't download from '%s': %s", _url, response); + LogDebug("Couldn't download from '%s': %s", _url, response); } } @@ -287,10 +287,10 @@ int wurl_request_gz(const char * url, const char * dest, const char * header, co } else { os_sha256 filehash = {0}; if (sha256 && !OS_SHA256_File(compressed_file, filehash, 'r') && strcmp(sha256, filehash)) { - merror("Invalid file integrity for '%s'", compressed_file); + LogError("Invalid file integrity for '%s'", compressed_file); } else if (w_uncompress_gzfile(compressed_file, dest)) { - merror("Could not uncompress the file downloaded from '%s'", url); + LogError("Could not uncompress the file downloaded from '%s'", url); } else { retval = 0; @@ -298,7 +298,7 @@ int wurl_request_gz(const char * url, const char * dest, const char * header, co } if (remove(compressed_file) < 0) { - mdebug1("Could not remove '%s'. Error: %d.", compressed_file, errno); + LogDebug("Could not remove '%s'. Error: %d.", compressed_file, errno); } return retval; @@ -352,7 +352,7 @@ char * wurl_http_get(const char * url, size_t max_size, const long timeout) { } if (res != 0) { - mdebug1("Parameter setup error at CURL"); + LogDebug("Parameter setup error at CURL"); curl_easy_cleanup(curl); free(chunk.memory); return NULL; @@ -361,7 +361,7 @@ char * wurl_http_get(const char * url, size_t max_size, const long timeout) { res = curl_easy_perform(curl); if (res) { - mdebug1("CURL ERROR %s",errbuf); + LogDebug("CURL ERROR %s",errbuf); curl_easy_cleanup(curl); free(chunk.memory); return NULL; @@ -383,7 +383,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, struct MemoryStruct req_header; if (!url) { - mdebug1("url not defined"); + LogDebug("url not defined"); return NULL; } @@ -391,7 +391,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, CURL* curl = curl_easy_init(); if (!curl) { - mdebug1("curl initialization failure"); + LogDebug("curl initialization failure"); return NULL; } @@ -412,7 +412,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, if (headers_list == NULL) { curl_easy_cleanup(curl); - mdebug1("curl append header failure"); + LogDebug("curl append header failure"); return NULL; } @@ -424,7 +424,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, if (headers_tmp == NULL) { curl_slist_free_all(headers_list); curl_easy_cleanup(curl); - mdebug1("curl append custom header failure"); + LogDebug("curl append custom header failure"); return NULL; } @@ -457,7 +457,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, } if (res != CURLE_OK) { - mdebug1("Parameter setup error at CURL"); + LogDebug("Parameter setup error at CURL"); curl_slist_free_all(headers_list); curl_easy_cleanup(curl); os_free(req.memory); @@ -468,7 +468,7 @@ curl_response* wurl_http_request(char *method, char **headers, const char* url, res = curl_easy_perform(curl); if (res != CURLE_OK && !(req.max_size_error || req_header.max_size_error)) { - mdebug1("curl_easy_perform() failed: %s", curl_easy_strerror(res)); + LogDebug("curl_easy_perform() failed: %s", curl_easy_strerror(res)); curl_slist_free_all(headers_list); curl_easy_cleanup(curl); os_free(req.memory); diff --git a/src/common/utils/CMakeLists.txt b/src/common/utils/CMakeLists.txt new file mode 100644 index 0000000000..90f48c4764 --- /dev/null +++ b/src/common/utils/CMakeLists.txt @@ -0,0 +1,3 @@ +add_library(utils INTERFACE) +target_include_directories(utils INTERFACE include) +target_link_libraries(utils INTERFACE Logger) diff --git a/src/common/utils/abstractLocking.hpp b/src/common/utils/include/abstractLocking.hpp similarity index 100% rename from src/common/utils/abstractLocking.hpp rename to src/common/utils/include/abstractLocking.hpp diff --git a/src/common/utils/abstractWait.h b/src/common/utils/include/abstractWait.h similarity index 100% rename from src/common/utils/abstractWait.h rename to src/common/utils/include/abstractWait.h diff --git a/src/common/utils/builder.hpp b/src/common/utils/include/builder.hpp similarity index 96% rename from src/common/utils/builder.hpp rename to src/common/utils/include/builder.hpp index 55c4369b53..a278bc71ad 100644 --- a/src/common/utils/builder.hpp +++ b/src/common/utils/include/builder.hpp @@ -12,8 +12,10 @@ #ifndef _BUILDER_PATTERN_HPP #define _BUILDER_PATTERN_HPP +#ifndef _MSC_VER #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-function" +#endif namespace Utils { @@ -49,8 +51,8 @@ namespace Utils }; } +#ifndef _MSC_VER #pragma GCC diagnostic pop +#endif #endif // _BUILDER_PATTERN_HPP - - diff --git a/src/common/utils/cjsonSmartDeleter.hpp b/src/common/utils/include/cjsonSmartDeleter.hpp similarity index 96% rename from src/common/utils/cjsonSmartDeleter.hpp rename to src/common/utils/include/cjsonSmartDeleter.hpp index 423c9e2096..9fbe3fa477 100644 --- a/src/common/utils/cjsonSmartDeleter.hpp +++ b/src/common/utils/include/cjsonSmartDeleter.hpp @@ -13,7 +13,7 @@ #define _CJSON_SMART_DELETER_HPP #include "customDeleter.hpp" -#include "cJSON.h" +#include struct CJsonSmartFree final : CustomDeleter {}; struct CJsonSmartDeleter final : CustomDeleter {}; diff --git a/src/common/utils/include/cust_types.h b/src/common/utils/include/cust_types.h new file mode 100644 index 0000000000..7bde146f97 --- /dev/null +++ b/src/common/utils/include/cust_types.h @@ -0,0 +1,14 @@ +#pragma once + +#ifdef WIN32 + +typedef int uid_t; +typedef int gid_t; +typedef uint32_t u_int32_t; +typedef uint16_t u_int16_t; +typedef uint8_t u_int8_t; +typedef int pid_t; + +typedef int mode_t; +#define PATH_MAX 1024*1024 +#endif diff --git a/src/common/utils/customDeleter.hpp b/src/common/utils/include/customDeleter.hpp similarity index 100% rename from src/common/utils/customDeleter.hpp rename to src/common/utils/include/customDeleter.hpp diff --git a/src/common/utils/defer.hpp b/src/common/utils/include/defer.hpp similarity index 100% rename from src/common/utils/defer.hpp rename to src/common/utils/include/defer.hpp diff --git a/src/common/utils/defs.h b/src/common/utils/include/defs.h similarity index 94% rename from src/common/utils/defs.h rename to src/common/utils/include/defs.h index 3239e3a708..64c2d07179 100644 --- a/src/common/utils/defs.h +++ b/src/common/utils/include/defs.h @@ -192,36 +192,28 @@ published by the Free Software Foundation. For more details, go to \n\ /* Default group name */ #define DEFAULT_GROUP "default" -/* Syscollector normalization configs */ +/* Inventory normalization configs */ #ifdef WAZUH_UNIT_TESTING #ifdef WIN32 -#define SYSCOLLECTOR_NORM_CONFIG_DISK_PATH ".\\norm_config.json" +#define INVENTORY_NORM_CONFIG_DISK_PATH ".\\norm_config.json" #else -#define SYSCOLLECTOR_NORM_CONFIG_DISK_PATH "./norm_config.json" +#define INVENTORY_NORM_CONFIG_DISK_PATH "./norm_config.json" #endif // WIN32 #else -#define SYSCOLLECTOR_NORM_CONFIG_DISK_PATH "queue/syscollector/norm_config.json" +#define INVENTORY_NORM_CONFIG_DISK_PATH "queue/inventory/norm_config.json" #endif // WAZUH_UNIT_TESTING #if defined(__MACH__) -#define SYSCOLLECTOR_NORM_TYPE "macos" +#define INVENTORY_NORM_TYPE "macos" #elif defined(WIN32) -#define SYSCOLLECTOR_NORM_TYPE "windows" +#define INVENTORY_NORM_TYPE "windows" #else -#define SYSCOLLECTOR_NORM_TYPE "linux" +#define INVENTORY_NORM_TYPE "linux" #endif // __MACH__ -/* Syscollector db directory */ -#ifndef WAZUH_UNIT_TESTING -#define SYSCOLLECTOR_DB_DISK_PATH "queue/syscollector/db/local.db" -#else -#ifndef WIN32 -#define SYSCOLLECTOR_DB_DISK_PATH "./local.db" -#else -#define SYSCOLLECTOR_DB_DISK_PATH ".\\local.db" -#endif // WIN32 -#endif // WAZUH_UNIT_TESTING +/* Inventory db directory */ +#define INVENTORY_DB_DISK_NAME "local.db" /* Wazuh Database */ #define WDB_DIR "var/db" diff --git a/src/common/utils/osPrimitivesImplMac.h b/src/common/utils/include/osPrimitivesImplMac.h similarity index 100% rename from src/common/utils/osPrimitivesImplMac.h rename to src/common/utils/include/osPrimitivesImplMac.h diff --git a/src/common/utils/osPrimitivesInterfaceMac.h b/src/common/utils/include/osPrimitivesInterfaceMac.h similarity index 100% rename from src/common/utils/osPrimitivesInterfaceMac.h rename to src/common/utils/include/osPrimitivesInterfaceMac.h diff --git a/src/common/utils/os_err.h b/src/common/utils/include/os_err.h similarity index 100% rename from src/common/utils/os_err.h rename to src/common/utils/include/os_err.h diff --git a/src/common/utils/os_ip.h b/src/common/utils/include/os_ip.h similarity index 100% rename from src/common/utils/os_ip.h rename to src/common/utils/include/os_ip.h diff --git a/src/common/utils/promiseFactory.h b/src/common/utils/include/promiseFactory.h similarity index 100% rename from src/common/utils/promiseFactory.h rename to src/common/utils/include/promiseFactory.h diff --git a/src/common/utils/shared.h b/src/common/utils/include/shared.h similarity index 75% rename from src/common/utils/shared.h rename to src/common/utils/include/shared.h index 23b3e95ef9..9ba1c6fd28 100644 --- a/src/common/utils/shared.h +++ b/src/common/utils/include/shared.h @@ -13,6 +13,8 @@ * Reference: http://gcc.gnu.org/onlinedocs/gcc-4.1.2/cpp.pdf */ +#pragma once + #if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 1) && (__GNUC_PATCHLEVEL__ >= 2)) || \ ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2)) || \ (__GNUC__ >= 5)) @@ -24,9 +26,6 @@ #define FORTIFY_SOURCE #endif -#ifndef SHARED_H -#define SHARED_H - #ifndef LARGEFILE64_SOURCE #define LARGEFILE64_SOURCE #endif /* LARGEFILE64_SOURCE */ @@ -38,8 +37,10 @@ /* Global headers */ #include #include +#ifndef WIN32 #include #include +#endif #include #include #include @@ -49,38 +50,29 @@ #include // Only Linux and FreeBSD need mount.h */ -#if defined(Linux) || defined(FreeBSD) +#if defined(Linux) #include #endif -/* HPUX does not have select.h */ -#ifndef HPUX -#include -#endif - #include -#endif /* WIN32 */ +#endif /* NOT WIN32 */ #include -#include #include #include #include #include +#ifndef WIN32 +#include #include +#endif #include #include #include -#include - -/* The mingw32 builder used by travis.ci can't find glob.h - * Yet glob must work on actual win32. - */ -#ifndef __MINGW32__ -#include -#endif #ifndef WIN32 +#include +#include #include #include #include @@ -88,6 +80,7 @@ #include #include #else +#include #include #include #include @@ -99,16 +92,31 @@ #ifdef __cplusplus #include #define _Atomic(T) std::atomic -#else -#ifdef hpux -// TODO: remove this line after upgrading GCC on HP-UX -#define _Atomic(T) T -#endif #endif +#include + #include #include +#ifndef WIN32 #include +#endif + +#include "defs.h" +#include "os_err.h" +#include "time_op.h" +#include "file_op.h" +#include "regex_op.h" +#include "mem_op.h" +#ifndef WIN32 +#include "privsep_op.h" +#include "pthreads_op.h" +#endif +#include "error_messages.h" +#include "binaries_op.h" +#include "os_ip.h" +#include "randombytes.h" +#include "bzip2_op.h" #ifndef LARGEFILE64_SOURCE #define LARGEFILE64_SOURCE @@ -120,29 +128,6 @@ /* Global portability code */ -#ifdef SOLARIS -#include -typedef uint32_t u_int32_t; -typedef uint16_t u_int16_t; -typedef uint8_t u_int8_t; - -#ifndef va_copy -#define va_copy __va_copy -#endif - -#endif /* SOLARIS */ - -#if defined(HPUX) || defined(DOpenBSD) -#include -typedef uint64_t u_int64_t; -typedef int int32_t; -typedef uint32_t u_int32_t; -typedef uint16_t u_int16_t; -typedef uint8_t u_int8_t; - -#define MSG_DONTWAIT 0 -#endif - #ifdef Darwin typedef int sock2len_t; #endif @@ -152,17 +137,12 @@ typedef int sock2len_t; #endif #ifdef WIN32 -typedef int uid_t; -typedef int gid_t; typedef int socklen_t; #define sleep(x) Sleep((x) * 1000) #define srandom(x) srand(x) #define lstat(x,y) stat(x,y) #define CloseSocket(x) closesocket(x) void WinSetError(); -typedef uint32_t u_int32_t; -typedef uint16_t u_int16_t; -typedef uint8_t u_int8_t; #define MSG_DONTWAIT 0 @@ -171,10 +151,6 @@ typedef uint8_t u_int8_t; #endif #endif /* WIN32 */ -#ifdef AIX -#define MSG_DONTWAIT MSG_NONBLOCK -#endif - #if defined(__GNUC__) && __GNUC__ >= 7 #define WFALLTHROUGH __attribute__ ((fallthrough)) #else @@ -196,16 +172,17 @@ extern const char *__local_name; /*** Global prototypes ***/ /*** These functions will exit on error. No need to check return code ***/ +// TODO: Double check this Critical error handling /* for calloc: x = calloc(4,sizeof(char)) -> os_calloc(4,sizeof(char),x) */ -#define os_calloc(x,y,z) ((z = (__typeof__(z)) calloc(x,y)))?(void)1:merror_exit(MEM_ERROR, errno, strerror(errno)) +#define os_calloc(x,y,z) ((z = (__typeof__(z)) calloc(x,y)))?(void)1:LogCritical(MEM_ERROR, strerror(errno)) -#define os_strdup(x,y) ((y = strdup(x)))?(void)1:merror_exit(MEM_ERROR, errno, strerror(errno)) +#define os_strdup(x,y) ((y = strdup(x)))?(void)1:LogCritical(MEM_ERROR, strerror(errno)) -#define os_malloc(x,y) ((y = (__typeof__(y)) malloc(x)))?(void)1:merror_exit(MEM_ERROR, errno, strerror(errno)) +#define os_malloc(x,y) ((y = (__typeof__(y)) malloc(x)))?(void)1:LogCritical(MEM_ERROR, strerror(errno)) #define os_free(x) if(x){free(x);x=NULL;} -#define os_realloc(x,y,z) ((z = (__typeof__(z))realloc(x,y)))?(void)1:merror_exit(MEM_ERROR, errno, strerror(errno)) +#define os_realloc(x,y,z) ((z = (__typeof__(z))realloc(x,y)))?(void)1:LogCritical(MEM_ERROR, strerror(errno)) #define os_clearnl(x,p) if((p = strrchr(x, '\n')))*p = '\0'; @@ -215,7 +192,7 @@ extern const char *__local_name; #define sqlite_strdup(x,y) ({ if (x) { os_strdup(x, y); } else (void)0; }) -#define w_strlen(x) ({ size_t ret = 0; if (x) ret = strlen(x); ret;}) +#define w_strlen(x) ((x)? strlen(x) : 0) // Calculate the number of elements within an array. // Only static arrays allowed. @@ -225,4 +202,3 @@ extern const char *__local_name; #define FOREVER() 1 #endif -#endif /* SHARED_H */ diff --git a/src/common/utils/singleton.hpp b/src/common/utils/include/singleton.hpp similarity index 100% rename from src/common/utils/singleton.hpp rename to src/common/utils/include/singleton.hpp diff --git a/src/common/utils/uniqueFD.hpp b/src/common/utils/include/uniqueFD.hpp similarity index 100% rename from src/common/utils/uniqueFD.hpp rename to src/common/utils/include/uniqueFD.hpp diff --git a/src/common/utils/makeUnique.h b/src/common/utils/makeUnique.h deleted file mode 100644 index c585f27778..0000000000 --- a/src/common/utils/makeUnique.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Wazuh shared modules utils - * Copyright (C) 2015, Wazuh Inc. - * July 14, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Taken from isocpp.org/files/papers/N3656.txt - * Stephan T. Lavavej - */ -#ifndef _MAKE_UNIQUE_H -#define _MAKE_UNIQUE_H - -#if __cplusplus < 201402L -#include -#include -#include -#include - -namespace std -{ - template struct _Unique_if - { - typedef unique_ptr _Single_object; - }; - - template struct _Unique_if - { - typedef unique_ptr _Unknown_bound; - }; - - template struct _Unique_if - { - typedef void _Known_bound; - }; - - template - typename _Unique_if::_Single_object - make_unique(Args&& ... args) - { - return unique_ptr(new T(std::forward(args)...)); - } - - template - typename _Unique_if::_Unknown_bound - make_unique(size_t n) - { - typedef typename remove_extent::type U; - return unique_ptr(new U[n]()); - } - - template - typename _Unique_if::_Known_bound - make_unique(Args&& ...) = delete; -} -#endif -#endif //_MAKE_UNIQUE_H \ No newline at end of file diff --git a/src/common/utils/tests/unit/wrappers/externals/pcre2/pcre2_wrappers.h b/src/common/utils/tests/unit/wrappers/externals/pcre2/pcre2_wrappers.h index 4881f0fa2c..64ac160492 100644 --- a/src/common/utils/tests/unit/wrappers/externals/pcre2/pcre2_wrappers.h +++ b/src/common/utils/tests/unit/wrappers/externals/pcre2/pcre2_wrappers.h @@ -14,7 +14,6 @@ #define PCRE2_CODE_UNIT_WIDTH 8 #include "shared.h" -#include "expression.h" #define w_pcre2_match_data_create_from_pattern wrap_pcre2_match_data_create_from_pattern #define w_pcre2_match wrap_pcre2_match @@ -23,7 +22,7 @@ pcre2_match_data_8 * wrap_pcre2_match_data_create_from_pattern(pcre2_code_8 * code, void* aux); -int wrap_pcre2_match(pcre2_code_8 * code_match_data, const PCRE2_UCHAR8 * str_test, +int wrap_pcre2_match(pcre2_code_8 * code_match_data, const PCRE2_UCHAR8 * str_test, size_t strlen, int a, int b, pcre2_match_data_8 * match_data, void * aux); void wrap_pcre2_match_data_free(pcre2_match_data_8 * match_data); @@ -32,7 +31,7 @@ size_t* wrap_pcre2_get_ovector_pointer(pcre2_match_data_8 * match_data); /** * @brief Disable or enable the PCRE2 wrappers - * + * * The wrappers are enabled by default. * @param enable If true, the wrappers are disabled. If false, the wrappers are enabled. */ diff --git a/src/common/utils/tests/unit/wrappers/macos/libc/stdio_wrappers.c b/src/common/utils/tests/unit/wrappers/macos/libc/stdio_wrappers.c index 507fcaf5bd..a4b77d70b2 100644 --- a/src/common/utils/tests/unit/wrappers/macos/libc/stdio_wrappers.c +++ b/src/common/utils/tests/unit/wrappers/macos/libc/stdio_wrappers.c @@ -132,7 +132,7 @@ void * wrap_mmap (void *start, size_t length, int prot, int flags, int fd, off_t } return ret; - + } return mmap(start, length, prot, flags, fd, offset); } diff --git a/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.c b/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.c index 9e2cea2a46..64f5a60bc0 100644 --- a/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.c +++ b/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.c @@ -22,7 +22,7 @@ void wrap_plist_from_bin (char * bin, size_t size, plist_t *node) { *node = mock_type(plist_t); return; } - + plist_from_bin(bin, size, node); } @@ -34,7 +34,7 @@ void wrap_plist_to_xml (plist_t *node, char ** xml, uint32_t *size) { *size = mock_type(uint32_t); return; } - + plist_to_xml(node, xml, size); } @@ -43,6 +43,6 @@ void wrap_plist_free(plist_t node) { check_expected(node); return; } - + plist_free(node); -} \ No newline at end of file +} diff --git a/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.h b/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.h index 42964e7458..c673f34b3d 100644 --- a/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.h +++ b/src/common/utils/tests/unit/wrappers/macos/libplist_wrappers.h @@ -23,4 +23,4 @@ void wrap_plist_from_bin (char * bin, size_t size, plist_t *node); void wrap_plist_to_xml (plist_t *node, char ** xml, uint32_t *size); void wrap_plist_free(plist_t node); -#endif \ No newline at end of file +#endif diff --git a/src/common/utils/tests/unit/wrappers/macos/posix/dirent_wrappers.c b/src/common/utils/tests/unit/wrappers/macos/posix/dirent_wrappers.c index e15b286312..80e0895e90 100644 --- a/src/common/utils/tests/unit/wrappers/macos/posix/dirent_wrappers.c +++ b/src/common/utils/tests/unit/wrappers/macos/posix/dirent_wrappers.c @@ -31,7 +31,7 @@ DIR * wrap_opendir(const char *filename) { errno = ESRCH; } - return ret; + return ret; } else { return opendir(filename); } diff --git a/src/common/utils/tests/unit/wrappers/posix/signal_wrappers.c b/src/common/utils/tests/unit/wrappers/posix/signal_wrappers.c index 0a4a13525f..f80037cf10 100644 --- a/src/common/utils/tests/unit/wrappers/posix/signal_wrappers.c +++ b/src/common/utils/tests/unit/wrappers/posix/signal_wrappers.c @@ -16,7 +16,7 @@ #include int __wrap_kill(pid_t pid, int sig){ - + check_expected(sig); check_expected(pid); return mock(); diff --git a/src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.c b/src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.c similarity index 54% rename from src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.c rename to src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.c index 1a894d02f8..5e05ba8354 100644 --- a/src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.c +++ b/src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.c @@ -7,12 +7,20 @@ * Foundation */ -#include "logcollector_wrappers.h" +#include "stat64_wrappers.h" #include #include #include #include +#include -int __wrap_can_read() { +int wrap__stat64(const char * __file, struct _stat64 * __buf) { + struct _stat64 * mock_buf; + + check_expected(__file); + mock_buf = mock_type(struct _stat64 *); + if (mock_buf != NULL) { + memcpy(__buf, mock_buf, sizeof(struct _stat64)); + } return mock_type(int); } diff --git a/src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.h b/src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.h similarity index 60% rename from src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.h rename to src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.h index b1ddd37b2d..7fd145d61c 100644 --- a/src/modules/logcollector/tests/unit/wrappers/logcollector_wrappers.h +++ b/src/common/utils/tests/unit/wrappers/windows/stat64_wrappers.h @@ -6,11 +6,13 @@ * License (version 2) as published by the FSF - Free Software * Foundation */ +#ifndef STAT64_WRAPPERS_H +#define STAT64_WRAPPERS_H +#include -#ifndef LOGCOLLECTOR_WRAPPERS_H -#define LOGCOLLECTOR_WRAPPERS_H +#define _stat64(x, y) wrap__stat64(x, y) -int __wrap_can_read(); +int wrap__stat64(const char * __file, struct _stat64 * __buf); #endif diff --git a/src/common/validate_op/CMakeLists.txt b/src/common/validate_op/CMakeLists.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/common/validate_op/include/validate_op.h b/src/common/validate_op/include/validate_op.h deleted file mode 100644 index 22e8f0801d..0000000000 --- a/src/common/validate_op/include/validate_op.h +++ /dev/null @@ -1,191 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef VALIDATE_H -#define VALIDATE_H - - -/* Run-time definitions */ -int getDefine_Int(const char *high_name, const char *low_name, int min, int max) __attribute__((nonnull)); - - -/** - * @brief Check if IP_address is present at that_ip - * - * @param ip_address IP address. - * @param that_ip Struct os_ip to check. - * @return Returns 1 on success or 0 on failure. - */ -int OS_IPFound(const char *ip_address, const os_ip *that_ip) __attribute__((nonnull)); - - -/** - * @brief Check if IP_address is present at that_ip - * - * @param ip_address IP address. - * @param list_of_ips List of os_ip struct to check. - * @return Returns 1 on success or 0 on failure. - */ -int OS_IPFoundList(const char *ip_address, os_ip **list_of_ips);// __attribute__((nonnull)); - - -/** - * @brief Validate if an IP address is in the right format - * - * @param ip_address [in] IP address. - * @param final_ip [out] Struct os_ip with the given IP address. - * @return Returns 0 if doesn't match or 1 if it does (or 2 if it has a CIDR). - */ -int OS_IsValidIP(const char *ip_address, os_ip *final_ip); - - -/** - * @brief Check if an IPv4 address is embedded in an IPv6 address and resolve it. - * - * @param ip_address IPv6 address to be analized, if it contains an IPv4, it will be modified with it. - * @param size Size of the address buffer. - * @return Returns 0 if doesn't match or 1 if it does. - */ -int OS_GetIPv4FromIPv6(char *ip_address, size_t size); - - -/** - * @brief Expand IPv6 to its full representation. - * - * @param ip_address IPv6 address to be expanded, it will be modified with its full representation. - * @param size Size of the address buffer. - * @return Returns 0 on success or -1 on failure. - */ -int OS_ExpandIPv6(char *ip_address, size_t size); - - -/** - * @brief Validate if a time is in an acceptable format. - * - * Acceptable formats: - * hh:mm - hh:mm (24 hour format) - * !hh:mm - hh:mm (24 hour format) - * hh - hh (24 hour format) - * hh:mm am - hh:mm pm (12 hour format) - * hh am - hh pm (12 hour format) - * - * @param time_str Time to be validated. - * @return Returns 0 if doesn't match or a valid string in success. - */ -char *OS_IsValidTime(const char *time_str); - - -/** - * @brief Validate if a time is in an acceptable format, but only accepts a unique time, not a range. - * - * @param time_str Time to be validated. - * @return Returns 0 if doesn't match or a valid string in success. - */ -char *OS_IsValidUniqueTime(const char *time_str) __attribute__((nonnull)); - - -/** - * @brief Validate if a time is in on a specied time interval. - * Must be a valid string, called after OS_IsValidTime(). - * @param time_str Time to be validated. - * @param ossec_time Time interval. - * @return Returns 1 on success or 0 on failure. - */ -int OS_IsonTime(const char *time_str, const char *ossec_time) __attribute__((nonnull)); - - -/** - * @brief Checks if time is the same or has passed a specified one. - * Must be a valid string, called after OS_IsValidTime(). - * @param time_str Time to be validated. - * @param ossec_time Time interval. - * @return Returns 1 on success or 0 on failure. - */ -int OS_IsAfterTime(const char *time_str, const char *ossec_time) __attribute__((nonnull)); - - -/** - * @brief Checks if time is the same or has passed a specified one. - * Acceptable formats: - * weekdays, weekends, monday, tuesday, thursday,.. - * monday,tuesday - * mon,tue wed - * @param day_str Day to be validated. - * @return Returns 0 if doesn't match or a valid string in success. - */ -char *OS_IsValidDay(const char *day_str); - - -/** - * @brief Check if the specified week day is in the range. - * - * @param week_day Day of the week. - * @param ossec_day Interval. - * @return Returns 1 on success or 0 on failure. - */ -int OS_IsonDay(int week_day, const char *ossec_day) __attribute__((nonnull)); - - -/** - * @brief Convert a CIDR into string: aaa.bbb.ccc.ddd[/ee] - * - * @param ip [in] IP to be converted. - * @param string [out] Allocated string to store the IP. - * @param size [in] Size of the allocated string. - * @return Returns 0 on success or -1 on failure. - */ -int OS_CIDRtoStr(const os_ip * ip, char * string, size_t size); - - -/** - * @brief Validate the day of the week set and retrieve its corresponding integer value. - * - * @param day_str Day of the week. - * @return Return day of the week. If not found, -1 is returned. - */ -int w_validate_wday(const char * day_str); - - -/** - * @brief Validate a given time. - * Acceptable format: hh:mm (24 hour format) - * - * @param time_str Time to be validated. - * @return Returns NULL on error or a valid string in success. - */ -char * w_validate_time(const char * time_str); - - -/** - * @brief Validate if the specified interval is multiple of weeks or days. - * - * @param interval Interval to be validated. - * @param force Set to 0 to check if it is multiple of days or 1 for weeks. - * @return Returns 0 if the interval is multiple, -1 otherwise. - */ -int w_validate_interval(int interval, int force); - - -/** - * @brief Convert to bytes - * - * @param content string to validate - * @return number of bytes on success, otherwise -1 - */ -long long w_validate_bytes(const char *content); - - -/* Macros */ - -/* Check if the IP is a single host, not a network with a netmask */ -#define isSingleHost(x) ((x->is_ipv6) ? false : (x->ipv4->netmask == 0xFFFFFFFF)) - - -#endif /* VALIDATE_H */ diff --git a/src/common/validate_op/src/validate_op.c b/src/common/validate_op/src/validate_op.c deleted file mode 100644 index 88b3b65af7..0000000000 --- a/src/common/validate_op/src/validate_op.c +++ /dev/null @@ -1,1163 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "validate_op.h" -#include "expression.h" -#include "../os_net/os_net.h" - -#ifdef WAZUH_UNIT_TESTING -#define static - -#undef OSSEC_DEFINES -#define OSSEC_DEFINES "./internal_options.conf" - -#undef OSSEC_LDEFINES -#define OSSEC_LDEFINES "./local_internal_options.conf" -#endif - -#define DEFAULT_IPV6_PREFIX 128 -#define DEFAULT_IPV4_NETMASK 32 - - -static char *_read_file(const char *high_name, const char *low_name, const char *defines_file) __attribute__((nonnull(3))); -static void _init_masks(void); -static const char *__gethour(const char *str, char *ossec_hour, const size_t ossec_hour_len) __attribute__((nonnull)); - -/** - * @brief Convert the netmask from an integer value, valid from 0 to 128. - * - * @param[in] netnumb Integer value of the netmask. - * @param[out] nmask6 structure to complete value of the netmask. - * @return Returns 0 on success or -1 on failure. - */ -static int convertNetmask(int netnumb, struct in6_addr *nmask6); - -/** - * @brief Get CIDR from IPv6 netmask. - * - * @param[in] netmask IPV6 netmask. - * @return CIDR representation of IPv6 netmask. - */ -static int getCIDRipv6(uint8_t *netmask); - -/* Global variables */ -static int _mask_inited = 0; -static unsigned int _netmasks[33]; - - -/* -* ipv4 alone; or ipv4 + CIDR; or ipv4 + netmask -* example: "10.10.10.10" or "10.10.10.10/32" or "10.10.10.10/255.255.255.255" -* -* ipv6 format: uncompress and compress IPv6 supported, with or without prefix -* example: "2001:db8:abcd:0012:0000:0000:0000:0000" or "11AA::11AA" or "::11AA:11AA:11AA:11AA/64" -*/ - -#define IPV4_ADDRESS "(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\x5c.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])" -#define IPV6_PREFIX "12[0-8]|1[0-1][0-9]|[0-9]?[0-9]" - -#define IPV4_MASK_IPV6 "^::[fF]{4}:("IPV4_ADDRESS"(?:\x2F(?:(?:3[0-2]|[1-2]?[0-9])|"IPV4_ADDRESS"))?)$" - -static char *ip_address_regex[] = { -// IPv4 -"^(?:::[fF]{4}:)?("IPV4_ADDRESS")(?:\x2F((?:3[0-2]|[1-2]?[0-9])|"IPV4_ADDRESS"))?$", -// IPv6 -"^((?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,6}(?::[0-9a-fA-F]{1,4}){1})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1}(?::[0-9a-fA-F]{1,4}){1,6})(?:\x2F("IPV6_PREFIX"))?$", -"^((?:[0-9a-fA-F]{1,4}:){1,7}:)(?:\x2F("IPV6_PREFIX"))?$", -"^(:(?::[0-9a-fA-F]{1,4}){1,7})(?:\x2F("IPV6_PREFIX"))?$", -"^(::)$", -NULL, -}; - -/* Read the file and return a string the matches the following - * format: high_name.low_name. - * If return is not null, value must be freed - */ -static char *_read_file(const char *high_name, const char *low_name, const char *defines_file) -{ - FILE *fp; - char buf[OS_SIZE_1024 + 1]; - char *buf_pt; - char *tmp_buffer; - char *ret; - int i; - - fp = wfopen(defines_file, "r"); - if (!fp) { - if (strcmp(defines_file, OSSEC_LDEFINES) != 0) { - merror(FOPEN_ERROR, defines_file, errno, strerror(errno)); - } - return (NULL); - } - w_file_cloexec(fp); - - /* Invalid call */ - if (!high_name || !low_name) { - merror(NULL_ERROR); - fclose(fp); - return (NULL); - } - - /* Read it */ - buf[OS_SIZE_1024] = '\0'; - while (fgets(buf, OS_SIZE_1024 , fp) != NULL) { - /* Commented or blank lines */ - if (buf[0] == '#' || buf[0] == ' ' || buf[0] == '\n') { - continue; - } - - /* Messages not formatted correctly */ - buf_pt = strchr(buf, '.'); - if (!buf_pt) { - merror(FGETS_ERROR, defines_file, buf); - continue; - } - - /* Check for the high name */ - *buf_pt = '\0'; - buf_pt++; - if (strcmp(buf, high_name) != 0) { - continue; - } - - tmp_buffer = buf_pt; - - /* Get the equal */ - buf_pt = strchr(buf_pt, '='); - if (!buf_pt) { - merror(FGETS_ERROR, defines_file, buf); - continue; - } - - /* Prepare buf_pt to access the value for this option */ - *buf_pt = '\0'; - buf_pt++; - - /* Remove possible whitespaces between the low name and the equal sign */ - i = (strlen(tmp_buffer) - 1); - while(tmp_buffer[i] == ' ') - { - tmp_buffer[i] = '\0'; - i--; - } - - /* Check for the low name */ - if (strcmp(tmp_buffer, low_name) != 0) { - continue; - } - - /* Ignore possible whitespaces between the equal sign and the value for this option */ - while(*buf_pt == ' ') buf_pt++; - - /* Remove newlines or anything that will cause errors */ - tmp_buffer = strrchr(buf_pt, '\n'); - if (tmp_buffer) { - *tmp_buffer = '\0'; - } - tmp_buffer = strrchr(buf_pt, '\r'); - if (tmp_buffer) { - *tmp_buffer = '\0'; - } - - os_strdup(buf_pt, ret); - fclose(fp); - return (ret); - } - - fclose(fp); - return (NULL); -} - -/* Convert to netmasks from CIDR number */ -static int convertNetmask(int netnumb, struct in6_addr *nmask6) -{ - if (netnumb < 0 || netnumb > 128) { - return -1; - } - - uint32_t aux = 0; - uint32_t index = 0; - uint8_t variable_size = 8; - - for (int i = 0; i < 16; i++) { -#ifndef WIN32 - nmask6->s6_addr[i] = 0; -#else - nmask6->u.Byte[i] = 0; -#endif - index = ((netnumb > variable_size) ? variable_size : netnumb); - netnumb -= index; - - for (uint8_t a = 0; a < index; a++) { - aux = variable_size - a -1; -#ifndef WIN32 - nmask6->s6_addr[i] += UINT8_C(1) << aux; -#else - nmask6->u.Byte[i] += UINT8_C(1) << aux; -#endif - } - } - return 0; -} - -/* Initialize netmasks -- taken from snort util.c */ -static void _init_masks() -{ - _mask_inited = 1; - _netmasks[0] = 0x0; - _netmasks[1] = 0x80000000; - _netmasks[2] = 0xC0000000; - _netmasks[3] = 0xE0000000; - _netmasks[4] = 0xF0000000; - _netmasks[5] = 0xF8000000; - _netmasks[6] = 0xFC000000; - _netmasks[7] = 0xFE000000; - _netmasks[8] = 0xFF000000; - _netmasks[9] = 0xFF800000; - _netmasks[10] = 0xFFC00000; - _netmasks[11] = 0xFFE00000; - _netmasks[12] = 0xFFF00000; - _netmasks[13] = 0xFFF80000; - _netmasks[14] = 0xFFFC0000; - _netmasks[15] = 0xFFFE0000; - _netmasks[16] = 0xFFFF0000; - _netmasks[17] = 0xFFFF8000; - _netmasks[18] = 0xFFFFC000; - _netmasks[19] = 0xFFFFE000; - _netmasks[20] = 0xFFFFF000; - _netmasks[21] = 0xFFFFF800; - _netmasks[22] = 0xFFFFFC00; - _netmasks[23] = 0xFFFFFE00; - _netmasks[24] = 0xFFFFFF00; - _netmasks[25] = 0xFFFFFF80; - _netmasks[26] = 0xFFFFFFC0; - _netmasks[27] = 0xFFFFFFE0; - _netmasks[28] = 0xFFFFFFF0; - _netmasks[29] = 0xFFFFFFF8; - _netmasks[30] = 0xFFFFFFFC; - _netmasks[31] = 0xFFFFFFFE; - _netmasks[32] = 0xFFFFFFFF; -} - -/* Get an integer definition. This function always return on - * success or exits on error. - */ -int getDefine_Int(const char *high_name, const char *low_name, int min, int max) -{ - int ret; - char *value; - char *pt; - - /* Try to read from the local define file */ - value = _read_file(high_name, low_name, OSSEC_LDEFINES); - if (!value) { - value = _read_file(high_name, low_name, OSSEC_DEFINES); - if (!value) { - merror_exit(DEF_NOT_FOUND, high_name, low_name); - } - } - - pt = value; - while (*pt != '\0') { - if (!isdigit((int)*pt)) { - merror_exit(INV_DEF, high_name, low_name, value); - } - pt++; - } - - ret = atoi(value); - if ((ret < min) || (ret > max)) { - merror_exit(INV_DEF, high_name, low_name, value); - } - - /* Clear memory */ - free(value); - - return (ret); -} - -/* Check if IP_address is present at that_IP - * Returns 1 on success or 0 on failure - */ -int OS_IPFound(const char *ip_address, const os_ip *that_ip) -{ - int _true = 1; - bool is_ipv6 = false; - struct in_addr net; - struct in6_addr net6; - - /* Extract IP address */ - if (OS_SUCCESS == get_ipv4_numeric(ip_address, &net)) { - is_ipv6 = false; - } else if (OS_SUCCESS == get_ipv6_numeric(ip_address, &net6)) { - is_ipv6 = true; - } else { - return (!_true); - } - - /* If negate is set */ - if (that_ip->ip[0] == '!') { - _true = 0; - } - - /* Check if IP is in thatip & netmask */ - if (is_ipv6) { - for(unsigned int i = 0; i < 16; i++) { -#ifndef WIN32 - if ((net6.s6_addr[i] & that_ip->ipv6->netmask[i]) != that_ip->ipv6->ip_address[i]) { -#else - if ((net6.u.Byte[i] & that_ip->ipv6->netmask[i]) != that_ip->ipv6->ip_address[i]) { -#endif - break; - } else if (i >= (15)) { - return (_true); - } - } - } else { - if ((net.s_addr & that_ip->ipv4->netmask) == that_ip->ipv4->ip_address) { - return (_true); - } - } - - /* Didn't match */ - return (!_true); -} - -/* Check if IP_address is present in the "list_of_ips". - * Returns 1 on success or 0 on failure - * The list MUST be NULL terminated - */ -int OS_IPFoundList(const char *ip_address, os_ip **list_of_ips) -{ - int _true = 1; - bool is_ipv6 = false; - struct in_addr net; - struct in6_addr net6; - - /* Extract IP address */ - if (OS_SUCCESS == get_ipv4_numeric(ip_address, &net)) { - is_ipv6 = false; - } else if (OS_SUCCESS == get_ipv6_numeric(ip_address, &net6)) { - is_ipv6 = true; - } else { - return (!_true); - } - - while (*list_of_ips) { - os_ip *l_ip = *list_of_ips; - - if (l_ip->ip[0] == '!') { - _true = 0; - } - - /* Check if IP is in thatip & netmask */ - if (is_ipv6) { - for(unsigned int i = 0; i < 16; i++) { -#ifndef WIN32 - if ((net6.s6_addr[i] & l_ip->ipv6->netmask[i]) != l_ip->ipv6->ip_address[i]) { -#else - if ((net6.u.Byte[i] & l_ip->ipv6->netmask[i]) != l_ip->ipv6->ip_address[i]) { -#endif - break; - } else if (i >= (15)) { - return (_true); - } - } - } else { - if ((net.s_addr & l_ip->ipv4->netmask) == l_ip->ipv4->ip_address) { - return (_true); - } - } - - list_of_ips++; - } - - return (!_true); -} - -/* Validate if an IP address is in the right format - * Returns 0 if doesn't match or 1 if it is an IP or 2 an IP with CIDR. - * WARNING: On success this function may modify the value of ip_address - */ -int OS_IsValidIP(const char *ip_address, os_ip *final_ip) -{ - unsigned int ret = 0; - - /* Can't be null */ - if (!ip_address) { - return (0); - } - - if (*ip_address == '!') { - ip_address++; - } - - /* Assign the IP address */ - if (final_ip) { - memset(final_ip, 0, sizeof(os_ip)); - os_calloc(IPSIZE + 1, sizeof(char), final_ip->ip); - strncpy(final_ip->ip, ip_address, IPSIZE); - OS_GetIPv4FromIPv6(final_ip->ip, IPSIZE); - } - - if (strcmp(ip_address, "any") != 0) { - - w_expression_t * exp; - unsigned int i = 0; - - regex_matching * regex_match = NULL; - os_calloc(1, sizeof(regex_matching), regex_match); - - while (ip_address_regex[i] != NULL) { - - w_calloc_expression_t(&exp, EXP_TYPE_PCRE2); - if (w_expression_compile(exp, ip_address_regex[i], 0) && - w_expression_match(exp, ip_address, NULL, regex_match)) { - - /* number of regex captures */ - int sub_strings_num = 0; - if (regex_match->sub_strings) { - for (sub_strings_num = 0; regex_match->sub_strings[sub_strings_num] != NULL; sub_strings_num++); - } - - ret = sub_strings_num == 2 ? 2 : 1; - - if (final_ip) { - /* Regex 0 (i = 0) match IPv4, superior regex match IPv6 */ - if (i > 0) { - /* IPv6 */ - os_calloc(1, sizeof(os_ipv6), final_ip->ipv6); - final_ip->is_ipv6 = TRUE; - - /* At this point regex can capture 1 or 2 strings, first is the ip and second the prefix */ - if (sub_strings_num > 0) { - /* IP Address captured */ - struct in6_addr net6; - struct in6_addr nmask6; - memset(&net6, 0, sizeof(net6)); - memset(&nmask6, 0, sizeof(nmask6)); - - if (OS_INVALID == get_ipv6_numeric(regex_match->sub_strings[0], &net6)) { - ret = 0; - break; - } - - if (sub_strings_num == 2) { - /* prefix */ - int cidr = atoi(regex_match->sub_strings[1]); - if ((strlen(regex_match->sub_strings[1]) > 3) || - convertNetmask(cidr, &nmask6)) { - ret = 0; - break; - } - } else if (convertNetmask(DEFAULT_IPV6_PREFIX, &nmask6)) { - ret = 0; - break; - } -#ifndef WIN32 - for(unsigned int i = 0; i < 16; i++) { - final_ip->ipv6->ip_address[i] = net6.s6_addr[i] & nmask6.s6_addr[i]; - } - memcpy(final_ip->ipv6->netmask, nmask6.s6_addr, sizeof(final_ip->ipv6->netmask)); -#else - for(unsigned int i = 0; i < 16; i++) { - final_ip->ipv6->ip_address[i] = net6.u.Byte[i] & nmask6.u.Byte[i]; - } - memcpy(final_ip->ipv6->netmask, nmask6.u.Byte, sizeof(final_ip->ipv6->netmask)); -#endif - OS_ExpandIPv6(final_ip->ip, IPSIZE); - - } else { - ret = 0; - break; - } - } else { - /* IPv4 */ - os_calloc(1, sizeof(os_ipv4), final_ip->ipv4); - final_ip->is_ipv6 = FALSE; - - /* At this point regex can capture 1 or 2 strings, ip and CIDR or netmask */ - if (sub_strings_num > 0) { - /* IP Address captured */ - struct in_addr net; - struct in_addr nmask; - memset(&net, 0, sizeof(net)); - memset(&nmask, 0, sizeof(nmask)); - - if (OS_INVALID == get_ipv4_numeric(regex_match->sub_strings[0], &net)) { - if (strcmp("0.0.0.0", regex_match->sub_strings[0]) == 0) { - net.s_addr = 0; - } else { - ret = 0; - break; - } - } - - if (sub_strings_num == 2) { - /* CIDR or Netmask */ - if (strlen(regex_match->sub_strings[1]) <= 2) { - int cidr = atoi(regex_match->sub_strings[1]); - if (!_mask_inited) { - _init_masks(); - } - nmask.s_addr = htonl(_netmasks[cidr]); - } else if (OS_INVALID == get_ipv4_numeric(regex_match->sub_strings[1], &nmask)) { - ret = 0; - break; - } - } else { - if (!_mask_inited) { - _init_masks(); - } - nmask.s_addr = htonl(_netmasks[DEFAULT_IPV4_NETMASK]); - } - - final_ip->ipv4->ip_address = net.s_addr & nmask.s_addr; - final_ip->ipv4->netmask = nmask.s_addr; - - } else { - ret = 0; - break; - } - } - } - break; - } - w_free_expression_t(&exp); - i++; - } - - OSRegex_free_regex_matching(regex_match); - os_free(regex_match) - w_free_expression_t(&exp); - } - else { - /* any case */ - if (final_ip) { - os_calloc(1, sizeof(os_ipv6), final_ip->ipv6); - memset(final_ip->ipv6->ip_address, 0, sizeof(final_ip->ipv6->ip_address)); - memset(final_ip->ipv6->netmask, 0, sizeof(final_ip->ipv6->netmask)); - } - ret = 2; - } - - return ret; -} - -/* Extract embedded IPv4 from IPv6 */ -int OS_GetIPv4FromIPv6(char *ip_address, size_t size) -{ - w_expression_t * exp; - int ret = 0; - - regex_matching * regex_match = NULL; - os_calloc(1, sizeof(regex_matching), regex_match); - - w_calloc_expression_t(&exp, EXP_TYPE_PCRE2); - if (w_expression_compile(exp, IPV4_MASK_IPV6, 0) && - w_expression_match(exp, ip_address, NULL, regex_match)) { - - /* number of regex captures */ - if (regex_match->sub_strings && regex_match->sub_strings[0]) { - strncpy(ip_address, regex_match->sub_strings[0], size); - ret = 1; - } - } - - OSRegex_free_regex_matching(regex_match); - os_free(regex_match) - w_free_expression_t(&exp); - return ret; -} - -/* Expand IPv6 address */ -int OS_ExpandIPv6(char *ip_address, size_t size) -{ - struct in6_addr net6; - char aux_ip[IPSIZE + 1] = {0}; - char *save_ptr = NULL; - - memset(&net6, 0, sizeof(net6)); - strncpy(aux_ip, ip_address, IPSIZE); - - if (OS_INVALID == get_ipv6_numeric(strtok_r(aux_ip, "/", &save_ptr), &net6)) { - return OS_INVALID; - } - - uint8_t aux[16]; - for(unsigned int i = 0; i < 16; i++) { -#ifndef WIN32 - aux[i] = net6.s6_addr[i]; -#else - aux[i] = net6.u.Byte[i]; -#endif - } - - /* In case of ip_address has CIDR */ - int cidr = 0; - char *cidr_str = strtok_r(NULL, "/", &save_ptr); - if (cidr_str) { - cidr = atoi(cidr_str); - if (cidr < 0 || cidr > DEFAULT_IPV6_PREFIX) { - return OS_INVALID; - } - } - - if (cidr) { - snprintf(ip_address, size, "%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X/%u", - (int)aux[0], (int)aux[1], (int)aux[2], (int)aux[3], - (int)aux[4], (int)aux[5], (int)aux[6], (int)aux[7], - (int)aux[8], (int)aux[9], (int)aux[10], (int)aux[11], - (int)aux[12], (int)aux[13], (int)aux[14], (int)aux[15], cidr); - } else { - snprintf(ip_address, size, "%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X", - (int)aux[0], (int)aux[1], (int)aux[2], (int)aux[3], - (int)aux[4], (int)aux[5], (int)aux[6], (int)aux[7], - (int)aux[8], (int)aux[9], (int)aux[10], (int)aux[11], - (int)aux[12], (int)aux[13], (int)aux[14], (int)aux[15]); - } - - return OS_SUCCESS; -} - -/* Must be a valid string, called after OS_IsValidTime - * Returns 1 on success or 0 on failure - */ -int OS_IsonTime(const char *time_str, const char *ossec_time) -{ - int _true = 1; - - if (*ossec_time == '!') { - _true = 0; - } - ossec_time++; - - /* Comparing against min/max value */ - if ((strncmp(time_str, ossec_time, 5) >= 0) && - (strncmp(time_str, ossec_time + 5, 5) <= 0)) { - return (_true); - } - - return (!_true); -} - -/* Validate if a time is in an acceptable format for OSSEC. - * Returns 0 if doesn't match or a valid string for OSSEC usage in success. - * ** On success this function may modify the value of date - * Acceptable formats: - * hh:mm - hh:mm (24 hour format) - * !hh:mm -hh:mm (24 hour format) - * hh - hh (24 hour format) - * hh:mm am - hh:mm pm (12 hour format) - * hh am - hh pm (12 hour format) - */ -#define RM_WHITE(x)while(*x == ' ')x++; - -static const char *__gethour(const char *str, char *ossec_hour, const size_t ossec_hour_len) -{ - int _size = 0; - int chour = 0; - int cmin = 0; - - /* Invalid time format */ - if (!isdigit((int)*str)) { - merror(INVALID_TIME, str); - } - - /* Hour */ - chour = atoi(str); - - /* Get a valid hour */ - if (chour < 0 || chour >= 24) { - merror(INVALID_TIME, str); - return (NULL); - } - - /* Go after the hour */ - while (isdigit((int)*str)) { - _size++; - str++; - } - - /* Invalid hour */ - if (_size > 2) { - merror(INVALID_TIME, str); - return (NULL); - } - - /* Get minute */ - if (*str == ':') { - str++; - if ((!isdigit((int)*str) || - !isdigit((int) * (str + 1))) && isdigit((int) * (str + 2))) { - merror(INVALID_TIME, str); - return (NULL); - } - - cmin = atoi(str); - str += 2; - } - - /* Remove spaces */ - RM_WHITE(str); - - if ((*str == 'a') || (*str == 'A')) { - str++; - if ((*str == 'm') || (*str == 'M')) { - if (chour == 12) chour = 0; - const int bytes_written = snprintf(ossec_hour, ossec_hour_len, "%02d:%02d", chour, cmin); - - if (bytes_written < 0 || (size_t)bytes_written >= ossec_hour_len) { - return (NULL); - } - - str++; - return (str); - } - } else if ((*str == 'p') || (*str == 'P')) { - str++; - if ((*str == 'm') || (*str == 'M')) { - if (chour == 12) chour = 0; - chour += 12; - - /* New hour must be valid */ - if (chour < 0 || chour >= 24) { - merror(INVALID_TIME, str); - return (NULL); - } - - const int bytes_written = snprintf(ossec_hour, ossec_hour_len, "%02d:%02d", chour, cmin); - - if (bytes_written < 0 || (size_t)bytes_written >= ossec_hour_len) { - return (NULL); - } - - str++; - return (str); - } - - } else { - const int bytes_written = snprintf(ossec_hour, ossec_hour_len, "%02d:%02d", chour, cmin); - - if (bytes_written < 0 || (size_t)bytes_written >= ossec_hour_len) { - return (NULL); - } - - return (str); - } - - /* Here is error */ - merror(INVALID_TIME, str); - return (NULL); -} - -char *OS_IsValidTime(const char *time_str) -{ - char *ret; - char first_hour[7]; - char second_hour[7]; - int ng = 0; - - /* Must be not null */ - if (!time_str) { - return (NULL); - } - - /* Clear memory */ - memset(first_hour, '\0', 7); - memset(second_hour, '\0', 7); - - /* Remove spaces */ - RM_WHITE(time_str); - - /* Check for negative */ - if (*time_str == '!') { - ng = 1; - time_str++; - - /* We may have spaces after the '!' */ - RM_WHITE(time_str); - } - - /* Get first hour */ - time_str = __gethour(time_str, first_hour, sizeof(first_hour)); - - if (!time_str) { - return (NULL); - } - - /* Remove spaces */ - RM_WHITE(time_str); - - if (*time_str != '-') { - return (NULL); - } - - time_str++; - - /* Remove spaces */ - RM_WHITE(time_str); - - /* Get second hour */ - time_str = __gethour(time_str, second_hour, sizeof(second_hour)); - if (!time_str) { - return (NULL); - } - - RM_WHITE(time_str); - if (*time_str != '\0') { - return (NULL); - } - - os_calloc(16, sizeof(char), ret); - - /* Fix dump hours */ - if (strcmp(first_hour, second_hour) > 0) { - snprintf(ret, 16, "!%s%s", second_hour, first_hour); - return (ret); - } - - /* For the normal times */ - snprintf(ret, 16, "%c%s%s", ng == 0 ? '.' : '!', first_hour, second_hour); - - return (ret); -} - -/* Check if the current time is the same or has passed the specified one */ -int OS_IsAfterTime(const char *time_str, const char *ossec_time) -{ - /* Unique times can't have a ! */ - if (*ossec_time == '!') { - return (0); - } - - ossec_time++; - - /* Compare against min/max value */ - if (strncmp(time_str, ossec_time, 5) >= 0) { - return (1); - } - - return (0); -} - -/* Create a unique time, not a range. Must be used with OS_IsAfterTime. */ -char *OS_IsValidUniqueTime(const char *time_str) -{ - char mytime[128 + 1]; - - if (*time_str == '!') { - return (NULL); - } - - memset(mytime, '\0', 128 + 1); - snprintf(mytime, 128, "%s-%s", time_str, time_str); - - return (OS_IsValidTime(mytime)); -} - -/* Check if the specified week day is in the range */ -int OS_IsonDay(int week_day, const char *ossec_day) -{ - int _true = 1; - - /* Negative */ - if (ossec_day[7] == '!') { - _true = 0; - } - - if (week_day < 0 || week_day > 7) { - return (0); - } - - /* It is on the right day */ - if (ossec_day[week_day] == 1) { - return (_true); - } - - return (!_true); -} - -/* Validate if a day is in an acceptable format for OSSEC - * Returns 0 if doesn't match or a valid string for OSSEC usage in success. - * WARNING: On success this function may modify the value of date - * Acceptable formats: - * weekdays, weekends, monday, tuesday, thursday,.. - * monday,tuesday - * mon,tue wed - */ -#define RM_SEP(x)while((*x == ' ') || (*x == ','))x++; - -#define IS_SEP(x) (*x == ' ' || *x == ',') - -char *OS_IsValidDay(const char *day_str) -{ - int i = 0, ng = 0; - char *ret; - char day_ret[9] = {0, 0, 0, 0, 0, 0, 0, 0, 0}; - const char *(days[]) = { - "sunday", "sun", "monday", "mon", "tuesday", "tue", - "wednesday", "wed", "thursday", "thu", "friday", - "fri", "saturday", "sat", "weekdays", "weekends", NULL - }; - int days_int[] = {0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 8}; - - /* Must be a valid string */ - if (!day_str) { - return (NULL); - } - - RM_WHITE(day_str); - - /* Check for negatives */ - if (*day_str == '!') { - ng = 1; - RM_WHITE(day_str); - } - - while (*day_str != '\0') { - i = 0; - while (days[i]) { - if (strncasecmp(day_str, days[i], strlen(days[i])) == 0) { - /* Weekdays */ - if (days_int[i] == 7) { - day_ret[1] = 1; - day_ret[2] = 1; - day_ret[3] = 1; - day_ret[4] = 1; - day_ret[5] = 1; - } - /* Weekends */ - else if (days_int[i] == 8) { - day_ret[0] = 1; - day_ret[6] = 1; - } else { - day_ret[days_int[i]] = 1; - } - break; - } - i++; - } - - if (!days[i]) { - return (NULL); - } - - day_str += strlen(days[i]); - - if (IS_SEP(day_str)) { - RM_SEP(day_str); - continue; - } else if (*day_str == '\0') { - break; - } else { - return (NULL); - } - } - - /* Assign values */ - os_calloc(9, sizeof(char), ret); - if (ng == 1) { - /* Set negative */ - ret[7] = '!'; - } - - ng = 0; - for (i = 0; i <= 6; i++) { - /* Check if some is checked */ - if (day_ret[i] == 1) { - ng = 1; - } - ret[i] = day_ret[i]; - } - - /* At least one day must be checked */ - if (ng == 0) { - free(ret); - return (NULL); - } - - return (ret); -} - -// Convert a CIDR into string: aaa.bbb.ccc.ddd[/ee] -int OS_CIDRtoStr(const os_ip * ip, char * string, size_t size) { - int imask = 0; - bool is_ipv6 = false; - uint32_t hmask; - - if (strchr(ip->ip, ':') != NULL) { - is_ipv6 = true; - imask = getCIDRipv6(ip->ipv6->netmask); - } - - if (is_ipv6 && imask < 128) { - return ((snprintf(string, size, "%s/%u", ip->ip, imask) < (int)size) - 1); - - } else if (!is_ipv6 && (ip->ipv4->netmask != 0xFFFFFFFF) && strcmp(ip->ip, "any")) { - if (_mask_inited) { - _init_masks(); - } - - hmask = ntohl(ip->ipv4->netmask); - for (imask = 0; imask < 32 && _netmasks[imask] != hmask; imask++); - return (imask < 32) ? ((snprintf(string, size, "%s/%u", ip->ip, imask) < (int)size) - 1) : -1; - - } else { - strncpy(string, ip->ip, size - 1); - string[size - 1] = '\0'; - return 0; - } -} - -// Get CIDR from IPv6 netmask -static int getCIDRipv6(uint8_t *netmask) { - int imask = 0; - uint8_t aux = 0; - for (uint8_t i = 0; i < 16; i++) { - aux = netmask[i]; - for (uint8_t a = 0; a < 8 && aux > 0; a++) { - if (0x01 & aux) { - imask++; - } - aux = aux >> UINT8_C(1); - } - } - return imask; -} - -/* Validate the day of the week set and retrieve its corresponding integer value. - If not found, -1 is returned. -*/ - -int w_validate_wday(const char * day_str) { - - int i = 0; - - const char *(days[]) = { - "sunday", "sun", "monday", "mon", "tuesday", "tue", - "wednesday", "wed", "thursday", "thu", "friday", - "fri", "saturday", "sat", NULL - }; - - int days_int[] = {0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6}; - - /* Must be a valid string */ - if (!day_str) { - return -1; - } - - // Remove spaces - RM_WHITE(day_str); - - while((days[i] != NULL)) { - if (strncasecmp(day_str, days[i], strlen(days[i])) == 0) { - return days_int[i]; - } - i++; - } - - merror(INVALID_DAY, day_str); - return -1; - -} - -// Acceptable format: hh:mm (24 hour format) -char * w_validate_time(const char * time_str) { - - int hour = -1; - int min = -1; - char * ret_time = NULL; - - if (!time_str) { - return NULL; - } - - /* Remove spaces */ - RM_WHITE(time_str); - - if (!strchr(time_str, ':')) { - merror(INVALID_TIME, time_str); - return NULL; - } - - if (sscanf(time_str, "%d:%d", &hour, &min) < 0) { - merror(INVALID_TIME, time_str); - return NULL; - } else { - if ((hour < 0 || hour >= 24) || (min < 0 || min >= 60)) { - merror(INVALID_TIME, time_str); - return NULL; - } - } - - os_calloc(12, sizeof(char), ret_time); - snprintf(ret_time, 12, "%02d:%02d", hour, min); - - return ret_time; - -} - -// Validate if the specified interval is multiple of weeks or days -int w_validate_interval(int interval, int force) { - - int ret = -1; - - switch(force) { - case 0: // Force to be a multiple of a day - ret = interval % 86400; - break; - case 1: // Force to be a multiple of a week - ret = interval % 604800; - break; - default: - merror("At validate_interval(): internal error."); - } - - return ret; -} - -long long w_validate_bytes(const char *content) { - - long long converted_value = 0; - char * end; - long read_value = strtol(content, &end, 10); - - if (read_value < 0 || read_value == LONG_MAX || content == end) { - return -1; - } - - switch (*end) { - case 'K': - case 'k': - converted_value = read_value * 1024LL; - break; - case 'M': - case 'm': - converted_value = read_value * (1024 * 1024LL); - break; - case 'G': - case 'g': - converted_value = read_value * (1024 * 1024 * 1024LL); - break; - default: - converted_value = read_value; - break; - } - - return converted_value; -} diff --git a/src/common/validate_op/tests/unit/tests/CMakeLists.txt b/src/common/validate_op/tests/unit/tests/CMakeLists.txt deleted file mode 100644 index 3f4a9918cf..0000000000 --- a/src/common/validate_op/tests/unit/tests/CMakeLists.txt +++ /dev/null @@ -1,55 +0,0 @@ -#include wrappers -include(${SRC_FOLDER}/unit_tests/wrappers/wazuh/shared/shared.cmake) - -if(${TARGET} STREQUAL "winagent") - link_directories(${SRC_FOLDER}/syscheckd/build/bin) -endif(${TARGET} STREQUAL "winagent") - -# Tests list and flags -list(APPEND shared_tests_names "test_validate_op") -set(VALIDATE_OP_FLAGS "-Wl,--wrap,w_expression_match -Wl,--wrap,w_calloc_expression_t \ - -Wl,--wrap,w_expression_compile -Wl,--wrap,w_free_expression_t \ - -Wl,--wrap,get_ipv4_numeric -Wl,--wrap,get_ipv6_numeric") -if(${TARGET} STREQUAL "winagent") -list(APPEND shared_tests_flags "${VALIDATE_OP_FLAGS} -Wl,--wrap,syscom_dispatch -Wl,--wrap,Start_win32_Syscheck \ - -Wl,--wrap=is_fim_shutdown -Wl,--wrap=_imp__dbsync_initialize \ - -Wl,--wrap=_imp__rsync_initialize -Wl,--wrap=fim_db_teardown ${DEBUG_OP_WRAPPERS}") -else() -list(APPEND shared_tests_flags "${VALIDATE_OP_FLAGS}") -endif() - -# Compiling tests -list(LENGTH shared_tests_names count) -math(EXPR count "${count} - 1") -foreach(counter RANGE ${count}) - list(GET shared_tests_names ${counter} test_name) - list(GET shared_tests_flags ${counter} test_flags) - - add_executable(${test_name} ${test_name}.c) - - if(${TARGET} STREQUAL "server") - target_link_libraries( - ${test_name} - ${WAZUHLIB} - ${WAZUHEXT} - ANALYSISD_O - ${TEST_DEPS} - ) - else() - target_link_libraries( - ${test_name} - ${TEST_DEPS} - ) - if(${TARGET} STREQUAL "winagent") - target_link_libraries(${test_name} fimdb) - endif(${TARGET} STREQUAL "winagent") - endif() - - if(NOT test_flags STREQUAL " ") - target_link_libraries( - ${test_name} - ${test_flags} - ) - endif() - add_test(NAME ${test_name} COMMAND ${test_name}) -endforeach() diff --git a/src/common/validate_op/tests/unit/tests/test_validate_op.c b/src/common/validate_op/tests/unit/tests/test_validate_op.c deleted file mode 100644 index 4799b0a9df..0000000000 --- a/src/common/validate_op/tests/unit/tests/test_validate_op.c +++ /dev/null @@ -1,1372 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "../../headers/shared.h" -#include "../../headers/validate_op.h" -#include "../wrappers/wazuh/shared/expression_wrappers.h" -#include "../wrappers/wazuh/os_net/os_net_wrappers.h" -#include "../../shared/validate_op.c" - -/* tests */ - -#define TEST_MOCKED - -void w_validate_bytes_non_number (void **state) -{ - const char * value = "hello"; - long long expected_value = -1; - - long long ret = w_validate_bytes(value); - assert_memory_equal(&ret, &expected_value, sizeof(long long)); -} - -void w_validate_bytes_bytes (void **state) -{ - const char * value = "1024B"; - long long expected_value = 1024; - - long long ret = w_validate_bytes(value); - assert_memory_equal(&ret, &expected_value, sizeof(long long)); -} - -void w_validate_bytes_kilobytes (void **state) -{ - const char * value = "1024KB"; - long long expected_value = 1024*1024; - - long long ret = w_validate_bytes(value); - assert_memory_equal(&ret, &expected_value, sizeof(long long)); -} - -void w_validate_bytes_megabytes (void **state) -{ - const char * value = "1024MB"; - long long expected_value = 1024*1024*1024; - - long long ret = w_validate_bytes(value); - assert_memory_equal(&ret, &expected_value, sizeof(long long)); -} - -void w_validate_bytes_gigabytes (void **state) -{ - const char * value = "1024GB"; - long long expected_value = 1024 * ((long long) 1024*1024*1024); - - long long ret = w_validate_bytes(value); - assert_memory_equal(&ret, &expected_value, sizeof(long long)); -} - -void OS_IsValidIP_null(void **state) -{ - int ret = OS_IsValidIP(NULL, NULL); - assert_int_equal(ret, 0); -} - -void OS_IsValidIP_any(void **state) -{ - int ret = OS_IsValidIP("any", NULL); - assert_int_equal(ret, 2); -} - -void OS_IsValidIP_any_struct(void **state) -{ - int ret = 0; - os_ip *ret_ip; - - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - ret = OS_IsValidIP("any", ret_ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_not_valid_ip(void **state) -{ - unsigned int i = 0; - while (ip_address_regex[i] != NULL) { - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - i++; - } - - int ret = OS_IsValidIP("12.0", NULL); - assert_int_equal(ret, 0); -} - -void OS_IsValidIP_valid_multi_ipv4(void **state) -{ - const char * ip_to_test[] = { - "1.1.1.1", - "255.255.255.255", - "100.100.100.100", - "10.10.10.10", - "111.111.111.111", - "222.222.222.222", - "127.0.0.1", - NULL, - }; - - int ret = 0; - os_ip *ret_ip; - - for (int i = 0; ip_to_test[i] != NULL; i++) { - - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, ip_to_test); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - - ret = OS_IsValidIP(ip_to_test[i], ret_ip); - assert_string_equal(ip_to_test[i], ret_ip->ip); - assert_int_equal(ret, 1); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); - } -} - -void OS_IsValidIP_not_valid_multi_ipv4(void **state) -{ - const char * ip_to_test[] = { - // more or less than 4 octets - "111", - "01.01", - "01.01.01", - "10.10.10.10.10", - "222.222.222.222.222", - // octet limit exceeded (more than 255) - "333.333.334.334", - "256.1.01.001", - "1.1.1.256", - "327.0.0.1", - "4000.00.0.1", - // ip with index limit exceeded (more than 32) - "10.10.10.10/", - "10.10.10.10/33", - "10.10.10.10/99", - "10.10.10.10/123", - "10.10.10.10/12345", - // ip with extra 0 - "01.01.01.01", - "001.001.001.001", - "000.00.0.1", - // ip with invalid netmask - "1.1.1.10/36.255.255", - "1.1.1.1/36.1.1.256", - "1.1.1.300/36.1.1.255", - NULL, - }; - - int ret = 0; - os_ip *ret_ip; - - for (int i = 0; ip_to_test[i] != NULL; i++) { - - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - unsigned int a = 0; - while (ip_address_regex[a] != NULL) { - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - a++; - } - - ret = OS_IsValidIP(ip_to_test[i], ret_ip); - assert_string_equal(ip_to_test[i], ret_ip->ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); - } -} - -void OS_IsValidIP_valid_ipv4_CIDR(void **state) -{ - char ip_to_test[] = {"192.168.10.12/32"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "192.168.10.12"); - will_return(__wrap_w_expression_match, "32"); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_string_equal(ip_to_test, ret_ip->ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_fail(void **state) -{ - char ip_to_test[] = {"192.168.10.12/32"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "192.168.10.12"); - will_return(__wrap_w_expression_match, "32"); - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_zero_fail(void **state) -{ - char ip_to_test[] = {"0.0.0.0/32"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "0.0.0"); - will_return(__wrap_w_expression_match, "32"); - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_zero_pass(void **state) -{ - char ip_to_test[] = {"0.0.0.0/32"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "0.0.0.0"); - will_return(__wrap_w_expression_match, "32"); - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 2); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_netmask(void **state) -{ - char ip_to_test[] = {"32.32.32.32/255.255.255.255"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "32.32.32.32"); - will_return(__wrap_w_expression_match, "255.255.255.255"); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_string_equal(ip_to_test, ret_ip->ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_0_netmask(void **state) -{ - char ip_to_test[] = {"0.0.0.0/255.255.255.255"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "0.0.0.0"); - will_return(__wrap_w_expression_match, "255.255.255.255"); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_string_equal(ip_to_test, ret_ip->ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_netmask_0(void **state) -{ - char ip_to_test[] = {"16.16.16.16/255.255.255.0"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "16.16.16.16"); - will_return(__wrap_w_expression_match, "255.255.255.0"); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_string_equal(ip_to_test, ret_ip->ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, FALSE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_netmask_fail(void **state) -{ - char ip_to_test[] = {"32.32.32.32/255.255.255.255"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "32.32.32.32"); - will_return(__wrap_w_expression_match, "255.255.255.255"); - - will_return(__wrap_get_ipv4_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_sub_string_0(void **state) -{ - char ip_to_test[] = {"32.32.32.32/255.255.255.255"}; - - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "32.32.32.32"); - will_return(__wrap_w_expression_match, "255.255.255.255"); - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0xFFFFFFFF); - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0xFFFFFFFF); - - int ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 2); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv4_netmask_0_NULL_struct(void **state) -{ - char ip_to_test[] = {"16.16.16.16/255.255.255.0"}; - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "16.16.16.16"); - will_return(__wrap_w_expression_match, "255.255.255.0"); - - int ret = OS_IsValidIP(ip_to_test, NULL); - assert_int_equal(ret, 2); -} - -void OS_IsValidIP_valid_multi_ipv6(void **state) -{ - const char * ip_to_test[] = { - "2001:db8:abcd:0012:0000:0000:0000:0000", - "2001:db8:abcd:0012:ffff:ffff:ffff:ffff", - "fe80::ceaf:9ff2:b33c:1ca7", - "11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA", - "11AA::11AA:11AA:11AA:11AA:11AA:11AA", - "11AA::11AA:11AA:11AA:11AA:11AA", - "11AA::11AA:11AA:11AA:11AA", - "11AA::11AA:11AA:11AA", - "11AA::11AA:11AA", - "11AA::11AA", - "11AA:11AA:11AA:11AA:11AA:11AA::11AA", - "11AA:11AA:11AA:11AA:11AA::11AA", - "11AA:11AA:11AA:11AA::11AA", - "11AA:11AA:11AA::11AA", - "11AA:11AA::11AA", - "11AA::11AA", - "11AA::11AA:11AA:11AA:11AA:11AA:11AA", - "11AA:11AA::11AA:11AA:11AA:11AA:11AA", - "11AA:11AA:11AA::11AA:11AA:11AA:11AA", - "11AA:11AA:11AA:11AA::11AA:11AA:11AA", - "11AA:11AA:11AA:11AA:11AA::11AA:11AA", - "11AA:11AA:11AA:11AA:11AA:11AA::11AA", - "11AA:11AA:11AA:11AA:11AA:11AA:11AA::", - "11AA:11AA:11AA:11AA:11AA:11AA::", - "11AA:11AA:11AA:11AA:11AA::", - "11AA:11AA:11AA:11AA::", - "11AA:11AA:11AA::", - "11AA:11AA::", - "11AA::", - "::11AA:11AA:11AA:11AA:11AA:11AA:11AA", - "::11AA:11AA:11AA:11AA:11AA:11AA", - "::11AA:11AA:11AA:11AA:11AA", - "::11AA:11AA:11AA:11AA", - "::11AA:11AA:11AA", - "::11AA:11AA", - "::11AA", - "::", - "::ffff:10.2.3.1", - NULL, - }; - - int ret = 0; - os_ip *ret_ip; - - for (int i = 0; ip_to_test[i] != NULL; i++) { - - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, ip_to_test); - - will_return(__wrap_get_ipv6_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv6_numeric, OS_SUCCESS); - - ret = OS_IsValidIP(ip_to_test[i], ret_ip); - //assert_string_equal(ip_to_test[i], ret_ip->ip); - assert_int_equal(ret, 1); - assert_int_equal(ret_ip->is_ipv6, TRUE); - assert_non_null(ret_ip->ipv6->ip_address); - - w_free_os_ip(ret_ip); - } -} - -void OS_IsValidIP_not_valid_multi_ipv6(void **state) -{ - - const char * ip_to_test[] = { - "::11AA:11AA:11AA:11AA:11AA::11AA", - "::11AA:11AA:11AA:11AA:11AA:11AA:", - "::11AA:11AA::11AA:11AA:11AA:", - "::11AA:11AA:11AA:11AA:::", - "::11AA::11AA:11AA::11AA:11AA:11AA::11AA", - "11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA:11AA", - "GGAA:11AA:11AA:11AA:11AA:11AA:11AA:11AA", - NULL, - }; - - int ret = 0; - os_ip *ret_ip; - - for (int i = 0; ip_to_test[i] != NULL; i++) { - - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - int a = 0; - while (ip_address_regex[a] != NULL) { - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - a++; - } - - ret = OS_IsValidIP(ip_to_test[i], ret_ip); - assert_string_equal(ip_to_test[i], ret_ip->ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); - } -} - -void OS_IsValidIP_valid_ipv6_prefix(void **state) -{ - char ip_to_test[] = {"2001:db8:abcd:0012:0000:0000:0000:0000/60"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "2001:db8:abcd:0012:0000:0000:0000:0000"); - will_return(__wrap_w_expression_match, "60"); - - will_return(__wrap_get_ipv6_numeric, OS_SUCCESS); - will_return(__wrap_get_ipv6_numeric, OS_SUCCESS); - - ret = OS_IsValidIP(ip_to_test, ret_ip); - //assert_string_equal(ip_to_test, ret_ip->ip); - assert_int_equal(ret, 2); - assert_int_equal(ret_ip->is_ipv6, TRUE); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv6_prefix_NULL_struct(void **state) -{ - char ip_to_test[] = {"2001:db8:abcd:0012:0000:0000:0000:0000/64"}; - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "2001:db8:abcd:0012:0000:0000:0000:0000"); - will_return(__wrap_w_expression_match, "64"); - - int ret = OS_IsValidIP(ip_to_test, NULL); - assert_int_equal(ret, 2); -} - -void OS_IsValidIP_valid_ipv6_numeric_fail(void **state) -{ - char ip_to_test[] = {"2001:db8:abcd:0012:0000:0000:0000:0000"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, "2001:db8:abcd:0012:0000:0000:0000:0000"); - - will_return(__wrap_get_ipv6_numeric, OS_INVALID); - - ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv6_converNetmask_fail(void **state) -{ - char ip_to_test[] = {"2001:db8:abcd:0012:0000:0000:0000:0000/64"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "2001:db8:abcd:0012:0000:0000:0000:0000"); - will_return(__wrap_w_expression_match, "644"); - - will_return(__wrap_get_ipv6_numeric, OS_SUCCESS); - - ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IsValidIP_valid_ipv6_sub_string_0(void **state) -{ - char ip_to_test[] = {"2001:db8:abcd:0012:0000:0000:0000:0000/64"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, true); - - /* First call to __wrap_w_expression_match fail */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - /* Second call to __wrap_w_expression_match pass */ - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -2); - will_return(__wrap_w_expression_match, "2001:db8:abcd:0012:0000:0000:0000:0000"); - will_return(__wrap_w_expression_match, "64"); - - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0xFFFFFFFF); - - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0xFFFFFFFF); - - ret = OS_IsValidIP(ip_to_test, ret_ip); - assert_int_equal(ret, 2); - - w_free_os_ip(ret_ip); -} - -void OS_IPFound_not_valid_ip(void **state) -{ - char ip_to_test[] = {"2001::db8:abcd::0012/64"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, OS_INVALID); - - ret = OS_IPFound(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IPFound_valid_ipv4(void **state) -{ - char ip_to_test[] = {"255.255.255.255"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - os_strdup("255.255.255.255", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->ipv4->ip_address = 0xFFFFFFFF; - ret_ip->ipv4->netmask = 0xFFFFFFFF; - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0xFFFFFFFF); - - ret = OS_IPFound(ip_to_test, ret_ip); - assert_int_equal(ret, 1); - - w_free_os_ip(ret_ip); -} - -void OS_IPFound_valid_ipv4_negated(void **state) -{ - char ip_to_test[] = {"16.16.16.16"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - os_strdup("!16.16.16.16", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->ipv4->ip_address = 0x10101010; - ret_ip->ipv4->netmask = 0xFFFFFFFF; - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0x10101010); - - ret = OS_IPFound(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IPFound_valid_ipv6(void **state) -{ - char ip_to_test[] = {"1010:1010:1010:1010:1010:1010:1010:1010"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - os_strdup("1010:1010:1010:1010:1010:1010:1010:1010", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - unsigned int a = 0; - for(a = 0; a < 16; a++) { - ret_ip->ipv6->ip_address[a] = 0x10; - } - for(a = 0; a < 16; a++) { - ret_ip->ipv6->netmask[a] = 0xFF; - } - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0x10); - - ret = OS_IPFound(ip_to_test, ret_ip); - assert_int_equal(ret, 1); - - w_free_os_ip(ret_ip); -} - -void OS_IPFound_valid_ipv6_fail(void **state) -{ - char ip_to_test[] = {"1010:1010:1010:1010:1010:1010:1010:1010"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - os_strdup("1010:1010:1010:1010:1010:1010:1010:1010", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - unsigned int a = 0; - for(a = 0; a < 16; a++) { - ret_ip->ipv6->ip_address[a] = 0x10; - } - for(a = 0; a < 16; a++) { - ret_ip->ipv6->netmask[a] = 0xFF; - } - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0x00); - - ret = OS_IPFound(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IPFoundList_fail(void **state) -{ - char ip_to_test[] = {"1010:1010:1010:1010:1010:1010:1010:1010"}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, OS_INVALID); - - ret = OS_IPFoundList(ip_to_test, &ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip); -} - -void OS_IPFoundList_valid_ipv4(void **state) -{ - char ip_to_test[] = {"16.16.16.32"}; - - int ret = 0; - os_ip **ret_ip; - os_calloc(3, sizeof(os_ip *), ret_ip); - os_calloc(1, sizeof(os_ip), ret_ip[0]); - os_calloc(1, sizeof(os_ip), ret_ip[1]); - - os_strdup("16.16.16.16", (*ret_ip[0]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[0]).ipv4); - - (*ret_ip[0]).ipv4->ip_address = 0x10101010; - (*ret_ip[0]).ipv4->netmask = 0xFFFFFFFF; - - os_strdup("16.16.16.32", (*ret_ip[1]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[1]).ipv4); - - (*ret_ip[1]).ipv4->ip_address = 0x10101020; - (*ret_ip[1]).ipv4->netmask = 0xFFFFFFFF; - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0x10101020); - - ret = OS_IPFoundList(ip_to_test, ret_ip); - assert_int_equal(ret, 1); - - w_free_os_ip(ret_ip[0]); - w_free_os_ip(ret_ip[1]); - free(ret_ip); -} - -void OS_IPFoundList_valid_ipv4_negated(void **state) -{ - char ip_to_test[] = {"!16.16.16.16"}; - - int ret = 0; - os_ip **ret_ip; - os_calloc(2, sizeof(os_ip *), ret_ip); - os_calloc(1, sizeof(os_ip), ret_ip[0]); - - os_strdup("!16.16.16.16", (*ret_ip[0]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[0]).ipv4); - - (*ret_ip[0]).ipv4->ip_address = 0x10101010; - (*ret_ip[0]).ipv4->netmask = 0xFFFFFFFF; - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0x10101010); - - ret = OS_IPFoundList(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip[0]); - w_free_os_ip(ret_ip[1]); - free(ret_ip); -} - -void OS_IPFoundList_valid_ipv4_not_found(void **state) -{ - char ip_to_test[] = {"16.16.16.32"}; - - int ret = 0; - os_ip **ret_ip; - os_calloc(4, sizeof(os_ip *), ret_ip); - os_calloc(1, sizeof(os_ip), ret_ip[0]); - os_calloc(1, sizeof(os_ip), ret_ip[1]); - os_calloc(1, sizeof(os_ip), ret_ip[2]); - - os_strdup("16.16.16.16", (*ret_ip[0]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[0]).ipv4); - - (*ret_ip[0]).ipv4->ip_address = 0x10101010; - (*ret_ip[0]).ipv4->netmask = 0xFFFFFFFF; - - os_strdup("16.16.16.32", (*ret_ip[1]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[1]).ipv4); - - (*ret_ip[1]).ipv4->ip_address = 0x10101020; - (*ret_ip[1]).ipv4->netmask = 0xFFFFFFFF; - - os_strdup("16.16.32.32", (*ret_ip[2]).ip); - os_calloc(1, sizeof(os_ipv4), (*ret_ip[2]).ipv4); - - (*ret_ip[2]).ipv4->ip_address = 0x10102020; - (*ret_ip[2]).ipv4->netmask = 0xFFFFFFFF; - - will_return(__wrap_get_ipv4_numeric, 1); - will_return(__wrap_get_ipv4_numeric, 0x10202020); - - ret = OS_IPFoundList(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip[0]); - w_free_os_ip(ret_ip[1]); - w_free_os_ip(ret_ip[2]); - free(ret_ip); -} - -void OS_IPFoundList_valid_ipv6_fail(void **state) -{ - char ip_to_test[] = {"1010:1010:1010:1010:1010:1010:1010:1010"}; - - int ret = 0; - os_ip **ret_ip; - os_calloc(3, sizeof(os_ip *), ret_ip); - os_calloc(1, sizeof(os_ip), ret_ip[0]); - os_calloc(1, sizeof(os_ip), ret_ip[1]); - - for(unsigned int i = 0; i < 2; i++) { - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", (*ret_ip[i]).ip); - os_calloc(1, sizeof(os_ipv6), (*ret_ip[i]).ipv6); - - unsigned int a = 0; - for(a = 0; a < 16; a++) { - (*ret_ip[i]).ipv6->ip_address[a] = 0x10; - } - for(a = 0; a < 16; a++) { - (*ret_ip[i]).ipv6->netmask[a] = 0xFF; - } - } - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0x00); - - ret = OS_IPFoundList(ip_to_test, ret_ip); - assert_int_equal(ret, 0); - - w_free_os_ip(ret_ip[0]); - w_free_os_ip(ret_ip[1]); - free(ret_ip); -} - -void OS_IPFoundList_valid_ipv6(void **state) -{ - char ip_to_test[] = {"1010:1010:1010:1010:1010:1010:1010:1010"}; - - int ret = 0; - os_ip **ret_ip; - os_calloc(3, sizeof(os_ip *), ret_ip); - os_calloc(1, sizeof(os_ip), ret_ip[0]); - os_calloc(1, sizeof(os_ip), ret_ip[1]); - - for(unsigned int i = 0; i < 2; i++) { - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", (*ret_ip[i]).ip); - os_calloc(1, sizeof(os_ipv6), (*ret_ip[i]).ipv6); - - unsigned int a = 0; - for(a = 0; a < 16; a++) { - (*ret_ip[i]).ipv6->ip_address[a] = 0x20; - } - for(a = 0; a < 16; a++) { - (*ret_ip[i]).ipv6->netmask[a] = 0xFF; - } - } - - will_return(__wrap_get_ipv4_numeric, OS_INVALID); - will_return(__wrap_get_ipv6_numeric, 1); - will_return(__wrap_get_ipv6_numeric, 0x20); - - ret = OS_IPFoundList(ip_to_test, ret_ip); - assert_int_equal(ret, 1); - - w_free_os_ip(ret_ip[0]); - w_free_os_ip(ret_ip[1]); - free(ret_ip); -} - -void OS_CIDRtoStr_any(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("any", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->is_ipv6 = false; - ret_ip->ipv4->ip_address = 0x0; - ret_ip->ipv4->netmask = 0x0; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "any"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv4(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("16.16.16.16", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->is_ipv6 = false; - ret_ip->ipv4->ip_address = 0x10101010; - ret_ip->ipv4->netmask = 0xFFFFFFFF; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "16.16.16.16"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv6CIDR_64(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - ret_ip->is_ipv6 = true; - for (unsigned int a = 0; a < 8; a++) { - ret_ip->ipv6->netmask[a] = 0xFF; - } - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "0101:0101:0101:0101:0101:0101:0101:0101/64"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv6CIDR_127(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - ret_ip->is_ipv6 = true; - for (unsigned int a = 0; a < 15; a++) { - ret_ip->ipv6->netmask[a] = 0xFF; - } - ret_ip->ipv6->netmask[15] = 0xFE; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "0101:0101:0101:0101:0101:0101:0101:0101/127"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv6CIDR_128(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - ret_ip->is_ipv6 = true; - for (unsigned int a = 0; a < 16; a++) { - ret_ip->ipv6->netmask[a] = 0xFF; - } - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "0101:0101:0101:0101:0101:0101:0101:0101"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv6(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("0101:0101:0101:0101:0101:0101:0101:0101", ret_ip->ip); - os_calloc(1, sizeof(os_ipv6), ret_ip->ipv6); - - ret_ip->is_ipv6 = true; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "0101:0101:0101:0101:0101:0101:0101:0101/0"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv4_CIDR_24(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("16.16.16.16", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->is_ipv6 = false; - ret_ip->ipv4->ip_address = 0x10101010; - /* FFFFFF = 24 bits */ - ret_ip->ipv4->netmask = 0xFFFFFF; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "16.16.16.16/24"); - - w_free_os_ip(ret_ip); -} - -void OS_CIDRtoStr_valid_ipv4_CIDR_0(void **state) -{ - char ip_to_test[IPSIZE] = {0}; - - int ret = 0; - os_ip *ret_ip; - os_calloc(1, sizeof(os_ip), ret_ip); - - os_strdup("32.32.32.32", ret_ip->ip); - os_calloc(1, sizeof(os_ipv4), ret_ip->ipv4); - - ret_ip->is_ipv6 = false; - ret_ip->ipv4->ip_address = 0x20202020; - /* Zero bits */ - ret_ip->ipv4->netmask = 0x0; - - ret = OS_CIDRtoStr(ret_ip, ip_to_test, IPSIZE); - assert_int_equal(ret, 0); - assert_string_equal(ip_to_test, "32.32.32.32/0"); - - w_free_os_ip(ret_ip); -} - -void OS_GetIPv4FromIPv6_success(void **state) { - - char address[IPSIZE + 1] = {0}; - strncpy(address, "::ffff:10.2.2.3", IPSIZE); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, "10.2.2.3"); - - int ret = OS_GetIPv4FromIPv6(address, IPSIZE); - - assert_string_equal("10.2.2.3", address); - assert_int_equal(ret, 1); -} - -void OS_GetIPv4FromIPv6_netmask_success(void **state) { - - char address[IPSIZE + 1] = {0}; - strncpy(address, "::ffff:10.2.2.3/255.255.255.255", IPSIZE); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, "10.2.2.3/255.255.255.255"); - - int ret = OS_GetIPv4FromIPv6(address, IPSIZE); - - assert_string_equal("10.2.2.3/255.255.255.255", address); - assert_int_equal(ret, 1); -} - -void OS_GetIPv4FromIPv6_compile_fail(void **state) { - - char address[IPSIZE + 1] = {0}; - strncpy(address, "10.2.2.4", IPSIZE); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, false); - - int ret = OS_GetIPv4FromIPv6(address, IPSIZE); - - assert_string_equal("10.2.2.4", address); - assert_int_equal(ret, 0); -} - -void OS_GetIPv4FromIPv6_match_fail(void **state) { - - char address[IPSIZE + 1] = {0}; - strncpy(address, "10.2.2.5/64", IPSIZE); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, false); - - int ret = OS_GetIPv4FromIPv6(address, IPSIZE); - - assert_string_equal("10.2.2.5/64", address); - assert_int_equal(ret, 0); -} - -void OS_GetIPv4FromIPv6_empty_group(void **state) { - - char address[IPSIZE + 1] = {0}; - strncpy(address, "::ffff:10.2.2.3/255.255.255.255", IPSIZE); - - expect_value(__wrap_w_calloc_expression_t, type, EXP_TYPE_PCRE2); - will_return(__wrap_w_expression_compile, true); - will_return(__wrap_w_expression_match, -1); - will_return(__wrap_w_expression_match, NULL); - - int ret = OS_GetIPv4FromIPv6(address, IPSIZE); - - assert_string_equal("::ffff:10.2.2.3/255.255.255.255", address); - assert_int_equal(ret, 0); -} - -int main(void) { - - const struct CMUnitTest tests[] = { - // Tests w_validate_bytes - cmocka_unit_test(w_validate_bytes_non_number), - cmocka_unit_test(w_validate_bytes_bytes), - cmocka_unit_test(w_validate_bytes_kilobytes), - cmocka_unit_test(w_validate_bytes_megabytes), - cmocka_unit_test(w_validate_bytes_gigabytes), - // Test OS_IsValidIP - cmocka_unit_test(OS_IsValidIP_null), - cmocka_unit_test(OS_IsValidIP_any), - cmocka_unit_test(OS_IsValidIP_any_struct), - cmocka_unit_test(OS_IsValidIP_not_valid_ip), - cmocka_unit_test(OS_IsValidIP_valid_multi_ipv4), - cmocka_unit_test(OS_IsValidIP_not_valid_multi_ipv4), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_CIDR), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_fail), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_zero_fail), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_zero_pass), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_netmask), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_0_netmask), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_netmask_0), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_netmask_fail), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_sub_string_0), - cmocka_unit_test(OS_IsValidIP_valid_ipv4_netmask_0_NULL_struct), - cmocka_unit_test(OS_IsValidIP_valid_multi_ipv6), - cmocka_unit_test(OS_IsValidIP_not_valid_multi_ipv6), - cmocka_unit_test(OS_IsValidIP_valid_ipv6_prefix), - cmocka_unit_test(OS_IsValidIP_valid_ipv6_prefix_NULL_struct), - cmocka_unit_test(OS_IsValidIP_valid_ipv6_numeric_fail), - cmocka_unit_test(OS_IsValidIP_valid_ipv6_converNetmask_fail), - cmocka_unit_test(OS_IsValidIP_valid_ipv6_sub_string_0), - // Test OS_IPFound - cmocka_unit_test(OS_IPFound_not_valid_ip), - cmocka_unit_test(OS_IPFound_valid_ipv4), - cmocka_unit_test(OS_IPFound_valid_ipv4_negated), - cmocka_unit_test(OS_IPFound_valid_ipv6), - cmocka_unit_test(OS_IPFound_valid_ipv6_fail), - // Test OS_IPFoundList - cmocka_unit_test(OS_IPFoundList_fail), - cmocka_unit_test(OS_IPFoundList_valid_ipv4), - cmocka_unit_test(OS_IPFoundList_valid_ipv4_negated), - cmocka_unit_test(OS_IPFoundList_valid_ipv4_not_found), - cmocka_unit_test(OS_IPFoundList_valid_ipv6_fail), - cmocka_unit_test(OS_IPFoundList_valid_ipv6), - // Test OS_CIDRtoStr - cmocka_unit_test(OS_CIDRtoStr_any), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv4), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv6), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv6CIDR_64), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv6CIDR_127), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv6CIDR_128), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv4_CIDR_24), - cmocka_unit_test(OS_CIDRtoStr_valid_ipv4_CIDR_0), - // Test OS_GetIPv4FromIPv6 - cmocka_unit_test(OS_GetIPv4FromIPv6_success), - cmocka_unit_test(OS_GetIPv4FromIPv6_netmask_success), - cmocka_unit_test(OS_GetIPv4FromIPv6_compile_fail), - cmocka_unit_test(OS_GetIPv4FromIPv6_match_fail), - cmocka_unit_test(OS_GetIPv4FromIPv6_empty_group), - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.c b/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.c deleted file mode 100644 index fe91f28685..0000000000 --- a/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.c +++ /dev/null @@ -1,77 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include -#include -#include -#include -#include "validate_op_wrappers.h" - -int __wrap_getDefine_Int(__attribute__((unused)) const char *high_name, - __attribute__((unused)) const char *low_name, - __attribute__((unused)) int min, - __attribute__((unused)) int max) { - // For SCA - if (!strcmp(low_name, "request_db_interval")) { - return 5; - } - - // For SCA - if (!strcmp(low_name, "commands_timeout")) { - return 300; - } - - return mock(); -} - -int __wrap_OS_IsValidIP(const char *ip_address, os_ip *final_ip) { - check_expected(ip_address); - check_expected(final_ip); - - int ret = mock(); - if(ret < 0){ - ret *= (-1); - os_strdup(ip_address, final_ip->ip); - if (ret == 2) { - os_calloc(1, sizeof(os_ipv4), final_ip->ipv4); - ret = 1; - } - } - - return ret; -} - -int __wrap_OS_GetIPv4FromIPv6(char *ip_address, size_t size) { - check_expected(ip_address); - check_expected(size); - return mock(); -} - -int __wrap_OS_ExpandIPv6(char *ip_address, size_t size) { - check_expected(ip_address); - check_expected(size); - return mock(); -} - -int __wrap_OS_IPFoundList(const char *ip_address, __attribute__((unused)) os_ip **list_of_ips) { - check_expected(ip_address); - return mock(); -} - -int __wrap_OS_CIDRtoStr(const os_ip *ip, char *string, size_t size) { - check_expected(ip); - check_expected(size); - - char *str = mock_type(char *); - if (str != NULL) { - snprintf(string, size, "%s", str); - } - - return mock(); -} diff --git a/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.h b/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.h deleted file mode 100644 index c80430e901..0000000000 --- a/src/common/validate_op/tests/unit/wrappers/validate_op_wrappers.h +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - - -#ifndef VALIDATE_OP_WRAPPERS_H -#define VALIDATE_OP_WRAPPERS_H - -#include -#include -#include -#include - -#include "../headers/shared.h" -#include "../headers/validate_op.h" - -int __wrap_getDefine_Int(const char *high_name, const char *low_name, int min, int max); - -int __wrap_OS_IsValidIP(const char *ip_address, os_ip *final_ip); - -int __wrap_OS_GetIPv4FromIPv6(char *ip_address, size_t size); - -int __wrap_OS_ExpandIPv6(char *ip_address, size_t size); - -int __wrap_OS_IPFoundList(const char *ip_address, os_ip **list_of_ips); - -int __wrap_OS_CIDRtoStr(const os_ip *ip, char *string, size_t size); - -#endif diff --git a/src/common/vector_op/src/vector_op.c b/src/common/vector_op/src/vector_op.c index e71e021155..52a82d4499 100644 --- a/src/common/vector_op/src/vector_op.c +++ b/src/common/vector_op/src/vector_op.c @@ -29,7 +29,7 @@ void W_Vector_insert(W_Vector *v, const char *element) { v->size *= 2; v->vector = (char **)realloc(v->vector, v->size * sizeof(char *)); if(!v->vector){ - merror_exit(MEM_ERROR, errno, strerror(errno)); + LogCritical(MEM_ERROR, errno, strerror(errno)); } } v->vector[v->used++] = strdup(element); diff --git a/src/common/version_op/CMakeLists.txt b/src/common/version_op/CMakeLists.txt index e69de29bb2..70806f5943 100644 --- a/src/common/version_op/CMakeLists.txt +++ b/src/common/version_op/CMakeLists.txt @@ -0,0 +1,17 @@ +add_library(version_op STATIC src/version_op.c) + +target_include_directories(version_op PUBLIC include) + +target_link_libraries(version_op + utils + time_op + file_op + mem_op + privsep_op + pthreads_op + error_messages + binaries_op + regex_op + randombytes + bzip2_op + Logger) diff --git a/src/common/version_op/src/version_op.c b/src/common/version_op/src/version_op.c index 598f664121..84a8c7d813 100644 --- a/src/common/version_op/src/version_op.c +++ b/src/common/version_op/src/version_op.c @@ -12,6 +12,7 @@ #ifdef __linux__ #include +#include #elif defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__) #include #endif @@ -28,18 +29,18 @@ os_info *get_win_version() DWORD dwRet; HKEY RegistryKey; char * subkey; - const DWORD vsize = 1024; - TCHAR value[vsize]; - DWORD dwCount = vsize; + #define VSIZE 1024 + TCHAR value[VSIZE]; + DWORD dwCount = VSIZE; char version[64] = ""; - const DWORD size = 30; + #define WINVER_SIZE 30 unsigned long type = REG_DWORD; size_t ver_length = 60; size_t v_length = 20; os_calloc(1,sizeof(os_info),info); - os_calloc(vsize, sizeof(char), subkey); + os_calloc(VSIZE, sizeof(char), subkey); typedef void (WINAPI * PGNSI)(LPSYSTEM_INFO); @@ -69,16 +70,16 @@ os_info *get_win_version() // Read Windows Version from registry - snprintf(subkey, vsize - 1, "%s", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); + snprintf(subkey, VSIZE - 1, "%s", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, subkey, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, subkey); + LogError(SK_REG_OPEN, subkey); info->os_name = strdup("Microsoft Windows undefined version"); } else { dwRet = RegQueryValueEx(RegistryKey, TEXT("ProductName"), NULL, NULL, (LPBYTE)value, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'ProductName' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'ProductName' from Windows registry. (Error %u)",(unsigned int)dwRet); info->os_name = strdup("Microsoft Windows undefined version"); } else { @@ -94,33 +95,33 @@ os_info *get_win_version() // Read Windows Version number from registry char vn_temp[64]; memset(vn_temp, '\0', 64); - TCHAR winver[size]; - TCHAR wincomp[size]; + TCHAR winver[WINVER_SIZE]; + TCHAR wincomp[WINVER_SIZE]; DWORD winMajor = 0; DWORD winMinor = 0; - dwCount = size; + dwCount = WINVER_SIZE; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, subkey, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, subkey); + LogError(SK_REG_OPEN, subkey); } // Windows 10 dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentMajorVersionNumber"), NULL, &type, (LPBYTE)&winMajor, &dwCount); if (dwRet == ERROR_SUCCESS) { - dwCount = size; + dwCount = WINVER_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentMinorVersionNumber"), NULL, &type, (LPBYTE)&winMinor, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentMinorVersionNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentMinorVersionNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { snprintf(vn_temp, 63, "%d", (unsigned int)winMajor); info->os_major = strdup(vn_temp); snprintf(vn_temp, 63, "%d", (unsigned int)winMinor); info->os_minor = strdup(vn_temp); - dwCount = size; + dwCount = WINVER_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentBuildNumber"), NULL, NULL, (LPBYTE)wincomp, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { snprintf(vn_temp, 63, "%s", wincomp); @@ -128,10 +129,10 @@ os_info *get_win_version() } } - dwCount = vsize; + dwCount = VSIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("ReleaseId"), NULL, NULL, (LPBYTE)value, &dwCount); if (dwRet != ERROR_SUCCESS) { - mdebug1("Could not read the 'ReleaseId' key from Windows registry. (Error %u)",(unsigned int)dwRet); + LogDebug("Could not read the 'ReleaseId' key from Windows registry. (Error %u)",(unsigned int)dwRet); info->os_release = get_release_from_build(info->os_build); } else { @@ -144,20 +145,21 @@ os_info *get_win_version() else { dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentVersion"), NULL, NULL, (LPBYTE)winver, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'Current Version' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'Current Version' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { - char ** parts = OS_StrBreak('.', winver, 2); - info->os_major = strdup(parts[0]); - info->os_minor = strdup(parts[1]); - for (i = 0; parts[i]; i++){ - free(parts[i]); - } - free(parts); - dwCount = size; + // TODO: Solve when StrBreak is implemented + //char ** parts = OS_StrBreak('.', winver, 2); + //info->os_major = strdup(parts[0]); + //info->os_minor = strdup(parts[1]); + //for (i = 0; parts[i]; i++){ + // free(parts[i]); + //} + //free(parts); + dwCount = WINVER_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("CurrentBuildNumber"), NULL, NULL, (LPBYTE)wincomp, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CurrentBuildNumber' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { snprintf(vn_temp, 63, "%s", wincomp); @@ -183,7 +185,7 @@ os_info *get_win_version() if (NULL != pGNSI) { pGNSI(&si); } else { - mwarn("It was not possible to retrieve GetNativeSystemInfo from kernek32.dll"); + LogWarn("It was not possible to retrieve GetNativeSystemInfo from kernek32.dll"); } if (osvi.wProductType == VER_NT_WORKSTATION && si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) { info->os_name = strdup("Microsoft Windows XP Professional x64 Edition"); @@ -239,15 +241,15 @@ os_info *get_win_version() if(!info->os_release) { DWORD service_pack = 0; dwCount = sizeof(DWORD); - snprintf(subkey, vsize - 1, "%s", "SYSTEM\\CurrentControlSet\\Control\\Windows"); + snprintf(subkey, VSIZE - 1, "%s", "SYSTEM\\CurrentControlSet\\Control\\Windows"); if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, subkey, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, subkey); + LogError(SK_REG_OPEN, subkey); } else { dwRet = RegQueryValueEx(RegistryKey, TEXT("CSDVersion"), NULL, &type, (LPBYTE)&service_pack, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'CSDVersion' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'CSDVersion' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { switch(service_pack) { @@ -279,17 +281,17 @@ os_info *get_win_version() // Read Architecture - snprintf(subkey, vsize - 1, "%s", "System\\CurrentControlSet\\Control\\Session Manager\\Environment"); + snprintf(subkey, VSIZE - 1, "%s", "System\\CurrentControlSet\\Control\\Session Manager\\Environment"); if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, subkey, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, subkey); + LogError(SK_REG_OPEN, subkey); } else { char arch[64] = ""; dwCount = sizeof(arch); dwRet = RegQueryValueEx(RegistryKey, TEXT("PROCESSOR_ARCHITECTURE"), NULL, NULL, (LPBYTE)&arch, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'Architecture' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'Architecture' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { if (!strncmp(arch, "AMD64", 5) || !strncmp(arch, "IA64", 4) || !strncmp(arch, "ARM64", 5)) { info->machine = strdup("x86_64"); @@ -306,16 +308,16 @@ os_info *get_win_version() // Read Hostname - snprintf(subkey, vsize - 1, "%s", "System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName"); + snprintf(subkey, VSIZE - 1, "%s", "System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName"); char nodename[1024] = ""; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, subkey, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, subkey); + LogError(SK_REG_OPEN, subkey); } else { - dwCount = size; + dwCount = WINVER_SIZE; dwRet = RegQueryValueEx(RegistryKey, TEXT("ComputerName"), NULL, NULL, (LPBYTE)&nodename, &dwCount); if (dwRet != ERROR_SUCCESS) { - merror("Error reading 'hostname' from Windows registry. (Error %u)",(unsigned int)dwRet); + LogError("Error reading 'hostname' from Windows registry. (Error %u)",(unsigned int)dwRet); } else { info->nodename = strdup(nodename); } @@ -352,7 +354,7 @@ char *get_release_from_build(char *os_build) { } else if (!strcmp(os_build, "18363")) { os_strdup("1909", retval); } else { - mdebug1("The release associated with the %s build is not recognized.", os_build); + LogDebug("The release associated with the %s build is not recognized.", os_build); } } @@ -468,7 +470,7 @@ os_info *get_unix_version() os_free(info->os_version); static const char *pattern = "([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -504,7 +506,7 @@ os_info *get_unix_version() info->os_platform = strdup("centos"); static const char *pattern = "([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Can not compile regular expression."); + LogCritical("Can not compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -522,7 +524,7 @@ os_info *get_unix_version() info->os_platform = strdup("fedora"); static const char *pattern = " ([0-9][0-9]*) "; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Can not compile regular expression."); + LogCritical("Can not compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -538,7 +540,7 @@ os_info *get_unix_version() } else if (version_release = wfopen("/etc/redhat-release","r"), version_release){ static const char *pattern = "([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Can not compile regular expression."); + LogCritical("Can not compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if (strstr(buff, "CentOS")){ @@ -571,7 +573,7 @@ os_info *get_unix_version() info->os_platform = strdup("arch"); static const char *pattern = "([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -593,7 +595,7 @@ os_info *get_unix_version() info->os_platform = strdup("gentoo"); static const char *pattern = " ([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -611,7 +613,7 @@ os_info *get_unix_version() info->os_platform = strdup("suse"); static const char *pattern = ".*VERSION = ([0-9][0-9]*)"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -641,7 +643,7 @@ os_info *get_unix_version() info->os_platform = strdup("debian"); static const char *pattern = "([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -659,7 +661,7 @@ os_info *get_unix_version() info->os_platform = strdup("slackware"); static const char *pattern = " ([0-9][0-9]*\\.?[0-9]*)\\.*"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 2, match, 0) == 0){ @@ -677,7 +679,7 @@ os_info *get_unix_version() info->os_platform = strdup("alpine"); static const char *pattern = "([0-9]+\\.)?([0-9]+\\.)?([0-9]+)"; if (regcomp(®exCompiled, pattern, REG_EXTENDED)) { - merror_exit("Cannot compile regular expression."); + LogCritical("Cannot compile regular expression."); } while (fgets(buff, sizeof(buff) - 1, version_release)) { if(regexec(®exCompiled, buff, 4, match, 0) == 0){ @@ -693,21 +695,21 @@ os_info *get_unix_version() char *uname_path = NULL; if (get_binary_path("uname", &uname_path) < 0) { - mdebug1("Binary '%s' not found in default paths, the full path will not be used.", uname_path); + LogDebug("Binary '%s' not found in default paths, the full path will not be used.", uname_path); } if (cmd_output = popen(uname_path, "r"), cmd_output) { char full_cmd[OS_MAXSTR] = {0}; if (fgets(buff,sizeof(buff) - 1, cmd_output) == NULL) { - mdebug1("Cannot read from command output (uname)."); + LogDebug("Cannot read from command output (uname)."); // MacOSX } else if (strcmp(strtok_r(buff, "\n", &save_ptr),"Darwin") == 0) { char *cmd_path = NULL; info->os_platform = strdup("darwin"); if (get_binary_path("system_profiler", &cmd_path) < 0) { - mdebug1("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); + LogDebug("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); } snprintf(full_cmd, sizeof(full_cmd), "%s %s", cmd_path, "SPSoftwareDataType"); @@ -716,13 +718,15 @@ os_info *get_unix_version() char *key = strtok_r(buff, ":", &save_ptr); if (key) { const char *expected_key = "System Version"; - char *trimmed_key = w_strtrim(key); + // TODO: replace function w_strtrim + // char *trimmed_key = w_strtrim(key); + char *trimmed_key = key; if (NULL != trimmed_key && strncmp(trimmed_key, expected_key, strlen(expected_key)) == 0) { char *value = strtok_r(NULL, " ", &save_ptr); if (value) { w_strdup(value, info->os_name); } else { - mdebug1("Cannot parse System Version value (system_profiler SPSoftwareDataType)."); + LogDebug("Cannot parse System Version value (system_profiler SPSoftwareDataType)."); } } if(info->os_name) { @@ -731,21 +735,21 @@ os_info *get_unix_version() } } if (NULL == info->os_name) { - mdebug1("Cannot read from command output (system_profiler SPSoftwareDataType)."); + LogDebug("Cannot read from command output (system_profiler SPSoftwareDataType)."); } pclose(cmd_output_ver); } os_free(cmd_path); if (get_binary_path("sw_vers", &cmd_path) < 0) { - mdebug1("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); + LogDebug("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); } memset(full_cmd, '\0', OS_MAXSTR); snprintf(full_cmd, sizeof(full_cmd), "%s %s", cmd_path, "-productVersion"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (sw_vers -productVersion)."); + LogDebug("Cannot read from command output (sw_vers -productVersion)."); } else { w_strdup(strtok_r(buff, "\n", &save_ptr), info->os_version); } @@ -756,7 +760,7 @@ os_info *get_unix_version() snprintf(full_cmd, sizeof(full_cmd), "%s %s", cmd_path, "-buildVersion"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (sw_vers -buildVersion)."); + LogDebug("Cannot read from command output (sw_vers -buildVersion)."); } else { w_strdup(strtok_r(buff, "\n", &save_ptr), info->os_build); } @@ -767,7 +771,7 @@ os_info *get_unix_version() snprintf(full_cmd, sizeof(full_cmd), "%s %s", uname_path, "-r"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (uname -r)."); + LogDebug("Cannot read from command output (uname -r)."); } else if (w_regexec("([0-9][0-9]*\\.?[0-9]*)\\.*", buff, 2, match)){ match_size = match[1].rm_eo - match[1].rm_so; char *kern = NULL; @@ -785,7 +789,7 @@ os_info *get_unix_version() if (os_release = wfopen("/etc/release", "r"), os_release) { if (fgets(buff, sizeof(buff) - 1, os_release) == NULL) { - merror("Cannot read from /etc/release."); + LogError("Cannot read from /etc/release."); fclose(os_release); pclose(cmd_output); os_free(uname_path); @@ -801,7 +805,7 @@ os_info *get_unix_version() os_strdup(base, info->os_version); fclose(os_release); } else { - merror("Cannot get the Solaris version."); + LogError("Cannot get the Solaris version."); fclose(os_release); pclose(cmd_output); os_free(uname_path); @@ -821,7 +825,7 @@ os_info *get_unix_version() snprintf(full_cmd, sizeof(full_cmd), "%s %s", uname_path, "-r"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (uname -r)."); + LogDebug("Cannot read from command output (uname -r)."); } else if (w_regexec("B\\.([0-9][0-9]*\\.[0-9]*)", buff, 2, match)){ match_size = match[1].rm_eo - match[1].rm_so; os_malloc(match_size + 1, info->os_version); @@ -839,7 +843,7 @@ os_info *get_unix_version() snprintf(full_cmd, sizeof(full_cmd), "%s %s", uname_path, "-r"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (uname -r)."); + LogDebug("Cannot read from command output (uname -r)."); } else if (w_regexec("([0-9][0-9]*\\.?[0-9]*)\\.*", buff, 2, match)){ match_size = match[1].rm_eo - match[1].rm_so; os_malloc(match_size + 1, info->os_version); @@ -855,7 +859,7 @@ os_info *get_unix_version() snprintf(full_cmd, sizeof(full_cmd), "%s %s", uname_path, "-r"); if (cmd_output_ver = popen(full_cmd, "r"), cmd_output_ver) { if(fgets(buff, sizeof(buff) - 1, cmd_output_ver) == NULL){ - mdebug1("Cannot read from command output (uname -r)."); + LogDebug("Cannot read from command output (uname -r)."); } else if (w_regexec("([0-9]+-\\S*).*", buff, 2, match)){ match_size = match[1].rm_eo - match[1].rm_so; os_malloc(match_size + 1, info->os_version); @@ -870,7 +874,7 @@ os_info *get_unix_version() os_strdup("aix", info->os_platform); if (get_binary_path("oslevel", &cmd_path) < 0) { - mdebug1("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); + LogDebug("Binary '%s' not found in default paths, the full path will not be used.", cmd_path); } if (cmd_output_ver = popen(cmd_path, "r"), cmd_output_ver) { @@ -881,7 +885,7 @@ os_info *get_unix_version() os_strdup(buff, info->os_version); } } else { - mdebug1("Cannot read from command output (oslevel)."); + LogDebug("Cannot read from command output (oslevel)."); } pclose(cmd_output_ver); } @@ -990,7 +994,7 @@ int get_nproc() { CPU_ZERO(&set); if (sched_getaffinity(getpid(), sizeof(set), &set) < 0) { - mwarn("sched_getaffinity(): %s (%d).", strerror(errno), errno); + LogWarn("sched_getaffinity(): %s (%d).", strerror(errno), errno); return 1; } @@ -1001,7 +1005,7 @@ int get_nproc() { int cpu_cores = 0; if (!(fp = wfopen("/proc/cpuinfo", "r"))) { - mwarn("Unable to read cpuinfo file"); + LogWarn("Unable to read cpuinfo file"); } else { while (fgets(string, OS_MAXSTR, fp) != NULL){ if (!strncmp(string, "processor", 9)){ @@ -1024,11 +1028,11 @@ int get_nproc() { if (!sysctl(mib, 2, &cpu_cores, &len, NULL, 0)) { return cpu_cores; } else { - mwarn("sysctl failed getting CPU cores: %s (%d)", strerror(errno), errno); + LogWarn("sysctl failed getting CPU cores: %s (%d)", strerror(errno), errno); return 1; } #else - mwarn("get_nproc(): Unimplemented."); + LogWarn("get_nproc(): Unimplemented."); return 1; #endif } diff --git a/src/common/version_op/tests/unit/tests/test_version_op.c b/src/common/version_op/tests/unit/tests/test_version_op.c index 7bf3c31596..79e8d78a18 100644 --- a/src/common/version_op/tests/unit/tests/test_version_op.c +++ b/src/common/version_op/tests/unit/tests/test_version_op.c @@ -18,7 +18,6 @@ #include "../wrappers/common.h" #include "../wrappers/libc/stdio_wrappers.h" #include "../wrappers/wazuh/shared/binaries_op_wrappers.h" -#include "../headers/version_op.h" /* setup/teardowns */ static int setup_group(void **state) { diff --git a/src/common/windowsHelper/include/windowsHelper.h b/src/common/windowsHelper/include/windowsHelper.h index 8a709667f3..13de449265 100644 --- a/src/common/windowsHelper/include/windowsHelper.h +++ b/src/common/windowsHelper/include/windowsHelper.h @@ -11,8 +11,7 @@ #ifdef WIN32 -#ifndef _NETWORK_WINDOWS_HELPER_H -#define _NETWORK_WINDOWS_HELPER_H +#pragma once #include #include @@ -24,16 +23,17 @@ #include #include #include +#include #include #include "mem_op.h" #include "stringHelper.h" #include "encodingWindowsHelper.h" #include "timeHelper.h" +#include -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-function" -#pragma GCC diagnostic ignored "-Wreturn-type" -#pragma GCC diagnostic ignored "-Wcast-function-type" +typedef unsigned int UINT; +typedef ULONG (WINAPI* ConvertLengthToIpv4Mask_t)(ULONG, PULONG); +typedef ULONG (WINAPI* GetIfEntry2_t)(PMIB_IF_ROW2); constexpr auto WORKING_ADAPTERS_INFO_BUFFER_SIZE { @@ -128,7 +128,6 @@ namespace Utils return ret; } - typedef NETIOAPI_API (WINAPI* ConvertLengthToIpv4Mask_t)(ULONG, PULONG); static ConvertLengthToIpv4Mask_t getConvertLengthToIpv4MaskFunctionAddress() { ConvertLengthToIpv4Mask_t ret{nullptr}; @@ -142,7 +141,6 @@ namespace Utils return ret; } - typedef NETIOAPI_API (WINAPI* GetIfEntry2_t)(PMIB_IF_ROW2); static GetIfEntry2_t getIfEntry2FunctionAddress() { GetIfEntry2_t ret{nullptr}; @@ -682,9 +680,4 @@ namespace Utils } }; } - -#pragma GCC diagnostic pop - -#endif // _NETWORK_WINDOWS_HELPER_H - -#endif //WIN32 +#endif diff --git a/src/common/windowsHelper/tests/main.cpp b/src/common/windowsHelper/tests/main.cpp index fd7a178715..08fb839052 100644 --- a/src/common/windowsHelper/tests/main.cpp +++ b/src/common/windowsHelper/tests/main.cpp @@ -4,4 +4,4 @@ int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} diff --git a/src/common/windowsHelper/tests/windowsHelper_test.h b/src/common/windowsHelper/tests/windowsHelper_test.h index 146ae8a0cc..c235c67036 100644 --- a/src/common/windowsHelper/tests/windowsHelper_test.h +++ b/src/common/windowsHelper/tests/windowsHelper_test.h @@ -25,4 +25,4 @@ class WindowsHelperTest : public ::testing::Test void TearDown() override; }; -#endif //WINDOWS_HELPER_TEST_H \ No newline at end of file +#endif //WINDOWS_HELPER_TEST_H diff --git a/src/common/wm_exec/src/wm_exec.c b/src/common/wm_exec/src/wm_exec.c index cc454acb9e..9d9071aab3 100644 --- a/src/common/wm_exec/src/wm_exec.c +++ b/src/common/wm_exec/src/wm_exec.c @@ -88,7 +88,7 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad if (!env_path) { snprintf(new_path, OS_SIZE_6144 - 1, "PATH=%s", add_path); } else if (strlen(env_path) >= OS_SIZE_6144) { - merror("at wm_exec(): PATH environment variable too large."); + LogError("at wm_exec(): PATH environment variable too large."); retval = -1; } else { snprintf(new_path, OS_SIZE_6144 - 1, "PATH=%s;%s", add_path, env_path); @@ -96,13 +96,13 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad // Using '_putenv' instead of '_putenv_s' for compatibility with Windows XP. if (_putenv(new_path) < 0) { - merror("at wm_exec(): Unable to set new 'PATH' environment variable (%s).", strerror(errno)); + LogError("at wm_exec(): Unable to set new 'PATH' environment variable (%s).", strerror(errno)); retval = -1; } char * new_env = getenv("PATH"); if (new_env != NULL) { - mdebug1("New 'PATH' environment variable set: '%s'", new_env); + LogDebug("New 'PATH' environment variable set: '%s'", new_env); } os_free(new_path); } @@ -116,7 +116,7 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad if (!CreatePipe(&tinfo.pipe, &sinfo.hStdOutput, NULL, 0)) { winerror = GetLastError(); - merror("at wm_exec(): CreatePipe(%d): %s", winerror, win_strerror(winerror)); + LogError("at wm_exec(): CreatePipe(%d): %s", winerror, win_strerror(winerror)); return -1; } @@ -124,7 +124,7 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad if (!SetHandleInformation(sinfo.hStdOutput, HANDLE_FLAG_INHERIT, 1)) { winerror = GetLastError(); - merror("at wm_exec(): SetHandleInformation(%d): %s", winerror, win_strerror(winerror)); + LogError("at wm_exec(): SetHandleInformation(%d): %s", winerror, win_strerror(winerror)); return -1; } } @@ -142,11 +142,11 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad os_calloc(size, sizeof(wchar_t), wcommand); MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, command, -1, wcommand, size); - mdebug2("UTF-8 command: %ls", wcommand); + LogDebug("UTF-8 command: %ls", wcommand); if (!CreateProcessW(NULL, wcommand, NULL, NULL, TRUE, dwCreationFlags, NULL, NULL, &sinfo, &pinfo)) { winerror = GetLastError(); - merror("at wm_exec(): CreateProcess(%d): %s", winerror, win_strerror(winerror)); + LogError("at wm_exec(): CreateProcess(%d): %s", winerror, win_strerror(winerror)); os_free(wcommand); return -1; } @@ -178,7 +178,7 @@ int wm_exec(char *command, char **output, int *status, int secs, const char * ad default: winerror = GetLastError(); - merror("at wm_exec(): WaitForSingleObject(%d): %s", winerror, win_strerror(winerror)); + LogError("at wm_exec(): WaitForSingleObject(%d): %s", winerror, win_strerror(winerror)); TerminateProcess(pinfo.hProcess, 1); retval = -1; } @@ -226,7 +226,7 @@ DWORD WINAPI Reader(LPVOID args) { length = nextsize; tinfo->output[length] = '\0'; } else { - mwarn("String limit reached."); + LogWarn("String limit reached."); break; } } @@ -247,7 +247,7 @@ void wm_append_handle(HANDLE hProcess) { void * retval = OSList_AddData(wm_children_list, (void *)p_hProcess); if (retval == NULL) { - merror("Child process handle %p could not be registered in the children list.", hProcess); + LogError("Child process handle %p could not be registered in the children list.", hProcess); os_free(p_hProcess); } } @@ -271,7 +271,7 @@ void wm_remove_handle(HANDLE hProcess) { return; } } - mwarn("Child process handle %p could not be removed because it was not found in the children list.", hProcess); + LogWarn("Child process handle %p could not be removed because it was not found in the children list.", hProcess); } w_mutex_unlock(&wm_children_mutex); } @@ -332,7 +332,7 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * if (output) { if (pipe(pipe_fd) < 0) { - merror("At wm_exec(): pipe(): %s", strerror(errno)); + LogError("At wm_exec(): pipe(): %s", strerror(errno)); return -1; } w_descriptor_cloexec(pipe_fd[0]); @@ -345,7 +345,7 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * // Error - merror("Cannot run a subprocess: %s (%d)", strerror(errno), errno); + LogError("Cannot run a subprocess: %s (%d)", strerror(errno), errno); if (output) { close(pipe_fd[0]); @@ -369,25 +369,25 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * if (!env_path) { snprintf(new_path, OS_SIZE_6144 - 1, "%s", add_path); } else if (strlen(env_path) >= OS_SIZE_6144) { - merror("at wm_exec(): PATH environment variable too large."); + LogError("at wm_exec(): PATH environment variable too large."); } else { const int bytes_written = snprintf(new_path, OS_SIZE_6144, "%s:%s", add_path, env_path); if (bytes_written >= OS_SIZE_6144) { - merror("at wm_exec(): New environment variable too large."); + LogError("at wm_exec(): New environment variable too large."); } else if (bytes_written < 0) { - merror("at wm_exec(): New environment variable error: %d (%s).", errno, strerror(errno)); + LogError("at wm_exec(): New environment variable error: %d (%s).", errno, strerror(errno)); } } if (setenv("PATH", new_path, 1) < 0) { - merror("at wm_exec(): Unable to set new 'PATH' environment variable (%s).", strerror(errno)); + LogError("at wm_exec(): Unable to set new 'PATH' environment variable (%s).", strerror(errno)); } char * new_env = getenv("PATH"); if (new_env != NULL) { - mdebug1("New 'PATH' environment variable set: '%s'", new_env); + LogDebug("New 'PATH' environment variable set: '%s'", new_env); } os_free(new_path); } @@ -397,7 +397,7 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * int fd = open("/dev/null", O_RDWR, 0); if (fd < 0) { - merror_exit(FOPEN_ERROR, "/dev/null", errno, strerror(errno)); + LogCritical(FOPEN_ERROR, "/dev/null", errno, strerror(errno)); } dup2(fd, STDIN_FILENO); @@ -436,7 +436,7 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * w_mutex_lock(&tinfo.mutex); if (pthread_create(&thread, NULL, reader, &tinfo)) { - merror("Couldn't create reading thread."); + LogError("Couldn't create reading thread."); w_mutex_unlock(&tinfo.mutex); if (output) { @@ -479,13 +479,13 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * switch (waitpid(pid, &status, 0)) { case -1: - merror("waitpid()"); + LogError("waitpid()"); retval = -1; break; default: if (WEXITSTATUS(status) == EXECVE_ERROR) { - mdebug1("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); + LogDebug("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); retval = -1; } @@ -504,12 +504,12 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * case -1: switch(errno) { case ESRCH: - merror("At wm_exec(): No such process. Couldn't wait PID %d: (%d) %s.", pid, errno, strerror(errno)); + LogError("At wm_exec(): No such process. Couldn't wait PID %d: (%d) %s.", pid, errno, strerror(errno)); retval = -2; break; default: - merror("At wm_exec(): Couldn't wait PID %d: (%d) %s.", pid, errno, strerror(errno)); + LogError("At wm_exec(): Couldn't wait PID %d: (%d) %s.", pid, errno, strerror(errno)); retval = -3; } break; @@ -530,7 +530,7 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * } else { // Command finished if (WEXITSTATUS(status) == EXECVE_ERROR) { - mdebug1("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); + LogDebug("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); retval = -1; } else { retval = 0; @@ -552,13 +552,13 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * switch (waitpid(pid, &status, 0)) { case -1: - merror("waitpid(): %s (%d)", strerror(errno), errno); + LogError("waitpid(): %s (%d)", strerror(errno), errno); retval = -1; break; default: if (WEXITSTATUS(status) == EXECVE_ERROR) { - mdebug1("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); + LogDebug("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); retval = -1; } @@ -569,13 +569,13 @@ int wm_exec(char *command, char **output, int *exitcode, int secs, const char * } else { switch (waitpid(pid, &status, 0)) { case -1: - merror("waitpid()"); + LogError("waitpid()"); retval = -1; break; default: if (WEXITSTATUS(status) == EXECVE_ERROR) { - mdebug1("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); + LogDebug("Invalid command: '%s': (%d) %s", command, errno, strerror(errno)); retval = -1; } else { retval = 0; @@ -619,7 +619,7 @@ void* reader(void *args) { memcpy(tinfo->output + length, buffer, nbytes); length = nextsize; } else { - mwarn("String limit reached."); + LogWarn("String limit reached."); break; } } @@ -649,7 +649,7 @@ void wm_append_sid(pid_t sid) { void * retval = OSList_AddData(wm_children_list, (void *)p_sid); if (retval == NULL) { - merror("Child process ID %d could not be registered in the children list.", sid); + LogError("Child process ID %d could not be registered in the children list.", sid); os_free(p_sid); } } @@ -674,7 +674,7 @@ void wm_remove_sid(pid_t sid) { return; } } - mwarn("Child process ID %d could not be removed because it was not found in the children list.", sid); + LogWarn("Child process ID %d could not be removed because it was not found in the children list.", sid); } w_mutex_unlock(&wm_children_mutex); } @@ -701,7 +701,7 @@ void wm_kill_children() { switch (fork()) { case -1: - merror("wm_kill_children(): Couldn't fork: (%d) %s.", errno, strerror(errno)); + LogError("wm_kill_children(): Couldn't fork: (%d) %s.", errno, strerror(errno)); break; case 0: // Child @@ -720,7 +720,7 @@ void wm_kill_children() { exit(EXIT_SUCCESS); default: - merror("wm_kill_children(): Couldn't wait PID %d: (%d) %s.", sid, errno, strerror(errno)); + LogError("wm_kill_children(): Couldn't wait PID %d: (%d) %s.", sid, errno, strerror(errno)); exit(EXIT_FAILURE); } @@ -731,7 +731,7 @@ void wm_kill_children() { // If time is gone, kill process - mdebug1("Killing process group %d", sid); + LogDebug("Killing process group %d", sid); kill(-sid, SIGKILL); exit(EXIT_SUCCESS); diff --git a/src/common/wm_exec/tests/unit/tests/test_wm_exec.c b/src/common/wm_exec/tests/unit/tests/test_wm_exec.c index b4593be2a0..c32f671c51 100644 --- a/src/common/wm_exec/tests/unit/tests/test_wm_exec.c +++ b/src/common/wm_exec/tests/unit/tests/test_wm_exec.c @@ -343,7 +343,7 @@ static void test_wm_remove_handle_not_found(void ** state) { will_return(__wrap_OSList_GetFirstNode, NULL); - expect_string(__wrap__mwarn, formatted_msg, + expect_string(__wrap__mwarn, formatted_msg, "Child process handle 00112233 could not be removed because " "it was not found in the children list."); diff --git a/src/common/yaml2json/src/yaml2json.c b/src/common/yaml2json/src/yaml2json.c index 06d45e8585..a6c1867332 100644 --- a/src/common/yaml2json/src/yaml2json.c +++ b/src/common/yaml2json/src/yaml2json.c @@ -26,7 +26,7 @@ int yaml_parse_stdin(yaml_document_t * document) { if (yaml_parser_load(&parser, document)) { error = 0; } else { - mwarn("Failed to load YAML document at line %u", (unsigned int)parser.problem_mark.line); + LogWarn("Failed to load YAML document at line %u", (unsigned int)parser.problem_mark.line); } yaml_parser_delete(&parser); @@ -46,14 +46,14 @@ int yaml_parse_file(const char * path, yaml_document_t * document) { if (yaml_parser_load(&parser, document)) { error = 0; } else { - mwarn("Failed to load YAML document in %s:%u", path, (unsigned int)parser.problem_mark.line); + LogWarn("Failed to load YAML document in %s:%u", path, (unsigned int)parser.problem_mark.line); yaml_document_delete(document); } yaml_parser_delete(&parser); fclose(finput); } else { - mwarn("Cannot open file '%s': %s (%d)", path, strerror(errno), errno); + LogWarn("Cannot open file '%s': %s (%d)", path, strerror(errno), errno); } return error; @@ -63,7 +63,7 @@ cJSON * yaml2json(yaml_document_t * document, int single_quote_float_as_string) yaml_node_t * node; if (node = yaml_document_get_root_node(document), !node) { - mwarn("No document defined."); + LogWarn("No document defined."); return NULL; } @@ -114,7 +114,7 @@ cJSON * yaml2json_node(yaml_document_t * document, yaml_node_t * node,int quoted value = yaml_document_get_node(document, pair_i->value); if (key->type != YAML_SCALAR_NODE) { - mwarn("Mapping key is not scalar (line %u).", (unsigned int)key->start_mark.line); + LogWarn("Mapping key is not scalar (line %u).", (unsigned int)key->start_mark.line); continue; } @@ -124,7 +124,7 @@ cJSON * yaml2json_node(yaml_document_t * document, yaml_node_t * node,int quoted break; default: - mwarn("Unknown node type (line %u).", (unsigned int)node->start_mark.line); + LogWarn("Unknown node type (line %u).", (unsigned int)node->start_mark.line); object = NULL; } diff --git a/src/modules/CMakeLists.txt b/src/modules/CMakeLists.txt new file mode 100644 index 0000000000..d11c4ab501 --- /dev/null +++ b/src/modules/CMakeLists.txt @@ -0,0 +1,36 @@ +cmake_minimum_required(VERSION 3.22) + +project(ModuleManager) + +include(../cmake/CommonSettings.cmake) +set_common_settings() + +add_library(ModuleManager src/moduleManager.cpp) +target_include_directories(ModuleManager PUBLIC include) + +message(STATUS "-------------------") +message(STATUS "Wazuh agent modules") +message(STATUS "-------------------") +message(STATUS "Inventory: ${ENABLE_INVENTORY}") +message(STATUS "Logcollector: ${ENABLE_LOGCOLLECTOR}") +message(STATUS "-------------------") + +if(ENABLE_INVENTORY) + add_subdirectory(inventory) + target_link_libraries(ModuleManager PRIVATE Inventory) +endif() + +if(ENABLE_LOGCOLLECTOR) + add_subdirectory(logcollector) + target_link_libraries(ModuleManager PUBLIC Logcollector) +endif() + +target_link_libraries(ModuleManager PUBLIC ConfigurationParser MultiTypeQueue PRIVATE Logger ModuleCommand) + +include(../cmake/ConfigureTarget.cmake) +configure_target(ModuleManager) + +if(BUILD_TESTS) + enable_testing() + add_subdirectory(tests) +endif() diff --git a/src/modules/active_response/src/active_responses.c b/src/modules/active_response/src/active_responses.c index 177307b997..ccbf845750 100644 --- a/src/modules/active_response/src/active_responses.c +++ b/src/modules/active_response/src/active_responses.c @@ -51,7 +51,7 @@ int setup_and_check_message(char **argv, cJSON **message) { /* Change working directory */ if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); + LogCritical(CHDIR_ERROR, home_path, errno, strerror(errno)); } os_free(home_path); #endif diff --git a/src/modules/active_response/src/config.c b/src/modules/active_response/src/config.c index 81cda866b7..b5d59ff576 100644 --- a/src/modules/active_response/src/config.c +++ b/src/modules/active_response/src/config.c @@ -33,7 +33,7 @@ int ExecdConfig(const char *cfgfile) /* Read XML file */ if (OS_ReadXML(cfgfile, &xml) < 0) { - merror_exit(XML_ERROR, cfgfile, xml.err, xml.err_line); + LogCritical(XML_ERROR, cfgfile, xml.err, xml.err_line); } /* We do not validate the xml in here. It is done by other processes. */ @@ -50,7 +50,7 @@ int ExecdConfig(const char *cfgfile) } else { - merror(XML_VALUEERR, "disabled", disable_entry); + LogError(XML_VALUEERR, "disabled", disable_entry); free(disable_entry); return (-1); } @@ -108,7 +108,7 @@ int ExecdConfig(const char *cfgfile) repeated_a = OS_StrBreak(',', repeated_t, 5); if (!repeated_a) { - merror(XML_VALUEERR, "repeated_offenders", repeated_t); + LogError(XML_VALUEERR, "repeated_offenders", repeated_t); free(repeated_t); return (-1); } @@ -135,7 +135,7 @@ int ExecdConfig(const char *cfgfile) } repeated_offenders_timeout[j] = atoi(tmpt); - minfo("Adding offenders timeout: %d (for #%d)", + LogInfo("Adding offenders timeout: %d (for #%d)", repeated_offenders_timeout[j], j + 1); j++; repeated_offenders_timeout[j] = 0; @@ -214,17 +214,17 @@ cJSON *getClusterConfig(void) { if (sock = external_socket_connect(sockname, WAZUH_IPC_TIMEOUT), sock < 0) { switch (errno) { case ECONNREFUSED: - merror("At getClusterConfig(): Could not connect to socket '%s': %s (%d).", sockname, strerror(errno), errno); + LogError("At getClusterConfig(): Could not connect to socket '%s': %s (%d).", sockname, strerror(errno), errno); break; default: - merror("At getClusterConfig(): Could not connect to socket '%s': %s (%d).", sockname, strerror(errno), errno); + LogError("At getClusterConfig(): Could not connect to socket '%s': %s (%d).", sockname, strerror(errno), errno); } return NULL; } if (OS_SendSecureTCPCluster(sock, req, "", 0) != 0) { - merror("send(): %s", strerror(errno)); + LogError("send(): %s", strerror(errno)); close(sock); return NULL; } @@ -233,25 +233,25 @@ cJSON *getClusterConfig(void) { switch (length = OS_RecvSecureClusterTCP(sock, buffer, OS_MAXSTR), length) { case -2: - merror("Cluster error detected"); + LogError("Cluster error detected"); free(buffer); close(sock); return NULL; case -1: - merror("At wcom_main(): OS_RecvSecureClusterTCP(): %s", strerror(errno)); + LogError("At wcom_main(): OS_RecvSecureClusterTCP(): %s", strerror(errno)); free(buffer); close(sock); return NULL; case 0: - mdebug1("Empty message from local client."); + LogDebug("Empty message from local client."); free(buffer); close(sock); return NULL; case OS_MAXLEN: - merror("Received message > %i", OS_MAXSTR); + LogError("Received message > %i", OS_MAXSTR); free(buffer); close(sock); return NULL; @@ -263,7 +263,7 @@ cJSON *getClusterConfig(void) { const char *jsonErrPtr; cluster_config_cJSON = cJSON_ParseWithOpts(buffer, &jsonErrPtr, 0); if (!cluster_config_cJSON) { - mdebug1("Error parsing JSON event. %s", buffer); + LogDebug("Error parsing JSON event. %s", buffer); free(buffer); return NULL; } diff --git a/src/modules/active_response/src/exec.c b/src/modules/active_response/src/exec.c index e6f088e466..3286d07391 100644 --- a/src/modules/active_response/src/exec.c +++ b/src/modules/active_response/src/exec.c @@ -41,7 +41,7 @@ int ReadExecConfig() /* Open file */ fp = wfopen(DEFAULTAR, "r"); if (!fp) { - merror(FOPEN_ERROR, DEFAULTAR, errno, strerror(errno)); + LogError(FOPEN_ERROR, DEFAULTAR, errno, strerror(errno)); return (0); } @@ -55,14 +55,14 @@ int ReadExecConfig() // The command name must not start with '!' if (buffer[0] == '!') { - merror(EXEC_INV_CONF, DEFAULTAR); + LogError(EXEC_INV_CONF, DEFAULTAR); continue; } /* Clean up the buffer */ tmp_str = strstr(buffer, " - "); if (!tmp_str) { - merror(EXEC_INV_CONF, DEFAULTAR); + LogError(EXEC_INV_CONF, DEFAULTAR); continue; } *tmp_str = '\0'; @@ -72,9 +72,9 @@ int ReadExecConfig() const int bytes_written = snprintf(exec_names[exec_size], sizeof(exec_names[exec_size]), "%s", str_pt); if (bytes_written < 0) { - merror(EXEC_BAD_NAME " Error %d (%s).", exec_names[exec_size], errno, strerror(errno)); + LogError(EXEC_BAD_NAME " Error %d (%s).", exec_names[exec_size], errno, strerror(errno)); } else if ((size_t)bytes_written >= sizeof(exec_names[exec_size])) { - merror(EXEC_BAD_NAME, exec_names[exec_size]); + LogError(EXEC_BAD_NAME, exec_names[exec_size]); } str_pt = tmp_str; @@ -82,7 +82,7 @@ int ReadExecConfig() /* Search for ' ' and - */ tmp_str = strstr(tmp_str, " - "); if (!tmp_str) { - merror(EXEC_INV_CONF, DEFAULTAR); + LogError(EXEC_INV_CONF, DEFAULTAR); continue; } *tmp_str = '\0'; @@ -91,7 +91,7 @@ int ReadExecConfig() // Directory traversal test if (w_ref_parent_folder(str_pt)) { - merror("Active response command '%s' vulnerable to directory traversal attack. Ignoring.", str_pt); + LogError("Active response command '%s' vulnerable to directory traversal attack. Ignoring.", str_pt); exec_cmd[exec_size][0] = '\0'; } else { /* Write the full command path */ @@ -102,7 +102,7 @@ int ReadExecConfig() process_file = wfopen(exec_cmd[exec_size], "r"); if (!process_file) { if (f_time_reading) { - minfo("Active response command not present: '%s'. " + LogInfo("Active response command not present: '%s'. " "Not using it on this system.", exec_cmd[exec_size]); } @@ -164,14 +164,14 @@ char *GetCommandbyName(const char *name, int *timeout) if (name[0] == '!') { if (w_ref_parent_folder(name + 1)) { - mwarn("Active response command '%s' vulnerable to directory traversal attack. Ignoring.", name + 1); + LogWarn("Active response command '%s' vulnerable to directory traversal attack. Ignoring.", name + 1); return NULL; } static char command[OS_FLSIZE]; if (snprintf(command, sizeof(command), "%s/%s", AR_BINDIR, name + 1) >= (int)sizeof(command)) { - mwarn("Cannot execute command '%32s...': path too long.", name + 1); + LogWarn("Cannot execute command '%32s...': path too long.", name + 1); return NULL; } @@ -202,7 +202,7 @@ void ExecCmd(char *const *cmd) pid = fork(); if (pid == 0) { if (execv(*cmd, cmd) < 0) { - merror(EXEC_CMDERROR, *cmd, strerror(errno)); + LogError(EXEC_CMDERROR, *cmd, strerror(errno)); exit(1); } @@ -225,7 +225,7 @@ void ExecCmd_Win32(char *cmd) if (!CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { - merror("Unable to create active response process. "); + LogError("Unable to create active response process. "); return; } diff --git a/src/modules/active_response/src/execd.c b/src/modules/active_response/src/execd.c index 308486badd..5ebe39701f 100644 --- a/src/modules/active_response/src/execd.c +++ b/src/modules/active_response/src/execd.c @@ -89,7 +89,7 @@ void ExecdShutdown(int sig) #endif { /* Remove pending active responses */ - minfo(EXEC_SHUTDOWN); + LogInfo(EXEC_SHUTDOWN); timeout_node = timeout_list ? OSList_GetFirstNode(timeout_list) : NULL; while (timeout_node) { @@ -97,7 +97,7 @@ void ExecdShutdown(int sig) list_entry = (timeout_data *)timeout_node->data; - mdebug2("Delete pending AR: '%s' '%s'", list_entry->command[0], list_entry->parameters); + LogDebug("Delete pending AR: '%s' '%s'", list_entry->command[0], list_entry->parameters); wfd_t *wfd = wpopenv(list_entry->command[0], list_entry->command, W_BIND_STDIN); if (wfd) { @@ -106,7 +106,7 @@ void ExecdShutdown(int sig) fflush(wfd->file_in); wpclose(wfd); } else { - merror(EXEC_CMD_FAIL, strerror(errno), errno); + LogError(EXEC_CMD_FAIL, strerror(errno), errno); } /* Delete current node - already sets the pointer to next */ @@ -140,7 +140,7 @@ void ExecdTimeoutRun(int *childcount) /* Timed out */ if ((curr_time - list_entry->time_of_addition) > list_entry->time_to_block) { - mdebug1("Executing command '%s %s' after a timeout of '%ds'", + LogDebug("Executing command '%s %s' after a timeout of '%ds'", list_entry->command[0], list_entry->parameters ? list_entry->parameters : "", list_entry->time_to_block @@ -153,7 +153,7 @@ void ExecdTimeoutRun(int *childcount) fflush(wfd->file_in); wpclose(wfd); } else { - merror(EXEC_CMD_FAIL, strerror(errno), errno); + LogError(EXEC_CMD_FAIL, strerror(errno), errno); } /* Delete currently node - already sets the pointer to next */ @@ -195,7 +195,7 @@ void ExecdRun(char *exec_msg, int *childcount) /* Parse message */ if (json_root = cJSON_Parse(exec_msg), !json_root) { - merror(EXEC_INV_JSON, exec_msg); + LogError(EXEC_INV_JSON, exec_msg); return; } @@ -204,7 +204,7 @@ void ExecdRun(char *exec_msg, int *childcount) if (json_command && (json_command->type == cJSON_String)) { name = json_command->valuestring; } else { - merror(EXEC_INV_CMD, exec_msg); + LogError(EXEC_INV_CMD, exec_msg); cJSON_Delete(json_root); return; } @@ -230,7 +230,7 @@ void ExecdRun(char *exec_msg, int *childcount) ReadExecConfig(); cmd[0] = GetCommandbyName(name, &timeout_value); if (!cmd[0]) { - merror(EXEC_INV_NAME, name); + LogError(EXEC_INV_NAME, name); cJSON_Delete(json_root); return; } @@ -249,7 +249,7 @@ void ExecdRun(char *exec_msg, int *childcount) cmd_parameters = cJSON_PrintUnformatted(json_root); /* Execute command */ - mdebug1("Executing command '%s %s'", cmd[0], cmd_parameters ? cmd_parameters : ""); + LogDebug("Executing command '%s %s'", cmd[0], cmd_parameters ? cmd_parameters : ""); wfd_t *wfd = wpopenv(cmd[0], cmd, W_BIND_STDIN | W_BIND_STDOUT); if (wfd) { @@ -263,7 +263,7 @@ void ExecdRun(char *exec_msg, int *childcount) /* Receive alert keys from AR script to check timeout list */ if (fgets(response, sizeof(response), wfd->file_out) == NULL) { - mdebug1("Active response won't be added to timeout list. " + LogDebug("Active response won't be added to timeout list. " "Message not received with alert keys from script '%s'", cmd[0]); wpclose(wfd); os_free(cmd_parameters); @@ -315,10 +315,10 @@ void ExecdRun(char *exec_msg, int *childcount) snprintf(ntimes, 16, "%d", ntimes_int); if (OSHash_Update(repeated_hash, rkey, ntimes) != 1) { os_free(ntimes); - merror("At ExecdRun: OSHash_Update() failed"); + LogError("At ExecdRun: OSHash_Update() failed"); } } - mdebug1("Repeated offender. Setting timeout to '%ds'", new_timeout); + LogDebug("Repeated offender. Setting timeout to '%ds'", new_timeout); timeout_value = new_timeout; } else { /* Add to the repeated offenders list */ @@ -326,7 +326,7 @@ void ExecdRun(char *exec_msg, int *childcount) os_strdup("0", tmp_zero); if (OSHash_Add(repeated_hash, rkey, tmp_zero) != 2) { os_free(tmp_zero); - merror("At ExecdRun: OSHash_Add() failed"); + LogError("At ExecdRun: OSHash_Add() failed"); } } } @@ -342,7 +342,7 @@ void ExecdRun(char *exec_msg, int *childcount) added_before = 1; /* Update the timeout */ - mdebug1("Command already received, updating time of addition to now."); + LogDebug("Command already received, updating time of addition to now."); list_entry->time_of_addition = curr_time; list_entry->time_to_block = timeout_value; break; @@ -368,14 +368,14 @@ void ExecdRun(char *exec_msg, int *childcount) timeout_entry->time_to_block = timeout_value; /* Add command to the timeout list */ - mdebug1("Adding command '%s %s' to the timeout list, with a timeout of '%ds'.", + LogDebug("Adding command '%s %s' to the timeout list, with a timeout of '%ds'.", timeout_entry->command[0], timeout_entry->parameters, timeout_entry->time_to_block ); if (!OSList_AddData(timeout_list, timeout_entry)) { - merror(LIST_ADD_ERROR); + LogError(LIST_ADD_ERROR); FreeTimeoutEntry(timeout_entry); } } @@ -403,7 +403,7 @@ void ExecdRun(char *exec_msg, int *childcount) (*childcount)++; #endif } else { - merror(EXEC_CMD_FAIL, strerror(errno), errno); + LogError(EXEC_CMD_FAIL, strerror(errno), errno); } os_free(cmd_parameters); @@ -429,7 +429,7 @@ void ExecdStart(int q) /* Create list for timeout */ timeout_list = OSList_Create(); if (!timeout_list) { - merror_exit(LIST_ERROR); + LogCritical(LIST_ERROR); } #endif @@ -446,7 +446,7 @@ void ExecdStart(int q) int wp; wp = waitpid((pid_t) - 1, NULL, WNOHANG); if (wp < 0 && errno != ECHILD) { - merror(WAITPID_ERROR, errno, strerror(errno)); + LogError(WAITPID_ERROR, errno, strerror(errno)); break; } /* if = 0, we still need to wait for the child process */ @@ -477,17 +477,17 @@ void ExecdStart(int q) /* Check for error */ if (!FD_ISSET(q, &fdset)) { - merror(SELECT_ERROR, errno, strerror(errno)); + LogError(SELECT_ERROR, errno, strerror(errno)); continue; } /* Receive the message */ if (OS_RecvUnix(q, OS_MAXSTR, buffer) == 0) { - merror(QUEUE_ERROR, EXECQUEUE, strerror(errno)); + LogError(QUEUE_ERROR, EXECQUEUE, strerror(errno)); continue; } - mdebug2("Received message: '%s'", buffer); + LogDebug("Received message: '%s'", buffer); ExecdRun(buffer, &childcount); @@ -507,19 +507,19 @@ int WinExecdStart() /* Read config */ if ((c = ExecdConfig(cfg)) < 0) { - mlerror_exit(LOGLEVEL_ERROR, CONFIG_ERROR, cfg); + LogError( CONFIG_ERROR, cfg); } /* Active response disabled */ if (c == 1) { - minfo(EXEC_DISABLED); + LogInfo(EXEC_DISABLED); return (0); } /* Create list for timeout */ timeout_list = OSList_Create(); if (!timeout_list) { - merror_exit(LIST_ERROR); + LogCritical(LIST_ERROR); } if (repeated_offenders_timeout[0] != 0) { @@ -532,7 +532,7 @@ int WinExecdStart() atexit(ExecdShutdown); /* Start up message */ - minfo(STARTUP_MSG, getpid()); + LogInfo(STARTUP_MSG, getpid()); w_create_thread(NULL, 0, win_exec_main, winexec_queue, 0, NULL); diff --git a/src/modules/active_response/src/main.c b/src/modules/active_response/src/main.c index 239bff5bc7..a0d45d294e 100644 --- a/src/modules/active_response/src/main.c +++ b/src/modules/active_response/src/main.c @@ -56,7 +56,7 @@ int main(int argc, char **argv) // Define current working directory char * home_path = w_homedir(argv[0]); if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); + LogCritical(CHDIR_ERROR, home_path, errno, strerror(errno)); } const char *group = GROUPGLOBAL; @@ -73,20 +73,21 @@ int main(int argc, char **argv) break; case 'd': debug_level = 1; - nowDebug(); + // TODO : should this feature be added + // nowDebug(); break; case 'f': run_foreground = 1; break; case 'g': if (!optarg) { - merror_exit("-g needs an argument."); + LogCritical("-g needs an argument."); } group = optarg; break; case 'c': if (!optarg) { - merror_exit("-c needs an argument."); + LogCritical("-c needs an argument."); } cfg = optarg; break; @@ -103,28 +104,28 @@ int main(int argc, char **argv) /* Get debug level */ debug_level = getDefine_Int("execd", "debug", 0, 2); while (debug_level != 0) { - nowDebug(); + // nowDebug(); debug_level--; } } - mdebug1(WAZUH_HOMEDIR, home_path); + LogDebug(WAZUH_HOMEDIR, home_path); os_free(home_path); /* Check if the group given is valid */ gid = Privsep_GetGroup(group); if (gid == (gid_t) - 1) { - merror_exit(USER_ERROR, "", group, strerror(errno), errno); + LogCritical(USER_ERROR, "", group, strerror(errno), errno); } /* Privilege separation */ if (Privsep_SetGroup(gid) < 0) { - merror_exit(SETGID_ERROR, group, errno, strerror(errno)); + LogCritical(SETGID_ERROR, group, errno, strerror(errno)); } /* Read config */ if ((c = ExecdConfig(cfg)) < 0) { - mlerror_exit(LOGLEVEL_ERROR, CONFIG_ERROR, cfg); + LogError( CONFIG_ERROR, cfg); } /* Exit if test_config */ @@ -143,12 +144,12 @@ int main(int argc, char **argv) /* Active response disabled */ if (c == 1) { - minfo(EXEC_DISABLED); + LogInfo(EXEC_DISABLED); } /* Create the PID file */ if (CreatePID(ARGV0, getpid()) < 0) { - merror_exit(PID_ERROR); + LogCritical(PID_ERROR); } // Start com request thread @@ -157,7 +158,7 @@ int main(int argc, char **argv) } /* Start up message */ - minfo(STARTUP_MSG, (int)getpid()); + LogInfo(STARTUP_MSG, (int)getpid()); /* If AR is disabled, do not continue */ if (c == 1) { @@ -167,7 +168,7 @@ int main(int argc, char **argv) /* Start exec queue */ if ((m_queue = StartMQ(EXECQUEUE, READ, 0)) < 0) { - merror_exit(QUEUE_ERROR, EXECQUEUE, strerror(errno)); + LogCritical(QUEUE_ERROR, EXECQUEUE, strerror(errno)); } /* The real daemon Now */ diff --git a/src/modules/active_response/src/wcom.c b/src/modules/active_response/src/wcom.c index 99e8d519be..9333da8c0a 100644 --- a/src/modules/active_response/src/wcom.c +++ b/src/modules/active_response/src/wcom.c @@ -37,7 +37,7 @@ size_t wcom_dispatch(char *command, char ** output) { if (strcmp(rcv_comm, "unmerge") == 0) { if (!rcv_args) { - mdebug1("WCOM unmerge needs arguments."); + LogDebug("WCOM unmerge needs arguments."); os_strdup("err WCOM unmerge needs arguments", *output); return strlen(*output); } @@ -46,7 +46,7 @@ size_t wcom_dispatch(char *command, char ** output) { } else if (strcmp(rcv_comm, "uncompress") == 0) { if (!rcv_args) { - mdebug1("WCOM uncompress needs arguments."); + LogDebug("WCOM uncompress needs arguments."); os_strdup("err WCOM uncompress needs arguments", *output); return strlen(*output); } @@ -57,7 +57,7 @@ size_t wcom_dispatch(char *command, char ** output) { *(target++) = '\0'; return wcom_uncompress(source, target, output); } else { - mdebug1("Bad WCOM uncompress message."); + LogDebug("Bad WCOM uncompress message."); os_strdup("err Too few commands", *output); return strlen(*output); } @@ -82,7 +82,7 @@ size_t wcom_dispatch(char *command, char ** output) { os_strdup("ok ", *output); if (timeout == -1 || timeout > max_restart_lock) { if (timeout > max_restart_lock) { - mwarn("Timeout exceeds the maximum allowed."); + LogWarn("Timeout exceeds the maximum allowed."); } timeout = max_restart_lock; } @@ -94,7 +94,7 @@ size_t wcom_dispatch(char *command, char ** output) { } else if (strcmp(rcv_comm, "getconfig") == 0) { // getconfig section if (!rcv_args) { - mdebug1("WCOM getconfig needs arguments."); + LogDebug("WCOM getconfig needs arguments."); os_strdup("err WCOM getconfig needs arguments", *output); return strlen(*output); } @@ -104,7 +104,7 @@ size_t wcom_dispatch(char *command, char ** output) { return wcom_check_manager_config(output); } else { - mdebug1("WCOM Unrecognized command '%s'.", rcv_comm); + LogDebug("WCOM Unrecognized command '%s'.", rcv_comm); os_strdup("err Unrecognized command", *output); return strlen(*output); } @@ -114,13 +114,13 @@ size_t wcom_unmerge(const char *file_path, char ** output) { char final_path[PATH_MAX + 1]; if (_jailfile(final_path, INCOMING_DIR, file_path) < 0) { - merror("At WCOM unmerge: Invalid file name"); + LogError("At WCOM unmerge: Invalid file name"); os_strdup("err Invalid file name", *output); return strlen(*output); } if (UnmergeFiles(final_path, INCOMING_DIR, OS_BINARY, NULL) == 0) { - merror("At WCOM unmerge: Error unmerging file '%s.'", final_path); + LogError("At WCOM unmerge: Error unmerging file '%s.'", final_path); os_strdup("err Cannot unmerge file", *output); return strlen(*output); } else { @@ -138,26 +138,26 @@ size_t wcom_uncompress(const char * source, const char * target, char ** output) int length; if (_jailfile(final_source, INCOMING_DIR, source) < 0) { - merror("At WCOM uncompress: Invalid file name"); + LogError("At WCOM uncompress: Invalid file name"); os_strdup("err Invalid file name", *output); return strlen(*output); } if (_jailfile(final_target, INCOMING_DIR, target) < 0) { - merror("At WCOM uncompress: Invalid file name"); + LogError("At WCOM uncompress: Invalid file name"); os_strdup("err Invalid file name", *output); return strlen(*output); } if (fsource = gzopen(final_source, "rb"), !fsource) { - merror("At WCOM uncompress: Unable to open '%s'", final_source); + LogError("At WCOM uncompress: Unable to open '%s'", final_source); os_strdup("err Unable to open source", *output); return strlen(*output); } if (ftarget = wfopen(final_target, "wb"), !ftarget) { gzclose(fsource); - merror("At WCOM uncompress: Unable to open '%s'", final_target); + LogError("At WCOM uncompress: Unable to open '%s'", final_target); os_strdup("err Unable to open target", *output); return strlen(*output); } @@ -166,14 +166,14 @@ size_t wcom_uncompress(const char * source, const char * target, char ** output) if ((int)fwrite(buffer, 1, length, ftarget) != length) { gzclose(fsource); fclose(ftarget); - merror("At WCOM uncompress: Unable to write '%s'", final_target); + LogError("At WCOM uncompress: Unable to write '%s'", final_target); os_strdup("err Unable to write target", *output); return strlen(*output); } } if (length < 0) { - merror("At WCOM uncompress: Unable to read '%s'", final_source); + LogError("At WCOM uncompress: Unable to read '%s'", final_source); os_strdup("err Unable to read source", *output); } else { unlink(final_source); @@ -201,12 +201,12 @@ size_t wcom_restart(char ** output) { switch (fork()) { case -1: - merror("At WCOM restart: Cannot fork"); + LogError("At WCOM restart: Cannot fork"); os_strdup("err Cannot fork", *output); break; case 0: if (execv(exec_cmd[0], exec_cmd) < 0) { - merror(EXEC_CMDERROR, *exec_cmd, strerror(errno)); + LogError(EXEC_CMDERROR, *exec_cmd, strerror(errno)); _exit(1); } break; @@ -226,12 +226,12 @@ size_t wcom_restart(char ** output) { fflush(wfd->file_in); wpclose(wfd); } else { - merror("At WCOM restart: Cannot execute restart process"); + LogError("At WCOM restart: Cannot execute restart process"); os_strdup("err Cannot execute restart process", *output); } #endif } else { - minfo(LOCK_RES, (int)lock); + LogInfo(LOCK_RES, (int)lock); } if (!*output) os_strdup("ok ", *output); @@ -308,7 +308,7 @@ size_t wcom_getconfig(const char * section, char ** output) { goto error; } error: - mdebug1("At WCOM getconfig: Could not get '%s' section", section); + LogDebug("At WCOM getconfig: Could not get '%s' section", section); os_strdup("err Could not get requested section", *output); return strlen(*output); } @@ -343,9 +343,9 @@ size_t wcom_check_manager_config(char **output) { // Exec a command with a timeout of 2000 seconds. if (wm_exec(command_in, &command_out, &response_retval, 2000, NULL) < 0) { if (response_retval == EXECVE_ERROR) { - mwarn("Path is invalid or file has insufficient permissions. %s", command_in); + LogWarn("Path is invalid or file has insufficient permissions. %s", command_in); } else { - mwarn("Error executing [%s]", command_in); + LogWarn("Error executing [%s]", command_in); } os_free(response_string); @@ -398,10 +398,10 @@ void * wcom_main(__attribute__((unused)) void * arg) { ssize_t length; fd_set fdset; - mdebug1("Local requests thread ready"); + LogDebug("Local requests thread ready"); if (sock = OS_BindUnixDomain(COM_LOCAL_SOCK, SOCK_STREAM, OS_MAXSTR), sock < 0) { - merror("Unable to bind to socket '%s': (%d) %s.", COM_LOCAL_SOCK, errno, strerror(errno)); + LogError("Unable to bind to socket '%s': (%d) %s.", COM_LOCAL_SOCK, errno, strerror(errno)); return NULL; } @@ -414,7 +414,7 @@ void * wcom_main(__attribute__((unused)) void * arg) { switch (select(sock + 1, &fdset, NULL, NULL, NULL)) { case -1: if (errno != EINTR) { - merror_exit("At wcom_main(): select(): %s", strerror(errno)); + LogCritical("At wcom_main(): select(): %s", strerror(errno)); } continue; @@ -425,7 +425,7 @@ void * wcom_main(__attribute__((unused)) void * arg) { if (peer = accept(sock, NULL, NULL), peer < 0) { if (errno != EINTR) { - merror("At wcom_main(): accept(): %s", strerror(errno)); + LogError("At wcom_main(): accept(): %s", strerror(errno)); } continue; @@ -434,20 +434,20 @@ void * wcom_main(__attribute__((unused)) void * arg) { os_calloc(OS_MAXSTR, sizeof(char), buffer); switch (length = OS_RecvSecureTCP(peer, buffer,OS_MAXSTR), length) { case OS_SOCKTERR: - merror("At wcom_main(): OS_RecvSecureTCP(): response size is bigger than expected"); + LogError("At wcom_main(): OS_RecvSecureTCP(): response size is bigger than expected"); break; case -1: - merror("At wcom_main(): OS_RecvSecureTCP(): %s", strerror(errno)); + LogError("At wcom_main(): OS_RecvSecureTCP(): %s", strerror(errno)); break; case 0: - mdebug1("Empty message from local client."); + LogDebug("Empty message from local client."); close(peer); break; case OS_MAXLEN: - merror("Received message > %i", MAX_DYN_STR); + LogError("Received message > %i", MAX_DYN_STR); close(peer); break; @@ -460,7 +460,7 @@ void * wcom_main(__attribute__((unused)) void * arg) { os_free(buffer); } - mdebug1("Local server thread finished."); + LogDebug("Local server thread finished."); close(sock); return NULL; diff --git a/src/modules/active_response/tests/unit/tests/binaries/CMakeLists.txt b/src/modules/active_response/tests/unit/tests/binaries/CMakeLists.txt index 4778843f3c..8487350a75 100644 --- a/src/modules/active_response/tests/unit/tests/binaries/CMakeLists.txt +++ b/src/modules/active_response/tests/unit/tests/binaries/CMakeLists.txt @@ -47,4 +47,4 @@ foreach(counter RANGE ${count}) ) endif() add_test(NAME ${active-response_test_name} COMMAND ${active-response_test_name}) -endforeach() \ No newline at end of file +endforeach() diff --git a/src/modules/aws/scripts/aws_tools.py b/src/modules/aws/scripts/aws_tools.py index 800c71cd68..b9800a61bb 100644 --- a/src/modules/aws/scripts/aws_tools.py +++ b/src/modules/aws/scripts/aws_tools.py @@ -90,7 +90,7 @@ def set_profile_dict_config(boto_config: dict, profile: str, profile_config: dic ) } boto_config['config'].proxies_config = proxies_config - + # Checks for retries config in profile config and sets it if not found to avoid throttling exception if RETRY_ATTEMPTS_KEY in profile_config or RETRY_MODE_CONFIG_KEY in profile_config: retries = { diff --git a/src/modules/aws/scripts/tests/test_s3_log_handler.py b/src/modules/aws/scripts/tests/test_s3_log_handler.py index 63996636b5..f2e9993d5c 100644 --- a/src/modules/aws/scripts/tests/test_s3_log_handler.py +++ b/src/modules/aws/scripts/tests/test_s3_log_handler.py @@ -204,7 +204,7 @@ def test_process_file_sends_expected_messages(mock_debug): } } } - expected_msg['aws'].update(formatted_logs_no_full_log[0]) + expected_msg['aws'].update(formatted_logs_no_full_log[0]) processor.send_msg.assert_called_once_with(expected_msg) log_with_match = {'full_log': 'some log entry matching discard regex'} diff --git a/src/modules/aws/src/wm_aws.c b/src/modules/aws/src/wm_aws.c index e21b97e43f..7bf5dcbef0 100644 --- a/src/modules/aws/src/wm_aws.c +++ b/src/modules/aws/src/wm_aws.c @@ -59,7 +59,7 @@ void* wm_aws_main(wm_aws *aws_config) { wm_aws_setup(aws_config); - mtinfo(WM_AWS_LOGTAG, "Module AWS started"); + LogInfo(WM_AWS_LOGTAG, "Module AWS started"); // Main loop @@ -72,16 +72,16 @@ void* wm_aws_main(wm_aws *aws_config) { } if (wm_state_io(WM_AWS_CONTEXT.name, WM_IO_WRITE, &aws_config->state, sizeof(aws_config->state)) < 0) - mterror(WM_AWS_LOGTAG, "Couldn't save running state."); + LogError(WM_AWS_LOGTAG, "Couldn't save running state."); if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(aws_config->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_AWS_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_AWS_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtinfo(WM_AWS_LOGTAG, "Starting fetching of logs."); + LogInfo(WM_AWS_LOGTAG, "Starting fetching of logs."); for (cur_bucket = aws_config->buckets; cur_bucket; cur_bucket = cur_bucket->next) { @@ -133,7 +133,7 @@ void* wm_aws_main(wm_aws *aws_config) { wm_strcat(&log_info, ")", '\0'); - mtinfo(WM_AWS_LOGTAG, "%s", log_info); + LogInfo(WM_AWS_LOGTAG, "%s", log_info); wm_aws_run_s3(aws_config, cur_bucket); free(log_info); } @@ -168,7 +168,7 @@ void* wm_aws_main(wm_aws *aws_config) { wm_strcat(&log_info, ")", '\0'); - mtinfo(WM_AWS_LOGTAG, "%s", log_info); + LogInfo(WM_AWS_LOGTAG, "%s", log_info); wm_aws_run_service(aws_config, cur_service); free(log_info); } @@ -193,12 +193,12 @@ void* wm_aws_main(wm_aws *aws_config) { wm_strcat(&log_info, ")", '\0'); - mtinfo(WM_AWS_LOGTAG, "%s", log_info); + LogInfo(WM_AWS_LOGTAG, "%s", log_info); wm_aws_run_subscriber(aws_config, cur_subscriber); free(log_info); } - mtinfo(WM_AWS_LOGTAG, "Fetching logs finished."); + LogInfo(WM_AWS_LOGTAG, "Fetching logs finished."); } while (FOREVER()); @@ -329,7 +329,7 @@ void wm_aws_setup(wm_aws *_aws_config) { aws_config->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (aws_config->queue_fd < 0) { - mterror(WM_AWS_LOGTAG, "Can't connect to queue."); + LogError(WM_AWS_LOGTAG, "Can't connect to queue."); pthread_exit(NULL); } } @@ -341,14 +341,14 @@ void wm_aws_check() { // Check if disabled if (!aws_config->enabled) { - mtinfo(WM_AWS_LOGTAG, "Module AWS is disabled. Exiting..."); + LogInfo(WM_AWS_LOGTAG, "Module AWS is disabled. Exiting..."); pthread_exit(NULL); } // Check if there are buckets or services if (!aws_config->buckets && !aws_config->services && !aws_config->subscribers) { - mtwarn(WM_AWS_LOGTAG, "No AWS buckets, services or subscribers defined. Exiting..."); + LogWarn(WM_AWS_LOGTAG, "No AWS buckets, services or subscribers defined. Exiting..."); pthread_exit(NULL); } @@ -372,7 +372,7 @@ void wm_aws_run_s3(wm_aws *aws_config, wm_aws_bucket *exec_bucket) { int usec = 1000000 / wm_max_eps; // Create arguments - mtdebug2(WM_AWS_LOGTAG, "Create argument list"); + LogDebug(WM_AWS_LOGTAG, "Create argument list"); // script path char * script = NULL; @@ -451,16 +451,16 @@ void wm_aws_run_s3(wm_aws *aws_config, wm_aws_bucket *exec_bucket) { wm_strcat(&command, "--type", ' '); wm_strcat(&command, exec_bucket->type, ' '); } - if (isDebug()) { - wm_strcat(&command, "--debug", ' '); - if (isDebug() > 2) { - wm_strcat(&command, "3", ' '); - } else if (isDebug() > 1) { - wm_strcat(&command, "2", ' '); - } else { - wm_strcat(&command, "1", ' '); - } - } + // if (isDebug()) { + // wm_strcat(&command, "--debug", ' '); + // if (isDebug() > 2) { + // wm_strcat(&command, "3", ' '); + // } else if (isDebug() > 1) { + // wm_strcat(&command, "2", ' '); + // } else { + // wm_strcat(&command, "1", ' '); + // } + // } if (aws_config->skip_on_error) { wm_strcat(&command, "--skip_on_error", ' '); } @@ -479,47 +479,47 @@ void wm_aws_run_s3(wm_aws *aws_config, wm_aws_bucket *exec_bucket) { } wm_strcat(&trail_title, " - ", ' '); - mtdebug1(WM_AWS_LOGTAG, "Launching S3 Command: %s", command); + LogDebug(WM_AWS_LOGTAG, "Launching S3 Command: %s", command); const int wm_exec_ret_code = wm_exec(command, &output, &status, 0, NULL); os_free(command); if (wm_exec_ret_code != 0){ - mterror(WM_AWS_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AWS_LOGTAG, "Internal error. Exiting..."); os_free(trail_title); if (wm_exec_ret_code > 0) { os_free(output); } pthread_exit(NULL); } else if (status > 0) { - mtwarn(WM_AWS_LOGTAG, "%s Returned exit code %d", trail_title, status); + LogWarn(WM_AWS_LOGTAG, "%s Returned exit code %d", trail_title, status); if(status == 1) { char * unknown_error_msg = strstr(output,"Unknown error"); if (unknown_error_msg == NULL) - mtwarn(WM_AWS_LOGTAG, "%s Unknown error.", trail_title); + LogWarn(WM_AWS_LOGTAG, "%s Unknown error.", trail_title); else - mtwarn(WM_AWS_LOGTAG, "%s %s", trail_title, unknown_error_msg); + LogWarn(WM_AWS_LOGTAG, "%s %s", trail_title, unknown_error_msg); } else if(status == 2) { char * ptr; if (ptr = strstr(output, "aws.py: error:"), ptr) { ptr += 14; - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", trail_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", trail_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", trail_title); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", trail_title); } } else { char * ptr; if (ptr = strstr(output, "ERROR: "), ptr) { ptr += 7; - mtwarn(WM_AWS_LOGTAG, "%s %s", trail_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s %s", trail_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s %s", trail_title, output); + LogWarn(WM_AWS_LOGTAG, "%s %s", trail_title, output); } } - mtdebug1(WM_AWS_LOGTAG, "%s OUTPUT: %s", trail_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", trail_title, output); } else { - mtdebug2(WM_AWS_LOGTAG, "%s OUTPUT: %s", trail_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", trail_title, output); } char *line; @@ -543,7 +543,7 @@ void wm_aws_run_service(wm_aws *aws_config, wm_aws_service *exec_service) { int usec = 1000000 / wm_max_eps; // Create arguments - mtdebug2(WM_AWS_LOGTAG, "Create argument list"); + LogDebug(WM_AWS_LOGTAG, "Create argument list"); // script path char * script = NULL; @@ -610,16 +610,16 @@ void wm_aws_run_service(wm_aws *aws_config, wm_aws_service *exec_service) { wm_strcat(&command, "--service_endpoint", ' '); wm_strcat(&command, exec_service->service_endpoint, ' '); } - if (isDebug()) { - wm_strcat(&command, "--debug", ' '); - if (isDebug() > 2) { - wm_strcat(&command, "3", ' '); - } else if (isDebug() > 1) { - wm_strcat(&command, "2", ' '); - } else { - wm_strcat(&command, "1", ' '); - } - } + // if (isDebug()) { + // wm_strcat(&command, "--debug", ' '); + // if (isDebug() > 2) { + // wm_strcat(&command, "3", ' '); + // } else if (isDebug() > 1) { + // wm_strcat(&command, "2", ' '); + // } else { + // wm_strcat(&command, "1", ' '); + // } + // } if (aws_config->skip_on_error) { wm_strcat(&command, "--skip_on_error", ' '); } @@ -639,14 +639,14 @@ void wm_aws_run_service(wm_aws *aws_config, wm_aws_service *exec_service) { } wm_strcat(&service_title, " - ", ' '); - mtdebug1(WM_AWS_LOGTAG, "Launching S3 Command: %s", command); + LogDebug(WM_AWS_LOGTAG, "Launching S3 Command: %s", command); const int wm_exec_ret_code = wm_exec(command, &output, &status, 0, NULL); os_free(command); if (wm_exec_ret_code) { - mterror(WM_AWS_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AWS_LOGTAG, "Internal error. Exiting..."); os_free(service_title); if (wm_exec_ret_code > 0) { @@ -654,33 +654,33 @@ void wm_aws_run_service(wm_aws *aws_config, wm_aws_service *exec_service) { } pthread_exit(NULL); } else if (status > 0) { - mtwarn(WM_AWS_LOGTAG, "%s Returned exit code %d", service_title, status); + LogWarn(WM_AWS_LOGTAG, "%s Returned exit code %d", service_title, status); if(status == 1) { char * unknown_error_msg = strstr(output,"Unknown error"); if (unknown_error_msg == NULL) - mtwarn(WM_AWS_LOGTAG, "%s Unknown error.", service_title); + LogWarn(WM_AWS_LOGTAG, "%s Unknown error.", service_title); else - mtwarn(WM_AWS_LOGTAG, "%s %s", service_title, unknown_error_msg); + LogWarn(WM_AWS_LOGTAG, "%s %s", service_title, unknown_error_msg); } else if(status == 2) { char * ptr; if (ptr = strstr(output, "aws.py: error:"), ptr) { ptr += 14; - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", service_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", service_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", service_title); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", service_title); } } else { char * ptr; if (ptr = strstr(output, "ERROR: "), ptr) { ptr += 7; - mtwarn(WM_AWS_LOGTAG, "%s %s", service_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s %s", service_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s %s", service_title, output); + LogWarn(WM_AWS_LOGTAG, "%s %s", service_title, output); } } - mtdebug1(WM_AWS_LOGTAG, "%s OUTPUT: %s", service_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", service_title, output); } else { - mtdebug2(WM_AWS_LOGTAG, "%s OUTPUT: %s", service_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", service_title, output); } os_free(service_title); @@ -704,7 +704,7 @@ void wm_aws_run_subscriber(wm_aws *aws_config, wm_aws_subscriber *exec_subscribe int usec = 1000000 / wm_max_eps; // Create arguments - mtdebug2(WM_AWS_LOGTAG, "Create argument list"); + LogDebug(WM_AWS_LOGTAG, "Create argument list"); // script path char * script = NULL; @@ -757,16 +757,16 @@ void wm_aws_run_subscriber(wm_aws *aws_config, wm_aws_subscriber *exec_subscribe wm_strcat(&command, exec_subscriber->discard_regex, ' '); } - if (isDebug()) { - wm_strcat(&command, "--debug", ' '); - if (isDebug() > 2) { - wm_strcat(&command, "3", ' '); - } else if (isDebug() > 1) { - wm_strcat(&command, "2", ' '); - } else { - wm_strcat(&command, "1", ' '); - } - } + // if (isDebug()) { + // wm_strcat(&command, "--debug", ' '); + // if (isDebug() > 2) { + // wm_strcat(&command, "3", ' '); + // } else if (isDebug() > 1) { + // wm_strcat(&command, "2", ' '); + // } else { + // wm_strcat(&command, "1", ' '); + // } + // } if (aws_config->skip_on_error) { wm_strcat(&command, "--skip_on_error", ' '); @@ -783,14 +783,14 @@ void wm_aws_run_subscriber(wm_aws *aws_config, wm_aws_subscriber *exec_subscribe wm_strcat(&subscriber_title, " - ", ' '); - mtdebug1(WM_AWS_LOGTAG, "Launching S3 Subscriber Command: %s", command); + LogDebug(WM_AWS_LOGTAG, "Launching S3 Subscriber Command: %s", command); const int wm_exec_ret_code = wm_exec(command, &output, &status, 0, NULL); os_free(command); if (wm_exec_ret_code) { - mterror(WM_AWS_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AWS_LOGTAG, "Internal error. Exiting..."); os_free(subscriber_title); if (wm_exec_ret_code > 0) { @@ -798,33 +798,33 @@ void wm_aws_run_subscriber(wm_aws *aws_config, wm_aws_subscriber *exec_subscribe } pthread_exit(NULL); } else if (status > 0) { - mtwarn(WM_AWS_LOGTAG, "%s Returned exit code %d", subscriber_title, status); + LogWarn(WM_AWS_LOGTAG, "%s Returned exit code %d", subscriber_title, status); if(status == 1) { char * unknown_error_msg = strstr(output,"Unknown error"); if (unknown_error_msg == NULL) - mtwarn(WM_AWS_LOGTAG, "%s Unknown error.", subscriber_title); + LogWarn(WM_AWS_LOGTAG, "%s Unknown error.", subscriber_title); else - mtwarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, unknown_error_msg); + LogWarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, unknown_error_msg); } else if(status == 2) { char * ptr; if (ptr = strstr(output, "aws.py: error:"), ptr) { ptr += 14; - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", subscriber_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments: %s", subscriber_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", subscriber_title); + LogWarn(WM_AWS_LOGTAG, "%s Error parsing arguments.", subscriber_title); } } else { char * ptr; if (ptr = strstr(output, "ERROR: "), ptr) { ptr += 7; - mtwarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, ptr); + LogWarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, ptr); } else { - mtwarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, output); + LogWarn(WM_AWS_LOGTAG, "%s %s", subscriber_title, output); } } - mtdebug1(WM_AWS_LOGTAG, "%s OUTPUT: %s", subscriber_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", subscriber_title, output); } else { - mtdebug2(WM_AWS_LOGTAG, "%s OUTPUT: %s", subscriber_title, output); + LogDebug(WM_AWS_LOGTAG, "%s OUTPUT: %s", subscriber_title, output); } os_free(subscriber_title); diff --git a/src/modules/aws/tests/integration/data/test_cases/only_logs_after_test_module/cases_cloudwatch_multiple_calls.yaml b/src/modules/aws/tests/integration/data/test_cases/only_logs_after_test_module/cases_cloudwatch_multiple_calls.yaml index 02ef034784..69f339af8c 100644 --- a/src/modules/aws/tests/integration/data/test_cases/only_logs_after_test_module/cases_cloudwatch_multiple_calls.yaml +++ b/src/modules/aws/tests/integration/data/test_cases/only_logs_after_test_module/cases_cloudwatch_multiple_calls.yaml @@ -10,4 +10,3 @@ log_stream_name: wazuh-cloudwatchlogs-integration-tests-stream expected_results: 3 only_logs_after: 2023-JAN-12 - \ No newline at end of file diff --git a/src/modules/azure/src/wm_azure.c b/src/modules/azure/src/wm_azure.c index 4d5b53df7e..12bb0e9c08 100644 --- a/src/modules/azure/src/wm_azure.c +++ b/src/modules/azure/src/wm_azure.c @@ -51,7 +51,7 @@ void* wm_azure_main(wm_azure_t *azure_config) { char * timestamp = NULL; wm_azure_setup(azure_config); - mtinfo(WM_AZURE_LOGTAG, "Module started."); + LogInfo(WM_AZURE_LOGTAG, "Module started."); @@ -67,37 +67,37 @@ void* wm_azure_main(wm_azure_t *azure_config) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(azure_config->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_AZURE_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_AZURE_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtinfo(WM_AZURE_LOGTAG, "Starting fetching of logs."); + LogInfo(WM_AZURE_LOGTAG, "Starting fetching of logs."); snprintf(msg, OS_SIZE_6144, "Starting Azure-logs scan."); SendMSG(queue_fd, msg, "rootcheck", ROOTCHECK_MQ); for (curr_api = azure_config->api_config; curr_api; curr_api = curr_api->next) { if (curr_api->type == LOG_ANALYTICS) { - mtinfo(WM_AZURE_LOGTAG, "Starting Log Analytics collection for the domain '%s'.", curr_api->tenantdomain); + LogInfo(WM_AZURE_LOGTAG, "Starting Log Analytics collection for the domain '%s'.", curr_api->tenantdomain); wm_azure_log_analytics(curr_api); - mtinfo(WM_AZURE_LOGTAG, "Finished Log Analytics collection for the domain '%s'.", curr_api->tenantdomain); + LogInfo(WM_AZURE_LOGTAG, "Finished Log Analytics collection for the domain '%s'.", curr_api->tenantdomain); } else if (curr_api->type == GRAPHS) { - mtinfo(WM_AZURE_LOGTAG, "Starting Graphs log collection for the domain '%s'.", curr_api->tenantdomain); + LogInfo(WM_AZURE_LOGTAG, "Starting Graphs log collection for the domain '%s'.", curr_api->tenantdomain); wm_azure_graphs(curr_api); - mtinfo(WM_AZURE_LOGTAG, "Finished Graphs log collection for the domain '%s'.", curr_api->tenantdomain); + LogInfo(WM_AZURE_LOGTAG, "Finished Graphs log collection for the domain '%s'.", curr_api->tenantdomain); } } for (curr_storage = azure_config->storage; curr_storage; curr_storage = curr_storage->next) { - mtinfo(WM_AZURE_LOGTAG, "Starting Storage log collection for '%s'.", curr_storage->tag); + LogInfo(WM_AZURE_LOGTAG, "Starting Storage log collection for '%s'.", curr_storage->tag); wm_azure_storage(curr_storage); - mtinfo(WM_AZURE_LOGTAG, "Finished Storage log collection for '%s'.", curr_storage->tag); + LogInfo(WM_AZURE_LOGTAG, "Finished Storage log collection for '%s'.", curr_storage->tag); } snprintf(msg, OS_SIZE_6144, "Ending Azure-logs scan."); SendMSG(queue_fd, msg, "rootcheck", ROOTCHECK_MQ); - mtdebug1(WM_AZURE_LOGTAG, "Fetching logs finished."); + LogDebug(WM_AZURE_LOGTAG, "Fetching logs finished."); } while (FOREVER()); @@ -117,7 +117,7 @@ void wm_azure_log_analytics(wm_azure_api_t *log_analytics) { char * output = NULL; // Create argument list - mtdebug2(WM_AZURE_LOGTAG, "Creating argument list."); + LogDebug(WM_AZURE_LOGTAG, "Creating argument list."); char * script = NULL; os_calloc(PATH_MAX, sizeof(char), script); @@ -148,14 +148,14 @@ void wm_azure_log_analytics(wm_azure_api_t *log_analytics) { wm_strcat(&command, "--la_time_offset", ' '); wm_strcat(&command, curr_request->time_offset, ' '); } - if (isDebug()) { - char *int_to_string; - os_malloc(OS_SIZE_1024, int_to_string); - sprintf(int_to_string, "%d", isDebug()); - wm_strcat(&command, "--debug", ' '); - wm_strcat(&command, int_to_string, ' '); - os_free(int_to_string); - } + // if (isDebug()) { + // char *int_to_string; + // os_malloc(OS_SIZE_1024, int_to_string); + // sprintf(int_to_string, "%d", isDebug()); + // wm_strcat(&command, "--debug", ' '); + // wm_strcat(&command, int_to_string, ' '); + // os_free(int_to_string); + // } // Check timeout defined if (curr_request->timeout) @@ -164,24 +164,24 @@ void wm_azure_log_analytics(wm_azure_api_t *log_analytics) { timeout = default_timeout; // Run script - mtdebug1(WM_AZURE_LOGTAG, "Launching command: %s", command); + LogDebug(WM_AZURE_LOGTAG, "Launching command: %s", command); switch (wm_exec(command, &output, &status, timeout, NULL)) { case 0: if (status > 0) { - mterror(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_request->tag, status); - mtdebug1(WM_AZURE_LOGTAG, "OUTPUT: %s", output); + LogError(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_request->tag, status); + LogDebug(WM_AZURE_LOGTAG, "OUTPUT: %s", output); } break; case WM_ERROR_TIMEOUT: - mterror(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_request->tag); + LogError(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_request->tag); break; default: - mterror(WM_AZURE_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AZURE_LOGTAG, "Internal error. Exiting..."); os_free(command); pthread_exit(NULL); } - mtinfo(WM_AZURE_LOGTAG, "Finished Log Analytics collection for request '%s'.", curr_request->tag); + LogInfo(WM_AZURE_LOGTAG, "Finished Log Analytics collection for request '%s'.", curr_request->tag); os_free(command); os_free(output); @@ -201,7 +201,7 @@ void wm_azure_graphs(wm_azure_api_t *graph) { char * output = NULL; // Create argument list - mtdebug2(WM_AZURE_LOGTAG, "Creating argument list."); + LogDebug(WM_AZURE_LOGTAG, "Creating argument list."); char * script = NULL; os_calloc(PATH_MAX, sizeof(char), script); @@ -230,14 +230,14 @@ void wm_azure_graphs(wm_azure_api_t *graph) { wm_strcat(&command, curr_request->time_offset, ' '); } - if (isDebug()) { - char *int_to_string; - os_malloc(OS_SIZE_1024, int_to_string); - sprintf(int_to_string, "%d", isDebug()); - wm_strcat(&command, "--debug", ' '); - wm_strcat(&command, int_to_string, ' '); - os_free(int_to_string); - } + // if (isDebug()) { + // char *int_to_string; + // os_malloc(OS_SIZE_1024, int_to_string); + // sprintf(int_to_string, "%d", isDebug()); + // wm_strcat(&command, "--debug", ' '); + // wm_strcat(&command, int_to_string, ' '); + // os_free(int_to_string); + // } // Check timeout defined if (curr_request->timeout) @@ -246,24 +246,24 @@ void wm_azure_graphs(wm_azure_api_t *graph) { timeout = default_timeout; // Run script - mtdebug1(WM_AZURE_LOGTAG, "Launching command: %s", command); + LogDebug(WM_AZURE_LOGTAG, "Launching command: %s", command); switch (wm_exec(command, &output, &status, timeout, NULL)) { case 0: if (status > 0) { - mterror(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_request->tag, status); - mtdebug1(WM_AZURE_LOGTAG, "OUTPUT: %s", output); + LogError(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_request->tag, status); + LogDebug(WM_AZURE_LOGTAG, "OUTPUT: %s", output); } break; case WM_ERROR_TIMEOUT: - mterror(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_request->tag); + LogError(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_request->tag); break; default: - mterror(WM_AZURE_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AZURE_LOGTAG, "Internal error. Exiting..."); os_free(command); pthread_exit(NULL); } - mtinfo(WM_AZURE_LOGTAG, "Finished Graphs log collection for request '%s'.", curr_request->tag); + LogInfo(WM_AZURE_LOGTAG, "Finished Graphs log collection for request '%s'.", curr_request->tag); os_free(command); os_free(output); @@ -284,7 +284,7 @@ void wm_azure_storage(wm_azure_storage_t *storage) { char * output = NULL; // Create argument list - mtdebug2(WM_AZURE_LOGTAG, "Creating argument list."); + LogDebug(WM_AZURE_LOGTAG, "Creating argument list."); char * script = NULL; os_calloc(PATH_MAX, sizeof(char), script); @@ -330,14 +330,14 @@ void wm_azure_storage(wm_azure_storage_t *storage) { wm_strcat(&command, curr_container->path, ' '); } - if (isDebug()) { - char *int_to_string; - os_malloc(OS_SIZE_1024, int_to_string); - sprintf(int_to_string, "%d", isDebug()); - wm_strcat(&command, "--debug", ' '); - wm_strcat(&command, int_to_string, ' '); - os_free(int_to_string); - } + // if (isDebug()) { + // char *int_to_string; + // os_malloc(OS_SIZE_1024, int_to_string); + // sprintf(int_to_string, "%d", isDebug()); + // wm_strcat(&command, "--debug", ' '); + // wm_strcat(&command, int_to_string, ' '); + // os_free(int_to_string); + // } // Check timeout defined if (curr_container->timeout) @@ -346,24 +346,24 @@ void wm_azure_storage(wm_azure_storage_t *storage) { timeout = default_timeout; // Run script - mtdebug1(WM_AZURE_LOGTAG, "Launching command: %s", command); + LogDebug(WM_AZURE_LOGTAG, "Launching command: %s", command); switch (wm_exec(command, &output, &status, timeout, NULL)) { case 0: if (status > 0) { - mterror(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_container->name, status); - mtdebug1(WM_AZURE_LOGTAG, "OUTPUT: %s", output); + LogError(WM_AZURE_LOGTAG, "%s: Returned error code: '%d'.", curr_container->name, status); + LogDebug(WM_AZURE_LOGTAG, "OUTPUT: %s", output); } break; case WM_ERROR_TIMEOUT: - mterror(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_container->name); + LogError(WM_AZURE_LOGTAG, "Timeout expired at request '%s'.", curr_container->name); break; default: - mterror(WM_AZURE_LOGTAG, "Internal error. Exiting..."); + LogError(WM_AZURE_LOGTAG, "Internal error. Exiting..."); os_free(command); pthread_exit(NULL); } - mtinfo(WM_AZURE_LOGTAG, "Finished Storage log collection for container '%s'.", curr_container->name); + LogInfo(WM_AZURE_LOGTAG, "Finished Storage log collection for container '%s'.", curr_container->name); os_free(command); os_free(output); @@ -387,7 +387,7 @@ void wm_azure_setup(wm_azure_t *_azure_config) { queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (queue_fd < 0) { - mterror(WM_AZURE_LOGTAG, "Can't connect to queue."); + LogError(WM_AZURE_LOGTAG, "Can't connect to queue."); pthread_exit(NULL); } @@ -402,14 +402,14 @@ void wm_azure_check() { // Check if disabled if (!azure_config->flags.enabled) { - mtinfo(WM_AZURE_LOGTAG, "Module disabled. Exiting..."); + LogInfo(WM_AZURE_LOGTAG, "Module disabled. Exiting..."); pthread_exit(NULL); } // Check if necessary configuration is defined if (!azure_config->api_config && !azure_config->storage) { - mtwarn(WM_AZURE_LOGTAG, "No API (log_analytics, graph or storage) defined. Exiting..."); + LogWarn(WM_AZURE_LOGTAG, "No API (log_analytics, graph or storage) defined. Exiting..."); pthread_exit(NULL); } @@ -422,7 +422,7 @@ void wm_azure_check() { void wm_azure_cleanup() { close(queue_fd); - mtinfo(WM_AZURE_LOGTAG, "Module finished."); + LogInfo(WM_AZURE_LOGTAG, "Module finished."); } // Destroy data diff --git a/src/modules/command/src/wm_command.c b/src/modules/command/src/wm_command.c index 3932701614..1c7f54cac9 100644 --- a/src/modules/command/src/wm_command.c +++ b/src/modules/command/src/wm_command.c @@ -50,12 +50,12 @@ void * wm_command_main(wm_command_t * command) { char * timestamp = NULL; if (!command->enabled) { - mtinfo(WM_COMMAND_LOGTAG, "Module command:%s is disabled. Exiting.", command->tag); + LogInfo(WM_COMMAND_LOGTAG, "Module command:%s is disabled. Exiting.", command->tag); pthread_exit(0); } if (!getDefine_Int("wazuh_command", "remote_commands", 0, 1) && command->agent_cfg) { - mtwarn(WM_COMMAND_LOGTAG, "Remote commands are disabled. Ignoring '%s'.", command->tag); + LogWarn(WM_COMMAND_LOGTAG, "Remote commands are disabled. Ignoring '%s'.", command->tag); pthread_exit(0); } @@ -67,14 +67,14 @@ void * wm_command_main(wm_command_t * command) { argv = w_strtok(command_cpy); #ifndef __clang_analyzer__ if (!argv) { - merror("Could not split command: %s", command_cpy); + LogError("Could not split command: %s", command_cpy); pthread_exit(NULL); } #endif binary = argv[0]; if (get_binary_path(binary, &full_path) == OS_INVALID) { - mterror(WM_COMMAND_LOGTAG, "Cannot check binary: '%s'. Cannot stat binary file.", binary); + LogError(WM_COMMAND_LOGTAG, "Cannot check binary: '%s'. Cannot stat binary file.", binary); pthread_exit(NULL); } @@ -91,15 +91,15 @@ void * wm_command_main(wm_command_t * command) { switch (validation) { case 1: - mtdebug1(WM_COMMAND_LOGTAG, "MD5 checksum verification succeded for command '%s'.", command->full_command); + LogDebug(WM_COMMAND_LOGTAG, "MD5 checksum verification succeded for command '%s'.", command->full_command); break; case 0: if (!command->skip_verification) { - mterror(WM_COMMAND_LOGTAG, "MD5 checksum verification failed for command '%s'.", command->full_command); + LogError(WM_COMMAND_LOGTAG, "MD5 checksum verification failed for command '%s'.", command->full_command); pthread_exit(NULL); } else { - mtwarn(WM_COMMAND_LOGTAG, "MD5 checksum verification failed for command '%s'. Skipping...", command->full_command); + LogWarn(WM_COMMAND_LOGTAG, "MD5 checksum verification failed for command '%s'. Skipping...", command->full_command); } } } @@ -109,15 +109,15 @@ void * wm_command_main(wm_command_t * command) { switch (validation) { case 1: - mtdebug1(WM_COMMAND_LOGTAG, "SHA1 checksum verification succeded for command '%s'.", command->full_command); + LogDebug(WM_COMMAND_LOGTAG, "SHA1 checksum verification succeded for command '%s'.", command->full_command); break; case 0: if (!command->skip_verification) { - mterror(WM_COMMAND_LOGTAG, "SHA1 checksum verification failed for command '%s'.", command->full_command); + LogError(WM_COMMAND_LOGTAG, "SHA1 checksum verification failed for command '%s'.", command->full_command); pthread_exit(NULL); } else { - mtwarn(WM_COMMAND_LOGTAG, "SHA1 checksum verification failed for command '%s'. Skipping...", command->full_command); + LogWarn(WM_COMMAND_LOGTAG, "SHA1 checksum verification failed for command '%s'. Skipping...", command->full_command); } } } @@ -127,15 +127,15 @@ void * wm_command_main(wm_command_t * command) { switch (validation) { case 1: - mtdebug1(WM_COMMAND_LOGTAG, "SHA256 checksum verification succeded for command '%s'.", command->full_command); + LogDebug(WM_COMMAND_LOGTAG, "SHA256 checksum verification succeded for command '%s'.", command->full_command); break; case 0: if (!command->skip_verification) { - mterror(WM_COMMAND_LOGTAG, "SHA256 checksum verification failed for command '%s'.", command->full_command); + LogError(WM_COMMAND_LOGTAG, "SHA256 checksum verification failed for command '%s'.", command->full_command); pthread_exit(NULL); } else { - mtwarn(WM_COMMAND_LOGTAG, "SHA256 checksum verification failed for command '%s'. Skipping...", command->full_command); + LogWarn(WM_COMMAND_LOGTAG, "SHA256 checksum verification failed for command '%s'. Skipping...", command->full_command); } } } @@ -146,7 +146,7 @@ void * wm_command_main(wm_command_t * command) { command->full_command = strdup(command->command); } - mtinfo(WM_COMMAND_LOGTAG, "Module command:%s started", command->tag); + LogInfo(WM_COMMAND_LOGTAG, "Module command:%s started", command->tag); // Set extended tag @@ -166,7 +166,7 @@ void * wm_command_main(wm_command_t * command) { command->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (command->queue_fd < 0) { - mterror(WM_COMMAND_LOGTAG, "Can't connect to queue."); + LogError(WM_COMMAND_LOGTAG, "Can't connect to queue."); pthread_exit(NULL); } } @@ -182,31 +182,31 @@ void * wm_command_main(wm_command_t * command) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(command->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_COMMAND_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_COMMAND_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtinfo(WM_COMMAND_LOGTAG, "Starting command '%s'.", command->tag); + LogInfo(WM_COMMAND_LOGTAG, "Starting command '%s'.", command->tag); int status = 0; char *output = NULL; switch (wm_exec(command->full_command, command->ignore_output ? NULL : &output, &status, command->timeout, NULL)) { case 0: if (status > 0) { - mtwarn(WM_COMMAND_LOGTAG, "Command '%s' returned exit code %d.", command->tag, status); + LogWarn(WM_COMMAND_LOGTAG, "Command '%s' returned exit code %d.", command->tag, status); if (!command->ignore_output) { - mtdebug2(WM_COMMAND_LOGTAG, "OUTPUT: %s", output); + LogDebug(WM_COMMAND_LOGTAG, "OUTPUT: %s", output); } } break; case WM_ERROR_TIMEOUT: - mterror(WM_COMMAND_LOGTAG, "%s: Timeout overtaken. You can modify your command timeout at '%s'. Exiting...", command->tag, OSSECCONF); + LogError(WM_COMMAND_LOGTAG, "%s: Timeout overtaken. You can modify your command timeout at '%s'. Exiting...", command->tag, OSSECCONF); break; default: - mterror(WM_COMMAND_LOGTAG, "Command '%s' failed.", command->tag); + LogError(WM_COMMAND_LOGTAG, "Command '%s' failed.", command->tag); break; } @@ -225,7 +225,7 @@ void * wm_command_main(wm_command_t * command) { } - mtdebug1(WM_COMMAND_LOGTAG, "Command '%s' finished.", command->tag); + LogDebug(WM_COMMAND_LOGTAG, "Command '%s' finished.", command->tag); } while (FOREVER()); free(extag); diff --git a/src/modules/docker/src/wm_docker.c b/src/modules/docker/src/wm_docker.c index 1b11a49c29..482367c65c 100644 --- a/src/modules/docker/src/wm_docker.c +++ b/src/modules/docker/src/wm_docker.c @@ -43,7 +43,7 @@ void* wm_docker_main(wm_docker_t *docker_conf) { int attempts = 0; wm_docker_setup(docker_conf); - mtinfo(WM_DOCKER_LOGTAG, "Module docker-listener started."); + LogInfo(WM_DOCKER_LOGTAG, "Module docker-listener started."); // Main do { @@ -52,20 +52,20 @@ void* wm_docker_main(wm_docker_t *docker_conf) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(docker_conf->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_DOCKER_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_DOCKER_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtinfo(WM_DOCKER_LOGTAG, "Starting to listening Docker events."); + LogInfo(WM_DOCKER_LOGTAG, "Starting to listening Docker events."); // Running the docker listener script - mtdebug1(WM_DOCKER_LOGTAG, "Launching command '%s'", command); + LogDebug(WM_DOCKER_LOGTAG, "Launching command '%s'", command); wfd_t * wfd = wpopenl(command, W_BIND_STDERR, command, NULL); if (wfd == NULL) { - mterror(WM_DOCKER_LOGTAG, "Cannot launch Docker integration due to an internal error."); + LogError(WM_DOCKER_LOGTAG, "Cannot launch Docker integration due to an internal error."); pthread_exit(NULL); } @@ -85,7 +85,7 @@ void* wm_docker_main(wm_docker_t *docker_conf) { *end = '\0'; } - mterror(WM_DOCKER_LOGTAG, "%s", buffer); + LogError(WM_DOCKER_LOGTAG, "%s", buffer); } // At this point, DockerListener terminated @@ -101,15 +101,15 @@ void* wm_docker_main(wm_docker_t *docker_conf) { switch (exitcode) { case 127: - mterror(WM_DOCKER_LOGTAG, "Cannot launch Docker integration. Please check the file '%s'", command); + LogError(WM_DOCKER_LOGTAG, "Cannot launch Docker integration. Please check the file '%s'", command); pthread_exit(NULL); default: if (++attempts >= docker_conf->attempts) { - mterror(WM_DOCKER_LOGTAG, "Maximum attempts reached to run the listener. Exiting..."); + LogError(WM_DOCKER_LOGTAG, "Maximum attempts reached to run the listener. Exiting..."); pthread_exit(NULL); } - mtwarn(WM_DOCKER_LOGTAG, "Docker-listener finished unexpectedly (code %d). Retrying to run in next scheduled time...", exitcode); + LogWarn(WM_DOCKER_LOGTAG, "Docker-listener finished unexpectedly (code %d). Retrying to run in next scheduled time...", exitcode); } } while (FOREVER()); @@ -160,7 +160,7 @@ void wm_docker_check() { // Check if disabled if (!docker_conf->flags.enabled) { - mtinfo(WM_DOCKER_LOGTAG, "Module disabled. Exiting..."); + LogInfo(WM_DOCKER_LOGTAG, "Module disabled. Exiting..."); pthread_exit(NULL); } @@ -174,7 +174,7 @@ void wm_docker_check() { // Cleanup function, doesn't overwrite wm_cleanup void wm_docker_cleanup() { - mtinfo(WM_DOCKER_LOGTAG, "Module finished."); + LogInfo(WM_DOCKER_LOGTAG, "Module finished."); } #endif diff --git a/src/modules/fim/CMakeLists.txt b/src/modules/fim/CMakeLists.txt index c21c0e331f..8f79c2645a 100644 --- a/src/modules/fim/CMakeLists.txt +++ b/src/modules/fim/CMakeLists.txt @@ -57,9 +57,12 @@ set(LIB_DIR ${CMAKE_BINARY_DIR}/lib) set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${LIB_DIR}) set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${LIB_DIR}) set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) -set(CMAKE_CXX_FLAGS - "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread" -) + +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") +else() + set(CMAKE_CXX_FLAGS "/W4 /permissive- /std:c++14 /MT") +endif() if(APPLE) set(CMAKE_MACOSX_RPATH 1) diff --git a/src/modules/fim/db/src/dbFileItem.hpp b/src/modules/fim/db/src/dbFileItem.hpp index 6a69ea81a7..b3eeccac9c 100644 --- a/src/modules/fim/db/src/dbFileItem.hpp +++ b/src/modules/fim/db/src/dbFileItem.hpp @@ -105,7 +105,7 @@ class FileItem final : public DBItem int m_options; std::string m_gid; std::string m_uid; - unsigned long int m_size; + unsigned long long int m_size; unsigned long int m_dev; unsigned long long int m_inode; time_t m_time; diff --git a/src/modules/fim/db/src/dbRegistryValue.hpp b/src/modules/fim/db/src/dbRegistryValue.hpp index 81abc7bb58..94008942dd 100644 --- a/src/modules/fim/db/src/dbRegistryValue.hpp +++ b/src/modules/fim/db/src/dbRegistryValue.hpp @@ -84,7 +84,7 @@ class RegistryValue final : public DBItem }; private: - unsigned long int m_size; + unsigned long long int m_size; unsigned int m_type; std::string m_path; int m_arch; diff --git a/src/modules/fim/db/testtool/CMakeLists.txt b/src/modules/fim/db/testtool/CMakeLists.txt index a9b5cca4c1..135e2aaa27 100644 --- a/src/modules/fim/db/testtool/CMakeLists.txt +++ b/src/modules/fim/db/testtool/CMakeLists.txt @@ -9,11 +9,14 @@ if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) -set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -std=c++14 -pthread") - -if(FSANITIZE) +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -std=c++14 -pthread") + if(FSANITIZE) set(CMAKE_CXX_FLAGS_DEBUG "-fsanitize=address,leak,undefined") -endif(FSANITIZE) + endif(FSANITIZE) +else() + set(CMAKE_CXX_FLAGS "/Zi /W4 /permissive- /std:c++14 /MTd") +endif() add_executable(fimdb_test_tool ${CMAKE_SOURCE_DIR}/src/db/testtool/main.cpp ) diff --git a/src/modules/fim/include/syscheck.h b/src/modules/fim/include/syscheck.h index a23d7f70f5..ccbc3bb8db 100644 --- a/src/modules/fim/include/syscheck.h +++ b/src/modules/fim/include/syscheck.h @@ -38,6 +38,14 @@ #define FIM_LINK S_IFLNK #endif +/* Win32 does not have lstat */ +#ifdef WIN32 + #define w_stat(x, y) _stat64(x, y) + #define stat _stat64 +#else + #define w_stat(x, y) lstat(x, y) +#endif + /* Global config */ extern syscheck_config syscheck; extern int sys_debug_level; @@ -119,13 +127,6 @@ typedef struct fim_txn_context_s { #define REG_UNKNOWN 0x0000000C #endif -/* Win32 does not have lstat */ -#ifdef WIN32 - #define w_stat(x, y) stat(x, y) -#else - #define w_stat(x, y) lstat(x, y) -#endif - /** Function Prototypes **/ /** diff --git a/src/modules/fim/src/config.c b/src/modules/fim/src/config.c index eb145ea6da..5c383f9cb6 100644 --- a/src/modules/fim/src/config.c +++ b/src/modules/fim/src/config.c @@ -30,14 +30,14 @@ int Read_Syscheck_Config(const char *cfgfile) return OS_INVALID; } - mdebug1(FIM_CONFIGURATION_FILE, cfgfile); + LogDebug(FIM_CONFIGURATION_FILE, cfgfile); /* Read config */ if (ReadConfig(modules, cfgfile, &syscheck, NULL) < 0) { return (OS_INVALID); } - mdebug1(FIM_CLIENT_CONFIGURATION, cfgfile); + LogDebug(FIM_CLIENT_CONFIGURATION, cfgfile); /* Read shared config */ modules |= CAGENT_CONFIG; diff --git a/src/modules/fim/src/create_db.c b/src/modules/fim/src/create_db.c index cb6f845beb..19b017d838 100644 --- a/src/modules/fim/src/create_db.c +++ b/src/modules/fim/src/create_db.c @@ -17,6 +17,9 @@ #include "registry/registry.h" #ifdef WAZUH_UNIT_TESTING +#ifdef WIN32 +#include "../unit_tests/wrappers/windows/stat64_wrappers.h" +#endif /* Remove static qualifier when unit testing */ #define static @@ -361,7 +364,7 @@ static void transaction_callback(ReturnTypeCallback resultType, const cJSON* res break; case MAX_ROWS: - mdebug1("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); + LogDebug("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); // Fallthrough default: @@ -409,7 +412,7 @@ static void transaction_callback(ReturnTypeCallback resultType, const cJSON* res changed_attributes); if (cJSON_GetArraySize(changed_attributes) == 0) { - mdebug2(FIM_EMPTY_CHANGED_ATTRIBUTES, path); + LogDebug(FIM_EMPTY_CHANGED_ATTRIBUTES, path); goto end; } } @@ -495,19 +498,19 @@ time_t fim_scan() { #endif cputime_start = clock(); gettime(&start); - minfo(FIM_FREQUENCY_STARTED); + LogInfo(FIM_FREQUENCY_STARTED); fim_send_scan_info(FIM_SCAN_START); TXN_HANDLE db_transaction_handle = fim_db_transaction_start(FIMDB_FILE_TXN_TABLE, transaction_callback, &txn_ctx); if (db_transaction_handle == NULL) { - merror(FIM_ERROR_TRANSACTION, FIMDB_FILE_TXN_TABLE); + LogError(FIM_ERROR_TRANSACTION, FIMDB_FILE_TXN_TABLE); return time(NULL); } fim_diff_folder_size(); syscheck.disk_quota_full_msg = true; - mdebug2(FIM_DIFF_FOLDER_SIZE, DIFF_DIR, syscheck.diff_folder_size); + LogDebug(FIM_DIFF_FOLDER_SIZE, DIFF_DIR, syscheck.diff_folder_size); w_mutex_lock(&syscheck.fim_scan_mutex); @@ -610,12 +613,12 @@ time_t fim_scan() { fim_realtime_print_watches(); } - minfo(FIM_FREQUENCY_ENDED); + LogInfo(FIM_FREQUENCY_ENDED); fim_send_scan_info(FIM_SCAN_END); - if (isDebug()) { - fim_print_info(start, end, cputime_start); // LCOV_EXCL_LINE - } + // if (isDebug()) { + // fim_print_info(start, end, cputime_start); // LCOV_EXCL_LINE + // } audit_queue_full_reported = 0; return end_of_scan; @@ -630,7 +633,7 @@ void fim_checker(const char *path, int depth; if (!w_utf8_valid(path)) { - mwarn(FIM_INVALID_FILE_NAME, path); + LogWarn(FIM_INVALID_FILE_NAME, path); return; } @@ -666,14 +669,14 @@ void fim_checker(const char *path, depth = fim_check_depth(path, configuration); if (depth > configuration->recursion_level) { - mdebug2(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, path); + LogDebug(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, path); return; } // Deleted file. Sending alert. if (w_stat(path, &(evt_data->statbuf)) == -1) { if(errno != ENOENT) { - mdebug1(FIM_STAT_FAILED, path, errno, strerror(errno)); + LogDebug(FIM_STAT_FAILED, path, errno, strerror(errno)); return; } @@ -710,7 +713,7 @@ void fim_checker(const char *path, #ifdef WIN_WHODATA if (evt_data->w_evt && evt_data->w_evt->scan_directory == 1) { if (w_update_sacl(path)) { - mdebug1(FIM_SCAL_NOREFRESH, path); + LogDebug(FIM_SCAL_NOREFRESH, path); } } #endif @@ -738,7 +741,7 @@ void fim_checker(const char *path, case FIM_DIRECTORY: if (depth == configuration->recursion_level) { - mdebug2(FIM_DIR_RECURSION_LEVEL, path, depth); + LogDebug(FIM_DIR_RECURSION_LEVEL, path, depth); return; } fim_directory(path, evt_data, configuration, dbsync_txn, ctx); @@ -765,7 +768,7 @@ int fim_directory(const char *dir, size_t path_size; if (!dir) { - merror(NULL_ERROR); + LogError(NULL_ERROR); return OS_INVALID; } @@ -773,7 +776,7 @@ int fim_directory(const char *dir, dp = opendir(dir); if (!dp) { - mwarn(FIM_PATH_NOT_OPEN, dir, strerror(errno)); + LogWarn(FIM_PATH_NOT_OPEN, dir, strerror(errno)); return OS_INVALID; } @@ -801,7 +804,7 @@ int fim_directory(const char *dir, // and log a warning, PATH_MAX is 260 on windows, but reserves 1 char // for the null terminator. if (path_size + strlen(entry->d_name) >= PATH_MAX) { - mwarn(FIM_ERROR_PATH_TOO_LONG, f_name, entry->d_name, PATH_MAX); + LogWarn(FIM_ERROR_PATH_TOO_LONG, f_name, entry->d_name, PATH_MAX); continue; } #endif @@ -833,7 +836,7 @@ void fim_event_callback(void* data, void * ctx) cJSON *changed_attributes = cJSON_GetObjectItem(data_json, "changed_attributes"); if (changed_attributes && cJSON_GetArraySize(changed_attributes) == 0) { - mdebug2(FIM_EMPTY_CHANGED_ATTRIBUTES, path); + LogDebug(FIM_EMPTY_CHANGED_ATTRIBUTES, path); return; } @@ -888,7 +891,7 @@ void fim_file(const char *path, new_entry.file_entry.data = fim_get_data(path, configuration, &(evt_data->statbuf)); if (new_entry.file_entry.data == NULL) { - mdebug1(FIM_GET_ATTRIBUTES, path); + LogDebug(FIM_GET_ATTRIBUTES, path); return; } @@ -1066,7 +1069,7 @@ void fim_check_db_state(int nodes_limit, int nodes_count, fim_state_db* db_state char alert_msg[OS_SIZE_256] = {'\0'}; if (nodes_count < 0) { - mwarn(FIM_DATABASE_NODES_COUNT_FAIL); + LogWarn(FIM_DATABASE_NODES_COUNT_FAIL); return; } @@ -1126,27 +1129,27 @@ void fim_check_db_state(int nodes_limit, int nodes_count, fim_state_db* db_state if (nodes_count >= nodes_limit) { *db_state = FIM_STATE_DB_FULL; - mwarn(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_FULL_ALERT_REG : FIM_DB_FULL_ALERT_FILE); + LogWarn(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_FULL_ALERT_REG : FIM_DB_FULL_ALERT_FILE); cJSON_AddStringToObject(json_event, "alert_type", "full"); } else if (nodes_count >= nodes_limit * 0.9) { *db_state = FIM_STATE_DB_90_PERCENTAGE; - minfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_90_PERCENTAGE_ALERT_REG : FIM_DB_90_PERCENTAGE_ALERT_FILE); + LogInfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_90_PERCENTAGE_ALERT_REG : FIM_DB_90_PERCENTAGE_ALERT_FILE); cJSON_AddStringToObject(json_event, "alert_type", "90_percentage"); } else if (nodes_count >= nodes_limit * 0.8) { *db_state = FIM_STATE_DB_80_PERCENTAGE; - minfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_80_PERCENTAGE_ALERT_REG : FIM_DB_80_PERCENTAGE_ALERT_FILE); + LogInfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_80_PERCENTAGE_ALERT_REG : FIM_DB_80_PERCENTAGE_ALERT_FILE); cJSON_AddStringToObject(json_event, "alert_type", "80_percentage"); } else if (nodes_count > 0) { *db_state = FIM_STATE_DB_NORMAL; - minfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_NORMAL_ALERT_REG : FIM_DB_NORMAL_ALERT_FILE); + LogInfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_NORMAL_ALERT_REG : FIM_DB_NORMAL_ALERT_FILE); cJSON_AddStringToObject(json_event, "alert_type", "normal"); } else { *db_state = FIM_STATE_DB_EMPTY; - minfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_NORMAL_ALERT_REG : FIM_DB_NORMAL_ALERT_FILE); + LogInfo(strcmp(table_name, FIMDB_FILE_TABLE_NAME) ? FIM_DB_NORMAL_ALERT_REG : FIM_DB_NORMAL_ALERT_FILE); cJSON_AddStringToObject(json_event, "alert_type", "normal"); } @@ -1192,7 +1195,7 @@ directory_t *fim_configuration_directory(const char *path) { } if (dir == NULL) { - mdebug2(FIM_CONFIGURATION_NOTFOUND, "file", path); + LogDebug(FIM_CONFIGURATION_NOTFOUND, "file", path); } return dir; @@ -1257,7 +1260,7 @@ fim_file_data *fim_get_data(const char *file, const directory_t *configuration, error = w_get_file_permissions(file, &(data->perm_json)); if (error) { - mdebug1(FIM_EXTRACT_PERM_FAIL, file, error); + LogDebug(FIM_EXTRACT_PERM_FAIL, file, error); free_file_data(data); return NULL; } @@ -1314,11 +1317,11 @@ fim_file_data *fim_get_data(const char *file, const directory_t *configuration, data->scanned = 1; // We won't calculate hash for symbolic links, empty or large files - if (S_ISREG(statbuf->st_mode) && (statbuf->st_size > 0 && (size_t)statbuf->st_size < syscheck.file_max_size) && + if (S_ISREG(statbuf->st_mode) && (statbuf->st_size > 0 && statbuf->st_size < syscheck.file_max_size) && (configuration->options & (CHECK_MD5SUM | CHECK_SHA1SUM | CHECK_SHA256SUM))) { if (OS_MD5_SHA1_SHA256_File(file, syscheck.prefilter_cmd, data->hash_md5, data->hash_sha1, data->hash_sha256, OS_BINARY, syscheck.file_max_size) < 0) { - mdebug1(FIM_HASHES_FAIL, file); + LogDebug(FIM_HASHES_FAIL, file); free_file_data(data); return NULL; } @@ -1369,7 +1372,7 @@ void fim_get_checksum (fim_file_data * data) { size = snprintf(0, 0, - "%d:%s:%s:%s:%s:%s:%s:%lu:%llu:%s:%s:%s", + "%llu:%s:%s:%s:%s:%s:%s:%lu:%llu:%s:%s:%s", data->size, data->perm ? data->perm : "", data->attributes ? data->attributes : "", @@ -1386,7 +1389,7 @@ void fim_get_checksum (fim_file_data * data) { os_calloc(size + 1, sizeof(char), checksum); snprintf(checksum, size + 1, - "%d:%s:%s:%s:%s:%s:%s:%lu:%llu:%s:%s:%s", + "%llu:%s:%s:%s:%s:%s:%s:%lu:%llu:%s:%s:%s", data->size, data->perm ? data->perm : "", data->attributes ? data->attributes : "", @@ -1651,7 +1654,7 @@ int fim_check_ignore (const char *file_name) { int i = 0; while (syscheck.ignore[i] != NULL) { if (strncasecmp(syscheck.ignore[i], file_name, strlen(syscheck.ignore[i])) == 0) { - mdebug2(FIM_IGNORE_ENTRY, file_name, syscheck.ignore[i]); + LogDebug(FIM_IGNORE_ENTRY, file_name, syscheck.ignore[i]); return 1; } i++; @@ -1663,7 +1666,7 @@ int fim_check_ignore (const char *file_name) { int i = 0; while (syscheck.ignore_regex[i] != NULL) { if (OSMatch_Execute(file_name, strlen(file_name), syscheck.ignore_regex[i])) { - mdebug2(FIM_IGNORE_SREGEX, file_name, syscheck.ignore_regex[i]->raw); + LogDebug(FIM_IGNORE_SREGEX, file_name, syscheck.ignore_regex[i]->raw); return 1; } i++; @@ -1676,14 +1679,14 @@ int fim_check_ignore (const char *file_name) { int fim_check_restrict (const char *file_name, OSMatch *restriction) { if (file_name == NULL) { - merror(NULL_ERROR); + LogError(NULL_ERROR); return 1; } // Restrict file types if (restriction) { if (!OSMatch_Execute(file_name, strlen(file_name), restriction)) { - mdebug2(FIM_FILE_IGNORE_RESTRICT, file_name, restriction->raw); + LogDebug(FIM_FILE_IGNORE_RESTRICT, file_name, restriction->raw); return 1; } } @@ -1736,7 +1739,7 @@ void update_wildcards_config() { return; } - mdebug2(FIM_WILDCARDS_UPDATE_START); + LogDebug(FIM_WILDCARDS_UPDATE_START); w_rwlock_wrlock(&syscheck.directories_lock); OSList_foreach(node_it, syscheck.directories) { @@ -1773,7 +1776,7 @@ void update_wildcards_config() { removed_entries = OSList_Create(); if (removed_entries == NULL) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); w_rwlock_unlock(&syscheck.directories_lock); return; } @@ -1811,23 +1814,23 @@ void update_wildcards_config() { OSList_foreach(node_it, removed_entries) { dir_it = node_it->data; fim_process_wildcard_removed(dir_it); - mdebug2(FIM_WILDCARDS_REMOVE_DIRECTORY, dir_it->path); + LogDebug(FIM_WILDCARDS_REMOVE_DIRECTORY, dir_it->path); } OSList_Destroy(removed_entries); - mdebug2(FIM_WILDCARDS_UPDATE_FINALIZE); + LogDebug(FIM_WILDCARDS_UPDATE_FINALIZE); } // LCOV_EXCL_START void fim_print_info(struct timespec start, struct timespec end, clock_t cputime_start) { - mdebug1(FIM_RUNNING_SCAN, + LogDebug(FIM_RUNNING_SCAN, time_diff(&start, &end), (double)(clock() - cputime_start) / CLOCKS_PER_SEC); #ifdef WIN32 - mdebug1(FIM_ENTRIES_INFO, fim_db_get_count_file_entry()); - mdebug1(FIM_REGISTRY_ENTRIES_INFO, fim_db_get_count_registry_key()); - mdebug1(FIM_REGISTRY_VALUES_ENTRIES_INFO, fim_db_get_count_registry_data()); + LogDebug(FIM_ENTRIES_INFO, fim_db_get_count_file_entry()); + LogDebug(FIM_REGISTRY_ENTRIES_INFO, fim_db_get_count_registry_key()); + LogDebug(FIM_REGISTRY_VALUES_ENTRIES_INFO, fim_db_get_count_registry_data()); #else unsigned inode_items = 0; unsigned inode_paths = 0; @@ -1835,7 +1838,7 @@ void fim_print_info(struct timespec start, struct timespec end, clock_t cputime_ inode_items = fim_db_get_count_file_inode(); inode_paths = fim_db_get_count_file_entry(); - mdebug1(FIM_INODES_INFO, inode_items, inode_paths); + LogDebug(FIM_INODES_INFO, inode_items, inode_paths); #endif return; diff --git a/src/modules/fim/src/fim_diff_changes.c b/src/modules/fim/src/fim_diff_changes.c index deedab2120..ed0953a29d 100644 --- a/src/modules/fim/src/fim_diff_changes.c +++ b/src/modules/fim/src/fim_diff_changes.c @@ -213,7 +213,7 @@ char *fim_registry_value_diff(const char *key_name, data_type == REG_DWORD || data_type == REG_DWORD_BIG_ENDIAN || data_type == REG_QWORD)) { - mdebug2(FIM_REG_VAL_INVALID_TYPE, key_name, value_name); + LogDebug(FIM_REG_VAL_INVALID_TYPE, key_name, value_name); return NULL; } @@ -233,11 +233,11 @@ char *fim_registry_value_diff(const char *key_name, // Check for file limit and disk quota if (ret = fim_diff_check_limits(diff), ret == 1) { - mdebug2(FIM_BIG_FILE_REPORT_CHANGES, full_value_name); + LogDebug(FIM_BIG_FILE_REPORT_CHANGES, full_value_name); os_strdup("Unable to calculate diff due to 'file_size' limit has been reached.", diff_changes); goto cleanup; } else if (ret == 2){ - mdebug2(FIM_DISK_QUOTA_LIMIT_REACHED, "estimation", full_value_name); + LogDebug(FIM_DISK_QUOTA_LIMIT_REACHED, "estimation", full_value_name); os_strdup("Unable to calculate diff due to 'disk_quota' limit has been reached.", diff_changes); goto cleanup; } @@ -266,7 +266,7 @@ char *fim_registry_value_diff(const char *key_name, } if (fim_diff_compare(diff) == -1) { - mdebug2(FIM_DIFF_IDENTICAL_MD5_FILES); + LogDebug(FIM_DIFF_IDENTICAL_MD5_FILES); syscheck.diff_folder_size += backup_file_size; os_strdup("No content changes were found for this registry value.", diff_changes); goto cleanup; @@ -288,7 +288,7 @@ char *fim_registry_value_diff(const char *key_name, cleanup: if (rmdir_ex(diff->tmp_folder) < 0) { - mdebug2(RMDIR_ERROR, diff->tmp_folder, errno, strerror(errno)); + LogDebug(RMDIR_ERROR, diff->tmp_folder, errno, strerror(errno)); } free_diff_data(diff); @@ -387,13 +387,13 @@ int fim_diff_registry_tmp(const char *value_data, default: // Wrong type - mwarn(FIM_REG_VAL_WRONG_TYPE); + LogWarn(FIM_REG_VAL_WRONG_TYPE); ret = -1; break; } fclose(fp); } else { - merror(FOPEN_ERROR, diff->file_origin, errno, strerror(errno)); + LogError(FOPEN_ERROR, diff->file_origin, errno, strerror(errno)); return -1; } @@ -417,11 +417,11 @@ char *fim_file_diff(const char *filename, const directory_t *configuration) { // Check for file limit and disk quota if (ret = fim_diff_check_limits(diff), ret == 1) { - mdebug2(FIM_BIG_FILE_REPORT_CHANGES, filename); + LogDebug(FIM_BIG_FILE_REPORT_CHANGES, filename); os_strdup("Unable to calculate diff due to 'file_size' limit has been reached.", diff_changes); goto cleanup; } else if (ret == 2){ - mdebug2(FIM_DISK_QUOTA_LIMIT_REACHED, "estimation", filename); + LogDebug(FIM_DISK_QUOTA_LIMIT_REACHED, "estimation", filename); os_strdup("Unable to calculate diff due to 'disk_quota' limit has been reached.", diff_changes); goto cleanup; } @@ -450,7 +450,7 @@ char *fim_file_diff(const char *filename, const directory_t *configuration) { } if (fim_diff_compare(diff) == -1) { - mdebug2(FIM_DIFF_IDENTICAL_MD5_FILES); + LogDebug(FIM_DIFF_IDENTICAL_MD5_FILES); syscheck.diff_folder_size += backup_file_size; os_strdup("No content changes were found for this file.", diff_changes); goto cleanup; @@ -472,7 +472,7 @@ char *fim_file_diff(const char *filename, const directory_t *configuration) { cleanup: if (rmdir_ex(diff->tmp_folder) < 0) { - mdebug2(RMDIR_ERROR, diff->tmp_folder, errno, strerror(errno)); + LogDebug(RMDIR_ERROR, diff->tmp_folder, errno, strerror(errno)); } free_diff_data(diff); @@ -498,7 +498,7 @@ diff_data *initialize_file_diff_data(const char *filename, const directory_t *co // Get absolute path of filename: if (abspath(filename, buffer, sizeof(buffer)) == NULL) { - merror(FIM_ERROR_GET_ABSOLUTE_PATH, filename, strerror(errno), errno); + LogError(FIM_ERROR_GET_ABSOLUTE_PATH, filename, strerror(errno), errno); goto error; } @@ -507,7 +507,7 @@ diff_data *initialize_file_diff_data(const char *filename, const directory_t *co #ifdef WIN32 // Get cwd for Windows if (abspath(DIFF_DIR, abs_diff_dir_path, sizeof(abs_diff_dir_path)) == NULL) { - merror(FIM_ERROR_GET_ABSOLUTE_PATH, abs_diff_dir_path, strerror(errno), errno); + LogError(FIM_ERROR_GET_ABSOLUTE_PATH, abs_diff_dir_path, strerror(errno), errno); goto error; } #else @@ -584,7 +584,7 @@ int fim_diff_delete_compress_folder(const char *folder) { dir_size = (float)DirSize(folder) / 1024; if (rmdir_ex(folder) < 0) { - mdebug2(RMDIR_ERROR, folder, errno, strerror(errno)); + LogDebug(RMDIR_ERROR, folder, errno, strerror(errno)); return -1; } else if (dir_size != -1) { syscheck.diff_folder_size -= dir_size; @@ -600,7 +600,7 @@ int fim_diff_delete_compress_folder(const char *folder) { return -1; } - mdebug2(FIM_DIFF_FOLDER_DELETED, folder); + LogDebug(FIM_DIFF_FOLDER_DELETED, folder); return 0; } @@ -611,7 +611,7 @@ int fim_diff_estimate_compression(float file_size) { int fim_diff_create_compress_file(const diff_data *diff) { if (w_compress_gzfile(diff->file_origin, diff->compress_tmp_file) != 0) { - mwarn(FIM_WARN_GENDIFF_SNAPSHOT, diff->file_origin); + LogWarn(FIM_WARN_GENDIFF_SNAPSHOT, diff->file_origin); return -1; } else if (syscheck.disk_quota_enabled) { unsigned int zip_size = FileSize(diff->compress_tmp_file) / 1024; @@ -619,7 +619,7 @@ int fim_diff_create_compress_file(const diff_data *diff) { if (syscheck.diff_folder_size + zip_size > syscheck.disk_quota_limit) { if (syscheck.disk_quota_full_msg) { syscheck.disk_quota_full_msg = false; - mdebug2(FIM_DISK_QUOTA_LIMIT_REACHED, "calculate", diff->file_origin); + LogDebug(FIM_DISK_QUOTA_LIMIT_REACHED, "calculate", diff->file_origin); } fim_diff_modify_compress_estimation(zip_size, diff->file_size); return -2; @@ -681,7 +681,7 @@ char *fim_diff_generate(const diff_data *diff) { diff_file_filtered = filter(diff->diff_file); if (!(uncompress_file_filtered && file_origin_filtered && diff_file_filtered)) { - mdebug1(FIM_DIFF_SKIPPED); + LogDebug(FIM_DIFF_SKIPPED); os_free(uncompress_file_filtered); os_free(file_origin_filtered); os_free(diff_file_filtered); @@ -710,12 +710,12 @@ char *fim_diff_generate(const diff_data *diff) { if (status == 256){ #else if (status == 0){ - mdebug2(FIM_DIFF_COMMAND_OUTPUT_EQUAL); + LogDebug(FIM_DIFF_COMMAND_OUTPUT_EQUAL); } else if (status == 1){ #endif diff_str = gen_diff_str(diff); } else { - merror(FIM_DIFF_COMMAND_OUTPUT_ERROR); + LogError(FIM_DIFF_COMMAND_OUTPUT_ERROR); } return diff_str; @@ -729,7 +729,7 @@ char *gen_diff_str(const diff_data *diff){ fp = wfopen(diff->diff_file, "rb"); if (!fp) { - merror(FIM_ERROR_GENDIFF_OPEN, diff->diff_file); + LogError(FIM_ERROR_GENDIFF_OPEN, diff->diff_file); return NULL; } @@ -738,7 +738,7 @@ char *gen_diff_str(const diff_data *diff){ unlink(diff->diff_file); if (!n){ - merror(FIM_ERROR_GENDIFF_READ); + LogError(FIM_ERROR_GENDIFF_READ); return NULL; } @@ -778,7 +778,7 @@ char *gen_diff_str(const diff_data *diff){ void save_compress_file(const diff_data *diff){ if (rename_ex(diff->compress_tmp_file, diff->compress_file) != 0) { - merror(RENAME_ERROR, diff->compress_tmp_file, diff->compress_file, errno, strerror(errno)); + LogError(RENAME_ERROR, diff->compress_tmp_file, diff->compress_file, errno, strerror(errno)); return; } if (syscheck.disk_quota_enabled){ @@ -855,7 +855,7 @@ char* filter(const char *string) { clen = strcspn(ptr + 1, "\"\\$`"); out = realloc(out, len + clen + 3); if(!out){ - merror_exit(MEM_ERROR, errno, strerror(errno)); // LCOV_EXCL_LINE + LogCritical(MEM_ERROR, errno, strerror(errno)); // LCOV_EXCL_LINE } out[len] = '\\'; out[len + 1] = *ptr; @@ -900,7 +900,7 @@ char *adapt_win_fc_output(char *command_output) { size_t written = 0; if (line = strchr(command_output, '\n'), !line) { - mdebug2("%s: %s", FIM_ERROR_GENDIFF_SECONDLINE_MISSING, command_output); + LogDebug("%s: %s", FIM_ERROR_GENDIFF_SECONDLINE_MISSING, command_output); return strdup(command_output); } @@ -955,7 +955,7 @@ void fim_diff_process_delete_file(const char *filename){ os_sha1 encoded_path; if (abspath(filename, buffer, sizeof(buffer)) == NULL) { - merror(FIM_ERROR_GET_ABSOLUTE_PATH, filename, strerror(errno), errno); + LogError(FIM_ERROR_GET_ABSOLUTE_PATH, filename, strerror(errno), errno); return; } @@ -966,9 +966,9 @@ void fim_diff_process_delete_file(const char *filename){ ret = fim_diff_delete_compress_folder(full_path); if(ret == -1){ - merror(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); + LogError(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); } else if (ret == -2){ - mdebug2(FIM_DIFF_FOLDER_NOT_EXIST, full_path); + LogDebug(FIM_DIFF_FOLDER_NOT_EXIST, full_path); } os_free(full_path); @@ -991,9 +991,9 @@ void fim_diff_process_delete_registry(const char *key_name, int arch){ ret = fim_diff_delete_compress_folder(full_path); if(ret == -1){ - merror(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); + LogError(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); } else if (ret == -2){ - mdebug2(FIM_DIFF_FOLDER_NOT_EXIST, full_path); + LogDebug(FIM_DIFF_FOLDER_NOT_EXIST, full_path); } return; @@ -1016,9 +1016,9 @@ void fim_diff_process_delete_value(const char *key_name, const char *value_name, ret = fim_diff_delete_compress_folder(full_path); if(ret == -1){ - merror(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); + LogError(FIM_DIFF_DELETE_DIFF_FOLDER_ERROR, full_path); } else if (ret == -2){ - mdebug2(FIM_DIFF_FOLDER_NOT_EXIST, full_path); + LogDebug(FIM_DIFF_FOLDER_NOT_EXIST, full_path); } return; diff --git a/src/modules/fim/src/main.c b/src/modules/fim/src/main.c index 6d20841d0f..309d4d7246 100644 --- a/src/modules/fim/src/main.c +++ b/src/modules/fim/src/main.c @@ -46,7 +46,7 @@ extern bool is_fim_shutdown; static void fim_shutdown(int sig) { /* Close sync thread and release dbsync and rsync */ - minfo(SK_SHUTDOWN); + LogInfo(SK_SHUTDOWN); is_fim_shutdown = true; fim_db_teardown(); HandleSIG(sig); @@ -78,7 +78,8 @@ int main(int argc, char **argv) help_syscheckd(); break; case 'd': - nowDebug(); + // TODO : should this feature be added + //nowDebug(); debug_level ++; break; case 'f': @@ -86,7 +87,7 @@ int main(int argc, char **argv) break; case 'c': if (!optarg) { - merror_exit("-c needs an argument"); + LogCritical("-c needs an argument"); } cfg = optarg; break; @@ -101,21 +102,21 @@ int main(int argc, char **argv) /* Change current working directory */ if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); + LogCritical(CHDIR_ERROR, home_path, errno, strerror(errno)); } - mdebug1(WAZUH_HOMEDIR, home_path); + LogDebug(WAZUH_HOMEDIR, home_path); os_free(home_path); /* Check if the group given is valid */ gid = Privsep_GetGroup(group); if (gid == (gid_t) - 1) { - merror_exit(USER_ERROR, "", group, strerror(errno), errno); + LogCritical(USER_ERROR, "", group, strerror(errno), errno); } /* Privilege separation */ if (Privsep_SetGroup(gid) < 0) { - merror_exit(SETGID_ERROR, group, errno, strerror(errno)); + LogCritical(SETGID_ERROR, group, errno, strerror(errno)); } /* Initialize error logging for shared modulesd */ @@ -127,17 +128,17 @@ int main(int argc, char **argv) /* Check if the configuration is present */ if (File_DateofChange(cfg) < 0) { - merror_exit(NO_CONFIG, cfg); + LogCritical(NO_CONFIG, cfg); } /* Read syscheck config */ if ((r = Read_Syscheck_Config(cfg)) < 0) { - mwarn(RCONFIG_ERROR, SYSCHECK, cfg); + LogWarn(RCONFIG_ERROR, SYSCHECK, cfg); syscheck.disabled = 1; } else if ((r == 1) || (syscheck.disabled == 1)) { if (syscheck.directories == NULL || OSList_GetFirstNode(syscheck.directories) == NULL) { if (!test_config) { - minfo(FIM_DIRECTORY_NOPROVIDED); + LogInfo(FIM_DIRECTORY_NOPROVIDED); } } @@ -148,7 +149,7 @@ int main(int argc, char **argv) } if (!test_config) { - minfo(FIM_DISABLED); + LogInfo(FIM_DISABLED); } } @@ -182,7 +183,7 @@ int main(int argc, char **argv) /* Create pid */ if (CreatePID(ARGV0, getpid()) < 0) { - merror_exit(PID_ERROR); + LogCritical(PID_ERROR); } if (syscheck.rootcheck) { @@ -192,14 +193,14 @@ int main(int argc, char **argv) /* Connect to the queue */ if ((syscheck.queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - merror_exit(QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(QUEUE_FATAL, DEFAULTQUEUE); } if (!syscheck.disabled) { OSListNode *node_it; /* Start up message */ - minfo(STARTUP_MSG, (int)getpid()); + LogInfo(STARTUP_MSG, (int)getpid()); /* Print directories to be monitored */ OSList_foreach(node_it, syscheck.directories) { @@ -207,49 +208,49 @@ int main(int argc, char **argv) char optstr[ 1024 ]; if (dir_it->symbolic_links == NULL) { - minfo(FIM_MONITORING_DIRECTORY, dir_it->path, + LogInfo(FIM_MONITORING_DIRECTORY, dir_it->path, syscheck_opts2str(optstr, sizeof(optstr), dir_it->options)); } else { - minfo(FIM_MONITORING_LDIRECTORY, dir_it->path, dir_it->symbolic_links, + LogInfo(FIM_MONITORING_LDIRECTORY, dir_it->path, dir_it->symbolic_links, syscheck_opts2str(optstr, sizeof(optstr), dir_it->options)); } if (dir_it->tag != NULL) - mdebug2(FIM_TAG_ADDED, dir_it->tag, dir_it->path); + LogDebug(FIM_TAG_ADDED, dir_it->tag, dir_it->path); // Print diff file size limit if ((dir_it->options & CHECK_SEECHANGES) && syscheck.file_size_enabled) { - mdebug2(FIM_DIFF_FILE_SIZE_LIMIT, dir_it->diff_size_limit, dir_it->path); + LogDebug(FIM_DIFF_FILE_SIZE_LIMIT, dir_it->diff_size_limit, dir_it->path); } } if (!syscheck.file_size_enabled) { - minfo(FIM_FILE_SIZE_LIMIT_DISABLED); + LogInfo(FIM_FILE_SIZE_LIMIT_DISABLED); } // Print maximum disk quota to be used by the queue/diff/local folder if (syscheck.disk_quota_enabled) { - mdebug2(FIM_DISK_QUOTA_LIMIT, syscheck.disk_quota_limit); + LogDebug(FIM_DISK_QUOTA_LIMIT, syscheck.disk_quota_limit); } else { - minfo(FIM_DISK_QUOTA_LIMIT_DISABLED); + LogInfo(FIM_DISK_QUOTA_LIMIT_DISABLED); } /* Print ignores. */ if(syscheck.ignore) for (r = 0; syscheck.ignore[r] != NULL; r++) - minfo(FIM_PRINT_IGNORE_ENTRY, "file", syscheck.ignore[r]); + LogInfo(FIM_PRINT_IGNORE_ENTRY, "file", syscheck.ignore[r]); /* Print sregex ignores. */ if(syscheck.ignore_regex) for (r = 0; syscheck.ignore_regex[r] != NULL; r++) - minfo(FIM_PRINT_IGNORE_SREGEX, "file", syscheck.ignore_regex[r]->raw); + LogInfo(FIM_PRINT_IGNORE_SREGEX, "file", syscheck.ignore_regex[r]->raw); /* Print files with no diff. */ if (syscheck.nodiff){ r = 0; while (syscheck.nodiff[r] != NULL) { - minfo(FIM_NO_DIFF, syscheck.nodiff[r]); + LogInfo(FIM_NO_DIFF, syscheck.nodiff[r]); r++; } } @@ -259,10 +260,10 @@ int main(int argc, char **argv) dir_it = node_it->data; if (dir_it->options & REALTIME_ACTIVE) { #if defined (INOTIFY_ENABLED) || defined (WIN32) - minfo(FIM_REALTIME_MONITORING_DIRECTORY, dir_it->path); + LogInfo(FIM_REALTIME_MONITORING_DIRECTORY, dir_it->path); start_realtime = 1; #else - mwarn(FIM_WARN_REALTIME_DISABLED, dir_it->path); + LogWarn(FIM_WARN_REALTIME_DISABLED, dir_it->path); dir_it->options &= ~REALTIME_ACTIVE; dir_it->options |= SCHEDULED_ACTIVE; #endif @@ -276,7 +277,7 @@ int main(int argc, char **argv) start_realtime = 1; break; #else - mwarn(FIM_WARN_REALTIME_DISABLED, dir_it->path); + LogWarn(FIM_WARN_REALTIME_DISABLED, dir_it->path); dir_it->options &= ~REALTIME_ACTIVE; dir_it->options |= SCHEDULED_ACTIVE; #endif @@ -297,7 +298,7 @@ int main(int argc, char **argv) directory_t *dir_it; OSListNode *node_it; - mwarn(FIM_WARN_AUDIT_THREAD_NOSTARTED); + LogWarn(FIM_WARN_AUDIT_THREAD_NOSTARTED); // Switch who-data to real-time mode @@ -325,7 +326,7 @@ int main(int argc, char **argv) } #else - merror(FIM_ERROR_WHODATA_AUDIT_SUPPORT); + LogError(FIM_ERROR_WHODATA_AUDIT_SUPPORT); #endif } diff --git a/src/modules/fim/src/registry/events.c b/src/modules/fim/src/registry/events.c index b675fc681c..946a0c1116 100644 --- a/src/modules/fim/src/registry/events.c +++ b/src/modules/fim/src/registry/events.c @@ -549,22 +549,22 @@ cJSON *fim_registry_event(const fim_entry *new, cJSON *json_event = NULL; if (new == NULL) { - mwarn(FIM_REGISTRY_EVENT_NULL_ENTRY); + LogWarn(FIM_REGISTRY_EVENT_NULL_ENTRY); return NULL; } if (new->registry_entry.key == NULL) { - mwarn(FIM_REGISTRY_EVENT_NULL_ENTRY_KEY); + LogWarn(FIM_REGISTRY_EVENT_NULL_ENTRY_KEY); return NULL; } if (new->type != FIM_TYPE_REGISTRY) { - mwarn(FIM_REGISTRY_EVENT_WRONG_ENTRY_TYPE); + LogWarn(FIM_REGISTRY_EVENT_WRONG_ENTRY_TYPE); return NULL; } if (saved && saved->type != FIM_TYPE_REGISTRY) { - mwarn(FIM_REGISTRY_EVENT_WRONG_SAVED_TYPE); + LogWarn(FIM_REGISTRY_EVENT_WRONG_SAVED_TYPE); return NULL; } diff --git a/src/modules/fim/src/registry/registry.c b/src/modules/fim/src/registry/registry.c index c6f33639e3..7e5c577853 100644 --- a/src/modules/fim/src/registry/registry.c +++ b/src/modules/fim/src/registry/registry.c @@ -134,7 +134,7 @@ static void registry_key_transaction_callback(ReturnTypeCallback resultType, break; case MAX_ROWS: - mdebug1("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); + LogDebug("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); // Fallthrough default: @@ -178,7 +178,7 @@ static void registry_key_transaction_callback(ReturnTypeCallback resultType, old_attributes); if (cJSON_GetArraySize(changed_attributes) == 0) { - mdebug2(FIM_EMPTY_CHANGED_ATTRIBUTES, path); + LogDebug(FIM_EMPTY_CHANGED_ATTRIBUTES, path); goto end; } } @@ -275,7 +275,7 @@ static void registry_value_transaction_callback(ReturnTypeCallback resultType, break; case MAX_ROWS: - mdebug1("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); + LogDebug("Couldn't insert '%s' entry into DB. The DB is full, please check your configuration.", path); // Fallthrough default: @@ -322,7 +322,7 @@ static void registry_value_transaction_callback(ReturnTypeCallback resultType, old_attributes); if (cJSON_GetArraySize(changed_attributes) == 0) { - mdebug2(FIM_EMPTY_CHANGED_ATTRIBUTES, path); + LogDebug(FIM_EMPTY_CHANGED_ATTRIBUTES, path); goto end; } } @@ -408,7 +408,7 @@ registry_t *fim_registry_configuration(const char *key, int arch) { } if (ret == NULL) { - mdebug2(FIM_CONFIGURATION_NOTFOUND, "registry", key); + LogDebug(FIM_CONFIGURATION_NOTFOUND, "registry", key); } return ret; @@ -444,7 +444,7 @@ int fim_registry_validate_recursion_level(const char *key_path, const registry_t } if (depth > configuration->recursion_level) { - mdebug2(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, key_path); + LogDebug(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, key_path); return -1; } @@ -482,7 +482,7 @@ int fim_registry_validate_ignore(const char *entry, const registry_t *configurat continue; } if (strncasecmp((*ignore_list)[ign_it].entry, entry, strlen((*ignore_list)[ign_it].entry)) == 0) { - mdebug2(FIM_REG_IGNORE_ENTRY, key ? "registry" : "value", + LogDebug(FIM_REG_IGNORE_ENTRY, key ? "registry" : "value", (*ignore_list)[ign_it].arch == ARCH_32BIT ? "[x32]" : "[x64]", entry, (*ignore_list)[ign_it].entry); return -1; @@ -496,7 +496,7 @@ int fim_registry_validate_ignore(const char *entry, const registry_t *configurat } if (OSMatch_Execute(entry, strlen(entry), (*ignore_list_regex)[ign_it].regex)) { - mdebug2(FIM_REG_IGNORE_SREGEX, key ? "registry" : "value", + LogDebug(FIM_REG_IGNORE_SREGEX, key ? "registry" : "value", (*ignore_list_regex)[ign_it].arch == ARCH_32BIT ? "[x32]" : "[x64]", entry, (*ignore_list_regex)[ign_it].regex->raw); return -1; @@ -516,7 +516,7 @@ void fim_registry_get_checksum_key(fim_registry_key *data) { size = snprintf(0, 0, - "%s:%s:%s:%s:%s:%u", + "%s:%s:%s:%s:%s:%lu", data->perm ? data->perm : "", data->uid ? data->uid : "", data->user_name ? data->user_name : "", @@ -527,7 +527,7 @@ void fim_registry_get_checksum_key(fim_registry_key *data) { os_calloc(size + 1, sizeof(char), checksum); snprintf(checksum, size + 1, - "%s:%s:%s:%s:%s:%u:%d", + "%s:%s:%s:%s:%s:%lu:%d", data->perm ? data->perm : "", data->uid ? data->uid : "", data->gid ? data->gid : "", @@ -551,7 +551,7 @@ void fim_registry_get_checksum_value(fim_registry_value_data *data) { size = snprintf(0, 0, - "%u:%u:%s:%s:%s", + "%u:%llu:%s:%s:%s", data->type, data->size, data->hash_md5 , @@ -561,7 +561,7 @@ void fim_registry_get_checksum_value(fim_registry_value_data *data) { os_calloc(size + 1, sizeof(char), checksum); snprintf(checksum, size + 1, - "%u:%u:%s:%s:%s", + "%u:%llu:%s:%s:%s", data->type, data->size, data->hash_md5 , @@ -781,7 +781,7 @@ fim_registry_key *fim_registry_get_key_data(HKEY key_handle, const char *path, c key->perm_json = NULL; error = get_registry_permissions(key_handle, &(key->perm_json)); if (error) { - mdebug1(FIM_EXTRACT_PERM_FAIL, path, error); + LogDebug(FIM_EXTRACT_PERM_FAIL, path, error); fim_registry_free_key(key); return NULL; } @@ -921,7 +921,7 @@ void fim_read_values(HKEY key_handle, int result_transaction = fim_db_transaction_sync_row(regval_txn_handler, &new); if (result_transaction < 0) { - mdebug2("dbsync transaction failed due to %d", result_transaction); + LogDebug("dbsync transaction failed due to %d", result_transaction); } } @@ -992,7 +992,7 @@ void fim_open_key(HKEY root_key_handle, access_rights = KEY_READ | (arch == ARCH_32BIT ? KEY_WOW64_32KEY : KEY_WOW64_64KEY); if (RegOpenKeyEx(root_key_handle, sub_key, 0, access_rights, ¤t_key_handle) != ERROR_SUCCESS) { - mdebug1(FIM_REG_OPEN, sub_key, arch == ARCH_32BIT ? "[x32]" : "[x64]"); + LogDebug(FIM_REG_OPEN, sub_key, arch == ARCH_32BIT ? "[x32]" : "[x64]"); return; } @@ -1059,7 +1059,7 @@ void fim_open_key(HKEY root_key_handle, result_transaction = fim_db_transaction_sync_row(regkey_txn_handler, &new); if(result_transaction < 0){ - merror("Dbsync registry transaction failed due to %d", result_transaction); + LogError("Dbsync registry transaction failed due to %d", result_transaction); } if (value_count) { @@ -1084,7 +1084,7 @@ void fim_registry_scan() { registry_value_transaction_callback, &txn_ctx_regval); /* Debug entries */ - mdebug1(FIM_WINREGISTRY_START); + LogDebug(FIM_WINREGISTRY_START); /* Get sub class and a valid registry entry */ for (i = 0; syscheck.registry[i].entry; i++) { /* Ignored entries are zeroed */ @@ -1093,11 +1093,11 @@ void fim_registry_scan() { } /* Read syscheck registry entry */ - mdebug2(FIM_READING_REGISTRY, syscheck.registry[i].arch == ARCH_64BIT ? "[x64] " : "[x32] ", + LogDebug(FIM_READING_REGISTRY, syscheck.registry[i].arch == ARCH_64BIT ? "[x64] " : "[x32] ", syscheck.registry[i].entry); if (fim_set_root_key(&root_key_handle, syscheck.registry[i].entry, &sub_key) != 0) { - mdebug1(FIM_INV_REG, syscheck.registry[i].entry, + LogDebug(FIM_INV_REG, syscheck.registry[i].entry, syscheck.registry[i].arch == ARCH_64BIT ? "[x64] " : "[x32]"); *syscheck.registry[i].entry = '\0'; continue; @@ -1112,7 +1112,7 @@ void fim_registry_scan() { regkey_txn_handler = NULL; regval_txn_handler = NULL; - mdebug1(FIM_WINREGISTRY_ENDED); + LogDebug(FIM_WINREGISTRY_ENDED); if (_base_line == 0) { _base_line = 1; diff --git a/src/modules/fim/src/run_check.c b/src/modules/fim/src/run_check.c index 720a131802..992e1a38de 100644 --- a/src/modules/fim/src/run_check.c +++ b/src/modules/fim/src/run_check.c @@ -79,10 +79,10 @@ STATIC void fim_send_msg(char mq, const char * location, const char * msg) { } if (SendMSGPredicated(syscheck.queue, msg, location, mq, fim_shutdown_process_on) < 0) { - merror(QUEUE_SEND); + LogError(QUEUE_SEND); if ((syscheck.queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - merror_exit(QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(QUEUE_FATAL, DEFAULTQUEUE); } // Try to send it again @@ -103,14 +103,14 @@ void fim_send_sync_state(const char *location, const char* msg) { if (syscheck.sync_max_eps == 0) { fim_send_msg(DBSYNC_MQ, location, msg); - mdebug2(FIM_DBSYNC_SEND, msg); + LogDebug(FIM_DBSYNC_SEND, msg); } else { static pthread_mutex_t sync_eps_mutex = PTHREAD_MUTEX_INITIALIZER; w_mutex_lock(&sync_eps_mutex); fim_send_msg(DBSYNC_MQ, location, msg); - mdebug2(FIM_DBSYNC_SEND, msg); + LogDebug(FIM_DBSYNC_SEND, msg); fim_sync_check_eps(); w_mutex_unlock(&sync_eps_mutex); @@ -121,7 +121,7 @@ void fim_send_sync_state(const char *location, const char* msg) { void send_syscheck_msg(const cJSON *_msg) { char *msg = cJSON_PrintUnformatted(_msg); - mdebug2(FIM_SEND, msg); + LogDebug(FIM_SEND, msg); fim_send_msg(SYSCHECK_MQ, SYSCHECK, msg); os_free(msg); @@ -172,18 +172,23 @@ void check_max_fps() { w_mutex_unlock(&fps_mutex); return; } - mdebug2(FIM_REACHED_MAX_FPS); + + LogDebug(FIM_REACHED_MAX_FPS); wait_time.tv_sec += 1; // Wait for one second or until the thread is unlocked using w_cond_broadcast - int rt = pthread_cond_timedwait(&cond, &fps_mutex, &wait_time); - if (rt == ETIMEDOUT) { - // In case that the mutex is unlocked due to a timeout, free all blocked threads. - files_read = 0; - w_cond_broadcast(&cond); - } else if (rt != 0) { - mdebug2("pthread_cond_timedwait failed: %s", strerror(rt)); + while (files_read >= syscheck.max_files_per_second) { + int rt = pthread_cond_timedwait(&cond, &fps_mutex, &wait_time); + if (rt == ETIMEDOUT) { + files_read = 0; + w_cond_broadcast(&cond); + break; + } else if (rt != 0) { + mdebug2("pthread_cond_timedwait failed: %s", strerror(rt)); + break; + } } + w_mutex_unlock(&fps_mutex); } @@ -213,10 +218,10 @@ void start_daemon() // A higher nice value means a low priority. #ifndef WIN32 - mdebug1(FIM_PROCESS_PRIORITY, syscheck.process_priority); + LogDebug(FIM_PROCESS_PRIORITY, syscheck.process_priority); if (nice(syscheck.process_priority) == -1) { - merror(NICE_ERROR, strerror(errno), errno); + LogError(NICE_ERROR, strerror(errno), errno); } #else set_priority_windows_thread(); @@ -227,7 +232,7 @@ void start_daemon() w_create_thread(w_rootcheck_thread, &syscheck); #else if (CreateThread(NULL, 0, w_rootcheck_thread, &syscheck, 0, NULL) == NULL) { - merror(THREAD_ERROR); + LogError(THREAD_ERROR); } #endif @@ -247,41 +252,41 @@ void start_daemon() // Directory used for files. snprintf(diff_file_dir, PATH_MAX, "%s/file/", DIFF_DIR); if (cldir_ex(diff_file_dir) == -1 && errno != ENOENT) { - merror("Unable to clear directory '%s': %s (%d)", diff_file_dir, strerror(errno), errno); + LogError("Unable to clear directory '%s': %s (%d)", diff_file_dir, strerror(errno), errno); } // Directory used for registries. snprintf(diff_registry_dir, PATH_MAX, "%s/registry/", DIFF_DIR); if (cldir_ex(diff_registry_dir) == -1 && errno != ENOENT) { - merror("Unable to clear directory '%s': %s (%d)", diff_registry_dir, strerror(errno), errno); + LogError("Unable to clear directory '%s': %s (%d)", diff_registry_dir, strerror(errno), errno); } // Old directory used by report_changes, may be leftover from an old installation snprintf(diff_local_dir, PATH_MAX, "%s/local/", DIFF_DIR); if (cldir_ex(diff_local_dir) == -1 && errno != ENOENT) { - merror("Unable to clear directory '%s': %s (%d)", diff_local_dir, strerror(errno), errno); + LogError("Unable to clear directory '%s': %s (%d)", diff_local_dir, strerror(errno), errno); } if (syscheck.disabled) { return; } - minfo(FIM_DAEMON_STARTED); + LogInfo(FIM_DAEMON_STARTED); if (syscheck.file_limit_enabled) { - mdebug2(FIM_FILE_LIMIT_VALUE, syscheck.file_entry_limit); + LogDebug(FIM_FILE_LIMIT_VALUE, syscheck.file_entry_limit); } else { - mdebug2(FIM_LIMIT_UNLIMITED, "file"); + LogDebug(FIM_LIMIT_UNLIMITED, "file"); } #ifdef WIN32 if (syscheck.registry_limit_enabled) { - mdebug2(FIM_REGISTRY_LIMIT_VALUE, syscheck.db_entry_registry_limit); + LogDebug(FIM_REGISTRY_LIMIT_VALUE, syscheck.db_entry_registry_limit); } else { - mdebug2(FIM_LIMIT_UNLIMITED, "registry"); + LogDebug(FIM_LIMIT_UNLIMITED, "registry"); } #endif // Create File integrity monitoring base-line - minfo(FIM_FREQUENCY_TIME, syscheck.time); + LogInfo(FIM_FREQUENCY_TIME, syscheck.time); fim_scan(); // Launch inventory synchronization thread, if enabled @@ -298,7 +303,7 @@ void start_daemon() #else if (CreateThread(NULL, 0, fim_run_realtime, &syscheck, 0, NULL) == NULL) { - merror(THREAD_ERROR); + LogError(THREAD_ERROR); } #endif @@ -416,7 +421,7 @@ DWORD WINAPI fim_run_realtime(__attribute__((unused)) void * args) { watches = get_realtime_watches(); if (watches != 0) { - mdebug2(FIM_NUM_WATCHES, watches); + LogDebug(FIM_NUM_WATCHES, watches); } while (FOREVER()) { @@ -430,7 +435,7 @@ DWORD WINAPI fim_run_realtime(__attribute__((unused)) void * args) { log_realtime_status(1); if (WaitForSingleObjectEx(syscheck.realtime->evt, SYSCHECK_WAIT * 1000, TRUE) == WAIT_FAILED) { - merror(FIM_ERROR_REALTIME_WAITSINGLE_OBJECT); + LogError(FIM_ERROR_REALTIME_WAITSINGLE_OBJECT); } } else { sleep(SYSCHECK_WAIT); @@ -477,7 +482,7 @@ void *fim_run_realtime(__attribute__((unused)) void * args) { run_now = select(nfds + 1, &rfds, NULL, NULL, &selecttime); if (run_now < 0) { - merror(FIM_ERROR_SELECT); + LogError(FIM_ERROR_SELECT); } else if (run_now == 0) { // Timeout } else if (FD_ISSET (nfds, &rfds)) { @@ -499,7 +504,7 @@ void * fim_run_realtime(__attribute__((unused)) void * args) { OSList_foreach(node_it, syscheck.directories) { dir_it = node_it->data; if (dir_it->options & REALTIME_ACTIVE) { - mwarn(FIM_WARN_REALTIME_UNSUPPORTED); + LogWarn(FIM_WARN_REALTIME_UNSUPPORTED); break; } } @@ -520,11 +525,11 @@ void set_priority_windows_thread() { syscheck.process_priority <= 10 ? THREAD_PRIORITY_LOWEST : THREAD_PRIORITY_IDLE; - mdebug1(FIM_PROCESS_PRIORITY, syscheck.process_priority); + LogDebug(FIM_PROCESS_PRIORITY, syscheck.process_priority); if(!SetThreadPriority(GetCurrentThread(), dwCreationFlags)) { int dwError = GetLastError(); - merror("Can't set thread priority: %d", dwError); + LogError("Can't set thread priority: %d", dwError); } } #endif @@ -567,11 +572,11 @@ int fim_whodata_initialize() { Wazuh must monitor files/directories in Realtime mode. */ if (!run_whodata_scan()) { if (t_hdle = CreateThread(NULL, 0, state_checker, NULL, 0, &t_id), !t_hdle) { - merror(FIM_ERROR_CHECK_THREAD); + LogError(FIM_ERROR_CHECK_THREAD); retval = -1; } } else { - merror(FIM_ERROR_WHODATA_INIT); + LogError(FIM_ERROR_WHODATA_INIT); // In case SACLs and policies have been set, restore them. audit_restore(); @@ -603,7 +608,7 @@ int fim_whodata_initialize() { #else int fim_whodata_initialize() { if (syscheck.enable_whodata) { - mwarn(FIM_WARN_WHODATA_UNSUPPORTED); + LogWarn(FIM_WARN_WHODATA_UNSUPPORTED); } return -1; } @@ -622,19 +627,19 @@ void log_realtime_status(int next) { switch (status) { case 0: if (next == 1) { - minfo(FIM_REALTIME_STARTED); + LogInfo(FIM_REALTIME_STARTED); status = next; } break; case 1: if (next == 2) { - minfo(FIM_REALTIME_PAUSED); + LogInfo(FIM_REALTIME_PAUSED); status = next; } break; case 2: if (next == 1) { - minfo(FIM_REALTIME_RESUMED); + LogInfo(FIM_REALTIME_RESUMED); status = next; } } @@ -661,11 +666,11 @@ static void *symlink_checker_thread(__attribute__((unused)) void * data) { directory_t *dir_it; OSListNode *node_it; - mdebug1(FIM_LINKCHECK_START, syscheck.sym_checker_interval); + LogDebug(FIM_LINKCHECK_START, syscheck.sym_checker_interval); while (1) { sleep(syscheck.sym_checker_interval); - mdebug1(FIM_LINKCHECK_START, syscheck.sym_checker_interval); + LogDebug(FIM_LINKCHECK_START, syscheck.sym_checker_interval); w_mutex_lock(&syscheck.fim_scan_mutex); w_rwlock_rdlock(&syscheck.directories_lock); @@ -682,10 +687,10 @@ static void *symlink_checker_thread(__attribute__((unused)) void * data) { if (real_path) { // Check if link has changed if (strcmp(real_path, dir_it->symbolic_links)) { - mdebug2(FIM_LINKCHECK_CHANGED, dir_it->path, dir_it->symbolic_links, real_path); + LogDebug(FIM_LINKCHECK_CHANGED, dir_it->path, dir_it->symbolic_links, real_path); fim_link_update(real_path, dir_it); } else { - mdebug2(FIM_LINKCHECK_NOCHANGE, dir_it->symbolic_links); + LogDebug(FIM_LINKCHECK_NOCHANGE, dir_it->symbolic_links); } } else { // Broken link @@ -712,7 +717,7 @@ static void *symlink_checker_thread(__attribute__((unused)) void * data) { w_rwlock_unlock(&syscheck.directories_lock); w_mutex_unlock(&syscheck.fim_scan_mutex); - mdebug1(FIM_LINKCHECK_FINALIZE); + LogDebug(FIM_LINKCHECK_FINALIZE); } return NULL; @@ -765,7 +770,7 @@ STATIC void fim_link_update(const char *new_path, directory_t *configuration) { break; } } else if (strcmp(new_path, dir_it->symbolic_links ? dir_it->symbolic_links : dir_it->path) == 0) { - mdebug2(FIM_LINK_ALREADY_ADDED, dir_it->path); + LogDebug(FIM_LINK_ALREADY_ADDED, dir_it->path); is_new_link = false; break; } @@ -801,7 +806,7 @@ STATIC void fim_link_check_delete(directory_t *configuration) { return; } - mdebug1(FIM_STAT_FAILED, configuration->symbolic_links, errno, strerror(errno)); + LogDebug(FIM_STAT_FAILED, configuration->symbolic_links, errno, strerror(errno)); } else { fim_link_delete_range(configuration); @@ -858,7 +863,7 @@ STATIC void fim_link_reload_broken_link(char *path, directory_t *configuration) dir_it = node_it->data; if (strcmp(path, dir_it->path) == 0) { // If a configuration directory exists don't reload - mdebug2(FIM_LINK_ALREADY_ADDED, dir_it->path); + LogDebug(FIM_LINK_ALREADY_ADDED, dir_it->path); return; } } @@ -893,9 +898,9 @@ void set_whodata_mode_changes() { dir_it->dirs_status.status &= ~WD_CHECK_REALTIME; dir_it->options |= REALTIME_ACTIVE; if (realtime_adddir(dir_it->path, dir_it) != 1) { - merror(FIM_ERROR_REALTIME_ADDDIR_FAILED, dir_it->path); + LogError(FIM_ERROR_REALTIME_ADDDIR_FAILED, dir_it->path); } else { - mdebug1(FIM_REALTIME_MONITORING, dir_it->path); + LogDebug(FIM_REALTIME_MONITORING, dir_it->path); } } } diff --git a/src/modules/fim/src/run_realtime.c b/src/modules/fim/src/run_realtime.c index d24873553d..bf42aacb94 100644 --- a/src/modules/fim/src/run_realtime.c +++ b/src/modules/fim/src/run_realtime.c @@ -13,7 +13,6 @@ #include "fs_op.h" #include "hash_op.h" -#include "debug_op.h" #include "syscheck.h" #include "syscheck_op.h" @@ -23,6 +22,7 @@ #include "../../unit_tests/wrappers/windows/handleapi_wrappers.h" #include "../../unit_tests/wrappers/windows/synchapi_wrappers.h" #include "../../unit_tests/wrappers/windows/winbase_wrappers.h" +#include "../../unit_tests/wrappers/windows/errhandlingapi_wrappers.h" #endif #endif @@ -39,7 +39,7 @@ int realtime_start() { syscheck.realtime->dirtb = OSHash_Create(); if (syscheck.realtime->dirtb == NULL) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); goto error; } @@ -47,7 +47,7 @@ int realtime_start() { syscheck.realtime->fd = inotify_init(); if (syscheck.realtime->fd < 0) { - merror(FIM_ERROR_INOTIFY_INITIALIZE); + LogError(FIM_ERROR_INOTIFY_INITIALIZE); goto error; } @@ -84,10 +84,10 @@ int fim_add_inotify_watch(const char *dir, const directory_t *configuration) { REALTIME_MONITOR_FLAGS); if (wd < 0) { if (errno == 28) { - merror(FIM_ERROR_INOTIFY_ADD_MAX_REACHED, dir, wd, errno); + LogError(FIM_ERROR_INOTIFY_ADD_MAX_REACHED, dir, wd, errno); } else { - mdebug1(FIM_INOTIFY_ADD_WATCH, dir, wd, errno, strerror(errno)); + LogDebug(FIM_INOTIFY_ADD_WATCH, dir, wd, errno, strerror(errno)); } } else { @@ -99,18 +99,18 @@ int fim_add_inotify_watch(const char *dir, const directory_t *configuration) { if (!OSHash_Get_ex(syscheck.realtime->dirtb, wdchar)) { if (retval = OSHash_Add_ex(syscheck.realtime->dirtb, wdchar, data), retval == 0) { os_free(data); - merror_exit(FIM_CRITICAL_ERROR_OUT_MEM); + LogCritical(FIM_CRITICAL_ERROR_OUT_MEM); } else if (retval == 1) { - mdebug2(FIM_REALTIME_HASH_DUP, data); + LogDebug(FIM_REALTIME_HASH_DUP, data); os_free(data); } - mdebug2(FIM_REALTIME_NEWDIRECTORY, dir); + LogDebug(FIM_REALTIME_NEWDIRECTORY, dir); } else { if (retval = OSHash_Update_ex(syscheck.realtime->dirtb, wdchar, data), retval == 0) { - merror("Unable to update 'dirtb'. Directory not found: '%s'", data); + LogError("Unable to update 'dirtb'. Directory not found: '%s'", data); os_free(data); w_mutex_unlock(&syscheck.fim_realtime_mutex); return (-1); @@ -210,7 +210,7 @@ void realtime_process() { w_mutex_unlock(&syscheck.fim_realtime_mutex); if (len < 0) { - merror(FIM_ERROR_REALTIME_READ_BUFFER); + LogError(FIM_ERROR_REALTIME_READ_BUFFER); return; } @@ -228,7 +228,7 @@ void realtime_process() { event = (struct inotify_event *) (void *) &buf[i]; if (event->wd == -1 && event->mask == IN_Q_OVERFLOW) { - mwarn("Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data."); + LogWarn("Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data."); fim_realtime_set_queue_overflow(true); send_log_msg("ossec: Real-time inotify kernel queue is full. Some events may be lost. Next scheduled scan will recover lost data."); continue; @@ -258,7 +258,7 @@ void realtime_process() { } if (rbtree_insert(tree, final_name, NULL) == NULL) { - mdebug2("Duplicate event in real-time buffer: %s", final_name); + LogDebug("Duplicate event in real-time buffer: %s", final_name); } switch(event->mask) { @@ -266,7 +266,7 @@ void realtime_process() { delete_subdirectories_watches(entry); // fall through case IN_DELETE_SELF: - mdebug2(FIM_INOTIFY_WATCH_DELETED, entry); + LogDebug(FIM_INOTIFY_WATCH_DELETED, entry); free(OSHash_Delete_ex(syscheck.realtime->dirtb, wdchar)); break; @@ -313,15 +313,15 @@ int realtime_update_watch(const char *wd, const char *dir) { if (new_wd < 0) { if (errno == ENOSPC) { - merror(FIM_ERROR_INOTIFY_ADD_MAX_REACHED, dir, new_wd, errno); + LogError(FIM_ERROR_INOTIFY_ADD_MAX_REACHED, dir, new_wd, errno); return -1; } else if (errno == ENOENT) { - mdebug2("Removing watch on non existent directory '%s'", dir); + LogDebug("Removing watch on non existent directory '%s'", dir); inotify_rm_watch(syscheck.realtime->fd, old_wd); free(OSHash_Delete_ex(syscheck.realtime->dirtb, wd)); return 0; } else { - mdebug1(FIM_INOTIFY_ADD_WATCH, dir, new_wd, errno, strerror(errno)); + LogDebug(FIM_INOTIFY_ADD_WATCH, dir, new_wd, errno, strerror(errno)); return -1; } } @@ -339,13 +339,13 @@ int realtime_update_watch(const char *wd, const char *dir) { if (!OSHash_Get_ex(syscheck.realtime->dirtb, wdchar)) { if (retval = OSHash_Add_ex(syscheck.realtime->dirtb, wdchar, data), retval == 0) { os_free(data); - merror(FIM_CRITICAL_ERROR_OUT_MEM); + LogError(FIM_CRITICAL_ERROR_OUT_MEM); return -1; } - mdebug2(FIM_REALTIME_NEWDIRECTORY, data); + LogDebug(FIM_REALTIME_NEWDIRECTORY, data); } else if (retval = OSHash_Update_ex(syscheck.realtime->dirtb, wdchar, data), retval == 0) { - merror("Unable to update 'dirtb'. Directory not found: '%s'", data); + LogError("Unable to update 'dirtb'. Directory not found: '%s'", data); os_free(data); } return 0; @@ -379,7 +379,7 @@ void delete_subdirectories_watches(char *dir) { if (strncmp(dir_slash, data, strlen(dir_slash)) == 0) { char * data_node = OSHash_Delete_ex(syscheck.realtime->dirtb, hash_node->key); - mdebug2(FIM_INOTIFY_WATCH_DELETED, data); + LogDebug(FIM_INOTIFY_WATCH_DELETED, data); os_free(data_node); /* @@ -419,7 +419,7 @@ void realtime_sanitize_watch_map() { } gettime(&end); - mdebug2("Time spent sanitizing wd hashmap: %.3f seconds", time_diff(&start, &end)); + LogDebug("Time spent sanitizing wd hashmap: %.3f seconds", time_diff(&start, &end)); w_mutex_unlock(&syscheck.fim_realtime_mutex); w_rwlock_unlock(&syscheck.directories_lock); @@ -454,7 +454,7 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap) *end = '\0'; } - merror(FIM_ERROR_REALTIME_WINDOWS_CALLBACK, messageBuffer, dwerror); + LogError(FIM_ERROR_REALTIME_WINDOWS_CALLBACK, messageBuffer, dwerror); LocalFree(messageBuffer); } return; @@ -466,7 +466,7 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap) snprintf(wdchar, 260, "%s", (char*)overlap->hEvent); rtlocald = OSHash_Get_ex(syscheck.realtime->dirtb, wdchar); if (rtlocald == NULL) { - merror(FIM_ERROR_REALTIME_WINDOWS_CALLBACK_EMPTY); + LogError(FIM_ERROR_REALTIME_WINDOWS_CALLBACK_EMPTY); w_mutex_unlock(&syscheck.fim_realtime_mutex); w_rwlock_unlock(&syscheck.directories_lock); return; @@ -475,7 +475,7 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap) if(rtlocald->watch_status == FIM_RT_HANDLE_CLOSED) { rtlocald = OSHash_Delete_ex(syscheck.realtime->dirtb, wdchar); free_win32rtfim_data(rtlocald); - mdebug2(FIM_REALTIME_CALLBACK, wdchar); + LogDebug(FIM_REALTIME_CALLBACK, wdchar); w_mutex_unlock(&syscheck.fim_realtime_mutex); w_rwlock_unlock(&syscheck.directories_lock); return; @@ -518,7 +518,7 @@ void CALLBACK RTCallBack(DWORD dwerror, DWORD dwBytes, LPOVERLAPPED overlap) } while (pinfo->NextEntryOffset != 0); } else { - mwarn(FIM_WARN_REALTIME_OVERFLOW); + LogWarn(FIM_WARN_REALTIME_OVERFLOW); } realtime_win32read(rtlocald); @@ -558,7 +558,7 @@ int realtime_start() { if (syscheck.realtime->dirtb == NULL) { OSListNode *node_it; - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); w_rwlock_wrlock(&syscheck.directories_lock); OSList_foreach(node_it, syscheck.directories) { @@ -607,7 +607,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { int type; if (!syscheck.wdata.fd && whodata_audit_start()) { - merror_exit(FIM_CRITICAL_DATA_CREATE, "whodata file descriptors"); + LogCritical(FIM_CRITICAL_DATA_CREATE, "whodata file descriptors"); } // This parameter is used to indicate if the file is going to be monitored in Whodata mode, @@ -623,7 +623,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { configuration->dirs_status.object_type = WD_STATUS_FILE_TYPE; configuration->dirs_status.status |= WD_STATUS_EXISTS; } else { - mdebug2(FIM_WARN_REALTIME_OPENFAIL, dir); + LogDebug(FIM_WARN_REALTIME_OPENFAIL, dir); configuration->dirs_status.object_type = WD_STATUS_UNK_TYPE; configuration->dirs_status.status &= ~WD_STATUS_EXISTS; @@ -632,7 +632,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { GetSystemTime(&configuration->dirs_status.last_check); if (set_winsacl(dir, configuration)) { - merror(FIM_ERROR_WHODATA_ADD_DIRECTORY, dir); + LogError(FIM_ERROR_WHODATA_ADD_DIRECTORY, dir); return -2; } @@ -649,7 +649,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { if(rtlocald != NULL) { if (!w_directory_exists(rtlocald->dir)) { if (rtlocald->watch_status == FIM_RT_HANDLE_CLOSED) { - mdebug2(FIM_REALTIME_CALLBACK, rtlocald->dir); + LogDebug(FIM_REALTIME_CALLBACK, rtlocald->dir); rtlocald = OSHash_Delete_ex(syscheck.realtime->dirtb, rtlocald->dir); free_win32rtfim_data(rtlocald); } else if (rtlocald->h != NULL && rtlocald->h != INVALID_HANDLE_VALUE) { @@ -664,7 +664,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { /* Maximum limit for realtime on Windows */ if (_get_realtime_watches() >= syscheck.max_fd_win_rt) { - mdebug1(FIM_REALTIME_MAXNUM_WATCHES, dir); + LogDebug(FIM_REALTIME_MAXNUM_WATCHES, dir); w_mutex_unlock(&syscheck.fim_realtime_mutex); return 0; } @@ -676,7 +676,7 @@ int realtime_adddir(const char *dir, directory_t *configuration) { if (rtlocald->h == INVALID_HANDLE_VALUE || rtlocald->h == NULL) { os_free(rtlocald); - mdebug2(FIM_REALTIME_ADD, dir); + LogDebug(FIM_REALTIME_ADD, dir); w_mutex_unlock(&syscheck.fim_realtime_mutex); return 0; @@ -689,7 +689,15 @@ int realtime_adddir(const char *dir, directory_t *configuration) { /* Add directory to be monitored */ if(realtime_win32read(rtlocald) == 0) { - mdebug1(FIM_REALTIME_DIRECTORYCHANGES, rtlocald->dir); + DWORD last_error = GetLastError(); + LogDebug(FIM_REALTIME_DIRECTORYCHANGES, rtlocald->dir, last_error, win_strerror(last_error)); + CloseHandle(rtlocald->h); + rtlocald->watch_status = FIM_RT_HANDLE_CLOSED; + if (!w_directory_exists(rtlocald->dir)) { + LogWarn(FIM_REALTIME_FILE_NOT_SUPPORTED, rtlocald->dir); + configuration->options &= ~REALTIME_ACTIVE; + configuration->options |= SCHEDULED_ACTIVE; + } free_win32rtfim_data(rtlocald); w_mutex_unlock(&syscheck.fim_realtime_mutex); @@ -697,10 +705,10 @@ int realtime_adddir(const char *dir, directory_t *configuration) { } if (!OSHash_Add_ex(syscheck.realtime->dirtb, wdchar, rtlocald)) { - merror_exit(FIM_CRITICAL_ERROR_OUT_MEM); + LogCritical(FIM_CRITICAL_ERROR_OUT_MEM); } - mdebug2(FIM_REALTIME_NEWDIRECTORY, dir); + LogDebug(FIM_REALTIME_NEWDIRECTORY, dir); w_mutex_unlock(&syscheck.fim_realtime_mutex); return 1; @@ -719,7 +727,7 @@ void realtime_sanitize_watch_map() { #else /* !WIN32 */ int realtime_start() { - merror(FIM_ERROR_REALTIME_INITIALIZE); + LogError(FIM_ERROR_REALTIME_INITIALIZE); return (0); } @@ -769,7 +777,7 @@ void fim_realtime_set_queue_overflow(int value) { void fim_realtime_print_watches() { w_mutex_lock(&syscheck.fim_realtime_mutex); if (syscheck.realtime != NULL) { - mdebug2(FIM_NUM_WATCHES, OSHash_Get_Elem_ex(syscheck.realtime->dirtb)); + LogDebug(FIM_NUM_WATCHES, OSHash_Get_Elem_ex(syscheck.realtime->dirtb)); } w_mutex_unlock(&syscheck.fim_realtime_mutex); } diff --git a/src/modules/fim/src/syscheck.c b/src/modules/fim/src/syscheck.c index dccbaa2f1a..0e53a15b64 100644 --- a/src/modules/fim/src/syscheck.c +++ b/src/modules/fim/src/syscheck.c @@ -37,10 +37,10 @@ void init_magic(magic_t *cookie_ptr) if (!*cookie_ptr) { const char *err = magic_error(*cookie_ptr); - merror(FIM_ERROR_LIBMAGIC_START, err ? err : "unknown"); + LogError(FIM_ERROR_LIBMAGIC_START, err ? err : "unknown"); } else if (magic_load(*cookie_ptr, NULL) < 0) { const char *err = magic_error(*cookie_ptr); - merror(FIM_ERROR_LIBMAGIC_LOAD, err ? err : "unknown"); + LogError(FIM_ERROR_LIBMAGIC_LOAD, err ? err : "unknown"); magic_close(*cookie_ptr); *cookie_ptr = 0; } @@ -66,7 +66,8 @@ void read_internal(int debug_level) if (debug_level == 0) { int debug_level = sys_debug_level; while (debug_level != 0) { - nowDebug(); + // TODO : should this feature be added + //nowDebug(); debug_level--; } } @@ -108,7 +109,7 @@ void fim_initialize() { #endif if (ret_val != FIMDB_OK) { - merror_exit("Unable to initialize database."); + LogCritical("Unable to initialize database."); } w_rwlock_init(&syscheck.directories_lock, NULL); @@ -133,16 +134,16 @@ int Start_win32_Syscheck() { /* Check if the configuration is present */ if (File_DateofChange(cfg) < 0) { - merror_exit(NO_CONFIG, cfg); + LogCritical(NO_CONFIG, cfg); } /* Read syscheck config */ if ((r = Read_Syscheck_Config(cfg)) < 0) { - mwarn(RCONFIG_ERROR, SYSCHECK, cfg); + LogWarn(RCONFIG_ERROR, SYSCHECK, cfg); syscheck.disabled = 1; } else if ((r == 1) || (syscheck.disabled == 1)) { /* Disabled */ - minfo(FIM_DIRECTORY_NOPROVIDED); + LogInfo(FIM_DIRECTORY_NOPROVIDED); // Free directories list OSList_foreach(node_it, syscheck.directories) { @@ -162,7 +163,7 @@ int Start_win32_Syscheck() { } os_free(syscheck.registry[0].entry); - minfo(FIM_DISABLED); + LogInfo(FIM_DISABLED); } /* Rootcheck config */ @@ -183,7 +184,7 @@ int Start_win32_Syscheck() { if (dir_it->options & WHODATA_ACTIVE) { if (!whodata_notification) { whodata_notification = 1; - minfo(FIM_REALTIME_INCOMPATIBLE); + LogInfo(FIM_REALTIME_INCOMPATIBLE); } dir_it->options &= ~WHODATA_ACTIVE; dir_it->options |= REALTIME_ACTIVE; @@ -196,11 +197,11 @@ int Start_win32_Syscheck() { // TODO: allow sha256 sum on registries while (syscheck.registry[r].entry != NULL) { char optstr[1024]; - minfo(FIM_MONITORING_REGISTRY, syscheck.registry[r].entry, + LogInfo(FIM_MONITORING_REGISTRY, syscheck.registry[r].entry, syscheck.registry[r].arch == ARCH_64BIT ? " [x64]" : "", syscheck_opts2str(optstr, sizeof(optstr), syscheck.registry[r].opts)); if (syscheck.file_size_enabled){ - mdebug1(FIM_DIFF_FILE_SIZE_LIMIT, syscheck.registry[r].diff_size_limit, syscheck.registry[r].entry); + LogDebug(FIM_DIFF_FILE_SIZE_LIMIT, syscheck.registry[r].diff_size_limit, syscheck.registry[r].entry); } r++; } @@ -210,80 +211,80 @@ int Start_win32_Syscheck() { dir_it = node_it->data; char optstr[ 1024 ]; - minfo(FIM_MONITORING_DIRECTORY, dir_it->path, syscheck_opts2str(optstr, sizeof(optstr), dir_it->options)); + LogInfo(FIM_MONITORING_DIRECTORY, dir_it->path, syscheck_opts2str(optstr, sizeof(optstr), dir_it->options)); if (dir_it->tag != NULL) { - mdebug2(FIM_TAG_ADDED, dir_it->tag, dir_it->path); + LogDebug(FIM_TAG_ADDED, dir_it->tag, dir_it->path); } // Print diff file size limit if ((dir_it->options & CHECK_SEECHANGES) && syscheck.file_size_enabled) { - mdebug2(FIM_DIFF_FILE_SIZE_LIMIT, dir_it->diff_size_limit, dir_it->path); + LogDebug(FIM_DIFF_FILE_SIZE_LIMIT, dir_it->diff_size_limit, dir_it->path); } } if (!syscheck.file_size_enabled) { - minfo(FIM_FILE_SIZE_LIMIT_DISABLED); + LogInfo(FIM_FILE_SIZE_LIMIT_DISABLED); } // Print maximum disk quota to be used by the queue\diff\local folder if (syscheck.disk_quota_enabled) { - mdebug2(FIM_DISK_QUOTA_LIMIT, syscheck.disk_quota_limit); + LogDebug(FIM_DISK_QUOTA_LIMIT, syscheck.disk_quota_limit); } else { - minfo(FIM_DISK_QUOTA_LIMIT_DISABLED); + LogInfo(FIM_DISK_QUOTA_LIMIT_DISABLED); } /* Print ignores. */ if(syscheck.ignore) for (r = 0; syscheck.ignore[r] != NULL; r++) - minfo(FIM_PRINT_IGNORE_ENTRY, "file", syscheck.ignore[r]); + LogInfo(FIM_PRINT_IGNORE_ENTRY, "file", syscheck.ignore[r]); /* Print sregex ignores. */ if(syscheck.ignore_regex) for (r = 0; syscheck.ignore_regex[r] != NULL; r++) - minfo(FIM_PRINT_IGNORE_SREGEX, "file", syscheck.ignore_regex[r]->raw); + LogInfo(FIM_PRINT_IGNORE_SREGEX, "file", syscheck.ignore_regex[r]->raw); /* Print registry ignores. */ if(syscheck.key_ignore) for (r = 0; syscheck.key_ignore[r].entry != NULL; r++) - minfo(FIM_PRINT_IGNORE_ENTRY, "registry", syscheck.key_ignore[r].entry); + LogInfo(FIM_PRINT_IGNORE_ENTRY, "registry", syscheck.key_ignore[r].entry); /* Print sregex registry ignores. */ if(syscheck.key_ignore_regex) for (r = 0; syscheck.key_ignore_regex[r].regex != NULL; r++) - minfo(FIM_PRINT_IGNORE_SREGEX, "registry", syscheck.key_ignore_regex[r].regex->raw); + LogInfo(FIM_PRINT_IGNORE_SREGEX, "registry", syscheck.key_ignore_regex[r].regex->raw); if(syscheck.value_ignore) for (r = 0; syscheck.value_ignore[r].entry != NULL; r++) - minfo(FIM_PRINT_IGNORE_ENTRY, "value", syscheck.value_ignore[r].entry); + LogInfo(FIM_PRINT_IGNORE_ENTRY, "value", syscheck.value_ignore[r].entry); /* Print sregex registry ignores. */ if(syscheck.value_ignore_regex) for (r = 0; syscheck.value_ignore_regex[r].regex != NULL; r++) - minfo(FIM_PRINT_IGNORE_SREGEX, "value", syscheck.value_ignore_regex[r].regex->raw); + LogInfo(FIM_PRINT_IGNORE_SREGEX, "value", syscheck.value_ignore_regex[r].regex->raw); /* Print registry values with nodiff. */ if(syscheck.registry_nodiff) for (r = 0; syscheck.registry_nodiff[r].entry != NULL; r++) - minfo(FIM_NO_DIFF_REGISTRY, "registry value", syscheck.registry_nodiff[r].entry); + LogInfo(FIM_NO_DIFF_REGISTRY, "registry value", syscheck.registry_nodiff[r].entry); /* Print sregex registry values with nodiff. */ if(syscheck.registry_nodiff_regex) for (r = 0; syscheck.registry_nodiff_regex[r].regex != NULL; r++) - minfo(FIM_NO_DIFF_REGISTRY, "registry sregex", syscheck.registry_nodiff_regex[r].regex->raw); + LogInfo(FIM_NO_DIFF_REGISTRY, "registry sregex", syscheck.registry_nodiff_regex[r].regex->raw); /* Print files with no diff. */ if (syscheck.nodiff){ r = 0; while (syscheck.nodiff[r] != NULL) { - minfo(FIM_NO_DIFF, syscheck.nodiff[r]); + LogInfo(FIM_NO_DIFF, syscheck.nodiff[r]); r++; } } /* Start up message */ - minfo(STARTUP_MSG, getpid()); + LogInfo(STARTUP_MSG, getpid()); OSList_foreach(node_it, syscheck.directories) { dir_it = node_it->data; if (dir_it->options & REALTIME_ACTIVE) { diff --git a/src/modules/fim/src/syscom.c b/src/modules/fim/src/syscom.c index affe0c7b3d..0666341431 100644 --- a/src/modules/fim/src/syscom.c +++ b/src/modules/fim/src/syscom.c @@ -69,7 +69,7 @@ size_t syscom_getconfig(const char * section, char ** output) { goto error; } error: - mdebug1(FIM_SYSCOM_FAIL_GETCONFIG, section); + LogDebug(FIM_SYSCOM_FAIL_GETCONFIG, section); os_strdup("err Could not get requested section", *output); return strlen(*output); } @@ -105,7 +105,7 @@ size_t syscom_dispatch(char * command, char ** output){ if (strcmp(rcv_comm, "getconfig") == 0){ // getconfig section if (!rcv_args){ - mdebug1(FIM_SYSCOM_ARGUMENTS, "getconfig"); + LogDebug(FIM_SYSCOM_ARGUMENTS, "getconfig"); os_strdup("err SYSCOM getconfig needs arguments", *output); return strlen(*output); } @@ -116,7 +116,7 @@ size_t syscom_dispatch(char * command, char ** output){ } } - mdebug1(FIM_SYSCOM_UNRECOGNIZED_COMMAND, command); + LogDebug(FIM_SYSCOM_UNRECOGNIZED_COMMAND, command); os_strdup("err Unrecognized command", *output); return strlen(*output); } @@ -131,10 +131,10 @@ void * syscom_main(__attribute__((unused)) void * arg) { ssize_t length; fd_set fdset; - mdebug1(FIM_SYSCOM_REQUEST_READY); + LogDebug(FIM_SYSCOM_REQUEST_READY); if (sock = OS_BindUnixDomain(SYS_LOCAL_SOCK, SOCK_STREAM, OS_MAXSTR), sock < 0) { - merror(FIM_ERROR_SYSCOM_BIND_SOCKET, SYS_LOCAL_SOCK, errno, strerror(errno)); + LogError(FIM_ERROR_SYSCOM_BIND_SOCKET, SYS_LOCAL_SOCK, errno, strerror(errno)); return NULL; } @@ -147,7 +147,7 @@ void * syscom_main(__attribute__((unused)) void * arg) { switch (select(sock + 1, &fdset, NULL, NULL, NULL)) { case -1: if (errno != EINTR) { - merror_exit(FIM_CRITICAL_ERROR_SELECT, "syscom_main()", strerror(errno)); + LogCritical(FIM_CRITICAL_ERROR_SELECT, "syscom_main()", strerror(errno)); } continue; @@ -158,7 +158,7 @@ void * syscom_main(__attribute__((unused)) void * arg) { if (peer = accept(sock, NULL, NULL), peer < 0) { if (errno != EINTR) { - merror(FIM_ERROR_SYSCOM_ACCEPT, strerror(errno)); + LogError(FIM_ERROR_SYSCOM_ACCEPT, strerror(errno)); } continue; @@ -167,20 +167,20 @@ void * syscom_main(__attribute__((unused)) void * arg) { os_calloc(OS_MAXSTR, sizeof(char), buffer); switch (length = OS_RecvSecureTCP(peer, buffer,OS_MAXSTR), length) { case OS_SOCKTERR: - merror(FIM_ERROR_SYSCOM_RECV_TOOLONG); + LogError(FIM_ERROR_SYSCOM_RECV_TOOLONG); break; case -1: - merror(FIM_ERROR_SYSCOM_RECV, strerror(errno)); + LogError(FIM_ERROR_SYSCOM_RECV, strerror(errno)); break; case 0: - mdebug1(FIM_SYSCOM_EMPTY_MESSAGE); + LogDebug(FIM_SYSCOM_EMPTY_MESSAGE); close(peer); break; case OS_MAXLEN: - merror(FIM_ERROR_SYSCOM_RECV_MAXLEN, MAX_DYN_STR); + LogError(FIM_ERROR_SYSCOM_RECV_MAXLEN, MAX_DYN_STR); close(peer); break; @@ -197,7 +197,7 @@ void * syscom_main(__attribute__((unused)) void * arg) { free(buffer); } - mdebug1(FIM_SYSCOM_THREAD_FINISED); + LogDebug(FIM_SYSCOM_THREAD_FINISED); close(sock); return NULL; diff --git a/src/modules/fim/src/whodata/audit_healthcheck.c b/src/modules/fim/src/whodata/audit_healthcheck.c index e863ce1474..0d48cdf54c 100644 --- a/src/modules/fim/src/whodata/audit_healthcheck.c +++ b/src/modules/fim/src/whodata/audit_healthcheck.c @@ -34,11 +34,11 @@ int audit_health_check(int audit_socket) { retval = audit_add_rule(abs_path_healthcheck, WHODATA_PERMS, AUDIT_HEALTHCHECK_KEY); if (retval <= 0 && retval != -EEXIST) { - mdebug1(FIM_AUDIT_HEALTHCHECK_RULE); + LogDebug(FIM_AUDIT_HEALTHCHECK_RULE); return -1; } - mdebug1(FIM_AUDIT_HEALTHCHECK_START); + LogDebug(FIM_AUDIT_HEALTHCHECK_START); w_cond_init(&audit_hc_cond, NULL); @@ -57,7 +57,7 @@ int audit_health_check(int audit_socket) { fp = wfopen(abs_path_healthcheck_file, "w"); if (!fp) { - mdebug1(FIM_AUDIT_HEALTHCHECK_FILE); + LogDebug(FIM_AUDIT_HEALTHCHECK_FILE); } else { fclose(fp); } @@ -67,10 +67,10 @@ int audit_health_check(int audit_socket) { if (atomic_int_get(&audit_health_check_creation) == 0) { // The healthcheck creation event hasn't been triggered - mdebug1(FIM_HEALTHCHECK_CREATE_ERROR); + LogDebug(FIM_HEALTHCHECK_CREATE_ERROR); retval = -1; } else { - mdebug1(FIM_HEALTHCHECK_SUCCESS); + LogDebug(FIM_HEALTHCHECK_SUCCESS); retval = 0; } @@ -78,7 +78,7 @@ int audit_health_check(int audit_socket) { unlink(abs_path_healthcheck_file); if (audit_delete_rule(abs_path_healthcheck, WHODATA_PERMS, AUDIT_HEALTHCHECK_KEY) <= 0) { - mdebug1(FIM_HEALTHCHECK_CHECK_RULE); // LCOV_EXCL_LINE + LogDebug(FIM_HEALTHCHECK_CHECK_RULE); // LCOV_EXCL_LINE } atomic_int_set(&hc_thread_active, 0); @@ -99,11 +99,11 @@ void *audit_healthcheck_thread(int *audit_sock) { w_cond_signal(&audit_hc_cond); w_mutex_unlock(&audit_hc_mutex); - mdebug2(FIM_HEALTHCHECK_THREAD_ACTIVE); + LogDebug(FIM_HEALTHCHECK_THREAD_ACTIVE); audit_read_events(audit_sock, &hc_thread_active); - mdebug2(FIM_HEALTHCHECK_THREAD_FINISHED); + LogDebug(FIM_HEALTHCHECK_THREAD_FINISHED); w_mutex_lock(&audit_hc_mutex); w_cond_signal(&audit_hc_cond); diff --git a/src/modules/fim/src/whodata/audit_parse.c b/src/modules/fim/src/whodata/audit_parse.c index 3f08cc60bb..fca0fa831f 100644 --- a/src/modules/fim/src/whodata/audit_parse.c +++ b/src/modules/fim/src/whodata/audit_parse.c @@ -54,145 +54,145 @@ int init_regex(void) { static const char *pattern_uid = " uid=([0-9]*) "; if (regcomp(®exCompiled_uid, pattern_uid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "uid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "uid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_gid = " gid=([0-9]*) "; if (regcomp(®exCompiled_gid, pattern_gid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "gid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "gid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_auid = " auid=([0-9]*) "; if (regcomp(®exCompiled_auid, pattern_auid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "auid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "auid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_euid = " euid=([0-9]*) "; if (regcomp(®exCompiled_euid, pattern_euid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "euid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "euid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_pid = " pid=([0-9]*) "; if (regcomp(®exCompiled_pid, pattern_pid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "pid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "pid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_ppid = " ppid=([0-9]*) "; if (regcomp(®exCompiled_ppid, pattern_ppid, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "ppid"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "ppid"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_inode = " item=[0-9] name=.* inode=([0-9]*)"; if (regcomp(®exCompiled_inode, pattern_inode, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "inode"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "inode"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_items = " items=([0-9]*) "; if (regcomp(®exCompiled_items, pattern_items, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "items"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "items"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_syscall = " syscall=([0-9]*)"; if (regcomp(®exCompiled_syscall, pattern_syscall, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "syscall"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "syscall"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_pname = " exe=\"([^ ]*)\""; if (regcomp(®exCompiled_pname, pattern_pname, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "pname"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "pname"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_cwd = " cwd=\"([^ ]*)\""; if (regcomp(®exCompiled_cwd, pattern_cwd, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "cwd"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "cwd"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_dir = " dir=\"([^ ]*)\""; if (regcomp(®exCompiled_dir, pattern_dir, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "dir"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "dir"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path0 = " item=0 name=\"([^ ]*)\""; if (regcomp(®exCompiled_path0, pattern_path0, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path0"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path0"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path1 = " item=1 name=\"([^ ]*)\""; if (regcomp(®exCompiled_path1, pattern_path1, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path1"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path1"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path2 = " item=2 name=\"([^ ]*)\""; if (regcomp(®exCompiled_path2, pattern_path2, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path2"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path2"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path3 = " item=3 name=\"([^ ]*)\""; if (regcomp(®exCompiled_path3, pattern_path3, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path3"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path3"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path4 = " item=4 name=\"([^ ]*)\""; if (regcomp(®exCompiled_path4, pattern_path4, REG_EXTENDED)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path4"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path4"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_pname_hex = " exe=([A-F0-9]*)"; if (regcomp(®exCompiled_pname_hex, pattern_pname_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "pname_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "pname_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_cwd_hex = " cwd=([A-F0-9]*)"; if (regcomp(®exCompiled_cwd_hex, pattern_cwd_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "cwd_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "cwd_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_dir_hex = " dir=([A-F0-9]*)"; if (regcomp(®exCompiled_dir_hex, pattern_dir_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "dir_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "dir_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path0_hex = " item=0 name=([A-F0-9]*)"; if (regcomp(®exCompiled_path0_hex, pattern_path0_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path0_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path0_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path1_hex = " item=1 name=([A-F0-9]*)"; if (regcomp(®exCompiled_path1_hex, pattern_path1_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path1_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path1_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path2_hex = " item=2 name=([A-F0-9]*)"; if (regcomp(®exCompiled_path2_hex, pattern_path2_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path2_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path2_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path3_hex = " item=3 name=([A-F0-9]*)"; if (regcomp(®exCompiled_path3_hex, pattern_path3_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path3_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path3_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_path4_hex = " item=4 name=([A-F0-9]*)"; if (regcomp(®exCompiled_path4_hex, pattern_path4_hex, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "path4_hex"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "path4_hex"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } static const char *pattern_dev = " dev=([A-F0-9]*:[A-F0-9]*)"; if (regcomp(®exCompiled_dev, pattern_dev, REG_EXTENDED | REG_ICASE)) { - merror(FIM_ERROR_WHODATA_COMPILE_REGEX, "dev"); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_COMPILE_REGEX, "dev"); // LCOV_EXCL_LINE return -1; // LCOV_EXCL_LINE } return 0; @@ -317,20 +317,20 @@ STATIC audit_key_type filterkey_audit_events(const char *buffer) { } if (strcmp(key, AUDIT_KEY) == 0) { - mdebug2(FIM_AUDIT_MATCH_KEY, full_key); + LogDebug(FIM_AUDIT_MATCH_KEY, full_key); free(full_key); return FIM_AUDIT_KEY; } if (strcmp(key, AUDIT_HEALTHCHECK_KEY) == 0) { - mdebug2(FIM_AUDIT_MATCH_KEY, full_key); + LogDebug(FIM_AUDIT_MATCH_KEY, full_key); free(full_key); return FIM_AUDIT_HC_KEY; } for (i = 0; syscheck.audit_key[i]; i++) { if (strcmp(key, syscheck.audit_key[i]) == 0) { - mdebug2(FIM_AUDIT_MATCH_KEY, key); + LogDebug(FIM_AUDIT_MATCH_KEY, key); free(full_key); return FIM_AUDIT_CUSTOM_KEY; } @@ -407,14 +407,14 @@ void get_parent_process_info(char *ppid, char **const parent_name, char **const snprintf(slinkcwd, tam_slink, "/proc/%s/cwd", ppid); if (tam_ppname = readlink(slinkexe, *parent_name, OS_FLSIZE), tam_ppname < 0) { - mdebug1("Failure to obtain the name of the process: '%s'. Error: %s", ppid, strerror(errno)); + LogDebug("Failure to obtain the name of the process: '%s'. Error: %s", ppid, strerror(errno)); parent_name[0][0] = '\0'; } else { parent_name[0][tam_ppname] = '\0'; } if (tam_pcwd = readlink(slinkcwd, *parent_cwd, OS_FLSIZE), tam_pcwd < 0) { - mdebug1("Failure to obtain the cwd of the process: '%s'. Error: %s", ppid, strerror(errno)); + LogDebug("Failure to obtain the cwd of the process: '%s'. Error: %s", ppid, strerror(errno)); parent_cwd[0][0] = '\0'; } else { parent_cwd[0][tam_pcwd] = '\0'; @@ -496,19 +496,19 @@ void audit_parse(char *buffer) { snprintf(p_dir, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } if (p_dir && *p_dir != '\0') { - minfo(FIM_AUDIT_REMOVE_RULE, p_dir); + LogInfo(FIM_AUDIT_REMOVE_RULE, p_dir); // Send alert char msg_alert[512 + 1]; snprintf(msg_alert, 512, "ossec: Audit: Monitored directory was removed: Audit rule removed"); SendMSG(syscheck.queue, msg_alert, "syscheck", LOCALFILE_MQ); } else if (fim_manipulated_audit_rules() == 0) { // If the manipulation wasn't done by syscheck, increase the number of retries - mwarn(FIM_WARN_AUDIT_RULES_MODIFIED); + LogWarn(FIM_WARN_AUDIT_RULES_MODIFIED); // Send alert char msg_alert[512 + 1]; snprintf(msg_alert, 512, "ossec: Audit: Detected rules manipulation: Audit rules removed"); @@ -574,7 +574,7 @@ void audit_parse(char *buffer) { snprintf(auid, match_size + 1, "%.*s", match_size, buffer + match[1].rm_so); if (strcmp(auid, "4294967295") == 0) { // Invalid auid (-1) if (!auid_err_reported) { - mdebug1(FIM_AUDIT_INVALID_AUID); + LogDebug(FIM_AUDIT_INVALID_AUID); auid_err_reported = 1; } w_evt->audit_name = NULL; @@ -666,7 +666,7 @@ void audit_parse(char *buffer) { snprintf(w_evt->process_name, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -684,7 +684,7 @@ void audit_parse(char *buffer) { snprintf(w_evt->cwd, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -702,7 +702,7 @@ void audit_parse(char *buffer) { snprintf(path0, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -720,7 +720,7 @@ void audit_parse(char *buffer) { snprintf(path1, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -745,7 +745,7 @@ void audit_parse(char *buffer) { snprintf(w_evt->dev, OS_SIZE_64, "%s%s", dev, aux); snprintf(w_evt->dev, OS_SIZE_64, "%ld", strtol(w_evt->dev, NULL, 16)); } else { - merror("Couldn't decode device chunk of audit log: colon not found in this string: \"%s\".", + LogError("Couldn't decode device chunk of audit log: colon not found in this string: \"%s\".", dev); // LCOV_EXCL_LINE } @@ -760,7 +760,7 @@ void audit_parse(char *buffer) { if (w_evt->cwd && path0) { if (file_path = gen_audit_path(w_evt->cwd, path0, NULL), file_path) { w_evt->path = file_path; - mdebug2(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -776,7 +776,7 @@ void audit_parse(char *buffer) { case 2: if (w_evt->cwd && path0 && path1) { if (file_path = gen_audit_path(w_evt->cwd, path0, path1), file_path) { - mdebug2(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -786,7 +786,7 @@ void audit_parse(char *buffer) { w_evt->path = realpath(file_path, NULL); if (w_evt->path == NULL) { os_strdup(file_path, w_evt->path); - mdebug1(FIM_CHECK_LINK_REALPATH, w_evt->path); // LCOV_EXCL_LINE + LogDebug(FIM_CHECK_LINK_REALPATH, w_evt->path); // LCOV_EXCL_LINE } free(file_path); @@ -812,14 +812,14 @@ void audit_parse(char *buffer) { snprintf(path2, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } if (w_evt->cwd && path1 && path2) { if (file_path = gen_audit_path(w_evt->cwd, path1, path2), file_path) { w_evt->path = file_path; - mdebug2(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -848,7 +848,7 @@ void audit_parse(char *buffer) { snprintf(path2, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -866,7 +866,7 @@ void audit_parse(char *buffer) { snprintf(path3, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -875,7 +875,7 @@ void audit_parse(char *buffer) { char *file_path1; if (file_path1 = gen_audit_path(w_evt->cwd, path0, path2), file_path1) { w_evt->path = file_path1; - mdebug2(FIM_AUDIT_EVENT1(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT1(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -893,7 +893,7 @@ void audit_parse(char *buffer) { char *file_path2; if (file_path2 = gen_audit_path(w_evt->cwd, path1, path3), file_path2) { w_evt->path = file_path2; - mdebug2(FIM_AUDIT_EVENT2(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT2(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -923,7 +923,7 @@ void audit_parse(char *buffer) { snprintf(path4, decoded_length + 1, "%.*s", decoded_length, decoded_buffer); os_free(decoded_buffer); } else { - merror("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); + LogError("Error found while decoding HEX bufer: '%.*s'", match_size, buffer + match[1].rm_so); } } @@ -931,7 +931,7 @@ void audit_parse(char *buffer) { char *file_path; if (file_path = gen_audit_path(w_evt->cwd, path1, path4), file_path) { w_evt->path = file_path; - mdebug2(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", + LogDebug(FIM_AUDIT_EVENT(w_evt->user_name) ? w_evt->user_name : "", (w_evt->audit_name) ? w_evt->audit_name : "", (w_evt->effective_name) ? w_evt->effective_name : "", (w_evt->group_name) ? w_evt->group_name : "", w_evt->process_id, w_evt->ppid, @@ -958,14 +958,14 @@ void audit_parse(char *buffer) { char *syscall = NULL; os_malloc(match_size + 1, syscall); snprintf(syscall, match_size + 1, "%.*s", match_size, buffer + match[1].rm_so); - if (!strcmp(syscall, "2") || !strcmp(syscall, "257") || !strcmp(syscall, "5") || + if (!strcmp(syscall, "2") || !strcmp(syscall, "257") || !strcmp(syscall, "5") || !strcmp(syscall, "295") || !strcmp(syscall, "56")) { // x86_64: 2 open // x86_64: 257 openat // i686: 5 open // i686: 295 openat // aarch64: 56 openat - mdebug2(FIM_HEALTHCHECK_CREATE, syscall); + LogDebug(FIM_HEALTHCHECK_CREATE, syscall); atomic_int_set(&audit_health_check_creation, 1); } else if (!strcmp(syscall, "87") || !strcmp(syscall, "263") || !strcmp(syscall, "10") || !strcmp(syscall, "301") || !strcmp(syscall, "35")) { @@ -974,9 +974,9 @@ void audit_parse(char *buffer) { // i686: 10 unlink // i686: 301 unlinkat // aarch64: 35 unlinkat - mdebug2(FIM_HEALTHCHECK_DELETE, syscall); + LogDebug(FIM_HEALTHCHECK_DELETE, syscall); } else { - mdebug2(FIM_HEALTHCHECK_UNRECOGNIZED_EVENT, syscall); + LogDebug(FIM_HEALTHCHECK_UNRECOGNIZED_EVENT, syscall); } os_free(syscall); } diff --git a/src/modules/fim/src/whodata/audit_rule_handling.c b/src/modules/fim/src/whodata/audit_rule_handling.c index 80b7be9959..50e077edc6 100644 --- a/src/modules/fim/src/whodata/audit_rule_handling.c +++ b/src/modules/fim/src/whodata/audit_rule_handling.c @@ -33,7 +33,7 @@ static void _add_whodata_directory(const char *path) { whodata_directory_t *directory; if (whodata_directories == NULL) { - merror(FIM_ERROR_WHODATA_UNINITIALIZED, path); + LogError(FIM_ERROR_WHODATA_UNINITIALIZED, path); return; } @@ -95,7 +95,7 @@ int fim_rules_initial_load() { audit_close(auditd_fd); if (!res) { - merror(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE } w_rwlock_rdlock(&syscheck.directories_lock); @@ -115,7 +115,7 @@ int fim_rules_initial_load() { // Add whodata directories until max_audit_entries is reached. if (rules_added >= syscheck.max_audit_entries) { - merror(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory, syscheck.max_audit_entries); + LogError(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory, syscheck.max_audit_entries); free(directory); break; } @@ -126,21 +126,21 @@ int fim_rules_initial_load() { // The rule is not in audit_rule_list case 0: if (retval = audit_add_rule(directory, WHODATA_PERMS, AUDIT_KEY), retval > 0) { - mdebug2(FIM_AUDIT_NEWRULE, directory); + LogDebug(FIM_AUDIT_NEWRULE, directory); rules_added++; } else if (retval != -EEXIST) { - mwarn(FIM_WARN_WHODATA_ADD_RULE, directory); + LogWarn(FIM_WARN_WHODATA_ADD_RULE, directory); } else { - mdebug2(FIM_AUDIT_ALREADY_ADDED, directory); + LogDebug(FIM_AUDIT_ALREADY_ADDED, directory); } break; case 1: - mdebug2(FIM_AUDIT_RULEDUP, directory); + LogDebug(FIM_AUDIT_RULEDUP, directory); break; default: - merror(FIM_ERROR_WHODATA_CHECK_RULE); + LogError(FIM_ERROR_WHODATA_CHECK_RULE); break; } // real_path can't be NULL @@ -160,7 +160,7 @@ void fim_audit_reload_rules() { int res; OSListNode *node = NULL; - mdebug1(FIM_AUDIT_RELOADING_RULES); + LogDebug(FIM_AUDIT_RELOADING_RULES); auditd_fd = audit_open(); res = audit_get_rule_list(auditd_fd); @@ -168,7 +168,7 @@ void fim_audit_reload_rules() { audit_close(auditd_fd); if (!res) { - merror(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE } w_mutex_lock(&rules_mutex); @@ -191,21 +191,21 @@ void fim_audit_reload_rules() { if (rules_added >= syscheck.max_audit_entries) { if (!reported) { - merror(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory->path, syscheck.max_audit_entries); + LogError(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory->path, syscheck.max_audit_entries); } else { - mdebug2(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory->path, syscheck.max_audit_entries); + LogDebug(FIM_ERROR_WHODATA_MAXNUM_WATCHES, directory->path, syscheck.max_audit_entries); } reported = 1; break; } if (retval = audit_add_rule(directory->path, WHODATA_PERMS, AUDIT_KEY), retval > 0) { - mdebug2(FIM_AUDIT_NEWRULE, directory->path); + LogDebug(FIM_AUDIT_NEWRULE, directory->path); rules_added++; } else if (retval != -EEXIST) { - mdebug1(FIM_WARN_WHODATA_ADD_RULE, directory->path); + LogDebug(FIM_WARN_WHODATA_ADD_RULE, directory->path); } else { - mdebug2(FIM_AUDIT_ALREADY_ADDED, directory->path); + LogDebug(FIM_AUDIT_ALREADY_ADDED, directory->path); } break; @@ -219,12 +219,12 @@ void fim_audit_reload_rules() { node = OSList_GetCurrentlyNode(whodata_directories); continue; } else { - mdebug2(FIM_AUDIT_RULEDUP, directory->path); + LogDebug(FIM_AUDIT_RULEDUP, directory->path); } break; default: - merror(FIM_ERROR_WHODATA_CHECK_RULE); + LogError(FIM_ERROR_WHODATA_CHECK_RULE); break; } @@ -232,7 +232,7 @@ void fim_audit_reload_rules() { } w_mutex_unlock(&rules_mutex); - mdebug1(FIM_AUDIT_RELOADED_RULES, rules_added); + LogDebug(FIM_AUDIT_RELOADED_RULES, rules_added); } int fim_manipulated_audit_rules() { @@ -255,7 +255,7 @@ void clean_rules(void) { w_mutex_lock(&rules_mutex); atomic_int_set(&audit_thread_active, 0); - mdebug2(FIM_AUDIT_DELETE_RULE); + LogDebug(FIM_AUDIT_DELETE_RULE); for (node = OSList_GetFirstNode(whodata_directories); node != NULL; node = OSList_GetNextNode(whodata_directories)) { diff --git a/src/modules/fim/src/whodata/syscheck_audit.c b/src/modules/fim/src/whodata/syscheck_audit.c index 78791d6e7e..a1d1e2100e 100644 --- a/src/modules/fim/src/whodata/syscheck_audit.c +++ b/src/modules/fim/src/whodata/syscheck_audit.c @@ -16,7 +16,6 @@ #include "../os_net/os_net.h" #include "syscheck_op.h" #include "audit_op.h" -#include "string_op.h" #define AUDIT_RULES_FILE "etc/audit_rules_wazuh.rules" #define AUDIT_RULES_LINK "/etc/audit/rules.d/audit_rules_wazuh.rules" @@ -86,20 +85,20 @@ int configure_audisp(const char *audisp_path, const char *audisp_config) { FILE *fp; char buffer[PATH_MAX] = {'\0'}; - minfo(FIM_AUDIT_SOCKET, AUDIT_CONF_FILE); + LogInfo(FIM_AUDIT_SOCKET, AUDIT_CONF_FILE); abspath(AUDIT_CONF_FILE, buffer, PATH_MAX); fp = wfopen(AUDIT_CONF_FILE, "w"); if (!fp) { - merror(FOPEN_ERROR, AUDIT_CONF_FILE, errno, strerror(errno)); + LogError(FOPEN_ERROR, AUDIT_CONF_FILE, errno, strerror(errno)); return -1; } fwrite(audisp_config, sizeof(char), strlen(audisp_config), fp); if (fclose(fp)) { - merror(FCLOSE_ERROR, AUDIT_CONF_FILE, errno, strerror(errno)); + LogError(FCLOSE_ERROR, AUDIT_CONF_FILE, errno, strerror(errno)); return -1; } @@ -107,7 +106,7 @@ int configure_audisp(const char *audisp_path, const char *audisp_config) { switch (errno) { case EEXIST: if (unlink(audisp_path) < 0) { - merror(UNLINK_ERROR, audisp_path, errno, strerror(errno)); + LogError(UNLINK_ERROR, audisp_path, errno, strerror(errno)); return -1; } @@ -117,16 +116,16 @@ int configure_audisp(const char *audisp_path, const char *audisp_config) { // Fallthrough default: - merror(LINK_ERROR, audisp_path, AUDIT_CONF_FILE, errno, strerror(errno)); + LogError(LINK_ERROR, audisp_path, AUDIT_CONF_FILE, errno, strerror(errno)); return -1; } } if (syscheck.restart_audit) { - minfo(FIM_AUDIT_RESTARTING, AUDIT_CONF_FILE); + LogInfo(FIM_AUDIT_RESTARTING, AUDIT_CONF_FILE); return audit_restart(); } else { - mwarn(FIM_WARN_AUDIT_CONFIGURATION_MODIFIED); + LogWarn(FIM_WARN_AUDIT_CONFIGURATION_MODIFIED); return 1; } } @@ -183,12 +182,12 @@ int set_auditd_config(void) { } if (syscheck.restart_audit) { - minfo(FIM_AUDIT_NOSOCKET, AUDIT_SOCKET); + LogInfo(FIM_AUDIT_NOSOCKET, AUDIT_SOCKET); retval = audit_restart(); goto end; } - mwarn(FIM_WARN_AUDIT_SOCKET_NOEXIST, AUDIT_SOCKET); + LogWarn(FIM_WARN_AUDIT_SOCKET_NOEXIST, AUDIT_SOCKET); end: os_free(configuration); return retval; @@ -200,7 +199,7 @@ int init_auditd_socket(void) { int sfd; if (sfd = OS_ConnectUnixDomain(AUDIT_SOCKET, SOCK_STREAM, OS_MAXSTR), sfd < 0) { - merror(FIM_ERROR_WHODATA_SOCKET_CONNECT, AUDIT_SOCKET); + LogError(FIM_ERROR_WHODATA_SOCKET_CONNECT, AUDIT_SOCKET); return (-1); } @@ -215,7 +214,7 @@ void audit_create_rules_file() { fp = wfopen(AUDIT_RULES_FILE, "w"); if (!fp) { - merror(FOPEN_ERROR, AUDIT_RULES_FILE, errno, strerror(errno)); + LogError(FOPEN_ERROR, AUDIT_RULES_FILE, errno, strerror(errno)); return; } @@ -227,7 +226,7 @@ void audit_create_rules_file() { } real_path = fim_get_real_path(dir_it); - mdebug2(FIM_ADDED_RULE_TO_FILE, real_path); + LogDebug(FIM_ADDED_RULE_TO_FILE, real_path); fprintf(fp, "-w %s -p wa -k %s\n", real_path, AUDIT_KEY); free(real_path); @@ -235,7 +234,7 @@ void audit_create_rules_file() { w_rwlock_unlock(&syscheck.directories_lock); if (fclose(fp)) { - merror(FCLOSE_ERROR, AUDIT_RULES_FILE, errno, strerror(errno)); + LogError(FCLOSE_ERROR, AUDIT_RULES_FILE, errno, strerror(errno)); return; } @@ -245,20 +244,20 @@ void audit_create_rules_file() { // Create symlink to audit rules file if (symlink(abs_rules_file_path, AUDIT_RULES_LINK) < 0) { if (errno != EEXIST) { - merror(LINK_ERROR, AUDIT_RULES_LINK, abs_rules_file_path, errno, strerror(errno)); + LogError(LINK_ERROR, AUDIT_RULES_LINK, abs_rules_file_path, errno, strerror(errno)); return; } if (unlink(AUDIT_RULES_LINK) < 0) { - merror(UNLINK_ERROR, AUDIT_RULES_LINK, errno, strerror(errno)); + LogError(UNLINK_ERROR, AUDIT_RULES_LINK, errno, strerror(errno)); return; } if (symlink(abs_rules_file_path, AUDIT_RULES_LINK) < 0) { - merror(LINK_ERROR, AUDIT_RULES_LINK, abs_rules_file_path, errno, strerror(errno)); + LogError(LINK_ERROR, AUDIT_RULES_LINK, abs_rules_file_path, errno, strerror(errno)); return; } } - minfo(FIM_AUDIT_CREATED_RULE_FILE); + LogInfo(FIM_AUDIT_CREATED_RULE_FILE); } void audit_rules_to_realtime() { @@ -274,7 +273,7 @@ void audit_rules_to_realtime() { audit_close(auditd_fd); if (!res) { - merror(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_READ_RULE); // LCOV_EXCL_LINE } w_rwlock_wrlock(&syscheck.directories_lock); @@ -302,7 +301,7 @@ void audit_rules_to_realtime() { if (!found){ realtime_check = 1; - mwarn(FIM_ERROR_WHODATA_ADD_DIRECTORY, real_path); + LogWarn(FIM_ERROR_WHODATA_ADD_DIRECTORY, real_path); dir_it->options &= ~WHODATA_ACTIVE; dir_it->options |= REALTIME_ACTIVE; } @@ -330,14 +329,14 @@ int audit_init(void) { int aupid = check_auditd_enabled(); if (aupid <= 0) { - mwarn(FIM_AUDIT_NORUNNING); + LogWarn(FIM_AUDIT_NORUNNING); return (-1); } // Check audit socket configuration switch (set_auditd_config()) { case -1: - mdebug1(FIM_AUDIT_NOCONF); + LogDebug(FIM_AUDIT_NOCONF); return (-1); case 0: break; @@ -348,13 +347,13 @@ int audit_init(void) { // Initialize Audit socket audit_data.socket = init_auditd_socket(); if (audit_data.socket < 0) { - merror("Can't init auditd socket in 'init_auditd_socket()'"); + LogError("Can't init auditd socket in 'init_auditd_socket()'"); return -1; } int regex_comp = init_regex(); if (regex_comp < 0) { - merror("Can't init regex in 'init_regex()'"); + LogError("Can't init regex in 'init_regex()'"); return -1; } @@ -368,16 +367,16 @@ int audit_init(void) { w_create_thread(audit_parse_thread, NULL); // Print audit queue size - minfo(FIM_AUDIT_QUEUE_SIZE, syscheck.queue_size); + LogInfo(FIM_AUDIT_QUEUE_SIZE, syscheck.queue_size); // Perform Audit healthcheck if (syscheck.audit_healthcheck) { if(audit_health_check(audit_data.socket)) { - merror(FIM_ERROR_WHODATA_HEALTHCHECK_START); + LogError(FIM_ERROR_WHODATA_HEALTHCHECK_START); return -1; } } else { - minfo(FIM_AUDIT_HEALTHCHECK_DISABLE); + LogInfo(FIM_AUDIT_HEALTHCHECK_DISABLE); } // Change to realtime directories that don't have any rules when Auditd is in immutable mode @@ -395,10 +394,10 @@ int audit_init(void) { atexit(clean_rules); break; case AUDIT_DISABLED: - mwarn(FIM_AUDIT_DISABLED); + LogWarn(FIM_AUDIT_DISABLED); return -1; default: - merror(FIM_ERROR_AUDIT_MODE, strerror(errno), errno); + LogError(FIM_ERROR_AUDIT_MODE, strerror(errno), errno); return -1; } @@ -449,13 +448,13 @@ void *audit_main(audit_data_t *audit_data) { w_create_thread(audit_reload_thread, NULL); } - minfo(FIM_WHODATA_STARTED); + LogInfo(FIM_WHODATA_STARTED); // Read events audit_read_events(&audit_data->socket, &audit_thread_active); // Auditd is not runnig or socket closed. - mdebug1(FIM_AUDIT_THREAD_STOPED); + LogDebug(FIM_AUDIT_THREAD_STOPED); close(audit_data->socket); // Clean regexes used for parsing events @@ -556,7 +555,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { switch (select(*audit_sock + 1, &fdset, NULL, NULL, &timeout)) { case -1: - merror(SELECT_ERROR, errno, strerror(errno)); + LogError(SELECT_ERROR, errno, strerror(errno)); sleep(1); continue; @@ -566,7 +565,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { os_strdup(cache, cache_dup); if (queue_push_ex(audit_queue, cache_dup)) { if (!audit_queue_full_reported) { - mwarn(FIM_FULL_AUDIT_QUEUE); + LogWarn(FIM_FULL_AUDIT_QUEUE); audit_queue_full_reported = 1; } os_free(cache_dup); @@ -586,19 +585,19 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { if (byteRead = recv(*audit_sock, buffer + buffer_i, BUF_SIZE - buffer_i - 1, 0), !byteRead) { // Connection closed - mwarn(FIM_WARN_AUDIT_CONNECTION_CLOSED); + LogWarn(FIM_WARN_AUDIT_CONNECTION_CLOSED); // Reconnect conn_retries = 0; sleep(1); - minfo(FIM_AUDIT_RECONNECT, ++conn_retries); + LogInfo(FIM_AUDIT_RECONNECT, ++conn_retries); *audit_sock = init_auditd_socket(); while (conn_retries < MAX_CONN_RETRIES && *audit_sock < 0) { - minfo(FIM_AUDIT_RECONNECT, ++conn_retries); + LogInfo(FIM_AUDIT_RECONNECT, ++conn_retries); sleep(1); *audit_sock = init_auditd_socket(); } if (*audit_sock >= 0) { - minfo(FIM_AUDIT_CONNECT); + LogInfo(FIM_AUDIT_CONNECT); // Reload rules fim_audit_reload_rules(); continue; @@ -636,7 +635,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { os_strdup(cache, cache_dup); if (queue_push_ex(audit_queue, cache_dup)) { if (!audit_queue_full_reported) { - mwarn(FIM_FULL_AUDIT_QUEUE); + LogWarn(FIM_FULL_AUDIT_QUEUE); audit_queue_full_reported = 1; } os_free(cache_dup); @@ -653,7 +652,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { cache[cache_i++] = '\n'; cache[cache_i] = '\0'; } else if (!event_too_long_id){ - mwarn(FIM_WARN_WHODATA_EVENT_TOOLONG, id); + LogWarn(FIM_WARN_WHODATA_EVENT_TOOLONG, id); os_strdup(id, event_too_long_id); } eoe_found = strstr(line, "type=EOE"); @@ -661,7 +660,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { free(cache_id); cache_id = id; } else { - mwarn(FIM_WARN_WHODATA_GETID, line); + LogWarn(FIM_WARN_WHODATA_GETID, line); } line = endline + 1; @@ -672,7 +671,7 @@ void audit_read_events(int *audit_sock, atomic_int_t *running) { os_strdup(cache, cache_dup); if (queue_push_ex(audit_queue, cache_dup)) { if (!audit_queue_full_reported) { - mwarn(FIM_FULL_AUDIT_QUEUE); + LogWarn(FIM_FULL_AUDIT_QUEUE); audit_queue_full_reported = 1; } os_free(cache_dup); diff --git a/src/modules/fim/src/whodata/win_whodata.c b/src/modules/fim/src/whodata/win_whodata.c index 2e8a26f168..8affcfbbbd 100644 --- a/src/modules/fim/src/whodata/win_whodata.c +++ b/src/modules/fim/src/whodata/win_whodata.c @@ -211,22 +211,22 @@ int set_winsacl(const char *dir, directory_t *configuration) { assert(configuration != NULL); - mdebug2(FIM_SACL_CONFIGURE, dir); + LogDebug(FIM_SACL_CONFIGURE, dir); if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hdle)) { - merror(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); + LogError(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); return 1; } if (set_privilege(hdle, priv, TRUE)) { - merror(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); goto end; } privilege_enabled = 1; if (result = GetNamedSecurityInfo(dir, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &old_sacl, &security_descriptor), result != ERROR_SUCCESS) { - merror(FIM_ERROR_SACL_GETSECURITYINFO, result); + LogError(FIM_ERROR_SACL_GETSECURITYINFO, result); goto end; } @@ -241,7 +241,7 @@ int set_winsacl(const char *dir, directory_t *configuration) { retval = 0; goto end; case 1: - mdebug2(FIM_SACL_CHECK_CONFIGURE, dir); + LogDebug(FIM_SACL_CHECK_CONFIGURE, dir); configuration->dirs_status.status |= WD_IGNORE_REST; // Empty SACL @@ -250,7 +250,7 @@ int set_winsacl(const char *dir, directory_t *configuration) { } else { // Get SACL size if (!GetAclInformation(old_sacl, (LPVOID)&old_sacl_info, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation)) { - merror(FIM_ERROR_SACL_GETSIZE, dir); + LogError(FIM_ERROR_SACL_GETSIZE, dir); goto end; } } @@ -268,12 +268,12 @@ int set_winsacl(const char *dir, directory_t *configuration) { new_sacl_size = old_sacl_info.AclBytesInUse + sizeof(SYSTEM_AUDIT_ACE) + ev_sid_size - sizeof(unsigned long); if (new_sacl = (PACL)win_alloc(new_sacl_size), !new_sacl) { - merror(FIM_ERROR_SACL_NOMEMORY, dir); + LogError(FIM_ERROR_SACL_NOMEMORY, dir); goto end; } if (!InitializeAcl(new_sacl, new_sacl_size, ACL_REVISION)) { - merror(FIM_ERROR_SACL_CREATE, dir); + LogError(FIM_ERROR_SACL_CREATE, dir); goto end; } @@ -282,12 +282,12 @@ int set_winsacl(const char *dir, directory_t *configuration) { if (old_sacl_info.AceCount) { for (i = 0; i < old_sacl_info.AceCount; i++) { if (!GetAce(old_sacl, i, &entry_access_it)) { - merror(FIM_ERROR_SACL_ACE_GET, i, dir); + LogError(FIM_ERROR_SACL_ACE_GET, i, dir); goto end; } if (!AddAce(new_sacl, ACL_REVISION, MAXDWORD, entry_access_it, ((PACE_HEADER)entry_access_it)->AceSize)) { - merror(FIM_ERROR_SACL_ACE_CPY, i, dir); + LogError(FIM_ERROR_SACL_ACE_CPY, i, dir); goto end; } } @@ -295,7 +295,7 @@ int set_winsacl(const char *dir, directory_t *configuration) { } // Build the new ACE if (ace = (SYSTEM_AUDIT_ACE *)win_alloc(sizeof(SYSTEM_AUDIT_ACE) + ev_sid_size - sizeof(DWORD)), !ace) { - merror(FIM_ERROR_SACL_ACE_NOMEMORY, dir); + LogError(FIM_ERROR_SACL_ACE_NOMEMORY, dir); goto end; } @@ -309,13 +309,13 @@ int set_winsacl(const char *dir, directory_t *configuration) { // Add the new ACE if (!AddAce(new_sacl, ACL_REVISION, 0, (LPVOID)ace, ace->Header.AceSize)) { - merror(FIM_ERROR_SACL_ACE_ADD, dir); + LogError(FIM_ERROR_SACL_ACE_ADD, dir); goto end; } // Set a new ACL for the security descriptor if (result = SetNamedSecurityInfo((char *) dir, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, new_sacl), result != ERROR_SUCCESS) { - merror(FIM_ERROR_SACL_SETSECURITYINFO, result); + LogError(FIM_ERROR_SACL_SETSECURITYINFO, result); goto end; } @@ -324,7 +324,7 @@ int set_winsacl(const char *dir, directory_t *configuration) { if (privilege_enabled) { // Disable the privilege if (set_privilege(hdle, priv, FALSE)) { - merror(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); } } @@ -356,19 +356,19 @@ int is_valid_sacl(PACL sacl, int is_file) { if (!everyone_sid) { if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid)) { - merror(FIM_ERROR_WHODATA_GET_SID, GetLastError()); + LogError(FIM_ERROR_WHODATA_GET_SID, GetLastError()); return 2; } } if (!sacl) { - mdebug2(FIM_SACL_NOT_FOUND); + LogDebug(FIM_SACL_NOT_FOUND); return 1; } for (i = 0; i < sacl->AceCount; i++) { if (!GetAce(sacl, i, (LPVOID*)&ace)) { - merror(FIM_ERROR_WHODATA_GET_ACE, GetLastError()); + LogError(FIM_ERROR_WHODATA_GET_ACE, GetLastError()); return 1; } @@ -388,7 +388,7 @@ int set_privilege(HANDLE hdle, LPCTSTR privilege, int enable) { // Get the privilege UID if (!LookupPrivilegeValue(NULL, privilege, &pr_uid)) { - merror(FIM_ERROR_SACL_FIND_PRIVILEGE, privilege, GetLastError()); + LogError(FIM_ERROR_SACL_FIND_PRIVILEGE, privilege, GetLastError()); return 1; } @@ -403,14 +403,14 @@ int set_privilege(HANDLE hdle, LPCTSTR privilege, int enable) { // Set the privilege to the process if (!AdjustTokenPrivileges(hdle, 0, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) { - merror(FIM_ERROR_WHODATA_TOKENPRIVILEGES, GetLastError()); + LogError(FIM_ERROR_WHODATA_TOKENPRIVILEGES, GetLastError()); return 1; } if (enable) { - mdebug2(FIM_ELEVATE_PRIVILEGE, privilege); + LogDebug(FIM_ELEVATE_PRIVILEGE, privilege); } else { - mdebug2(FIM_REDUCE_PRIVILEGE, privilege); + LogDebug(FIM_REDUCE_PRIVILEGE, privilege); } return 0; @@ -429,13 +429,13 @@ int run_whodata_scan() { // Set the system audit policies if (result = set_policies(), result) { - merror(FIM_WARN_WHODATA_LOCALPOLICIES); + LogError(FIM_WARN_WHODATA_LOCALPOLICIES); return 1; } // Select the interesting fields if (context = EvtCreateRenderContext(fields_number, event_fields, EvtRenderContextValues), !context) { - merror(FIM_ERROR_WHODATA_CONTEXT, GetLastError()); + LogError(FIM_ERROR_WHODATA_CONTEXT, GetLastError()); return 1; } @@ -451,11 +451,11 @@ int run_whodata_scan() { (EVT_SUBSCRIBE_CALLBACK) whodata_callback, EvtSubscribeToFutureEvents); if (evt_subscribe_handle == NULL) { - merror(FIM_ERROR_WHODATA_EVENTCHANNEL); + LogError(FIM_ERROR_WHODATA_EVENTCHANNEL); return 1; } - minfo(FIM_WHODATA_STARTED); + LogInfo(FIM_WHODATA_STARTED); return 0; } @@ -481,12 +481,12 @@ void restore_sacls() { c_process = GetCurrentProcess(); if (!OpenProcessToken(c_process, TOKEN_ADJUST_PRIVILEGES, &hdle)) { - merror(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); + LogError(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); goto end; } if (set_privilege(hdle, priv, TRUE)) { - merror(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); goto end; } @@ -501,20 +501,20 @@ void restore_sacls() { result = GetNamedSecurityInfo(dir_it->path, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl_it, &security_descriptor); if (result != ERROR_SUCCESS) { - merror(FIM_ERROR_SACL_GETSECURITYINFO, result); + LogError(FIM_ERROR_SACL_GETSECURITYINFO, result); break; } // The ACE we added is in position 0 if (!DeleteAce(sacl_it, 0)) { - merror(FIM_ERROR_SACL_ACE_DELETE, GetLastError()); + LogError(FIM_ERROR_SACL_ACE_DELETE, GetLastError()); break; } // Set the SACL result = SetNamedSecurityInfo(dir_it->path, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, sacl_it); if (result != ERROR_SUCCESS) { - merror(FIM_ERROR_SACL_SETSECURITYINFO, result); + LogError(FIM_ERROR_SACL_SETSECURITYINFO, result); break; } @@ -525,7 +525,7 @@ void restore_sacls() { if (security_descriptor) { LocalFree((HLOCAL)security_descriptor); } - mdebug2(FIM_SACL_RESTORED, dir_it->path); + LogDebug(FIM_SACL_RESTORED, dir_it->path); } } w_rwlock_unlock(&syscheck.directories_lock); @@ -534,7 +534,7 @@ void restore_sacls() { if (privilege_enabled) { // Disable the privilege if (set_privilege(hdle, priv, FALSE)) { - merror(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); } } @@ -552,7 +552,7 @@ int restore_audit_policies() { snprintf(command, OS_SIZE_1024, WPOL_RESTORE_COMMAND, WPOL_BACKUP_FILE); if (IsFile(WPOL_BACKUP_FILE)) { - merror(FIM_ERROR_WHODATA_RESTORE_POLICIES); + LogError(FIM_ERROR_WHODATA_RESTORE_POLICIES); return 1; } @@ -566,28 +566,28 @@ int restore_audit_policies() { cmd_failed = 0; wm_exec_ret_code = wm_exec(command, &cmd_output, &result_code, timeout+i, NULL); if (wm_exec_ret_code < 0) { - merror(FIM_ERROR_WHODATA_AUDITPOL, "failed to execute command"); + LogError(FIM_ERROR_WHODATA_AUDITPOL, "failed to execute command"); cmd_failed = 1; } else if (wm_exec_ret_code == 1) { - merror(FIM_ERROR_WHODATA_AUDITPOL, "time overtaken while running the command"); + LogError(FIM_ERROR_WHODATA_AUDITPOL, "time overtaken while running the command"); os_free(cmd_output); cmd_failed = 1; } else if (!wm_exec_ret_code && result_code) { char error_msg[OS_MAXSTR]; snprintf(error_msg, OS_MAXSTR, FIM_ERROR_WHODATA_AUDITPOL, "command returned failure'. Output: '%s"); - merror(error_msg, cmd_output); + LogError(error_msg, cmd_output); os_free(cmd_output); cmd_failed = 1; } if (cmd_failed) { - merror(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); + LogError(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); } i++; } while (i <= retries && cmd_failed); - + if (i == retries + 1) { - merror(FIM_AUDITPOL_FINAL_FAIL, i); - } + LogError(FIM_AUDITPOL_FINAL_FAIL, i); + } return cmd_failed; } @@ -604,13 +604,13 @@ PEVT_VARIANT whodata_event_render(EVT_HANDLE event) { memset(buffer, 0, used_size); if (!EvtRender(context, event, EvtRenderEventValues, used_size, buffer, &used_size, &property_count)) { - mwarn(FIM_WHODATA_RENDER_EVENT, GetLastError()); + LogWarn(FIM_WHODATA_RENDER_EVENT, GetLastError()); os_free(buffer); return buffer; } if (property_count != fields_number) { - mwarn(FIM_WHODATA_RENDER_PARAM); + LogWarn(FIM_WHODATA_RENDER_PARAM); os_free(buffer); } @@ -624,7 +624,7 @@ int whodata_get_event_id(const PEVT_VARIANT raw_data, short *event_id) { // EventID if (raw_data[RENDERED_EVENT_ID].Type != EvtVarTypeUInt16) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_EVENT_ID].Type, "event_id"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_EVENT_ID].Type, "event_id"); return -1; } *event_id = raw_data[RENDERED_EVENT_ID].Int16Val; @@ -645,7 +645,7 @@ int whodata_get_handle_id(const PEVT_VARIANT raw_data, unsigned __int64 *handle_ } else if (raw_data[RENDERED_HANDLE_ID].Type == EvtVarTypeHexInt32) { *handle_id = (unsigned __int64) raw_data[RENDERED_HANDLE_ID].UInt32Val; } else { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_HANDLE_ID].Type, "handle_id"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_HANDLE_ID].Type, "handle_id"); return -1; } } else { @@ -661,7 +661,7 @@ int whodata_get_access_mask(const PEVT_VARIANT raw_data, unsigned long *mask) { // AccessMask if (raw_data[RENDERED_ACCESS_MASK].Type != EvtVarTypeHexInt32) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_ACCESS_MASK].Type, "mask"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_ACCESS_MASK].Type, "mask"); return -1; } *mask = raw_data[RENDERED_ACCESS_MASK].UInt32Val; @@ -676,7 +676,7 @@ int whodata_event_parse(const PEVT_VARIANT raw_data, whodata_evt *event_data) { // ObjectName if (raw_data[RENDERED_PATH].Type != EvtVarTypeString) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PATH].Type, "path"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PATH].Type, "path"); return -1; } else { if (event_data->path = get_whodata_path(raw_data[RENDERED_PATH].XmlVal), !event_data->path) { @@ -694,7 +694,7 @@ int whodata_event_parse(const PEVT_VARIANT raw_data, whodata_evt *event_data) { // SubjectUserName if (raw_data[RENDERED_USER_NAME].Type != EvtVarTypeString) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_USER_NAME].Type, "user_name"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_USER_NAME].Type, "user_name"); event_data->user_name = NULL; } else { event_data->user_name = convert_windows_string(raw_data[RENDERED_USER_NAME].XmlVal); @@ -702,7 +702,7 @@ int whodata_event_parse(const PEVT_VARIANT raw_data, whodata_evt *event_data) { // ProcessName if (raw_data[RENDERED_PROCESS_NAME].Type != EvtVarTypeString) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PROCESS_NAME].Type, "process_name"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PROCESS_NAME].Type, "process_name"); event_data->process_name = NULL; } else { event_data->process_name = convert_windows_string(raw_data[RENDERED_PROCESS_NAME].XmlVal); @@ -716,7 +716,7 @@ int whodata_event_parse(const PEVT_VARIANT raw_data, whodata_evt *event_data) { } else if (raw_data[RENDERED_PROCESS_ID].Type == EvtVarTypeHexInt32) { event_data->process_id = (unsigned __int64) raw_data[RENDERED_PROCESS_ID].UInt32Val; } else { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PROCESS_ID].Type, "process_id"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_PROCESS_ID].Type, "process_id"); event_data->process_id = 0; } } else { @@ -725,13 +725,13 @@ int whodata_event_parse(const PEVT_VARIANT raw_data, whodata_evt *event_data) { // SubjectUserSid if (raw_data[RENDERED_USER_SID].Type != EvtVarTypeSid) { - mwarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_USER_SID].Type, "user_id"); + LogWarn(FIM_WHODATA_PARAMETER, raw_data[RENDERED_USER_SID].Type, "user_id"); event_data->user_id = NULL; } else if (!ConvertSidToStringSid(raw_data[RENDERED_USER_SID].SidVal, &event_data->user_id)) { if (event_data->user_name) { - mdebug1(FIM_WHODATA_INVALID_UID, event_data->user_name); + LogDebug(FIM_WHODATA_INVALID_UID, event_data->user_name); } else { - mdebug1(FIM_WHODATA_INVALID_UNKNOWN_UID); + LogDebug(FIM_WHODATA_INVALID_UNKNOWN_UID); } return -1; } @@ -791,7 +791,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr configuration = fim_configuration_directory(w_evt->path); if (configuration == NULL && !(mask & (FILE_APPEND_DATA | FILE_WRITE_DATA))) { // Discard the file or directory if its monitoring has not been activated - mdebug2(FIM_WHODATA_NOT_ACTIVE, w_evt->path); + LogDebug(FIM_WHODATA_NOT_ACTIVE, w_evt->path); free_whodata_event(w_evt); w_rwlock_unlock(&syscheck.directories_lock); goto clean; @@ -801,7 +801,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr // Ignore the file if belongs to a non-whodata directory if (!(configuration->dirs_status.status & WD_CHECK_WHODATA) && !(mask & (FILE_APPEND_DATA | FILE_WRITE_DATA))) { - mdebug2(FIM_WHODATA_CANCELED, w_evt->path); + LogDebug(FIM_WHODATA_CANCELED, w_evt->path); free_whodata_event(w_evt); w_rwlock_unlock(&syscheck.directories_lock); goto clean; @@ -810,7 +810,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr // Ignore any and all events that are beyond the configured recursion level. int depth = fim_check_depth(w_evt->path, configuration); if (depth > configuration->recursion_level) { - mdebug2(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, w_evt->path); + LogDebug(FIM_MAX_RECURSION_LEVEL, depth, configuration->recursion_level, w_evt->path); free_whodata_event(w_evt); w_rwlock_unlock(&syscheck.directories_lock); goto clean; @@ -827,7 +827,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr // If the device could not be found, it was monitored by Syscheck, has not recently been removed, // and had never been entered in the hash table before, we can deduce that it is a removed directory if (mask & DELETE || mask & FILE_APPEND_DATA) { - mdebug2(FIM_WHODATA_REMOVE_FOLDEREVENT, w_evt->path); + LogDebug(FIM_WHODATA_REMOVE_FOLDEREVENT, w_evt->path); is_directory = 1; } } @@ -850,9 +850,9 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr if (result == 1) { whodata_evt *w_evtdup; - mdebug2(FIM_WHODATA_HANDLE_UPDATE, hash_id); + LogDebug(FIM_WHODATA_HANDLE_UPDATE, hash_id); if (w_evtdup = OSHash_Delete_ex(syscheck.wdata.fd, hash_id), !w_evtdup) { - merror(FIM_ERROR_WHODATA_HANDLER_REMOVE, hash_id); + LogError(FIM_ERROR_WHODATA_HANDLER_REMOVE, hash_id); free_whodata_event(w_evt); goto clean; } @@ -860,7 +860,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr if (result = whodata_hash_add(syscheck.wdata.fd, hash_id, w_evt, "whodata"), result != 2) { if(result == 1){ - merror(FIM_ERROR_WHODATA_EVENTADD, "whodata", hash_id); // LCOV_EXCL_LINE + LogError(FIM_ERROR_WHODATA_EVENTADD, "whodata", hash_id); // LCOV_EXCL_LINE } free_whodata_event(w_evt); goto clean; @@ -887,7 +887,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr // Get the event time if (buffer[RENDERED_TIMESTAMP].Type != EvtVarTypeFileTime) { - mwarn(FIM_WHODATA_PARAMETER, buffer[RENDERED_TIMESTAMP].Type, "event_time"); + LogWarn(FIM_WHODATA_PARAMETER, buffer[RENDERED_TIMESTAMP].Type, "event_time"); w_evt->scan_directory = 2; goto clean; } @@ -900,7 +900,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr // Check if is a valid directory w_rwlock_rdlock(&syscheck.directories_lock); if (fim_configuration_directory(w_evt->path) == NULL) { - mdebug2(FIM_WHODATA_DIRECTORY_DISCARDED, w_evt->path); + LogDebug(FIM_WHODATA_DIRECTORY_DISCARDED, w_evt->path); w_evt->scan_directory = 2; w_rwlock_unlock(&syscheck.directories_lock); break; @@ -914,7 +914,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr if ((buffer[RENDERED_TIMESTAMP].FileTimeVal - w_dir->QuadPart) < FILETIME_SECOND) { w_rwlock_unlock(&syscheck.wdata.directories->mutex); - mdebug2(FIM_WHODATA_DIRECTORY_SCANNED, w_evt->path); + LogDebug(FIM_WHODATA_DIRECTORY_SCANNED, w_evt->path); w_evt->scan_directory = 3; break; } @@ -924,7 +924,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr w_rwlock_unlock(&syscheck.wdata.directories->mutex); - mdebug2(FIM_WHODATA_CHECK_NEW_FILES, w_evt->path); + LogDebug(FIM_WHODATA_CHECK_NEW_FILES, w_evt->path); } else { w_rwlock_unlock(&syscheck.wdata.directories->mutex); os_calloc(1, sizeof(whodata_directory), w_dir); @@ -934,7 +934,7 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr free(w_dir); break; } else { - mdebug2(FIM_WHODATA_CHECK_NEW_FILES, w_evt->path); + LogDebug(FIM_WHODATA_CHECK_NEW_FILES, w_evt->path); } } break; @@ -955,11 +955,11 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr fim_whodata_event(w_evt); } else { - mdebug2(FIM_WHODATA_NO_NEW_FILES, w_evt->path, w_evt->mask); + LogDebug(FIM_WHODATA_NO_NEW_FILES, w_evt->path, w_evt->mask); } } else if (w_evt->scan_directory == 2) { - mdebug1(FIM_WHODATA_SCAN_ABORTED, w_evt->path); + LogDebug(FIM_WHODATA_SCAN_ABORTED, w_evt->path); } } @@ -968,12 +968,12 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, __attr case 4719: if (policies_checked) { - mwarn(FIM_WHODATA_POLICY_CHANGE_CHANNEL); + LogWarn(FIM_WHODATA_POLICY_CHANGE_CHANNEL); win_whodata_release_resources(&syscheck.wdata); } break; default: - merror(FIM_ERROR_WHODATA_EVENTID); + LogError(FIM_ERROR_WHODATA_EVENTID); goto clean; } } @@ -996,7 +996,7 @@ int whodata_audit_start() { OSHash_SetFreeDataPointer(syscheck.wdata.fd, (void (*)(void *))free_whodata_event); - minfo(FIM_WHODATA_VOLUMES); + LogInfo(FIM_WHODATA_VOLUMES); get_volume_names(); return 0; @@ -1032,7 +1032,7 @@ int policy_check() { ULONG policyAuditEventType = 0; char guid_string[40]; - mdebug2(FIM_WHODATA_POLICY_OPENED); + LogDebug(FIM_WHODATA_POLICY_OPENED); while (policyAuditEventType < AuditEvents->MaximumAuditEventCount) { if(AuditLookupCategoryGuidFromCategoryId((POLICY_AUDIT_EVENT_TYPE)policyAuditEventType, &auditCategoryId) == FALSE) { @@ -1044,7 +1044,7 @@ int policy_check() { auditCategoryId.Data4[4], auditCategoryId.Data4[5], auditCategoryId.Data4[6], auditCategoryId.Data4[7]); if(!strcasecmp(guid_string, guid_ObjectAccess)) { - mdebug2(FIM_WHODATA_OBJECT_ACCESS, guid_string); + LogDebug(FIM_WHODATA_OBJECT_ACCESS, guid_string); if(AuditEnumerateSubCategories(&auditCategoryId, FALSE, &pAuditSubCategoryGuids, &subCategoryCount) == FALSE) { goto error; @@ -1066,11 +1066,11 @@ int policy_check() { if(currentPolicy.AuditingInformation & POLICY_AUDIT_EVENT_SUCCESS) { if(!strcasecmp(guid_string, guid_FileSystem)) { file_system_success = 1; - mdebug2(FIM_WHODATA_SUCCESS_POLICY, "File System", guid_string); + LogDebug(FIM_WHODATA_SUCCESS_POLICY, "File System", guid_string); } if(!strcasecmp(guid_string, guid_Handle)) { handle_manipulation_success = 1; - mdebug2(FIM_WHODATA_SUCCESS_POLICY, "Handle Manipulation", guid_string); + LogDebug(FIM_WHODATA_SUCCESS_POLICY, "Handle Manipulation", guid_string); } if(file_system_success && handle_manipulation_success) { LsaFreeMemory(AuditEvents); @@ -1103,7 +1103,7 @@ int policy_check() { memset(err_msg, 0, OS_SIZE_1024); FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, NULL, err_code, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &err_msg, OS_SIZE_1024, NULL); - mwarn(FIM_WHODATA_ERROR_CHECKING_POL, err_msg, err_code); + LogWarn(FIM_WHODATA_ERROR_CHECKING_POL, err_msg, err_code); if(open_policy) { LsaFreeMemory(AuditEvents); @@ -1134,14 +1134,14 @@ long unsigned int WINAPI state_checker(__attribute__((unused)) void *_void) { interval = syscheck.wdata.interval_scan; } - mdebug1(FIM_WHODATA_CHECKTHREAD, interval); + LogDebug(FIM_WHODATA_CHECKTHREAD, interval); while (atomic_int_get(&whodata_end) == 0) { - mdebug2(FIM_WHODATA_STATE_CHECKER); + LogDebug(FIM_WHODATA_STATE_CHECKER); // Check File System and Handle Manipulation policies. Switch to realtime in case these policies are disabled. if (policy_check() == 1) { - mwarn(FIM_WHODATA_POLICY_CHANGE_CHECKER); + LogWarn(FIM_WHODATA_POLICY_CHANGE_CHECKER); win_whodata_release_resources(&syscheck.wdata); break; } @@ -1174,9 +1174,9 @@ long unsigned int WINAPI state_checker(__attribute__((unused)) void *_void) { if (exists) { if (!(d_status->status & WD_STATUS_EXISTS)) { - minfo(FIM_WHODATA_READDED, dir_it->path); + LogInfo(FIM_WHODATA_READDED, dir_it->path); if (set_winsacl(dir_it->path, dir_it)) { - merror(FIM_ERROR_WHODATA_ADD_DIRECTORY, dir_it->path); + LogError(FIM_ERROR_WHODATA_ADD_DIRECTORY, dir_it->path); d_status->status &= ~WD_CHECK_WHODATA; dir_it->options &= ~WHODATA_ACTIVE; d_status->status |= WD_CHECK_REALTIME; @@ -1187,7 +1187,7 @@ long unsigned int WINAPI state_checker(__attribute__((unused)) void *_void) { } else { // Check if the SACL is invalid if (check_object_sacl(dir_it->path, (d_status->object_type == WD_STATUS_FILE_TYPE)) == 1) { - minfo(FIM_WHODATA_SACL_CHANGED, dir_it->path); + LogInfo(FIM_WHODATA_SACL_CHANGED, dir_it->path); // Mark the directory to prevent its children from // sending partial whodata alerts d_status->status &= ~WD_CHECK_WHODATA; @@ -1204,7 +1204,7 @@ long unsigned int WINAPI state_checker(__attribute__((unused)) void *_void) { } } } else { - mdebug2(FIM_WHODATA_DELETE, dir_it->path); + LogDebug(FIM_WHODATA_DELETE, dir_it->path); d_status->status &= ~WD_STATUS_EXISTS; d_status->object_type = WD_STATUS_UNK_TYPE; } @@ -1266,7 +1266,7 @@ int set_policies() { static const char *WPOL_HANDLE_SUC = ",System,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030},,,1\n"; if (!IsFile(WPOL_BACKUP_FILE) && remove(WPOL_BACKUP_FILE)) { - merror(FIM_ERROR_WPOL_BACKUP_FILE_REMOVE, WPOL_BACKUP_FILE, strerror(errno), errno); + LogError(FIM_ERROR_WPOL_BACKUP_FILE_REMOVE, WPOL_BACKUP_FILE, strerror(errno), errno); goto end; } @@ -1280,7 +1280,7 @@ int set_policies() { wm_exec_ret_code = wm_exec(command, NULL, &result_code, timeout+i, NULL); if (wm_exec_ret_code || result_code) { retval = 2; - merror(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); + LogError(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); } else { retval = 1; } @@ -1288,16 +1288,16 @@ int set_policies() { } while (i <= retries && (wm_exec_ret_code || result_code)); if (retval == 2) { - merror(FIM_WARN_WHODATA_AUTOCONF); + LogError(FIM_WARN_WHODATA_AUTOCONF); goto end; } if (f_backup = wfopen(WPOL_BACKUP_FILE, "r"), !f_backup) { - merror(FIM_ERROR_WPOL_BACKUP_FILE_OPEN, WPOL_BACKUP_FILE, strerror(errno), errno); + LogError(FIM_ERROR_WPOL_BACKUP_FILE_OPEN, WPOL_BACKUP_FILE, strerror(errno), errno); goto end; } if (f_new = wfopen(WPOL_NEW_FILE, "w"), !f_new) { - merror(FIM_ERROR_WPOL_BACKUP_FILE_OPEN, WPOL_NEW_FILE, strerror(errno), errno); + LogError(FIM_ERROR_WPOL_BACKUP_FILE_OPEN, WPOL_NEW_FILE, strerror(errno), errno); goto end; } @@ -1316,11 +1316,11 @@ int set_policies() { // Set the new policies i = 0; - do { + do { wm_exec_ret_code = wm_exec(command, NULL, &result_code, timeout+i, NULL); if (wm_exec_ret_code || result_code) { retval = 2; - merror(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); + LogError(FIM_AUDITPOL_ATTEMPT_FAIL, i+1); } else { retval = 1; } @@ -1328,7 +1328,7 @@ int set_policies() { } while (i <= retries && (wm_exec_ret_code || result_code)); if (retval == 2) { - merror(FIM_WARN_WHODATA_AUTOCONF); + LogError(FIM_WARN_WHODATA_AUTOCONF); goto end; } @@ -1399,18 +1399,18 @@ int check_object_sacl(char *obj, int is_file) { int privilege_enabled = 0; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hdle)) { - merror(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); + LogError(FIM_ERROR_SACL_OPENPROCESSTOKEN, GetLastError()); return retval; } if (set_privilege(hdle, priv, TRUE)) { - merror(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_ELEVATE_PRIVILEGE, GetLastError()); goto end; } privilege_enabled = 1; if (result = GetNamedSecurityInfo(obj, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &security_descriptor), result != ERROR_SUCCESS) { - merror(FIM_ERROR_SACL_GETSECURITYINFO, result); + LogError(FIM_ERROR_SACL_GETSECURITYINFO, result); goto end; } @@ -1420,7 +1420,7 @@ int check_object_sacl(char *obj, int is_file) { if (privilege_enabled) { // Disable the privilege if (set_privilege(hdle, priv, FALSE)) { - merror(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); + LogError(FIM_ERROR_SACL_SET_PRIVILEGE, GetLastError()); } } if (hdle) { @@ -1440,9 +1440,9 @@ int whodata_hash_add(OSHash *table, char *id, void *data, char *tag) { if (result = OSHash_Add_ex(table, id, data), result != 2) { if (!result) { - merror(FIM_ERROR_WHODATA_EVENTADD, tag, id); + LogError(FIM_ERROR_WHODATA_EVENTADD, tag, id); } else if (result == 1) { - mdebug2(FIM_ERROR_WHODATA_EVENTADD_DUP, tag, id); + LogDebug(FIM_ERROR_WHODATA_EVENTADD_DUP, tag, id); } } @@ -1471,7 +1471,7 @@ int get_volume_names() { if (fh == INVALID_HANDLE_VALUE) { win_error = GetLastError(); - mwarn("FindFirstVolumeW failed (%u)'%s'", win_error, strerror(win_error)); + LogWarn("FindFirstVolumeW failed (%u)'%s'", win_error, strerror(win_error)); FindVolumeClose(fh); return success; } @@ -1493,7 +1493,7 @@ int get_volume_names() { volume_name[3] != L'\\' || volume_name[index] != L'\\') { - mwarn("Find Volume returned a bad path: %s", convert_volume); + LogWarn("Find Volume returned a bad path: %s", convert_volume); break; } @@ -1505,7 +1505,7 @@ int get_volume_names() { if (char_count == 0) { win_error = GetLastError(); - mwarn("QueryDosDeviceW failed (%u)'%s'", win_error, strerror(win_error)); + LogWarn("QueryDosDeviceW failed (%u)'%s'", win_error, strerror(win_error)); break; } @@ -1521,7 +1521,7 @@ int get_volume_names() { win_error = GetLastError(); if (win_error != ERROR_NO_MORE_FILES) { - mwarn("FindNextVolumeW failed (%u)'%s'", win_error, strerror(win_error)); + LogWarn("FindNextVolumeW failed (%u)'%s'", win_error, strerror(win_error)); break; } @@ -1564,7 +1564,7 @@ int get_drive_names(wchar_t *volume_name, char *device) { } if (retval = GetLastError(), retval != ERROR_MORE_DATA) { - mwarn("GetVolumePathNamesForVolumeNameW (%u)'%s'", retval, strerror(retval)); + LogWarn("GetVolumePathNamesForVolumeNameW (%u)'%s'", retval, strerror(retval)); break; } @@ -1579,7 +1579,7 @@ int get_drive_names(wchar_t *volume_name, char *device) { for (nameit = names; nameit[0] != L'\0'; nameit += name_len + 1) { name_len = wcslen(nameit); wcstombs(convert_name, nameit, name_len); - mdebug1(FIM_WHODATA_DEVICE_LETTER, device, convert_name); + LogDebug(FIM_WHODATA_DEVICE_LETTER, device, convert_name); if(syscheck.wdata.device) { device_it = 0; @@ -1627,14 +1627,14 @@ void replace_device_path(char **path) { while (syscheck.wdata.device[iterator]) { size_t dev_size = strlen(syscheck.wdata.device[iterator]); - mdebug2(FIM_WHODATA_DEVICE_PATH, syscheck.wdata.device[iterator], *path); + LogDebug(FIM_WHODATA_DEVICE_PATH, syscheck.wdata.device[iterator], *path); if (!strncmp(*path, syscheck.wdata.device[iterator], dev_size)) { size_t new_path_size = strlen(syscheck.wdata.drive[iterator]) + (size_t) (*path - dev_size); os_calloc(new_path_size + 1, sizeof(char), new_path); snprintf(new_path, new_path_size, "%s%s", syscheck.wdata.drive[iterator], *path + dev_size); - mdebug2(FIM_WHODATA_DEVICE_REPLACE, *path, new_path); + LogDebug(FIM_WHODATA_DEVICE_REPLACE, *path, new_path); os_free(*path); *path = new_path; @@ -1663,7 +1663,7 @@ char *get_whodata_path(const short unsigned int *win_path) { } if (count <= 0) { - mdebug1(FIM_WHODATA_PATH_NOPROCCESED, error); + LogDebug(FIM_WHODATA_PATH_NOPROCCESED, error); os_free(path); } @@ -1672,7 +1672,7 @@ char *get_whodata_path(const short unsigned int *win_path) { int whodata_path_filter(char **path) { if (check_removed_file(*path)) { - mdebug2(FIM_DISCARD_RECYCLEBIN, *path); + LogDebug(FIM_DISCARD_RECYCLEBIN, *path); return 1; } @@ -1689,11 +1689,11 @@ int whodata_check_arch() { const char *processor_arch = "PROCESSOR_ARCHITECTURE"; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, environment_key, 0, KEY_READ, &RegistryKey) != ERROR_SUCCESS) { - merror(SK_REG_OPEN, environment_key); + LogError(SK_REG_OPEN, environment_key); return OS_INVALID; } else { if (result = RegQueryValueEx(RegistryKey, TEXT(processor_arch), NULL, NULL, (LPBYTE)&arch, &data_size), result != ERROR_SUCCESS) { - merror(FIM_ERROR_WHODATA_WIN_ARCH, (unsigned int)result); + LogError(FIM_ERROR_WHODATA_WIN_ARCH, (unsigned int)result); } else { if (!strncmp(arch, "AMD64", 5) || !strncmp(arch, "IA64", 4) || !strncmp(arch, "ARM64", 5)) { @@ -1727,7 +1727,7 @@ int w_update_sacl(const char *obj_path) { if (!everyone_sid) { if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid)) { - merror(FIM_ERROR_WHODATA_WIN_SIDERROR, GetLastError()); + LogError(FIM_ERROR_WHODATA_WIN_SIDERROR, GetLastError()); goto end; } } @@ -1737,26 +1737,26 @@ int w_update_sacl(const char *obj_path) { } if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hdle)) { - merror(FIM_ERROR_WHODATA_OPEN_TOKEN, GetLastError()); + LogError(FIM_ERROR_WHODATA_OPEN_TOKEN, GetLastError()); goto end; } if (set_privilege(hdle, priv, TRUE)) { - merror(FIM_ERROR_WHODATA_ACTIVATE_PRIV, GetLastError()); + LogError(FIM_ERROR_WHODATA_ACTIVATE_PRIV, GetLastError()); goto end; } privilege_enabled = 1; if (result = GetNamedSecurityInfo(obj_path, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &old_sacl, &security_descriptor), result != ERROR_SUCCESS) { - merror(FIM_ERROR_WHODATA_GETNAMEDSECURITY, result); + LogError(FIM_ERROR_WHODATA_GETNAMEDSECURITY, result); goto end; } ZeroMemory(&old_sacl_info, sizeof(ACL_SIZE_INFORMATION)); // Get SACL size if (old_sacl && !GetAclInformation(old_sacl, (LPVOID)&old_sacl_info, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation)) { - merror(FIM_ERROR_WHODATA_SACL_SIZE, obj_path); + LogError(FIM_ERROR_WHODATA_SACL_SIZE, obj_path); goto end; } @@ -1764,17 +1764,17 @@ int w_update_sacl(const char *obj_path) { new_sacl_size = (old_sacl ? old_sacl_info.AclBytesInUse : sizeof(ACL)) + sizeof(SYSTEM_AUDIT_ACE) + ev_sid_size; if (new_sacl = (PACL)win_alloc(new_sacl_size), !new_sacl) { - merror(FIM_ERROR_WHODATA_SACL_MEMORY, obj_path); + LogError(FIM_ERROR_WHODATA_SACL_MEMORY, obj_path); goto end; } if (!InitializeAcl(new_sacl, new_sacl_size, ACL_REVISION)) { - merror(FIM_ERROR_WHODATA_SACL_NOCREATE, obj_path, GetLastError()); + LogError(FIM_ERROR_WHODATA_SACL_NOCREATE, obj_path, GetLastError()); goto end; } if (ace = (SYSTEM_AUDIT_ACE *)win_alloc(sizeof(SYSTEM_AUDIT_ACE) + ev_sid_size - sizeof(DWORD)), !ace) { - merror(FIM_ERROR_WHODATA_ACE_MEMORY, obj_path, GetLastError()); + LogError(FIM_ERROR_WHODATA_ACE_MEMORY, obj_path, GetLastError()); goto end; } @@ -1784,7 +1784,7 @@ int w_update_sacl(const char *obj_path) { ace->Mask = 0; if (!CopySid(ev_sid_size, &ace->SidStart, everyone_sid)) { - merror(FIM_ERROR_WHODATA_COPY_SID, obj_path, ev_sid_size, GetLastError()); + LogError(FIM_ERROR_WHODATA_COPY_SID, obj_path, ev_sid_size, GetLastError()); goto end; } @@ -1792,12 +1792,12 @@ int w_update_sacl(const char *obj_path) { if (old_sacl_info.AceCount) { for (i = 0; i < old_sacl_info.AceCount; i++) { if (!GetAce(old_sacl, i, &entry_access_it)) { - merror(FIM_ERROR_WHODATA_ACE_NOOBTAIN, i, obj_path); + LogError(FIM_ERROR_WHODATA_ACE_NOOBTAIN, i, obj_path); goto end; } if (!AddAce(new_sacl, ACL_REVISION, MAXDWORD, entry_access_it, ((PACE_HEADER)entry_access_it)->AceSize)) { - merror(FIM_ERROR_WHODATA_ACE_NUMBER, i, obj_path); + LogError(FIM_ERROR_WHODATA_ACE_NUMBER, i, obj_path); goto end; } } @@ -1806,19 +1806,19 @@ int w_update_sacl(const char *obj_path) { // Add the new ACE if (!AddAce(new_sacl, ACL_REVISION, 0, (LPVOID)ace, ace->Header.AceSize)) { - merror(FIM_ERROR_WHODATA_ACE_NOADDED, obj_path, GetLastError()); + LogError(FIM_ERROR_WHODATA_ACE_NOADDED, obj_path, GetLastError()); goto end; } if (result = SetNamedSecurityInfo((char *) obj_path, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, new_sacl), result != ERROR_SUCCESS) { - merror(FIM_ERROR_WHODATA_SETNAMEDSECURITY, result); + LogError(FIM_ERROR_WHODATA_SETNAMEDSECURITY, result); goto end; } retval = 0; end: if (privilege_enabled && set_privilege(hdle, priv, FALSE)) { - merror(FIM_ERROR_WHODATA_ACTIVATE_PRIV, GetLastError()); + LogError(FIM_ERROR_WHODATA_ACTIVATE_PRIV, GetLastError()); goto end; } diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/__init__.py b/src/modules/fim/tests/integration/test_files/test_invalid_characters/__init__.py new file mode 100644 index 0000000000..be20efa8ec --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/__init__.py @@ -0,0 +1,10 @@ +# Copyright (C) 2015-2024, Wazuh Inc. +# Created by Wazuh, Inc. . +# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +from pathlib import Path + + +# Constants & base paths +DATA_PATH = Path(Path(__file__).parent, 'data') +CONFIGS_PATH = Path(DATA_PATH, 'configuration_templates') +TEST_CASES_PATH = Path(DATA_PATH, 'test_cases') diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_basic.yaml b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_basic.yaml new file mode 100644 index 0000000000..1f9b704c1e --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_basic.yaml @@ -0,0 +1,27 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: "no" + - frequency: + value: FREQUENCY + - directories: + value: TEST_DIR + attributes: + - FIM_MODE + - synchronization: + elements: + - interval: + value: 5 + - section: sca + elements: + - enabled: + value: "no" + - section: rootcheck + elements: + - disabled: + value: "yes" + - section: active-response + elements: + - disabled: + value: "yes" diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_registries.yaml b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_registries.yaml new file mode 100644 index 0000000000..9ee7003f05 --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/configuration_templates/configuration_registries.yaml @@ -0,0 +1,30 @@ +- sections: + - section: syscheck + elements: + - disabled: + value: 'no' + - windows_registry: + value: WINDOWS_REGISTRY + attributes: + - check_all: 'yes' + - arch: ARCH + - frequency: + value: 3 + - synchronization: + elements: + - interval: + value: 5 + - section: sca + elements: + - enabled: + value: 'no' + - section: rootcheck + elements: + - disabled: + value: 'yes' + - section: wodle + attributes: + - name: 'syscollector' + elements: + - disabled: + value: 'yes' diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_nonUTF8.yaml b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_nonUTF8.yaml new file mode 100644 index 0000000000..3183c9eab0 --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_nonUTF8.yaml @@ -0,0 +1,42 @@ +- name: Invalid nonUTF8 - Scheduled + description: When a scheduled monitored directory is deleted, modified + or added FIM raises a log in the next scan, in + this case the scan are made every 3 secconds. + configuration_parameters: + TEST_DIR: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + FREQUENCY: 3 + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + fim_mode: scheduled + +- name: Invalid nonUTF8 - Realtime + description: When a scheduled monitored directory is deleted, modified + or added FIM raises a log in the next scan, in + this case the scan are made every 3 secconds. + configuration_parameters: + TEST_DIR: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + FREQUENCY: 43200 # As default 12 hs + FIM_MODE: + realtime: 'yes' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + fim_mode: realtime + +- name: Invalid nonUTF8 - Whodata + description: When a scheduled monitored directory is deleted, modified + or added FIM raises a log in the next scan, in + this case the scan are made every 3 secconds. + configuration_parameters: + TEST_DIR: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + FREQUENCY: 43200 # As default 12 hs + FIM_MODE: + whodata: 'yes' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + fim_mode: whodata diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_registries.yaml b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_registries.yaml new file mode 100644 index 0000000000..5fdd0b5b0d --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/data/test_cases/cases_registries.yaml @@ -0,0 +1,12 @@ +- name: Key registry with invalid characters + description: The event should trigger a warning that the path name is invalid. + configuration_parameters: + WINDOWS_REGISTRY: !!python/object/apply:os.path.join + args: [HKEY_LOCAL_MACHINE, SOFTWARE, Classes, testkey] + ARCH: '64bit' + metadata: + fim_mode: scheduled + key: 'HKEY_LOCAL_MACHINE' + sub_key: !!python/object/apply:os.path.join + args: [SOFTWARE, Classes, testkey] + arch: 'x64' diff --git a/src/modules/fim/tests/integration/test_files/test_invalid_characters/test_non_utf8_characters.py b/src/modules/fim/tests/integration/test_files/test_invalid_characters/test_non_utf8_characters.py index 38994d2cdf..927872795d 100644 --- a/src/modules/fim/tests/integration/test_files/test_invalid_characters/test_non_utf8_characters.py +++ b/src/modules/fim/tests/integration/test_files/test_invalid_characters/test_non_utf8_characters.py @@ -56,7 +56,6 @@ tags: - fim ''' - import os import sys @@ -337,4 +336,4 @@ def create_invalid_utf8_path(test_metadata: dict, invalid_sequence: bytes) -> by # Byte conversion here to concatenate with invalid sequences folder_to_monitor_bytes: bytes = test_metadata['folder_to_monitor'].encode( 'utf-8') - return os.path.join(folder_to_monitor_bytes, invalid_sequence) + return os.path.join(folder_to_monitor_bytes, invalid_sequence) \ No newline at end of file diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_default.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_configured.yaml similarity index 100% rename from src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_default.yaml rename to src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_configured.yaml diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_values.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_values.yaml new file mode 100644 index 0000000000..f7bf874589 --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_disk_quota_values.yaml @@ -0,0 +1,307 @@ +- name: Test 'disk_quota' information, fim_mode = scheduled + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'scheduled' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1KB' + +- name: Test 'disk_quota' information, fim_mode = scheduled + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '10KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '10KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'scheduled' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '10KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '10KB' + +- name: Test 'disk_quota' information, fim_mode = scheduled + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '100KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '100KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'scheduled' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '100KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '100KB' + +- name: Test 'disk_quota' information, fim_mode = scheduled + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1MB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1MB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'scheduled' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1MB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1MB' + +- name: Test 'disk_quota' information, fim_mode = realtime + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - realtime: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'realtime' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1KB' + +- name: Test 'disk_quota' information, fim_mode = realtime + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - realtime: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '10KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '10KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'realtime' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '10KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '10KB' + +- name: Test 'disk_quota' information, fim_mode = realtime + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - realtime: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '100KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '100KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'realtime' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '100KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '100KB' + +- name: Test 'disk_quota' information, fim_mode = realtime + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - realtime: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1MB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1MB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'realtime' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1MB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1MB' + +- name: Test 'disk_quota' information, fim_mode = whodata + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - whodata: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'whodata' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1KB' + +- name: Test 'disk_quota' information, fim_mode = whodata + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - whodata: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '10KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '10KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'whodata' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '10KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '10KB' + +- name: Test 'disk_quota' information, fim_mode = whodata + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - whodata: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '100KB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '100KB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'whodata' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '100KB' + disk_quota_enabled: 'yes' + disk_quota_limit: '100KB' + +- name: Test 'disk_quota' information, fim_mode = whodata + description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate + 'diff' information from the default value of the 'disk_quota' option. + configuration_parameters: + TEST_DIRECTORIES: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + ATTRIBUTES: + - whodata: 'yes' + - report_changes: 'yes' + FILE_SIZE_ENABLED: 'no' + FILE_SIZE_LIMIT: '1MB' + DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_LIMIT: '1MB' + metadata: + folder_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] + filename: 'testfile' + fim_mode: 'whodata' + report_changes: 'yes' + file_size_enabled: 'no' + file_size_limit: '1MB' + disk_quota_enabled: 'yes' + disk_quota_limit: '1MB' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_diff_size_limit.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_configured.yaml similarity index 100% rename from src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_diff_size_limit.yaml rename to src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_configured.yaml diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_default.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_default.yaml index caebed6d1f..920c8684a1 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_default.yaml +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_default.yaml @@ -9,6 +9,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: scheduled report_changes: 'yes' @@ -25,6 +27,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: realtime report_changes: 'yes' @@ -41,6 +45,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: whodata report_changes: 'yes' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_disabled.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_disabled.yaml index eb4cde4b68..a04fa0d1d8 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_disabled.yaml +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_disabled.yaml @@ -7,7 +7,7 @@ - report_changes: 'yes' FILE_SIZE_ENABLED: 'no' FILE_SIZE_LIMIT: '1KB' - DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_ENABLED: 'no' DISK_QUOTA_LIMIT: '2KB' metadata: folder_to_monitor: !!python/object/apply:os.path.join @@ -18,7 +18,7 @@ report_changes: 'yes' file_size_enabled: 'no' file_size_limit: '1KB' - disk_quota_enabled: 'yes' + disk_quota_enabled: 'no' disk_quota_limit: '2KB' string_size: 10000000 @@ -32,7 +32,7 @@ - realtime: 'yes' FILE_SIZE_ENABLED: 'no' FILE_SIZE_LIMIT: '1KB' - DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_ENABLED: 'no' DISK_QUOTA_LIMIT: '2KB' metadata: folder_to_monitor: !!python/object/apply:os.path.join @@ -43,7 +43,7 @@ report_changes: 'yes' file_size_enabled: 'no' file_size_limit: '1KB' - disk_quota_enabled: 'yes' + disk_quota_enabled: 'no' disk_quota_limit: '2KB' string_size: 10000000 @@ -57,7 +57,7 @@ - whodata: 'yes' FILE_SIZE_ENABLED: 'no' FILE_SIZE_LIMIT: '1KB' - DISK_QUOTA_ENABLED: 'yes' + DISK_QUOTA_ENABLED: 'no' DISK_QUOTA_LIMIT: '2KB' metadata: folder_to_monitor: !!python/object/apply:os.path.join @@ -68,6 +68,6 @@ report_changes: 'yes' file_size_enabled: 'no' file_size_limit: '1KB' - disk_quota_enabled: 'yes' + disk_quota_enabled: 'no' disk_quota_limit: '2KB' string_size: 10000000 diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_values.yaml b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_values.yaml index 8b6fcd2f36..b69104aa7e 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_values.yaml +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/data/test_cases/cases_file_size_values.yaml @@ -13,6 +13,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'scheduled' report_changes: 'yes' @@ -36,6 +38,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'scheduled' report_changes: 'yes' @@ -59,6 +63,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'scheduled' report_changes: 'yes' @@ -82,6 +88,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'scheduled' report_changes: 'yes' @@ -106,6 +114,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'realtime' report_changes: 'yes' @@ -130,6 +140,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'realtime' report_changes: 'yes' @@ -154,6 +166,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'realtime' report_changes: 'yes' @@ -178,6 +192,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'realtime' report_changes: 'yes' @@ -202,6 +218,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'whodata' report_changes: 'yes' @@ -226,6 +244,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'whodata' report_changes: 'yes' @@ -250,6 +270,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'whodata' report_changes: 'yes' @@ -274,6 +296,8 @@ metadata: folder_to_monitor: !!python/object/apply:os.path.join args: [!!python/object/apply:os.getcwd [], test_dir] + file_to_monitor: !!python/object/apply:os.path.join + args: [!!python/object/apply:os.getcwd [], test_dir, testfile] filename: 'testfile' fim_mode: 'whodata' report_changes: 'yes' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_default.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_configured.py similarity index 94% rename from src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_default.py rename to src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_configured.py index 6a9353c43d..15d865e95b 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_default.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_configured.py @@ -69,7 +69,7 @@ from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import DISK_QUOTA_LIMIT_CONFIGURED_VALUE, ERROR_MSG_DISK_QUOTA_LIMIT +from wazuh_testing.modules.fim.patterns import DIFF_DISK_QUOTA_LIMIT, ERROR_MSG_DISK_QUOTA_LIMIT from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.callbacks import generate_callback from wazuh_testing.utils.configuration import get_test_cases_data, load_configuration_template @@ -82,7 +82,7 @@ # Test metadata, configuration and ids. -cases_path = Path(TEST_CASES_PATH, 'cases_disk_quota_default.yaml') +cases_path = Path(TEST_CASES_PATH, 'cases_disk_quota_configured.yaml') config_path = Path(CONFIGS_PATH, 'configuration_disk_quota_default.yaml') test_configuration, test_metadata, cases_ids = get_test_cases_data(cases_path) test_configuration = load_configuration_template(config_path, test_configuration, test_metadata) @@ -134,7 +134,7 @@ def test_disk_quota_default(test_configuration, test_metadata, configure_local_i to store 'diff' information to the default limit of the 'disk_quota' tag (1GB). input_description: An external YAML file (configuration_diff_size.yaml) includes configuration settings for the agent. - Different test cases are found in the cases_disk_quota_default.yaml file and include parameters for + Different test cases are found in the cases_disk_quota_configured.yaml file and include parameters for the environment setup, the requests to be made, and the expected result. expected_output: @@ -145,7 +145,7 @@ def test_disk_quota_default(test_configuration, test_metadata, configure_local_i - scheduled ''' wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(DISK_QUOTA_LIMIT_CONFIGURED_VALUE), timeout=30) + wazuh_log_monitor.start(generate_callback(DIFF_DISK_QUOTA_LIMIT), timeout=30) callback_result = wazuh_log_monitor.callback_result assert callback_result, ERROR_MSG_DISK_QUOTA_LIMIT assert str(wazuh_log_monitor.callback_result[0]) == str(DISK_QUOTA_DEFAULT_VALUE), 'Wrong value for disk_quota' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_disabled.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_disabled.py index bd6bb970eb..90f1dbc954 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_disabled.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_disabled.py @@ -65,11 +65,14 @@ from pathlib import Path import pytest +import time +import sys +from wazuh_testing.constants.platforms import WINDOWS from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import FILE_EXCEEDS_DISK_QUOTA +from wazuh_testing.modules.fim.patterns import DISK_QUOTA_LIMIT_REACHED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.file import write_file from wazuh_testing.utils.string import generate_string @@ -96,8 +99,8 @@ # Tests @pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=cases_ids) -def test_disk_quota_disabled(test_configuration, test_metadata, configure_local_internal_options, - truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler): +def test_disk_quota_disabled(test_configuration, test_metadata, configure_local_internal_options, truncate_monitored_files, + set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler, detect_end_scan): ''' description: Check if the 'wazuh-syscheckd' daemon limits the size of the folder where the data used to perform the 'diff' operations is stored when the 'disk_quota' option is disabled. @@ -151,11 +154,16 @@ def test_disk_quota_disabled(test_configuration, test_metadata, configure_local_ - disk_quota - scheduled ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) + to_write = generate_string(test_metadata.get('string_size'), '0') write_file(test_metadata.get('file_to_monitor'), data=to_write) wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) + wazuh_log_monitor.start(generate_callback(DISK_QUOTA_LIMIT_REACHED), timeout=30) + assert (wazuh_log_monitor.callback_result == None), f'Error, unexpected disk_quota limit event.' - wazuh_log_monitor.start(generate_callback(FILE_EXCEEDS_DISK_QUOTA), timeout=30) - - assert (wazuh_log_monitor.callback_result == None), f'Error exceeds disk quota detected.' + wazuh_log_monitor.start(generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'More changes...' in str(wazuh_log_monitor.callback_result[0]), 'Wrong content_changes field' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_values.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_values.py new file mode 100644 index 0000000000..46b60c62c9 --- /dev/null +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_disk_quota_values.py @@ -0,0 +1,202 @@ +''' +copyright: Copyright (C) 2015-2024, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: File Integrity Monitoring (FIM) system watches selected files and triggering alerts when + these files are modified. Specifically, these tests will verify that FIM does not limit + the size of the 'queue/diff/local' folder where Wazuh stores the compressed files used + to perform the 'diff' operation when the 'disk_quota' option is enabled with specific values. + The FIM capability is managed by the 'wazuh-syscheckd' daemon, which checks configured + files for changes to the checksums, permissions, and ownership. + +components: + - fim + +suite: files_report_changes + +targets: + - agent + +daemons: + - wazuh-syscheckd + +os_platform: + - linux + - windows + - macos + +os_version: + - Arch Linux + - Amazon Linux 2 + - Amazon Linux 1 + - CentOS 8 + - CentOS 7 + - Debian Buster + - Red Hat 8 + - macOS Catalina + - macOS Server + - Ubuntu Focal + - Ubuntu Bionic + - Windows 10 + - Windows Server 2019 + - Windows Server 2016 + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#disk-quota + +pytest_args: + - fim_mode: + realtime: Enable real-time monitoring on Linux (using the 'inotify' system calls) and Windows systems. + whodata: Implies real-time monitoring but adding the 'who-data' information. + - tier: + 0: Only level 0 tests are performed, they check basic functionalities and are quick to perform. + 1: Only level 1 tests are performed, they check functionalities of medium complexity. + 2: Only level 2 tests are performed, they check advanced functionalities and are slow to perform. + +tags: + - fim_report_changes +''' +import os +import time +import sys + +from pathlib import Path + +import pytest + +from wazuh_testing.constants.platforms import WINDOWS +from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH +from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG, FILE_MAX_SIZE, RT_DELAY +from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG +from wazuh_testing.modules.fim.patterns import DISK_QUOTA_LIMIT_REACHED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED, \ + ERROR_MSG_FILE_LIMIT_REACHED, EVENT_UNABLE_DIFF +from wazuh_testing.modules.fim.utils import make_diff_file_path +from wazuh_testing.tools.monitors.file_monitor import FileMonitor +from wazuh_testing.utils.file import write_file, translate_size +from wazuh_testing.utils.random import get_random_string +from wazuh_testing.utils.callbacks import generate_callback +from wazuh_testing.utils.configuration import get_test_cases_data, load_configuration_template + +from . import TEST_CASES_PATH, CONFIGS_PATH + + +# Marks +pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=1)] + + +# Test metadata, configuration and ids. +cases_path = Path(TEST_CASES_PATH, 'cases_disk_quota_values.yaml') +config_path = Path(CONFIGS_PATH, 'configuration_diff_size.yaml') +test_configuration, test_metadata, cases_ids = get_test_cases_data(cases_path) +test_configuration = load_configuration_template(config_path, test_configuration, test_metadata) + + +# Set configurations required by the fixtures. +local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: 2, FILE_MAX_SIZE: 0, RT_DELAY: 1000} + + +# Tests +@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=cases_ids) +def test_disk_quota_values(test_configuration, test_metadata, configure_local_internal_options, + truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler, detect_end_scan): + ''' + description: Check if the 'wazuh-syscheckd' daemon limits the size of the diff folder to generate + 'diff' information from a specific value of the 'disk_quota' option. For this purpose, + the test will monitor a directory, create a testing file smaller than the configured quota, + and check if the compressed file has been created. Then, it will increase the size of + the testing file. Finally, the test will verify that the FIM event related to the + reached quota limit has been generated with the content_changes correct message, and + the compressed file in the 'queue/diff/local' directory does not exist. + + wazuh_min_version: 4.6.0 + + tier: 1 + + parameters: + - test_configuration: + type: data + brief: Configuration used in the test. + - test_metadata: + type: data + brief: Configuration cases. + - configure_local_internal_options: + type: fixture + brief: Set internal configuration for testing. + - truncate_monitored_files: + type: fixture + brief: Reset the 'ossec.log' file and start a new monitor. + - set_wazuh_configuration: + type: fixture + brief: Configure a custom environment for testing. + - folder_to_monitor: + type: str + brief: Folder created for monitoring. + - file_to_monitor: + type: str + brief: File created for monitoring. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + - detect_end_scan + type: fixture + brief: Check first scan end. + + assertions: + - Verify that the 'diff' folder is created when a monitored file does not exceed the quota limit. + - Verify that FIM events are generated indicating the quota limit reached of monitored files + to generate 'diff' information when a limit is set in the 'disk_quota' tag. + - Verify that the 'diff' folder is removed when a monitored file exceeds the size limit. + + input_description: An external YAML file (configuration_diff_size.yaml) includes configuration settings for the agent. + Different test cases are found in the cases_disk_quota_values.yaml file and include parameters for + the environment setup, the requests to be made, and the expected result. + + expected_output: + - r'.*Sending FIM event: .*"content_changes":"...000...".*' + - r'.*Folder .* has been deleted.*' + - r'.*The .* of the file size .* exceeds the disk_quota.*' + - r'.*"content_changes":"Unable to calculate diff due to 'disk_quota' limit has been reached."' + + tags: + - diff + - scheduled + ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) + + size_limit = translate_size(test_metadata.get('disk_quota_limit')) + diff_file_path = make_diff_file_path(folder=test_metadata.get('folder_to_monitor'), filename=test_metadata.get('filename')) + + # Modify file with a smaller size than the configured value + to_write = "test_string" + get_random_string(int(size_limit / 10)) + write_file(file_to_monitor, data=to_write) + + wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) + wazuh_log_monitor.start(callback=generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + content_changes = str(wazuh_log_monitor.callback_result) + assert 'test_string' in content_changes or 'More changes...' in content_changes, 'Wrong content_changes field' + + if not os.path.exists(diff_file_path): + pytest.raises(FileNotFoundError(f"{diff_file_path} not found. It should exist before increasing the size.")) + + # Increase the size of the file over the configured value + to_write += get_random_string(int(size_limit * 3)) + write_file(file_to_monitor, data=to_write) + + wazuh_log_monitor.start(callback=generate_callback(DISK_QUOTA_LIMIT_REACHED), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_FILE_LIMIT_REACHED + + # Check the content_changes field in the event + wazuh_log_monitor.start(callback=generate_callback(EVENT_UNABLE_DIFF), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'Unable to calculate diff due to \'disk_quota\' limit has been reached.' in wazuh_log_monitor.callback_result, 'Wrong content_changes field' + + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_diff_size_limit.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_configured.py similarity index 97% rename from src/modules/fim/tests/integration/test_files/test_report_changes/test_diff_size_limit.py rename to src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_configured.py index 0ed7d3d142..e5e0c5393f 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_diff_size_limit.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_configured.py @@ -83,7 +83,7 @@ # Test metadata, configuration and ids. -cases_path = Path(TEST_CASES_PATH, 'cases_diff_size_limit.yaml') +cases_path = Path(TEST_CASES_PATH, 'cases_file_size_configured.yaml') config_path = Path(CONFIGS_PATH, 'configuration_diff_size.yaml') test_configuration, test_metadata, cases_ids = get_test_cases_data(cases_path) test_configuration = load_configuration_template(config_path, test_configuration, test_metadata) @@ -134,7 +134,7 @@ def test_diff_size_limit(test_configuration, test_metadata, configure_local_inte set in the 'diff_size_limit' attribute when the global 'file_size' tag is different. input_description: An external YAML file (configuration_diff_size.yaml) includes configuration settings for the agent. - Different test cases are found in the cases_diff_size_limit_configured.yaml file and include parameters for + Different test cases are found in the cases_file_size_configured_configured.yaml file and include parameters for the environment setup, the requests to be made, and the expected result. expected_output: diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_default.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_default.py index f47a19d1db..c85595e241 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_default.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_default.py @@ -63,15 +63,19 @@ - fim_report_changes ''' import os +import time +import sys from pathlib import Path import pytest +from wazuh_testing.constants.platforms import WINDOWS from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG +from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG, RT_DELAY from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED, EVENT_TYPE_ADDED, ERROR_MSG_FIM_EVENT_NOT_DETECTED, ERROR_MSG_FILE_LIMIT_REACHED +from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED, \ + ERROR_MSG_FILE_LIMIT_REACHED, DIFF_FOLDER_DELETED, ERROR_MSG_FOLDER_DELETED, EVENT_UNABLE_DIFF from wazuh_testing.modules.fim.utils import make_diff_file_path from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.file import write_file, translate_size @@ -94,13 +98,13 @@ # Set configurations required by the fixtures. -local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: '2'} +local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: '2', RT_DELAY: 1000} # Tests @pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=cases_ids) def test_file_size_default(test_configuration, test_metadata, configure_local_internal_options, - truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, daemons_handler, detect_end_scan): + truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler, detect_end_scan): ''' description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate 'diff' information from the default value of the 'file_size' option. For this purpose, @@ -133,6 +137,9 @@ def test_file_size_default(test_configuration, test_metadata, configure_local_in - folder_to_monitor: type: str brief: Folder created for monitoring. + - file_to_monitor: + type: str + brief: File created for monitoring. - daemons_handler: type: fixture brief: Handler of Wazuh daemons. @@ -151,35 +158,47 @@ def test_file_size_default(test_configuration, test_metadata, configure_local_in the environment setup, the requests to be made, and the expected result. expected_output: - - r'.*Sending FIM event: (.+)$' ('added' events) + - r'.*Sending FIM event: .*"content_changes":"...000...".*' + - r'.*Folder .* has been deleted.*' - r'.*File .* is too big for configured maximum size to perform diff operation' + - r'.*"content_changes":"Unable to calculate diff due to 'file_size' limit has been reached."' tags: - diff - scheduled ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) + size_limit = translate_size('50MB') diff_file_path = make_diff_file_path(folder=test_metadata.get('folder_to_monitor'), filename=test_metadata.get('filename')) - test_file_path = os.path.join(test_metadata.get('folder_to_monitor'), test_metadata.get('filename')) - # Create file with a smaller size than the configured value - to_write = generate_string(int(size_limit / 10), '0') - write_file(test_file_path, data=to_write) + # Modify file with a smaller size than the configured value + to_write = generate_string(int(size_limit / 100), '0') + write_file(file_to_monitor, data=to_write) wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(EVENT_TYPE_ADDED), timeout=30) - assert wazuh_log_monitor.callback_result, ERROR_MSG_FIM_EVENT_NOT_DETECTED + wazuh_log_monitor.start(callback=generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'More changes...' in str(wazuh_log_monitor.callback_result), 'Wrong content_changes field' if not os.path.exists(diff_file_path): pytest.raises(FileNotFoundError(f"{diff_file_path} not found. It should exist before increasing the size.")) # Increase the size of the file over the configured value - to_write = generate_string(size_limit, '0') - write_file(test_file_path, data=to_write * 3) + to_write = generate_string(int(size_limit), '1') + write_file(file_to_monitor, data=to_write) - wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(FILE_SIZE_LIMIT_REACHED), timeout=30) - assert wazuh_log_monitor.callback_result, ERROR_MSG_FILE_LIMIT_REACHED + wazuh_log_monitor.start(callback=generate_callback(DIFF_FOLDER_DELETED), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_FOLDER_DELETED if os.path.exists(diff_file_path): pytest.raises(FileExistsError(f"{diff_file_path} found. It should not exist after incresing the size.")) + + wazuh_log_monitor.start(callback=generate_callback(FILE_SIZE_LIMIT_REACHED), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_FILE_LIMIT_REACHED + + # Check the content_changes field in the event + wazuh_log_monitor.start(callback=generate_callback(EVENT_UNABLE_DIFF), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'Unable to calculate diff due to \'file_size\' limit has been reached.' in wazuh_log_monitor.callback_result, 'Wrong content_changes field' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_disabled.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_disabled.py index 503d088abf..8694d0dbb2 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_disabled.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_disabled.py @@ -65,11 +65,14 @@ from pathlib import Path import pytest +import time +import sys +from wazuh_testing.constants.platforms import WINDOWS from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED +from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.file import write_file from wazuh_testing.utils.string import generate_string @@ -96,8 +99,8 @@ # Tests @pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=cases_ids) -def test_file_size_disabled(test_configuration, test_metadata, configure_local_internal_options, - truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler): +def test_file_size_disabled(test_configuration, test_metadata, configure_local_internal_options, truncate_monitored_files, + set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler, detect_end_scan): ''' description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate 'diff' information when the 'file_size' option is disabled. For this purpose, the test @@ -151,9 +154,16 @@ def test_file_size_disabled(test_configuration, test_metadata, configure_local_i - diff - scheduled ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) + to_write = generate_string(test_metadata.get('string_size'), '0') write_file(test_metadata.get('file_to_monitor'), data=to_write) wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) wazuh_log_monitor.start(generate_callback(FILE_SIZE_LIMIT_REACHED), timeout=30) - assert (wazuh_log_monitor.callback_result == None), f'Error exceeds disk quota detected.' + assert (wazuh_log_monitor.callback_result == None), f'Error, unexpected file_size limit event.' + + wazuh_log_monitor.start(generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'More changes...' in str(wazuh_log_monitor.callback_result[0]), 'Wrong content_changes field' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_values.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_values.py index 320a0783ba..49b7d992bc 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_values.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_file_size_values.py @@ -63,15 +63,19 @@ - fim_report_changes ''' import os +import time +import sys from pathlib import Path import pytest +from wazuh_testing.constants.platforms import WINDOWS from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG, FILE_MAX_SIZE +from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG, FILE_MAX_SIZE, RT_DELAY from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED, EVENT_TYPE_ADDED, ERROR_MSG_FIM_EVENT_NOT_DETECTED, ERROR_MSG_FILE_LIMIT_REACHED, DIFF_FOLDER_DELETED, ERROR_MSG_FOLDER_DELETED +from wazuh_testing.modules.fim.patterns import FILE_SIZE_LIMIT_REACHED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED, ERROR_MSG_FILE_LIMIT_REACHED, \ + DIFF_FOLDER_DELETED, ERROR_MSG_FOLDER_DELETED, EVENT_UNABLE_DIFF from wazuh_testing.modules.fim.utils import make_diff_file_path from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.file import write_file, translate_size @@ -94,13 +98,13 @@ # Set configurations required by the fixtures. -local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: 2, FILE_MAX_SIZE: 0} +local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: 2, FILE_MAX_SIZE: 0, RT_DELAY: 1000} # Tests @pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=cases_ids) def test_file_size_values(test_configuration, test_metadata, configure_local_internal_options, - truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, daemons_handler, detect_end_scan): + truncate_monitored_files, set_wazuh_configuration, folder_to_monitor, file_to_monitor, daemons_handler, detect_end_scan): ''' description: Check if the 'wazuh-syscheckd' daemon limits the size of the monitored file to generate 'diff' information from the limit set in the 'file_size' tag. For this purpose, the test @@ -133,6 +137,9 @@ def test_file_size_values(test_configuration, test_metadata, configure_local_int - folder_to_monitor: type: str brief: Folder created for monitoring. + - file_to_monitor: + type: str + brief: File created for monitoring. - daemons_handler: type: fixture brief: Handler of Wazuh daemons. @@ -151,40 +158,48 @@ def test_file_size_values(test_configuration, test_metadata, configure_local_int the environment setup, the requests to be made, and the expected result. expected_output: - - r'.*Sending FIM event: (.+)$' ('added' events) + - r'.*Sending FIM event: .*"content_changes":"...000...".*' - r'.*Folder .* has been deleted.*' - r'.*File .* is too big for configured maximum size to perform diff operation' + - r'.*"content_changes":"Unable to calculate diff due to 'file_size' limit has been reached."' tags: - diff - scheduled ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) + size_limit = translate_size(test_metadata.get('file_size_limit')) diff_file_path = make_diff_file_path(folder=test_metadata.get('folder_to_monitor'), filename=test_metadata.get('filename')) - test_file_path = os.path.join(test_metadata.get('folder_to_monitor'), test_metadata.get('filename')) - # Create file with a smaller size than the configured value - to_write = generate_string(int(size_limit / 2), '0') - write_file(test_file_path, data=to_write) + # Modify file with a smaller size than the configured value + to_write = "test_string" + generate_string(int(size_limit / 2), '0') + write_file(file_to_monitor, data=to_write) wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(EVENT_TYPE_ADDED), timeout=30) - assert wazuh_log_monitor.callback_result, ERROR_MSG_FIM_EVENT_NOT_DETECTED + wazuh_log_monitor.start(callback=generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + content_changes = str(wazuh_log_monitor.callback_result) + assert 'test_string' in content_changes or 'More changes...' in content_changes, 'Wrong content_changes field' if not os.path.exists(diff_file_path): pytest.raises(FileNotFoundError(f"{diff_file_path} not found. It should exist before increasing the size.")) # Increase the size of the file over the configured value - to_write = generate_string(size_limit, '0') - write_file(test_file_path, data=to_write * 3) + to_write = generate_string(size_limit, '1') + write_file(file_to_monitor, data=to_write * 2) - wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(DIFF_FOLDER_DELETED), timeout=30) + wazuh_log_monitor.start(callback=generate_callback(DIFF_FOLDER_DELETED), timeout=30) assert wazuh_log_monitor.callback_result, ERROR_MSG_FOLDER_DELETED if os.path.exists(diff_file_path): pytest.raises(FileExistsError(f"{diff_file_path} found. It should not exist after incresing the size.")) - wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(generate_callback(FILE_SIZE_LIMIT_REACHED), timeout=30) + wazuh_log_monitor.start(callback=generate_callback(FILE_SIZE_LIMIT_REACHED), timeout=30) assert wazuh_log_monitor.callback_result, ERROR_MSG_FILE_LIMIT_REACHED + + # Check the content_changes field in the event + wazuh_log_monitor.start(callback=generate_callback(EVENT_UNABLE_DIFF), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'Unable to calculate diff due to \'file_size\' limit has been reached.' in wazuh_log_monitor.callback_result, 'Wrong content_changes field' diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_large_changes.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_large_changes.py index 94298e66d2..34bc94a0dd 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_large_changes.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_large_changes.py @@ -68,6 +68,7 @@ ''' import os import sys +import time from pathlib import Path @@ -167,6 +168,8 @@ def test_large_changes(test_configuration, test_metadata, configure_local_intern - r'.*Sending FIM event: (.+)$' ('added' and 'modified' events) - The 'More changes' message appears in content_changes when the changes size is bigger than the set limit. ''' + if test_metadata.get('fim_mode') == 'whodata' and sys.platform == WINDOWS: + time.sleep(5) wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) limit = 50000 test_file_path = os.path.join(test_metadata.get('folder_to_monitor'), test_metadata.get('filename')) diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_changes_and_diff.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_changes_and_diff.py index fd81fb42c4..26154058a1 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_changes_and_diff.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_changes_and_diff.py @@ -67,17 +67,19 @@ - fim_report_changes ''' import os +import time import sys from pathlib import Path import pytest -from wazuh_testing.constants.platforms import MACOS +from wazuh_testing.constants.platforms import MACOS, WINDOWS from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG +from wazuh_testing.modules.fim.configuration import SYSCHECK_DEBUG, RT_DELAY from wazuh_testing.modules.agentd.configuration import AGENTD_WINDOWS_DEBUG -from wazuh_testing.modules.fim.patterns import EVENT_TYPE_MODIFIED, EVENT_TYPE_ADDED, ERROR_MSG_FIM_EVENT_NOT_DETECTED, EVENT_TYPE_DELETED +from wazuh_testing.modules.fim.patterns import EVENT_TYPE_MODIFIED, EVENT_TYPE_ADDED, ERROR_MSG_FIM_EVENT_NOT_DETECTED, \ + EVENT_TYPE_DELETED, EVENT_TYPE_REPORT_CHANGES, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED from wazuh_testing.modules.fim.utils import make_diff_file_path, get_fim_event_data from wazuh_testing.tools.monitors.file_monitor import FileMonitor from wazuh_testing.utils.file import write_file_write, delete_files_in_folder, truncate_file @@ -104,7 +106,7 @@ # Set configurations required by the fixtures. -local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: 2} +local_internal_options = {SYSCHECK_DEBUG: 2, AGENTD_WINDOWS_DEBUG: 2, RT_DELAY: 1000} # Tests @@ -169,6 +171,8 @@ def test_reports_file_and_nodiff(test_configuration, test_metadata, configure_lo - diff - scheduled ''' + if (test_metadata.get('fim_mode') == 'whodata' or test_metadata.get('fim_mode') == 'realtime') and sys.platform == WINDOWS: + time.sleep(5) is_truncated = 'testdir_nodiff' in test_metadata.get('folder') folder = test_metadata.get('folder') test_file_path = os.path.join(folder, test_metadata.get('filename')) @@ -183,9 +187,19 @@ def test_reports_file_and_nodiff(test_configuration, test_metadata, configure_lo wazuh_log_monitor.start(generate_callback(EVENT_TYPE_ADDED), timeout=30) assert wazuh_log_monitor.callback_result, ERROR_MSG_FIM_EVENT_NOT_DETECTED + # Modify the file without new content and check content_changes have the correct message + time.sleep(1) + truncate_file(WAZUH_LOG_PATH) + write_file_write(test_file_path, content=original_string) + + wazuh_log_monitor = FileMonitor(WAZUH_LOG_PATH) + wazuh_log_monitor.start(generate_callback(EVENT_TYPE_REPORT_CHANGES), timeout=30) + assert wazuh_log_monitor.callback_result, ERROR_MSG_REPORT_CHANGES_EVENT_NOT_DETECTED + assert 'No content changes were found for this file.' in str(wazuh_log_monitor.callback_result[0]), 'Wrong content_changes field' + # Modify the file with new content. truncate_file(WAZUH_LOG_PATH) - modified_string = generate_string(10, '1') + modified_string = 'test_string' + generate_string(10, '1') write_file_write(test_file_path, content=modified_string) wazuh_log_monitor.start(generate_callback(EVENT_TYPE_MODIFIED), timeout=20) @@ -195,15 +209,13 @@ def test_reports_file_and_nodiff(test_configuration, test_metadata, configure_lo # Validate content_changes attribute exists in the event diff_file = make_diff_file_path(folder=test_metadata.get('folder'), filename=test_metadata.get('filename')) assert os.path.exists(diff_file), f'{diff_file} does not exist' - assert event.get('content_changes') is not None, 'content_changes is empty' # Validate content_changes value is truncated if the file is set to no_diff if is_truncated: assert "Diff truncated due to 'nodiff' configuration detected for this file." in event.get('content_changes'), \ 'content_changes is not truncated' else: - assert "Diff truncated due to 'nodiff' configuration detected for this file." not in event.get('content_changes'), \ - 'content_changes is truncated' + assert 'test_string' in event.get('content_changes'), 'Wrong content_changes field' truncate_file(WAZUH_LOG_PATH) delete_files_in_folder(folder) diff --git a/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_deleted_diff.py b/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_deleted_diff.py index 87b6c429c5..467b43fd5a 100644 --- a/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_deleted_diff.py +++ b/src/modules/fim/tests/integration/test_files/test_report_changes/test_report_deleted_diff.py @@ -160,6 +160,8 @@ def test_report_when_deleted_directories(test_configuration, test_metadata, conf - scheduled ''' fim_mode = test_metadata.get('fim_mode') + if fim_mode == 'whodata': + time.sleep(5) folder = test_metadata.get('folder') test_file_path = os.path.join(folder, test_metadata.get('filename')) diff --git a/src/modules/fim/tests/integration/test_files/test_restrict/test_restrict.py b/src/modules/fim/tests/integration/test_files/test_restrict/test_restrict.py index 43aa9d5b2c..ccf33bcfd5 100644 --- a/src/modules/fim/tests/integration/test_files/test_restrict/test_restrict.py +++ b/src/modules/fim/tests/integration/test_files/test_restrict/test_restrict.py @@ -148,7 +148,7 @@ def test_restrict(test_configuration, test_metadata, set_wazuh_configuration, co path = os.path.join(test_metadata['folder_to_monitor'], test_metadata['data'][0]) monitor = FileMonitor(WAZUH_LOG_PATH) - + if test_metadata['data'][1] == True: monitor.start(generate_callback(EVENT_TYPE_ADDED)) print(monitor.callback_result) diff --git a/src/modules/fim/tests/unit/tests/CMakeLists.txt b/src/modules/fim/tests/unit/tests/CMakeLists.txt index 374fbb14fd..e58cac85c6 100644 --- a/src/modules/fim/tests/unit/tests/CMakeLists.txt +++ b/src/modules/fim/tests/unit/tests/CMakeLists.txt @@ -175,7 +175,7 @@ if(${TARGET} STREQUAL "winagent") # Create event channel tests for run_realtime list(APPEND syscheckd_event_tests_names "test_run_realtime_event") - list(APPEND syscheckd_event_tests_flags "${RUN_REALTIME_BASE_FLAGS} -Wl,--wrap=whodata_audit_start \ + list(APPEND syscheckd_event_tests_flags "${RUN_REALTIME_BASE_FLAGS} -Wl,--wrap=whodata_audit_start -Wl,--wrap=win_strerror \ -Wl,--wrap=check_path_type,--wrap=set_winsacl,--wrap=w_directory_exists \ -Wl,--wrap,fim_sync_push_msg -Wl,--wrap=fim_db_get_count_registry_data \ -Wl,--wrap=fim_db_get_count_registry_key -Wl,--wrap=syscom_dispatch diff --git a/src/modules/fim/tests/unit/tests/test_create_db.c b/src/modules/fim/tests/unit/tests/test_create_db.c index abce8159e6..be050adefa 100644 --- a/src/modules/fim/tests/unit/tests/test_create_db.c +++ b/src/modules/fim/tests/unit/tests/test_create_db.c @@ -254,7 +254,7 @@ static int setup_group(void **state) { removed_entries = OSList_Create(); if (removed_entries == NULL) { - merror(MEM_ERROR, errno, strerror(errno)); + LogError(MEM_ERROR, errno, strerror(errno)); return -1; } OSList_SetFreeDataPointer(removed_entries, (void (*)(void *))free_directory); @@ -1163,7 +1163,8 @@ static void test_fim_get_checksum_wrong_size(void **state) { strcpy(fim_data->local_data->checksum, ""); fim_get_checksum(fim_data->local_data); - assert_string_equal(fim_data->local_data->checksum, "551cab7f774d4633a3be09207b4cdea1db03b9c0"); + + assert_string_equal(fim_data->local_data->checksum, "0a0070d140761418be81531ad48f5909f410e161"); } static void test_fim_check_depth_success(void **state) { @@ -2278,9 +2279,9 @@ static void test_fim_checker_deleted_file(void **state) { str_lowercase(expanded_path); - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, -1); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, -1); errno = 1; @@ -2329,9 +2330,9 @@ static void test_fim_checker_deleted_file_enoent(void **state) { fim_data->local_data->options = 511; strcpy(fim_data->local_data->checksum, ""); - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, -1); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, -1); errno = ENOENT; @@ -2361,9 +2362,9 @@ static void test_fim_checker_fim_regular(void **state) { fail(); } - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); str_lowercase(expanded_path); @@ -2395,9 +2396,9 @@ static void test_fim_checker_fim_regular_ignore(void **state) { str_lowercase(expanded_path); - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_path); will_return(__wrap_HasFilesystem, 0); @@ -2425,9 +2426,9 @@ static void test_fim_checker_fim_regular_restrict(void **state) { str_lowercase(expanded_path); - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_path); will_return(__wrap_HasFilesystem, 0); @@ -2454,9 +2455,9 @@ static void test_fim_checker_fim_regular_warning(void **state) { str_lowercase(expanded_path); - expect_string(__wrap_stat, __file, expanded_path); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_path); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_path); will_return(__wrap_HasFilesystem, 0); @@ -2493,12 +2494,12 @@ static void test_fim_checker_fim_directory(void **state) { snprintf(expanded_path_test, OS_MAXSTR, "%s\\test", expanded_path); - expect_string(__wrap_stat, __file, expanded_path); - expect_string(__wrap_stat, __file, expanded_path_test); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); - will_return(__wrap_stat, &stat_s); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_path); + expect_string(wrap__stat64, __file, expanded_path_test); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); + will_return(wrap__stat64, &stat_s); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_path); expect_string(__wrap_HasFilesystem, path, expanded_path_test); @@ -2554,9 +2555,9 @@ static void test_fim_checker_root_file_within_recursion_level(void **state) { expect_string(__wrap_w_get_file_attrs, file_path, "c:\\test.file"); will_return(__wrap_w_get_file_attrs, 123456); - expect_string(__wrap_stat, __file, "c:\\test.file"); - will_return(__wrap_stat, &statbuf); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, "c:\\test.file"); + will_return(wrap__stat64, &statbuf); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, "c:\\test.file"); will_return(__wrap_HasFilesystem, 0); @@ -2603,9 +2604,9 @@ static void test_fim_scan_db_full_double_scan(void **state) { } str_lowercase(expanded_dirs[i]); - expect_string(__wrap_stat, __file, expanded_dirs[i]); - will_return(__wrap_stat, &directory_stat); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_dirs[i]); + will_return(wrap__stat64, &directory_stat); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_dirs[i]); will_return(__wrap_HasFilesystem, 0); @@ -2665,9 +2666,9 @@ static void test_fim_scan_db_full_not_double_scan(void **state) { } str_lowercase(expanded_dirs[i]); - expect_string(__wrap_stat, __file, expanded_dirs[i]); - will_return(__wrap_stat, &buf); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_dirs[i]); + will_return(wrap__stat64, &buf); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_dirs[i]); will_return(__wrap_HasFilesystem, 0); @@ -2727,9 +2728,9 @@ static void test_fim_scan_no_limit(void **state) { } str_lowercase(expanded_dirs[i]); - expect_string(__wrap_stat, __file, expanded_dirs[i]); - will_return(__wrap_stat, &buf); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, expanded_dirs[i]); + will_return(wrap__stat64, &buf); + will_return(wrap__stat64, 0); expect_string(__wrap_HasFilesystem, path, expanded_dirs[i]); will_return(__wrap_HasFilesystem, 0); @@ -3247,9 +3248,9 @@ static void test_fim_realtime_event_file_exists(void **state) { will_return(__wrap_lstat, &buf); will_return(__wrap_lstat, 0); #else - expect_string(__wrap_stat, __file, "/test"); - will_return(__wrap_stat, &buf); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, "/test"); + will_return(wrap__stat64, &buf); + will_return(wrap__stat64, 0); #endif expect_string(__wrap__mdebug2, formatted_msg, "(6319): No configuration found for (file):'/test'"); @@ -3289,9 +3290,9 @@ static void test_fim_realtime_event_file_missing(void **state) { will_return(__wrap_lstat, &stat_buf); will_return(__wrap_lstat, -1); #else - expect_string(__wrap_stat, __file, path); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, -1); + expect_string(wrap__stat64, __file, path); + will_return(wrap__stat64, &stat_buf); + will_return(wrap__stat64, -1); #endif errno = ENOENT; @@ -3317,9 +3318,9 @@ static void test_fim_whodata_event_file_exists(void **state) { will_return(__wrap_lstat, &buf); will_return(__wrap_lstat, 0); #else - expect_string(__wrap_stat, __file, fim_data->w_evt->path); - will_return(__wrap_stat, &buf); - will_return(__wrap_stat, 0); + expect_string(wrap__stat64, __file, fim_data->w_evt->path); + will_return(wrap__stat64, &buf); + will_return(wrap__stat64, 0); #endif expect_string(__wrap__mdebug2, formatted_msg, "(6319): No configuration found for (file):'./test/test.file'"); @@ -3341,9 +3342,9 @@ static void test_fim_whodata_event_file_missing(void **state) { will_return(__wrap_lstat, &buf); will_return(__wrap_lstat, -1); #else - expect_string(__wrap_stat, __file, fim_data->w_evt->path); - will_return(__wrap_stat, &buf); - will_return(__wrap_stat, -1); + expect_string(wrap__stat64, __file, fim_data->w_evt->path); + will_return(wrap__stat64, &buf); + will_return(wrap__stat64, -1); #endif errno = ENOENT; diff --git a/src/modules/fim/tests/unit/tests/test_fim_diff_changes.c b/src/modules/fim/tests/unit/tests/test_fim_diff_changes.c index eaad77a835..7551f4bca8 100644 --- a/src/modules/fim/tests/unit/tests/test_fim_diff_changes.c +++ b/src/modules/fim/tests/unit/tests/test_fim_diff_changes.c @@ -1276,7 +1276,7 @@ void test_fim_registry_value_diff_wrong_too_big_file(void **state) { char *diff_str = fim_registry_value_diff(key_name, value_name, value_data, data_type, configuration); assert_string_equal(diff_str, "Unable to calculate diff due to 'file_size' limit has been reached."); - + free(diff_str); } @@ -1301,7 +1301,7 @@ void test_fim_registry_value_diff_wrong_quota_reached(void **state) { char *diff_str = fim_registry_value_diff(key_name, value_name, value_data, data_type, configuration); assert_string_equal(diff_str, "Unable to calculate diff due to 'disk_quota' limit has been reached."); - + free(diff_str); } @@ -1330,7 +1330,7 @@ void test_fim_registry_value_diff_uncompress_fail(void **state) { char *diff_str = fim_registry_value_diff(key_name, value_name, value_data, data_type, configuration); assert_string_equal(diff_str, "Unable to calculate diff due to no previous data stored for this registry value."); - + free(diff_str); } @@ -1390,7 +1390,7 @@ void test_fim_registry_value_diff_compare_fail(void **state) { char *diff_str = fim_registry_value_diff(key_name, value_name, value_data, data_type, configuration); assert_string_equal(diff_str, "No content changes were found for this registry value."); - + free(diff_str); } @@ -1535,7 +1535,7 @@ void test_fim_file_diff_wrong_too_big_file(void **state) { char *diff_str = fim_file_diff(filename, &configuration); assert_string_equal(diff_str, "Unable to calculate diff due to 'file_size' limit has been reached."); - + free(diff_str); } @@ -1562,7 +1562,7 @@ void test_fim_file_diff_wrong_quota_reached(void **state) { char *diff_str = fim_file_diff(filename, &configuration); assert_string_equal(diff_str, "Unable to calculate diff due to 'disk_quota' limit has been reached."); - + free(diff_str); } @@ -1592,7 +1592,7 @@ void test_fim_file_diff_uncompress_fail(void **state) { char *diff_str = fim_file_diff(filename, &configuration); assert_string_equal(diff_str, "Unable to calculate diff due to no previous data stored for this file."); - + free(diff_str); } @@ -1659,7 +1659,7 @@ void test_fim_file_diff_compare_fail(void **state) { char *diff_str = fim_file_diff(filename, &configuration); assert_string_equal(diff_str, "No content changes were found for this file."); - + free(diff_str); } @@ -1693,7 +1693,7 @@ void test_fim_file_diff_nodiff(void **state) { char *diff_str = fim_file_diff(filename, &configuration); assert_string_equal(diff_str, "Diff truncated due to 'nodiff' configuration detected for this file."); - + free(diff_str); } #else diff --git a/src/modules/fim/tests/unit/tests/test_run_realtime.c b/src/modules/fim/tests/unit/tests/test_run_realtime.c index 5f91c92a6b..e369408792 100644 --- a/src/modules/fim/tests/unit/tests/test_run_realtime.c +++ b/src/modules/fim/tests/unit/tests/test_run_realtime.c @@ -1727,6 +1727,43 @@ void test_realtime_adddir_success(void **state) { assert_int_equal(ret, 1); } +void test_realtime_adddir_fail_file(void **state) { + int ret; + + expect_function_call_any(__wrap_pthread_rwlock_rdlock); + expect_function_call_any(__wrap_pthread_mutex_lock); + expect_function_call_any(__wrap_pthread_mutex_unlock); + expect_function_call_any(__wrap_pthread_rwlock_unlock); + + expect_value(__wrap_OSHash_Get_ex, self, syscheck.realtime->dirtb); + expect_string(__wrap_OSHash_Get_ex, key, "C:\\a\\file"); + will_return(__wrap_OSHash_Get_ex, NULL); + + expect_value(__wrap_OSHash_Get_Elem_ex, self, syscheck.realtime->dirtb); + will_return(__wrap_OSHash_Get_Elem_ex, 127); + + expect_CreateFile_call("C:\\a\\file", (HANDLE)123456); + + will_return(wrap_ReadDirectoryChangesW, 0); + + expect_GetLastError_call(87); + will_return(__wrap_win_strerror,"The parameter is incorrect."); + expect_string(__wrap__mdebug1, formatted_msg, + "(6323): Unable to set 'ReadDirectoryChangesW' for path: 'C:\\a\\file'. Error(87): 'The parameter is incorrect.'"); + + expect_CloseHandle_call((HANDLE)123456, 0); + + expect_string(__wrap_w_directory_exists, path, "C:\\a\\file"); + will_return(__wrap_w_directory_exists, 0); + + expect_string(__wrap__mwarn, formatted_msg, + "(6957): Realtime mode only supports directories, not files. Switching to scheduled mode. File: 'C:\\a\\file'"); + + ret = realtime_adddir("C:\\a\\file", ((directory_t *)OSList_GetDataFromIndex(syscheck.directories, 0))); + + assert_int_equal(ret, 0); +} + void test_RTCallBack_error_on_callback(void **state) { OVERLAPPED ov = {.hEvent = "C:\\a\\path"}; @@ -2018,6 +2055,7 @@ int main(void) { cmocka_unit_test(test_realtime_adddir_duplicate_entry_non_existent_directory_closed_handle), cmocka_unit_test(test_realtime_adddir_duplicate_entry_non_existent_directory_invalid_handle), cmocka_unit_test_setup_teardown(test_realtime_adddir_success, setup_OSHash, teardown_OSHash), + cmocka_unit_test_setup_teardown(test_realtime_adddir_fail_file, setup_OSHash, teardown_OSHash), }; #endif diff --git a/src/modules/gcp/scripts/tests/test_bucket.py b/src/modules/gcp/scripts/tests/test_bucket.py index 85db948d68..1c6510d680 100644 --- a/src/modules/gcp/scripts/tests/test_bucket.py +++ b/src/modules/gcp/scripts/tests/test_bucket.py @@ -215,13 +215,13 @@ def test_WazuhGCloudBucket_init_db(mock_client, clean_shared_cache): bucket.init_db() # Call init again to force an operational error because the table already exists. Execution must continue. bucket.init_db() - + # Check there is only one table, and it has the expected name table_list = get_all_table_names(bucket.db_connector) assert len(table_list) == 1 assert table_list[0] == TEST_TABLE_NAME - # Check the table has the expected + # Check the table has the expected table_columns = bucket.db_connector.execute(f"SELECT * FROM {TEST_TABLE_NAME}").description assert set([column[0] for column in table_columns]) == set(TABLE_COLUMNS) diff --git a/src/modules/gcp/scripts/tools.py b/src/modules/gcp/scripts/tools.py index da96861836..2909812bbe 100644 --- a/src/modules/gcp/scripts/tools.py +++ b/src/modules/gcp/scripts/tools.py @@ -71,8 +71,8 @@ def get_script_arguments(): parser.add_argument('-t', '--num_threads', dest='n_threads', type=int, help='Number of threads', required=False, default=min_num_threads) - - parser.add_argument('--reparse', action='store_true', dest='reparse', + + parser.add_argument('--reparse', action='store_true', dest='reparse', help='Parse the log, even if its been parsed before', default=False) return parser.parse_args() diff --git a/src/modules/gcp/src/wm_gcp.c b/src/modules/gcp/src/wm_gcp.c index 4fc088aa3f..a29d3ba4ce 100755 --- a/src/modules/gcp/src/wm_gcp.c +++ b/src/modules/gcp/src/wm_gcp.c @@ -128,9 +128,9 @@ void* wm_gcp_pubsub_main(wm_gcp_pubsub *data) { char * timestamp = NULL; // If module is disabled, exit if (data->enabled) { - mtinfo(WM_GCP_PUBSUB_LOGTAG, "Module started."); + LogInfo(WM_GCP_PUBSUB_LOGTAG, "Module started."); } else { - mtinfo(WM_GCP_PUBSUB_LOGTAG, "Module disabled. Exiting."); + LogInfo(WM_GCP_PUBSUB_LOGTAG, "Module disabled. Exiting."); pthread_exit(NULL); } @@ -140,15 +140,15 @@ void* wm_gcp_pubsub_main(wm_gcp_pubsub *data) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(data->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_GCP_PUBSUB_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_GCP_PUBSUB_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtdebug1(WM_GCP_PUBSUB_LOGTAG, "Starting fetching of logs."); + LogDebug(WM_GCP_PUBSUB_LOGTAG, "Starting fetching of logs."); wm_gcp_pubsub_run(data); - mtdebug1(WM_GCP_PUBSUB_LOGTAG, "Fetching logs finished."); + LogDebug(WM_GCP_PUBSUB_LOGTAG, "Fetching logs finished."); } while (FOREVER()); #ifdef WIN32 @@ -167,9 +167,9 @@ void* wm_gcp_bucket_main(wm_gcp_bucket_base *data) { char * timestamp = NULL; // If module is disabled, exit if (data->enabled) { - mtinfo(WM_GCP_BUCKET_LOGTAG, "Module started."); + LogInfo(WM_GCP_BUCKET_LOGTAG, "Module started."); } else { - mtinfo(WM_GCP_BUCKET_LOGTAG, "Module disabled. Exiting."); + LogInfo(WM_GCP_BUCKET_LOGTAG, "Module disabled. Exiting."); pthread_exit(NULL); } @@ -181,11 +181,11 @@ void* wm_gcp_bucket_main(wm_gcp_bucket_base *data) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(data->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_GCP_BUCKET_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_GCP_BUCKET_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtdebug1(WM_GCP_BUCKET_LOGTAG, "Starting fetching of logs."); + LogDebug(WM_GCP_BUCKET_LOGTAG, "Starting fetching of logs."); for (cur_bucket = data->buckets; cur_bucket; cur_bucket = cur_bucket->next) { @@ -217,12 +217,12 @@ void* wm_gcp_bucket_main(wm_gcp_bucket_base *data) { wm_strcat(&log_info, ")", '\0'); - mtinfo(WM_GCP_BUCKET_LOGTAG, "%s", log_info); + LogInfo(WM_GCP_BUCKET_LOGTAG, "%s", log_info); wm_gcp_bucket_run(cur_bucket); free(log_info); } - mtdebug1(WM_GCP_BUCKET_LOGTAG, "Fetching logs finished."); + LogDebug(WM_GCP_BUCKET_LOGTAG, "Fetching logs finished."); } while (FOREVER()); #ifdef WIN32 @@ -245,7 +245,7 @@ void wm_gcp_pubsub_run(const wm_gcp_pubsub *data) { char *command = NULL; // Create arguments - mtdebug2(WM_GCP_PUBSUB_LOGTAG, "Create argument list"); + LogDebug(WM_GCP_PUBSUB_LOGTAG, "Create argument list"); char * script = NULL; os_calloc(PATH_MAX, sizeof(char), script); @@ -287,31 +287,31 @@ void wm_gcp_pubsub_run(const wm_gcp_pubsub *data) { os_free(int_to_string); } - if (isDebug()){ - char *int_to_string; - os_malloc(OS_SIZE_1024, int_to_string); - sprintf(int_to_string, "%d", isDebug()); - wm_strcat(&command, "--log_level", ' '); - wm_strcat(&command, int_to_string, ' '); - os_free(int_to_string); - } + // if (isDebug()){ + // char *int_to_string; + // os_malloc(OS_SIZE_1024, int_to_string); + // sprintf(int_to_string, "%d", isDebug()); + // wm_strcat(&command, "--log_level", ' '); + // wm_strcat(&command, int_to_string, ' '); + // os_free(int_to_string); + // } // Execute - mtdebug1(WM_GCP_PUBSUB_LOGTAG, "Launching command: %s", command); + LogDebug(WM_GCP_PUBSUB_LOGTAG, "Launching command: %s", command); const int wm_exec_ret_code = wm_exec(command, &output, &status, 0, NULL); os_free(command); if (wm_exec_ret_code != 0){ - mterror(WM_GCP_PUBSUB_LOGTAG, "Internal error. Exiting..."); + LogError(WM_GCP_PUBSUB_LOGTAG, "Internal error. Exiting..."); if (wm_exec_ret_code > 0) { os_free(output); } pthread_exit(NULL); } else if (status > 0) { - mtwarn(WM_GCP_PUBSUB_LOGTAG, "Command returned exit code %d", status); + LogWarn(WM_GCP_PUBSUB_LOGTAG, "Command returned exit code %d", status); } wm_gcp_parse_output(output, WM_GCP_PUBSUB_LOGTAG); @@ -321,7 +321,7 @@ void wm_gcp_pubsub_run(const wm_gcp_pubsub *data) { static void wm_gcp_parse_output(char *output, char *tag){ char *line; char * parsing_output = output; - int debug_level = isDebug(); + int debug_level = false; for (line = strstr(parsing_output, WM_GCP_LOGGING_TOKEN); line; line = strstr(parsing_output, WM_GCP_LOGGING_TOKEN)) { char * tokenized_line; @@ -343,27 +343,27 @@ static void wm_gcp_parse_output(char *output, char *tag){ if (debug_level >= 2) { if ((p_line = strstr(tokenized_line, "- DEBUG - "))) { p_line += 10; - mtdebug1(tag, "%s", p_line); + LogDebug(tag, "%s", p_line); } } if (debug_level >= 1) { if ((p_line = strstr(tokenized_line, "- INFO - "))) { p_line += 9; - mtinfo(tag, "%s", p_line); + LogInfo(tag, "%s", p_line); } } if (debug_level >= 0) { if ((p_line = strstr(tokenized_line, "- CRITICAL - "))) { p_line += 13; - mterror(tag, "%s", p_line); + LogError(tag, "%s", p_line); } if ((p_line = strstr(tokenized_line, "- ERROR - "))) { p_line += 10; - mterror(tag, "%s", p_line); + LogError(tag, "%s", p_line); } if ((p_line = strstr(tokenized_line, "- WARNING - "))) { p_line += 12; - mtwarn(tag, "%s", p_line); + LogWarn(tag, "%s", p_line); } } @@ -378,7 +378,7 @@ void wm_gcp_bucket_run(wm_gcp_bucket *exec_bucket) { char *command = NULL; // Create arguments - mtdebug2(WM_GCP_BUCKET_LOGTAG, "Create argument list"); + LogDebug(WM_GCP_BUCKET_LOGTAG, "Create argument list"); char * script = NULL; os_calloc(PATH_MAX, sizeof(char), script); @@ -410,31 +410,31 @@ void wm_gcp_bucket_run(wm_gcp_bucket *exec_bucket) { wm_strcat(&command, "--remove", ' '); } - if (isDebug()){ - char *int_to_string; - os_malloc(OS_SIZE_1024, int_to_string); - sprintf(int_to_string, "%d", isDebug()); - wm_strcat(&command, "--log_level", ' '); - wm_strcat(&command, int_to_string, ' '); - os_free(int_to_string); - } + // if (isDebug()){ + // char *int_to_string; + // os_malloc(OS_SIZE_1024, int_to_string); + // sprintf(int_to_string, "%d", isDebug()); + // wm_strcat(&command, "--log_level", ' '); + // wm_strcat(&command, int_to_string, ' '); + // os_free(int_to_string); + // } // Execute - mtdebug1(WM_GCP_BUCKET_LOGTAG, "Launching command: %s", command); + LogDebug(WM_GCP_BUCKET_LOGTAG, "Launching command: %s", command); const int wm_exec_ret_code = wm_exec(command, &output, &status, 0, NULL); os_free(command); if (wm_exec_ret_code != 0){ - mterror(WM_GCP_BUCKET_LOGTAG, "Internal error. Exiting..."); + LogError(WM_GCP_BUCKET_LOGTAG, "Internal error. Exiting..."); if (wm_exec_ret_code > 0) { os_free(output); } pthread_exit(NULL); } else if (status > 0) { - mtwarn(WM_GCP_BUCKET_LOGTAG, "Command returned exit code %d", status); + LogWarn(WM_GCP_BUCKET_LOGTAG, "Command returned exit code %d", status); } wm_gcp_parse_output(output, WM_GCP_BUCKET_LOGTAG); @@ -478,7 +478,7 @@ cJSON *wm_gcp_pubsub_dump(const wm_gcp_pubsub *data) { if (data->subscription_name) cJSON_AddStringToObject(wm_wd, "subscription_name", data->subscription_name); if (data->credentials_file) cJSON_AddStringToObject(wm_wd, "credentials_file", data->credentials_file); - int debug_level = isDebug(); + int debug_level = false; if (debug_level >= 2) cJSON_AddStringToObject(wm_wd, "logging", "debug"); if (debug_level == 1) cJSON_AddStringToObject(wm_wd, "logging", "info"); @@ -517,7 +517,7 @@ cJSON *wm_gcp_bucket_dump(const wm_gcp_bucket_base *data) { } } - int debug_level = isDebug(); + int debug_level = false; if (debug_level >= 2) cJSON_AddStringToObject(wm_wd, "logging", "debug"); if (debug_level == 1) cJSON_AddStringToObject(wm_wd, "logging", "info"); diff --git a/src/modules/gcp/tests/unit/tests/test_wm_gcp.c b/src/modules/gcp/tests/unit/tests/test_wm_gcp.c index a361700158..1f963c11c8 100644 --- a/src/modules/gcp/tests/unit/tests/test_wm_gcp.c +++ b/src/modules/gcp/tests/unit/tests/test_wm_gcp.c @@ -2400,7 +2400,7 @@ static void test_wm_gcp_bucket_main_run_on_start(void **state) { expect_string(__wrap__mtdebug1, formatted_msg, "Fetching logs finished."); will_return(__wrap_FOREVER, 0); - + ret = wm_gcp_bucket_main(gcp_config); diff --git a/src/modules/github/src/wm_github.c b/src/modules/github/src/wm_github.c index 9704b1d89b..9981ac224d 100644 --- a/src/modules/github/src/wm_github.c +++ b/src/modules/github/src/wm_github.c @@ -89,13 +89,13 @@ DWORD WINAPI wm_github_main(void* arg) { void * wm_github_main(wm_github* github_config) { #endif if (github_config->enabled) { - mtinfo(WM_GITHUB_LOGTAG, "Module GitHub started."); + LogInfo(WM_GITHUB_LOGTAG, "Module GitHub started."); #ifndef WIN32 // Connect to queue github_config->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (github_config->queue_fd < 0) { - mterror(WM_GITHUB_LOGTAG, "Can't connect to queue. Closing module."); + LogError(WM_GITHUB_LOGTAG, "Can't connect to queue. Closing module."); #ifdef WIN32 return 0; #else @@ -115,7 +115,7 @@ void * wm_github_main(wm_github* github_config) { #endif } } else { - mtinfo(WM_GITHUB_LOGTAG, "Module GitHub disabled."); + LogInfo(WM_GITHUB_LOGTAG, "Module GitHub disabled."); } #ifdef WIN32 @@ -126,7 +126,7 @@ void * wm_github_main(wm_github* github_config) { } void wm_github_destroy(wm_github* github_config) { - mtinfo(WM_GITHUB_LOGTAG, "Module GitHub finished."); + LogInfo(WM_GITHUB_LOGTAG, "Module GitHub finished."); wm_github_auth_destroy(github_config->auth); wm_github_fail_destroy(github_config->fails); os_free(github_config->event_type); @@ -239,7 +239,7 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { { next = current->next; - mtdebug1(WM_GITHUB_LOGTAG, "Scanning organization: '%s'", current->org_name); + LogDebug(WM_GITHUB_LOGTAG, "Scanning organization: '%s'", current->org_name); event_types_len = array_size(event_types); @@ -264,14 +264,15 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { if (initial_scan && (!org_state_struc.last_log_time || github_config->only_future_events)) { org_state_struc.last_log_time = new_scan_time; if (wm_state_io(org_state_name, WM_IO_WRITE, &org_state_struc, sizeof(org_state_struc)) < 0) { - mterror(WM_GITHUB_LOGTAG, "Couldn't save running state."); - } else if (isDebug()) { - memset(new_scan_time_str, '\0', 80); - gmtime_r(&new_scan_time, &tm_scan); - strftime(new_scan_time_str, sizeof(new_scan_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_scan); - mtdebug1(WM_GITHUB_LOGTAG, "Bookmark updated to '%s' for organization '%s' and event type '%s', waiting '%ld' seconds to run first scan.", - new_scan_time_str, current->org_name, event_types[event_types_it], github_config->interval); + LogError(WM_GITHUB_LOGTAG, "Couldn't save running state."); } + // else if (isDebug()) { + // memset(new_scan_time_str, '\0', 80); + // gmtime_r(&new_scan_time, &tm_scan); + // strftime(new_scan_time_str, sizeof(new_scan_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_scan); + // LogDebug(WM_GITHUB_LOGTAG, "Bookmark updated to '%s' for organization '%s' and event type '%s', waiting '%ld' seconds to run first scan.", + // new_scan_time_str, current->org_name, event_types[event_types_it], github_config->interval); + // } continue; } @@ -288,7 +289,7 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { memset(url, '\0', OS_SIZE_8192); snprintf(url, OS_SIZE_8192 -1, GITHUB_API_URL, current->org_name, last_scan_time_str, new_scan_time_str, event_types[event_types_it], ITEM_PER_PAGE); - mtdebug1(WM_GITHUB_LOGTAG, "GitHub API URL: '%s'", url); + LogDebug(WM_GITHUB_LOGTAG, "GitHub API URL: '%s'", url); char auth_header[OS_SIZE_8192]; snprintf(auth_header, OS_SIZE_8192 -1, "Authorization: token %s", current->api_token); @@ -302,14 +303,14 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { if (response) { if (response->max_size_reached) { - mtdebug1(WM_GITHUB_LOGTAG, "Libcurl error, reached maximum response size."); + LogDebug(WM_GITHUB_LOGTAG, "Libcurl error, reached maximum response size."); scan_finished = 1; } else if (response->status_code == 200) { // Load body to json and sent as localfile cJSON *array_logs_json = NULL; if (array_logs_json = cJSON_Parse(response->body), !array_logs_json) { - mtdebug1(WM_GITHUB_LOGTAG, "Error parsing response body."); + LogDebug(WM_GITHUB_LOGTAG, "Error parsing response body."); scan_finished = 1; fail = 1; } else { @@ -326,10 +327,10 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { payload = cJSON_PrintUnformatted(github); - mtdebug2(WM_GITHUB_LOGTAG, "Sending GitHub log: '%s'", payload); + LogDebug(WM_GITHUB_LOGTAG, "Sending GitHub log: '%s'", payload); if (wm_sendmsg(WM_GITHUB_MSG_DELAY, github_config->queue_fd, payload, WM_GITHUB_CONTEXT.name, LOCALFILE_MQ) < 0) { - mterror(WM_GITHUB_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_GITHUB_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } os_free(payload); @@ -371,15 +372,15 @@ STATIC void wm_github_execute_scan(wm_github *github_config, int initial_scan) { } else { org_state_struc.last_log_time = new_scan_time; if (wm_state_io(org_state_name, WM_IO_WRITE, &org_state_struc, sizeof(org_state_struc)) < 0) { - mterror(WM_GITHUB_LOGTAG, "Couldn't save running state."); + LogError(WM_GITHUB_LOGTAG, "Couldn't save running state."); } else { - mtdebug1(WM_GITHUB_LOGTAG, "Bookmark updated to '%s' for organization '%s' and event type '%s', waiting '%ld' seconds to run next scan.", + LogDebug(WM_GITHUB_LOGTAG, "Bookmark updated to '%s' for organization '%s' and event type '%s', waiting '%ld' seconds to run next scan.", new_scan_time_str, current->org_name, event_types[event_types_it], github_config->interval); } if (org_fail = wm_github_get_fail_by_org_and_type(github_config->fails, current->org_name, event_types[event_types_it]), org_fail && org_fail->fails) { - mtinfo(WM_GITHUB_LOGTAG, "Github organization '%s' and event type '%s', connected successfully.", + LogInfo(WM_GITHUB_LOGTAG, "Github organization '%s' and event type '%s', connected successfully.", current->org_name, event_types[event_types_it]); org_fail->fails = 0; } @@ -473,10 +474,10 @@ STATIC void wm_github_scan_failure_action(wm_github_fail **current_fails, char * payload = cJSON_PrintUnformatted(fail_github); - mtwarn(WM_GITHUB_LOGTAG, "Sending GitHub internal message: '%s'", payload); + LogWarn(WM_GITHUB_LOGTAG, "Sending GitHub internal message: '%s'", payload); if (wm_sendmsg(WM_GITHUB_MSG_DELAY, queue_fd, payload, WM_GITHUB_CONTEXT.name, LOCALFILE_MQ) < 0) { - mterror(WM_GITHUB_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_GITHUB_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } os_free(payload); diff --git a/src/modules/include/moduleManager.hpp b/src/modules/include/moduleManager.hpp new file mode 100644 index 0000000000..b83590f8a2 --- /dev/null +++ b/src/modules/include/moduleManager.hpp @@ -0,0 +1,60 @@ +#pragma once + +#include +#include +#include +#include +#include +#include + +#include + +class ModuleManager { +public: + ModuleManager(const std::function& pushMessage, + std::shared_ptr configurationParser, + const std::function)>& createTask, + std::string uuid) + : m_pushMessage(pushMessage) + , m_configurationParser(std::move(configurationParser)) + , m_createTask(createTask) + , m_agentUUID(std::move(uuid)) + {} + ~ModuleManager() = default; + + template + void AddModule(T& module) { + const std::string& moduleName = module.Name(); + if (m_modules.find(moduleName) != m_modules.end()) { + throw std::runtime_error("Module '" + moduleName + "' already exists."); + } + + module.SetPushMessageFunction(m_pushMessage); + + auto wrapper = std::make_shared(ModuleWrapper{ + .Start = [&module]() { module.Start(); }, + .Setup = [&module](std::shared_ptr configurationParser) { module.Setup(configurationParser); }, + .Stop = [&module]() { module.Stop(); }, + .ExecuteCommand = [&module](std::string command, nlohmann::json parameters) -> Co_CommandExecutionResult + { + co_return co_await module.ExecuteCommand(command, parameters); + }, + .Name = [&module]() { return module.Name(); } + }); + + m_modules[moduleName] = wrapper; + } + + void AddModules(); + std::shared_ptr GetModule(const std::string & name); + void Start(); + void Setup(); + void Stop(); + +private: + std::map> m_modules; + std::function m_pushMessage; + std::shared_ptr m_configurationParser; + std::function)> m_createTask; + std::string m_agentUUID; +}; diff --git a/src/modules/include/moduleWrapper.hpp b/src/modules/include/moduleWrapper.hpp new file mode 100644 index 0000000000..0ca7ef8ff0 --- /dev/null +++ b/src/modules/include/moduleWrapper.hpp @@ -0,0 +1,21 @@ +#pragma once + +#include +#include + +#include + +#include + +#include +#include + +using Co_CommandExecutionResult = boost::asio::awaitable; + +struct ModuleWrapper { + std::function Start; + std::function)> Setup; + std::function Stop; + std::function ExecuteCommand; + std::function Name; +}; diff --git a/src/modules/inventory/CMakeLists.txt b/src/modules/inventory/CMakeLists.txt index 4e712a910c..b78461c098 100644 --- a/src/modules/inventory/CMakeLists.txt +++ b/src/modules/inventory/CMakeLists.txt @@ -1,208 +1,69 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) -project(syscollector) +project(Inventory) -enable_testing() +include(../../cmake/CommonSettings.cmake) +set_common_settings() -if(NOT CMAKE_BUILD_TYPE) - set(CMAKE_BUILD_TYPE Release) -endif() - -get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../../ ABSOLUTE) -get_filename_component(FLATBUFFERS_FOLDER ${SRC_FOLDER}/shared_modules/utils/flatbuffers/schemas/ ABSOLUTE) -get_filename_component(FLATC_PATH ${SRC_FOLDER}/external/flatbuffers/build/ ABSOLUTE) - -if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - add_definitions(-DPROMISE_TYPE=PromiseType::SLEEP) -else() - add_definitions(-DPROMISE_TYPE=PromiseType::NORMAL) -endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX") - -if(COVERITY) - add_definitions(-D__GNUC__=8) -endif(COVERITY) - -set(CMAKE_CXX_FLAGS "-Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") - -set(CMAKE_CXX_FLAGS_DEBUG "-g") -if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - set(CMAKE_CXX_FLAGS_RELEASE "-O3") -else() - set(CMAKE_CXX_FLAGS_RELEASE "-O3 -s") -endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-g -fsanitize=address,leak,undefined") -endif(FSANITIZE) - -set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) -set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) -set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) - -if(APPLE) - set(CMAKE_MACOSX_RPATH 1) -endif(APPLE) - -include_directories(${SRC_FOLDER}/headers/) -include_directories(${SRC_FOLDER}/external/sqlite/) -include_directories(${SRC_FOLDER}/external/nlohmann/) -include_directories(${SRC_FOLDER}/external/cJSON/) -include_directories(${SRC_FOLDER}/external/procps/) -include_directories(${SRC_FOLDER}/external/bzip2/) -include_directories(${SRC_FOLDER}/external/openssl/include/) -include_directories(${SRC_FOLDER}/shared_modules/utils) -include_directories(${SRC_FOLDER}/shared_modules/dbsync/include/) -include_directories(${SRC_FOLDER}/shared_modules/rsync/include/) -include_directories(${SRC_FOLDER}/shared_modules/common/) -include_directories(${SRC_FOLDER}/data_provider/include/) -include_directories(${CMAKE_SOURCE_DIR}/include) - -link_directories(${SRC_FOLDER}/shared_modules/dbsync/build/lib) -link_directories(${SRC_FOLDER}/shared_modules/rsync/build/lib) -link_directories(${SRC_FOLDER}/data_provider/build/lib) -link_directories(${SRC_FOLDER}) - -link_directories(${SRC_FOLDER}/external/openssl/) -link_directories(${SRC_FOLDER}/external/sqlite/) -link_directories(${SRC_FOLDER}/external/cJSON/) -link_directories(${SRC_FOLDER}/external/procps/) -link_directories(${SRC_FOLDER}/external/bzip2/) -link_directories(${SRC_FOLDER}/external/flatbuffers/build/) - -# add_custom_command does not create a new target. You have to define targets explicitly -# by add_executable, add_library or add_custom_target in order to make them visible to make -# For this reason, add_custom_target adds a target with the given name that executes the given commands. -# The target has no output file and is always considered out of date even if the commands try to create a -# file with the name of the target. - -if (NOT ${TARGET} STREQUAL "") - if(${TARGET} STREQUAL "server") - list(APPEND Schemas - syscollector_synchronization - ) - - add_custom_target(compile_schemas) - foreach(schema IN LISTS Schemas) - set(FILE "${FLATBUFFERS_FOLDER}/syscollectorRsync/${schema}.fbs") - set(RSYNC_OUTPUT_HEADER_GENERATED "${FLATBUFFERS_FOLDER}/../include/${schema}_generated.h") - set(RSYNC_OUTPUT_HEADER "${FLATBUFFERS_FOLDER}/../include/${schema}_schema.h") +get_filename_component(SRC_FOLDER ${CMAKE_CURRENT_SOURCE_DIR}/../../ ABSOLUTE) +get_filename_component(COMMON_FOLDER ${SRC_FOLDER}/common/ ABSOLUTE) - add_custom_command( - OUTPUT "${RSYNC_OUTPUT_HEADER_GENERATED}" - COMMAND ${FLATC_PATH}/flatc - ARGS --cpp - ARGS -o "${FLATBUFFERS_FOLDER}/../include" "${FILE}" - ARGS --no-warnings - COMMENT "Building C++ header for ${schema} schema." - DEPENDS ${FILE} - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +find_package(cJSON CONFIG REQUIRED) +find_package(nlohmann_json CONFIG REQUIRED) +find_package(OpenSSL REQUIRED) +find_package(Boost REQUIRED COMPONENTS asio beast) - add_custom_command( - OUTPUT "${RSYNC_OUTPUT_HEADER}" - COMMAND bash -c "echo -e '// This file was generated from ${FILE} , do not modify \\n#ifndef ${schema}_HEADER\\n#define ${schema}_HEADER\\n#define ${schema}_SCHEMA \"'`cat ${FILE}`'\" \\n#endif // ${schema}_HEADER\\n ' > ${FLATBUFFERS_FOLDER}/../include/${schema}_schema.h" - COMMENT "Creating header from schema file: '${schema}'" - DEPENDS "${RSYNC_OUTPUT_HEADER_GENERATED}" - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - VERBATIM) +add_library(Inventory + src/inventory.cpp + src/inventoryImp.cpp + src/inventoryNormalizer.cpp) - add_custom_target(${schema}_schema_target DEPENDS ${RSYNC_OUTPUT_HEADER}) - add_dependencies(compile_schemas ${schema}_schema_target) - endforeach() - endif() +if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + target_compile_options(Inventory PRIVATE /WX- /w) endif() - -if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - add_definitions(-DWIN32=1 - -D_WIN32_WINNT=0x600 - -DWIN_EXPORT) -endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -file(GLOB SYSCOLLECTOR_SRC - "${CMAKE_SOURCE_DIR}/src/*.cpp" - ) - -add_library(syscollector SHARED - ${SYSCOLLECTOR_SRC} - ${SRC_FOLDER}/${RESOURCE_OBJ} - ) - -if (NOT ${TARGET} STREQUAL "") - if(${TARGET} STREQUAL "server") - add_dependencies(${PROJECT_NAME} compile_schemas) #Add a dependency between top-level targets. - endif() +target_include_directories(Inventory PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${CMAKE_CURRENT_SOURCE_DIR}/../include + ${COMMON_FOLDER} + ${COMMON_FOLDER}/data_provider/include + ${COMMON_FOLDER}/dbsync/include + ${COMMON_FOLDER}/error_messages/include + ${COMMON_FOLDER}/file_op/include + ${COMMON_FOLDER}/hashHelper/include + ${COMMON_FOLDER}/privsep_op/include + ${COMMON_FOLDER}/pthreads_op/include + ${COMMON_FOLDER}/stringHelper/include + ${COMMON_FOLDER}/time_op/include + ${COMMON_FOLDER}/timeHelper/include + ${COMMON_FOLDER}/utils) + +target_link_libraries(Inventory + PUBLIC + Config + dbsync + sysinfo + nlohmann_json::nlohmann_json + OpenSSL::SSL + OpenSSL::Crypto + utils + pthreads_op + ConfigurationParser + MultiTypeQueue + ModuleCommand + Boost::asio + Boost::beast + PRIVATE + Logger + cjson +) + +include(../../cmake/ConfigureTarget.cmake) +configure_target(Inventory) + +add_subdirectory(testtool) + +if(BUILD_TESTS) + enable_testing() + add_subdirectory(tests) endif() - -if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - set_target_properties(syscollector PROPERTIES - PREFIX "" - SUFFIX ".dll" - LINK_FLAGS "-Wl,--add-stdcall-alias" - POSITION_INDEPENDENT_CODE 0 # this is to avoid MinGW warning; - # MinGW generates position-independent-code for DLL by default - ) -elseif(UNIX AND NOT APPLE) - if(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX") - string(APPEND CMAKE_SHARED_LINKER_FLAGS " -Wl,-rpath=$ORIGIN") - endif(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX") -endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -if (NOT ${TARGET} STREQUAL "") - if(${TARGET} STREQUAL "server") - list(APPEND DeltaSchemas - syscollector_deltas - ) - - add_custom_target(compile_schemas_deltas) - foreach(schema IN LISTS DeltaSchemas) - set(FBS_FILE "${FLATBUFFERS_FOLDER}/syscollectorDeltas/${schema}.fbs") - set(RSYNC_OUTPUT_HEADER_GENERATED "${FLATBUFFERS_FOLDER}/../include/${schema}_generated.h") - set(RSYNC_OUTPUT_HEADER "${FLATBUFFERS_FOLDER}/../include/${schema}_schema.h") - - add_custom_command( - OUTPUT "${RSYNC_OUTPUT_HEADER_GENERATED}" - COMMAND ${FLATC_PATH}/flatc - ARGS -c - ARGS -o "${FLATBUFFERS_FOLDER}/../include" "${FBS_FILE}" - ARGS --no-warnings - COMMENT "Executing flatc to generate ${schema} header file." - ) - - add_custom_command( - OUTPUT "${RSYNC_OUTPUT_HEADER}" - COMMAND bash -c "echo -e '// This file was generated from ${FBS_FILE} , do not modify \\n#ifndef ${schema}_HEADER\\n#define ${schema}_HEADER\\n#define ${schema}_SCHEMA \"'`cat ${FBS_FILE}`'\" \\n#endif // ${schema}_HEADER\\n ' > ${FLATBUFFERS_FOLDER}/../include/${schema}_schema.h" - COMMENT "Creating header from schema file: '${schema}'" - DEPENDS "${RSYNC_OUTPUT_HEADER_GENERATED}" - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - VERBATIM) - - add_custom_target(${schema}_schema_deltas_target DEPENDS ${RSYNC_OUTPUT_HEADER}) - add_dependencies(compile_schemas_deltas ${schema}_schema_deltas_target) - endforeach() - - add_dependencies(syscollector compile_schemas_deltas) - endif() -endif() - -if(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX") - target_link_libraries(syscollector dbsync rsync sysinfo wazuhext) -else() - string(REPLACE ";" ":" CXX_IMPLICIT_LINK_DIRECTORIES_STR "${CMAKE_CXX_IMPLICIT_LINK_DIRECTORIES}") - string(REPLACE ";" ":" PLATFORM_REQUIRED_RUNTIME_PATH_STR "${CMAKE_PLATFORM_REQUIRED_RUNTIME_PATH}") - target_link_libraries(syscollector dbsync rsync sysinfo wazuhext -Wl,-blibpath:${INSTALL_PREFIX}/lib:${CXX_IMPLICIT_LINK_DIRECTORIES_STR}:${PLATFORM_REQUIRED_RUNTIME_PATH_STR}) -endif(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX") - -if(UNIT_TEST) - if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - target_link_libraries(syscollector -fprofile-arcs) - else() - target_link_libraries(syscollector gcov) - endif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - - add_subdirectory(tests) -else() - if(FSANITIZE) - target_link_libraries(syscollector gcov) - endif(FSANITIZE) - add_subdirectory(testtool) -endif(UNIT_TEST) diff --git a/src/modules/inventory/include/inventory.hpp b/src/modules/inventory/include/inventory.hpp new file mode 100644 index 0000000000..712922b7a1 --- /dev/null +++ b/src/modules/inventory/include/inventory.hpp @@ -0,0 +1,113 @@ +#pragma once + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include + +class Inventory { + public: + static Inventory& Instance() + { + static Inventory s_instance; + return s_instance; + } + void Start(); + void Setup(std::shared_ptr configurationParser); + void Stop(); + Co_CommandExecutionResult ExecuteCommand(const std::string command, const nlohmann::json parameters); + const std::string& Name() const { return m_moduleName; }; + void SetPushMessageFunction(const std::function& pushMessage); + + void Init(const std::shared_ptr& spInfo, + const std::function& reportDiffFunction, + const std::string& dbPath, + const std::string& normalizerConfigPath, + const std::string& normalizerType); + virtual void SendDeltaEvent(const std::string& data); + + const std::string& AgentUUID() const { return m_agentUUID; }; + void SetAgentUUID(const std::string& agentUUID) { + m_agentUUID = agentUUID; + } + + private: + Inventory(); + ~Inventory() = default; + Inventory(const Inventory&) = delete; + Inventory& operator=(const Inventory&) = delete; + + void Destroy(); + + std::string GetCreateStatement() const; + nlohmann::json EcsProcessesData(const nlohmann::json& originalData); + nlohmann::json EcsSystemData(const nlohmann::json& originalData); + nlohmann::json EcsHotfixesData(const nlohmann::json& originalData); + nlohmann::json EcsHardwareData(const nlohmann::json& originalData); + nlohmann::json EcsPackageData(const nlohmann::json& originalData); + nlohmann::json EcsPortData(const nlohmann::json& originalData); + nlohmann::json EcsNetworkData(const nlohmann::json& originalData); + nlohmann::json GetOSData(); + nlohmann::json GetHardwareData(); + nlohmann::json GetNetworkData(); + nlohmann::json GetPortsData(); + + void UpdateChanges(const std::string& table, const nlohmann::json& values); + void NotifyChange(ReturnTypeCallback result, const nlohmann::json& data, const std::string& table); + void TryCatchTask(const std::function& task) const; + void ScanHardware(); + void ScanOs(); + void ScanNetwork(); + void ScanPackages(); + void ScanHotfixes(); + void ScanPorts(); + void ScanProcesses(); + void Scan(); + void SyncLoop(); + void ShowConfig(); + cJSON * Dump() const; + static void LogErrorInventory(const std::string& log); + nlohmann::json EcsData(const nlohmann::json& data, const std::string& table); + std::string GetPrimaryKeys(const nlohmann::json& data, const std::string& table); + std::string CalculateBase64Id(const nlohmann::json& data, const std::string& table); + + const std::string m_moduleName {"inventory"}; + std::string m_agentUUID {""}; // Agent UUID + std::shared_ptr m_spInfo; + std::function m_reportDiffFunction; + bool m_enabled; // Main switch + std::string m_dbFilePath; // Database path + std::time_t m_intervalValue; // Scan interval + bool m_scanOnStart; // Scan always on start + bool m_hardware; // Hardware inventory + bool m_system; // System inventory + bool m_networks; // Networks inventory + bool m_packages; // Installed packages inventory + bool m_ports; // Opened ports inventory + bool m_portsAll; // Scan only listening ports or all + bool m_processes; // Running processes inventory + bool m_hotfixes; // Windows hotfixes installed + bool m_stopping; + bool m_notify; + std::unique_ptr m_spDBSync; + std::condition_variable m_cv; + std::mutex m_mutex; + std::unique_ptr m_spNormalizer; + std::string m_scanTime; + std::function m_pushMessage; +}; diff --git a/src/modules/inventory/include/inventoryNormalizer.hpp b/src/modules/inventory/include/inventoryNormalizer.hpp new file mode 100644 index 0000000000..6a848b87f8 --- /dev/null +++ b/src/modules/inventory/include/inventoryNormalizer.hpp @@ -0,0 +1,20 @@ +#pragma once +#include +#include +#include + +class InvNormalizer +{ + public: + InvNormalizer(const std::string& configFile, + const std::string& target); + ~InvNormalizer() = default; + void Normalize(const std::string& type, nlohmann::json& data) const; + void RemoveExcluded(const std::string& type, nlohmann::json& data) const; + private: + static std::map GetTypeValues(const std::string& configFile, + const std::string& target, + const std::string& type); + const std::map m_typeExclusions; + const std::map m_typeDictionary; +}; diff --git a/src/modules/inventory/include/syscollector.h b/src/modules/inventory/include/syscollector.h deleted file mode 100644 index fb9e60252c..0000000000 --- a/src/modules/inventory/include/syscollector.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Wazuh Syscollector - * Copyright (C) 2015, Wazuh Inc. - * November 15, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - - -#ifndef _SYSCOLLECTOR_H -#define _SYSCOLLECTOR_H - -// Define EXPORTED for any platform -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif - -#include -#include "commonDefs.h" -#ifdef __cplusplus -extern "C" { -#endif -#include "logging_helper.h" - -typedef void((*log_callback_t)(const modules_log_level_t level, const char* log, const char* tag)); - -typedef void((*send_data_callback_t)(const void* buffer)); - -EXPORTED void syscollector_start(const unsigned int inverval, - send_data_callback_t callbackDiff, - send_data_callback_t callbackSync, - log_callback_t callbackLog, - const char* dbPath, - const char* normalizerConfigPath, - const char* normalizerType, - const bool scanOnStart, - const bool hardware, - const bool os, - const bool network, - const bool packages, - const bool ports, - const bool portsAll, - const bool processes, - const bool hotfixes); - -EXPORTED void syscollector_stop(); - -EXPORTED int syscollector_sync_message(const char* data); - - - -#ifdef __cplusplus -} -#endif - -typedef void(*syscollector_start_func)(const unsigned int inverval, - send_data_callback_t callbackDiff, - send_data_callback_t callbackSync, - log_callback_t callbackLog, - const char* dbPath, - const char* normalizerConfigPath, - const char* normalizerType, - const bool scanOnStart, - const bool hardware, - const bool os, - const bool network, - const bool packages, - const bool ports, - const bool portsAll, - const bool processes, - const bool hotfixes); - -typedef void(*syscollector_stop_func)(); - -typedef int (*syscollector_sync_message_func)(const char* data); - -typedef void (*rsync_initialize_full_log_func)(full_log_fnc_t log_function); - -#endif //_SYSCOLLECTOR_H diff --git a/src/modules/inventory/include/syscollector.hpp b/src/modules/inventory/include/syscollector.hpp deleted file mode 100644 index 7ac5a7a11d..0000000000 --- a/src/modules/inventory/include/syscollector.hpp +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Wazuh SysCollector - * Copyright (C) 2015, Wazuh Inc. - * October 8, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#ifndef _SYSCOLLECTOR_HPP -#define _SYSCOLLECTOR_HPP -#include -#include -#include -#include -#include -#include "sysInfoInterface.h" -#include "commonDefs.h" -#include "dbsync.hpp" -#include "rsync.hpp" -#include "syscollectorNormalizer.h" -#include "syscollector.h" - -// Define EXPORTED for any platform -#ifdef _WIN32 -#ifdef WIN_EXPORT -#define EXPORTED __declspec(dllexport) -#else -#define EXPORTED __declspec(dllimport) -#endif -#elif __GNUC__ >= 4 -#define EXPORTED __attribute__((visibility("default"))) -#else -#define EXPORTED -#endif - -class EXPORTED Syscollector final -{ - public: - static Syscollector& instance() - { - static Syscollector s_instance; - return s_instance; - } - - void init(const std::shared_ptr& spInfo, - const std::function reportDiffFunction, - const std::function reportSyncFunction, - const std::function logFunction, - const std::string& dbPath, - const std::string& normalizerConfigPath, - const std::string& normalizerType, - const unsigned int inverval = 3600ul, - const bool scanOnStart = true, - const bool hardware = true, - const bool os = true, - const bool network = true, - const bool packages = true, - const bool ports = true, - const bool portsAll = true, - const bool processes = true, - const bool hotfixes = true, - const bool notifyOnFirstScan = false); - - void destroy(); - void push(const std::string& data); - private: - Syscollector(); - ~Syscollector() = default; - Syscollector(const Syscollector&) = delete; - Syscollector& operator=(const Syscollector&) = delete; - - std::string getCreateStatement() const; - nlohmann::json getOSData(); - nlohmann::json getHardwareData(); - nlohmann::json getNetworkData(); - nlohmann::json getPortsData(); - - void registerWithRsync(); - void updateChanges(const std::string& table, - const nlohmann::json& values); - void notifyChange(ReturnTypeCallback result, - const nlohmann::json& data, - const std::string& table); - void scanHardware(); - void scanOs(); - void scanNetwork(); - void scanPackages(); - void scanHotfixes(); - void scanPorts(); - void scanProcesses(); - void syncOs(); - void syncHardware(); - void syncNetwork(); - void syncPackages(); - void syncHotfixes(); - void syncPorts(); - void syncProcesses(); - void scan(); - void sync(); - void syncLoop(std::unique_lock& lock); - void syncAlgorithm(); - std::shared_ptr m_spInfo; - std::function m_reportDiffFunction; - std::function m_reportSyncFunction; - std::function m_logFunction; - std::chrono::seconds m_intervalValue; - std::chrono::seconds m_currentIntervalValue; - bool m_scanOnStart; - bool m_hardware; - bool m_os; - bool m_network; - bool m_packages; - bool m_ports; - bool m_portsAll; - bool m_processes; - bool m_hotfixes; - bool m_stopping; - bool m_notify; - std::unique_ptr m_spDBSync; - std::unique_ptr m_spRsync; - std::condition_variable m_cv; - std::mutex m_mutex; - std::unique_ptr m_spNormalizer; - std::string m_scanTime; - std::chrono::seconds m_lastSyncMsg; -}; - - -#endif //_SYSCOLLECTOR_HPP diff --git a/src/modules/inventory/include/syscollectorNormalizer.h b/src/modules/inventory/include/syscollectorNormalizer.h deleted file mode 100644 index 81f2f76867..0000000000 --- a/src/modules/inventory/include/syscollectorNormalizer.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Wazuh SysCollector - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#ifndef _SYSCOLLECTOR_NORMALIZER_H -#define _SYSCOLLECTOR_NORMALIZER_H -#include -#include -#include - -class SysNormalizer -{ - public: - SysNormalizer(const std::string& configFile, - const std::string& target); - ~SysNormalizer() = default; - void normalize(const std::string& type, - nlohmann::json& data) const; - void removeExcluded(const std::string& type, - nlohmann::json& data) const; - private: - static std::map getTypeValues(const std::string& configFile, - const std::string& target, - const std::string& type); - const std::map m_typeExclusions; - const std::map m_typeDictionary; -}; - - -#endif //_SYSCOLLECTOR_NORMALIZER_H diff --git a/src/modules/inventory/include/wm_syscollector.h b/src/modules/inventory/include/wm_syscollector.h deleted file mode 100644 index de90efa4a3..0000000000 --- a/src/modules/inventory/include/wm_syscollector.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Wazuh Module for System inventory - * Copyright (C) 2015, Wazuh Inc. - * November 17, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "wmodules_def.h" -#include "../os_xml/os_xml.h" - -#ifndef WM_SYSCOLLECTOR -#define WM_SYSCOLLECTOR - -extern const wm_context WM_SYS_CONTEXT; // Context - -#define WM_SYS_LOGTAG ARGV0 ":syscollector" // Tag for log messages -#define WM_SYSCOLLECTOR_DEFAULT_INTERVAL W_HOUR_SECONDS - -typedef struct wm_sys_flags_t { - unsigned int enabled:1; // Main switch - unsigned int scan_on_start:1; // Scan always on start - unsigned int hwinfo:1; // Hardware inventory - unsigned int netinfo:1; // Network inventory - unsigned int osinfo:1; // OS inventory - unsigned int programinfo:1; // Installed packages inventory - unsigned int hotfixinfo:1; // Windows hotfixes installed - unsigned int portsinfo:1; // Opened ports inventory - unsigned int allports:1; // Scan only listening ports or all - unsigned int procinfo:1; // Running processes inventory -} wm_sys_flags_t; - -typedef struct wm_sys_state_t { - time_t next_time; // Absolute time for next scan -} wm_sys_state_t; - -typedef struct wm_sys_db_sync_flags_t { - long sync_max_eps; // Maximum events per second for synchronization messages. -} wm_sys_db_sync_flags_t; - -typedef struct wm_sys_t { - unsigned int interval; // Time interval between cycles (seconds) - wm_sys_flags_t flags; // Flag bitfield - wm_sys_state_t state; // Running state - wm_sys_db_sync_flags_t sync; // Database synchronization value -} wm_sys_t; - -// Parse XML configuration -int wm_syscollector_read(const OS_XML *xml, XML_NODE node, wmodule *module); - -#endif diff --git a/src/modules/inventory/norm_config.json b/src/modules/inventory/norm_config.json index 953a7df205..6feb33abd7 100644 --- a/src/modules/inventory/norm_config.json +++ b/src/modules/inventory/norm_config.json @@ -141,4 +141,4 @@ "replace_value":"Antivirus" } ] -} \ No newline at end of file +} diff --git a/src/modules/inventory/src/inventory.cpp b/src/modules/inventory/src/inventory.cpp new file mode 100644 index 0000000000..b217acd5fa --- /dev/null +++ b/src/modules/inventory/src/inventory.cpp @@ -0,0 +1,137 @@ +#include + +#include +#include +#include +#include +#include + + +void Inventory::Start() { + + if (!m_enabled) { + LogInfo("Inventory module is disabled."); + return; + } + + LogInfo("Inventory module started."); + + ShowConfig(); + + DBSync::initialize(LogErrorInventory); + + try + { + Inventory::Instance().Init(std::make_shared(), + [this](const std::string& diff) { this->SendDeltaEvent(diff); }, + m_dbFilePath, + INVENTORY_NORM_CONFIG_DISK_PATH, + INVENTORY_NORM_TYPE); + } + catch (const std::exception& ex) + { + LogErrorInventory(ex.what()); + } + + LogInfo("Inventory module finished."); + +} + +void Inventory::Setup(std::shared_ptr configurationParser) { + if (!configurationParser) { + LogError("Invalid Configuration Parser passed to setup, module set to disabled."); + m_enabled = false; + return; + } + + m_enabled = configurationParser->GetConfig( "inventory", "enabled").value_or(config::inventory::DEFAULT_ENABLED); + m_dbFilePath = configurationParser->GetConfig("agent", "path.data").value_or(config::DEFAULT_DATA_PATH) + "/" + INVENTORY_DB_DISK_NAME; + m_intervalValue = configurationParser->GetConfig("inventory", "interval").value_or(config::inventory::DEFAULT_INTERVAL); + m_scanOnStart = configurationParser->GetConfig("inventory", "scan_on_start").value_or(config::inventory::DEFAULT_SCAN_ON_START); + m_hardware = configurationParser->GetConfig("inventory", "hardware").value_or(config::inventory::DEFAULT_HARDWARE); + m_system = configurationParser->GetConfig("inventory", "system").value_or(config::inventory::DEFAULT_OS); + m_networks = configurationParser->GetConfig("inventory", "networks").value_or(config::inventory::DEFAULT_NETWORK); + m_packages = configurationParser->GetConfig("inventory", "packages").value_or(config::inventory::DEFAULT_PACKAGES); + m_ports = configurationParser->GetConfig("inventory", "ports").value_or(config::inventory::DEFAULT_PORTS); + m_portsAll = configurationParser->GetConfig("inventory", "ports_all").value_or(config::inventory::DEFAULT_PORTS_ALL); + m_processes = configurationParser->GetConfig("inventory", "processes").value_or(config::inventory::DEFAULT_PROCESSES); + m_hotfixes = configurationParser->GetConfig("inventory", "hotfixes").value_or(config::inventory::DEFAULT_HOTFIXES); +} + +void Inventory::Stop() { + LogInfo("Inventory module stopped."); + Inventory::Instance().Destroy(); +} + +// NOLINTNEXTLINE(performance-unnecessary-value-param) +Co_CommandExecutionResult Inventory::ExecuteCommand(const std::string command, [[maybe_unused]] const nlohmann::json parameters) { + LogInfo("Command: {}", command); + co_return module_command::CommandExecutionResult{module_command::Status::SUCCESS, "OK"}; +} + +void Inventory::SetPushMessageFunction(const std::function& pushMessage) { + m_pushMessage = pushMessage; +} + +void Inventory::SendDeltaEvent(const std::string& data) { + + const auto jsonData = nlohmann::json::parse(data); + auto metadata = nlohmann::json::object(); + + metadata["module"] = Name(); + metadata["type"] = jsonData["type"]; + metadata["operation"] = jsonData["operation"]; + metadata["id"] = jsonData["id"]; + + const Message statefulMessage{ MessageType::STATEFUL, metadata["operation"] == "delete" ? "{}"_json : jsonData["data"], Name(), jsonData["type"], metadata.dump() }; + + if(!m_pushMessage(statefulMessage)) { + LogWarn("Stateful event can't be pushed into the message queue: {}", data); + } + else { + LogTrace("Stateful event queued: {}, metadata {}", data, metadata.dump()); + } +} + +void Inventory::ShowConfig() +{ + cJSON * configJson = Dump(); + if (configJson) { + char * configString = cJSON_PrintUnformatted(configJson); + if (configString) { + LogTrace("{}", configString); + cJSON_free(configString); + } + cJSON_Delete(configJson); + } +} + +cJSON * Inventory::Dump() const +{ + cJSON *rootJson = cJSON_CreateObject(); + cJSON *invJson = cJSON_CreateObject(); + + // System provider values + if (m_enabled) cJSON_AddStringToObject(invJson,"enabled","yes"); else cJSON_AddStringToObject(invJson,"enabled","no"); + if (m_scanOnStart) cJSON_AddStringToObject(invJson,"scan-on-start","yes"); else cJSON_AddStringToObject(invJson,"scan-on-start","no"); + cJSON_AddNumberToObject(invJson, "interval", static_cast(m_intervalValue)); + if (m_networks) cJSON_AddStringToObject(invJson,"networks","yes"); else cJSON_AddStringToObject(invJson,"networks","no"); + if (m_system) cJSON_AddStringToObject(invJson,"system","yes"); else cJSON_AddStringToObject(invJson,"system","no"); + if (m_hardware) cJSON_AddStringToObject(invJson,"hardware","yes"); else cJSON_AddStringToObject(invJson,"hardware","no"); + if (m_packages) cJSON_AddStringToObject(invJson,"packages","yes"); else cJSON_AddStringToObject(invJson,"packages","no"); + if (m_ports) cJSON_AddStringToObject(invJson,"ports","yes"); else cJSON_AddStringToObject(invJson,"ports","no"); + if (m_portsAll) cJSON_AddStringToObject(invJson,"ports_all","yes"); else cJSON_AddStringToObject(invJson,"ports_all","no"); + if (m_processes) cJSON_AddStringToObject(invJson,"processes","yes"); else cJSON_AddStringToObject(invJson,"processes","no"); +#ifdef WIN32 + if (m_hotfixes) cJSON_AddStringToObject(invJson,"hotfixes","yes"); else cJSON_AddStringToObject(invJson,"hotfixes","no"); +#endif + + cJSON_AddItemToObject(rootJson,"inventory",invJson); + + return rootJson; +} + +void Inventory::LogErrorInventory(const std::string& log) +{ + LogError("{}", log.c_str()); +} diff --git a/src/modules/inventory/src/inventoryImp.cpp b/src/modules/inventory/src/inventoryImp.cpp new file mode 100644 index 0000000000..558a1fb53d --- /dev/null +++ b/src/modules/inventory/src/inventoryImp.cpp @@ -0,0 +1,1016 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +constexpr std::time_t INVENTORY_DEFAULT_INTERVAL { 3600000 }; +constexpr auto UNKNOWN_VALUE {" "}; +constexpr auto EMPTY_VALUE {""}; +constexpr auto UNKNOWN_DATE = nullptr; +constexpr size_t MAX_ID_SIZE = 512; + +constexpr auto QUEUE_SIZE +{ + 4096 +}; + +static const std::map OPERATION_MAP +{ + // LCOV_EXCL_START + {MODIFIED, "update"}, + {DELETED, "delete"}, + {INSERTED, "create"}, + {MAX_ROWS, "max_rows"}, + {DB_ERROR, "db_error"}, + {SELECTED, "selected"}, + // LCOV_EXCL_STOP +}; + +constexpr auto OS_SQL_STATEMENT +{ + R"(CREATE TABLE system ( + hostname TEXT, + architecture TEXT, + os_name TEXT, + os_version TEXT, + os_codename TEXT, + os_major TEXT, + os_minor TEXT, + os_patch TEXT, + os_build TEXT, + os_platform TEXT, + sysname TEXT, + release TEXT, + version TEXT, + os_release TEXT, + os_display_version TEXT, + checksum TEXT, + PRIMARY KEY (os_name)) WITHOUT ROWID;)" +}; + +constexpr auto HW_SQL_STATEMENT +{ + R"(CREATE TABLE hardware ( + board_serial TEXT, + cpu_name TEXT, + cpu_cores INTEGER, + cpu_mhz DOUBLE, + ram_total INTEGER, + ram_free INTEGER, + ram_usage INTEGER, + checksum TEXT, + PRIMARY KEY (board_serial)) WITHOUT ROWID;)" +}; + +constexpr auto HOTFIXES_SQL_STATEMENT +{ + R"(CREATE TABLE hotfixes( + hotfix TEXT, + checksum TEXT, + PRIMARY KEY (hotfix)) WITHOUT ROWID;)" +}; + +constexpr auto PACKAGES_SQL_STATEMENT +{ + R"(CREATE TABLE packages( + name TEXT, + version TEXT, + vendor TEXT, + install_time TEXT, + location TEXT, + architecture TEXT, + groups TEXT, + description TEXT, + size INTEGER, + priority TEXT, + multiarch TEXT, + source TEXT, + format TEXT, + checksum TEXT, + item_id TEXT, + PRIMARY KEY (name,version,architecture,format,location)) WITHOUT ROWID;)" +}; +static const std::vector PACKAGES_ITEM_ID_FIELDS{"name", "version", "architecture", "format", "location"}; + +constexpr auto PROCESSES_SQL_STATEMENT +{ + R"(CREATE TABLE processes ( + pid TEXT, + name TEXT, + state TEXT, + ppid BIGINT, + utime BIGINT, + stime BIGINT, + cmd TEXT, + argvs TEXT, + euser TEXT, + ruser TEXT, + suser TEXT, + egroup TEXT, + rgroup TEXT, + sgroup TEXT, + fgroup TEXT, + priority BIGINT, + nice BIGINT, + size BIGINT, + vm_size BIGINT, + resident BIGINT, + share BIGINT, + start_time BIGINT, + pgrp BIGINT, + session BIGINT, + nlwp BIGINT, + tgid BIGINT, + tty BIGINT, + processor BIGINT, + checksum TEXT, + PRIMARY KEY (pid)) WITHOUT ROWID;)" +}; + +constexpr auto PORTS_SQL_STATEMENT +{ + R"(CREATE TABLE ports ( + protocol TEXT, + local_ip TEXT, + local_port BIGINT, + remote_ip TEXT, + remote_port BIGINT, + tx_queue BIGINT, + rx_queue BIGINT, + inode BIGINT, + state TEXT, + pid BIGINT, + process TEXT, + checksum TEXT, + item_id TEXT, + PRIMARY KEY (inode,protocol,local_ip,local_port)) WITHOUT ROWID;)" +}; +static const std::vector PORTS_ITEM_ID_FIELDS{"inode", "protocol", "local_ip", "local_port"}; + +constexpr auto NETWORK_SQL_STATEMENT +{ + R"(CREATE TABLE networks ( + iface TEXT, + adapter TEXT, + iface_type TEXT, + state TEXT, + mtu BIGINT, + mac TEXT, + tx_packets INTEGER, + rx_packets INTEGER, + tx_bytes BIGINT, + rx_bytes BIGINT, + tx_errors INTEGER, + rx_errors INTEGER, + tx_dropped INTEGER, + rx_dropped INTEGER, + proto_type TEXT, + gateway TEXT, + dhcp TEXT NOT NULL CHECK (dhcp IN ('enabled', 'disabled', 'unknown', 'BOOTP')) DEFAULT 'unknown', + metric TEXT, + address TEXT, + netmask TEXT, + broadcast TEXT, + network_item_id TEXT, + network_checksum TEXT, + PRIMARY KEY (iface, adapter, iface_type, proto_type, address) + ) WITHOUT ROWID;)" +}; + +static const std::vector NETWORK_ITEM_ID_FIELDS{"iface", "adapter", "iface_type", "proto_type", "address"}; + +constexpr auto NETWORKS_TABLE { "networks" }; +constexpr auto PACKAGES_TABLE { "packages" }; +constexpr auto HOTFIXES_TABLE { "hotfixes" }; +constexpr auto PORTS_TABLE { "ports" }; +constexpr auto PROCESSES_TABLE { "processes" }; +constexpr auto OS_TABLE { "system" }; +constexpr auto HW_TABLE { "hardware" }; + + +static std::string GetItemId(const nlohmann::json& item, const std::vector& idFields) +{ + Utils::HashData hash; + + for (const auto& field : idFields) + { + const auto& value{item.at(field)}; + + if (value.is_string()) + { + const auto& valueString{value.get()}; + hash.update(valueString.c_str(), valueString.size()); + } + else + { + const auto& valueNumber{value.get()}; + const auto valueString{std::to_string(valueNumber)}; + hash.update(valueString.c_str(), valueString.size()); + } + } + + return Utils::asciiToHex(hash.hash()); +} + +static bool IsElementDuplicated(const nlohmann::json& input, const std::pair& keyValue) +{ + const auto it + { + std::find_if (input.begin(), input.end(), [&keyValue](const auto & elem) + { + return elem.at(keyValue.first) == keyValue.second; + }) + }; + return it != input.end(); +} + +nlohmann::json Inventory::EcsData(const nlohmann::json& data, const std::string& table) +{ + nlohmann::json ret; + if(table == HW_TABLE) + { + ret = EcsHardwareData(data); + } + else if (table == OS_TABLE) + { + ret = EcsSystemData(data); + } + else if (table == PACKAGES_TABLE) + { + ret = EcsPackageData(data); + } + else if (table == PROCESSES_TABLE) + { + ret = EcsProcessesData(data); + } + else if(table == HOTFIXES_TABLE) + { + ret = EcsHotfixesData(data); + } + else if (table == PORTS_TABLE) + { + ret = EcsPortData(data); + } + else if (table == NETWORKS_TABLE) + { + ret = EcsNetworkData(data); + } + return ret; +} + +std::string Inventory::GetPrimaryKeys([[maybe_unused]] const nlohmann::json& data, const std::string& table) +{ + std::string ret; + if (table == HW_TABLE) + { + ret = data["observer"]["serial_number"]; + } + else if (table == OS_TABLE) + { + ret = data["host"]["os"]["name"]; + } + else if (table == PACKAGES_TABLE) + { + ret = data["package"]["name"].get() + ":" + data["package"]["version"].get() + ":" + data["package"]["architecture"].get() + ":" + data["package"]["type"].get() + ":" + data["package"]["path"].get(); + } + else if (table == PROCESSES_TABLE) + { + ret = data["process"]["pid"]; + } + else if(table == HOTFIXES_TABLE) + { + ret = data["package"]["hotfix"]["name"]; + } + else if (table == PORTS_TABLE) + { + ret = std::to_string(data["file"]["inode"].get()) + ":" + data["network"]["protocol"].get() + ":" + data["source"]["ip"][0].get() + ":" + std::to_string(data["source"]["port"].get()); + } + else if (table == NETWORKS_TABLE) + { + ret = data["observer"]["ingress"]["interface"]["name"].get() + ":" + data["observer"]["ingress"]["interface"]["alias"].get() + ":" + data["network"]["type"].get() + ":" + data["network"]["protocol"].get() + ":" + data["host"]["ip"][0].get(); + } + return ret; +} + +std::string Inventory::CalculateBase64Id(const nlohmann::json& data, const std::string& table) +{ + std::string primaryKey = GetPrimaryKeys(data, table); + std::string baseId = AgentUUID() + ":" + primaryKey; + std::string idBase64; + idBase64.resize(boost::beast::detail::base64::encoded_size(baseId.size())); + boost::beast::detail::base64::encode(&idBase64[0], baseId.c_str(), baseId.size()); + return idBase64; +} + +void Inventory::NotifyChange(ReturnTypeCallback result, const nlohmann::json& data, const std::string& table) +{ + if (DB_ERROR == result) + { + LogErrorInventory(data.dump()); + } + else if (m_notify && !m_stopping) + { + + if (data.is_array()) + { + for (const auto& item : data) + { + nlohmann::json msg; + msg["type"] = table; + msg["operation"] = OPERATION_MAP.at(result); + msg["data"] = EcsData(item, table); + msg["id"] = CalculateBase64Id(msg["data"], table); + + if (msg["id"].is_string() && msg["id"].get().size() <= MAX_ID_SIZE) + { + msg["data"]["@timestamp"] = m_scanTime; + const auto msgToSend{msg.dump()}; + m_reportDiffFunction(msgToSend); + } + else + { + LogWarn("Event discarded for exceeding maximum size allowed in id field."); + LogTrace("Event discarded: {}", msg.dump()); + } + } + } + else + { + // LCOV_EXCL_START + nlohmann::json msg; + msg["type"] = table; + msg["operation"] = OPERATION_MAP.at(result); + msg["data"] = EcsData(data, table); + msg["id"] = CalculateBase64Id(msg["data"], table); + + if (msg["id"].is_string() && msg["id"].get().size() <= MAX_ID_SIZE) + { + msg["data"]["@timestamp"] = m_scanTime; + const auto msgToSend{msg.dump()}; + m_reportDiffFunction(msgToSend); + } + else + { + LogWarn("Event discarded for exceeding maximum size allowed in id field."); + LogTrace("Event discarded: {}", msg.dump()); + } + + // LCOV_EXCL_STOP + } + } +} + +void Inventory::UpdateChanges(const std::string& table, + const nlohmann::json& values) +{ + const auto callback + { + [this, table](ReturnTypeCallback result, const nlohmann::json & data) + { + NotifyChange(result, data, table); + } + }; + + std::unique_lock lock{m_mutex}; + DBSyncTxn txn + { + m_spDBSync->handle(), + nlohmann::json{table}, + 0, + QUEUE_SIZE, + callback + }; + nlohmann::json input; + input["table"] = table; + input["data"] = values; + txn.syncTxnRow(input); + txn.getDeletedRows(callback); +} + +void Inventory::TryCatchTask(const std::function& task) const +{ + try + { + if (!m_stopping) + { + task(); + } + else + { + LogTrace("No Scanning during stopping"); + } + } + catch (const std::exception& ex) + { + LogError("{}",std::string{ex.what()}); + } +} + +Inventory::Inventory() + : m_enabled { true } + , m_dbFilePath { std::string(config::DEFAULT_DATA_PATH) + "/" + INVENTORY_DB_DISK_NAME } + , m_intervalValue { INVENTORY_DEFAULT_INTERVAL } + , m_scanOnStart { true } + , m_hardware { true } + , m_system { true } + , m_networks { true } + , m_packages { true } + , m_ports { true } + , m_portsAll { true } + , m_processes { true } + , m_hotfixes { true } + , m_stopping { true } + , m_notify { true } +{} + +std::string Inventory::GetCreateStatement() const +{ + std::string ret; + + ret += OS_SQL_STATEMENT; + ret += HW_SQL_STATEMENT; + ret += PACKAGES_SQL_STATEMENT; + ret += HOTFIXES_SQL_STATEMENT; + ret += PROCESSES_SQL_STATEMENT; + ret += PORTS_SQL_STATEMENT; + ret += NETWORK_SQL_STATEMENT; + return ret; +} + +void Inventory::Init(const std::shared_ptr& spInfo, + const std::function& reportDiffFunction, + const std::string& dbPath, + const std::string& normalizerConfigPath, + const std::string& normalizerType) +{ + m_spInfo = spInfo; + m_reportDiffFunction = reportDiffFunction; + + { + std::unique_lock lock{m_mutex}; + m_stopping = false; + m_spDBSync = std::make_unique(HostType::AGENT, + DbEngineType::SQLITE3, + dbPath, + GetCreateStatement(), + DbManagement::PERSISTENT); + m_spNormalizer = std::make_unique(normalizerConfigPath, normalizerType); + } + + SyncLoop(); +} + +void Inventory::Destroy() +{ + std::unique_lock lock{m_mutex}; + m_stopping = true; + m_cv.notify_all(); +} + + +nlohmann::json Inventory::EcsHardwareData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["observer"]["serial_number"] = originalData.contains("board_serial") ? originalData["board_serial"] : ""; + ret["host"]["cpu"]["name"] = originalData.contains("cpu_name") ? originalData["cpu_name"] : ""; + ret["host"]["cpu"]["cores"] = originalData.contains("cpu_cores") ? originalData["cpu_cores"] : nlohmann::json(0); + ret["host"]["cpu"]["speed"] = originalData.contains("cpu_mhz") ? originalData["cpu_mhz"] : nlohmann::json(0); + ret["host"]["memory"]["total"] = originalData.contains("ram_total") ? originalData["ram_total"] : nlohmann::json(0); + ret["host"]["memory"]["free"] = originalData.contains("ram_free") ? originalData["ram_free"] : nlohmann::json(0); + ret["host"]["memory"]["used"]["percentage"] = originalData.contains("ram_usage") ? originalData["ram_usage"] : nlohmann::json(0); + + return ret; +} + +nlohmann::json Inventory::EcsSystemData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["host"]["architecture"] = originalData.contains("architecture") ? originalData["architecture"] : ""; + ret["host"]["hostname"] = originalData.contains("hostname") ? originalData["hostname"] : ""; + ret["host"]["os"]["kernel"] = originalData.contains("os_build") ? originalData["os_build"] : ""; + ret["host"]["os"]["full"] = originalData.contains("os_codename") ? originalData["os_codename"] : ""; + ret["host"]["os"]["name"] = originalData.contains("os_name") ? originalData["os_name"] : ""; + ret["host"]["os"]["platform"] = originalData.contains("os_platform") ? originalData["os_platform"] : ""; + ret["host"]["os"]["version"]= originalData.contains("os_version") ? originalData["os_version"] : ""; + ret["host"]["os"]["type"]= originalData.contains("sysname") ? originalData["sysname"] : ""; + + return ret; +} + +nlohmann::json Inventory::EcsPackageData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["package"]["architecture"] = originalData.contains("architecture") ? originalData["architecture"] : ""; + ret["package"]["description"] = originalData.contains("description") ? originalData["description"] : ""; + + if (originalData.contains("install_time") && !originalData["install_time"].empty() && originalData["install_time"] != UNKNOWN_VALUE) { + ret["package"]["installed"] = originalData["install_time"]; + } + else { + ret["package"]["installed"] = UNKNOWN_DATE; + } + + ret["package"]["name"] = originalData.contains("name") ? originalData["name"] : ""; + ret["package"]["path"] = originalData.contains("location") ? originalData["location"] : ""; + ret["package"]["size"] = originalData.contains("size") ? originalData["size"] : nlohmann::json(0); + ret["package"]["type"] = originalData.contains("format") ? originalData["format"] : ""; + ret["package"]["version"] = originalData.contains("version") ? originalData["version"] : ""; + + return ret; +} + +nlohmann::json Inventory::EcsProcessesData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["process"]["pid"] = originalData.contains("pid") ? originalData["pid"] : nlohmann::json(0); + ret["process"]["name"] = originalData.contains("name") ? originalData["name"] : ""; + ret["process"]["parent"]["pid"] = originalData.contains("ppid") ? originalData["ppid"] : nlohmann::json(0); + ret["process"]["command_line"] = originalData.contains("cmd") ? originalData["cmd"] : ""; + ret["process"]["args"] = originalData.contains("argvs") ? originalData["argvs"] : ""; + ret["process"]["user"]["id"] = originalData.contains("euser") ? originalData["euser"] : ""; + ret["process"]["real_user"]["id"]= originalData.contains("ruser") ? originalData["ruser"] : ""; + ret["process"]["saved_user"]["id"]= originalData.contains("suser") ? originalData["suser"] : ""; + ret["process"]["group"]["id"]= originalData.contains("egroup") ? originalData["egroup"] : ""; + ret["process"]["real_group"]["id"]= originalData.contains("rgroup") ? originalData["rgroup"] : ""; + ret["process"]["saved_group"]["id"]= originalData.contains("sgroup") ? originalData["sgroup"] : ""; + + if (originalData.contains("start_time") && !originalData["start_time"].empty() && originalData["start_time"] != UNKNOWN_VALUE) { + ret["process"]["start"] = originalData["start_time"]; + } + else { + ret["process"]["start"] = UNKNOWN_DATE; + } + + ret["process"]["thread"]["id"]= originalData.contains("tgid") ? originalData["tgid"] : ""; + ret["process"]["tty"]["char_device"]["major"]= originalData.contains("tty") ? originalData["tty"] : ""; + + return ret; +} + +nlohmann::json Inventory::EcsHotfixesData(const nlohmann::json& originalData){ + + nlohmann::json ret; + + ret["package"]["hotfix"]["name"] = originalData.contains("hotfix") ? originalData["hotfix"] : ""; + + return ret; +} + +nlohmann::json Inventory::EcsPortData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["network"]["protocol"] = originalData.contains("protocol") ? originalData["protocol"] : ""; + + ret["source"]["ip"] = nlohmann::json::array(); + if (originalData.contains("local_ip") && + !originalData["local_ip"].empty() && + originalData["local_ip"] != UNKNOWN_VALUE && + originalData["local_ip"] != EMPTY_VALUE) + { + ret["source"]["ip"].push_back(originalData["local_ip"]); + } + + ret["source"]["port"] = originalData.contains("local_port") ? originalData["local_port"] : nlohmann::json(0); + + ret["destination"]["ip"] = nlohmann::json::array(); + if (originalData.contains("remote_ip") && + !originalData["remote_ip"].empty() && + originalData["remote_ip"] != UNKNOWN_VALUE && + originalData["remote_ip"] != EMPTY_VALUE) + { + ret["destination"]["ip"].push_back(originalData["remote_ip"]); + } + + ret["destination"]["port"] = originalData.contains("remote_port") ? originalData["remote_port"] : nlohmann::json(0); + ret["host"]["network"]["egress"]["queue"] = originalData.contains("tx_queue") ? originalData["tx_queue"] : nlohmann::json(0); + ret["host"]["network"]["ingress"]["queue"] = originalData.contains("rx_queue") ? originalData["rx_queue"] : nlohmann::json(0); + ret["file"]["inode"] = originalData.contains("inode") ? originalData["inode"] : nlohmann::json(0); + ret["interface"]["state"] = originalData.contains("state") ? originalData["state"] : ""; + ret["process"]["pid"] = originalData.contains("pid") ? originalData["pid"] : nlohmann::json(0); + ret["process"]["name"] = originalData.contains("process") ? originalData["process"] : ""; + ret["device"]["id"] = originalData.contains("item_id") ? originalData["item_id"] : ""; + + return ret; +} + +nlohmann::json Inventory::EcsNetworkData(const nlohmann::json& originalData) +{ + nlohmann::json ret; + + ret["host"]["ip"] = nlohmann::json::array(); + if (originalData.contains("address") && + !originalData["address"].empty() && + originalData["address"] != UNKNOWN_VALUE && + originalData["address"] != EMPTY_VALUE) + { + ret["host"]["ip"].push_back(originalData["address"]); + } + + ret["host"]["mac"] = originalData.contains("mac") ? originalData["mac"] : ""; + ret["host"]["network"]["egress"]["bytes"] = originalData.contains("tx_bytes") ? originalData["tx_bytes"] : nlohmann::json(0); + ret["host"]["network"]["egress"]["packets"] = originalData.contains("tx_packets") ? originalData["tx_packets"] : nlohmann::json(0); + ret["host"]["network"]["ingress"]["bytes"] = originalData.contains("rx_bytes") ? originalData["rx_bytes"] : nlohmann::json(0); + ret["host"]["network"]["ingress"]["packets"] = originalData.contains("rx_packets") ? originalData["rx_packets"] : nlohmann::json(0); + ret["host"]["network"]["egress"]["drops"] = originalData.contains("rx_dropped") ? originalData["rx_dropped"] : nlohmann::json(0); + ret["host"]["network"]["egress"]["errors"] = originalData.contains("tx_errors") ? originalData["tx_errors"] : nlohmann::json(0); + ret["host"]["network"]["ingress"]["drops"] = originalData.contains("tx_dropped") ? originalData["tx_dropped"] : nlohmann::json(0); + ret["host"]["network"]["ingress"]["errors"] = originalData.contains("rx_errors") ? originalData["rx_errors"] : nlohmann::json(0); + + ret["interface"]["mtu"] = originalData.contains("mtu") ? originalData["mtu"] : nlohmann::json(0); + ret["interface"]["state"] = originalData.contains("state") ? originalData["state"] : ""; + ret["interface"]["type"] = originalData.contains("iface_type") ? originalData["iface_type"] : ""; + + ret["network"]["netmask"] = nlohmann::json::array(); + if (originalData.contains("netmask") && + !originalData["netmask"].empty() && + originalData["netmask"] != UNKNOWN_VALUE && + originalData["netmask"] != EMPTY_VALUE) + { + ret["network"]["netmask"].push_back(originalData["netmask"]); + } + + ret["network"]["gateway"] = nlohmann::json::array(); + if (originalData.contains("gateway") && + !originalData["gateway"].empty() && + originalData["gateway"] != UNKNOWN_VALUE && + originalData["gateway"] != EMPTY_VALUE) + { + ret["network"]["gateway"].push_back(originalData["gateway"]); + } + + ret["network"]["broadcast"] = nlohmann::json::array(); + if (originalData.contains("broadcast") && + !originalData["broadcast"].empty() && + originalData["broadcast"] != UNKNOWN_VALUE && + originalData["broadcast"] != EMPTY_VALUE) + { + ret["network"]["broadcast"].push_back(originalData["broadcast"]); + } + + ret["network"]["dhcp"] = originalData.contains("dhcp") ? originalData["dhcp"] : ""; + ret["network"]["type"] = originalData.contains("proto_type") ? originalData["proto_type"] : ""; + ret["network"]["metric"] = originalData.contains("metric") ? originalData["metric"] : "0"; + /* TODO this field should include http or https, it's related to an application not to a interface */ + ret["network"]["protocol"] = ""; + + ret["observer"]["ingress"]["interface"]["alias"] = originalData.contains("adapter") ? originalData["adapter"] : ""; + ret["observer"]["ingress"]["interface"]["name"] = originalData.contains("iface") ? originalData["iface"] : ""; + + return ret; +} + +nlohmann::json Inventory::GetHardwareData() +{ + nlohmann::json ret; + ret[0] = m_spInfo->hardware(); + return ret; +} + +void Inventory::ScanHardware() +{ + if (m_hardware) + { + LogTrace( "Starting hardware scan"); + const auto& hwData{GetHardwareData()}; + UpdateChanges(HW_TABLE, hwData); + LogTrace( "Ending hardware scan"); + } +} + +nlohmann::json Inventory::GetOSData() +{ + nlohmann::json ret; + ret[0] = m_spInfo->os(); + return ret; +} + +void Inventory::ScanOs() +{ + if (m_system) + { + LogTrace( "Starting os scan"); + const auto& osData{GetOSData()}; + UpdateChanges(OS_TABLE, osData); + LogTrace( "Ending os scan"); + } +} + +nlohmann::json Inventory::GetNetworkData() +{ + nlohmann::json ret ; + nlohmann::json networkTableData {}; + constexpr auto IPV4 { 0 }; + constexpr auto IPV6 { 1 }; + static const std::map IP_TYPE + { + { IPV4, "ipv4" }, + { IPV6, "ipv6" } + }; + + const auto& networks { m_spInfo->networks() }; + + ret[NETWORKS_TABLE] = nlohmann::json::array(); + if (!networks.is_null()) + { + const auto& itIface { networks.find("iface") }; + + if (networks.end() != itIface) + { + for (const auto& item : itIface.value()) + { + networkTableData["iface"] = item.at("name"); + networkTableData["adapter"] = item.at("adapter"); + networkTableData["iface_type"] = item.at("type"); + networkTableData["state"] = item.at("state"); + networkTableData["mtu"] = item.at("mtu"); + networkTableData["mac"] = item.at("mac"); + networkTableData["tx_packets"] = item.at("tx_packets"); + networkTableData["rx_packets"] = item.at("rx_packets"); + networkTableData["tx_errors"] = item.at("tx_errors"); + networkTableData["rx_errors"] = item.at("rx_errors"); + networkTableData["tx_bytes"] = item.at("tx_bytes"); + networkTableData["rx_bytes"] = item.at("rx_bytes"); + networkTableData["tx_dropped"] = item.at("tx_dropped"); + networkTableData["rx_dropped"] = item.at("rx_dropped"); + networkTableData["gateway"] = item.at("gateway"); + + if (item.find("IPv4") != item.end()) + { + for (auto addressTableData : item.at("IPv4")) + { + nlohmann::json networkAddressData {}; + networkAddressData["proto_type"] = IP_TYPE.at(IPV4); + networkAddressData["address"] = addressTableData.at("address"); + networkAddressData["broadcast"] = addressTableData.at("broadcast"); + networkAddressData["dhcp"] = addressTableData.at("dhcp"); + networkAddressData["metric"] = addressTableData.at("metric"); + networkAddressData["netmask"] = addressTableData.at("netmask"); + networkTableData.update(networkAddressData); + + networkTableData["network_item_id"] = GetItemId(networkTableData, NETWORK_ITEM_ID_FIELDS); + + ret[NETWORKS_TABLE].push_back(networkTableData); + } + } + + if (item.find("IPv6") != item.end()) + { + for (auto addressTableData : item.at("IPv6")) + { + nlohmann::json networkAddressData {}; + networkAddressData["proto_type"] = IP_TYPE.at(IPV6); + networkAddressData["address"] = addressTableData.at("address"); + networkAddressData["broadcast"] = addressTableData.at("broadcast"); + networkAddressData["dhcp"] = addressTableData.at("dhcp"); + networkAddressData["metric"] = addressTableData.at("metric"); + networkAddressData["netmask"] = addressTableData.at("netmask"); + networkTableData.update(networkAddressData); + + networkTableData["network_item_id"] = GetItemId(networkTableData, NETWORK_ITEM_ID_FIELDS); + + ret[NETWORKS_TABLE].push_back(networkTableData); + } + } + } + } + } + + return ret; +} + +void Inventory::ScanNetwork() +{ + if (m_networks) + { + LogTrace( "Starting network scan"); + const auto networkData(GetNetworkData()); + + if (!networkData.is_null()) + { + const auto itNet { networkData.find(NETWORKS_TABLE) }; + + if (itNet != networkData.end()) + { + UpdateChanges(NETWORKS_TABLE, itNet.value()); + } + } + + LogTrace( "Ending network scan"); + } +} + +void Inventory::ScanPackages() +{ + if (m_packages) + { + LogTrace( "Starting packages scan"); + const auto callback + { + [this](ReturnTypeCallback result, const nlohmann::json & data) + { + NotifyChange(result, data, PACKAGES_TABLE); + } + }; + + std::unique_lock lock{m_mutex}; + DBSyncTxn txn + { + m_spDBSync->handle(), + nlohmann::json{PACKAGES_TABLE}, + 0, + QUEUE_SIZE, + callback + }; + m_spInfo->packages([this, &txn](nlohmann::json & rawData) + { + nlohmann::json input; + + rawData["item_id"] = GetItemId(rawData, PACKAGES_ITEM_ID_FIELDS); + + input["table"] = PACKAGES_TABLE; + m_spNormalizer->Normalize("packages", rawData); + m_spNormalizer->RemoveExcluded("packages", rawData); + + if (!rawData.empty()) + { + input["data"] = nlohmann::json::array( { rawData } ); + txn.syncTxnRow(input); + } + }); + txn.getDeletedRows(callback); + + LogTrace( "Ending packages scan"); + } +} + +void Inventory::ScanHotfixes() +{ + if (m_hotfixes) + { + LogTrace( "Starting hotfixes scan"); + auto hotfixes = m_spInfo->hotfixes(); + + if (!hotfixes.is_null()) + { + UpdateChanges(HOTFIXES_TABLE, hotfixes); + } + + LogTrace( "Ending hotfixes scan"); + } +} + +nlohmann::json Inventory::GetPortsData() +{ + nlohmann::json ret; + constexpr auto PORT_LISTENING_STATE { "listening" }; + constexpr auto TCP_PROTOCOL { "tcp" }; + constexpr auto UDP_PROTOCOL { "udp" }; + auto data(m_spInfo->ports()); + + if (!data.is_null()) + { + for (auto& item : data) + { + const auto protocol { item.at("protocol").get_ref() }; + + if (Utils::startsWith(protocol, TCP_PROTOCOL)) + { + // All ports. + if (m_portsAll) + { + const auto& itemId { GetItemId(item, PORTS_ITEM_ID_FIELDS) }; + + if (!IsElementDuplicated(ret, std::make_pair("item_id", itemId))) + { + item["item_id"] = itemId; + ret.push_back(item); + } + } + else + { + // Only listening ports. + const auto isListeningState { item.at("state") == PORT_LISTENING_STATE }; + + if (isListeningState) + { + const auto& itemId { GetItemId(item, PORTS_ITEM_ID_FIELDS) }; + + if (!IsElementDuplicated(ret, std::make_pair("item_id", itemId))) + { + item["item_id"] = itemId; + ret.push_back(item); + } + } + } + } + else if (Utils::startsWith(protocol, UDP_PROTOCOL)) + { + const auto& itemId { GetItemId(item, PORTS_ITEM_ID_FIELDS) }; + + if (!IsElementDuplicated(ret, std::make_pair("item_id", itemId))) + { + item["item_id"] = itemId; + ret.push_back(item); + } + } + } + } + + return ret; +} + +void Inventory::ScanPorts() +{ + if (m_ports) + { + LogTrace( "Starting ports scan"); + const auto& portsData { GetPortsData() }; + UpdateChanges(PORTS_TABLE, portsData); + LogTrace( "Ending ports scan"); + } +} + +void Inventory::ScanProcesses() +{ + if (m_processes) + { + LogTrace( "Starting processes scan"); + const auto callback + { + [this](ReturnTypeCallback result, const nlohmann::json & data) + { + NotifyChange(result, data, PROCESSES_TABLE); + } + }; + std::unique_lock lock{m_mutex}; + DBSyncTxn txn + { + m_spDBSync->handle(), + nlohmann::json{PROCESSES_TABLE}, + 0, + QUEUE_SIZE, + callback + }; + m_spInfo->processes([&txn](nlohmann::json & rawData) + { + nlohmann::json input; + + input["table"] = PROCESSES_TABLE; + input["data"] = nlohmann::json::array( { rawData } ); + + txn.syncTxnRow(input); + }); + txn.getDeletedRows(callback); + + LogTrace( "Ending processes scan"); + } +} + +void Inventory::Scan() +{ + LogInfo("Starting evaluation."); + m_scanTime = Utils::getCurrentISO8601(); + + TryCatchTask([&]() { ScanHardware(); }); + TryCatchTask([&]() { ScanOs(); }); + TryCatchTask([&]() { ScanPackages(); }); + TryCatchTask([&]() { ScanProcesses(); }); + TryCatchTask([&]() { ScanHotfixes(); }); + TryCatchTask([&]() { ScanPorts(); }); + TryCatchTask([&]() { ScanNetwork(); }); + + m_notify = true; + LogInfo("Evaluation finished."); +} + +void Inventory::SyncLoop() +{ + LogInfo("Module started."); + + if (m_scanOnStart && !m_stopping) + { + Scan(); + } + + while (!m_stopping) + { + { + std::unique_lock lock{m_mutex}; + m_cv.wait_for(lock, + std::chrono::milliseconds{m_intervalValue}, [&]() { return m_stopping; } ); + } + Scan(); + } + std::unique_lock lock{m_mutex}; + m_spDBSync.reset(nullptr); +} diff --git a/src/modules/inventory/src/syscollectorNormalizer.cpp b/src/modules/inventory/src/inventoryNormalizer.cpp similarity index 81% rename from src/modules/inventory/src/syscollectorNormalizer.cpp rename to src/modules/inventory/src/inventoryNormalizer.cpp index e1508b8a02..4ba1640d27 100644 --- a/src/modules/inventory/src/syscollectorNormalizer.cpp +++ b/src/modules/inventory/src/inventoryNormalizer.cpp @@ -1,26 +1,16 @@ -/* - * Wazuh SysCollector - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ #include #include #include -#include +#include -SysNormalizer::SysNormalizer(const std::string& configFile, +InvNormalizer::InvNormalizer(const std::string& configFile, const std::string& target) - : m_typeExclusions{getTypeValues(configFile, target, "exclusions")} - , m_typeDictionary{getTypeValues(configFile, target, "dictionary")} + : m_typeExclusions{GetTypeValues(configFile, target, "exclusions")} + , m_typeDictionary{GetTypeValues(configFile, target, "dictionary")} { } -void SysNormalizer::removeExcluded(const std::string& type, +void InvNormalizer::RemoveExcluded(const std::string& type, nlohmann::json& data) const { const auto exclusionsIt{m_typeExclusions.find(type)}; @@ -57,16 +47,21 @@ void SysNormalizer::removeExcluded(const std::string& type, } } // LCOV_EXCL_START + catch (const std::exception& ex) + { + std::cout << "Exception caught in RemoveExcluded: " << ex.what() << '\n'; + } catch (...) - {} - + { + std::cout << "Unknown exception caught in RemoveExcluded." << '\n'; + } // LCOV_EXCL_STOP } } } -static void normalizeItem(const nlohmann::json& dictionary, +static void NormalizeItem(const nlohmann::json& dictionary, nlohmann::json& item) { for (const auto& dictItem : dictionary) @@ -117,7 +112,7 @@ static void normalizeItem(const nlohmann::json& dictionary, } } -void SysNormalizer::normalize(const std::string& type, +void InvNormalizer::Normalize(const std::string& type, nlohmann::json& data) const { const auto dictionaryIt{m_typeDictionary.find(type)}; @@ -128,17 +123,17 @@ void SysNormalizer::normalize(const std::string& type, { for (auto& item : data) { - normalizeItem(dictionaryIt->second, item); + NormalizeItem(dictionaryIt->second, item); } } else { - normalizeItem(dictionaryIt->second, data); + NormalizeItem(dictionaryIt->second, data); } } } -std::map SysNormalizer::getTypeValues(const std::string& configFile, +std::map InvNormalizer::GetTypeValues(const std::string& configFile, const std::string& target, const std::string& type) { @@ -166,8 +161,13 @@ std::map SysNormalizer::getTypeValues(const std::st } } } + catch (const std::exception& ex) + { + std::cout << "Exception caught in GetTypeValues: " << ex.what() << '\n'; + } catch (...) { + std::cout << "Unknown exception caught in GetTypeValues." << '\n'; } return ret; diff --git a/src/modules/inventory/src/syscollector.cpp b/src/modules/inventory/src/syscollector.cpp deleted file mode 100644 index dcb4103ad5..0000000000 --- a/src/modules/inventory/src/syscollector.cpp +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Wazuh SysCollector - * Copyright (C) 2015, Wazuh Inc. - * November 15, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "syscollector.hpp" -#include "sysInfo.hpp" -#include "dbsync.hpp" -#include - -#ifdef __cplusplus -extern "C" { -#endif -#include "../../wm_syscollector.h" - -void syscollector_start(const unsigned int inverval, - send_data_callback_t callbackDiff, - send_data_callback_t callbackSync, - log_callback_t callbackLog, - const char* dbPath, - const char* normalizerConfigPath, - const char* normalizerType, - const bool scanOnStart, - const bool hardware, - const bool os, - const bool network, - const bool packages, - const bool ports, - const bool portsAll, - const bool processes, - const bool hotfixes) -{ - std::function callbackDiffWrapper - { - [callbackDiff](const std::string & data) - { - callbackDiff(data.c_str()); - } - }; - - std::function callbackSyncWrapper - { - [callbackSync](const std::string & data) - { - callbackSync(data.c_str()); - } - }; - - std::function callbackLogWrapper - { - [callbackLog](const modules_log_level_t level, const std::string & data) - { - callbackLog(level, data.c_str(), WM_SYS_LOGTAG); - } - }; - - std::function callbackErrorLogWrapper - { - [callbackLog](const std::string & data) - { - callbackLog(LOG_ERROR, data.c_str(), WM_SYS_LOGTAG); - } - }; - - DBSync::initialize(callbackErrorLogWrapper); - - try - { - Syscollector::instance().init(std::make_shared(), - std::move(callbackDiffWrapper), - std::move(callbackSyncWrapper), - std::move(callbackLogWrapper), - dbPath, - normalizerConfigPath, - normalizerType, - inverval, - scanOnStart, - hardware, - os, - network, - packages, - ports, - portsAll, - processes, - hotfixes); - } - catch (const std::exception& ex) - { - callbackErrorLogWrapper(ex.what()); - } -} -void syscollector_stop() -{ - Syscollector::instance().destroy(); -} - -int syscollector_sync_message(const char* data) -{ - int ret{-1}; - - try - { - Syscollector::instance().push(data); - ret = 0; - } - catch (...) - { - } - - return ret; -} - - -#ifdef __cplusplus -} -#endif diff --git a/src/modules/inventory/src/syscollectorImp.cpp b/src/modules/inventory/src/syscollectorImp.cpp deleted file mode 100644 index 586bdfc2c8..0000000000 --- a/src/modules/inventory/src/syscollectorImp.cpp +++ /dev/null @@ -1,1696 +0,0 @@ -/* - * Wazuh SysCollector - * Copyright (C) 2015, Wazuh Inc. - * October 7, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "syscollector.h" -#include "syscollector.hpp" -#include "json.hpp" -#include -#include "stringHelper.h" -#include "hashHelper.h" -#include "timeHelper.h" - -constexpr std::chrono::seconds MAX_DELAY_TIME -{ - 300 -}; - -#define TRY_CATCH_TASK(task) \ -do \ -{ \ - try \ - { \ - if(!m_stopping) \ - { \ - task(); \ - } \ - } \ - catch(const std::exception& ex) \ - { \ - if(m_logFunction) \ - { \ - m_logFunction(LOG_ERROR, std::string{ex.what()}); \ - } \ - } \ -}while(0) - -constexpr auto QUEUE_SIZE -{ - 4096 -}; - -static const std::map OPERATION_MAP -{ - // LCOV_EXCL_START - {MODIFIED, "MODIFIED"}, - {DELETED, "DELETED"}, - {INSERTED, "INSERTED"}, - {MAX_ROWS, "MAX_ROWS"}, - {DB_ERROR, "DB_ERROR"}, - {SELECTED, "SELECTED"}, - // LCOV_EXCL_STOP -}; - -constexpr auto OS_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_osinfo ( - hostname TEXT, - architecture TEXT, - os_name TEXT, - os_version TEXT, - os_codename TEXT, - os_major TEXT, - os_minor TEXT, - os_patch TEXT, - os_build TEXT, - os_platform TEXT, - sysname TEXT, - release TEXT, - version TEXT, - os_release TEXT, - os_display_version TEXT, - checksum TEXT, - PRIMARY KEY (os_name)) WITHOUT ROWID;)" -}; - -constexpr auto OS_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_osinfo", - "component":"syscollector_osinfo", - "index":"os_name", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE os_name BETWEEN '?' and '?' ORDER BY os_name", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE os_name BETWEEN '?' and '?' ORDER BY os_name", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE os_name ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE os_name BETWEEN '?' and '?' ORDER BY os_name", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto OS_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_osinfo", - "first_query": - { - "column_list":["os_name"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"os_name DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["os_name"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"os_name ASC", - "count_opt":1 - }, - "component":"syscollector_osinfo", - "index":"os_name", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE os_name BETWEEN '?' and '?' ORDER BY os_name", - "column_list":["os_name, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":100 - } - })" -}; - -constexpr auto HW_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_hwinfo ( - board_serial TEXT, - cpu_name TEXT, - cpu_cores INTEGER, - cpu_mhz DOUBLE, - ram_total INTEGER, - ram_free INTEGER, - ram_usage INTEGER, - checksum TEXT, - PRIMARY KEY (board_serial)) WITHOUT ROWID;)" -}; - -constexpr auto HW_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_hwinfo", - "component":"syscollector_hwinfo", - "index":"board_serial", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE board_serial BETWEEN '?' and '?' ORDER BY board_serial", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE board_serial BETWEEN '?' and '?' ORDER BY board_serial", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE board_serial ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE board_serial BETWEEN '?' and '?' ORDER BY board_serial", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto HW_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_hwinfo", - "first_query": - { - "column_list":["board_serial"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"board_serial DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["board_serial"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"board_serial ASC", - "count_opt":1 - }, - "component":"syscollector_hwinfo", - "index":"board_serial", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE board_serial BETWEEN '?' and '?' ORDER BY board_serial", - "column_list":["board_serial, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":100 - } - })" -}; - - -constexpr auto HOTFIXES_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_hotfixes( - hotfix TEXT, - checksum TEXT, - PRIMARY KEY (hotfix)) WITHOUT ROWID;)" -}; - -constexpr auto HOTFIXES_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_hotfixes", - "component":"syscollector_hotfixes", - "index":"hotfix", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE hotfix BETWEEN '?' and '?' ORDER BY hotfix", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE hotfix BETWEEN '?' and '?' ORDER BY hotfix", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE hotfix ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE hotfix BETWEEN '?' and '?' ORDER BY hotfix", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto HOTFIXES_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_hotfixes", - "first_query": - { - "column_list":["hotfix"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"hotfix DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["hotfix"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"hotfix ASC", - "count_opt":1 - }, - "component":"syscollector_hotfixes", - "index":"hotfix", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE hotfix BETWEEN '?' and '?' ORDER BY hotfix", - "column_list":["hotfix, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":100 - } - })" -}; - -constexpr auto PACKAGES_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_packages( - name TEXT, - version TEXT, - vendor TEXT, - install_time TEXT, - location TEXT, - architecture TEXT, - groups TEXT, - description TEXT, - size INTEGER, - priority TEXT, - multiarch TEXT, - source TEXT, - format TEXT, - checksum TEXT, - item_id TEXT, - PRIMARY KEY (name,version,architecture,format,location)) WITHOUT ROWID;)" -}; -static const std::vector PACKAGES_ITEM_ID_FIELDS{"name", "version", "architecture", "format", "location"}; - -constexpr auto PACKAGES_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_packages", - "component":"syscollector_packages", - "index":"item_id", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE item_id ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto PACKAGES_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_packages", - "first_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id ASC", - "count_opt":1 - }, - "component":"syscollector_packages", - "index":"item_id", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["item_id, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":100 - } - })" -}; - -constexpr auto PROCESSES_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_processes", - "first_query": - { - "column_list":["pid"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"pid DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["pid"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"pid ASC", - "count_opt":1 - }, - "component":"syscollector_processes", - "index":"pid", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE pid BETWEEN '?' and '?' ORDER BY pid", - "column_list":["pid, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":1000 - } - })" -}; - -constexpr auto PROCESSES_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_processes", - "component":"syscollector_processes", - "index":"pid", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE pid BETWEEN '?' and '?' ORDER BY pid", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE pid BETWEEN '?' and '?' ORDER BY pid", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE pid ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE pid BETWEEN '?' and '?' ORDER BY pid", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto PROCESSES_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_processes ( - pid TEXT, - name TEXT, - state TEXT, - ppid BIGINT, - utime BIGINT, - stime BIGINT, - cmd TEXT, - argvs TEXT, - euser TEXT, - ruser TEXT, - suser TEXT, - egroup TEXT, - rgroup TEXT, - sgroup TEXT, - fgroup TEXT, - priority BIGINT, - nice BIGINT, - size BIGINT, - vm_size BIGINT, - resident BIGINT, - share BIGINT, - start_time BIGINT, - pgrp BIGINT, - session BIGINT, - nlwp BIGINT, - tgid BIGINT, - tty BIGINT, - processor BIGINT, - checksum TEXT, - PRIMARY KEY (pid)) WITHOUT ROWID;)" -}; - -constexpr auto PORTS_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_ports", - "first_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id ASC", - "count_opt":1 - }, - "component":"syscollector_ports", - "index":"item_id", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["item_id, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":1000 - } - })" -}; - -constexpr auto PORTS_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_ports", - "component":"syscollector_ports", - "index":"item_id", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE item_id ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto PORTS_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_ports ( - protocol TEXT, - local_ip TEXT, - local_port BIGINT, - remote_ip TEXT, - remote_port BIGINT, - tx_queue BIGINT, - rx_queue BIGINT, - inode BIGINT, - state TEXT, - pid BIGINT, - process TEXT, - checksum TEXT, - item_id TEXT, - PRIMARY KEY (inode, protocol, local_ip, local_port)) WITHOUT ROWID;)" -}; -static const std::vector PORTS_ITEM_ID_FIELDS{"inode", "protocol", "local_ip", "local_port"}; - -constexpr auto NETIFACE_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_network_iface", - "first_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id ASC", - "count_opt":1 - }, - "component":"syscollector_network_iface", - "index":"item_id", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["item_id, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":1000 - } - })" -}; - -constexpr auto NETIFACE_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_network_iface", - "component":"syscollector_network_iface", - "index":"item_id", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE item_id ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto NETIFACE_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_network_iface ( - name TEXT, - adapter TEXT, - type TEXT, - state TEXT, - mtu BIGINT, - mac TEXT, - tx_packets INTEGER, - rx_packets INTEGER, - tx_bytes BIGINT, - rx_bytes BIGINT, - tx_errors INTEGER, - rx_errors INTEGER, - tx_dropped INTEGER, - rx_dropped INTEGER, - checksum TEXT, - item_id TEXT, - PRIMARY KEY (name,adapter,type)) WITHOUT ROWID;)" -}; -static const std::vector NETIFACE_ITEM_ID_FIELDS{"name", "adapter", "type"}; - -constexpr auto NETPROTO_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_network_protocol", - "first_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id ASC", - "count_opt":1 - }, - "component":"syscollector_network_protocol", - "index":"item_id", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["item_id, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":1000 - } - })" -}; - -constexpr auto NETPROTO_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_network_protocol", - "component":"syscollector_network_protocol", - "index":"item_id", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE item_id ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto NETPROTO_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_network_protocol ( - iface TEXT, - type TEXT, - gateway TEXT, - dhcp TEXT NOT NULL CHECK (dhcp IN ('enabled', 'disabled', 'unknown', 'BOOTP')) DEFAULT 'unknown', - metric TEXT, - checksum TEXT, - item_id TEXT, - PRIMARY KEY (iface,type)) WITHOUT ROWID;)" -}; -static const std::vector NETPROTO_ITEM_ID_FIELDS{"iface", "type"}; - -constexpr auto NETADDRESS_START_CONFIG_STATEMENT -{ - R"({"table":"dbsync_network_address", - "first_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id DESC", - "count_opt":1 - }, - "last_query": - { - "column_list":["item_id"], - "row_filter":" ", - "distinct_opt":false, - "order_by_opt":"item_id ASC", - "count_opt":1 - }, - "component":"syscollector_network_address", - "index":"item_id", - "last_event":"last_event", - "checksum_field":"checksum", - "range_checksum_query_json": - { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["item_id, checksum"], - "distinct_opt":false, - "order_by_opt":"", - "count_opt":1000 - } - })" -}; - -constexpr auto NETADDRESS_SYNC_CONFIG_STATEMENT -{ - R"( - { - "decoder_type":"JSON_RANGE", - "table":"dbsync_network_address", - "component":"syscollector_network_address", - "index":"item_id", - "checksum_field":"checksum", - "no_data_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "count_range_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "count_field_name":"count", - "column_list":["count(*) AS count "], - "distinct_opt":false, - "order_by_opt":"" - }, - "row_data_query_json": { - "row_filter":"WHERE item_id ='?'", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - }, - "range_checksum_query_json": { - "row_filter":"WHERE item_id BETWEEN '?' and '?' ORDER BY item_id", - "column_list":["*"], - "distinct_opt":false, - "order_by_opt":"" - } - } - )" -}; - -constexpr auto NETADDR_SQL_STATEMENT -{ - R"(CREATE TABLE dbsync_network_address ( - iface TEXT, - proto INTEGER, - address TEXT, - netmask TEXT, - broadcast TEXT, - checksum TEXT, - item_id TEXT, - PRIMARY KEY (iface,proto,address)) WITHOUT ROWID;)" -}; -static const std::vector NETADDRESS_ITEM_ID_FIELDS{"iface", "proto", "address"}; - -constexpr auto NET_IFACE_TABLE { "dbsync_network_iface" }; -constexpr auto NET_PROTOCOL_TABLE { "dbsync_network_protocol" }; -constexpr auto NET_ADDRESS_TABLE { "dbsync_network_address" }; -constexpr auto PACKAGES_TABLE { "dbsync_packages" }; -constexpr auto HOTFIXES_TABLE { "dbsync_hotfixes" }; -constexpr auto PORTS_TABLE { "dbsync_ports" }; -constexpr auto PROCESSES_TABLE { "dbsync_processes" }; -constexpr auto OS_TABLE { "dbsync_osinfo" }; -constexpr auto HW_TABLE { "dbsync_hwinfo" }; - - -static std::string getItemId(const nlohmann::json& item, const std::vector& idFields) -{ - Utils::HashData hash; - - for (const auto& field : idFields) - { - const auto& value{item.at(field)}; - - if (value.is_string()) - { - const auto& valueString{value.get()}; - hash.update(valueString.c_str(), valueString.size()); - } - else - { - const auto& valueNumber{value.get()}; - const auto valueString{std::to_string(valueNumber)}; - hash.update(valueString.c_str(), valueString.size()); - } - } - - return Utils::asciiToHex(hash.hash()); -} - -static std::string getItemChecksum(const nlohmann::json& item) -{ - const auto content{item.dump()}; - Utils::HashData hash; - hash.update(content.c_str(), content.size()); - return Utils::asciiToHex(hash.hash()); -} - -static void removeKeysWithEmptyValue(nlohmann::json& input) -{ - for (auto& data : input) - { - for (auto it = data.begin(); it != data.end(); ) - { - if (it.value().type() == nlohmann::detail::value_t::string && - it.value().get_ref().empty()) - { - it = data.erase(it); - } - else - { - ++it; - } - } - } -} - -static bool isElementDuplicated(const nlohmann::json& input, const std::pair& keyValue) -{ - const auto it - { - std::find_if (input.begin(), input.end(), [&keyValue](const auto & elem) - { - return elem.at(keyValue.first) == keyValue.second; - }) - }; - return it != input.end(); -} - -void Syscollector::notifyChange(ReturnTypeCallback result, const nlohmann::json& data, const std::string& table) -{ - if (DB_ERROR == result) - { - m_logFunction(LOG_ERROR, data.dump()); - } - else if (m_notify && !m_stopping) - { - if (data.is_array()) - { - for (const auto& item : data) - { - nlohmann::json msg; - msg["type"] = table; - msg["operation"] = OPERATION_MAP.at(result); - msg["data"] = item; - msg["data"]["scan_time"] = m_scanTime; - removeKeysWithEmptyValue(msg["data"]); - const auto msgToSend{msg.dump()}; - m_reportDiffFunction(msgToSend); - m_logFunction(LOG_DEBUG_VERBOSE, "Delta sent: " + msgToSend); - } - } - else - { - // LCOV_EXCL_START - nlohmann::json msg; - msg["type"] = table; - msg["operation"] = OPERATION_MAP.at(result); - msg["data"] = data; - msg["data"]["scan_time"] = m_scanTime; - removeKeysWithEmptyValue(msg["data"]); - const auto msgToSend{msg.dump()}; - m_reportDiffFunction(msgToSend); - m_logFunction(LOG_DEBUG_VERBOSE, "Delta sent: " + msgToSend); - // LCOV_EXCL_STOP - } - } -} - -void Syscollector::updateChanges(const std::string& table, - const nlohmann::json& values) -{ - const auto callback - { - [this, table](ReturnTypeCallback result, const nlohmann::json & data) - { - notifyChange(result, data, table); - } - }; - DBSyncTxn txn - { - m_spDBSync->handle(), - nlohmann::json{table}, - 0, - QUEUE_SIZE, - callback - }; - nlohmann::json input; - input["table"] = table; - input["data"] = values; - txn.syncTxnRow(input); - txn.getDeletedRows(callback); -} - -Syscollector::Syscollector() - : m_intervalValue { 0 } - , m_scanOnStart { false } - , m_hardware { false } - , m_os { false } - , m_network { false } - , m_packages { false } - , m_ports { false } - , m_portsAll { false } - , m_processes { false } - , m_hotfixes { false } - , m_stopping { true } - , m_notify { false } -{} - -std::string Syscollector::getCreateStatement() const -{ - std::string ret; - - ret += OS_SQL_STATEMENT; - ret += HW_SQL_STATEMENT; - ret += PACKAGES_SQL_STATEMENT; - ret += HOTFIXES_SQL_STATEMENT; - ret += PROCESSES_SQL_STATEMENT; - ret += PORTS_SQL_STATEMENT; - ret += NETIFACE_SQL_STATEMENT; - ret += NETPROTO_SQL_STATEMENT; - ret += NETADDR_SQL_STATEMENT; - return ret; -} - - -void Syscollector::registerWithRsync() -{ - const auto reportSyncWrapper - { - [this](const std::string & dataString) - { - auto jsonData(nlohmann::json::parse(dataString)); - auto it{jsonData.find("data")}; - - m_lastSyncMsg = Utils::secondsSinceEpoch(); - - if (!m_stopping) - { - if (it != jsonData.end()) - { - auto& data{*it}; - it = data.find("attributes"); - - if (it != data.end()) - { - auto& fieldData { *it }; - removeKeysWithEmptyValue(fieldData); - fieldData["scan_time"] = Utils::getCurrentTimestamp(); - const auto msgToSend{jsonData.dump()}; - m_reportSyncFunction(msgToSend); - m_logFunction(LOG_DEBUG_VERBOSE, "Sync sent: " + msgToSend); - } - else - { - m_reportSyncFunction(dataString); - m_logFunction(LOG_DEBUG_VERBOSE, "Sync sent: " + dataString); - } - } - else - { - //LCOV_EXCL_START - m_reportSyncFunction(dataString); - m_logFunction(LOG_DEBUG_VERBOSE, "Sync sent: " + dataString); - //LCOV_EXCL_STOP - } - } - } - }; - - if (m_os) - { - m_spRsync->registerSyncID("syscollector_osinfo", - m_spDBSync->handle(), - nlohmann::json::parse(OS_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_hardware) - { - m_spRsync->registerSyncID("syscollector_hwinfo", - m_spDBSync->handle(), - nlohmann::json::parse(HW_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_processes) - { - m_spRsync->registerSyncID("syscollector_processes", - m_spDBSync->handle(), - nlohmann::json::parse(PROCESSES_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_packages) - { - m_spRsync->registerSyncID("syscollector_packages", - m_spDBSync->handle(), - nlohmann::json::parse(PACKAGES_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_hotfixes) - { - m_spRsync->registerSyncID("syscollector_hotfixes", - m_spDBSync->handle(), - nlohmann::json::parse(HOTFIXES_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_ports) - { - m_spRsync->registerSyncID("syscollector_ports", - m_spDBSync->handle(), - nlohmann::json::parse(PORTS_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } - - if (m_network) - { - m_spRsync->registerSyncID("syscollector_network_iface", - m_spDBSync->handle(), - nlohmann::json::parse(NETIFACE_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - m_spRsync->registerSyncID("syscollector_network_protocol", - m_spDBSync->handle(), - nlohmann::json::parse(NETPROTO_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - m_spRsync->registerSyncID("syscollector_network_address", - m_spDBSync->handle(), - nlohmann::json::parse(NETADDRESS_SYNC_CONFIG_STATEMENT), - reportSyncWrapper); - } -} -void Syscollector::init(const std::shared_ptr& spInfo, - const std::function reportDiffFunction, - const std::function reportSyncFunction, - const std::function logFunction, - const std::string& dbPath, - const std::string& normalizerConfigPath, - const std::string& normalizerType, - const unsigned int interval, - const bool scanOnStart, - const bool hardware, - const bool os, - const bool network, - const bool packages, - const bool ports, - const bool portsAll, - const bool processes, - const bool hotfixes, - const bool notifyOnFirstScan) -{ - m_spInfo = spInfo; - m_reportDiffFunction = reportDiffFunction; - m_reportSyncFunction = reportSyncFunction; - m_logFunction = logFunction; - m_intervalValue = std::chrono::seconds{interval}; - m_scanOnStart = scanOnStart; - m_hardware = hardware; - m_os = os; - m_network = network; - m_packages = packages; - m_ports = ports; - m_portsAll = portsAll; - m_processes = processes; - m_hotfixes = hotfixes; - m_notify = notifyOnFirstScan; - m_currentIntervalValue = m_intervalValue; - - std::unique_lock lock{m_mutex}; - m_stopping = false; - m_spDBSync = std::make_unique(HostType::AGENT, DbEngineType::SQLITE3, dbPath, getCreateStatement()); - m_spRsync = std::make_unique(); - m_spNormalizer = std::make_unique(normalizerConfigPath, normalizerType); - registerWithRsync(); - syncLoop(lock); -} - -void Syscollector::destroy() -{ - std::unique_lock lock{m_mutex}; - m_stopping = true; - m_cv.notify_all(); - lock.unlock(); -} - -nlohmann::json Syscollector::getHardwareData() -{ - nlohmann::json ret; - ret[0] = m_spInfo->hardware(); - ret[0]["checksum"] = getItemChecksum(ret[0]); - return ret; -} - -void Syscollector::scanHardware() -{ - if (m_hardware) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting hardware scan"); - const auto& hwData{getHardwareData()}; - updateChanges(HW_TABLE, hwData); - m_logFunction(LOG_DEBUG_VERBOSE, "Ending hardware scan"); - } -} - -void Syscollector::syncHardware() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(HW_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -nlohmann::json Syscollector::getOSData() -{ - nlohmann::json ret; - ret[0] = m_spInfo->os(); - ret[0]["checksum"] = std::to_string(std::chrono::system_clock::now().time_since_epoch().count()); - return ret; -} - -void Syscollector::scanOs() -{ - if (m_os) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting os scan"); - const auto& osData{getOSData()}; - updateChanges(OS_TABLE, osData); - m_logFunction(LOG_DEBUG_VERBOSE, "Ending os scan"); - } -} - -void Syscollector::syncOs() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(OS_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -nlohmann::json Syscollector::getNetworkData() -{ - nlohmann::json ret; - const auto& networks { m_spInfo->networks() }; - nlohmann::json ifaceTableDataList {}; - nlohmann::json protoTableDataList {}; - nlohmann::json addressTableDataList {}; - constexpr auto IPV4 { 0 }; - constexpr auto IPV6 { 1 }; - static const std::map IP_TYPE - { - { IPV4, "ipv4" }, - { IPV6, "ipv6" } - }; - - if (!networks.is_null()) - { - const auto& itIface { networks.find("iface") }; - - if (networks.end() != itIface) - { - for (const auto& item : itIface.value()) - { - // Split the resulting networks data into the specific DB tables - // "dbsync_network_iface" table data to update and notify - nlohmann::json ifaceTableData {}; - ifaceTableData["name"] = item.at("name"); - ifaceTableData["adapter"] = item.at("adapter"); - ifaceTableData["type"] = item.at("type"); - ifaceTableData["state"] = item.at("state"); - ifaceTableData["mtu"] = item.at("mtu"); - ifaceTableData["mac"] = item.at("mac"); - ifaceTableData["tx_packets"] = item.at("tx_packets"); - ifaceTableData["rx_packets"] = item.at("rx_packets"); - ifaceTableData["tx_errors"] = item.at("tx_errors"); - ifaceTableData["rx_errors"] = item.at("rx_errors"); - ifaceTableData["tx_bytes"] = item.at("tx_bytes"); - ifaceTableData["rx_bytes"] = item.at("rx_bytes"); - ifaceTableData["tx_dropped"] = item.at("tx_dropped"); - ifaceTableData["rx_dropped"] = item.at("rx_dropped"); - ifaceTableData["checksum"] = getItemChecksum(ifaceTableData); - ifaceTableData["item_id"] = getItemId(ifaceTableData, NETIFACE_ITEM_ID_FIELDS); - ifaceTableDataList.push_back(std::move(ifaceTableData)); - - if (item.find("IPv4") != item.end()) - { - // "dbsync_network_protocol" table data to update and notify - nlohmann::json protoTableData {}; - protoTableData["iface"] = item.at("name"); - protoTableData["gateway"] = item.at("gateway"); - protoTableData["type"] = IP_TYPE.at(IPV4); - protoTableData["dhcp"] = item.at("IPv4").begin()->at("dhcp"); - protoTableData["metric"] = item.at("IPv4").begin()->at("metric"); - protoTableData["checksum"] = getItemChecksum(protoTableData); - protoTableData["item_id"] = getItemId(protoTableData, NETPROTO_ITEM_ID_FIELDS); - protoTableDataList.push_back(std::move(protoTableData)); - - for (auto addressTableData : item.at("IPv4")) - { - // "dbsync_network_address" table data to update and notify - addressTableData["iface"] = item.at("name"); - addressTableData["proto"] = IPV4; - addressTableData["checksum"] = getItemChecksum(addressTableData); - addressTableData["item_id"] = getItemId(addressTableData, NETADDRESS_ITEM_ID_FIELDS); - // Remove unwanted fields for dbsync_network_address table - addressTableData.erase("dhcp"); - addressTableData.erase("metric"); - - addressTableDataList.push_back(std::move(addressTableData)); - } - } - - if (item.find("IPv6") != item.end()) - { - // "dbsync_network_protocol" table data to update and notify - nlohmann::json protoTableData {}; - protoTableData["iface"] = item.at("name"); - protoTableData["gateway"] = item.at("gateway"); - protoTableData["type"] = IP_TYPE.at(IPV6); - protoTableData["dhcp"] = item.at("IPv6").begin()->at("dhcp"); - protoTableData["metric"] = item.at("IPv6").begin()->at("metric"); - protoTableData["checksum"] = getItemChecksum(protoTableData); - protoTableData["item_id"] = getItemId(protoTableData, NETPROTO_ITEM_ID_FIELDS); - protoTableDataList.push_back(std::move(protoTableData)); - - for (auto addressTableData : item.at("IPv6")) - { - // "dbsync_network_address" table data to update and notify - addressTableData["iface"] = item.at("name"); - addressTableData["proto"] = IPV6; - addressTableData["checksum"] = getItemChecksum(addressTableData); - addressTableData["item_id"] = getItemId(addressTableData, NETADDRESS_ITEM_ID_FIELDS); - // Remove unwanted fields for dbsync_network_address table - addressTableData.erase("dhcp"); - addressTableData.erase("metric"); - - addressTableDataList.push_back(std::move(addressTableData)); - } - } - } - - ret[NET_IFACE_TABLE] = std::move(ifaceTableDataList); - ret[NET_PROTOCOL_TABLE] = std::move(protoTableDataList); - ret[NET_ADDRESS_TABLE] = std::move(addressTableDataList); - } - } - - return ret; -} - -void Syscollector::scanNetwork() -{ - if (m_network) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting network scan"); - const auto networkData(getNetworkData()); - - if (!networkData.is_null()) - { - const auto itIface { networkData.find(NET_IFACE_TABLE) }; - - if (itIface != networkData.end()) - { - updateChanges(NET_IFACE_TABLE, itIface.value()); - } - - const auto itProtocol { networkData.find(NET_PROTOCOL_TABLE) }; - - if (itProtocol != networkData.end()) - { - updateChanges(NET_PROTOCOL_TABLE, itProtocol.value()); - } - - const auto itAddress { networkData.find(NET_ADDRESS_TABLE) }; - - if (itAddress != networkData.end()) - { - updateChanges(NET_ADDRESS_TABLE, itAddress.value()); - } - } - - m_logFunction(LOG_DEBUG_VERBOSE, "Ending network scan"); - } -} - -void Syscollector::syncNetwork() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(NETIFACE_START_CONFIG_STATEMENT), m_reportSyncFunction); - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(NETPROTO_START_CONFIG_STATEMENT), m_reportSyncFunction); - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(NETADDRESS_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -void Syscollector::scanPackages() -{ - if (m_packages) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting packages scan"); - const auto callback - { - [this](ReturnTypeCallback result, const nlohmann::json & data) - { - notifyChange(result, data, PACKAGES_TABLE); - } - }; - DBSyncTxn txn - { - m_spDBSync->handle(), - nlohmann::json{PACKAGES_TABLE}, - 0, - QUEUE_SIZE, - callback - }; - m_spInfo->packages([this, &txn](nlohmann::json & rawData) - { - nlohmann::json input; - - rawData["checksum"] = getItemChecksum(rawData); - rawData["item_id"] = getItemId(rawData, PACKAGES_ITEM_ID_FIELDS); - - input["table"] = PACKAGES_TABLE; - m_spNormalizer->normalize("packages", rawData); - m_spNormalizer->removeExcluded("packages", rawData); - - if (!rawData.empty()) - { - input["data"] = nlohmann::json::array( { rawData } ); - txn.syncTxnRow(input); - } - }); - txn.getDeletedRows(callback); - - m_logFunction(LOG_DEBUG_VERBOSE, "Ending packages scan"); - } -} - -void Syscollector::scanHotfixes() -{ - if (m_hotfixes) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting hotfixes scan"); - auto hotfixes = m_spInfo->hotfixes(); - - if (!hotfixes.is_null()) - { - for (auto& hotfix : hotfixes) - { - hotfix["checksum"] = getItemChecksum(hotfix); - } - - updateChanges(HOTFIXES_TABLE, hotfixes); - } - - m_logFunction(LOG_DEBUG_VERBOSE, "Ending hotfixes scan"); - } -} - -void Syscollector::syncPackages() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(PACKAGES_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -void Syscollector::syncHotfixes() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(HOTFIXES_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -nlohmann::json Syscollector::getPortsData() -{ - nlohmann::json ret; - constexpr auto PORT_LISTENING_STATE { "listening" }; - constexpr auto TCP_PROTOCOL { "tcp" }; - constexpr auto UDP_PROTOCOL { "udp" }; - auto data(m_spInfo->ports()); - - if (!data.is_null()) - { - for (auto& item : data) - { - const auto protocol { item.at("protocol").get_ref() }; - - if (Utils::startsWith(protocol, TCP_PROTOCOL)) - { - // All ports. - if (m_portsAll) - { - const auto& itemId { getItemId(item, PORTS_ITEM_ID_FIELDS) }; - - if (!isElementDuplicated(ret, std::make_pair("item_id", itemId))) - { - item["checksum"] = getItemChecksum(item); - item["item_id"] = itemId; - ret.push_back(item); - } - } - else - { - // Only listening ports. - const auto isListeningState { item.at("state") == PORT_LISTENING_STATE }; - - if (isListeningState) - { - const auto& itemId { getItemId(item, PORTS_ITEM_ID_FIELDS) }; - - if (!isElementDuplicated(ret, std::make_pair("item_id", itemId))) - { - item["checksum"] = getItemChecksum(item); - item["item_id"] = itemId; - ret.push_back(item); - } - } - } - } - else if (Utils::startsWith(protocol, UDP_PROTOCOL)) - { - const auto& itemId { getItemId(item, PORTS_ITEM_ID_FIELDS) }; - - if (!isElementDuplicated(ret, std::make_pair("item_id", itemId))) - { - item["checksum"] = getItemChecksum(item); - item["item_id"] = itemId; - ret.push_back(item); - } - } - } - } - - return ret; -} - -void Syscollector::scanPorts() -{ - if (m_ports) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting ports scan"); - const auto& portsData { getPortsData() }; - updateChanges(PORTS_TABLE, portsData); - m_logFunction(LOG_DEBUG_VERBOSE, "Ending ports scan"); - } -} - -void Syscollector::syncPorts() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(PORTS_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -void Syscollector::scanProcesses() -{ - if (m_processes) - { - m_logFunction(LOG_DEBUG_VERBOSE, "Starting processes scan"); - const auto callback - { - [this](ReturnTypeCallback result, const nlohmann::json & data) - { - notifyChange(result, data, PROCESSES_TABLE); - } - }; - DBSyncTxn txn - { - m_spDBSync->handle(), - nlohmann::json{PROCESSES_TABLE}, - 0, - QUEUE_SIZE, - callback - }; - m_spInfo->processes([&txn](nlohmann::json & rawData) - { - nlohmann::json input; - - rawData["checksum"] = getItemChecksum(rawData); - - input["table"] = PROCESSES_TABLE; - input["data"] = nlohmann::json::array( { rawData } ); - - txn.syncTxnRow(input); - }); - txn.getDeletedRows(callback); - - m_logFunction(LOG_DEBUG_VERBOSE, "Ending processes scan"); - } -} - -void Syscollector::syncProcesses() -{ - m_spRsync->startSync(m_spDBSync->handle(), nlohmann::json::parse(PROCESSES_START_CONFIG_STATEMENT), m_reportSyncFunction); -} - -void Syscollector::scan() -{ - m_logFunction(LOG_INFO, "Starting evaluation."); - m_scanTime = Utils::getCurrentTimestamp(); - - TRY_CATCH_TASK(scanHardware); - TRY_CATCH_TASK(scanOs); - TRY_CATCH_TASK(scanNetwork); - TRY_CATCH_TASK(scanPackages); - TRY_CATCH_TASK(scanHotfixes); - TRY_CATCH_TASK(scanPorts); - TRY_CATCH_TASK(scanProcesses); - m_notify = true; - m_logFunction(LOG_INFO, "Evaluation finished."); -} - -void Syscollector::sync() -{ - m_logFunction(LOG_DEBUG, "Starting syscollector sync"); - TRY_CATCH_TASK(syncHardware); - TRY_CATCH_TASK(syncOs); - TRY_CATCH_TASK(syncNetwork); - TRY_CATCH_TASK(syncPackages); - TRY_CATCH_TASK(syncHotfixes); - TRY_CATCH_TASK(syncPorts); - TRY_CATCH_TASK(syncProcesses); - m_logFunction(LOG_DEBUG, "Ending syscollector sync"); -} - -void Syscollector::syncAlgorithm() -{ - m_currentIntervalValue = m_intervalValue / 2 >= MAX_DELAY_TIME ? MAX_DELAY_TIME : m_intervalValue / 2; - - if (Utils::secondsSinceEpoch() - m_lastSyncMsg > m_currentIntervalValue) - { - scan(); - sync(); - m_currentIntervalValue = m_intervalValue; - } - else - { - m_logFunction(LOG_DEBUG_VERBOSE, "Syscollector synchronization process concluded recently, delaying scan for " + std::to_string(m_currentIntervalValue.count()) + " second/s"); - } -} - -void Syscollector::syncLoop(std::unique_lock& lock) -{ - m_logFunction(LOG_INFO, "Module started."); - - if (m_scanOnStart) - { - scan(); - sync(); - } - - while (!m_cv.wait_for(lock, std::chrono::seconds{m_currentIntervalValue}, [&]() -{ - return m_stopping; -})) - { - syncAlgorithm(); - } - m_spRsync.reset(nullptr); - m_spDBSync.reset(nullptr); -} - -void Syscollector::push(const std::string& data) -{ - std::unique_lock lock{m_mutex}; - - if (!m_stopping) - { - auto rawData{data}; - Utils::replaceFirst(rawData, "dbsync ", ""); - const auto buff{reinterpret_cast(rawData.c_str())}; - - try - { - m_spRsync->pushMessage(std::vector {buff, buff + rawData.size()}); - } - // LCOV_EXCL_START - catch (const std::exception& ex) - { - m_logFunction(LOG_ERROR, ex.what()); - } - } - - // LCOV_EXCL_STOP -} diff --git a/src/modules/inventory/src/wm_syscollector.c b/src/modules/inventory/src/wm_syscollector.c deleted file mode 100644 index d7895b6dc2..0000000000 --- a/src/modules/inventory/src/wm_syscollector.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Wazuh SYSCOLLECTOR - * Copyright (C) 2015, Wazuh Inc. - * November 11, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include -#include "../../wmodules_def.h" -#include "wmodules.h" -#include "wm_syscollector.h" -#include "syscollector.h" -#include "sym_load.h" -#include "defs.h" -#include "mq_op.h" -#include "headers/logging_helper.h" -#include "commonDefs.h" - -#ifdef WIN32 -static DWORD WINAPI wm_sys_main(void *arg); // Module main function. It won't return -#else -static void* wm_sys_main(wm_sys_t *sys); // Module main function. It won't return -#endif -static void wm_sys_destroy(wm_sys_t *data); // Destroy data -static void wm_sys_stop(wm_sys_t *sys); // Module stopper -const char *WM_SYS_LOCATION = "syscollector"; // Location field for event sending -cJSON *wm_sys_dump(const wm_sys_t *sys); -int wm_sync_message(const char *data); -pthread_cond_t sys_stop_condition = PTHREAD_COND_INITIALIZER; -pthread_mutex_t sys_stop_mutex = PTHREAD_MUTEX_INITIALIZER; -bool need_shutdown_wait = false; -pthread_mutex_t sys_reconnect_mutex = PTHREAD_MUTEX_INITIALIZER; -bool shutdown_process_started = false; - -const wm_context WM_SYS_CONTEXT = { - .name = "syscollector", - .start = (wm_routine)wm_sys_main, - .destroy = (void(*)(void *))wm_sys_destroy, - .dump = (cJSON * (*)(const void *))wm_sys_dump, - .sync = (int(*)(const char*))wm_sync_message, - .stop = (void(*)(void *))wm_sys_stop, - .query = NULL, -}; - -void *syscollector_module = NULL; -syscollector_start_func syscollector_start_ptr = NULL; -syscollector_stop_func syscollector_stop_ptr = NULL; -syscollector_sync_message_func syscollector_sync_message_ptr = NULL; - -long syscollector_sync_max_eps = 10; // Database synchronization number of events per second (default value) -int queue_fd = 0; // Output queue file descriptor - -static bool is_shutdown_process_started() { - bool ret_val = shutdown_process_started; - return ret_val; -} - -static void wm_sys_send_message(const void* data, const char queue_id) { - if (!is_shutdown_process_started()) { - const int eps = 1000000/syscollector_sync_max_eps; - if (wm_sendmsg_ex(eps, queue_fd, data, WM_SYS_LOCATION, queue_id, &is_shutdown_process_started) < 0) { - mterror(WM_SYS_LOGTAG, "Unable to send message to '%s' (wazuh-agentd might be down). Attempting to reconnect.", DEFAULTQUEUE); - - // Since this method is beign called by multiple threads it's necessary this particular portion of code - // to be mutually exclusive. When one thread is successfully reconnected, the other ones will make use of it. - w_mutex_lock(&sys_reconnect_mutex); - if (!is_shutdown_process_started() && wm_sendmsg_ex(eps, queue_fd, data, WM_SYS_LOCATION, queue_id, &is_shutdown_process_started) < 0) { - if (queue_fd = MQReconnectPredicated(DEFAULTQUEUE, &is_shutdown_process_started), 0 <= queue_fd) { - mtinfo(WM_SYS_LOGTAG, "Successfully reconnected to '%s'", DEFAULTQUEUE); - if (wm_sendmsg_ex(eps, queue_fd, data, WM_SYS_LOCATION, queue_id, &is_shutdown_process_started) < 0) { - mterror(WM_SYS_LOGTAG, "Unable to send message to '%s' after a successfull reconnection...", DEFAULTQUEUE); - } - } - } - w_mutex_unlock(&sys_reconnect_mutex); - } - } -} - -static void wm_sys_send_diff_message(const void* data) { - wm_sys_send_message(data, SYSCOLLECTOR_MQ); -} - -static void wm_sys_send_dbsync_message(const void* data) { - wm_sys_send_message(data, DBSYNC_MQ); -} - -static void wm_sys_log_config(wm_sys_t *sys) -{ - cJSON * config_json = wm_sys_dump(sys); - if (config_json) { - char * config_str = cJSON_PrintUnformatted(config_json); - if (config_str) { - mtdebug1(WM_SYS_LOGTAG, "%s", config_str); - cJSON_free(config_str); - } - cJSON_Delete(config_json); - } -} - -#ifdef WIN32 -DWORD WINAPI wm_sys_main(void *arg) { - wm_sys_t *sys = (wm_sys_t *)arg; -#else -void* wm_sys_main(wm_sys_t *sys) { -#endif - w_cond_init(&sys_stop_condition, NULL); - w_mutex_init(&sys_stop_mutex, NULL); - w_mutex_init(&sys_reconnect_mutex, NULL); - - if (!sys->flags.enabled) { - mtinfo(WM_SYS_LOGTAG, "Module disabled. Exiting..."); - pthread_exit(NULL); - } - - #ifndef WIN32 - // Connect to socket - queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); - - if (queue_fd < 0) { - mterror(WM_SYS_LOGTAG, "Can't connect to queue."); - pthread_exit(NULL); - } - #endif - - if (syscollector_module = so_get_module_handle("syscollector"), syscollector_module) - { - syscollector_start_ptr = so_get_function_sym(syscollector_module, "syscollector_start"); - syscollector_stop_ptr = so_get_function_sym(syscollector_module, "syscollector_stop"); - syscollector_sync_message_ptr = so_get_function_sym(syscollector_module, "syscollector_sync_message"); - - void* rsync_module = NULL; - if(rsync_module = so_check_module_loaded("rsync"), rsync_module) { - rsync_initialize_full_log_func rsync_initialize_log_function_ptr = so_get_function_sym(rsync_module, "rsync_initialize_full_log_function"); - if(rsync_initialize_log_function_ptr) { - rsync_initialize_log_function_ptr(mtLoggingFunctionsWrapper); - } - // Even when the RTLD_NOLOAD flag was used for dlopen(), we need a matching call to dlclose() -#ifndef WIN32 - so_free_library(rsync_module); -#endif - } - } else { -#ifdef __hpux - mtinfo(WM_SYS_LOGTAG, "Not supported in HP-UX."); -#else - mterror(WM_SYS_LOGTAG, "Can't load syscollector."); -#endif - pthread_exit(NULL); - } - if (syscollector_start_ptr) { - mtdebug1(WM_SYS_LOGTAG, "Starting Syscollector."); - w_mutex_lock(&sys_stop_mutex); - need_shutdown_wait = true; - w_mutex_unlock(&sys_stop_mutex); - const long max_eps = sys->sync.sync_max_eps; - if (0 != max_eps) { - syscollector_sync_max_eps = max_eps; - } - // else: if max_eps is 0 (from configuration) let's use the default max_eps value (10) - wm_sys_log_config(sys); - syscollector_start_ptr(sys->interval, - wm_sys_send_diff_message, - wm_sys_send_dbsync_message, - taggedLogFunction, - SYSCOLLECTOR_DB_DISK_PATH, - SYSCOLLECTOR_NORM_CONFIG_DISK_PATH, - SYSCOLLECTOR_NORM_TYPE, - sys->flags.scan_on_start, - sys->flags.hwinfo, - sys->flags.osinfo, - sys->flags.netinfo, - sys->flags.programinfo, - sys->flags.portsinfo, - sys->flags.allports, - sys->flags.procinfo, - sys->flags.hotfixinfo); - } else { - mterror(WM_SYS_LOGTAG, "Can't get syscollector_start_ptr."); - pthread_exit(NULL); - } - syscollector_sync_message_ptr = NULL; - syscollector_start_ptr = NULL; - syscollector_stop_ptr = NULL; - - if (queue_fd) { - close(queue_fd); - queue_fd = 0; - } - so_free_library(syscollector_module); - syscollector_module = NULL; - mtinfo(WM_SYS_LOGTAG, "Module finished."); - w_mutex_lock(&sys_stop_mutex); - w_cond_signal(&sys_stop_condition); - w_mutex_unlock(&sys_stop_mutex); - return 0; -} - -void wm_sys_destroy(wm_sys_t *data) { - free(data); -} - -void wm_sys_stop(__attribute__((unused))wm_sys_t *data) { - mtinfo(WM_SYS_LOGTAG, "Stop received for Syscollector."); - syscollector_sync_message_ptr = NULL; - if (syscollector_stop_ptr){ - shutdown_process_started = true; - syscollector_stop_ptr(); - } - w_mutex_lock(&sys_stop_mutex); - if (need_shutdown_wait) { - w_cond_wait(&sys_stop_condition, &sys_stop_mutex); - } - w_mutex_unlock(&sys_stop_mutex); - - w_cond_destroy(&sys_stop_condition); - w_mutex_destroy(&sys_stop_mutex); - w_mutex_destroy(&sys_reconnect_mutex); -} - -cJSON *wm_sys_dump(const wm_sys_t *sys) { - cJSON *root = cJSON_CreateObject(); - cJSON *wm_sys = cJSON_CreateObject(); - - // System provider values - if (sys->flags.enabled) cJSON_AddStringToObject(wm_sys,"disabled","no"); else cJSON_AddStringToObject(wm_sys,"disabled","yes"); - if (sys->flags.scan_on_start) cJSON_AddStringToObject(wm_sys,"scan-on-start","yes"); else cJSON_AddStringToObject(wm_sys,"scan-on-start","no"); - cJSON_AddNumberToObject(wm_sys,"interval",sys->interval); - if (sys->flags.netinfo) cJSON_AddStringToObject(wm_sys,"network","yes"); else cJSON_AddStringToObject(wm_sys,"network","no"); - if (sys->flags.osinfo) cJSON_AddStringToObject(wm_sys,"os","yes"); else cJSON_AddStringToObject(wm_sys,"os","no"); - if (sys->flags.hwinfo) cJSON_AddStringToObject(wm_sys,"hardware","yes"); else cJSON_AddStringToObject(wm_sys,"hardware","no"); - if (sys->flags.programinfo) cJSON_AddStringToObject(wm_sys,"packages","yes"); else cJSON_AddStringToObject(wm_sys,"packages","no"); - if (sys->flags.portsinfo) cJSON_AddStringToObject(wm_sys,"ports","yes"); else cJSON_AddStringToObject(wm_sys,"ports","no"); - if (sys->flags.allports) cJSON_AddStringToObject(wm_sys,"ports_all","yes"); else cJSON_AddStringToObject(wm_sys,"ports_all","no"); - if (sys->flags.procinfo) cJSON_AddStringToObject(wm_sys,"processes","yes"); else cJSON_AddStringToObject(wm_sys,"processes","no"); -#ifdef WIN32 - if (sys->flags.hotfixinfo) cJSON_AddStringToObject(wm_sys,"hotfixes","yes"); else cJSON_AddStringToObject(wm_sys,"hotfixes","no"); -#endif - // Database synchronization values - cJSON_AddNumberToObject(wm_sys,"sync_max_eps",sys->sync.sync_max_eps); - - cJSON_AddItemToObject(root,"syscollector",wm_sys); - - return root; -} - -int wm_sync_message(const char *data) -{ - int ret_val = 0; - - if (syscollector_sync_message_ptr) { - ret_val = syscollector_sync_message_ptr(data); - } - - return ret_val; -} diff --git a/src/modules/inventory/tests/CMakeLists.txt b/src/modules/inventory/tests/CMakeLists.txt index ae2a5cf481..7493e4f93c 100644 --- a/src/modules/inventory/tests/CMakeLists.txt +++ b/src/modules/inventory/tests/CMakeLists.txt @@ -1,12 +1,7 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) project(unit_tests) -include_directories(${CMAKE_SOURCE_DIR}) -include_directories(${CMAKE_SOURCE_DIR}/include/) -include_directories(${SRC_FOLDER}/external/googletest/googletest/include/) -include_directories(${SRC_FOLDER}/external/googletest/googlemock/include/) -link_directories(${SRC_FOLDER}/external/googletest/lib/) - -add_subdirectory(sysCollectorImp) -add_subdirectory(sysNormalizer) +add_subdirectory(inventory) +add_subdirectory(inventoryImp) +add_subdirectory(invNormalizer) diff --git a/src/modules/inventory/tests/invNormalizer/CMakeLists.txt b/src/modules/inventory/tests/invNormalizer/CMakeLists.txt new file mode 100644 index 0000000000..17c1a29a14 --- /dev/null +++ b/src/modules/inventory/tests/invNormalizer/CMakeLists.txt @@ -0,0 +1,12 @@ +find_package(GTest CONFIG REQUIRED) + +add_executable(inv_normalizer_unit_test invNormalizer_test.cpp) +configure_target(inv_normalizer_unit_test) +target_include_directories(inv_normalizer_unit_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) +target_link_libraries(inv_normalizer_unit_test PRIVATE + Inventory + GTest::gtest + GTest::gtest_main + GTest::gmock + GTest::gmock_main) +add_test(NAME InvNormalizerTest COMMAND inv_normalizer_unit_test) diff --git a/src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.cpp b/src/modules/inventory/tests/invNormalizer/invNormalizer_test.cpp similarity index 62% rename from src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.cpp rename to src/modules/inventory/tests/invNormalizer/invNormalizer_test.cpp index 57a2866bb4..85b003677f 100644 --- a/src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.cpp +++ b/src/modules/inventory/tests/invNormalizer/invNormalizer_test.cpp @@ -1,22 +1,12 @@ -/* - * Wazuh SyscollectorNormalizer - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "sysNormalizer_test.h" +#include "invNormalizer_test.hpp" #include "test_config.h" -#include "test_input.h" -#include "syscollectorNormalizer.h" +#include "test_input.hpp" +#include "inventoryNormalizer.hpp" #include #include -void SysNormalizerTest::SetUp() +void InvNormalizerTest::SetUp() { std::ofstream testConfigFile{TEST_CONFIG_FILE_NAME}; @@ -26,25 +16,24 @@ void SysNormalizerTest::SetUp() } }; -void SysNormalizerTest::TearDown() +void InvNormalizerTest::TearDown() { std::remove(TEST_CONFIG_FILE_NAME); }; -using ::testing::_; using ::testing::Return; -TEST_F(SysNormalizerTest, ctor) +TEST_F(InvNormalizerTest, ctor) { - EXPECT_NO_THROW((SysNormalizer{TEST_CONFIG_FILE_NAME, "macos"})); + EXPECT_NO_THROW((InvNormalizer{TEST_CONFIG_FILE_NAME, "macos"})); } -TEST_F(SysNormalizerTest, ctorNonExistingFile) +TEST_F(InvNormalizerTest, ctorNonExistingFile) { - EXPECT_NO_THROW((SysNormalizer{"TEST_CONFIG_FILE_NAME", "macos"})); + EXPECT_NO_THROW((InvNormalizer{"TEST_CONFIG_FILE_NAME", "macos"})); } -TEST_F(SysNormalizerTest, ctorWrongFormatConfig) +TEST_F(InvNormalizerTest, ctorWrongFormatConfig) { constexpr auto WRONG_FORMAT_FILE{"wrong_format.json"}; std::ofstream testConfigFile{WRONG_FORMAT_FILE}; @@ -54,20 +43,20 @@ TEST_F(SysNormalizerTest, ctorWrongFormatConfig) testConfigFile << R"({"exclusions":[})"; } - EXPECT_NO_THROW((SysNormalizer{WRONG_FORMAT_FILE, "macos"})); + EXPECT_NO_THROW((InvNormalizer{WRONG_FORMAT_FILE, "macos"})); std::remove(WRONG_FORMAT_FILE); } -TEST_F(SysNormalizerTest, excludeSiriAndiTunes) +TEST_F(InvNormalizerTest, excludeSiriAndiTunes) { auto inputJson(nlohmann::json::parse(TEST_INPUT_DATA)); const auto size{inputJson.size()}; - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.removeExcluded("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.RemoveExcluded("packages", inputJson); EXPECT_EQ(size, inputJson.size() + 2); } -TEST_F(SysNormalizerTest, excludeSingleItemNoMatch) +TEST_F(InvNormalizerTest, excludeSingleItemNoMatch) { const auto& origJson{nlohmann::json::parse(R"( { @@ -77,12 +66,12 @@ TEST_F(SysNormalizerTest, excludeSingleItemNoMatch) "version": "3.0" })")}; nlohmann::json normalized(origJson); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.removeExcluded("packages", normalized); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.RemoveExcluded("packages", normalized); EXPECT_EQ(normalized, origJson); } -TEST_F(SysNormalizerTest, excludeSingleItemMatch) +TEST_F(InvNormalizerTest, excludeSingleItemMatch) { auto inputJson(nlohmann::json::parse(R"( { @@ -91,12 +80,12 @@ TEST_F(SysNormalizerTest, excludeSingleItemMatch) "name": "Siri", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.removeExcluded("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.RemoveExcluded("packages", inputJson); EXPECT_TRUE(inputJson.empty()); } -TEST_F(SysNormalizerTest, normalizeSingleMicosoft) +TEST_F(InvNormalizerTest, normalizeSingleMicosoft) { auto inputJson(nlohmann::json::parse(R"( { @@ -105,13 +94,13 @@ TEST_F(SysNormalizerTest, normalizeSingleMicosoft) "name": "Microsoft Defender", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "Microsoft"); } -TEST_F(SysNormalizerTest, normalizeSingleMcAfee1) +TEST_F(InvNormalizerTest, normalizeSingleMcAfee1) { auto inputJson(nlohmann::json::parse(R"( { @@ -120,14 +109,14 @@ TEST_F(SysNormalizerTest, normalizeSingleMcAfee1) "name": "McAfee Antivirus For Mac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "McAfee"); EXPECT_EQ(inputJson["name"], "Antivirus"); } -TEST_F(SysNormalizerTest, normalizeSingleMcAfee2) +TEST_F(InvNormalizerTest, normalizeSingleMcAfee2) { auto inputJson(nlohmann::json::parse(R"( { @@ -136,14 +125,14 @@ TEST_F(SysNormalizerTest, normalizeSingleMcAfee2) "name": "McAfee Endpoint Protection For Mac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "McAfee"); EXPECT_EQ(inputJson["name"], "Endpoint Protection"); } -TEST_F(SysNormalizerTest, normalizeSingleTotalDefense1) +TEST_F(InvNormalizerTest, normalizeSingleTotalDefense1) { auto inputJson(nlohmann::json::parse(R"( { @@ -152,14 +141,14 @@ TEST_F(SysNormalizerTest, normalizeSingleTotalDefense1) "name": "TotalDefenseAntivirusforMac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "TotalDefense"); EXPECT_EQ(inputJson["name"], "Anti-Virus"); } -TEST_F(SysNormalizerTest, normalizeSingleTotalDefense2) +TEST_F(InvNormalizerTest, normalizeSingleTotalDefense2) { auto inputJson(nlohmann::json::parse(R"( { @@ -168,14 +157,14 @@ TEST_F(SysNormalizerTest, normalizeSingleTotalDefense2) "name": "TotalDefenseOtherProductforMac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "TotalDefense"); EXPECT_EQ(inputJson["name"], "OtherProduct"); } -TEST_F(SysNormalizerTest, normalizeSingleAVG1) +TEST_F(InvNormalizerTest, normalizeSingleAVG1) { auto inputJson(nlohmann::json::parse(R"( { @@ -184,14 +173,14 @@ TEST_F(SysNormalizerTest, normalizeSingleAVG1) "name": "AVGAntivirus", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "AVG"); EXPECT_EQ(inputJson["name"], "Anti-Virus"); } -TEST_F(SysNormalizerTest, normalizeSingleAVG2) +TEST_F(InvNormalizerTest, normalizeSingleAVG2) { auto inputJson(nlohmann::json::parse(R"( { @@ -200,14 +189,14 @@ TEST_F(SysNormalizerTest, normalizeSingleAVG2) "name": "AVGOtherProduct", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["vendor"], "AVG"); EXPECT_EQ(inputJson["name"], "OtherProduct"); } -TEST_F(SysNormalizerTest, normalizeSingleKaspersky1) +TEST_F(InvNormalizerTest, normalizeSingleKaspersky1) { auto inputJson(nlohmann::json::parse(R"( { @@ -216,13 +205,13 @@ TEST_F(SysNormalizerTest, normalizeSingleKaspersky1) "name": "Kaspersky Antivirus For Mac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["name"], "Kaspersky Antivirus"); } -TEST_F(SysNormalizerTest, normalizeSingleKaspersky2) +TEST_F(InvNormalizerTest, normalizeSingleKaspersky2) { auto inputJson(nlohmann::json::parse(R"( { @@ -231,18 +220,24 @@ TEST_F(SysNormalizerTest, normalizeSingleKaspersky2) "name": "Kaspersky Internet Security For Mac", "version": "1.0" })")); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_FALSE(inputJson.empty()); EXPECT_EQ(inputJson["name"], "Kaspersky Internet Security"); } -TEST_F(SysNormalizerTest, normalizeItemMatch) +TEST_F(InvNormalizerTest, normalizeItemMatch) { auto inputJson(nlohmann::json::parse(TEST_INPUT_DATA)); const auto origJson(inputJson); - SysNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; - normalizer.normalize("packages", inputJson); + InvNormalizer normalizer{TEST_CONFIG_FILE_NAME, "macos"}; + normalizer.Normalize("packages", inputJson); EXPECT_EQ(inputJson.size(), origJson.size()); EXPECT_NE(inputJson, origJson); } + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/modules/inventory/tests/invNormalizer/invNormalizer_test.hpp b/src/modules/inventory/tests/invNormalizer/invNormalizer_test.hpp new file mode 100644 index 0000000000..af41d20e4c --- /dev/null +++ b/src/modules/inventory/tests/invNormalizer/invNormalizer_test.hpp @@ -0,0 +1,14 @@ +#pragma once +#include "gtest/gtest.h" +#include "gmock/gmock.h" + +class InvNormalizerTest : public ::testing::Test +{ + protected: + + InvNormalizerTest() = default; + virtual ~InvNormalizerTest() = default; + + void SetUp() override; + void TearDown() override; +}; diff --git a/src/modules/inventory/tests/sysNormalizer/test_config.h b/src/modules/inventory/tests/invNormalizer/test_config.h similarity index 99% rename from src/modules/inventory/tests/sysNormalizer/test_config.h rename to src/modules/inventory/tests/invNormalizer/test_config.h index 64feebf38d..95c1233854 100644 --- a/src/modules/inventory/tests/sysNormalizer/test_config.h +++ b/src/modules/inventory/tests/invNormalizer/test_config.h @@ -161,4 +161,4 @@ constexpr auto TEST_CONFIG_FILE_CONTENT constexpr auto TEST_CONFIG_FILE_NAME {"test_config.json"}; -#endif //_TEST_CONFIG_H \ No newline at end of file +#endif //_TEST_CONFIG_H diff --git a/src/modules/inventory/tests/sysNormalizer/test_input.h b/src/modules/inventory/tests/invNormalizer/test_input.hpp similarity index 99% rename from src/modules/inventory/tests/sysNormalizer/test_input.h rename to src/modules/inventory/tests/invNormalizer/test_input.hpp index 104d13e2d2..82d452413b 100644 --- a/src/modules/inventory/tests/sysNormalizer/test_input.h +++ b/src/modules/inventory/tests/invNormalizer/test_input.hpp @@ -257,4 +257,4 @@ constexpr auto TEST_INPUT_DATA ])" }; -#endif //_TEST_INPUT_H \ No newline at end of file +#endif //_TEST_INPUT_H diff --git a/src/modules/inventory/tests/inventory/CMakeLists.txt b/src/modules/inventory/tests/inventory/CMakeLists.txt new file mode 100644 index 0000000000..5b14b285e8 --- /dev/null +++ b/src/modules/inventory/tests/inventory/CMakeLists.txt @@ -0,0 +1,14 @@ +find_package(GTest CONFIG REQUIRED) + +add_executable(inventory_unit_test inventory_test.cpp) +configure_target(inventory_unit_test) +target_include_directories(inventory_unit_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) +target_link_libraries(inventory_unit_test PRIVATE + Inventory + GTest::gtest + GTest::gtest_main + GTest::gmock + GTest::gmock_main) +if(NOT WIN32) +add_test(NAME InventoryTest COMMAND inventory_unit_test) +endif() diff --git a/src/modules/inventory/tests/inventory/inventory_test.cpp b/src/modules/inventory/tests/inventory/inventory_test.cpp new file mode 100644 index 0000000000..ca5e7794f4 --- /dev/null +++ b/src/modules/inventory/tests/inventory/inventory_test.cpp @@ -0,0 +1,77 @@ +#include +#include +#include +#include "inventory.hpp" + +constexpr auto INVENTORY_DB_PATH {"TEMP.db"}; + +class InventoryTest : public ::testing::Test +{ + protected: + + void SetUp() override {} + void TearDown() override + { + std::remove(INVENTORY_DB_PATH); + } + + Inventory &inventory = Inventory::Instance(); +}; + +TEST_F(InventoryTest, SendUpdateEvent) { + ::testing::MockFunction mockPushMessage; + + inventory.SetPushMessageFunction(mockPushMessage.AsStdFunction()); + + EXPECT_CALL(mockPushMessage, Call(::testing::_)) + .WillOnce([](const Message& msg) + { + auto expectedData = R"({"key":"value"})"; + auto expectedMetadata = R"({"id":"123","module":"inventory","operation":"update","type":"hardware"})"; + + EXPECT_EQ(msg.data.dump(), expectedData); + EXPECT_EQ(msg.metaData, expectedMetadata); + return 1; + }); + + auto inputData = R"({ + "type": "hardware", + "operation": "update", + "id": "123", + "data": {"key": "value"} + })"; + + inventory.SendDeltaEvent(inputData); +} + +TEST_F(InventoryTest, SendDeleteEvent) { + ::testing::MockFunction mockPushMessage; + + inventory.SetPushMessageFunction(mockPushMessage.AsStdFunction()); + + EXPECT_CALL(mockPushMessage, Call(::testing::_)) + .WillOnce([](const Message& msg) + { + auto expectedData = R"({})"; + auto expectedMetadata = R"({"id":"123","module":"inventory","operation":"delete","type":"hardware"})"; + + EXPECT_EQ(msg.data.dump(), expectedData); + EXPECT_EQ(msg.metaData, expectedMetadata); + return 1; + }); + + auto inputData = R"({ + "type": "hardware", + "operation": "delete", + "id": "123", + "data": {"key": "value"} + })"; + + inventory.SendDeltaEvent(inputData); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/modules/inventory/tests/inventoryImp/CMakeLists.txt b/src/modules/inventory/tests/inventoryImp/CMakeLists.txt new file mode 100644 index 0000000000..c419af4b2f --- /dev/null +++ b/src/modules/inventory/tests/inventoryImp/CMakeLists.txt @@ -0,0 +1,14 @@ +find_package(GTest CONFIG REQUIRED) + +add_executable(inventoryimp_unit_test inventoryImp_test.cpp) +configure_target(inventoryimp_unit_test) +target_include_directories(inventoryimp_unit_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) +target_link_libraries(inventoryimp_unit_test PRIVATE + Inventory + GTest::gtest + GTest::gtest_main + GTest::gmock + GTest::gmock_main) +if(NOT WIN32) +add_test(NAME InventoryImpTest COMMAND inventoryimp_unit_test) +endif() diff --git a/src/modules/inventory/tests/inventoryImp/inventoryImp_test.cpp b/src/modules/inventory/tests/inventoryImp/inventoryImp_test.cpp new file mode 100644 index 0000000000..e41d114373 --- /dev/null +++ b/src/modules/inventory/tests/inventoryImp/inventoryImp_test.cpp @@ -0,0 +1,1563 @@ +#include +#include +#include "inventoryImp_test.hpp" +#include "inventory.hpp" + +constexpr auto INVENTORY_DB_PATH {"TEMP.db"}; +constexpr int SLEEP_DURATION_SECONDS = 10; + +void ReportFunction(const std::string& payload); + +void InventoryImpTest::SetUp() {}; + +void InventoryImpTest::TearDown() +{ + std::remove(INVENTORY_DB_PATH); +}; + +using ::testing::Return; + +class SysInfoWrapper: public ISysInfo +{ + public: + SysInfoWrapper() = default; + ~SysInfoWrapper() override = default; + + SysInfoWrapper(const SysInfoWrapper&) = delete; + SysInfoWrapper& operator=(const SysInfoWrapper&) = delete; + SysInfoWrapper(SysInfoWrapper&&) = delete; + SysInfoWrapper& operator=(SysInfoWrapper&&) = delete; + + MOCK_METHOD(nlohmann::json, hardware, (), (override)); + MOCK_METHOD(nlohmann::json, packages, (), (override)); + MOCK_METHOD(void, packages, (std::function), (override)); + MOCK_METHOD(nlohmann::json, os, (), (override)); + MOCK_METHOD(nlohmann::json, networks, (), (override)); + MOCK_METHOD(nlohmann::json, processes, (), (override)); + MOCK_METHOD(void, processes, (std::function), (override)); + MOCK_METHOD(nlohmann::json, ports, (), (override)); + MOCK_METHOD(nlohmann::json, hotfixes, (), (override)); +}; + +class CallbackMock +{ + public: + CallbackMock() = default; + ~CallbackMock() = default; + + CallbackMock(const CallbackMock&) = delete; + CallbackMock& operator=(const CallbackMock&) = delete; + CallbackMock(CallbackMock&&) = delete; + CallbackMock& operator=(CallbackMock&&) = delete; + + MOCK_METHOD(void, callbackMock, (const std::string&), ()); +}; + +void ReportFunction(const std::string& /*payload*/) +{ + // std::cout << payload << std::endl; +} + +TEST_F(InventoryImpTest, defaultCtor) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"OkludGVsIENvcnBvcmF0aW9u","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"Ok1pY3Jvc29mdCBXaW5kb3dzIDc=","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"OnhzZXJ2ZXIteG9yZzoxOjcuNysxOXVidW50dTE0OmFtZDY0OmRlYjog","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"OjQzMTYyNQ==","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"OktCMTIzNDU2Nzg=","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult6 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"OjA6dGNwOjEyNy4wLjAuMTo2MzE=","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"OmRvY2tlcjA6OmlwdjQ6OjE3Mi4xNy4wLjE=","operation":"create","type":"networks"})" + }; + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(testing::AtLeast(1)); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(testing::AtLeast(1)); + + auto configurationParser = std::make_shared(); + Inventory::Instance().Setup(configurationParser); + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(1)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, intervalSeconds) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"},{"hotfix":"KB87654321"}])"_json)); + + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 1 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper]() + { + Inventory::Instance().Init(spInfoWrapper, + ReportFunction, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{SLEEP_DURATION_SECONDS}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noScanOnStart) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).Times(0); + EXPECT_CALL(*spInfoWrapper, os()).Times(0); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)).Times(0); + EXPECT_CALL(*spInfoWrapper, networks()).Times(0); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)).Times(0); + EXPECT_CALL(*spInfoWrapper, ports()).Times(0); + EXPECT_CALL(*spInfoWrapper, hotfixes()).Times(0); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: false + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper]() + { + Inventory::Instance().Init(spInfoWrapper, + ReportFunction, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noHardware) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, hardware()).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult6 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: false + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(1)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } + +} + +TEST_F(InventoryImpTest, noOs) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, os()).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult3 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult4 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult5 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: false + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(2)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noNetwork) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + + EXPECT_CALL(*spInfoWrapper, networks()).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult6 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: true + networks: false + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(1)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noPackages) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, packages()).Times(0); + + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult4 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult5 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: true + networks: true + packages: false + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noPorts) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, ports()).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 5 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: false + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(1)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noPortsAll) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"udp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"","tx_queue":0},{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult6 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"7046b3f9cda975eb6567259c2469748e634dde49"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":""},"network":{"protocol":"udp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnVkcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult8 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: false + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds(1)); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noProcesses) +{ + + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, processes(testing::_)).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"package":{"hotfix":{"name":"KB12345678"}}},"id":"MTIzNDpLQjEyMzQ1Njc4","operation":"create","type":"hotfixes"})" + }; + const auto expectedResult5 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: false + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, noHotfixes) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})" + ))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})" + ))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + EXPECT_CALL(*spInfoWrapper, hotfixes()).Times(0); + + CallbackMock wrapperDelta; + std::function callbackDataDelta + { + [&wrapperDelta](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapperDelta.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"host":{"cpu":{"cores":2,"name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","speed":0},"memory":{"free":2257872,"total":4972208,"used":{"percentage":54}}},"observer":{"serial_number":"Intel Corporation"}},"id":"MTIzNDpJbnRlbCBDb3Jwb3JhdGlvbg==","operation":"create","type":"hardware"})" + }; + const auto expectedResult2 + { + R"({"data":{"host":{"architecture":"x86_64","hostname":"UBUNTU","os":{"full":"","kernel":"7601","name":"Microsoft Windows 7","platform":"","type":"","version":"6.1.7601"}}},"id":"MTIzNDpNaWNyb3NvZnQgV2luZG93cyA3","operation":"create","type":"system"})" + }; + const auto expectedResult3 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + const auto expectedResult4 + { + R"({"data":{"process":{"args":"","command_line":"","group":{"id":"root"},"name":"kworker/u256:2-","parent":{"pid":2},"pid":"431625","real_group":{"id":"root"},"real_user":{"id":"root"},"saved_group":{"id":"root"},"saved_user":{"id":"root"},"start":9302261,"thread":{"id":431625},"tty":{"char_device":{"major":0}},"user":{"id":"root"}}},"id":"MTIzNDo0MzE2MjU=","operation":"create","type":"processes"})" + }; + const auto expectedResult5 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"file":{"inode":0},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":631}},"id":"MTIzNDowOnRjcDoxMjcuMC4wLjE6NjMx","operation":"create","type":"ports"})" + }; + const auto expectedResult7 + { + R"({"data":{"host":{"ip":["172.17.0.1"],"mac":"02:42:1c:26:13:65","network":{"egress":{"bytes":0,"drops":0,"errors":0,"packets":0},"ingress":{"bytes":0,"drops":0,"errors":0,"packets":0}}},"interface":{"mtu":1500,"state":"down","type":"ethernet"},"network":{"broadcast":["172.17.255.255"],"dhcp":"unknown","gateway":[],"metric":"0","netmask":["255.255.0.0"],"protocol":"","type":"ipv4"},"observer":{"ingress":{"interface":{"alias":"","name":"docker0"}}}},"id":"MTIzNDpkb2NrZXIwOjppcHY0OjoxNzIuMTcuMC4x","operation":"create","type":"networks"})" + }; + + + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); + EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: false + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackDataDelta]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackDataDelta, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, scanInvalidData) +{ + const auto spInfoWrapper{std::make_shared()}; + EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); + EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( + R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); + EXPECT_CALL(*spInfoWrapper, processes(testing::_)) + .Times(testing::AtLeast(1)) + .WillOnce(::testing::InvokeArgument<0> + (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); + EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(nlohmann::json::parse(R"([{"hotfix":"KB12345678"}])"))); + EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( + R"({"iface":[{"IPv4":[{"address":"172.17.0.1","broadcast":"172.17.255.255","dhcp":"unknown","metric":"0","netmask":"255.255.0.0"}],"adapter":"","gateway":" ","mac":"02:42:1c:26:13:65","mtu":1500,"name":"docker0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"}]})"))); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 60 + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper]() + { + Inventory::Instance().Init(spInfoWrapper, + ReportFunction, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + std::this_thread::sleep_for(std::chrono::seconds{1}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, portAllEnable) +{ + const auto spInfoWrapper{std::make_shared()}; + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse(R"( + [ + { + "inode":43481, + "local_ip":"0.0.0.0", + "local_port":47748, + "pid":0, + "process_name":"", + "protocol":"udp", + "remote_ip":"0.0.0.0", + "remote_port":0, + "rx_queue":0, + "state":"", + "tx_queue":0 + }, + { + "inode":43482, + "local_ip":"::", + "local_port":51087, + "pid":0, + "process_name":"", + "protocol":"udp6", + "remote_ip":"::", + "remote_port":0, + "rx_queue":0, + "state":"", + "tx_queue":0 + }, + { + "inode":50324, + "local_ip":"127.0.0.1", + "local_port":33060, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"0.0.0.0", + "remote_port":0, + "rx_queue":0, + "state":"listening", + "tx_queue":0 + }, + { + "inode":122575, + "local_ip":"192.168.0.104", + "local_port":39106, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"44.238.116.130", + "remote_port":443, + "rx_queue":0, + "state":"established", + "tx_queue":0 + }, + { + "inode":122575, + "local_ip":"192.168.0.104", + "local_port":39106, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"44.238.116.130", + "remote_port":443, + "rx_queue":0, + "state":"established", + "tx_queue":0 + } + ])"))); + + CallbackMock wrapper; + std::function callbackData + { + [&wrapper](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + delta.erase("id"); + wrapper.callbackMock(delta.dump()); + } + }; + const auto expectedResult1 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"12903a43db24ab10d872547cdd1d786a5876a0da"},"file":{"inode":43481},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":""},"network":{"protocol":"udp"},"process":{"name":"","pid":0},"source":{"ip":["0.0.0.0"],"port":47748}},"operation":"create","type":"ports"})" + }; + + const auto expectedResult2 + { + R"({"data":{"destination":{"ip":["::"],"port":0},"device":{"id":"ca7c9aff241cb251c6ad31e30b806366ecb2ad5f"},"file":{"inode":43482},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":""},"network":{"protocol":"udp6"},"process":{"name":"","pid":0},"source":{"ip":["::"],"port":51087}},"operation":"create","type":"ports"})" + }; + + const auto expectedResult3 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"8c790ef53962dd27f4516adb1d7f3f6096bc6d29"},"file":{"inode":50324},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":33060}},"operation":"create","type":"ports"})" + }; + + const auto expectedResult4 + { + R"({"data":{"destination":{"ip":["44.238.116.130"],"port":443},"device":{"id":"d5511242275bd3f2d57175f248108d6c3b39c438"},"file":{"inode":122575},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"established"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["192.168.0.104"],"port":39106}},"operation":"create","type":"ports"})" + }; + + EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapper, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapper, callbackMock(expectedResult3)).Times(1); + EXPECT_CALL(wrapper, callbackMock(expectedResult4)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: false + system: false + networks: false + packages: false + ports: true + ports_all: true + processes: false + hotfixes: false + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackData]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackData, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, portAllDisable) +{ + const auto spInfoWrapper{std::make_shared()}; + EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse(R"( + [ + { + "inode":43481, + "local_ip":"0.0.0.0", + "local_port":47748, + "pid":0, + "process_name":"", + "protocol":"udp", + "remote_ip":"0.0.0.0", + "remote_port":0, + "rx_queue":0, + "state":"", + "tx_queue":0 + }, + { + "inode":43482, + "local_ip":"::", + "local_port":51087, + "pid":0, + "process_name":"", + "protocol":"udp6", + "remote_ip":"::", + "remote_port":0, + "rx_queue":0, + "state":"", + "tx_queue":0 + }, + { + "inode":50324, + "local_ip":"127.0.0.1", + "local_port":33060, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"0.0.0.0", + "remote_port":0, + "rx_queue":0, + "state":"listening", + "tx_queue":0 + }, + { + "inode":50324, + "local_ip":"127.0.0.1", + "local_port":33060, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"0.0.0.0", + "remote_port":0, + "rx_queue":0, + "state":"listening", + "tx_queue":0 + }, + { + "inode":122575, + "local_ip":"192.168.0.104", + "local_port":39106, + "pid":0, + "process_name":"", + "protocol":"tcp", + "remote_ip":"44.238.116.130", + "remote_port":443, + "rx_queue":0, + "state":"established", + "tx_queue":0 + } + ])"))); + + CallbackMock wrapper; + std::function callbackData + { + [&wrapper](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + delta.erase("id"); + wrapper.callbackMock(delta.dump()); + } + }; + const auto expectedResult1 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"12903a43db24ab10d872547cdd1d786a5876a0da"},"file":{"inode":43481},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":""},"network":{"protocol":"udp"},"process":{"name":"","pid":0},"source":{"ip":["0.0.0.0"],"port":47748}},"operation":"create","type":"ports"})" + }; + + const auto expectedResult2 + { + R"({"data":{"destination":{"ip":["::"],"port":0},"device":{"id":"ca7c9aff241cb251c6ad31e30b806366ecb2ad5f"},"file":{"inode":43482},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":""},"network":{"protocol":"udp6"},"process":{"name":"","pid":0},"source":{"ip":["::"],"port":51087}},"operation":"create","type":"ports"})" + }; + + const auto expectedResult3 + { + R"({"data":{"destination":{"ip":["0.0.0.0"],"port":0},"device":{"id":"8c790ef53962dd27f4516adb1d7f3f6096bc6d29"},"file":{"inode":50324},"host":{"network":{"egress":{"queue":0},"ingress":{"queue":0}}},"interface":{"state":"listening"},"network":{"protocol":"tcp"},"process":{"name":"","pid":0},"source":{"ip":["127.0.0.1"],"port":33060}},"operation":"create","type":"ports"})" + }; + + EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); + EXPECT_CALL(wrapper, callbackMock(expectedResult2)).Times(1); + EXPECT_CALL(wrapper, callbackMock(expectedResult3)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: false + system: false + networks: false + packages: false + ports: true + ports_all: false + processes: false + hotfixes: false + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackData]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackData, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +TEST_F(InventoryImpTest, PackagesDuplicated) +{ + const auto spInfoWrapper{std::make_shared()}; + + EXPECT_CALL(*spInfoWrapper, packages(testing::_)) + .Times(::testing::AtLeast(1)) + .WillOnce(::testing::DoAll( + ::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json), + ::testing::InvokeArgument<0> + (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json))); + + + + CallbackMock wrapper; + std::function callbackData + { + [&wrapper](const std::string & data) + { + auto delta = nlohmann::json::parse(data); + delta["data"].erase("@timestamp"); + wrapper.callbackMock(delta.dump()); + } + }; + + const auto expectedResult1 + { + R"({"data":{"package":{"architecture":"amd64","description":"","installed":null,"name":"xserver-xorg","path":" ","size":411,"type":"deb","version":"1:7.7+19ubuntu14"}},"id":"MTIzNDp4c2VydmVyLXhvcmc6MTo3LjcrMTl1YnVudHUxNDphbWQ2NDpkZWI6IA==","operation":"create","type":"packages"})" + }; + + EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); + + std::string inventoryConfig = R"( + inventory: + enabled: true + interval: 3600 + scan_on_start: true + hardware: false + system: false + networks: false + packages: true + ports: false + ports_all: false + processes: false + hotfixes: false + )"; + auto configParser = std::make_shared(inventoryConfig); + Inventory::Instance().Setup(configParser); + + std::thread t + { + [&spInfoWrapper, &callbackData]() + { + Inventory::Instance().Init(spInfoWrapper, + callbackData, + INVENTORY_DB_PATH, + "", + ""); + Inventory::Instance().SetAgentUUID("1234"); + } + }; + + std::this_thread::sleep_for(std::chrono::seconds{2}); + Inventory::Instance().Stop(); + + if (t.joinable()) + { + t.join(); + } +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} + diff --git a/src/modules/inventory/tests/inventoryImp/inventoryImp_test.hpp b/src/modules/inventory/tests/inventoryImp/inventoryImp_test.hpp new file mode 100644 index 0000000000..fa54d782c6 --- /dev/null +++ b/src/modules/inventory/tests/inventoryImp/inventoryImp_test.hpp @@ -0,0 +1,14 @@ +#pragma once +#include "gtest/gtest.h" +#include "gmock/gmock.h" + +class InventoryImpTest : public ::testing::Test +{ + protected: + + InventoryImpTest() = default; + virtual ~InventoryImpTest() = default; + + void SetUp() override; + void TearDown() override; +}; diff --git a/src/modules/inventory/tests/sysCollectorImp/CMakeLists.txt b/src/modules/inventory/tests/sysCollectorImp/CMakeLists.txt deleted file mode 100644 index f4930d7ee3..0000000000 --- a/src/modules/inventory/tests/sysCollectorImp/CMakeLists.txt +++ /dev/null @@ -1,71 +0,0 @@ -cmake_minimum_required(VERSION 3.12.4) - -project(syscollectorimp_unit_test) - -set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") - - -link_directories(${SRC_FOLDER}/shared_modules/dbsync/build/lib) -link_directories(${SRC_FOLDER}/shared_modules/rsync/build/lib) -include_directories(${SRC_FOLDER}/shared_modules/dbsync/src/) - -file(GLOB SYSCOLLECTOR_IMP_UNIT_TEST_SRC - "*.cpp") - -file(GLOB SYSCOLLECTOR_IMP_SRC - "${CMAKE_SOURCE_DIR}/src/syscollectorImp.cpp" - "${CMAKE_SOURCE_DIR}/src/syscollectorNormalizer.cpp") - -file(GLOB RSYNC_IMP_SRC - "${SRC_FOLDER}/shared_modules/rsync/src/*.cpp") - -file(GLOB DBSYNC_IMP_SRC - "${SRC_FOLDER}/shared_modules/dbsync/src/*.cpp" - "${SRC_FOLDER}/shared_modules/dbsync/src/sqlite/*.cpp") - -add_definitions(-DWAZUH_UNIT_TESTING) - -add_executable(syscollectorimp_unit_test - ${SYSCOLLECTOR_IMP_UNIT_TEST_SRC} - ${SYSCOLLECTOR_IMP_SRC} - ${RSYNC_IMP_SRC} - ${DBSYNC_IMP_SRC}) -if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - target_link_libraries(syscollectorimp_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - cjson - sqlite3 - crypto - ws2_32 - ssl - crypt32 - -static-libgcc -static-libstdc++ - ) -else() - target_link_libraries(syscollectorimp_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - sqlite3 - cjson - crypto - dl - ) -endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -add_test(NAME syscollectorimp_unit_test - COMMAND syscollectorimp_unit_test) \ No newline at end of file diff --git a/src/modules/inventory/tests/sysCollectorImp/main.cpp b/src/modules/inventory/tests/sysCollectorImp/main.cpp deleted file mode 100644 index fd7a178715..0000000000 --- a/src/modules/inventory/tests/sysCollectorImp/main.cpp +++ /dev/null @@ -1,7 +0,0 @@ -#include "gtest/gtest.h" - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} \ No newline at end of file diff --git a/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.cpp b/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.cpp deleted file mode 100644 index cf79dd051c..0000000000 --- a/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.cpp +++ /dev/null @@ -1,2399 +0,0 @@ -/* - * Wazuh SyscollectorImp - * Copyright (C) 2015, Wazuh Inc. - * November 9, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include -#include "syscollectorImp_test.h" -#include "syscollector.hpp" - -constexpr auto SYSCOLLECTOR_DB_PATH {"TEMP.db"}; - -void SyscollectorImpTest::SetUp() {}; - -void SyscollectorImpTest::TearDown() -{ - std::remove(SYSCOLLECTOR_DB_PATH); -}; - -using ::testing::_; -using ::testing::Return; - -class SysInfoWrapper: public ISysInfo -{ - public: - SysInfoWrapper() = default; - ~SysInfoWrapper() = default; - MOCK_METHOD(nlohmann::json, hardware, (), (override)); - MOCK_METHOD(nlohmann::json, packages, (), (override)); - MOCK_METHOD(void, packages, (std::function), (override)); - MOCK_METHOD(nlohmann::json, os, (), (override)); - MOCK_METHOD(nlohmann::json, networks, (), (override)); - MOCK_METHOD(nlohmann::json, processes, (), (override)); - MOCK_METHOD(void, processes, (std::function), (override)); - MOCK_METHOD(nlohmann::json, ports, (), (override)); - MOCK_METHOD(nlohmann::json, hotfixes, (), (override)); -}; - -class CallbackMock -{ - public: - CallbackMock() = default; - ~CallbackMock() = default; - MOCK_METHOD(void, callbackMock, (const std::string&), ()); -}; - -void reportFunction(const std::string& /*payload*/) -{ - // std::cout << payload << std::endl; -} - -void logFunction(const modules_log_level_t /*level*/, const std::string& /*log*/) -{ - // static const std::map s_logStringMap - // { - // {LOG_ERROR, "ERROR"}, - // {LOG_INFO, "INFO"}, - // {LOG_DEBUG, "DEBUG"}, - // {LOG_DEBUG_VERBOSE, "DEBUG2"} - // }; - // std::cout << s_logStringMap.at(level) << ": " << log << std::endl; -} - -TEST_F(SyscollectorImpTest, defaultCtor) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta.at("type").get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 5, true, true, true, true, true, true, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(1)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, intervalSeconds) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"},{"hotfix":"KB87654321"}])"_json)); - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(::testing::AtLeast(2)) - .WillRepeatedly(testing::InvokeArgument<0>(nlohmann::json::parse( - R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"))); - - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(2)) - .WillRepeatedly(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); - - std::thread t - { - [&spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 1, true, true, true, true, true, true, true, true, true, true); - - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{10}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noScanOnStart) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).Times(0); - EXPECT_CALL(*spInfoWrapper, os()).Times(0); - EXPECT_CALL(*spInfoWrapper, packages(_)).Times(0); - EXPECT_CALL(*spInfoWrapper, networks()).Times(0); - EXPECT_CALL(*spInfoWrapper, processes(_)).Times(0); - EXPECT_CALL(*spInfoWrapper, ports()).Times(0); - EXPECT_CALL(*spInfoWrapper, hotfixes()).Times(0); - - std::thread t - { - [&spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, false); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noHardware) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).Times(0); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_hwinfo","data":{},"type":"integrity_clear"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, false, true, true, true, true, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(1)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } - -} - -TEST_F(SyscollectorImpTest, noOs) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, os()).Times(0); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_osinfo","data":{},"type":"integrity_clear"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, false, true, true, true, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(2)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noNetwork) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).Times(0); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"component":"syscollector_network_address","data":{},"type":"integrity_clear"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_network_protocol","data":{},"type":"integrity_clear"})" - }; - const auto expectedResult22 - { - R"({"component":"syscollector_network_iface","data":{},"type":"integrity_clear"})" - }; - - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult22)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, true, false, true, true, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(1)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noPackages) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)).Times(0); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_packages","data":{},"type":"integrity_clear"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackDataDelta, &callbackData]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, true, true, false, true, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noPorts) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).Times(0); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_ports","data":{},"type":"integrity_clear"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 5, true, true, true, true, true, false, true, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(1)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noPortsAll) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"udp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"","tx_queue":0},{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"7046b3f9cda975eb6567259c2469748e634dde49","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"09d591fb0ed092c387f77b24af5bada43b5d519d","inode":0,"item_id":"7046b3f9cda975eb6567259c2469748e634dde49","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"udp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":null,"tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult21 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, true, true, true, true, false, true, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds(1)); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noProcesses) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)).Times(0); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult21 - { - R"({"component":"syscollector_processes","data":{},"type":"integrity_clear"})" - }; - - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, true, true, true, true, true, false, true, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, noHotfixes) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json)); - - EXPECT_CALL(*spInfoWrapper, hotfixes()).Times(0); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult2 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult3 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult4 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult5 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult6 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult7 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult8 - { - R"({"data":{"checksum":"039934723aa69928b52e470c8d27365b0924b615","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"431625","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult9 - { - R"({"data":{"architecture":"amd64","checksum":"c084f78ed87ed19974b1fd90bbf727c2d1416f7d","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult12 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult13 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult14 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult15 - { - R"({"component":"syscollector_processes","data":{"begin":"431625","end":"431625"},"type":"integrity_check_global"})" - }; - const auto expectedResult16 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult17 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult19 - { - R"({"component":"syscollector_hotfixes","data":{},"type":"integrity_clear"})" - }; - - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult9)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult19)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData, &callbackDataDelta]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, true, true, true, true, true, true, true, false, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, pushMessageOk) -{ - constexpr auto messageToPush{R"(syscollector_network_iface dbsync checksum_fail {"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c","id":1606851004})"}; - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - std::thread t - { - [&spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 60, true, true, true, true, true, true, true, true, true, true); - } - }; - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().push(messageToPush); - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, pushMessageOk1) -{ - constexpr auto messageToPush{R"(syscollector_processes dbsync checksum_fail {"begin":"1","end":"99","id":1})"}; - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14", "os_patch":"","format":"deb","location":" "})"_json)); - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":"45","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("id"); - wrapper.callbackMock(delta.dump()); - } - }; - - CallbackMock wrapperDelta; - std::function callbackDataDelta - { - [&wrapperDelta](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - - if (delta["type"].get_ref().compare("dbsync_osinfo") == 0) - { - delta["data"].erase("checksum"); - } - - delta["data"].erase("scan_time"); - wrapperDelta.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"component":"syscollector_hwinfo","data":{"begin":"Intel Corporation","end":"Intel Corporation"},"type":"integrity_check_global"})" - }; - const auto expectedResult2 - { - R"({"component":"syscollector_osinfo","data":{"begin":"Microsoft Windows 7","end":"Microsoft Windows 7"},"type":"integrity_check_global"})" - }; - const auto expectedResult3 - { - R"({"component":"syscollector_network_iface","data":{"begin":"25eef9a0a422a9b644fb6b73650453148bc6151c","end":"25eef9a0a422a9b644fb6b73650453148bc6151c"},"type":"integrity_check_global"})" - }; - const auto expectedResult4 - { - R"({"component":"syscollector_network_protocol","data":{"begin":"9dff246584835755137820c975f034d089e90b6f","end":"d633b040008ea38303d778431ee2fd0b4ee5a37a"},"type":"integrity_check_global"})" - }; - const auto expectedResult5 - { - R"({"component":"syscollector_packages","data":{"begin":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","end":"4846c220a185b0fc251a07843efbfbb0d90ac4a5"},"type":"integrity_check_global"})" - }; - const auto expectedResult6 - { - R"({"component":"syscollector_hotfixes","data":{"begin":"KB12345678","end":"KB12345678"},"type":"integrity_check_global"})" - }; - const auto expectedResult7 - { - R"({"component":"syscollector_ports","data":{"begin":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","end":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba"},"type":"integrity_check_global"})" - }; - const auto expectedResult8 - { - R"({"component":"syscollector_processes","data":{"begin":"45","end":"45"},"type":"integrity_check_global"})" - }; - const auto expectedResult10 - { - R"({"component":"syscollector_network_address","data":{"begin":"3d48ddc47fac84c62a19746af66fbfcf78547de9","end":"65973316a5dc8615a6d20b2d6c4ce52ecd074496"},"type":"integrity_check_global"})" - }; - const auto expectedResult11 - { - R"({"data":{"board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"})" - }; - const auto expectedResult12 - { - R"({"data":{"architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"},"operation":"INSERTED","type":"dbsync_osinfo"})" - }; - const auto expectedResult13 - { - R"({"data":{"adapter":" ","checksum":"165f7160ecd2838479ee4c43c1012b723736d90a","item_id":"25eef9a0a422a9b644fb6b73650453148bc6151c","mac":"d4:5d:64:51:07:5d","mtu":1500,"name":"enp4s0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"state":"up","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"})" - }; - const auto expectedResult14 - { - R"({"data":{"checksum":"ff63981c231f110a0877ac6acd8862ac09877b5d","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"d633b040008ea38303d778431ee2fd0b4ee5a37a","metric":" ","type":"ipv4"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - const auto expectedResult15 - { - R"({"data":{"address":"192.168.153.1","broadcast":"192.168.153.255","checksum":"72dfd66759bd8062cdc17607d760a48c906189b3","iface":"enp4s0","item_id":"3d48ddc47fac84c62a19746af66fbfcf78547de9","netmask":"255.255.255.0","proto":0},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult16 - { - R"({"data":{"address":"fe80::250:56ff:fec0:8","checksum":"f606d1a1c551874d8fab33e4e5cfaa0370673ec8","iface":"enp4s0","item_id":"65973316a5dc8615a6d20b2d6c4ce52ecd074496","netmask":"ffff:ffff:ffff:ffff::","proto":1},"operation":"INSERTED","type":"dbsync_network_address"})" - }; - const auto expectedResult17 - { - R"({"data":{"architecture":"amd64","checksum":"c1a125f40a70bab20a252f42ea4ec0dcf90733e8","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","os_patch":null,"priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - const auto expectedResult18 - { - R"({"data":{"checksum":"56162cd7bb632b4728ec868e8e271b01222ff131","hotfix":"KB12345678"},"operation":"INSERTED","type":"dbsync_hotfixes"})" - }; - const auto expectedResult19 - { - R"({"data":{"checksum":"f25348b1ce5310f36c1ed859d13138fbb4e6bacb","inode":0,"item_id":"cbf2ac25a6775175f912ebf2abc72f6f51ab48ba","local_ip":"127.0.0.1","local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - const auto expectedResult20 - { - R"({"data":{"checksum":"af3801fac517cf9ae30f746092ce3e4058574454","egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"45","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0},"operation":"INSERTED","type":"dbsync_processes"})" - }; - const auto expectedResult21 - { - R"({"data":{"checksum":"ea17673e7422c0ab04c4f1f111a5828be8cd366a","dhcp":"unknown","gateway":"192.168.0.1|600","iface":"enp4s0","item_id":"9dff246584835755137820c975f034d089e90b6f","metric":" ","type":"ipv6"},"operation":"INSERTED","type":"dbsync_network_protocol"})" - }; - - EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult4)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult5)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult6)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult7)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult8)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult10)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult11)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult12)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult13)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult14)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult15)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult16)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult17)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult18)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult19)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult20)).Times(1); - EXPECT_CALL(wrapperDelta, callbackMock(expectedResult21)).Times(1); - - std::thread t - { - [&callbackData, &callbackDataDelta, &spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - callbackDataDelta, - callbackData, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 60, true, true, true, true, true, true, true, true, true, true); - } - }; - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().push(messageToPush); - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, pushMessageInvalid) -{ - constexpr auto messageToPush{R"(syscollector_network_iface dbsync checksum_fail {"end":"Loopback Pseudo-Interface 1","id":1606851004})"}; - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"},{"hotfix":"KB87654321"}])"_json)); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - std::thread t - { - [&spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 60, true, true, true, true, true, true, true, true, true, true); - } - }; - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().push(messageToPush); - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, scanInvalidData) -{ - constexpr auto messageToPush{R"(syscollector_network_iface dbsync checksum_fail {"end":"Loopback Pseudo-Interface 1","id":1606851004})"}; - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"},{"hotfix":"KB87654321"}])"_json)); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(1)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - std::thread t - { - [&spInfoWrapper]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 60, true, true, true, true, true, true, true, true, true, true); - } - }; - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().push(messageToPush); - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - - -TEST_F(SyscollectorImpTest, portAllEnable) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse(R"( - [ - { - "inode":43481, - "local_ip":"0.0.0.0", - "local_port":47748, - "pid":0, - "process_name":"", - "protocol":"udp", - "remote_ip":"0.0.0.0", - "remote_port":0, - "rx_queue":0, - "state":"", - "tx_queue":0 - }, - { - "inode":43482, - "local_ip":"::", - "local_port":51087, - "pid":0, - "process_name":"", - "protocol":"udp6", - "remote_ip":"::", - "remote_port":0, - "rx_queue":0, - "state":"", - "tx_queue":0 - }, - { - "inode":50324, - "local_ip":"127.0.0.1", - "local_port":33060, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"0.0.0.0", - "remote_port":0, - "rx_queue":0, - "state":"listening", - "tx_queue":0 - }, - { - "inode":122575, - "local_ip":"192.168.0.104", - "local_port":39106, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"44.238.116.130", - "remote_port":443, - "rx_queue":0, - "state":"established", - "tx_queue":0 - }, - { - "inode":122575, - "local_ip":"192.168.0.104", - "local_port":39106, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"44.238.116.130", - "remote_port":443, - "rx_queue":0, - "state":"established", - "tx_queue":0 - } - ])"))); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("scan_time"); - wrapper.callbackMock(delta.dump()); - } - }; - const auto expectedResult1 - { - R"({"data":{"inode":43481,"item_id":"12903a43db24ab10d872547cdd1d786a5876a0da","local_ip":"0.0.0.0","local_port":47748,"pid":0,"process_name":null,"protocol":"udp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":null,"tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - const auto expectedResult2 - { - R"({"data":{"inode":43482,"item_id":"ca7c9aff241cb251c6ad31e30b806366ecb2ad5f","local_ip":"::","local_port":51087,"pid":0,"process_name":null,"protocol":"udp6","remote_ip":"::","remote_port":0,"rx_queue":0,"state":null,"tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - const auto expectedResult3 - { - R"({"data":{"inode":50324,"item_id":"8c790ef53962dd27f4516adb1d7f3f6096bc6d29","local_ip":"127.0.0.1","local_port":33060,"pid":0,"process_name":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - const auto expectedResult4 - { - R"({"data":{"inode":122575,"item_id":"d5511242275bd3f2d57175f248108d6c3b39c438","local_ip":"192.168.0.104","local_port":39106,"pid":0,"process_name":null,"protocol":"tcp","remote_ip":"44.238.116.130","remote_port":443,"rx_queue":0,"state":"established","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult3)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult4)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData]() - { - Syscollector::instance().init(spInfoWrapper, - callbackData, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, false, false, false, false, true, true, false, false, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F(SyscollectorImpTest, portAllDisable) -{ - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse(R"( - [ - { - "inode":43481, - "local_ip":"0.0.0.0", - "local_port":47748, - "pid":0, - "process_name":"", - "protocol":"udp", - "remote_ip":"0.0.0.0", - "remote_port":0, - "rx_queue":0, - "state":"", - "tx_queue":0 - }, - { - "inode":43482, - "local_ip":"::", - "local_port":51087, - "pid":0, - "process_name":"", - "protocol":"udp6", - "remote_ip":"::", - "remote_port":0, - "rx_queue":0, - "state":"", - "tx_queue":0 - }, - { - "inode":50324, - "local_ip":"127.0.0.1", - "local_port":33060, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"0.0.0.0", - "remote_port":0, - "rx_queue":0, - "state":"listening", - "tx_queue":0 - }, - { - "inode":50324, - "local_ip":"127.0.0.1", - "local_port":33060, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"0.0.0.0", - "remote_port":0, - "rx_queue":0, - "state":"listening", - "tx_queue":0 - }, - { - "inode":122575, - "local_ip":"192.168.0.104", - "local_port":39106, - "pid":0, - "process_name":"", - "protocol":"tcp", - "remote_ip":"44.238.116.130", - "remote_port":443, - "rx_queue":0, - "state":"established", - "tx_queue":0 - } - ])"))); - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("scan_time"); - wrapper.callbackMock(delta.dump()); - } - }; - const auto expectedResult1 - { - R"({"data":{"inode":43481,"item_id":"12903a43db24ab10d872547cdd1d786a5876a0da","local_ip":"0.0.0.0","local_port":47748,"pid":0,"process_name":null,"protocol":"udp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":null,"tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - const auto expectedResult2 - { - R"({"data":{"inode":43482,"item_id":"ca7c9aff241cb251c6ad31e30b806366ecb2ad5f","local_ip":"::","local_port":51087,"pid":0,"process_name":null,"protocol":"udp6","remote_ip":"::","remote_port":0,"rx_queue":0,"state":null,"tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - const auto expectedResult3 - { - R"({"data":{"inode":50324,"item_id":"8c790ef53962dd27f4516adb1d7f3f6096bc6d29","local_ip":"127.0.0.1","local_port":33060,"pid":0,"process_name":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"})" - }; - - EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult2)).Times(1); - EXPECT_CALL(wrapper, callbackMock(expectedResult3)).Times(1); - - std::thread t - { - [&spInfoWrapper, &callbackData]() - { - Syscollector::instance().init(spInfoWrapper, - callbackData, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, false, false, false, false, true, false, false, false, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - - -TEST_F(SyscollectorImpTest, PackagesDuplicated) -{ - const auto spInfoWrapper{std::make_shared()}; - - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(1)) - .WillOnce(::testing::DoAll( - ::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json), - ::testing::InvokeArgument<0> - (R"({"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14","format":"deb","location":" "})"_json))); - - - - CallbackMock wrapper; - std::function callbackData - { - [&wrapper](const std::string & data) - { - auto delta = nlohmann::json::parse(data); - delta["data"].erase("checksum"); - delta["data"].erase("scan_time"); - wrapper.callbackMock(delta.dump()); - } - }; - - const auto expectedResult1 - { - R"({"data":{"architecture":"amd64","format":"deb","group":"x11","item_id":"4846c220a185b0fc251a07843efbfbb0d90ac4a5","location":" ","name":"xserver-xorg","priority":"optional","size":411,"source":"xorg","version":"1:7.7+19ubuntu14"},"operation":"INSERTED","type":"dbsync_packages"})" - }; - - EXPECT_CALL(wrapper, callbackMock(expectedResult1)).Times(1); - std::thread t - { - [&spInfoWrapper, &callbackData]() - { - Syscollector::instance().init(spInfoWrapper, - callbackData, - reportFunction, - logFunction, - SYSCOLLECTOR_DB_PATH, - "", - "", - 3600, true, false, false, false, true, false, false, false, false, true); - } - }; - - std::this_thread::sleep_for(std::chrono::seconds{2}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} - -TEST_F (SyscollectorImpTest, SyncOverlap) -{ - constexpr auto firstMessageToPush{R"(syscollector_packages no_data {"begin":"0005a2bdc731445bbe68d6706e452937bdbc9e2f","end":"fff931b8ce752c06e9b219189281b7eae4285d44","id":1713982194})"}; - constexpr auto secondMessageToPush{R"(syscollector_packages checksum_fail {"begin":"0005a2bdc731445bbe68d6706e452937bdbc9e2f","end":"fff931b8ce752c06e9b219189281b7eae4285d44","id":1713982197})"}; - const time_t intervalValue = 3; - - const auto spInfoWrapper{std::make_shared()}; - EXPECT_CALL(*spInfoWrapper, hardware()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - EXPECT_CALL(*spInfoWrapper, networks()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - EXPECT_CALL(*spInfoWrapper, os()).WillRepeatedly(Return(nlohmann::json::parse( - R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - EXPECT_CALL(*spInfoWrapper, ports()).WillRepeatedly(Return(nlohmann::json::parse( - R"([{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}])"))); - EXPECT_CALL(*spInfoWrapper, hotfixes()).WillRepeatedly(Return(R"([{"hotfix":"KB12345678"}])"_json)); - EXPECT_CALL(*spInfoWrapper, packages(_)) - .Times(::testing::AtLeast(2)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"name":"TEXT", "scan_time":"2020/12/28 21:49:50", "version":"TEXT", "vendor":"TEXT", "install_time":"TEXT", "location":"TEXT", "architecture":"TEXT", "groups":"TEXT", "description":"TEXT", "size":"TEXT", "priority":"TEXT", "multiarch":"TEXT", "source":"TEXT", "os_patch":"TEXT"})"_json)); - - EXPECT_CALL(*spInfoWrapper, processes(_)) - .Times(testing::AtLeast(2)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)) - .WillOnce(::testing::InvokeArgument<0> - (R"({"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0})"_json)); - - const auto captureLog - { - [](const modules_log_level_t /*level*/, const std::string & log) - { - std::string expectedStr {"Syscollector synchronization process concluded recently, delaying scan for 1 second/s"}; - - if (log.find("Discarded") != std::string::npos) - { - EXPECT_STREQ(log.c_str(), expectedStr.c_str()); - } - } - }; - - std::thread t - { - [&spInfoWrapper, &captureLog, &intervalValue]() - { - Syscollector::instance().init(spInfoWrapper, - reportFunction, - reportFunction, - captureLog, - SYSCOLLECTOR_DB_PATH, - "", - "", - intervalValue, true, true, true, true, true, true, true, true, true, true); - } - }; - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().push(firstMessageToPush); - std::this_thread::sleep_for(std::chrono::seconds{intervalValue}); - Syscollector::instance().push(secondMessageToPush); - std::this_thread::sleep_for(std::chrono::seconds{1}); - Syscollector::instance().destroy(); - - if (t.joinable()) - { - t.join(); - } -} diff --git a/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.h b/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.h deleted file mode 100644 index d9ac6bd72b..0000000000 --- a/src/modules/inventory/tests/sysCollectorImp/syscollectorImp_test.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Wazuh SyscollectorImp - * Copyright (C) 2015, Wazuh Inc. - * November 9, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#ifndef _SYSCOLLECTOR_IMP_TEST_H -#define _SYSCOLLECTOR_IMP_TEST_H -#include "gtest/gtest.h" -#include "gmock/gmock.h" - -class SyscollectorImpTest : public ::testing::Test -{ - protected: - - SyscollectorImpTest() = default; - virtual ~SyscollectorImpTest() = default; - - void SetUp() override; - void TearDown() override; -}; - -#endif //_SYSCOLLECTOR_IMP_TEST_H \ No newline at end of file diff --git a/src/modules/inventory/tests/sysNormalizer/CMakeLists.txt b/src/modules/inventory/tests/sysNormalizer/CMakeLists.txt deleted file mode 100644 index f3290609e3..0000000000 --- a/src/modules/inventory/tests/sysNormalizer/CMakeLists.txt +++ /dev/null @@ -1,48 +0,0 @@ -cmake_minimum_required(VERSION 3.12.4) - -project(sys_normalizer_unit_test) - -set(CMAKE_CXX_FLAGS_DEBUG "-g --coverage") - - -file(GLOB SYS_NORMALIZER_UNIT_TEST_SRC - "*.cpp") - -file(GLOB SYS_NORMALIZER_SRC - "${CMAKE_SOURCE_DIR}/src/syscollectorNormalizer.cpp") - -add_definitions(-DWAZUH_UNIT_TESTING) - -add_executable(sys_normalizer_unit_test - ${SYS_NORMALIZER_UNIT_TEST_SRC} - ${SYS_NORMALIZER_SRC}) -if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - target_link_libraries(sys_normalizer_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - -static-libgcc -static-libstdc++ - ) -else() - target_link_libraries(sys_normalizer_unit_test - debug gtestd - debug gmockd - debug gtest_maind - debug gmock_maind - optimized gtest - optimized gmock - optimized gtest_main - optimized gmock_main - pthread - dl - ) -endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") - -add_test(NAME sys_normalizer_unit_test - COMMAND sys_normalizer_unit_test) diff --git a/src/modules/inventory/tests/sysNormalizer/main.cpp b/src/modules/inventory/tests/sysNormalizer/main.cpp deleted file mode 100644 index fd7a178715..0000000000 --- a/src/modules/inventory/tests/sysNormalizer/main.cpp +++ /dev/null @@ -1,7 +0,0 @@ -#include "gtest/gtest.h" - -int main(int argc, char** argv) -{ - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} \ No newline at end of file diff --git a/src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.h b/src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.h deleted file mode 100644 index 8e166e7635..0000000000 --- a/src/modules/inventory/tests/sysNormalizer/sysNormalizer_test.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Wazuh SyscollectorNormalizer - * Copyright (C) 2015, Wazuh Inc. - * January 12, 2021. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#ifndef _SYS_NORMALIZER_TEST_H -#define _SYS_NORMALIZER_TEST_H -#include "gtest/gtest.h" -#include "gmock/gmock.h" - -class SysNormalizerTest : public ::testing::Test -{ - protected: - - SysNormalizerTest() = default; - virtual ~SysNormalizerTest() = default; - - void SetUp() override; - void TearDown() override; -}; - -#endif //_SYS_NORMALIZER_TEST_H \ No newline at end of file diff --git a/src/modules/inventory/testtool/CMakeLists.txt b/src/modules/inventory/testtool/CMakeLists.txt index 3dac44034f..a36c260e91 100644 --- a/src/modules/inventory/testtool/CMakeLists.txt +++ b/src/modules/inventory/testtool/CMakeLists.txt @@ -1,82 +1,45 @@ -cmake_minimum_required(VERSION 3.12.4) +cmake_minimum_required(VERSION 3.22) -project(syscollector_test_tool) - -include_directories(${CMAKE_SOURCE_DIR}/) -include_directories(${CMAKE_SOURCE_DIR}/testtool/) -include_directories(${SRC_FOLDER}/shared_modules/common/) -include_directories(${SRC_FOLDER}/shared_modules/dbsync/include/) -include_directories(${SRC_FOLDER}/shared_modules/rsync/include/) -include_directories(${SRC_FOLDER}/external/nlohmann/) -include_directories(${CMAKE_SOURCE_DIR}/src/) - -link_directories(${SRC_FOLDER}/shared_modules/dbsync/build/lib) -link_directories(${SRC_FOLDER}/shared_modules/rsync/build/lib) -link_directories(${SRC_FOLDER}/data_provider/build/lib) -link_directories(${SRC_FOLDER}/external/openssl/) -link_directories(${SRC_FOLDER}/external/procps/) +project(inventory_test_tool) if(COVERITY) add_definitions(-D__GNUC__=8) endif(COVERITY) add_definitions(-DWAZUH_UNIT_TESTING) -set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") - -if(FSANITIZE) - set(CMAKE_CXX_FLAGS_DEBUG "-fsanitize=address,leak,undefined") -endif(FSANITIZE) +if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + set(CMAKE_CXX_FLAGS "-g -Wall -Wextra -Wshadow -Wnon-virtual-dtor -Woverloaded-virtual -Wunused -Wcast-align -Wformat=2 -std=c++14 -pthread") + if(FSANITIZE) + set(CMAKE_CXX_FLAGS_DEBUG "-fsanitize=address,leak,undefined") + endif(FSANITIZE) +else() + set(CMAKE_CXX_FLAGS "/Zi /W4 /permissive- /std:c++14 /MT /EHsc") +endif() -file(GLOB SYSCOLLECTOR_TESTTOOL_SRC - "${CMAKE_SOURCE_DIR}/testtool/*.cpp" +file(GLOB INVENTORY_TESTTOOL_SRC + "${CMAKE_CURRENT_SOURCE_DIR}/*.cpp" ) -add_executable(syscollector_test_tool - ${SYSCOLLECTOR_TESTTOOL_SRC} +add_executable(inventory_test_tool + ${INVENTORY_TESTTOOL_SRC} ) if(CMAKE_SYSTEM_NAME STREQUAL "Windows") - target_link_libraries(syscollector_test_tool - rsync + target_link_libraries(inventory_test_tool dbsync sysinfo - syscollector + Inventory psapi iphlpapi - crypto - ssl ws2_32 crypt32 -static-libstdc++ ) -elseif (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") - target_link_libraries(syscollector_test_tool - rsync - dbsync - sysinfo - syscollector - pthread) -elseif (CMAKE_SYSTEM_NAME STREQUAL "AIX") - target_link_libraries(syscollector_test_tool - rsync - dbsync - sysinfo - syscollector - dl) else() - target_link_libraries(syscollector_test_tool - rsync + target_link_libraries(inventory_test_tool dbsync sysinfo - syscollector + Inventory dl - proc ) - - if(SOLARIS) - target_link_libraries(syscollector_test_tool - nsl - socket - ) - endif(SOLARIS) endif(CMAKE_SYSTEM_NAME STREQUAL "Windows") diff --git a/src/modules/inventory/testtool/Readme.md b/src/modules/inventory/testtool/Readme.md index 853893ff3e..56076ea49e 100644 --- a/src/modules/inventory/testtool/Readme.md +++ b/src/modules/inventory/testtool/Readme.md @@ -1,11 +1,11 @@ -# Syscollector Testing Tool +# Inventory Testing Tool ## Index 1. [Purpose](#purpose) 2. [Compile Wazuh](#compile-wazuh) 3. [How to use the tool](#how-to-use-the-tool) ## Purpose -The Syscollector Testing Tool was created to test and validate the data obtained by the module's execution. This tool works as a black box where an user will be able execute it and analyze the output data as desired. +The Inventory Testing Tool was created to test and validate the data obtained by the module's execution. This tool works as a black box where an user will be able execute it and analyze the output data as desired. ## Compile Wazuh In order compile the solution on a specific wazuh target, the project needs to be built either in release or debug mode. @@ -14,32 +14,32 @@ make TARGET=server|agent ``` ## How to use the tool -In order to run the `syscollector_test_tool` (located in `src/wazuh_modules/syscollector/build/bin` folder) utility the only step to be followed is just to execute the tool (without parameters): +In order to run the `inventory_test_tool` (located in `src/wazuh_modules/inventory/build/bin` folder) utility the only step to be followed is just to execute the tool (without parameters): ``` -./syscollector_test_tool +./inventory_test_tool ``` The information output will vary based on the Operating System the tool is being executed. A brief example could be similar to the following one: ``` -Syscollector started. +Inventory started. sync output payload: -{"component":"syscollector_hwinfo","data":{"begin":" ","checksum":"3db55e04fee8f5aa7419d8b9d4d1617a3b8fd2ef","end":" ","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_hwinfo","data":{"begin":" ","checksum":"3db55e04fee8f5aa7419d8b9d4d1617a3b8fd2ef","end":" ","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_osinfo","data":{"begin":"Ubuntu","checksum":"0c240d543ff8a7b79b5c2d0c4e2e29ca373ed307","end":"Ubuntu","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_osinfo","data":{"begin":"Ubuntu","checksum":"0c240d543ff8a7b79b5c2d0c4e2e29ca373ed307","end":"Ubuntu","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_network_iface","data":{"begin":"337c5c4e7d7cd33351bef413cfc2d6303f13e83e","checksum":"2c2e4ad6d01264dc57b2b3039e49a96ca1509330","end":"d131e91c2db8ceb58409fc3bb90aaeb4d1e4ec91","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_network_iface","data":{"begin":"337c5c4e7d7cd33351bef413cfc2d6303f13e83e","checksum":"2c2e4ad6d01264dc57b2b3039e49a96ca1509330","end":"d131e91c2db8ceb58409fc3bb90aaeb4d1e4ec91","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_network_protocol","data":{"begin":"0e1a576f6770c94e91a84fa0edfd614c6dc12a97","checksum":"2378bf6ee268515ac6cad0945e4a34be8dd631d5","end":"db5cc5ed93bcde1022fcc50aa26b9de65c1f15e2","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_network_protocol","data":{"begin":"0e1a576f6770c94e91a84fa0edfd614c6dc12a97","checksum":"2378bf6ee268515ac6cad0945e4a34be8dd631d5","end":"db5cc5ed93bcde1022fcc50aa26b9de65c1f15e2","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_network_address","data":{"begin":"2ccf6b2db44e65a68d86a6b9ef6f17a80a907569","checksum":"d41fee050466607400a5f290ed9b894029db85fc","end":"e9981f5ab4c34df5aa88d243e53b1d4426a0516b","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_network_address","data":{"begin":"2ccf6b2db44e65a68d86a6b9ef6f17a80a907569","checksum":"d41fee050466607400a5f290ed9b894029db85fc","end":"e9981f5ab4c34df5aa88d243e53b1d4426a0516b","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_packages","data":{"begin":"003015c0ebad681afe5d952aefdd4b4594c5582f","checksum":"d7f1fddc385a2b2ed217d4e4f69d8dea91c59b3b","end":"fff4269c511fbd018de2f99a51418cb7df642b5d","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_packages","data":{"begin":"003015c0ebad681afe5d952aefdd4b4594c5582f","checksum":"d7f1fddc385a2b2ed217d4e4f69d8dea91c59b3b","end":"fff4269c511fbd018de2f99a51418cb7df642b5d","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_hotfixes","data":{"id":1612989513},"type":"integrity_clear"} +{"component":"inventory_hotfixes","data":{"id":1612989513},"type":"integrity_clear"} sync output payload: -{"component":"syscollector_ports","data":{"begin":"0314f72c149cf5039a8b5600bfd37c84cc7ec864","checksum":"5e7653d32d990ee20d8721c5d364031d81a24ea9","end":"e4275099e8eda9a6361665b27d166208ac573609","id":1612989513},"type":"integrity_check_global"} +{"component":"inventort_ports","data":{"begin":"0314f72c149cf5039a8b5600bfd37c84cc7ec864","checksum":"5e7653d32d990ee20d8721c5d364031d81a24ea9","end":"e4275099e8eda9a6361665b27d166208ac573609","id":1612989513},"type":"integrity_check_global"} sync output payload: -{"component":"syscollector_processes","data":{"begin":"1","checksum":"57e84d8e1c7b05489f68e5e013db408f5ef2abbd","end":"984","id":1612989513},"type":"integrity_check_global"} +{"component":"inventory_processes","data":{"begin":"1","checksum":"57e84d8e1c7b05489f68e5e013db408f5ef2abbd","end":"984","id":1612989513},"type":"integrity_check_global"} ``` diff --git a/src/modules/inventory/testtool/main.cpp b/src/modules/inventory/testtool/main.cpp index 3c69a863d9..656e50503c 100644 --- a/src/modules/inventory/testtool/main.cpp +++ b/src/modules/inventory/testtool/main.cpp @@ -1,24 +1,10 @@ -/* - * Wazuh SysCollector Test tool - * Copyright (C) 2015, Wazuh Inc. - * October 7, 2020. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - #include #include #include #include #include -#include "defs.h" -#include "dbsync.hpp" -#include "rsync.hpp" -#include "sysInfo.hpp" -#include "syscollector.hpp" +#include +#include constexpr int DEFAULT_SLEEP_TIME { 60 }; @@ -26,6 +12,7 @@ int main(int argc, const char* argv[]) { auto timedMainLoop { false }; auto sleepTime { DEFAULT_SLEEP_TIME }; + std::shared_ptr configurationParser; if (2 == argc) { @@ -40,49 +27,8 @@ int main(int argc, const char* argv[]) return -1; } - const auto reportDiffFunction - { - [](const std::string & payload) - { - std::cout << "diff output payload:" << std::endl; - std::cout << payload << std::endl; - } - }; - const auto reportSyncFunction - { - [](const std::string & payload) - { - std::cout << "sync output payload:" << std::endl; - std::cout << payload << std::endl; - } - }; - - const auto logFunction - { - [](const modules_log_level_t level, const std::string & log) - { - static const std::map s_logStringMap - { - {LOG_ERROR, "ERROR"}, - {LOG_INFO, "INFO"}, - {LOG_DEBUG, "DEBUG"}, - {LOG_DEBUG_VERBOSE, "DEBUG2"} - }; - std::cout << s_logStringMap.at(level) << ": " << log << std::endl; - } - }; - - const auto logErrorFunction - { - [](const std::string & log) - { - std::cout << "ERROR: " << log << std::endl; - } - }; - - const auto spInfo{ std::make_shared() }; - RemoteSync::initialize(logErrorFunction); - DBSync::initialize(logErrorFunction); + configurationParser = std::make_shared(); + Inventory::Instance().Setup(configurationParser); try { @@ -99,27 +45,11 @@ int main(int argc, const char* argv[]) std::this_thread::sleep_for(std::chrono::seconds(sleepTime)); } - Syscollector::instance().destroy(); + Inventory::Instance().Stop(); } }; - Syscollector::instance().init(spInfo, - reportDiffFunction, - reportSyncFunction, - logFunction, - SYSCOLLECTOR_DB_DISK_PATH, - SYSCOLLECTOR_NORM_CONFIG_DISK_PATH, - SYSCOLLECTOR_NORM_TYPE, - 15ul, - true, - true, - true, - true, - true, - true, - true, - true, - true); + Inventory::Instance().Start(); if (thread.joinable()) { @@ -131,7 +61,5 @@ int main(int argc, const char* argv[]) std::cout << ex.what() << std::endl; } - RemoteSync::teardown(); - DBSync::teardown(); return 0; } diff --git a/src/modules/logcollector/CMakeLists.txt b/src/modules/logcollector/CMakeLists.txt index e69de29bb2..e776954929 100644 --- a/src/modules/logcollector/CMakeLists.txt +++ b/src/modules/logcollector/CMakeLists.txt @@ -0,0 +1,56 @@ +cmake_minimum_required(VERSION 3.22) + +set(CMAKE_TOOLCHAIN_FILE "${CMAKE_SOURCE_DIR}/../../vcpkg/scripts/buildsystems/vcpkg.cmake") +set(VCPKG_MANIFEST_DIR ${CMAKE_SOURCE_DIR}/../../) + +project(Logcollector) + +include(../../cmake/CommonSettings.cmake) +set_common_settings() + +set(CMAKE_POSITION_INDEPENDENT_CODE ON) + +get_filename_component(SRC_FOLDER ${CMAKE_CURRENT_SOURCE_DIR}/../../ ABSOLUTE) +get_filename_component(COMMON_FOLDER ${SRC_FOLDER}/common/ ABSOLUTE) + +find_package(cJSON CONFIG REQUIRED) +find_package(nlohmann_json CONFIG REQUIRED) +find_package(OpenSSL REQUIRED) +find_package(Boost REQUIRED COMPONENTS asio system) + +if(WIN32) + FILE(GLOB EXCLUDED_SOURCES src/*_unix.cpp) +else() + FILE(GLOB EXCLUDED_SOURCES src/*_win.cpp) +endif() + +FILE(GLOB LOGCOLLECTOR_SOURCES src/*.cpp) +list(REMOVE_ITEM LOGCOLLECTOR_SOURCES ${EXCLUDED_SOURCES}) + +add_library(Logcollector ${LOGCOLLECTOR_SOURCES}) + +target_include_directories(Logcollector PUBLIC + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${CMAKE_CURRENT_SOURCE_DIR}/../include + ${COMMON_FOLDER}) + +target_link_libraries(Logcollector + PUBLIC + ConfigurationParser + MultiTypeQueue + ModuleCommand + Config + Boost::asio + Boost::system + nlohmann_json::nlohmann_json + PRIVATE + Logger +) + +include(../../cmake/ConfigureTarget.cmake) +configure_target(Logcollector) + +if(BUILD_TESTS) + enable_testing() + add_subdirectory(tests) +endif() diff --git a/src/modules/logcollector/README.md b/src/modules/logcollector/README.md new file mode 100644 index 0000000000..e6d371686a --- /dev/null +++ b/src/modules/logcollector/README.md @@ -0,0 +1,184 @@ +# Logcollector Module + +## Introduction + +Logcollector is the agent module that adds the ability to collect system logs, +both by reading plain text files and by collecting messages from the operating +system API. + +## Settings + +### Sample + +```yaml +logcollector: + enabled: true + file: + - location: /var/log/*.log + age: 1d + delim-regex: "\n" + use-bookmark: true + windows: + - channel: Application + query: Event[System/EventID = 4624] + use-bookmark: true + reconnect-time: 5s + journald: + - filter: + - field: "_SYSTEMD_UNIT" + query: ^ssh.service$ + - field: PRIORITY + query: "[0-3]" + ignore-missing: true + use-bookmark: true + macos: + - query: process == "sshd" OR message CONTAINS "invalid" + use-bookmark: true +``` + +### Reference + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +||`enabled`|Sets the module as enabled.|yes| + +#### File Collector + +```yaml +- file: +``` + +The File collector handles plain-text log files. + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +|✔ï¸|`location`|Path to the file. Wildcards are supported.|| +||`age`|Collect logs from files more recent than this parameter.|`0`| +||`delim-regex`|Regex to delimit logs within the file.|`\n`| +||`use-bookmark`|Whether the agent should jump to the latest line read on startup.|`yes`| + +#### Journald Collector + +```yaml +- journald: +``` + +This collector gets logs from Journald on Linux. + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +||`filter`|(Array) Log matching criteria.|| +||`use-bookmark`|Whether the agent should jump to the latest line read on startup.|`yes`| + +##### filter + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +|✔ï¸|`field`|Name of the field.|| +|✔ï¸|`query`|Regex that the selected field in the log must match.|| +||`ignore-missing`|Accept the log if the selected field is missing.|`yes`| + +#### Windows Collector + +```yaml +- windows: +``` + +This collector gets logs from the Windows Event Viewer. + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +|✔ï¸|`channel`|Log channel name.|| +||`query`|Query string to filter logs. XPATH and QueryLists supported.| +||`use-bookmark`|Whether the agent should jump to the latest line read on startup.|`yes`| +||`reconnect-time`|Interval of reconnection attempts to the Windows Event API.|`5s`| + +#### macOS (ULS) Collector + +```yaml +- macos: +``` + +This collector gets logs from macOS through the Unified Logging System. + +|Mandatory|Option|Description|Default| +|:-:|--|--|--| +||`query`|Query string to filter logs.| +||`use-bookmark`|Whether the agent should jump to the latest line read on startup.|`yes`| + +## Class Diagram + +```mermaid +classDiagram + class ModuleWrapper + class Logcollector { + - enabled : bool + - queue : MultiTypeQueue + + start() + + setup(ConfigurationParser) + + stop() + + executeCommand(CommandResult(string)) + + name() : string + + setMessageQueue(queue) + } + class IReader { + + run() + } + class FileReader { + - queue : Queue + - store : Store + - fileGlob : string + - age : int + - delimRegex : string + - useBookmark : bool + + FileReader(queue, store, fileGlob, age, delimRegex, useBookmark) + + run() + - reload() + } + class LocalFile { + + LocalFile(path) + + path : string + + offset : int + + inode : int + } + class JournaldReader { + - queue : Queue + - store : Store + - useBookmark : bool + + JournalReader(queue, store, useBookmark) + + addFilter(filter) + + run() + } + class JournaldFilter { + + field : string + + query : string + + ignoreMissing : bool + } + class WindowsEventReader { + - queue : Queue + - store : Store + - channel : string + - query : string + - useBookmark : bool + - reconnectTime : int + + WindowsEventReader(queue, store, channel, query, useBookmark, reconnectTime) + + run() + - reconnect() + } + class AppleReader { + - queue : Queue + - store : Store + - query : string + - useBookmark : bool + + AppleReader(queue, store, query, useBookmark) + + run() + } + ModuleWrapper <-- Logcollector + Logcollector o-- IReader + IReader <|-- FileReader + IReader <|-- JournaldReader + IReader <|-- WindowsEventReader + IReader <|-- AppleReader + FileReader o-- LocalFile + JournaldReader o-- JournaldFilter +``` diff --git a/src/modules/logcollector/include/journal_log.h b/src/modules/logcollector/include/journal_log.h deleted file mode 100644 index 56b3206407..0000000000 --- a/src/modules/logcollector/include/journal_log.h +++ /dev/null @@ -1,190 +0,0 @@ -#ifndef w_journal_H -#define w_journal_H - -#include -#include "../config/localfile-config.h" - -#include "cJSON.h" -#include "expression.h" - -/******************************************************************************* - * NOTE: This module is not thread-safe. - * - * This library is used to interact with the journal log through the sd_journal - * library. - * All functions listed here are thread-agnostic and only a single specific - * thread may operate on a given object during its entire lifetime. - * It's safe to allocate multiple independent objects and use each from a - * specific thread in parallel. - * However, it's not safe to allocate such an object in one thread, and operate - * or free it from any other, even if locking is used to ensure these threads - * don't operate on it at the very same time. - * The library tries to dinamically load the sd_journal library, so it's not - * necessary to link it at compile time. - * All functions are added in version 187 unless otherwise noted. - *******************************************************************************/ - -/********************************************************** - * Journald library related - ***********************************************************/ -typedef struct sd_journal sd_journal; ///< sd_journal type -typedef struct w_journal_lib_t w_journal_lib_t; ///< Journal library functions - -/********************************************************** - * Context related - ***********************************************************/ - -/** - * @brief Journal log context - */ -typedef struct { - w_journal_lib_t * lib; ///< Journal functions - sd_journal * journal; ///< Journal context - uint64_t timestamp; ///< Last timestamp processed (__REALTIME_TIMESTAMP) -} w_journal_context_t; - -/** - * @brief Get a new journal log context - * - * The caller is responsible for freeing the returned context. - * @param ctx Journal log context - * @return int 0 on success or -1 on error - * @note The context should be created and used by a single thread only. - */ -int w_journal_context_create(w_journal_context_t ** ctx); - -/** - * @brief Free the journal log context and all its resources - * - * The context pointer is invalid after the call. - * @param ctx Journal log context - */ -void w_journal_context_free(w_journal_context_t * ctx); - -/** - * @brief Try update the timestamp in the journal log context with the timestamp of the current entry - * - * If failed to get the timestamp, the timestamp updated with the current time. - * @param ctx Journal log context - */ -void w_journal_context_update_timestamp(w_journal_context_t * ctx); - -/** - * @brief Move the cursor to the most recent entry - * - * @param ctx Journal log context - * @return int 0 on success or a negative errno-style error code. - * @note This function is not thread-safe. - * - */ -int w_journal_context_seek_most_recent(w_journal_context_t * ctx); - -/** - * @brief Move the cursor to the entry with the specified timestamp or the next newer entry available. - * - * If the timestamp is in the future or 0, the cursor is moved most recent entry. - * If the timestamp is older than the oldest available entry, the cursor is moved to the oldest entry. - * @param ctx Journal log context - * @param timestamp The timestamp to seek - * @return int 0 on success or a negative errno-style error code. - */ -int w_journal_context_seek_timestamp(w_journal_context_t * ctx, uint64_t timestamp); - -/** - * @brief Move the cursor to the next newest entry - * - * @param ctx Journal log context - * @return int 0 no more entries or a negative errno-style error code. - * @note This function is not thread-safe. - */ -int w_journal_context_next_newest(w_journal_context_t * ctx); - -/** - * @brief Move the cursor to the next newest entry that matches the filters - * - * If filters is NULL, the function will return the next newest entry. - * If filters is not NULL, the function will return the next newest entry that matches the filters. - * If no entry matches the filters, the function will return 0, but the cursor will be moved to the next newest entry. - * @param ctx Journal log context - * @param filters The filters to match - * @return int 0 no more entries or a negative errno-style error code. - */ -int w_journal_context_next_newest_filtered(w_journal_context_t * ctx, w_journal_filters_list_t filters); - -/** - * @brief Get the oldest accessible timestamp in the journal (__REALTIME_TIMESTAMP) - * - * @param ctx Journal log context - * @param timestamp The oldest timestamp - * @return int 0 on success or a negative errno-style error code. - * @note This function is not thread-safe. - */ -int w_journal_context_get_oldest_timestamp(w_journal_context_t * ctx, uint64_t * timestamp); - -/********************************************************** - * Entry related - **********************************************************/ -/** - * @brief Determine the types of dump of a journal log entry - */ -typedef enum { - W_JOURNAL_ENTRY_DUMP_TYPE_INVALID = -1, ///< Invalid dump type - W_JOURNAL_ENTRY_DUMP_TYPE_JSON, ///< JSON dump - W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG, ///< Syslog dump -} w_journal_entry_dump_type_t; - -/** - * @brief Represents a dump of a journal log entry - */ -typedef struct { - w_journal_entry_dump_type_t type; ///< Dump type - union { - cJSON * json; ///< JSON dump - char * syslog; ///< Syslog dump - } data; ///< Dump data - uint64_t timestamp; ///< Indexing timestamp (__REALTIME_TIMESTAMP) -} w_journal_entry_t; - -/** - * @brief Create the entry from the current entry in the journal log context - * - * The caller is responsible for freeing the returned entry. - * @param ctx Journal log context - * @param type The type of dump - * @return w_journal_entry_t* The current entry or NULL on error - * @note This function is not thread-safe. - */ -w_journal_entry_t * w_journal_entry_dump(w_journal_context_t * ctx, w_journal_entry_dump_type_t type); - -/** - * @brief Free the entry and all its resources, - * - * The entry pointer is invalid after the call. - * @param entry Journal log entry - */ -void w_journal_entry_free(w_journal_entry_t * entry); - -/** - * @brief Dump the current entry to a string representation - * - * The caller is responsible for freeing the returned string. - * @param entry Journal log entry - * @return char* The string representation of the entry or NULL on error - */ -char * w_journal_entry_to_string(w_journal_entry_t * entry); - -/********************************************************** - * Filter related - **********************************************************/ - -/** - * @brief Apply the filter to the journal log context - * - * The filter will be applied to the journal log context. - * @param ctx Journal log context - * @param filter Journal log filter - * @return int positive number of entries matched, 0 if no entries matched, or a negative errno-style error code. - */ -int w_journal_filter_apply(w_journal_context_t * ctx, w_journal_filter_t * filter); - -#endif // w_journal_H diff --git a/src/modules/logcollector/include/logcollector.h b/src/modules/logcollector/include/logcollector.h deleted file mode 100644 index 6d117bfa60..0000000000 --- a/src/modules/logcollector/include/logcollector.h +++ /dev/null @@ -1,355 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef LOGREADER_H -#define LOGREADER_H - -#ifndef ARGV0 -#define ARGV0 "wazuh-logcollector" -#endif - -#define N_MIN_INPUT_THREADS 1 -#define N_OUPUT_THREADS 1 -#define OUTPUT_MIN_QUEUE_SIZE 128 -#define WIN32_MAX_FILES 200 - -///< Size of hash table to save the status file -#define LOCALFILES_TABLE_SIZE 40 - -///< JSON path wich contains the files position of last read -#ifdef WIN32 -#define LOCALFILE_STATUS "queue\\logcollector\\file_status.json" -#else -#define LOCALFILE_STATUS "queue/logcollector/file_status.json" -#endif - -///< JSON fields for file_status -#define OS_LOGCOLLECTOR_JSON_FILES "files" -#define OS_LOGCOLLECTOR_JSON_PATH "path" -#define OS_LOGCOLLECTOR_JSON_HASH "hash" -#define OS_LOGCOLLECTOR_JSON_OFFSET "offset" - - -#include "shared.h" -#include "../config/localfile-config.h" -#include "../config/config.h" -#include "../os_crypto/sha1/sha1_op.h" -#include "macos_log.h" - - -/*** Function prototypes ***/ - -/* Read logcollector config */ -int LogCollectorConfig(const char *cfgfile); - -/* Parse read config into JSON format */ -cJSON *getLocalfileConfig(void); -cJSON *getSocketConfig(void); -cJSON *getLogcollectorInternalOptions(void); - -/* Start log collector daemon */ -void LogCollectorStart(void) __attribute__((noreturn)); - -/* Handle files */ -int handle_file(int i, int j, int do_fseek, int do_log); - -/* Reload file: open after close, and restore position */ -int reload_file(logreader * lf); - -/* Close file and save position */ -void close_file(logreader * lf); - -/* Read syslog file */ -void *read_syslog(logreader *lf, int *rc, int drop_it); - -#ifdef WIN32 -/* Read ucs2 LE file*/ -void *read_ucs2_le(logreader *lf, int *rc, int drop_it); - -/* Read ucs2 BE file */ -void *read_ucs2_be(logreader *lf, int *rc, int drop_it); -#endif - -/* Read snort full file */ -void *read_snortfull(logreader *lf, int *rc, int drop_it); - -/* Read ossec alert file */ -void *read_ossecalert(logreader *lf, int *rc, int drop_it); - -/* Read nmap grepable format */ -void *read_nmapg(logreader *lf, int *rc, int drop_it); - -/* Read mysql log format */ -void *read_mysql_log(logreader *lf, int *rc, int drop_it); - -/* Read mysql log format */ -void *read_mssql_log(logreader *lf, int *rc, int drop_it); - -/* Read postgresql log format */ -void *read_postgresql_log(logreader *lf, int *rc, int drop_it); - -/* Read multi line logs */ -void *read_multiline(logreader *lf, int *rc, int drop_it); - -/** - * @brief Check if any logs should be ignored - * - * @param ignore_exp List of ignore regex expressions to be checked - * @param restrict_exp List of restrict regex expressions to be checked - * @param log_line Log where to search for a match - * @return 0 if log should be processed, 1 if log should be ignored - */ -int check_ignore_and_restrict(OSList * ignore_exp, OSList * restrict_exp, const char *log_line); - -/** - * @brief Read multi line logs with variable lenght - * - * @param lf status and configuration of the log file - * @param rc output parameter, returns zero - * @param drop_it if drop_it is different from 0, the logs will be read and discarded - * @return NULL - */ -void *read_multiline_regex(logreader *lf, int *rc, int drop_it); - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) -/** - * @brief Read macOS log process output - * - * @param lf status and configuration of the macOS instance - * @param rc output parameter, returns zero - * @param drop_it if drop_it is different from 0, the logs will be read and discarded - * @return NULL - */ -void *read_macos(logreader *lf, int *rc, int drop_it); -#endif - -#ifdef __linux__ -/** - * @brief Read journald logs - * - * @param lf status and configuration of the log file - * @param rc output parameter, returns zero - * @param drop_it if drop_it is different from 0, the logs will be read and discarded - * @return NULL - */ -void *read_journald(logreader *lf, int *rc, int drop_it); - -/** - * @brief Check if journald can be read for a specific id - * - * If the journal is not opened, the the function try to open it, returning false if it fails and true if it succeeds. - * The function sets the id as the owner of the journal. - * If the journal is opened, the function checks if the id is the owner of the journal, - * returning true if it is, and false if it is not. - * @param id the id to be checked - * @return true if the id is the owner of the journal, false otherwise - * @note This function is not thread-safe. - */ -bool w_journald_can_read(unsigned long id); - -/** - * @brief Set the only future events flag to the journal log context - * @param ofe True if only future events should be read, false otherwise - */ -void w_journald_set_ofe(bool ofe); - -/** - * @brief Set the status of the journal log from a JSON object (timestamp to start reading) - * - * @param global_json JSON object containing the journal log status - */ -void w_journald_set_status_from_JSON(cJSON * global_json); - -/** - * @brief Get the status of the journal log as a JSON object - * - * @return JSON object containing the journal log status - */ -cJSON * w_journald_get_status_as_JSON(); - -#endif - -/* Read DJB multilog format */ -/* Initializes multilog */ -int init_djbmultilog(logreader *lf); -void *read_djbmultilog(logreader *lf, int *rc, int drop_it); - -/* Read events from output of command */ -void *read_command(logreader *lf, int *rc, int drop_it); -void *read_fullcommand(logreader *lf, int *rc, int drop_it); - -/* Read auditd events */ -void *read_audit(logreader *lf, int *rc, int drop_it); - -/* Read json events */ -void *read_json(logreader *lf, int *rc, int drop_it); - -#ifdef WIN32 -void win_startel(); -void win_readel(); -void win_read_vista_sec(); -int win_start_event_channel(char *evt_log, char future, char *query, int reconnect_time); -void win_format_event_string(char *string); -#endif - -#ifndef WIN32 -// Com request thread dispatcher -void * lccom_main(void * arg); -#endif -size_t lccom_dispatch(char * command, char ** output); -size_t lccom_getconfig(const char * section, char ** output); -size_t lccom_getstate(char ** output, bool getNextPage); - -/*** Global variables ***/ -extern int loop_timeout; -extern int logr_queue; -extern int open_file_attempts; -extern logreader *logff; -extern logreader_glob *globs; -extern socket_forwarder *logsk; -extern int vcheck_files; -extern int maximum_lines; -extern socket_forwarder default_agent; -extern int force_reload; -extern int reload_interval; -extern int reload_delay; -extern int free_excluded_files_interval; -extern int state_interval; - -typedef enum { - CONTINUE_IT, - NEXT_IT, - LEAVE_IT -} IT_control; - -/* Message queue */ -typedef struct w_msg_queue_t{ - w_queue_t *msg_queue; - pthread_mutex_t mutex; - pthread_cond_t available; -} w_msg_queue_t; - - -/* Hash table of queues */ -extern OSHash * msg_queues_table; - -/* Message structure */ -typedef struct w_message_t { - char *file; - char *buffer; - char queue_mq; - unsigned int size; - logtarget *log_target; -} w_message_t; - - -/* Input thread range */ -typedef struct w_input_range_t{ - int start_i; - int start_j; - int end_i; - int end_j; -} w_input_range_t; - -///< Struct to save the position of last line read and the SHA1 hash content -typedef struct file_status { - int64_t offset; ///< Position to read - EVP_MD_CTX *context; ///< It stores the hashed data calculated so far - os_sha1 hash; ///< Content file SHA1 hash -} os_file_status_t; - -extern w_input_range_t *w_input_threads_range; - -/* Init queue hash table */ -void w_msg_hash_queues_init(); - -/* Add entry to queue hash table */ -int w_msg_hash_queues_add_entry(const char *key); - -/* Push message into the hash queue */ -int w_msg_hash_queues_push(const char *str, char *file, unsigned long size, logtarget * targets, char queue_mq); - -/* Push message into the queue */ -int w_msg_queue_push(w_msg_queue_t * msg, const char * buffer, char *file, unsigned long size, logtarget * log_target, char queue_mq); - -/* Pop message from the queue */ -w_message_t * w_msg_queue_pop(w_msg_queue_t * queue); - -/* Output processing thread*/ -#ifdef WIN32 -DWORD WINAPI w_output_thread(void * args); -#else -void * w_output_thread(void * args); -#endif - -/* Prepare pool of output threads */ -void w_create_output_threads(); - -/* Input processing thread */ -#ifdef WIN32 -DWORD WINAPI w_input_thread(__attribute__((unused)) void * t_id); -#else -void * w_input_thread(__attribute__((unused)) void * t_id); -#endif - -/* Prepare pool of input threads */ -void w_create_input_threads(); - -/* Set mutexes for each file */ -void w_set_file_mutexes(); - -/* Read stop signal from reader threads */ -int can_read(); - -/** - * @brief Update the read position in file status hash table - * @param path the path is the hash key - * @param pos new read position - * @param context EVP_MD_CTX context. - * @return 0 on succes, otherwise -1 - */ -int w_update_file_status(const char * path, int64_t pos, EVP_MD_CTX *context); - -/** - * @brief Get EVP_MD_CTX context or initialize it - * @param lf Structure that contains file information, with `fd` and `file` non-null. - * @param context EVP_MD_CTX context. - * @param position end file position. - * @return true if returns a valid context, false in otherwise. - */ -bool w_get_hash_context(logreader *lf, EVP_MD_CTX **context, int64_t position); - -extern int sample_log_length; -extern int lc_debug_level; -extern int accept_remote; -extern int N_INPUT_THREADS; -extern int OUTPUT_QUEUE_SIZE; -#ifndef WIN32 -extern rlim_t nofile; -#endif - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) -/** - * @brief This function is called to release macOS log's "show" and/or "stream" resources - */ -void w_macos_release_log_execution(void); - -/** - * @brief This function is called to release macOS log's "show" resources - */ -void w_macos_release_log_show(void); - -/** - * @brief This function is called to release macOS log's "stream" resources - */ -void w_macos_release_log_stream(void); -#endif - -#endif /* LOGREADER_H */ diff --git a/src/modules/logcollector/include/logcollector.hpp b/src/modules/logcollector/include/logcollector.hpp new file mode 100644 index 0000000000..be5c0b809c --- /dev/null +++ b/src/modules/logcollector/include/logcollector.hpp @@ -0,0 +1,101 @@ +#pragma once + +#include +#include + +#include + +#include +#include + +namespace logcollector { + +/// @brief Interface for log readers +class IReader; + +/// @brief Logcollector module class +/// +/// This module is responsible for collecting logs from various sources and processing them. +class Logcollector { +public: + /// @brief Starts the module + void Start(); + + /// @brief Configures the module + /// @param configurationParser Configuration parser + void Setup(std::shared_ptr configurationParser); + + /// @brief Stops the module + void Stop(); + + /// @brief Executes a command + /// @param command Command to execute + /// @param parameters A json object containing the parameters of the command to be executed + /// @return Awaitable (coroutine) which will return the result of the command execution + Co_CommandExecutionResult ExecuteCommand(const std::string command, const nlohmann::json parameters); + + /// @brief Gets the name of the Logcollector module + /// @return Name of the module + const std::string& Name() const { return m_moduleName; }; + + /// @brief Sets the push message function + /// @param pushMessage Push message function + void SetPushMessageFunction(const std::function& pushMessage); + + /// @brief Sends a message to que queue + /// @param location Location of the message + /// @param log Message to send + /// @param collectorType type of logcollector + /// @pre The message queue must be set with SetMessageQueue + virtual void SendMessage(const std::string& location, const std::string& log, const std::string& collectorType); + + /// @brief Enqueues an ASIO task (coroutine) + /// @param task Task to enqueue + virtual void EnqueueTask(boost::asio::awaitable task); + + /// @brief Adds a reader + /// @param reader Reader to add + virtual void AddReader(std::shared_ptr reader); + + /// @brief Waits for a specified amount of time + /// + /// @param ms Time to wait in milliseconds + boost::asio::awaitable Wait(std::chrono::milliseconds ms); + + /// @brief Gets the instance of the Logcollector module + /// @return Instance of the Logcollector module + static Logcollector& Instance() + { + static Logcollector s_instance; + return s_instance; + } + +protected: + /// @brief Constructor + Logcollector() { } + + /// @brief Destructor + virtual ~Logcollector() = default; + + /// @brief Sets up the file reader + /// @param configurationParser Configuration parser + void SetupFileReader(const std::shared_ptr configurationParser); + +private: + /// @brief Module name + const std::string m_moduleName = "logcollector"; + + /// @brief Is the module enabled + bool m_enabled = true; + + /// @brief Push message function + std::function m_pushMessage; + + /// @brief Boost ASIO context + boost::asio::io_context m_ioContext; + + /// @brief List of readers + std::list> m_readers; +}; + +} diff --git a/src/modules/logcollector/include/macos_log.h b/src/modules/logcollector/include/macos_log.h deleted file mode 100644 index 1b958e7c04..0000000000 --- a/src/modules/logcollector/include/macos_log.h +++ /dev/null @@ -1,174 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef MACOS_LOG_H -#define MACOS_LOG_H - -/* ****************** INCLUDES ****************** */ - -#include "shared.h" -#include "../config/localfile-config.h" -#include "sysinfo_utils.h" - -/* ****************** DEFINES ****************** */ - -#define MACOS_LOG_NAME "macos" ///< Name to be displayed in the localfile' statistics - -#define LOG_CMD_STR "/usr/bin/log" ///< It is the name of the command used to collect macos' logs - -#define LOG_STREAM_OPT_STR "stream" ///< "stream" is a mode in which the "log" command can be executed -#define LOG_SHOW_OPT_STR "show" ///< "show" is a mode in which the "log" command can be executed - -#define STYLE_OPT_STR "--style" ///< This precedes the logs' output style to be used by "log stream" -#define SYSLOG_STR "syslog" ///< This is the style chosen to show the "log stream" output - -#define PREDICATE_OPT_STR "--predicate" ///< This precedes the "query" filter to be used by "log stream" -#define TYPE_OPT_STR "--type" ///< This precedes a "type" filter to be used by "log stream" -#define LEVEL_OPT_STR "--level" ///< This precedes the "level" filter to be used by "log stream" - -#define SHOW_INFO_OPT_STR "--info" ///< Option to acquire up to the intermediate macOS log level -#define SHOW_DEBUG_OPT_STR "--debug" ///< Option to acquire all the macOS log levels - -#define SHOW_START_OPT_STR "--start" ///< This option precedes the starting date to be used by "log show" - -#define SHOW_TYPE_ACTIVITY_STR "eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent" -#define SHOW_TYPE_LOG_STR "eventType == logEvent" -#define SHOW_TYPE_TRACE_STR "eventType == traceEvent" -#define SHOW_OR_TYPE_LOG_STR " OR eventType == logEvent" -#define SHOW_OR_TYPE_TRACE_STR " OR eventType == traceEvent" - -#define MAX_LOG_CMD_ARGS 17 -#define MAX_LOG_STREAM_CMD_ARGS MAX_LOG_CMD_ARGS ///< This value takes into account the largest case of use -#define MAX_LOG_SHOW_CMD_ARGS MAX_LOG_CMD_ARGS ///< This value takes into account the largest case of use - -#define QUERY_AND_TYPE_PREDICATE "( %s ) AND ( %s )" - -#define MACOS_LOG_SHOW_CHILD_EXITED LOGCOLLECTOR_MACOS_LOG_CHILD_EXITED,"show" -#define MACOS_LOG_STREAM_CHILD_EXITED LOGCOLLECTOR_MACOS_LOG_CHILD_EXITED,"stream" - -#define MACOS_SIERRA_CODENAME_STR "Sierra" ///< String to compare macOS version -#define SCRIPT_CMD_STR "/usr/bin/script" ///< `script` tool path -#define SCRIPT_CMD_ARGS "-q" ///< `script` tool quiet argument -#define SCRIPT_CMD_SINK "/dev/null" ///> `script` tool output redirection - - -///< macOS ULS milliseconds lenght i.e .123456 -#define OS_LOGCOLLECTOR_TIMESTAMP_MS_LEN 7 -///< macOS ULS timezone lenght i.e -0700 -#define OS_LOGCOLLECTOR_TIMESTAMP_TZ_LEN 5 -///< macOS ULS basic timestamp lenght i.e 2021-04-27 08:07:20 -#define OS_LOGCOLLECTOR_TIMESTAMP_BASIC_LEN 19 -///< macOS ULS short timestamp lenght i.e 2021-04-27 08:07:20-0700 -#define OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN OS_LOGCOLLECTOR_TIMESTAMP_BASIC_LEN + OS_LOGCOLLECTOR_TIMESTAMP_TZ_LEN -///< macOS ULS full timestamp lenght i.e 2020-11-09 05:45:08.000000-0800 -#define OS_LOGCOLLECTOR_TIMESTAMP_FULL_LEN OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN + OS_LOGCOLLECTOR_TIMESTAMP_MS_LEN -///< JSON fields for file_status related to macOS ULS -#define OS_LOGCOLLECTOR_JSON_MACOS MACOS_LOG_NAME -#define OS_LOGCOLLECTOR_JSON_TIMESTAMP "timestamp" -#define OS_LOGCOLLECTOR_JSON_SETTINGS "settings" - -/* ****************** DATATYPES ****************** */ - -/** - * @brief Stores the configuration of the `log` call for the next startup (only future events) - */ -typedef struct { - pthread_rwlock_t mutex; ///< Prevent the RC on this structure - char timestamp[OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN + 1]; ///< Timestamp of last log received - char * settings; ///< `log` command arguments - bool is_valid_data; ///< false when log was called with an invalid predicate -} w_macos_log_vault_t; - -/* ****************** PROTOTYPES ****************** */ - -/** - * @brief Creates the environment for collecting logs on macOS Systems - * @param current logreader structure with `log`'s input arguments and w_macos_log_config_t structure to be set - * @param global_sysinfo sysinfo reference used to get useful information - */ -void w_macos_create_log_env(logreader * lf, w_sysinfo_helpers_t * global_sysinfo); - -/** - * @brief Set string containing the last recorded timestamp. - * - * @param timestamp macOS ULS short timestamp - */ -void w_macos_set_last_log_timestamp(char * timestamp); - -/** - * @brief Set string containing the last macOS ULS settings used. - * - * @param predicate macOS ULS settings - */ -void w_macos_set_log_settings(char * settings); - -/** - * @brief Get string containing the last recorded timestamp. - * - * @return Allocated string containing last recorded timestamp. NULL otherwise - */ -char * w_macos_get_last_log_timestamp(void); - -/** - * @brief Get string containing the last macOS ULS settings used. - * - * @return Allocated string containing last macOS ULS settings used. NULL otherwise - */ -char * w_macos_get_log_settings(void); - -/** - * @brief Get macos vault as JSON - * - * @return cJSON* macos vault - */ -cJSON * w_macos_get_status_as_JSON(void); - -/** - * @brief Set macos vault from JSON - * - * @param global_json JSON object containing macos vault information - */ -void w_macos_set_status_from_JSON(cJSON * global_json); - -/** - * @brief Check if curret macOS codename is Sierra - * - * @return true if Sierra. false otherwise - */ -bool w_is_macos_sierra(); - -/** - * @brief Get first child process found - * - * @param parent_pid parent pid - * @return pid_t found child. Zero otherwise - */ -pid_t w_get_first_child(pid_t parent_pid); - -/** - * @brief Sets the validity of the \ref macos_log_vault data. - * - * Enables or disables the generation of the json object with the macOS log status. - * \ref w_macos_get_status_as_JSON. - * @param is_valid true if generates the JSON - */ -void w_macos_set_is_valid_data(bool is_valid); - -/** - * @brief Gets the validity of the \ref macos_log_vault data - * - * @return true if valid data has been stored - * @return false if invalid data has been stored - */ -bool w_macos_get_is_valid_data(void); - -#endif /* MACOS_LOG_H */ diff --git a/src/modules/logcollector/include/state.h b/src/modules/logcollector/include/state.h deleted file mode 100644 index 6b9023a5f2..0000000000 --- a/src/modules/logcollector/include/state.h +++ /dev/null @@ -1,116 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef LOGCOLLECTOR_STAT_H -#define LOGCOLLECTOR_STAT_H - -#include "shared.h" - -#ifdef WIN32 -#define LOGCOLLECTOR_STATE "wazuh-logcollector.state" -#else -#define LOGCOLLECTOR_STATE "var/run/wazuh-logcollector.state" -#endif - -#define LOGCOLLECTOR_STATE_FILES_MAX 40 ///< Size of the statistics hash table -#define LOGCOLLECTOR_STATE_DESCRIPTION "logcollector_state" ///< String identifier for errors - -// Macros to add files/targets node to states -#define w_logcollector_state_add_file(x) w_logcollector_state_update_file(x, 0) -#define w_logcollector_state_add_target(x, y) w_logcollector_state_update_target(x, y, false) - -/** - * @brief state storage structure - * key: location option value. value: w_lc_state_file_t - */ -typedef struct { - time_t start; ///< initial state timestamp - OSHash * states; ///< state storage -} w_lc_state_storage_t; - -/** - * @brief target state storage - * - */ -typedef struct { - char * name; ///< target name - uint64_t drops; ///< drop count -} w_lc_state_target_t; - -/** - * @brief file state storage - * - */ -typedef struct { - uint64_t bytes; ///< bytes count - uint64_t events; ///< events count - w_lc_state_target_t ** targets; ///< array of poiters to file's different targets -} w_lc_state_file_t; - -/** - * @brief statistics types - * - */ -typedef enum { - LC_STATE_GLOBAL = 0x1 << 0, ///< statistics since the begining of program execution - LC_STATE_INTERVAL = 0x1 << 1 ///< periodically calculated statistic -} w_lc_state_type_t; - -/** - * @brief Initialize storing structures - * - * @param state_type statistics to calculate - * @param state_file_enabled enable saving state to file - */ -void w_logcollector_state_init(w_lc_state_type_t state_type, bool state_file_enabled); - -/** - * @brief Logcollector state main thread function - * @param args optional parameter. state interval value - * @return void* default return value for thread function prototype (unused) - */ -#ifdef WIN32 -DWORD WINAPI w_logcollector_state_main(void * args); -#else -void * w_logcollector_state_main(void * args); -#endif - -/** - * @brief Update/register current drop count for a target belonging to a particular file - * - * @param fpath file path or locafile location value - * @param target target name - * @param dropped true if want to register a drop. - */ -void w_logcollector_state_update_target(char * fpath, char * target, bool dropped); - -/** - * @brief Update/register current event and byte count for a particular file/location - * - * @param fpath file path or locafile location value - * @param bytes amount of bytes. If bigger than zero, event counter will increment. - */ -void w_logcollector_state_update_file(char * fpath, uint64_t bytes); - -/** - * @brief Removes the `fpath` file from statistics - * - * @param fpath file path or locafile location value - */ -void w_logcollector_state_delete_file(char * fpath); - -/** - * @brief Get current state in JSON format - * - * @return cJSON* allocated object with current state. - * The cJSON* is heap allocated memory that must be freed by the caller using cJSON_Delete. - */ -cJSON * w_logcollector_state_get(); - -#endif /* LOGCOLLECTOR_STAT_H */ diff --git a/src/modules/logcollector/src/config.c b/src/modules/logcollector/src/config.c deleted file mode 100644 index acfffd26ba..0000000000 --- a/src/modules/logcollector/src/config.c +++ /dev/null @@ -1,352 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "list_op.h" - -/* To string size of max-size option */ -#define OFFSET_SIZE 11 - -int accept_remote; -int lc_debug_level; -#ifndef WIN32 -rlim_t nofile; -#endif - -void _getLocalfilesListJSON(logreader *list, cJSON *array, int gl); - -/* Read the config file (the localfiles) */ -int LogCollectorConfig(const char *cfgfile) -{ - int modules = 0; - logreader_config log_config; - - modules |= CLOCALFILE; - modules |= CLGCSOCKET; - - log_config.config = NULL; - log_config.globs = NULL; - log_config.socket_list = NULL; - log_config.agent_cfg = 0; - accept_remote = getDefine_Int("logcollector", "remote_commands", 0, 1); - log_config.accept_remote = accept_remote; - - /* Get loop timeout */ - loop_timeout = getDefine_Int("logcollector", "loop_timeout", 1, 120); - open_file_attempts = getDefine_Int("logcollector", "open_attempts", 0, 998); - vcheck_files = getDefine_Int("logcollector", "vcheck_files", 0, 1024); - maximum_lines = getDefine_Int("logcollector", "max_lines", 0, 1000000); - maximum_files = getDefine_Int("logcollector", "max_files", 1, 100000); - sock_fail_time = getDefine_Int("logcollector", "sock_fail_time", 1, 3600); - sample_log_length = getDefine_Int("logcollector", "sample_log_length", 1, 4096); - force_reload = getDefine_Int("logcollector", "force_reload", 0, 1); - reload_interval = getDefine_Int("logcollector", "reload_interval", 1, 86400); - reload_delay = getDefine_Int("logcollector", "reload_delay", 0, 30000); - free_excluded_files_interval = getDefine_Int("logcollector", "exclude_files_interval", 1, 172800); - state_interval = getDefine_Int("logcollector", "state_interval", 0, 3600); - - /* Current and total files counter */ - total_files = 0; - current_files = 0; - - if (force_reload && reload_interval < vcheck_files) { - mwarn("Reload interval (%d) must be greater or equal than the checking interval (%d).", reload_interval, vcheck_files); - } - -#ifndef WIN32 - nofile = getDefine_Int("logcollector", "rlimit_nofile", 1024, 1048576); -#endif - - if (maximum_lines > 0 && maximum_lines < 100) { - merror("Definition 'logcollector.max_lines' must be 0 or 100..1000000."); - return OS_INVALID; - } - -#ifndef WIN32 - if (maximum_files > (int)nofile - 100) { - merror("Definition 'logcollector.max_files' must be lower than ('logcollector.rlimit_nofile' - 100)."); - return OS_SIZELIM; - } -#else - if (maximum_files > WIN32_MAX_FILES) { - /* Limit files on Windows as file descriptors are shared */ - maximum_files = WIN32_MAX_FILES; - mdebug1("The maximum number of files to monitor cannot exceed %d in Windows, so it will be limited.", WIN32_MAX_FILES); - } -#endif - - if (ReadConfig(modules, cfgfile, &log_config, NULL) < 0) { - return (OS_INVALID); - } - - modules |= CAGENT_CONFIG; - log_config.agent_cfg = 1; - ReadConfig(modules, AGENTCONFIG, &log_config, NULL); - log_config.agent_cfg = 0; - - logff = log_config.config; - globs = log_config.globs; - logsk = log_config.socket_list; - - return (1); -} - - -void _getLocalfilesListJSON(logreader *list, cJSON *array, int gl) { - - unsigned int i = 0; - unsigned int j; - - while ((!gl && list[i].target) || (gl && list[i].file)) { - cJSON *file = cJSON_CreateObject(); - - if (list[i].file) cJSON_AddStringToObject(file,"file",list[i].file); - if (list[i].channel_str != NULL) cJSON_AddStringToObject(file, "channel", list[i].channel_str); - if (list[i].logformat) cJSON_AddStringToObject(file,"logformat",list[i].logformat); - if (list[i].command) cJSON_AddStringToObject(file,"command",list[i].command); - if (list[i].djb_program_name) cJSON_AddStringToObject(file,"djb_program_name",list[i].djb_program_name); - if (list[i].alias) cJSON_AddStringToObject(file,"alias",list[i].alias); - if (list[i].query != NULL) { - cJSON * query = cJSON_CreateObject(); - if (*list[i].query != '\0') { - cJSON_AddStringToObject(query, "value", list[i].query); - } - if (list[i].query_level != NULL) { - cJSON_AddStringToObject(query, "level", list[i].query_level); - } - if (list[i].query_type > 0) { - cJSON *type = cJSON_CreateArray(); - if (list[i].query_type & MACOS_LOG_TYPE_LOG) { - cJSON_AddItemToArray(type, cJSON_CreateString(MACOS_LOG_TYPE_LOG_STR)); - } - if (list[i].query_type & MACOS_LOG_TYPE_ACTIVITY) { - cJSON_AddItemToArray(type, cJSON_CreateString(MACOS_LOG_TYPE_ACTIVITY_STR)); - } - if (list[i].query_type & MACOS_LOG_TYPE_TRACE) { - cJSON_AddItemToArray(type, cJSON_CreateString(MACOS_LOG_TYPE_TRACE_STR)); - } - cJSON_AddItemToObject(query, "type", type); - } - cJSON_AddItemToObject(file, "query", query); - } - // Invalid configuration for journal logs - if (list[i].journal_log == NULL) { - cJSON_AddStringToObject(file, "ignore_binaries", list[i].filter_binary ? "yes" : "no"); - } - - if (list[i].age_str) cJSON_AddStringToObject(file,"age",list[i].age_str); - if (list[i].exclude) cJSON_AddStringToObject(file,"exclude",list[i].exclude); - - if (list[i].logformat != NULL && - strcmp(list[i].logformat, EVENTLOG) != 0 && - strcmp(list[i].logformat, "command") != 0 && - strcmp(list[i].logformat, "full_command") != 0) { - - if (list[i].future == 1){ - cJSON_AddStringToObject(file, "only-future-events", "yes"); - } else { - char offset[OFFSET_SIZE] = {0}; - sprintf(offset, "%ld", list[i].diff_max_size); - cJSON_AddStringToObject(file, "only-future-events", "no"); - cJSON_AddStringToObject(file, "max-size", offset); - } - } - - if (list[i].target && *list[i].target) { - cJSON *target = cJSON_CreateArray(); - for (j=0;list[i].target[j];j++) { - cJSON_AddItemToArray(target, cJSON_CreateString(list[i].target[j])); - } - cJSON_AddItemToObject(file,"target",target); - } - if (list[i].out_format && *list[i].out_format) { - cJSON *outformat = cJSON_CreateArray(); - for (j=0;list[i].out_format[j] && list[i].out_format[j]->format;j++) { - cJSON *item = cJSON_CreateObject(); - if (list[i].out_format[j]->target) - cJSON_AddStringToObject(item,"target",list[i].out_format[j]->target); - else - cJSON_AddStringToObject(item,"target","all"); - cJSON_AddStringToObject(item,"format",list[i].out_format[j]->format); - cJSON_AddItemToArray(outformat, item); - } - cJSON_AddItemToObject(file,"out_format",outformat); - } - if (list[i].duplicated) cJSON_AddNumberToObject(file,"duplicate",list[i].duplicated); - if (list[i].labels && list[i].labels[0].key) { - cJSON *label = cJSON_CreateObject(); - for (j=0;list[i].labels[j].key;j++) { - cJSON_AddStringToObject(label,list[i].labels[j].key,list[i].labels[j].value); - } - cJSON_AddItemToObject(file,"labels",label); - } - if (list[i].ign && list[i].logformat != NULL && (strcmp(list[i].logformat,"command")==0 || strcmp(list[i].logformat,"full_command")==0)) cJSON_AddNumberToObject(file,"frequency",list[i].ign); - if (list[i].reconnect_time && list[i].logformat != NULL && strcmp(list[i].logformat,"eventchannel")==0) cJSON_AddNumberToObject(file,"reconnect_time",list[i].reconnect_time); - if (list[i].multiline) { - cJSON * multiline = cJSON_CreateObject(); - cJSON_AddStringToObject(multiline, "match", multiline_attr_match_str(list[i].multiline->match_type)); - cJSON_AddStringToObject(multiline, "replace", multiline_attr_replace_str(list[i].multiline->replace_type)); - cJSON_AddStringToObject(multiline, "regex", w_expression_get_regex_pattern(list[i].multiline->regex)); - cJSON_AddNumberToObject(multiline, "timeout", list[i].multiline->timeout); - cJSON_AddItemToObject(file, "multiline_regex", multiline); - } - if (list[i].journal_log != NULL && list[i].journal_log->filters != NULL) { - - cJSON * filters = w_journal_filter_list_as_json(list[i].journal_log->filters); - if (filters != NULL) { - cJSON_AddItemToObject(file, "filters", filters); - } - - cJSON_AddBoolToObject(file, "filters_disabled", list[i].journal_log->disable_filters); - } - if (list[i].regex_ignore != NULL) { - OSListNode *node_it; - w_expression_t *exp_it; - cJSON * ignore_array = cJSON_CreateArray(); - - OSList_foreach(node_it, list[i].regex_ignore) { - exp_it = node_it->data; - cJSON * ignore_object = cJSON_CreateObject(); - - cJSON_AddStringToObject(ignore_object, "value", w_expression_get_regex_pattern(exp_it)); - cJSON_AddStringToObject(ignore_object, "type", w_expression_get_regex_type(exp_it)); - - cJSON_AddItemToArray(ignore_array, ignore_object); - } - - if (cJSON_GetArraySize(ignore_array) > 0) { - cJSON_AddItemToObject(file, "ignore", ignore_array); - } else { - cJSON_free(ignore_array); - } - } - if (list[i].regex_restrict != NULL) { - OSListNode *node_it; - w_expression_t *exp_it; - cJSON * restrict_array = cJSON_CreateArray(); - - OSList_foreach(node_it, list[i].regex_restrict) { - exp_it = node_it->data; - cJSON * restrict_object = cJSON_CreateObject(); - - cJSON_AddStringToObject(restrict_object, "value", w_expression_get_regex_pattern(exp_it)); - cJSON_AddStringToObject(restrict_object, "type", w_expression_get_regex_type(exp_it)); - - cJSON_AddItemToArray(restrict_array, restrict_object); - } - - if (cJSON_GetArraySize(restrict_array) > 0) { - cJSON_AddItemToObject(file, "restrict", restrict_array); - } else { - cJSON_free(restrict_array); - } - } - - cJSON_AddItemToArray(array, file); - i++; - } -} - - -cJSON *getLocalfileConfig(void) { - - if (!logff) { - return NULL; - } - - cJSON *root = cJSON_CreateObject(); - - cJSON *localfiles = cJSON_CreateArray(); - _getLocalfilesListJSON(logff, localfiles, 0); - - if (globs) { - unsigned int i = 0; - while (globs[i].gfiles) { - _getLocalfilesListJSON(globs[i].gfiles, localfiles, 1); - i++; - } - } - - if (cJSON_GetArraySize(localfiles) > 0) { - cJSON_AddItemToObject(root,"localfile",localfiles); - } else { - cJSON_free(localfiles); - } - - return root; -} - -cJSON *getSocketConfig(void) { - - if (!logsk) { - return NULL; - } - - cJSON *root = cJSON_CreateObject(); - cJSON *sockets = cJSON_CreateArray(); - int i; - - for (i=0;logsk[i].name;i++) { - cJSON *socket = cJSON_CreateObject(); - - cJSON_AddStringToObject(socket,"name",logsk[i].name); - cJSON_AddStringToObject(socket,"location",logsk[i].location); - if (logsk[i].mode == IPPROTO_UDP) { - cJSON_AddStringToObject(socket,"mode","udp"); - } else { - cJSON_AddStringToObject(socket,"mode","tcp"); - } - if (logsk[i].prefix) cJSON_AddStringToObject(socket,"prefix",logsk[i].prefix); - - cJSON_AddItemToArray(sockets, socket); - } - - if (cJSON_GetArraySize(sockets) > 0) { - cJSON_AddItemToObject(root,"socket",sockets); - } else { - cJSON_free(sockets); - } - - return root; -} - -cJSON *getLogcollectorInternalOptions(void) { - - cJSON *root = cJSON_CreateObject(); - cJSON *internals = cJSON_CreateObject(); - cJSON *logcollector = cJSON_CreateObject(); - - cJSON_AddNumberToObject(logcollector,"remote_commands",accept_remote); - cJSON_AddNumberToObject(logcollector,"loop_timeout",loop_timeout); - cJSON_AddNumberToObject(logcollector,"open_attempts",open_file_attempts); - cJSON_AddNumberToObject(logcollector,"vcheck_files",vcheck_files); - cJSON_AddNumberToObject(logcollector,"max_lines",maximum_lines); - cJSON_AddNumberToObject(logcollector,"max_files",maximum_files); - cJSON_AddNumberToObject(logcollector,"sock_fail_time",sock_fail_time); - cJSON_AddNumberToObject(logcollector,"debug",lc_debug_level); - cJSON_AddNumberToObject(logcollector,"sample_log_length",sample_log_length); - cJSON_AddNumberToObject(logcollector,"queue_size",OUTPUT_QUEUE_SIZE); - cJSON_AddNumberToObject(logcollector,"input_threads",N_INPUT_THREADS); - cJSON_AddNumberToObject(logcollector,"force_reload",force_reload); - cJSON_AddNumberToObject(logcollector,"reload_interval",reload_interval); - cJSON_AddNumberToObject(logcollector,"reload_delay",reload_delay); - cJSON_AddNumberToObject(logcollector, "exclude_files_interval", free_excluded_files_interval); - cJSON_AddNumberToObject(logcollector, "state_interval", state_interval); - -#ifndef WIN32 - cJSON_AddNumberToObject(logcollector,"rlimit_nofile",nofile); -#endif - - cJSON_AddItemToObject(internals,"logcollector",logcollector); - cJSON_AddItemToObject(root,"internal",internals); - - return root; -} diff --git a/src/modules/logcollector/src/file_reader.cpp b/src/modules/logcollector/src/file_reader.cpp new file mode 100644 index 0000000000..4b802db19e --- /dev/null +++ b/src/modules/logcollector/src/file_reader.cpp @@ -0,0 +1,120 @@ +#include "file_reader.hpp" +#include +#include + +#include +#include + +using namespace logcollector; + +FileReader::FileReader(Logcollector& logcollector, std::string pattern, std::time_t fileWait, std::time_t reloadInterval) : + IReader(logcollector), + m_filePattern(std::move(pattern)), + m_localfiles(), + m_fileWait(fileWait), + m_reloadInterval(reloadInterval) { } + +Awaitable FileReader::Run() { + while (true) { + Reload([&](Localfile & lf) { + lf.SeekEnd(); + m_logcollector.EnqueueTask(ReadLocalfile(&lf)); + }); + + co_await m_logcollector.Wait(std::chrono::milliseconds(m_reloadInterval)); + } +} + +Awaitable FileReader::ReadLocalfile(Localfile* lf) { + while (true) { + auto log = lf->NextLog(); + + while (!log.empty()) { + m_logcollector.SendMessage(lf->Filename(), log, m_collectorType); + log = lf->NextLog(); + } + + try { + if (lf->Rotated()) { + LogInfo("File '{}' rotated, reloading", lf->Filename()); + lf->Reopen(); + } + } catch (OpenError&) { + LogInfo("File inaccesible: {}", lf->Filename()); + co_return; + } + + co_await m_logcollector.Wait(std::chrono::milliseconds(m_fileWait)); + } + + RemoveLocalfile(lf->Filename()); +} + +void FileReader::AddLocalfiles(const std::list& paths, const std::function & callback) { + for (auto & path : paths) { + if (none_of(m_localfiles.begin(), m_localfiles.end(), [&path](Localfile & lf) { return lf.Filename() == path; })) { + m_localfiles.emplace_back(path); + LogInfo("Reading log file: {}", m_localfiles.back().Filename()); + callback(m_localfiles.back()); + } + } +} + +void FileReader::RemoveLocalfile(const std::string& filename) { + m_localfiles.remove_if([&filename](Localfile & lf) { return lf.Filename() == filename; }); +} + +Localfile::Localfile(std::string filename) : + m_filename(std::move(filename)), + m_stream(make_shared(m_filename)), + m_pos() { + if (m_stream->fail()) { + throw OpenError(m_filename); + } + } + +Localfile::Localfile(std::shared_ptr stream) : + m_filename(), + m_stream(std::move(stream)) { } + +std::string Localfile::NextLog() { + auto buffer = std::vector(config::logcollector::BUFFER_SIZE); + + if (m_stream->getline(buffer.data(), config::logcollector::BUFFER_SIZE).good()) { + m_pos = m_stream->tellg(); + return { buffer.data(), static_cast(m_stream->gcount()) - 1 }; + } else { + m_stream->seekg(m_pos); + m_stream->clear(); + return { }; + } +} + +void Localfile::SeekEnd() { + m_stream->seekg(0, std::ios::end); +} + +bool Localfile::Rotated() { + try { + auto fileSize = std::filesystem::file_size(m_filename); + auto streamSize = static_cast(m_stream->tellg()); + return fileSize < streamSize; + } catch (std::filesystem::filesystem_error&) { + throw OpenError(m_filename); + } +} + +void Localfile::Reopen() { + m_stream = std::make_shared(m_filename); + + if (m_stream->fail()) { + throw OpenError(m_filename); + } +} + +OpenError::OpenError(const std::string& filename) : + m_what(std::string("Cannot open file: ") + filename) { } + +const char * OpenError::what() const noexcept { + return m_what.c_str(); +} diff --git a/src/modules/logcollector/src/file_reader.hpp b/src/modules/logcollector/src/file_reader.hpp new file mode 100644 index 0000000000..a16173057e --- /dev/null +++ b/src/modules/logcollector/src/file_reader.hpp @@ -0,0 +1,143 @@ +#pragma once + +#include +#include +#include +#include + +#include +#include "reader.hpp" +#include + +namespace logcollector { + +/// @brief Local file class +/// +/// This class represents an individual local file that can be read by +/// Logcollector. +class Localfile { +public: + /// @brief Constructor + /// @param filename File name + Localfile(std::string filename); + + /// @brief Constructor + /// @param stream Shared pointer to an input stream + Localfile(std::shared_ptr stream); + + /// @brief Gets the next log from the file + /// @return A log, or an empty string if the end of the file has been reached + std::string NextLog(); + + /// @brief Seeks to the end of the file + void SeekEnd(); + + /// @brief Checks if the file has been rotated + /// + /// This method checks if the file has been rotated by comparing the current + /// size of the file with the reading position. If the file size is lower + /// than the reading position, the file has been rotated. + /// + /// @return True if the file has been rotated, false otherwise + bool Rotated(); + + /// @brief Reopens the file + void Reopen(); + + /// @brief Gets the file name + /// @return File name + inline const std::string& Filename() const { return m_filename; } + +private: + /// @brief File name + std::string m_filename; + + /// @brief Shared pointer to the input stream + std::shared_ptr m_stream; + + /// @brief Current position in the file + std::streampos m_pos; +}; + +/// @brief File reader class +/// +/// This class represents each file block in the module. There may exist +/// multiple file readers of each type. The File reader expands wildcards so +/// that one file reader can read multiple files (Localfile). +class FileReader : public IReader { +public: + /// @brief Constructor for the file reader + /// + /// @param logcollector Log collector instance + /// @param pattern File pattern + /// @param fileWait File wait time in milliseconds + /// @param reloadInterval Reload interval in milliseconds + FileReader(Logcollector& logcollector, std::string pattern, std::time_t fileWait, std::time_t reloadInterval); + + /// @brief Runs the file reader + /// @return Awaitable result + Awaitable Run(); + + /// @brief Reloads the file list + /// + /// Expands wildcards in the file pattern. Adds the new files to the list, + /// and calls the callback function. + /// + /// @param callback Callback function + void Reload(const std::function & callback); + + /// @brief Reads a local file + /// @param lf Localfile + /// @return Awaitable result + Awaitable ReadLocalfile(Localfile* lf); + +private: + /// @brief Adds localfiles to the list + /// + /// Merges the new files with the existing files. For each new file, it + /// calls the callback function. + /// + /// @param paths List of file paths + /// @param callback Callback function + void AddLocalfiles(const std::list& paths, const std::function & callback); + + /// @brief Removes a local file from the list + /// @param filename File name + /// @post The file is destroyed and may not be used anymore + void RemoveLocalfile(const std::string& filename); + + /// @brief File pattern + std::string m_filePattern; + + /// @brief List of local files + std::list m_localfiles; + + /// @brief File reading interval in milliseconds + std::time_t m_fileWait; + + /// @brief Reload (wildcard expand) interval in milliseconds + std::time_t m_reloadInterval; + + /// @brief File pattern + const std::string m_collectorType = "file"; +}; + +/// @brief Open error class +/// +/// This class represents an error that occurs when opening a file. +class OpenError : public std::exception { +public: + /// @brief Constructor + /// @param filename File name + OpenError(const std::string& filename); + + /// @brief Gets the error message + /// @return Error message + const char * what() const noexcept override; + +private: + /// @brief Error message + std::string m_what; +}; + +} diff --git a/src/modules/logcollector/src/file_reader_unix.cpp b/src/modules/logcollector/src/file_reader_unix.cpp new file mode 100644 index 0000000000..bedebecc4a --- /dev/null +++ b/src/modules/logcollector/src/file_reader_unix.cpp @@ -0,0 +1,34 @@ +#include "file_reader.hpp" +#include +#include +#include +#include + +using namespace logcollector; + +void FileReader::Reload(const std::function & callback) { + glob_t globResult; + + int ret = glob(m_filePattern.c_str(), 0, nullptr, &globResult); + + if (ret != 0) { + if (ret == GLOB_NOMATCH) { + LogTrace("No matches found for pattern: {}", m_filePattern); + } else { + LogWarn("Cannot use glob with pattern: {}", m_filePattern); + } + + globfree(&globResult); + return; + } + + std::list localfiles; + auto paths = std::span(globResult.gl_pathv, globResult.gl_pathc); + + for (auto& path : paths) { + localfiles.emplace_back(path); + } + + AddLocalfiles(localfiles, callback); + globfree(&globResult); +} diff --git a/src/modules/logcollector/src/file_reader_win.cpp b/src/modules/logcollector/src/file_reader_win.cpp new file mode 100644 index 0000000000..3029cb95d9 --- /dev/null +++ b/src/modules/logcollector/src/file_reader_win.cpp @@ -0,0 +1,35 @@ +#include "file_reader.hpp" +#include +#include + +#include +#include +#include + +using namespace logcollector; + +void FileReader::Reload(const std::function & callback) { + WIN32_FIND_DATA findFileData; + HANDLE hFind = FindFirstFile(m_filePattern.c_str(), &findFileData); + std::list files; + + auto baseDir = m_filePattern.substr(0, m_filePattern.find_last_of("\\/")); + + if (!baseDir.empty() && baseDir.back() != '\\' && baseDir.back() != '/') { + baseDir += '\\'; + } + + if (hFind == INVALID_HANDLE_VALUE) { + LogTrace("No matches found for pattern: {}", m_filePattern); + return; + } + + do { + if (!(findFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { + files.push_back(baseDir + findFileData.cFileName); + } + } while (FindNextFile(hFind, &findFileData) != 0); + + AddLocalfiles(files, callback); + FindClose(hFind); +} diff --git a/src/modules/logcollector/src/journal_log.c b/src/modules/logcollector/src/journal_log.c deleted file mode 100644 index 4fdd050e5e..0000000000 --- a/src/modules/logcollector/src/journal_log.c +++ /dev/null @@ -1,707 +0,0 @@ -#if defined(__linux__) - -#include "journal_log.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "debug_op.h" - -#ifdef WAZUH_UNIT_TESTING -// Remove STATIC qualifier from tests -#define STATIC -#define INLINE -#else -#define STATIC static -#define INLINE inline -#endif - -STATIC const int W_SD_JOURNAL_LOCAL_ONLY = 1 << 0; ///< Open the journal log for the local machine -STATIC const char * W_LIB_SYSTEMD = "libsystemd.so.0"; ///< Name of the systemd library - -// Function added on version 187 of systemd -typedef int (*w_journal_open)(sd_journal ** ret, int flags); ///< sd_journal_open -typedef void (*w_journal_close)(sd_journal * j); ///< sd_journal_close -typedef int (*w_journal_previous)(sd_journal * j); ///< sd_journal_previous -typedef int (*w_journal_next)(sd_journal * j); ///< sd_journal_next -typedef int (*w_journal_seek_tail)(sd_journal * j); ///< sd_journal_seek_tail -typedef int (*w_journal_seek_timestamp)(sd_journal * j, uint64_t usec); ///< sd_journal_seek_realtime_usec -typedef int (*w_journal_get_cutoff_timestamp)(sd_journal * j, - uint64_t * from, - uint64_t * to); ///< sd_journal_get_cutoff_realtime_usec -typedef int (*w_journal_get_timestamp)(sd_journal * j, uint64_t * ret); ///< sd_journal_get_realtime_usec -typedef int (*w_journal_get_data)(sd_journal * j, - const char * field, - const void ** data, - size_t * l); ///< sd_journal_get_data -typedef void (*w_journal_restart_data)(sd_journal * j); ///< sd_journal_restart_data -typedef int (*w_journal_enumerate_date)(sd_journal * j, const void ** data, size_t * l); ///< sd_journal_enumerate_data - -/** - * @brief Journal log library - * - * This structure is used to store the functions of the journal log library. - * The functions are used to interact with the journal log. - */ -struct w_journal_lib_t { - // Open and close functions - w_journal_open open; ///< Open the journal log - w_journal_close close; ///< Close the journal log - // Cursor functions - w_journal_previous previous; ///< Move the cursor to the previous entry - w_journal_next next; ///< Move the cursor to the next entry - w_journal_seek_tail seek_tail; ///< Move the cursor to the end of the journal log - w_journal_seek_timestamp seek_timestamp; ///< Move the cursor to the entry with the specified timestamp - // Timestamp functions - w_journal_get_cutoff_timestamp get_cutoff_timestamp; ///< Get the oldest timestamps in the journal - w_journal_get_timestamp get_timestamp; ///< Get the current time of the journal log - // Data functions - w_journal_get_data get_data; ///< Get the data of the specified field in the current entry - w_journal_restart_data restart_data; ///< Restart the enumeration of the available data - w_journal_enumerate_date enumerate_date; ///< Enumerate the available data in the current entry - void * handle; ///< Handle of the library -}; - -/********************************************************** - * Auxiliar functions - ***********************************************************/ - -/** - * @brief Return the epoch time in microseconds - * - * @return int64_t - */ -STATIC INLINE uint64_t w_get_epoch_time() { - struct timeval tv = {0}; - gettimeofday(&tv, NULL); - return (uint64_t) tv.tv_sec * 1000000 + tv.tv_usec; -} - -/** - * @brief Convert the epoch time to a human-readable string (ISO 8601) - * 2022-12-19T15:02:53.288+00:00 hostnameTest processName[123]: Message Test >> Wazuh no extra el hostname - * The caller is responsible for freeing the returned string. - * @param timestamp The epoch time - * @return char* The human-readable string or NULL on error - */ -STATIC INLINE char * w_timestamp_to_string(uint64_t timestamp) { - struct tm tm; - time_t time = timestamp / 1000000; - if (gmtime_r(&time, &tm) == NULL) { - return NULL; - } - - char * str; - os_calloc(sizeof("Mar 01 12:39:34") + 1, sizeof(char), str); - strftime(str, sizeof("Mar 01 12:39:34"), "%b %d %T", &tm); - return str; -} - -/** - * @brief Convert the epoch time to a journal --since time format %Y-%m-%d %H:%M:%S - * i.e. 2024-03-14 14:08:52 - * The caller is responsible for freeing the returned string. - * @param timestamp The epoch time - * @return char* The human-readable string or NULL on error - */ -STATIC INLINE char * w_timestamp_to_journalctl_since(uint64_t timestamp) { - struct tm tm; - time_t time = timestamp / 1000000; - if (gmtime_r(&time, &tm) == NULL) { - return NULL; - } - - char * str; - os_calloc(sizeof("2024-03-14 14:08:52") + 1, sizeof(char), str); - strftime(str, sizeof("2024-03-14 14:08:52"), "%Y-%m-%d %T", &tm); - return str; -} - -/********************************************************** - * Load library related - ***********************************************************/ -/** - * @brief Finds the path of a library in the process memory maps. - * - * This function searches for the specified library name in the process memory maps - * and returns the path of the library if found. - * - * @param library_name The name of the library to search for. - * @return The path of the library if found, or NULL if not found or an error occurred. - */ -STATIC INLINE char * find_library_path(const char * library_name) { - FILE * maps_file = fopen("/proc/self/maps", "r"); - if (maps_file == NULL) { - return NULL; - } - - char * line = NULL; - size_t len = 0; - char * path = NULL; - - while (getline(&line, &len, maps_file) != -1) { - if (strstr(line, library_name) != NULL) { - char * path_start = strchr(line, '/'); - if (path_start == NULL) { - break; // Never happens - } - char * path_end = strchr(path_start, '\n'); - if (path_end == NULL) { - break; // Never happens - } - *path_end = '\0'; - path = strndup(path_start, path_end - path_start); - break; - } - } - - os_free(line); - fclose(maps_file); - return path; -} - -/** - * @brief Checks if a file is owned by the root user. - * - * This function checks the ownership of a file by retrieving the file's - * stat structure and comparing the user ID (UID) with the root user's UID (0). - * - * @param library_path The path to the file to be checked. - * @return true if the file is owned by the root user, false otherwise. - */ -STATIC INLINE bool is_owned_by_root(const char * library_path) { - struct stat file_stat; - if (stat(library_path, &file_stat) != 0) { - return false; - } - - return file_stat.st_uid == 0; -} - -/** - * @brief Load and validate a function from a library. - * - * @param handle Library handle - * @param name Function name - * @param func Function pointer - * @return true if the function was loaded and validated successfully, false otherwise. - */ -STATIC INLINE bool load_and_validate_function(void * handle, const char * name, void ** func) { - *func = dlsym(handle, name); - if (*func == NULL) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_LIB_FAIL_LOAD, name, dlerror()); - return false; - } - return true; -} - -/** - * @brief Initialize the journal library functions - * - * The caller is responsible for freeing the returned library. - * @return w_journal_lib_t* The library or NULL on error - */ -STATIC INLINE w_journal_lib_t * w_journal_lib_init() { - w_journal_lib_t * lib = NULL; - os_calloc(1, sizeof(w_journal_lib_t), lib); - - // Load the library - lib->handle = dlopen(W_LIB_SYSTEMD, RTLD_LAZY); - if (lib->handle == NULL) { - char * err = dlerror(); - mwarn(LOGCOLLECTOR_JOURNAL_LOG_LIB_FAIL_LOAD, W_LIB_SYSTEMD, err == NULL ? "Unknown error" : err); - os_free(lib); - return NULL; - } - - // Verify the ownership of the library - char * library_path = find_library_path(W_LIB_SYSTEMD); - if (library_path == NULL || !is_owned_by_root(library_path)) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_LIB_FAIL_OWN, W_LIB_SYSTEMD); - os_free(library_path); - dlclose(lib->handle); - os_free(lib); - return NULL; - } - os_free(library_path); - - // Load and verify the functions - bool ok = - load_and_validate_function(lib->handle, "sd_journal_open", (void **) &lib->open) - && load_and_validate_function(lib->handle, "sd_journal_close", (void **) &lib->close) - && load_and_validate_function(lib->handle, "sd_journal_previous", (void **) &lib->previous) - && load_and_validate_function(lib->handle, "sd_journal_next", (void **) &lib->next) - && load_and_validate_function(lib->handle, "sd_journal_seek_tail", (void **) &lib->seek_tail) - && load_and_validate_function(lib->handle, "sd_journal_seek_realtime_usec", (void **) &lib->seek_timestamp) - && load_and_validate_function(lib->handle, "sd_journal_get_realtime_usec", (void **) &lib->get_timestamp) - && load_and_validate_function(lib->handle, "sd_journal_get_data", (void **) &lib->get_data) - && load_and_validate_function(lib->handle, "sd_journal_restart_data", (void **) &lib->restart_data) - && load_and_validate_function(lib->handle, "sd_journal_enumerate_data", (void **) &lib->enumerate_date) - && load_and_validate_function( - lib->handle, "sd_journal_get_cutoff_realtime_usec", (void **) &lib->get_cutoff_timestamp); - - if (!ok) { - dlclose(lib->handle); - os_free(lib); - return NULL; - } - - return lib; -} - -/********************************************************** - * Context related - ***********************************************************/ - -int w_journal_context_create(w_journal_context_t ** ctx) { - int ret = -1; // Return error by default - - if (ctx == NULL) { - return ret; - } - os_calloc(1, sizeof(w_journal_context_t), (*ctx)); - - (*ctx)->lib = w_journal_lib_init(); - if ((*ctx)->lib == NULL) { - os_free(*ctx); - return ret; - } - - ret = (*ctx)->lib->open(&((*ctx)->journal), W_SD_JOURNAL_LOCAL_ONLY); - if (ret < 0) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_FAIL_OPEN, strerror(-ret)); - dlclose((*ctx)->lib->handle); - os_free((*ctx)->lib); - os_free(*ctx); - } - return ret; -} - -void w_journal_context_free(w_journal_context_t * ctx) { - if (ctx == NULL) { - return; - } - - ctx->lib->close(ctx->journal); - dlclose(ctx->lib->handle); - os_free(ctx->lib); - os_free(ctx); -} - -void w_journal_context_update_timestamp(w_journal_context_t * ctx) { - static bool failed_logged = false; - if (ctx == NULL) { - return; - } - - int err = ctx->lib->get_timestamp(ctx->journal, &(ctx->timestamp)); - if (err < 0) { - ctx->timestamp = w_get_epoch_time(); - if (!failed_logged) { - failed_logged = true; - mwarn(LOGCOLLECTOR_JOURNAL_LOG_FAIL_READ_TS, strerror(-err)); - } - } -} - -int w_journal_context_seek_most_recent(w_journal_context_t * ctx) { - - if (ctx == NULL) { - return -1; - } - - int err = ctx->lib->seek_tail(ctx->journal); - if (err < 0) { - return err; - } - - err = ctx->lib->previous(ctx->journal); - // if change cursor, update timestamp - if (err > 0) { - w_journal_context_update_timestamp(ctx); - } - return err; -} - -int w_journal_context_seek_timestamp(w_journal_context_t * ctx, uint64_t timestamp) { - - if (ctx == NULL) { - return -1; - } - - // If the timestamp is in the future or invalid, seek the most recent entry - if (timestamp == 0 || timestamp > w_get_epoch_time()) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_FUTURE_TS, timestamp); - return w_journal_context_seek_most_recent(ctx); - } - - // Check if the timestamp is older than the oldest available - uint64_t oldest; - int err = w_journal_context_get_oldest_timestamp(ctx, &oldest); - - if (err < 0) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_FAIL_READ_OLD_TS, strerror(-err)); - } else if (timestamp < oldest) { - mwarn(LOGCOLLECTOR_JOURNAL_LOG_CHANGE_TS, timestamp); - timestamp = oldest; - } - - err = ctx->lib->seek_timestamp(ctx->journal, timestamp); - if (err < 0) { - return err; - } - - err = ctx->lib->next(ctx->journal); - if (err > 0) // if the cursor change, update timestamp - { - w_journal_context_update_timestamp(ctx); - } - return err; -} - -int w_journal_context_next_newest(w_journal_context_t * ctx) { - - if (ctx == NULL) { - return -1; - } - - int ret = ctx->lib->next(ctx->journal); - - // if change cursor, update timestamp - if (ret > 0) { - w_journal_context_update_timestamp(ctx); - } - - return ret; -} - -int w_journal_context_next_newest_filtered(w_journal_context_t * ctx, w_journal_filters_list_t filters) { - - if (filters == NULL) { - return w_journal_context_next_newest(ctx); - } - - int ret = 0; - while ((ret = w_journal_context_next_newest(ctx)) > 0) { - if (isDebug()) { - char * ts = w_timestamp_to_journalctl_since(ctx->timestamp); - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_CHECK_FILTER, ts == NULL ? "unknown" : ts); - os_free(ts); - } - - for (size_t i = 0; filters[i] != NULL; i++) { - if (w_journal_filter_apply(ctx, filters[i]) > 0) { - return 1; - } - } - }; - - return ret; -} - -// Check return value on value un error -int w_journal_context_get_oldest_timestamp(w_journal_context_t * ctx, uint64_t * timestamp) { - return ctx->lib->get_cutoff_timestamp(ctx->journal, timestamp, NULL); -} - -/********************************************************** - * Entry related - **********************************************************/ -/** - * @brief Create a JSON object with the available data in the journal log context - * - * The caller is responsible for freeing the returned cJSON object. - * @param ctx Journal log context - * @return cJSON* JSON object with the available data or NULL on error - */ -STATIC INLINE cJSON * entry_as_json(w_journal_context_t * ctx) { - cJSON * dump = cJSON_CreateObject(); - int isEmpty = 1; // Flag to check if the entry is empty - - // Iterate through the available data - const void * data; - size_t length; - ctx->lib->restart_data(ctx->journal); - while (ctx->lib->enumerate_date(ctx->journal, &data, &length) > 0) { - // Value is a string "key=value" without null-terminator - const char * equal_sign = memchr(data, '=', length); - if (!equal_sign) { - continue; - } - - size_t key_len = equal_sign - (const char *) data; - size_t value_len = length - key_len - 1; - - char * key = strndup(data, key_len); - char * value = strndup(equal_sign + 1, value_len); - - // Add the key and value to the JSON object - cJSON_AddStringToObject(dump, key, value); - isEmpty = 0; - - os_free(key); - os_free(value); - } - - // Error or no data - if (isEmpty) { - cJSON_Delete(dump); - return NULL; - } - return dump; -} - -/** - * @brief Get the field pointer from the current entry in the journal log context - * - * @param ctx Journal log context - * @param field Field to get - * @param value - * @return int - */ -STATIC INLINE char * get_field_ptr(w_journal_context_t * ctx, const char * field) { - const void * data; - size_t length; - - int err = ctx->lib->get_data(ctx->journal, field, &data, &length); - if (err < 0) { - return NULL; - } - - // Assume that the value is a string "key=value" - const char * equal_sign = memchr(data, '=', length); - if (!equal_sign) { - return NULL; // Invalid value - } - - // Copy the value - size_t key_len = equal_sign - (const char *) data; - size_t value_len = length - key_len - 1; - - return strndup(equal_sign + 1, value_len); -} - -/** - * @brief Create a syslog plaain text message from the basic fields - * - * The syslog format is: $TIMESTAMP $HOSTNAME $SYSLOG_IDENTIFIER[$PID]: $MESSAGE - * - * * The caller is responsible for freeing the returned string. - * @param timestamp The timestamp - * @param hostname - * @param syslog_identifier - * @param pid - * @param message - * @return char* - * @warning The arguments must be valid strings (except pid) - */ -STATIC INLINE char * create_plain_syslog(const char * timestamp, - const char * hostname, - const char * syslog_identifier, - const char * pid, - const char * message) { - static const char * syslog_format = "%s %s %s%s%s%s: %s"; - - size_t size = snprintf(NULL, - 0, - syslog_format, - timestamp, - hostname, - syslog_identifier, - pid ? "[" : "", - pid ? pid : "", - pid ? "]" : "", - message) - + 1; - - char * syslog_msg; - os_calloc(size, sizeof(char), syslog_msg); - snprintf(syslog_msg, - size, - syslog_format, - timestamp, - hostname, - syslog_identifier, - pid ? "[" : "", - pid ? pid : "", - pid ? "]" : "", - message); - return syslog_msg; -} - -/** - * @brief Create the entry from the current entry in the journal log context - * - * @param ctx - * @param type - * @return w_journal_entry_t* - */ -STATIC INLINE char * entry_as_syslog(w_journal_context_t * ctx) { - - char * hostname = get_field_ptr(ctx, "_HOSTNAME"); - char * syslog_identifier = get_field_ptr(ctx, "SYSLOG_IDENTIFIER"); - char * message = get_field_ptr(ctx, "MESSAGE"); - char * pid = get_field_ptr(ctx, "SYSLOG_PID"); - if (pid == NULL) { - pid = get_field_ptr(ctx, "_PID"); - } - char * timestamp = w_timestamp_to_string(ctx->timestamp); - - if (!hostname || !syslog_identifier || !message || !timestamp) { - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_NOT_SYSLOG, ctx->timestamp); - os_free(hostname); - os_free(syslog_identifier); - os_free(message); - os_free(pid); - os_free(timestamp); - return NULL; - } - - char * syslog_msg = create_plain_syslog(timestamp, hostname, syslog_identifier, pid, message); - - // Free the memory - os_free(hostname); - os_free(syslog_identifier); - os_free(message); - os_free(pid); - os_free(timestamp); - - return syslog_msg; -} - -w_journal_entry_t * w_journal_entry_dump(w_journal_context_t * ctx, w_journal_entry_dump_type_t type) { - - if (ctx == NULL || ctx->journal == NULL) { - return NULL; - } - - w_journal_entry_t * entry = NULL; - os_calloc(1, sizeof(w_journal_entry_t), entry); - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_INVALID; - entry->timestamp = ctx->timestamp; - - // Create the dump - switch (type) { - case W_JOURNAL_ENTRY_DUMP_TYPE_JSON: - entry->data.json = entry_as_json(ctx); - if (entry->data.json != NULL) { - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_JSON; - } - break; - case W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG: - entry->data.syslog = entry_as_syslog(ctx); - if (entry->data.syslog != NULL) { - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG; - } - break; - default: - break; - } - - if (entry->type == W_JOURNAL_ENTRY_DUMP_TYPE_INVALID) { - os_free(entry); - return NULL; - } - return entry; -} - -void w_journal_entry_free(w_journal_entry_t * entry) { - - if (entry == NULL) { - return; - } - - switch (entry->type) { - case W_JOURNAL_ENTRY_DUMP_TYPE_JSON: - cJSON_Delete(entry->data.json); - break; - case W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG: - os_free(entry->data.syslog); - break; - default: - break; - } - os_free(entry); -} - -char * w_journal_entry_to_string(w_journal_entry_t * entry) { - - if (entry == NULL) { - return NULL; - } - - char * str = NULL; - switch (entry->type) { - case W_JOURNAL_ENTRY_DUMP_TYPE_JSON: - str = cJSON_PrintUnformatted(entry->data.json); - break; - case W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG: - str = strdup(entry->data.syslog); - break; - default: - break; - } - return str; -} - -/********************************************************** - * Filter related - **********************************************************/ - -/** - * @brief Apply the filter to the current entry of the journal log context. - * - * @param ctx Journal log context - * @param filter Journal log filter - * @return int 1 if the entry matches the filter, 0 if it does not match, -1 on error - */ -int w_journal_filter_apply(w_journal_context_t * ctx, w_journal_filter_t * filter) { - - if (ctx == NULL || filter == NULL) { - return -1; - } - - for (size_t i = 0; i < filter->units_size; i++) { - _w_journal_filter_unit_t * unit = filter->units[i]; - - // Get the data - const char * data; - size_t length; - - int err = ctx->lib->get_data(ctx->journal, unit->field, (const void **) &data, &length); - if (err < 0) { - if (unit->ignore_if_missing) { - continue; - } else { - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_FIELD_ERROR, unit->field, ctx->timestamp, strerror(-err)); - return err; - } - } - - // Extract the value (data: key=value) - size_t keyPart_len = strnlen(unit->field, length) + 1; - if (keyPart_len > length) { - return -1; // invalid value - } - size_t value_len = length - keyPart_len; - char * value_str = strndup(data + keyPart_len, value_len); - const char * end_match; - - bool match = w_expression_match(unit->exp, value_str, &end_match, NULL); - - os_free(value_str); - if (!match) { - return 0; // No match - } - } - - return 1; // Match -} - -#endif diff --git a/src/modules/logcollector/src/lccom.c b/src/modules/logcollector/src/lccom.c deleted file mode 100644 index 5d1ffee723..0000000000 --- a/src/modules/logcollector/src/lccom.c +++ /dev/null @@ -1,579 +0,0 @@ -/* Remote request listener - * Copyright (C) 2015, Wazuh Inc. - * Mar 12, 2018. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include "logcollector.h" -#include "wazuh_modules/wmodules.h" -#include "os_net/os_net.h" -#include "state.h" - -#define LEN_LOCATION (10) /*!< length of "location"*/ -#define LEN_BOOL_STR (5) /*!< length of "false"*/ -#define MAX_LEN_HEADER (150) /*!< length of maximun header*/ -#define OFFSET_HEADER_TAGS (3) -#define OFFSET_CLOSING_TAGS (2) -#define AMOUNT_CLOSING_TAGS (4) - -#define TAG_ERROR "{\"error\"" -#define TAG_DATA "\"data\"" -#define TAG_GLOBAL "\"global\"" -#define TAG_FILES "\"files\"" -#define TAG_INTERVAL "\"interval\"" -#define TAG_LOCATION "\"location\"" - -bool getObjectIndexFromJsonStats(char *outjson_aux, size_t *ptrs, uint16_t *amountObj); -uint16_t checkJson64k(char *outjson, uint16_t initialIndex, uint16_t amountObj, size_t *ptrs, char *output, size_t *sizeOutput); -void addHeader(char *strJson, char *bufferTmp, char *headerData, size_t lenHeaderData, char *header, size_t lenHeader); -void addClosingTags(char *strJson); -void extractHeadersFromJson(char *buffJson, char *headerGlobal, char *headerInterval, char *headerData, size_t *LenHeaderInterval, size_t *LenHeaderData, size_t *LenHeaderGlobal); -void addStartandEndTagsToJsonStrBlock(char *buffJson, char *headerGlobal, char *headerInterval, char *headerData, size_t LenHeaderInterval, size_t LenHeaderData, size_t LenHeaderGlobal, size_t counter, bool getNextPage); -bool isJsonUpdated(void); -uint16_t getJsonStr64kBlockFromLatestIndex(char **output, bool getNextPage); -void replaceBoolToStr(char *buffer, char *match, bool value); - -size_t lccom_dispatch(char * command, char ** output){ - - const char *rcv_comm = command; - char *rcv_args = NULL; - - if ((rcv_args = strchr(rcv_comm, ' '))){ - *rcv_args = '\0'; - rcv_args++; - } - - if (strcmp(rcv_comm, "getconfig") == 0){ - // getconfig section - if (!rcv_args){ - mdebug1("LCCOM getconfig needs arguments."); - os_strdup("err LCCOM getconfig needs arguments", *output); - return strlen(*output); - } - return lccom_getconfig(rcv_args, output); - - } else if (strcmp(rcv_comm, "getstate") == 0) { - if (rcv_args && !strncmp(rcv_args, "next", 4)){ - return lccom_getstate(output, true); - } - return lccom_getstate(output, false); - } else { - mdebug1("LCCOM Unrecognized command '%s'.", rcv_comm); - os_strdup("err Unrecognized command", *output); - return strlen(*output); - } -} - -/** - * @brief Get the Object Index From Json Stats object - * - * @param outjson_aux json data file in string format - * @param ptrs pointer to json data for store all positions of "location" or Index - * @param amountObj amount objects inside json data file - * @return true all indexes are stored - * @return false not all indexes are stored - */ -bool getObjectIndexFromJsonStats(char *outjson_aux, size_t *ptrs, uint16_t *amountObj) { - bool isReadyIndex = false; - int i = 0; - ptrs[i++] = (size_t)outjson_aux; //ptrs[0] inicio de estadisticas sin 1er location - - while (outjson_aux != NULL) { - outjson_aux = strstr(outjson_aux, TAG_LOCATION); - if (outjson_aux == NULL) { - isReadyIndex = true; - break; - } - ptrs[i++] = (size_t)(&outjson_aux[0]); - outjson_aux = outjson_aux + LEN_LOCATION; - } - *amountObj = i; - return isReadyIndex; -} - -/** - * @brief Check that the json file is lower than 64k and split it - * - * @param outjson json data file in string format - * @param initialIndex start index for next request - * @param amountObj amount objects inside json data file - * @param ptrs pointer to json data for store all positions of "location" - * @param output json string split without closing and opening tags, no greater than 64KB - * @param sizeOutput size output - * @return uint16_t last calculated index - */ -uint16_t checkJson64k(char *outjson, uint16_t initialIndex, uint16_t amountObj, size_t *ptrs, char *output, size_t *sizeOutput) { - - size_t counter = 0; - uint16_t currentIndex = (initialIndex == 0) ? 1 : initialIndex; - uint16_t lastIndex = 0; - - if (output != NULL && outjson != NULL) { - while ( currentIndex < amountObj ) { - size_t len = ptrs[currentIndex] - ptrs[currentIndex-1]; - size_t currentLength = len; - counter += currentLength; - if (counter < OS_MAXSTR - OS_SIZE_1024) { - currentIndex++; - } else { - memset(output, 0, OS_MAXSTR); - memcpy(output, (const char *)ptrs[initialIndex], ptrs[currentIndex-1] - ptrs[initialIndex]); - lastIndex = currentIndex - 1; - counter = 0; - currentIndex = 1; - break; - } - } - - if (currentIndex != 1 && (counter < OS_MAXSTR - OS_SIZE_1024)) { - memset(output, 0, OS_MAXSTR); - strncpy(output, outjson + ptrs[initialIndex] - ptrs[0], - ptrs[currentIndex-1] - ptrs[initialIndex == 0 ? initialIndex : (initialIndex-1)] + - strlen(outjson + ptrs[currentIndex-1] - ptrs[0])); - } - } - *sizeOutput = counter; - return currentIndex == 1 ? lastIndex : currentIndex; -} - -/** - * @brief add error and global/interval header tag to json block - * - * @param strJson json string split without closing and opening tags, no greater than 64KB - * @param bufferTmp temporal buffer for store closing and opening tags - * @param headerData header tag to object data - * @param lenHeaderData header tag length for object data - * @param header header tag to object global/interval - * @param lenHeader header tag length for object global/interval - */ -void addHeader(char *strJson, char *bufferTmp, char *headerData, size_t lenHeaderData, char *header, size_t lenHeader) { - if (bufferTmp != NULL && strJson != NULL) { - memcpy(bufferTmp, headerData, lenHeaderData); - memcpy(bufferTmp + lenHeaderData, header, lenHeader); - memcpy(bufferTmp + lenHeaderData + lenHeader, strJson, OS_MAXSTR - lenHeaderData - lenHeader - 1); - memset(strJson, 0 , OS_MAXSTR); - memcpy(strJson, bufferTmp, OS_MAXSTR - 1); - } -} - -/** - * @brief add closing tags - * - * @param strJson json string split with opening tags but without closing tags, no greater than 64k - */ -void addClosingTags(char *strJson) { - if (strJson != NULL) { - memcpy(strJson + strlen(strJson) - OFFSET_CLOSING_TAGS, "]}}}", AMOUNT_CLOSING_TAGS); - } -} - -/** - * @brief extract all headers tags from json data - * - * @param buffJson json data file in string format - * @param headerGlobal buffer to store global header - * @param headerInterval buffer to store interval header - * @param headerData buffer to store data header - * @param LenHeaderInterval pointer to store length of interval - * @param LenHeaderData pointer to store length of data - * @param LenHeaderGlobal pointer to store length of global - */ -void extractHeadersFromJson(char *buffJson, char *headerGlobal, char *headerInterval, char *headerData, size_t *LenHeaderInterval, size_t *LenHeaderData, size_t *LenHeaderGlobal) { - char *ptrInterval = NULL; - char *ptrFilesInterval = NULL; - char *ptrGlobal = NULL; - char *ptrFilesGlobal = NULL; - char *ptrData = NULL; - - if (buffJson != NULL) { - if (headerGlobal != NULL && headerInterval != NULL) { - if ((ptrGlobal = strstr(buffJson, TAG_GLOBAL)) != NULL) { - if ((ptrFilesGlobal = strstr(ptrGlobal, TAG_FILES)) != NULL) { - *LenHeaderGlobal = ptrFilesGlobal - ptrGlobal + strlen(TAG_FILES) + OFFSET_HEADER_TAGS; - memcpy(headerGlobal, ptrGlobal, *LenHeaderGlobal); - } - } - } - - if (headerInterval != NULL && LenHeaderInterval != NULL) { - if ((ptrInterval = strstr(buffJson, TAG_INTERVAL)) != NULL) { - if ((ptrFilesInterval = strstr(ptrInterval, TAG_FILES)) != NULL) { - *LenHeaderInterval = ptrFilesInterval - ptrInterval + strlen(TAG_FILES) + OFFSET_HEADER_TAGS; - memcpy(headerInterval, ptrInterval, *LenHeaderInterval); - } - } - } - - if (headerData != NULL && LenHeaderData != NULL) { - if ((ptrData = strstr(buffJson, TAG_DATA)) != NULL) { - *LenHeaderData = ptrData + strlen(TAG_FILES) - buffJson + 1; - memcpy(headerData, buffJson, *LenHeaderData); - } - } - } -} - -/** - * @brief add opening and closing tags to json block less than 64KB - * - * @param buffJson json data file in string format - * @param headerGlobal buffer containing the global header - * @param headerInterval buffer containing the interval header - * @param headerData buffer containing the data header - * @param LenHeaderInterval length of interval header - * @param LenHeaderData length of interval header - * @param LenHeaderGlobal length of interval header - * @param counter block size, if it is 0 it means that the block is larger than 64KB - * @param getNextPage false mean that start from first page, otherwise the get next page sequentially - */ -void addStartandEndTagsToJsonStrBlock(char *buffJson, char *headerGlobal, char *headerInterval, char *headerData, size_t LenHeaderInterval, size_t LenHeaderData, size_t LenHeaderGlobal, size_t counter, bool getNextPage) { - static bool flag_interval = false; - static bool flag_global = false; - char bufferTmp[OS_MAXSTR] = {0}; - memset(bufferTmp, 0, OS_MAXSTR); - - /* starts from the first page when the request is getstate*/ - if (getNextPage == false) { - flag_interval = false; - flag_global = false; - } - - if (buffJson != NULL && headerGlobal != NULL && headerInterval != NULL && headerData != NULL) { - if (flag_global == false) { - if (strstr(buffJson, TAG_ERROR) != NULL) { - if (strstr(buffJson, TAG_DATA) != NULL) { - if (strstr(buffJson, TAG_GLOBAL) != NULL) { - flag_global = true; - if (strstr(buffJson, TAG_FILES) != NULL) { - if (strstr(buffJson, TAG_INTERVAL) != NULL) { - flag_interval = true; - if (counter == 0) { - /* 1: find error,data,global,files,intervals,files - and greather than 64k - */ - addClosingTags(buffJson); - } else { - /* 2: find error,data,global,files,intervals,files - and lower than 64k, it closes self - */ - flag_interval = false; - flag_global = false; - } - } else { - /* 3: - find error,data,global,files, dont find intervals,files - and greather than 64k - */ - addClosingTags(buffJson); - flag_interval = false; - } - } - } else { - flag_global = false; - mwarn("'global' tag no found in logcollector JSON stats"); - } - } - } - } else if (flag_interval == false && flag_global == true) { - if (strstr(buffJson, TAG_INTERVAL) != NULL) { - flag_interval = true; - if (counter == 0) { - /* 4: remainder of first block onwards, already find global - find intervals,files and greather than 64k - */ - addClosingTags(buffJson); - addHeader(buffJson, bufferTmp, headerData, LenHeaderData, headerGlobal, LenHeaderGlobal); - } else { - /* 5: remainder of first block onwards, already find global - find intervals,files and lower than 64k, it closes self - */ - addHeader(buffJson, bufferTmp, headerData, LenHeaderData, headerGlobal, LenHeaderGlobal); - flag_interval = false; - } - } else { - /* 6: remainder of first block onwards, already find global - intervals,files not found and greather than 64k - always global and interval are full json therefore dont is need lower than 64k - */ - addClosingTags(buffJson); - addHeader(buffJson, bufferTmp, headerData, LenHeaderData, headerGlobal, LenHeaderGlobal); - flag_interval = false; - } - } else if (flag_interval == true && flag_global == true) { - if (counter == 0) { - /* 7: - remainder of interval block onwards - greather than 64k - */ - addClosingTags(buffJson); - addHeader(buffJson, bufferTmp, headerData, LenHeaderData, headerInterval, LenHeaderInterval); - } else { - /* 8: - remainder of interval block onwards - lower than 64k, it closes self - */ - addHeader(buffJson, bufferTmp, headerData, LenHeaderData, headerInterval, LenHeaderInterval); - flag_interval = false; - flag_global = false; - } - } - } -} - -/** - * @brief returns if at this moment the json file was updated automatically - * - * @return true it was updated - * @return false it was not updated - */ -bool isJsonUpdated(void) { - static time_t mtime_prev = 0; - time_t mtime_current = 0; - struct stat outstat; - struct tm *tm_stat; - char date_string[256]; - bool isJsonUpdated = false; - - /*should be reset index to the first page when some files are added or removed*/ - if (stat(LOGCOLLECTOR_STATE, &outstat) == 0) { - tm_stat = localtime(&outstat.st_mtime); - /* Get localized date string. */ - strftime(date_string, sizeof(date_string), "%c", tm_stat); - mtime_current = mktime(tm_stat); - mdebug2(" %s %s", date_string, LOGCOLLECTOR_STATE); - } - - if (difftime(mtime_current, mtime_prev) != 0 && mtime_prev != 0) { - mdebug2("Logcollector JSON stats have been updated."); - isJsonUpdated = true; - } - mtime_prev = mtime_current; - - return isJsonUpdated; -} - -/** - * @brief Get the Json Str64k Block From Latest Index object - * - * @param output double pointer to store global json data - * @param getNextPage indicate that you should request the next page (true) or first page (false) - * @return uint16_t size of *output - */ -uint16_t getJsonStr64kBlockFromLatestIndex(char **output, bool getNextPage) { - char buffer[OS_MAXSTR] = {0}; - char headerGlobal[MAX_LEN_HEADER] = {0}; - char headerInterval[MAX_LEN_HEADER] = {0}; - char headerData[MAX_LEN_HEADER] = {0}; - bool isReadyIndex = 0; - uint16_t i = 0; - static uint16_t apiLatestIndex = 0; - size_t ptrs[OS_MAXSTR] = {0}; - size_t counter = 0; - size_t LenHeaderInterval = 0; - size_t LenHeaderData = 0; - size_t LenHeaderGlobal = 0; - - isReadyIndex = getObjectIndexFromJsonStats(*output, ptrs, &i); - apiLatestIndex = (getNextPage == false) ? 0 : apiLatestIndex; - extractHeadersFromJson(*output, headerGlobal, headerInterval, headerData, &LenHeaderInterval, &LenHeaderData, &LenHeaderGlobal); - - if (isReadyIndex) { - apiLatestIndex = checkJson64k(*output, apiLatestIndex, i, ptrs, buffer, &counter); - addStartandEndTagsToJsonStrBlock(buffer, headerGlobal, headerInterval, headerData, - LenHeaderInterval, LenHeaderData, LenHeaderGlobal, counter, getNextPage); - - if (apiLatestIndex == i) { - apiLatestIndex = 0; - i = 0; - memset(headerGlobal, 0, MAX_LEN_HEADER); - memset(headerInterval, 0, MAX_LEN_HEADER); - memset(headerData, 0, MAX_LEN_HEADER); - memset(ptrs, 0, OS_MAXSTR - 1); - LenHeaderInterval = 0; - LenHeaderData = 0; - LenHeaderGlobal = 0; - } - os_free(*output); - os_strdup(buffer, *output); - } - return strlen(buffer); -} - -/** - * @brief replace bool to string bool in json block str - * - * @param buffer json block - * @param match object name to match from json block - * @param value true or false - */ -void replaceBoolToStr(char *buffer, char *match, bool value) { - char *ptr = NULL; - if (buffer != NULL && match != NULL) { - if ((ptr = strstr(buffer, match)) != NULL) { - memcpy(ptr + strlen(match), value == true ? "true " : "false", LEN_BOOL_STR); - } - } -} - -size_t lccom_getstate(char ** output, bool getNextPage) { - size_t retval = 0; - cJSON * state_json = NULL; - cJSON * w_packet = cJSON_CreateObject(); - if (state_json = w_logcollector_state_get(), state_json == NULL) { - cJSON_AddNumberToObject(w_packet, "error", 1); - cJSON_AddObjectToObject(w_packet, "data"); - cJSON_AddStringToObject(w_packet, "message", "Statistics unavailable"); - mdebug1("At LCCOM getstate: Statistics unavailable"); - } else { - cJSON_AddNumberToObject(w_packet, "error", 0); - cJSON_AddFalseToObject(w_packet, "remaining"); - cJSON_AddFalseToObject(w_packet, "json_updated"); - cJSON_AddItemToObject(w_packet, "data", state_json); - } - *output = cJSON_PrintUnformatted(w_packet); - cJSON_Delete(w_packet); - - /* '*output' point to the global json without split*/ - if (strlen(*output) >= OS_MAXSTR) { - retval = getJsonStr64kBlockFromLatestIndex(output, getNextPage); - - /* '*output' point to the block of length <= 64k*/ - replaceBoolToStr(*output, "\"remaining\":", strlen(*output) >= OS_MAXSTR - (2*OS_SIZE_1024)); - replaceBoolToStr(*output, "\"json_updated\":", isJsonUpdated()); - } else { - retval = strlen(*output); - } - return retval; -} - -size_t lccom_getconfig(const char * section, char ** output) { - - cJSON *cfg; - char *json_str; - - if (strcmp(section, "localfile") == 0){ - if (cfg = getLocalfileConfig(), cfg) { - os_strdup("ok", *output); - json_str = cJSON_PrintUnformatted(cfg); - wm_strcat(output, json_str, ' '); - free(json_str); - cJSON_Delete(cfg); - return strlen(*output); - } else { - goto error; - } - } else if (strcmp(section, "socket") == 0){ - if (cfg = getSocketConfig(), cfg) { - os_strdup("ok", *output); - json_str = cJSON_PrintUnformatted(cfg); - wm_strcat(output, json_str, ' '); - free(json_str); - cJSON_Delete(cfg); - return strlen(*output); - } else { - goto error; - } - } else if (strcmp(section, "internal") == 0){ - if (cfg = getLogcollectorInternalOptions(), cfg) { - os_strdup("ok", *output); - json_str = cJSON_PrintUnformatted(cfg); - wm_strcat(output, json_str, ' '); - free(json_str); - cJSON_Delete(cfg); - return strlen(*output); - } else { - goto error; - } - } else { - goto error; - } -error: - mdebug1("At LCCOM getconfig: Could not get '%s' section", section); - os_strdup("err Could not get requested section", *output); - return strlen(*output); -} - - -#ifndef WIN32 -void * lccom_main(__attribute__((unused)) void * arg) { - int sock; - int peer; - char *buffer = NULL; - char *response = NULL; - ssize_t length; - fd_set fdset; - - mdebug1("Local requests thread ready"); - - if (sock = OS_BindUnixDomain(LC_LOCAL_SOCK, SOCK_STREAM, OS_MAXSTR), sock < 0) { - merror("Unable to bind to socket '%s': (%d) %s.", LC_LOCAL_SOCK, errno, strerror(errno)); - return NULL; - } - - while (1) { - - // Wait for socket - FD_ZERO(&fdset); - FD_SET(sock, &fdset); - - switch (select(sock + 1, &fdset, NULL, NULL, NULL)) { - case -1: - if (errno != EINTR) { - merror_exit("At lccom_main(): select(): %s", strerror(errno)); - } - - continue; - - case 0: - continue; - } - - if (peer = accept(sock, NULL, NULL), peer < 0) { - if (errno != EINTR) { - merror("At lccom_main(): accept(): %s", strerror(errno)); - } - - continue; - } - - os_calloc(OS_MAXSTR, sizeof(char), buffer); - switch (length = OS_RecvSecureTCP(peer, buffer,OS_MAXSTR), length) { - case OS_SOCKTERR: - merror("At lccom_main(): OS_RecvSecureTCP(): response size is bigger than expected"); - break; - - case -1: - merror("At lccom_main(): OS_RecvSecureTCP(): %s", strerror(errno)); - break; - - case 0: - mdebug1("Empty message from local client."); - close(peer); - break; - - case OS_MAXLEN: - merror("Received message > %i", MAX_DYN_STR); - close(peer); - break; - - default: - length = lccom_dispatch(buffer, &response); - OS_SendSecureTCP(peer, length, response); - free(response); - close(peer); - } - free(buffer); - } - - mdebug1("Local server thread finished."); - - close(sock); - return NULL; -} - -#endif diff --git a/src/modules/logcollector/src/logcollector.c b/src/modules/logcollector/src/logcollector.c deleted file mode 100644 index aa9026d2ba..0000000000 --- a/src/modules/logcollector/src/logcollector.c +++ /dev/null @@ -1,2978 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "state.h" -#include -#include -#include "sysinfo_utils.h" -#include - -// Remove STATIC qualifier from tests -#ifdef WAZUH_UNIT_TESTING -#define STATIC -#else -#define STATIC static -#endif - -#define MAX_ASCII_LINES 10 -#define MAX_UTF8_CHARS 1400 -#define OFFSET_SIZE 21 ///< Maximum 64-bit integer is 20-char long, plus 1 because of the '\0' - -/* Prototypes */ -static int update_fname(int i, int j); -static int update_current(logreader **current, int *i, int *j); -static void set_read(logreader *current, int i, int j); -static IT_control remove_duplicates(logreader *current, int i, int j); -static int find_duplicate_inode(logreader * lf); -static void set_sockets(); -static void files_lock_init(void); -static void check_text_only(); -static int check_pattern_expand(int do_seek); -static void check_pattern_expand_excluded(); -static void set_can_read(int value); - -/** - * @brief Releases the data structure stored in the hash table 'files_status'. - * @param data Structure of the data to be released - */ -STATIC void free_files_status_data(os_file_status_t *data); - -/** - * @brief Create files_status hash and load the previous estatus from JSON file - */ -STATIC void w_initialize_file_status(); - -/** - * @brief Before stop logcollector save the files_status hash on JSON file - */ -STATIC void w_save_file_status(); - -/** - * @brief Load files_status data to hash - * @param global_json json wich contains the previous files_status hash - */ -STATIC void w_load_files_status(cJSON *global_json); - -/** - * @brief Parse the hash files_status to JSON - * @return json of all read status files in a string - */ -STATIC char * w_save_files_status_to_cJSON(); - -/** - * @brief Set file on the last line read or on the end in case the status hasn't been saved. - * @param lf logreader to set - * @return 0 on success, otherwise -1 - */ -STATIC int w_set_to_last_line_read(logreader *lf); - -/** - * @brief Set file on the end - * @param lf logreader to set - * @return 0 on success, otherwise -1 - */ -STATIC int64_t w_set_to_pos(logreader *lf, int64_t pos, int mode); - -/** - * @brief Update or add (if it not exit) hash node - * @param path Hash key - * @param pos Offset of hash - * @return 0 on success, otherwise -1 - */ -STATIC int w_update_hash_node(char * path, int64_t pos); - -/* Global variables */ -int loop_timeout; -int logr_queue; -int open_file_attempts; -logreader *logff; -logreader_glob *globs; -socket_forwarder *logsk; -int vcheck_files; -int maximum_lines; -int sample_log_length; -int force_reload; -int reload_interval; -int reload_delay; -int free_excluded_files_interval; -int state_interval; -OSHash * msg_queues_table; - -///< To asociate the path, the position to read, and the hash key of lines read. -OSHash * files_status; -///< Use for log messages -char *files_status_name = "file_status"; -static int _cday = 0; -int N_INPUT_THREADS = N_MIN_INPUT_THREADS; -int OUTPUT_QUEUE_SIZE = OUTPUT_MIN_QUEUE_SIZE; -socket_forwarder default_agent = { .name = "agent" }; -logtarget default_target[2] = { { .log_socket = &default_agent } }; - -/* Output thread variables */ -static pthread_mutex_t mutex; -#ifdef WIN32 -static pthread_mutex_t win_el_mutex; -static pthread_mutexattr_t win_el_mutex_attr; -#endif - -/* can read synchronization */ -static int _can_read = 0; -static rwlock_t can_read_rwlock; - -/* Multiple readers / one write mutex */ -static rwlock_t files_update_rwlock; - -static OSHash *excluded_files = NULL; -static OSHash *excluded_binaries = NULL; - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - -STATIC w_macos_log_procceses_t * macos_processes = NULL; - -#endif - -int check_ignore_and_restrict(OSList * ignore_exp_list, OSList * restrict_exp_list, const char *log_line) { - OSListNode *node_it; - w_expression_t *exp_it; - - if (ignore_exp_list) { - OSList_foreach(node_it, ignore_exp_list) { - exp_it = node_it->data; - /* Check ignore regex, if it matches, do not process the log */ - if (w_expression_match(exp_it, log_line, NULL, NULL)) { - mdebug2(LF_MATCH_REGEX, log_line, "ignore", w_expression_get_regex_pattern(exp_it)); - return true; - } - } - } - - if (restrict_exp_list) { - OSList_foreach(node_it, restrict_exp_list) { - exp_it = node_it->data; - /* Check restrict regex, only if match every log is processed */ - if (!w_expression_match(exp_it, log_line, NULL, NULL)) { - mdebug2(LF_MATCH_REGEX, log_line, "restrict", w_expression_get_regex_pattern(exp_it)); - return true; - } - } - } - - return false; -} - -/* Handle file management */ -void LogCollectorStart() -{ - int i = 0, j = -1, tg; - int f_check = 0; - int f_reload = 0; - int f_free_excluded = 0; - IT_control f_control = 0; - IT_control duplicates_removed = 0; - logreader *current; - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - w_sysinfo_helpers_t * sysinfo = NULL; - os_calloc(1, sizeof(w_sysinfo_helpers_t), sysinfo); - if (!w_sysinfo_init(sysinfo)) { - merror(SYSINFO_DYNAMIC_INIT_ERROR); - } -#endif - - /* Create store data */ - excluded_files = OSHash_Create(); - if (!excluded_files) { - merror_exit(LIST_ERROR); - } - - /* Create store for binaries data */ - excluded_binaries = OSHash_Create(); - if (!excluded_binaries) { - merror_exit(LIST_ERROR); - } - - /* Initialize status file struct (files_status) and set w_save_file_status at the process exit */ - w_initialize_file_status(); - - if (atexit(w_save_file_status)) { - merror(ATEXIT_ERROR); - } - - /* Initialize state component */ - if (state_interval == 0) { - w_logcollector_state_init(LC_STATE_GLOBAL, false); - } else if (state_interval > 0) { - w_logcollector_state_init(LC_STATE_GLOBAL | LC_STATE_INTERVAL, true); - } - - - /* Create the state thread */ -#ifndef WIN32 - w_create_thread(w_logcollector_state_main, (void *) &state_interval); -#else - w_create_thread(NULL, - 0, - w_logcollector_state_main, - (void *) &state_interval, - 0, - NULL); -#endif - - set_sockets(); - files_lock_init(); - - // Check for expanded files - check_pattern_expand(1); - check_pattern_expand_excluded(); - - w_mutex_init(&mutex, NULL); -#ifndef WIN32 - /* To check for inode changes */ - struct stat tmp_stat; - - /* Check for ASCII, UTF-8 */ - check_text_only(); - - /* Set the files mutexes */ - w_set_file_mutexes(); -#else - BY_HANDLE_FILE_INFORMATION lpFileInformation; - memset(&lpFileInformation, 0, sizeof(BY_HANDLE_FILE_INFORMATION)); - const char *m_uname; - - m_uname = getuname(); - - /* Check if we are on Windows Vista */ - if (!checkVista()) { - minfo("Windows version is older than 6.0. (%s).", m_uname); - } else { - minfo("Windows version is 6.0 or newer. (%s).", m_uname); - } - - /* Read vista descriptions */ - if (isVista) { - win_read_vista_sec(); - } - - /* Check for ASCII, UTF-8 */ - check_text_only(); - - w_mutexattr_init(&win_el_mutex_attr); - w_mutexattr_settype(&win_el_mutex_attr, PTHREAD_MUTEX_ERRORCHECK); -#endif - - mdebug1("Entering LogCollectorStart()."); - - /* Initialize each file and structure */ - for (i = 0;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - /* Remove duplicate entries */ - /* Returns NEXT_IT if duplicates were removed, LEAVE_IT if an error occurred - or CONTINUE_IT to continue with the current iteration */ - duplicates_removed = remove_duplicates(current, i, j); - if (duplicates_removed == NEXT_IT) { - i--; - continue; - } - - if (!current->file) { - /* Do nothing, duplicated entry */ - } else if (!strcmp(current->logformat, "eventlog")) { -#ifdef WIN32 - - minfo(READING_EVTLOG, current->file); - os_strdup(current->file, current->channel_str); - win_startel(current->file); - - /* Mutexes are not previously initialized under Windows*/ - w_mutex_init(¤t->mutex, &win_el_mutex_attr); -#else - free(current->file); -#endif - current->file = NULL; - current->command = NULL; - current->fp = NULL; - } else if (!strcmp(current->logformat, "eventchannel")) { -#ifdef WIN32 - -#ifdef EVENTCHANNEL_SUPPORT - minfo(READING_EVTLOG, current->file); - os_strdup(current->file, current->channel_str); - win_start_event_channel(current->file, current->future, current->query, current->reconnect_time); -#else - mwarn("eventchannel not available on this version of Windows"); -#endif - - /* Mutexes are not previously initialized under Windows*/ - w_mutex_init(¤t->mutex, &win_el_mutex_attr); -#else - free(current->file); -#endif - current->file = NULL; - current->command = NULL; - current->fp = NULL; - } else if (strcmp(current->logformat, "command") == 0) { - current->file = NULL; - current->fp = NULL; - current->size = 0; - -#ifdef WIN32 - /* Mutexes are not previously initialized under Windows*/ - w_mutex_init(¤t->mutex, &win_el_mutex_attr); -#endif - if (current->command) { - current->read = read_command; - - minfo("Monitoring output of command(%d): %s", current->ign, current->command); - tg = 0; - if (current->target) { - while (current->target[tg]) { - mdebug1("Socket target for '%s' -> %s", current->command, current->target[tg]); - tg++; - } - } - - if (!current->alias) { - os_strdup(current->command, current->alias); - } - } else { - merror("Missing command argument. Ignoring it."); - } - } else if (strcmp(current->logformat, "full_command") == 0) { - current->file = NULL; - current->fp = NULL; - current->size = 0; - -#ifdef WIN32 - /* Mutexes are not previously initialized under Windows*/ - w_mutex_init(¤t->mutex, &win_el_mutex_attr); -#endif - - if (current->command) { - current->read = read_fullcommand; - - minfo("Monitoring full output of command(%d): %s", current->ign, current->command); - tg = 0; - if (current->target){ - while (current->target[tg]) { - mdebug1("Socket target for '%s' -> %s", current->command, current->target[tg]); - tg++; - } - } - - if (!current->alias) { - os_strdup(current->command, current->alias); - } - } else { - merror("Missing command argument. Ignoring it."); - } - } - - else if (strcmp(current->logformat, MACOS) == 0) { -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - /* Get macOS version */ - w_macos_create_log_env(current, sysinfo); - current->read = read_macos; - if (current->macos_log->state != LOG_NOT_RUNNING) { - if (atexit(w_macos_release_log_execution)) { - merror(ATEXIT_ERROR); - } - /* macOS log's resources need to be globally reachable to be released */ - macos_processes = ¤t->macos_log->processes; - - for (int tg_idx = 0; current->target[tg_idx]; tg_idx++) { - mdebug1("Socket target for '%s' -> %s", MACOS_LOG_NAME, current->target[tg_idx]); - w_logcollector_state_add_target(MACOS_LOG_NAME, current->target[tg_idx]); - } - } -#else - minfo(LOGCOLLECTOR_ONLY_MACOS); -#endif - os_free(current->file); - current->command = NULL; - os_free(current->fp); - } - - else if (strcmp(current->logformat, JOURNALD_LOG) == 0) { -#ifdef __linux__ - current->read = read_journald; - w_journald_set_ofe(current->future); - - if (current->target != NULL) { - for (int tg_idx = 0; current->target[tg_idx]; tg_idx++) { - mdebug1(LOGCOLLECTOR_SOCKET_TARGET, JOURNALD_LOG, current->target[tg_idx]); - w_logcollector_state_add_target(JOURNALD_LOG, current->target[tg_idx]); - } - } -#else - minfo(LOGCOLLECTOR_JOURNALD_ONLY_LINUX); - w_journal_log_config_free(&(current->journal_log)); -#endif - os_free(current->file); - current->command = NULL; - os_free(current->fp); - } - - else if (j < 0) { - set_read(current, i, j); - if (current->file) { - minfo(READING_FILE, current->file); - } - /* More tweaks for Windows. For some reason IIS places - * some weird characters at the end of the files and getc - * always returns 0 (even after clearerr). - */ -#ifdef WIN32 - if (current->fp) { - if (current->future == 0) { - w_set_to_last_line_read(current); - } else { - int64_t offset = w_set_to_pos(current, 0, SEEK_END); - w_update_hash_node(current->file, offset); - } - } - - /* Mutexes are not previously initialized under Windows*/ - w_mutex_init(¤t->mutex, &win_el_mutex_attr); -#endif - } else { - /* On Windows we need to forward the seek for wildcard files */ -#ifdef WIN32 - if (current->file) { - minfo(READING_FILE, current->file); - } - - if (current->fp) { - if (current->future == 0) { - w_set_to_last_line_read(current); - } else { - int64_t offset = w_set_to_pos(current, 0, SEEK_END); - w_update_hash_node(current->file, offset); - } - } -#endif - } - } - - //Save status localfiles to disk - w_save_file_status(); - - // Initialize message queue's log builder - mq_log_builder_init(); - - /* Create the output threads */ - w_create_output_threads(); - - /* Create the input threads */ - w_create_input_threads(); - - /* Start up message */ - minfo(STARTUP_MSG, (int)getpid()); - mdebug1(CURRENT_FILES, current_files, maximum_files); - -#ifndef WIN32 - // Start com request thread - w_create_thread(lccom_main, NULL); -#endif - set_can_read(1); - /* Daemon loop */ - while (1) { - - /* Free hash table content for excluded files */ - if (f_free_excluded >= free_excluded_files_interval) { - set_can_read(0); // Stop reading threads - rwlock_lock_write(&files_update_rwlock); - set_can_read(1); // Clean signal once we have the lock - mdebug1("Refreshing excluded files list."); - - OSHash_Free(excluded_files); - excluded_files = OSHash_Create(); - - if (!excluded_files) { - merror_exit(LIST_ERROR); - } - - OSHash_Free(excluded_binaries); - excluded_binaries = OSHash_Create(); - - if (!excluded_binaries) { - merror_exit(LIST_ERROR); - } - - f_free_excluded = 0; - - rwlock_unlock(&files_update_rwlock); - } - - if (f_check >= vcheck_files) { - set_can_read(0); // Stop reading threads - rwlock_lock_write(&files_update_rwlock); - set_can_read(1); // Clean signal once we have the lock - int i; - int j = -1; - f_reload += f_check; - - mdebug1("Performing file check."); - - // Force reload, if enabled - - if (force_reload && f_reload >= reload_interval) { - struct timespec delay = { reload_delay / 1000, (reload_delay % 1000) * 1000000 }; - - // Close files - - for (i = 0, j = -1;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - if (current->file && current->fp) { - close_file(current); - } - } - - // Delay: yield mutex - - rwlock_unlock(&files_update_rwlock); - - if (reload_delay) { - nanosleep(&delay, NULL); - } - - set_can_read(0); // Stop reading threads - rwlock_lock_write(&files_update_rwlock); - set_can_read(1); // Clean signal once we have the lock - - // Open files again, and restore position - - for (i = 0, j = -1;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - if (current->file && current->exists) { - if (reload_file(current) == -1) { - minfo(FORGET_FILE, current->file); - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - current->exists = 0; - current->ign++; - - // Only expanded files that have been deleted will be forgotten - - if (j >= 0) { - if (Remove_Localfile(&(globs[j].gfiles), i, 1, 0,&globs[j])) { - merror(REM_ERROR, current->file); - } else { - mdebug1(CURRENT_FILES, current_files, maximum_files); - i--; - continue; - } - } else if (open_file_attempts) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - } - } - } - } - - /* Check if any file has been renamed/removed */ - for (i = 0, j = -1;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - /* These are the windows logs or ignored files */ - if (!current->file) { - continue; - } - - /* Files with date -- check for day change */ - if (current->ffile) { - if (update_fname(i, j)) { - if (current->fp) { - fclose(current->fp); - } - current->fp = NULL; - current->exists = 1; - - handle_file(i, j, 0, 1); - continue; - } - - /* Variable file name */ - else if (!current->fp && open_file_attempts - current->ign > 0) { - handle_file(i, j, 1, 1); - continue; - } - } - - /* Check for file change -- if the file is open already */ - if (current->fp) { -#ifndef WIN32 - - /* To help detect a file rollover, temporarily open the file a second time. - * Previously the fstat would work on "cached" file data, but this should - * ensure it's fresh when hardlinks are used (like alerts.log). - */ - FILE *tf; - tf = wfopen(current->file, "r"); - if(tf == NULL) { - if (errno == ENOENT) { - if(current->exists==1){ - minfo(FORGET_FILE, current->file); - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - current->exists = 0; - } - current->ign++; - - // Only expanded files that have been deleted will be forgotten - if (j >= 0) { - if (Remove_Localfile(&(globs[j].gfiles), i, 1, 0,&globs[j])) { - merror(REM_ERROR, current->file); - } else { - mdebug1(CURRENT_FILES, current_files, maximum_files); - i--; - continue; - } - } else if (open_file_attempts) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - } else { - merror(FOPEN_ERROR, current->file, errno, strerror(errno)); - } - } - - else if ((fstat(fileno(tf), &tmp_stat)) == -1) { - fclose(current->fp); - fclose(tf); - current->fp = NULL; - - merror(FSTAT_ERROR, current->file, errno, strerror(errno)); - } - else if (fclose(tf) == EOF) { - merror("Closing the temporary file %s did not work (%d): %s", current->file, errno, strerror(errno)); - } -#else - HANDLE h1; - - h1 = CreateFile(current->file, GENERIC_READ, - FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, - NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - if (h1 == INVALID_HANDLE_VALUE) { - fclose(current->fp); - current->fp = NULL; - minfo(LOGCOLLECTOR_INVALID_HANDLE_VALUE, current->file); - } else if (GetFileInformationByHandle(h1, &lpFileInformation) == 0) { - fclose(current->fp); - CloseHandle(h1); - current->fp = NULL; - minfo(LOGCOLLECTOR_INVALID_HANDLE_VALUE, current->file); - } - - if (!current->fp) { - if(current->exists==1){ - minfo(FORGET_FILE, current->file); - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - current->exists = 0; - } - current->ign++; - - // Only expanded files that have been deleted will be forgotten - if (j >= 0) { - if (Remove_Localfile(&(globs[j].gfiles), i, 1, 0,&globs[j])) { - merror(REM_ERROR, current->file); - } else { - mdebug2(CURRENT_FILES, current_files, maximum_files); - i--; - continue; - } - } else if (open_file_attempts) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - } -#endif - -#ifdef WIN32 - else if (current->fd != (lpFileInformation.nFileIndexLow + lpFileInformation.nFileIndexHigh)) -#else - else if (current->fd != tmp_stat.st_ino) -#endif - { - current->exists = 1; - - char msg_alert[512 + 1]; - - snprintf(msg_alert, 512, "ossec: File rotated (inode " - "changed): '%s'.", - current->file); - - /* Send message about log rotated */ - w_msg_hash_queues_push(msg_alert, "logcollector", strlen(msg_alert) + 1, default_target, LOCALFILE_MQ); - - mdebug1("File inode changed. %s", - current->file); - - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - - fclose(current->fp); - -#ifdef WIN32 - CloseHandle(h1); -#endif - - current->fp = NULL; - handle_file(i, j, 0, 1); - continue; - } -#ifdef WIN32 - else if ((DWORD)current->size > (lpFileInformation.nFileSizeHigh + lpFileInformation.nFileSizeLow)) -#else - else if (current->size > tmp_stat.st_size) -#endif - { - current->exists = 1; - char msg_alert[512 + 1]; - - snprintf(msg_alert, 512, "ossec: File size reduced " - "(inode remained): '%s'.", - current->file); - - /* Send message about log rotated */ - w_msg_hash_queues_push(msg_alert, "logcollector", strlen(msg_alert) + 1, default_target, LOCALFILE_MQ); - - mdebug1("File size reduced. %s", - current->file); - - /* Get new file */ - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - - fclose(current->fp); - -#ifdef WIN32 - CloseHandle(h1); -#endif - current->fp = NULL; - handle_file(i, j, 0, 1); - } else { -#ifdef WIN32 - CloseHandle(h1); - - /* Update file size */ - current->size = lpFileInformation.nFileSizeHigh + lpFileInformation.nFileSizeLow; -#else - current->exists = 1; - current->size = tmp_stat.st_size; -#endif - } - } else { -#ifdef WIN32 - if (!current->command && strcmp(current->logformat,EVENTCHANNEL) && strcmp(current->logformat,EVENTLOG)) { - - int file_exists = 1; - HANDLE h1; - - h1 = CreateFile(current->file, GENERIC_READ, - FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, - NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - if (h1 == INVALID_HANDLE_VALUE) { - mdebug1(LOGCOLLECTOR_INVALID_HANDLE_VALUE, current->file); - file_exists = 0; - w_logcollector_state_delete_file(current->file); - } else if (GetFileInformationByHandle(h1, &lpFileInformation) == 0) { - mdebug1(LOGCOLLECTOR_INVALID_HANDLE_VALUE, current->file); - file_exists = 0; - w_logcollector_state_delete_file(current->file); - } - - CloseHandle(h1); - - // Only expanded files that have been deleted will be forgotten - if (j >= 0) { - if (!file_exists) { - if (Remove_Localfile(&(globs[j].gfiles), i, 1, 0, &globs[j])) { - merror(REM_ERROR, current->file); - } else { - mdebug2(CURRENT_FILES, current_files, maximum_files); - i--; - continue; - } - } - } else if (open_file_attempts) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - } -#endif - } - - /* If open_file_attempts is at 0 the files aren't forgotted ever*/ - if(open_file_attempts == 0){ - current->ign = -1; - } - /* Too many errors for the file */ - if (current->ign >= open_file_attempts) { - /* 999 Maximum ignore */ - if (current->ign == 999) { - continue; - } - - if(!strcmp(current->logformat, "eventchannel")){ - mdebug1(LOGC_FILE_ERROR, current->file); - } else { - minfo(LOGC_FILE_ERROR, current->file); - } - - if (current->fp) { - fclose(current->fp); - } - - current->fp = NULL; - current->ign = 999; - - if (j >= 0) { -#ifndef WIN32 - struct stat stat_fd; - if (stat(current->file, &stat_fd) == -1 && ENOENT == errno) { -#else - if (!PathFileExists(current->file)) { -#endif - os_file_status_t * old_file_status = OSHash_Delete_ex(files_status, current->file); - free_files_status_data(old_file_status); - w_logcollector_state_delete_file(current->file); - - if (Remove_Localfile(&(globs[j].gfiles), i, 1, 0,&globs[j])) { - merror(REM_ERROR, current->file); - } else { - mdebug1(CURRENT_FILES, current_files, maximum_files); - i--; - } - } else { -#ifndef WIN32 - merror(FSTAT_ERROR, current->file, errno, strerror(errno)); -#endif - } - } - continue; - } - - /* File not open */ - if (!current->fp) { - if (current->ign >= 999) { - continue; - } else { - /* Try for a few times to open the file */ - handle_file(i, j, 1, 1); - continue; - } - } - } - - // Check for new files to be expanded - if (check_pattern_expand(1)) { - /* Remove duplicate entries */ - for (i = 0, j = -1;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - duplicates_removed = remove_duplicates(current, i, j); - if (duplicates_removed == NEXT_IT) { - i--; - continue; - } - } - } - - /* Check for excluded files */ - check_pattern_expand_excluded(); - - /* Check for ASCII, UTF-8 */ - check_text_only(); - - - rwlock_unlock(&files_update_rwlock); - - if (f_reload >= reload_interval) { - f_reload = 0; - } - - //Save status localfiles to disk - w_save_file_status(); - - f_check = 0; - - if (mq_log_builder_update() == -1) { - mdebug1("Output log pattern data could not be updated."); - } - } - - sleep(1); - - f_check++; - f_free_excluded++; - } -} - -int update_fname(int i, int j) -{ - time_t __ctime = time(0); - char lfile[OS_FLSIZE + 1]; - size_t ret; - logreader *lf; - struct tm tm_result = { .tm_sec = 0 }; - - if (j < 0) { - lf = &logff[i]; - } else { - lf = &globs[j].gfiles[i]; - } - - localtime_r(&__ctime, &tm_result); - - /* Handle file */ - if (tm_result.tm_mday == _cday) { - return (0); - } - - lfile[OS_FLSIZE] = '\0'; - ret = strftime(lfile, OS_FLSIZE, lf->ffile, &tm_result); - if (ret == 0) { - merror_exit(PARSE_ERROR, lf->ffile); - } - - /* Update the filename */ - if (strcmp(lfile, lf->file)) { - os_free(lf->file); - os_strdup(lfile, lf->file); - minfo(VAR_LOG_MON, lf->file); - - /* Setting cday to zero because other files may need - * to be changed. - */ - _cday = 0; - return (1); - } - - _cday = tm_result.tm_mday; - return (0); -} - -/* Open, get the fileno, seek to the end and update mtime */ -int handle_file(int i, int j, __attribute__((unused)) int do_fseek, int do_log) -{ - logreader *lf; - - if (j < 0) { - lf = &logff[i]; - } else { - lf = &globs[j].gfiles[i]; - } - - /* We must be able to open the file, fseek and get the - * time of change from it. - */ - - /* TODO: Support text mode on Windows */ - lf->fp = wfopen(lf->file, "rb"); - if (!lf->fp) { - if (do_log == 1 && lf->exists == 1) { - merror(FOPEN_ERROR, lf->file, errno, strerror(errno)); - lf->exists = 0; - } - goto error; - } - -#ifndef WIN32 - struct stat stat_fd = { .st_mode = 0 }; - int fd; - - /* Get inode number for fp */ - fd = fileno(lf->fp); - if (fstat(fd, &stat_fd) == -1) { - merror(FSTAT_ERROR, lf->file, errno, strerror(errno)); - fclose(lf->fp); - lf->fp = NULL; - goto error; - } - - lf->fd = stat_fd.st_ino; - lf->size = stat_fd.st_size; - lf->dev = stat_fd.st_dev; - -#else - BY_HANDLE_FILE_INFORMATION lpFileInformation; - memset(&lpFileInformation, 0, sizeof(BY_HANDLE_FILE_INFORMATION)); - - /* On windows, we also need the real inode, which is the combination - * of the index low + index high numbers. - */ - if (!get_fp_file_information(lf->fp, &lpFileInformation)) { - merror("Unable to get file information by handle."); - fclose(lf->fp); - lf->fp = NULL; - goto error; - } - - lf->fd = (lpFileInformation.nFileIndexLow + lpFileInformation.nFileIndexHigh); - lf->size = (lpFileInformation.nFileSizeHigh + lpFileInformation.nFileSizeLow); - -#endif - - if (find_duplicate_inode(lf)) { - mdebug1(DUP_FILE_INODE, lf->file); - close_file(lf); - return 0; - } - -/* Windows and fseek causes some weird issues */ -#ifndef WIN32 - if (do_fseek == 1 && S_ISREG(stat_fd.st_mode)) { - if (lf->future == 0) { - if (w_set_to_last_line_read(lf) < 0) { - goto error; - } - } else { - int64_t offset; - if (offset = w_set_to_pos(lf, 0, SEEK_END), offset < 0) { - goto error; - } - w_update_hash_node(lf->file, offset); - } - } -#endif - - /* Set ignore to zero */ - lf->ign = 0; - lf->exists = 1; - return (0); - -error: - lf->ign++; - - if (open_file_attempts && j < 0) { - mdebug1(OPEN_ATTEMPT, lf->file, open_file_attempts - lf->ign); - } else { - mdebug1(OPEN_UNABLE, lf->file); - } - - return -1; -} - -/* Reload file: open after close, and restore position */ -int reload_file(logreader * lf) { - - /* TODO: Support text mode on Windows */ - lf->fp = wfopen(lf->file, "rb"); - - if (!lf->fp) { - return -1; - } - - fsetpos(lf->fp, &lf->position); - return 0; -} - -/* Close file and save position */ -void close_file(logreader * lf) { - if (!(lf && lf->fp)) { - // This should not occur. - return; - } - - fgetpos(lf->fp, &lf->position); - fclose(lf->fp); - lf->fp = NULL; - -#ifdef WIN32 - lf->h = NULL; -#endif -} - -#ifdef WIN32 - -/* Remove newlines and replace tabs in the argument fields with spaces */ -void win_format_event_string(char *string) -{ - if (string == NULL) { - return; - } - - while (*string != '\0') { - if (*string == '\n' || *string == '\r' || *string == ':') { - if (*string == '\n' || *string == '\r') { - *string = ' '; - } - - string++; - - while (*string == '\t') { - *string = ' '; - string++; - } - - continue; - } - - string++; - } -} - -#endif /* WIN32 */ - -int update_current(logreader **current, int *i, int *j) -{ - if (*j < 0) { - /* Check for normal files */ - *current = &logff[*i]; - if(!(*current)->logformat) { - if (globs && globs->gfiles) { - *i = -1; - *j = 0; - return NEXT_IT; - } else { - return LEAVE_IT; - } - } - } else { - - /* Check boundaries */ - if ( *i > globs[*j].num_files) { - *i=-1; - (*j)++; - if(!globs[*j].gpath) { - return LEAVE_IT; - } else { - return NEXT_IT; - } - } - - /* Check expanded files */ - *current = &globs[*j].gfiles[*i]; - if (!(*current)->file) { - *i=-1; - (*j)++; - if(!globs[*j].gpath) { - return LEAVE_IT; - } else { - return NEXT_IT; - } - } - } - return CONTINUE_IT; -} - -void set_read(logreader *current, int i, int j) { - int tg; - current->command = NULL; - current->ign = 0; - w_logcollector_state_add_file(current->file); - /* Initialize the files */ - if (current->ffile) { - - /* Day must be zero for all files to be initialized */ - _cday = 0; - if (update_fname(i, j)) { - handle_file(i, j, 1, 1); - } else { - merror_exit(PARSE_ERROR, current->ffile); - } - - } else { - handle_file(i, j, 1, 1); - } - - tg = 0; - if (current->target) { - while (current->target[tg]) { - mdebug1("Socket target for '%s' -> %s", current->file, current->target[tg]); - w_logcollector_state_add_target(current->file, current->target[tg]); - tg++; - } - } - - /* Get the log type */ - if (strcmp("snort-full", current->logformat) == 0) { - current->read = read_snortfull; - } -#ifndef WIN32 - if (strcmp("ossecalert", current->logformat) == 0) { - current->read = read_ossecalert; - } -#endif - else if (strcmp("nmapg", current->logformat) == 0) { - current->read = read_nmapg; - } else if (strcmp("json", current->logformat) == 0) { - current->read = read_json; - } else if (strcmp("mysql_log", current->logformat) == 0) { - current->read = read_mysql_log; - } else if (strcmp("mssql_log", current->logformat) == 0) { - current->read = read_mssql_log; - } else if (strcmp("postgresql_log", current->logformat) == 0) { - current->read = read_postgresql_log; - } else if (strcmp("djb-multilog", current->logformat) == 0) { - if (!init_djbmultilog(current)) { - merror(INV_MULTILOG, current->file); - if (current->fp) { - fclose(current->fp); - current->fp = NULL; - } - current->file = NULL; - } - current->read = read_djbmultilog; - } else if (strncmp(current->logformat, "multi-line:", 11) == 0) { - current->read = read_multiline; - } else if (strcmp("audit", current->logformat) == 0) { - current->read = read_audit; - } else if (strcmp(MULTI_LINE_REGEX, current->logformat) == 0) { - current->read = read_multiline_regex; - } else { -#ifdef WIN32 - if (current->filter_binary) { - /* If the file is empty, set it to UCS-2 LE */ - if (FileSizeWin(current->file) == 0) { - current->ucs2 = UCS2_LE; - current->read = read_ucs2_le; - mdebug2("File '%s' is empty. Setting encoding to UCS-2 LE.",current->file); - return; - } - } - - if(current->ucs2 == UCS2_LE){ - mdebug1("File '%s' is UCS-2 LE",current->file); - current->read = read_ucs2_le; - return; - } - - if(current->ucs2 == UCS2_BE){ - mdebug1("File '%s' is UCS-2 BE",current->file); - current->read = read_ucs2_be; - return; - } -#endif - current->read = read_syslog; - } -} - -#ifndef WIN32 -int check_pattern_expand(int do_seek) { - glob_t g; - int err; - int glob_offset; - int found; - int i, j; - int retval = 0; - - pthread_mutexattr_t attr; - w_mutexattr_init(&attr); - w_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); - - if (globs) { - for (j = 0; globs[j].gpath; j++) { - if (current_files >= maximum_files) { - break; - } - glob_offset = 0; - if (err = glob(globs[j].gpath, 0, NULL, &g), err) { - if (err == GLOB_NOMATCH) { - mdebug1(GLOB_NFOUND, globs[j].gpath); - } else { - mdebug1(GLOB_ERROR, globs[j].gpath); - } - continue; - } - while (g.gl_pathv[glob_offset] != NULL) { - if (current_files >= maximum_files) { - mwarn(FILE_LIMIT, maximum_files); - break; - } - - struct stat statbuf; - if (lstat(g.gl_pathv[glob_offset], &statbuf) < 0) { - merror("Error on lstat '%s' due to [(%d)-(%s)]", g.gl_pathv[glob_offset], errno, strerror(errno)); - glob_offset++; - continue; - } - - if ((statbuf.st_mode & S_IFMT) != S_IFREG) { - mdebug1("File %s is not a regular file. Skipping it.", g.gl_pathv[glob_offset]); - glob_offset++; - continue; - } - - found = 0; - for (i = 0; globs[j].gfiles[i].file; i++) { - if (!strcmp(globs[j].gfiles[i].file, g.gl_pathv[glob_offset])) { - found = 1; - break; - } - } - if (!found) { - retval = 1; - char *ex_file = OSHash_Get(excluded_files,g.gl_pathv[glob_offset]); - int added = 0; - - if(!ex_file) { - mdebug1(NEW_GLOB_FILE, globs[j].gpath, g.gl_pathv[glob_offset]); - - os_realloc(globs[j].gfiles, (i +2)*sizeof(logreader), globs[j].gfiles); - - /* Copy the current item to the end mark as it should be a pattern */ - memcpy(globs[j].gfiles + i + 1, globs[j].gfiles + i, sizeof(logreader)); - // Clone the multiline configuration if it exists - globs[j].gfiles[i + 1].multiline = w_multiline_log_config_clone(globs[j].gfiles[i].multiline); - - os_strdup(g.gl_pathv[glob_offset], globs[j].gfiles[i].file); - w_mutex_init(&globs[j].gfiles[i].mutex, &attr); - globs[j].gfiles[i].fp = NULL; - globs[j].gfiles[i].exists = 1; - globs[j].gfiles[i + 1].file = NULL; - globs[j].gfiles[i + 1].target = NULL; - current_files++; - globs[j].num_files++; - mdebug2(CURRENT_FILES, current_files, maximum_files); - if (!globs[j].gfiles[i].read) { - set_read(&globs[j].gfiles[i], i, j); - } else { - handle_file(i, j, do_seek, 1); - } - - added = 1; - } - - char *file_excluded_binary = OSHash_Get(excluded_binaries,g.gl_pathv[glob_offset]); - - /* This file could have to non binary file */ - if (file_excluded_binary && !added) { - os_realloc(globs[j].gfiles, (i +2)*sizeof(logreader), globs[j].gfiles); - - /* Copy the current item to the end mark as it should be a pattern */ - memcpy(globs[j].gfiles + i + 1, globs[j].gfiles + i, sizeof(logreader)); - // Clone the multiline configuration if it exists - globs[j].gfiles[i + 1].multiline = w_multiline_log_config_clone(globs[j].gfiles[i].multiline); - - os_strdup(g.gl_pathv[glob_offset], globs[j].gfiles[i].file); - w_mutex_init(&globs[j].gfiles[i].mutex, &attr); - globs[j].gfiles[i].fp = NULL; - globs[j].gfiles[i].exists = 1; - globs[j].gfiles[i + 1].file = NULL; - globs[j].gfiles[i + 1].target = NULL; - current_files++; - globs[j].num_files++; - mdebug2(CURRENT_FILES, current_files, maximum_files); - if (!globs[j].gfiles[i].read) { - set_read(&globs[j].gfiles[i], i, j); - } else { - handle_file(i, j, do_seek, 1); - } - } - } - glob_offset++; - } - globfree(&g); - } - } - - w_mutexattr_destroy(&attr); - - return retval; -} - -static void check_pattern_expand_excluded() { - glob_t g; - int err; - int glob_offset; - int found; - int j; - - if (globs) { - for (j = 0; globs[j].gpath; j++) { - - if (!globs[j].exclude_path) { - continue; - } - - /* Check for files to exclude */ - glob_offset = 0; - if (err = glob(globs[j].exclude_path, 0, NULL, &g), err) { - if (err == GLOB_NOMATCH) { - mdebug1(GLOB_NFOUND, globs[j].exclude_path); - } else { - mdebug1(GLOB_ERROR, globs[j].exclude_path); - } - continue; - } - while (g.gl_pathv[glob_offset] != NULL) { - found = 0; - int k; - for (k = 0; globs[j].gfiles[k].file; k++) { - if (!strcmp(globs[j].gfiles[k].file, g.gl_pathv[glob_offset])) { - found = 1; - break; - } - } - - /* Excluded file found, remove it completely */ - if(found) { - int result; - - result = Remove_Localfile(&(globs[j].gfiles), k, 1, 0,&globs[j]); - - if (result) { - merror_exit(REM_ERROR,g.gl_pathv[glob_offset]); - } else { - - /* Add the excluded file to the hash table */ - char *file = OSHash_Get(excluded_files,g.gl_pathv[glob_offset]); - - if(!file) { - OSHash_Add(excluded_files,g.gl_pathv[glob_offset],(void *)1); - minfo(EXCLUDE_FILE,g.gl_pathv[glob_offset]); - } - - mdebug2(CURRENT_FILES, current_files, maximum_files); - } - } - glob_offset++; - } - globfree(&g); - } - } -} - -#else -int check_pattern_expand(int do_seek) { - int found; - int i, j; - int retval = 0; - - if (globs) { - for (j = 0; globs[j].gpath; j++) { - - if (current_files >= maximum_files) { - mwarn(FILE_LIMIT, maximum_files); - break; - } - - char** result = expand_win32_wildcards(globs[j].gpath); - - if (result) { - - int file; - char *full_path = NULL; - - for (file = 0; result[file] != NULL; file++) { - - if (current_files >= maximum_files) { - mwarn(FILE_LIMIT, maximum_files); - for (int f = file; result[f] != NULL; f++) { - os_free(result[f]); - } - break; - } - - os_strdup(result[file], full_path); - os_free(result[file]); - - found = 0; - for (i = 0; globs[j].gfiles[i].file; i++) { - if (!strcmp(globs[j].gfiles[i].file, full_path)) { - found = 1; - break; - } - } - - if (!found) { - retval = 1; - int added = 0; - - char *ex_file = OSHash_Get(excluded_files, full_path); - - if (!ex_file) { - - /* Because Windows cache's files, we need to check if the file - exists. Deleted files can still appear due to caching */ - HANDLE h1; - - h1 = CreateFile(full_path, GENERIC_READ, - FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, - NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - - if (h1 == INVALID_HANDLE_VALUE) { - os_free(full_path); - continue; - } - - CloseHandle(h1); - - minfo(NEW_GLOB_FILE, globs[j].gpath, full_path); - os_realloc(globs[j].gfiles, (i + 2) * sizeof(logreader), globs[j].gfiles); - /* Copy the current item to the end mark as it should be a pattern */ - memcpy(globs[j].gfiles + i + 1, globs[j].gfiles + i, sizeof(logreader)); - // Clone the multiline configuration if it exists - globs[j].gfiles[i + 1].multiline = w_multiline_log_config_clone(globs[j].gfiles[i].multiline); - - os_strdup(full_path, globs[j].gfiles[i].file); - w_mutex_init(&globs[j].gfiles[i].mutex, &win_el_mutex_attr); - globs[j].gfiles[i].fp = NULL; - globs[j].gfiles[i].exists = 1; - globs[j].gfiles[i + 1].file = NULL; - globs[j].gfiles[i + 1].target = NULL; - current_files++; - globs[j].num_files++; - mdebug2(CURRENT_FILES, current_files, maximum_files); - - if (!globs[j].gfiles[i].read) { - set_read(&globs[j].gfiles[i], i, j); - } else { - handle_file(i, j, do_seek, 1); - } - - added = 1; - } - - char *file_excluded_binary = OSHash_Get(excluded_binaries, full_path); - - /* This file could have to non binary file */ - if (file_excluded_binary && !added) { - os_realloc(globs[j].gfiles, (i + 2) * sizeof(logreader), globs[j].gfiles); - - /* Copy the current item to the end mark as it should be a pattern */ - memcpy(globs[j].gfiles + i + 1, globs[j].gfiles + i, sizeof(logreader)); - // Clone the multiline configuration if it exists - globs[j].gfiles[i + 1].multiline = w_multiline_log_config_clone(globs[j].gfiles[i].multiline); - - os_strdup(full_path, globs[j].gfiles[i].file); - w_mutex_init(&globs[j].gfiles[i].mutex, &win_el_mutex_attr); - globs[j].gfiles[i].fp = NULL; - globs[j].gfiles[i].exists = 1; - globs[j].gfiles[i + 1].file = NULL; - globs[j].gfiles[i + 1].target = NULL; - current_files++; - globs[j].num_files++; - mdebug2(CURRENT_FILES, current_files, maximum_files); - - if (!globs[j].gfiles[i].read) { - set_read(&globs[j].gfiles[i], i, j); - } else { - handle_file(i, j, do_seek, 1); - } - } - } - os_free(full_path); - } - os_free(result); - } - } - } - return retval; -} -#endif - -static IT_control remove_duplicates(logreader *current, int i, int j) { - IT_control d_control = CONTINUE_IT; - IT_control f_control; - int r, k; - logreader *dup; - - if (current->file && !current->command) { - for (r = 0, k = -1;; r++) { - if (f_control = update_current(&dup, &r, &k), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - if (current != dup && dup->file && !strcmp(current->file, dup->file)) { - mwarn(DUP_FILE, current->file); - int result; - - if (j < 0) { - result = Remove_Localfile(&logff, i, 0, 1,NULL); - } else { - result = Remove_Localfile(&(globs[j].gfiles), i, 1, 0,&globs[j]); - } - if (result) { - merror_exit(REM_ERROR, current->file); - } else { - mdebug1(CURRENT_FILES, current_files, maximum_files); - } - d_control = NEXT_IT; - break; - } - } - } - - return d_control; -} - -int find_duplicate_inode(logreader * lf) { - if (lf->file == NULL && lf->command != NULL) { - return 0; - } - - int r; - int k; - logreader * dup; - IT_control f_control; - - for (r = 0, k = -1;; r++) { - if (f_control = update_current(&dup, &r, &k), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - /* If the entry is different, the file is open, - * and both inode and device match, - * then the link is a duplicate. - */ - - if (lf != dup && dup->fp != NULL && lf->fd == dup->fd && lf->dev == dup->dev) { - return 1; - } - } - - return 0; -} - -static void set_sockets() { - int i, j, k, t; - logreader *current; - char *file; - - // List read sockets - unsigned int sk; - for (sk=0; logsk && logsk[sk].name; sk++) { - mdebug1("Socket '%s' (%s) added. Location: %s", logsk[sk].name, logsk[sk].mode == IPPROTO_UDP ? "udp" : "tcp", logsk[sk].location); - } - - for (i = 0, t = -1;; i++) { - if (t == -1 && logff && logff[i].file) { - current = &logff[i]; - file = logff[i].file; - } else if (globs && globs[++t].gpath){ - current = globs[t].gfiles; - file = globs[t].gpath; - } else { - break; - } - - os_malloc(sizeof(logtarget), current->log_target); - - for (j = 0; current->target[j]; j++) { - os_realloc(current->log_target, (j + 2) * sizeof(logtarget), current->log_target); - memset(current->log_target + j, 0, 2 * sizeof(logtarget)); - - if (strcmp(current->target[j], "agent") == 0) { - current->log_target[j].log_socket = &default_agent; - w_msg_hash_queues_add_entry("agent"); - continue; - } - int found = -1; - for (k = 0; logsk && logsk[k].name; k++) { - found = strcmp(logsk[k].name, current->target[j]); - if (found == 0) { - break; - } - } - if (found != 0) { - merror_exit("Socket '%s' for '%s' is not defined.", current->target[j], file); - } else { - current->log_target[j].log_socket = &logsk[k]; - w_msg_hash_queues_add_entry(logsk[k].name); - } - } - - memset(current->log_target + j, 0, sizeof(logtarget)); - - // Add output formats - - if (current->out_format) { - for (j = 0; current->out_format[j]; ++j) { - if (current->out_format[j]->target) { - // Fill the corresponding target - - for (k = 0; current->target[k]; ++k) { - if (strcmp(current->target[k], current->out_format[j]->target) == 0) { - current->log_target[k].format = current->out_format[j]->format; - break; - } - } - - if (!current->target[k]) { - mwarn("Log target '%s' not found for the output format of localfile '%s'.", current->out_format[j]->target, current->file); - } - } else { - // Fill the targets that don't yet have a format - - for (k = 0; current->target[k]; k++) { - if (!current->log_target[k].format) { - current->log_target[k].format = current->out_format[j]->format; - } - } - } - } - } - } -} - -void w_set_file_mutexes(){ - logreader *current; - IT_control f_control; - int r,k; - - pthread_mutexattr_t attr; - w_mutexattr_init(&attr); - w_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); - - for (r = 0, k = -1;; r++) { - if (f_control = update_current(¤t, &r, &k), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - if (k < 0) { - w_mutex_init(¤t->mutex, &attr); - } - } - - w_mutexattr_destroy(&attr); -} - -void free_msg_queue(w_msg_queue_t *msg) { - if (msg->msg_queue) queue_free(msg->msg_queue); - free(msg); -} - -void w_msg_hash_queues_init(){ - - OUTPUT_QUEUE_SIZE = getDefine_Int("logcollector", "queue_size", OUTPUT_MIN_QUEUE_SIZE, 220000); - msg_queues_table = OSHash_Create(); - - if(!msg_queues_table){ - merror_exit("Failed to create hash table for queue threads"); - } - - OSHash_SetFreeDataPointer(msg_queues_table, (void (*)(void *))free_msg_queue); -} - -int w_msg_hash_queues_add_entry(const char *key){ - int result; - w_msg_queue_t *msg; - - os_calloc(1,sizeof(w_msg_queue_t), msg); - msg->msg_queue = queue_init(OUTPUT_QUEUE_SIZE); - w_mutex_init(&msg->mutex, NULL); - w_cond_init(&msg->available, NULL); - - if (result = OSHash_Add(msg_queues_table, key, msg), result != 2) { - queue_free(msg->msg_queue); - w_mutex_destroy(&msg->mutex); - w_cond_destroy(&msg->available); - free(msg); - } - - return result; -} - -int w_msg_hash_queues_push(const char *str, char *file, unsigned long size, logtarget * targets, char queue_mq) { - w_msg_queue_t *msg; - int i; - char *file_cpy; - int result; - - w_logcollector_state_update_file(file, size); - - for (i = 0; targets[i].log_socket; i++) - { - w_mutex_lock(&mutex); - - msg = (w_msg_queue_t *)OSHash_Get(msg_queues_table, targets[i].log_socket->name); - - w_mutex_unlock(&mutex); - - if (msg) { - os_strdup(file, file_cpy); - result = w_msg_queue_push(msg, str, file_cpy, size, &targets[i], queue_mq); - - if (result < 0) { - w_logcollector_state_update_target(file,targets[i].log_socket->name, true); - } - } - } - - return 0; -} - -int w_msg_queue_push(w_msg_queue_t * msg, const char * buffer, char *file, unsigned long size, logtarget * log_target, char queue_mq) { - w_message_t *message; - static int reported = 0; - int result; - - w_mutex_lock(&msg->mutex); - - os_calloc(1,sizeof(w_message_t),message); - os_calloc(size,sizeof(char),message->buffer); - memcpy(message->buffer,buffer,size); - message->size = size; - message->file = file; - message->log_target = log_target; - message->queue_mq = queue_mq; - - - if (result = queue_push(msg->msg_queue, message), result == 0) { - w_cond_signal(&msg->available); - } - - if ((result < 0) && !reported) { - #ifndef WIN32 - mwarn("Target '%s' message queue is full (%zu). Log lines may be lost.", log_target->log_socket->name, msg->msg_queue->size); - #else - mwarn("Target '%s' message queue is full (%u). Log lines may be lost.", log_target->log_socket->name, msg->msg_queue->size); - #endif - reported = 1; - } - - w_mutex_unlock(&msg->mutex); - - if (result < 0) { - free(message->file); - free(message->buffer); - free(message); - mdebug2("Discarding log line for target '%s'", log_target->log_socket->name); - } - - return result; -} - -w_message_t * w_msg_queue_pop(w_msg_queue_t * msg){ - w_message_t *message; - w_mutex_lock(&msg->mutex); - - while (message = (w_message_t *)queue_pop(msg->msg_queue), !message) { - w_cond_wait(&msg->available, &msg->mutex); - } - - w_mutex_unlock(&msg->mutex); - return message; -} - -#ifdef WIN32 -DWORD WINAPI w_output_thread(void * args) { -#else -void * w_output_thread(void * args){ -#endif - char *queue_name = args; - w_message_t *message; - w_msg_queue_t *msg_queue; - int result; - - if (msg_queue = OSHash_Get(msg_queues_table, queue_name), !msg_queue) { - mwarn("Could not found the '%s'.", queue_name); - #ifdef WIN32 - exit(1); - #else - return NULL; - #endif - } - - while(1) - { - int sleep_time = 5; - /* Pop message from the queue */ - message = w_msg_queue_pop(msg_queue); - - if (strcmp(message->log_target->log_socket->name, "agent") == 0) { - // When dealing with this type of messages we don't want any of them to be lost - // Continuously attempt to reconnect to the queue and send the message. - result = SendMSGtoSCK(logr_queue, message->buffer, message->file, - message->queue_mq, message->log_target); - if (result != 0) { - if (result != 1) { - merror("Unable to send message to '%s' (wazuh-agentd might be down). Attempting to reconnect.", DEFAULTQUEUE); - } - // Retry to connect infinitely. - logr_queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); - - minfo("Successfully reconnected to '%s'", DEFAULTQUEUE); - - if (result = SendMSGtoSCK(logr_queue, message->buffer, message->file, message->queue_mq, message->log_target), - result != 0) { - // We reconnected but are still unable to send the message, notify it and go on. - if (result != 1) { - merror("Unable to send message to '%s' after a successfull reconnection...", DEFAULTQUEUE); - } - result = 1; - } - } - - w_logcollector_state_update_target(message->file, - message->log_target->log_socket->name, - result == 1); - - } else { - const int MAX_RETRIES = 3; - int retries = 0; - result = 1; - while (retries < MAX_RETRIES) { - result = SendMSGtoSCK(logr_queue, message->buffer, message->file, - message->queue_mq, message->log_target); - if (result < 0) { - merror(QUEUE_SEND); - - sleep(sleep_time); - - // If we failed, we will wait longer before reattempting to connect - sleep_time += 5; - retries++; - } else { - break; - } - } - - w_logcollector_state_update_target(message->file, - message->log_target->log_socket->name, - result == 1); - - if (retries == MAX_RETRIES) { - merror(SEND_ERROR, message->log_target->log_socket->location, message->buffer); - } - } - free(message->file); - free(message->buffer); - free(message); - } - -#ifndef WIN32 - return NULL; -#endif -} - -void w_create_output_threads(){ - unsigned int i; - const OSHashNode *curr_node; - - for(i = 0; i <= msg_queues_table->rows; i++){ - if(msg_queues_table->table[i]){ - curr_node = msg_queues_table->table[i]; - - /* Create one thread per valid hash entry */ - if(curr_node->key){ -#ifndef WIN32 - w_create_thread(w_output_thread, curr_node->key); -#else - w_create_thread(NULL, - 0, - w_output_thread, - curr_node->key, - 0, - NULL); -#endif - } - } - } -} - -#ifdef WIN32 -DWORD WINAPI w_input_thread(__attribute__((unused)) void * t_id) { -#else -void * w_input_thread(__attribute__((unused)) void * t_id){ -#endif - logreader *current; - int i = 0, r = 0, j = -1; - IT_control f_control = 0; - time_t curr_time = 0; -#ifdef __linux__ - unsigned long thread_id = (unsigned long) pthread_self(); -#endif -#ifndef WIN32 - int int_error = 0; - struct timeval fp_timeout; - struct stat tmp_stat; -#else - BY_HANDLE_FILE_INFORMATION lpFileInformation; - memset(&lpFileInformation, 0, sizeof(BY_HANDLE_FILE_INFORMATION)); -#endif - - /* Daemon loop */ - while (1) { -#ifndef WIN32 - fp_timeout.tv_sec = loop_timeout; - fp_timeout.tv_usec = 0; - - /* Wait for the select timeout */ - if ((r = select(0, NULL, NULL, NULL, &fp_timeout)) < 0) { - merror(SELECT_ERROR, errno, strerror(errno)); - int_error++; - - if (int_error >= 5) { - merror_exit(SYSTEM_ERROR); - } - continue; - } -#else - - /* Windows doesn't like select that way */ - sleep(loop_timeout + 2); - - /* Check for messages in the event viewer */ - - if (pthread_mutex_trylock(&win_el_mutex) == 0) { - win_readel(); - w_mutex_unlock(&win_el_mutex); - } -#endif - - /* Check which file is available */ - for (i = 0, j = -1;; i++) { - - rwlock_lock_read(&files_update_rwlock); - if (f_control = update_current(¤t, &i, &j), f_control) { - rwlock_unlock(&files_update_rwlock); - - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - if (pthread_mutex_trylock(¤t->mutex) == 0){ - - if (!current->fp) { - /* Run the command */ - if (current->command) { - curr_time = time(0); - if ((curr_time - current->size) >= current->ign) { - current->size = curr_time; - current->read(current, &r, 0); - } - } -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - /* Read the macOS `log` process output */ - else if (current->macos_log != NULL && current->macos_log->state != LOG_NOT_RUNNING) { - current->read(current, &r, 0); - } -#endif -#ifdef __linux__ - /* Read the journald logs */ - else if (current->journal_log != NULL) { - if (w_journald_can_read(thread_id)) { - current->read(current, &r, 0); - } else { - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_NOT_OWNER); - } - } -#endif - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } - - /* Windows with IIS logs is very strange. - * For some reason it always returns 0 (not EOF) - * the fgetc. To solve this problem, we always - * pass it to the function pointer directly. - */ - #ifndef WIN32 - - if(current->age) { - if ((fstat(fileno(current->fp), &tmp_stat)) == -1) { - merror(FSTAT_ERROR, current->file, errno, strerror(errno)); - - } else { - struct timespec c_currenttime; - gettime(&c_currenttime); - - /* Ignore file */ - if((c_currenttime.tv_sec - (int)current->age) >= tmp_stat.st_mtime) { - mdebug1("Ignoring file '%s' due to modification time",current->file); - fclose(current->fp); - current->fp = NULL; - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } - } - } - - /* We check for the end of file. If is returns EOF, - * we don't attempt to read it. - * Excluding multiline_regex log format which has its own handler. - */ - if (current->multiline == NULL) { - if ((r = fgetc(current->fp)) == EOF) { - clearerr(current->fp); - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } - - /* If it is not EOF, we need to return the read character */ - ungetc(r, current->fp); - } - #endif - -#ifdef WIN32 - if(current->age) { - if (current->h && (GetFileInformationByHandle(current->h, &lpFileInformation) == 0)) { - merror("Unable to get file information by handle."); - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } else { - FILETIME ft_handle = lpFileInformation.ftLastWriteTime; - - /* Current machine EPOCH time */ - long long int c_currenttime = get_windows_time_epoch(); - - /* Current file EPOCH time */ - long long int file_currenttime = get_windows_file_time_epoch(ft_handle); - - /* Ignore file */ - if((c_currenttime - current->age) >= file_currenttime) { - mdebug1("Ignoring file '%s' due to modification time",current->file); - fclose(current->fp); - current->fp = NULL; - current->h = NULL; - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } - } - } - - int ucs2 = is_usc2(current->file); - if (ucs2) { - current->ucs2 = ucs2; - if (current->filter_binary) { - /* If the file is empty, set it to UCS-2 LE */ - if (FileSizeWin(current->file) == 0) { - current->ucs2 = UCS2_LE; - current->read = read_ucs2_le; - mdebug2("File '%s' is empty. Setting encoding to UCS-2 LE.",current->file); - } else { - - if (current->ucs2 == UCS2_LE) { - mdebug1("File '%s' is UCS-2 LE",current->file); - current->read = read_ucs2_le; - } - - if (current->ucs2 == UCS2_BE) { - mdebug1("File '%s' is UCS-2 BE",current->file); - current->read = read_ucs2_be; - } - } - } - } - - if (current->filter_binary) { - /* If the file is empty, set it to UCS-2 LE */ - if (FileSizeWin(current->file) == 0) { - current->ucs2 = UCS2_LE; - current->read = read_ucs2_le; - mdebug2("File '%s' is empty. Setting encoding to UCS-2 LE.",current->file); - } else { - - if (!ucs2) { - if (!strcmp("syslog", current->logformat) || !strcmp("generic", current->logformat)) { - current->read = read_syslog; - } else if (strcmp("multi-line", current->logformat) == 0) { - current->read = read_multiline; - } else if (strcmp(MULTI_LINE_REGEX, current->logformat) == 0) { - current->read = read_multiline_regex; - } - } - } - } -#endif - /* Finally, send to the function pointer to read it */ - current->read(current, &r, 0); - /* Check for error */ - if (!ferror(current->fp)) { - /* Clear EOF */ - clearerr(current->fp); - - /* Parsing error */ - if (r != 0) { - current->ign++; - - if (open_file_attempts && j < 0) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - - } - w_mutex_unlock(¤t->mutex); - } - /* If ferror is set */ - else { - merror(FREAD_ERROR, current->file, errno, strerror(errno)); - #ifndef WIN32 - if (fseek(current->fp, 0, SEEK_END) < 0) - #else - if (1) - #endif - { - - #ifndef WIN32 - merror(FSEEK_ERROR, current->file, errno, strerror(errno)); - #endif - - /* Close the file */ - fclose(current->fp); - current->fp = NULL; - - /* Try to open it again */ - if (handle_file(i, j, 0, 1)) { - w_mutex_unlock(¤t->mutex); - rwlock_unlock(&files_update_rwlock); - continue; - } -#ifdef WIN32 - if (current->fp != NULL) { - if (current->future == 0) { - w_set_to_last_line_read(current); - } else { - int64_t offset = w_set_to_pos(current, 0, SEEK_END); - w_update_hash_node(current->file, offset); - } - } -#endif - } - /* Increase the error count */ - current->ign++; - - if (open_file_attempts && j < 0) { - mdebug1(OPEN_ATTEMPT, current->file, open_file_attempts - current->ign); - } else { - mdebug1(OPEN_UNABLE, current->file); - } - - if (current->fp) { - clearerr(current->fp); - } - - w_mutex_unlock(¤t->mutex); - } - } - - rwlock_unlock(&files_update_rwlock); - } - } - -#ifndef WIN32 - return NULL; -#endif -} - -void w_create_input_threads(){ - - int i; - - N_INPUT_THREADS = getDefine_Int("logcollector", "input_threads", N_MIN_INPUT_THREADS, 128); - -#ifdef WIN32 - w_mutex_init(&win_el_mutex, &win_el_mutex_attr); - w_mutexattr_destroy(&win_el_mutex_attr); -#endif - - for(i = 0; i < N_INPUT_THREADS; i++) { -#ifndef WIN32 - w_create_thread(w_input_thread,NULL); -#else - w_create_thread(NULL, - 0, - w_input_thread, - NULL, - 0, - NULL); -#endif - } -} - -void files_lock_init() -{ - rwlock_init(&files_update_rwlock); - rwlock_init(&can_read_rwlock); -} - -static void check_text_only() { - - int i, j; - - IT_control f_control = 0; - logreader *current; - char file_name[PATH_MAX]; - - for (i = 0, j = -1;; i++) { - if (f_control = update_current(¤t, &i, &j), f_control) { - if (f_control == NEXT_IT) { - continue; - } else { - break; - } - } - - /* Check for files to exclude */ - if(current->file && !current->command && current->filter_binary) { - snprintf(file_name, PATH_MAX, "%s", current->file); - - char *file_excluded = OSHash_Get(excluded_files,file_name); - - if(is_ascii_utf8(current->file,MAX_ASCII_LINES,MAX_UTF8_CHARS)) { - #ifdef WIN32 - - int ucs2 = is_usc2(current->file); - if(ucs2) { - current->ucs2 = ucs2; - continue; - } - - #endif - int result = 0; - if (j < 0) { - result = Remove_Localfile(&logff, i, 0, 1, NULL); - } else { - result = Remove_Localfile(&(globs[j].gfiles), i, 1, 0, &globs[j]); - } - - if (result) { - merror_exit(REM_ERROR, file_name); - } else { - mdebug2(NON_TEXT_FILE, file_name); - mdebug2(CURRENT_FILES, current_files, maximum_files); - - if(!file_excluded) { - OSHash_Add(excluded_files,file_name,(void *)1); - } - - /* Add to binary hash table */ - char *file_excluded_binary = OSHash_Get(excluded_binaries,file_name); - - if (!file_excluded_binary) { - OSHash_Add(excluded_binaries,file_name,(void *)1); - } - - } - i--; - } else { - - if(file_excluded) { - OSHash_Delete(excluded_files,file_name); - } - } - } - } -} - -#ifdef WIN32 -static void check_pattern_expand_excluded() { - - int found; - int j; - - if (globs) { - for (j = 0; globs[j].gpath; j++) { - - if (!globs[j].exclude_path) { - continue; - } - - char *global_path = NULL; - char *wildcard = NULL; - os_strdup(globs[j].exclude_path,global_path); - - wildcard = strrchr(global_path,'\\'); - - if (wildcard) { - - DIR *dir = NULL; - struct dirent *dirent = NULL; - - *wildcard = '\0'; - wildcard++; - - if (dir = opendir(global_path), !dir) { - merror("Couldn't open directory '%s' due to: %s", global_path, win_strerror(WSAGetLastError())); - os_free(global_path); - continue; - } - - while (dirent = readdir(dir), dirent) { - - // Skip "." and ".." - if (dirent->d_name[0] == '.' && (dirent->d_name[1] == '\0' || (dirent->d_name[1] == '.' && dirent->d_name[2] == '\0'))) { - continue; - } - - char full_path[PATH_MAX] = {0}; - snprintf(full_path,PATH_MAX,"%s\\%s",global_path,dirent->d_name); - - /* Skip file if it is a directory */ - DIR *is_dir = NULL; - - if (is_dir = opendir(full_path), is_dir) { - mdebug2("File %s is a directory. Skipping it.", full_path); - closedir(is_dir); - continue; - } - - /* Match wildcard */ - char *regex = NULL; - regex = wstr_replace(wildcard,".","\\p"); - os_free(regex); - regex = wstr_replace(wildcard,"*","\\.*"); - - /* Add the starting ^ regex */ - { - char p[PATH_MAX] = {0}; - snprintf(p,PATH_MAX,"^%s",regex); - os_free(regex); - os_strdup(p,regex); - } - - /* If wildcard is only ^\.* add another \.* */ - if (strlen(regex) == 4) { - char *rgx = NULL; - rgx = wstr_replace(regex,"\\.*","\\.*\\.*"); - os_free(regex); - regex = rgx; - } - - /* Add $ at the end of the regex */ - wm_strcat(®ex, "$", 0); - - if(!OS_Regex(regex,dirent->d_name)) { - mdebug2("Regex %s doesn't match with file '%s'",regex,dirent->d_name); - os_free(regex); - continue; - } - - os_free(regex); - - found = 0; - int k; - for (k = 0; globs[j].gfiles[k].file; k++) { - if (!strcmp(globs[j].gfiles[k].file, full_path)) { - found = 1; - break; - } - } - - /* Excluded file found, remove it completely */ - if(found) { - int result; - - if (j < 0) { - result = Remove_Localfile(&logff, k, 0, 1, NULL); - } else { - result = Remove_Localfile(&(globs[j].gfiles), k, 1, 0, &globs[j]); - } - - if (result) { - merror_exit(REM_ERROR,full_path); - } else { - - /* Add the excluded file to the hash table */ - char *file = OSHash_Get(excluded_files,full_path); - - if(!file) { - OSHash_Add(excluded_files,full_path,(void *)1); - minfo(EXCLUDE_FILE,full_path); - } - - mdebug2(EXCLUDE_FILE,full_path); - mdebug2(CURRENT_FILES, current_files, maximum_files); - } - } - } - closedir(dir); - } - os_free(global_path); - } - } -} -#endif - - -static void set_can_read(int value){ - - RWLOCK_LOCK_WRITE(&can_read_rwlock, { - _can_read = value; - }); -} - -int can_read() { - - int ret; - RWLOCK_LOCK_READ(&can_read_rwlock, { - ret = _can_read; - }); - return ret; -} - -int w_update_file_status(const char * path, int64_t pos, EVP_MD_CTX * context) { - - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - - data->context = context; - - os_sha1 output; - OS_SHA1_Stream(context, output, NULL); - memcpy(data->hash, output, sizeof(os_sha1)); - - data->offset = pos; - - if (OSHash_Update_ex(files_status, path, data) != 1) { - if (OSHash_Add_ex(files_status, path, data) != 2) { - EVP_MD_CTX_free(context); - os_free(data); - return -1; - } - } - - return 0; -} - -void free_files_status_data(os_file_status_t *data) { - if (!data) return; - EVP_MD_CTX_free(data->context); - os_free(data); -} - -STATIC void w_initialize_file_status() { - - /* Initialize hash table to associate paths and read position */ - if (files_status = OSHash_Create(), files_status == NULL) { - merror_exit(HCREATE_ERROR, files_status_name); - } - - if (OSHash_setSize(files_status, LOCALFILES_TABLE_SIZE) == 0) { - merror_exit(HSETSIZE_ERROR, files_status_name); - } - - OSHash_SetFreeDataPointer(files_status, (void (*)(void *))free_files_status_data); - - /* Read json file to load last read positions */ - FILE * fd = NULL; - - if (fd = wfopen(LOCALFILE_STATUS, "r"), fd != NULL) { - char str[OS_MAXSTR] = {0}; - - if (fread(str, 1, OS_MAXSTR - 1, fd) < 1) { - merror(FREAD_ERROR, LOCALFILE_STATUS, errno, strerror(errno)); - clearerr(fd); - } else { - cJSON * global_json = cJSON_Parse(str); - w_load_files_status(global_json); - cJSON_Delete(global_json); - } - - fclose(fd); - } else if (errno != ENOENT) { - merror(FOPEN_ERROR, LOCALFILE_STATUS, errno, strerror(errno)); - } -} - -STATIC void w_save_file_status() { - - char * str = w_save_files_status_to_cJSON(); - - if (str == NULL) { - return; - } - - FILE * fd = NULL; - size_t size_str = strlen(str); - - if (fd = wfopen(LOCALFILE_STATUS, "w"), fd != NULL) { - if (fwrite(str, 1, size_str, fd) == 0) { - merror(FWRITE_ERROR, LOCALFILE_STATUS, errno, strerror(errno)); - clearerr(fd); - } - fclose(fd); - } else { - merror_exit(FOPEN_ERROR, LOCALFILE_STATUS, errno, strerror(errno)); - } - - os_free(str); -} - -STATIC void w_load_files_status(cJSON * global_json) { - - cJSON * localfiles_array = cJSON_GetObjectItem(global_json, OS_LOGCOLLECTOR_JSON_FILES); - int array_size = cJSON_GetArraySize(localfiles_array); - - for (int i = 0; i < array_size; i++) { - cJSON * localfile_item = cJSON_GetArrayItem(localfiles_array, i); - - cJSON * path = cJSON_GetObjectItem(localfile_item, OS_LOGCOLLECTOR_JSON_PATH); - if (path == NULL) { - continue; - } - - char * path_str = cJSON_GetStringValue(path); - if (path_str == NULL) { - continue; - } - - struct stat stat_fd; - - if (stat(path_str, &stat_fd) == -1) { - continue; - } - - cJSON * hash = cJSON_GetObjectItem(localfile_item, OS_LOGCOLLECTOR_JSON_HASH); - if (hash == NULL) { - continue; - } - - char * hash_str = cJSON_GetStringValue(hash); - if (hash_str == NULL) { - continue; - } - - cJSON * offset = cJSON_GetObjectItem(localfile_item, OS_LOGCOLLECTOR_JSON_OFFSET); - if (offset == NULL) { - continue; - } - - char * offset_str = cJSON_GetStringValue(offset); - if (offset_str == NULL) { - continue; - } - - char * end; - -#ifdef WIN32 - int64_t value_offset = strtoll(offset_str, &end, 10); -#else - int64_t value_offset = strtol(offset_str, &end, 10); -#endif - - if (value_offset < 0 || *end != '\0') { - continue; - } - - os_file_status_t * data; - - os_malloc(sizeof(os_file_status_t), data); - memcpy(data->hash, hash_str, sizeof(os_sha1)); - data->offset = value_offset; - - EVP_MD_CTX *context = EVP_MD_CTX_new(); - os_sha1 output; - - if (OS_SHA1_File_Nbytes(path_str, &context, output, OS_BINARY, value_offset) < 0) { - mdebug1(LOGCOLLECTOR_FILE_NOT_EXIST, path_str); - EVP_MD_CTX_free(context); - os_free(data); - return; - } - data->context = context; - - if (OSHash_Update_ex(files_status, path_str, data) != 1) { - if (OSHash_Add_ex(files_status, path_str, data) != 2) { - merror(HADD_ERROR, path_str, files_status_name); - EVP_MD_CTX_free(context); - os_free(data); - } - } - } -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - - w_macos_set_status_from_JSON(global_json); - -#endif - -#ifdef __linux__ - w_journald_set_status_from_JSON(global_json); -#endif - -} - -STATIC char * w_save_files_status_to_cJSON() { - - unsigned int index = 0; - cJSON * global_json = NULL; - char * global_json_str = NULL; - OSHashNode * hash_node = NULL; - - w_rwlock_rdlock(&files_status->mutex); - if (hash_node = OSHash_Begin(files_status, &index), hash_node != NULL) { - os_file_status_t * data = NULL; - cJSON * array = NULL; - cJSON * item = NULL; - char * path = NULL; - char offset[OFFSET_SIZE] = {0}; - - global_json = cJSON_CreateObject(); - array = cJSON_AddArrayToObject(global_json, OS_LOGCOLLECTOR_JSON_FILES); - - while (hash_node != NULL) { - data = hash_node->data; - path = hash_node->key; - memset(offset, 0, OFFSET_SIZE); - - snprintf(offset, OFFSET_SIZE, "%" PRIi64, data->offset); - - item = cJSON_CreateObject(); - - cJSON_AddStringToObject(item, OS_LOGCOLLECTOR_JSON_PATH, path); - cJSON_AddStringToObject(item, OS_LOGCOLLECTOR_JSON_HASH, data->hash); - cJSON_AddStringToObject(item, OS_LOGCOLLECTOR_JSON_OFFSET, offset); - cJSON_AddItemToArray(array, item); - - hash_node = OSHash_Next(files_status, &index, hash_node); - } - } - w_rwlock_unlock(&files_status->mutex); - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - - cJSON * macos_status = w_macos_get_status_as_JSON(); - if (macos_status != NULL && macos_processes != NULL) { - if (global_json == NULL) { - global_json = cJSON_CreateObject(); - } - cJSON_AddItemToObject(global_json, OS_LOGCOLLECTOR_JSON_MACOS, macos_status); - } - -#endif - -#ifdef __linux__ - cJSON * journald_status = w_journald_get_status_as_JSON(); - if (journald_status != NULL) { - if (global_json == NULL) { - global_json = cJSON_CreateObject(); - } - cJSON_AddItemToObject(global_json, JOURNALD_LOG, journald_status); - } -#endif - - if (global_json != NULL) { - global_json_str = cJSON_PrintUnformatted(global_json); - cJSON_Delete(global_json); - } - - return global_json_str; -} - -STATIC int w_set_to_last_line_read(logreader * lf) { - - os_file_status_t * data; - - if (lf->file == NULL) { - return 0; - } - - if (data = (os_file_status_t *)OSHash_Get_ex(files_status, lf->file), data == NULL) { - w_set_to_pos(lf, 0, SEEK_END); - if (w_update_hash_node(lf->file, w_ftell(lf->fp)) == -1) { - merror(HUPDATE_ERROR, lf->file, files_status_name); - } - return 0; - } - - struct stat stat_fd; - - if (fstat(fileno(lf->fp), &stat_fd) == -1) { - merror(FSTAT_ERROR, lf->file, errno, strerror(errno)); - return -1; - } - - int64_t result = 0; - EVP_MD_CTX *context = EVP_MD_CTX_new(); - os_sha1 output; - - if (OS_SHA1_File_Nbytes(lf->file, &context, output, OS_BINARY, data->offset) < 0) { - merror(FAIL_SHA1_GEN, lf->file); - EVP_MD_CTX_free(context); - return -1; - } - - if (strcmp(output, data->hash)) { - result = w_set_to_pos(lf, 0, SEEK_SET); - } else if (stat_fd.st_size - data->offset > lf->diff_max_size) { - result = w_set_to_pos(lf, 0, SEEK_END); - } else { - EVP_MD_CTX_free(context); - return w_set_to_pos(lf, data->offset, SEEK_SET); - } - - if (result >= 0) { - if (w_update_hash_node(lf->file, result) == -1) { - merror(HUPDATE_ERROR, lf->file, files_status_name); - } - } - - EVP_MD_CTX_free(context); - return result; -} - -STATIC int w_update_hash_node(char * path, int64_t pos) { - - os_file_status_t * data; - - if (path == NULL) { - return -1; - } - - os_malloc(sizeof(os_file_status_t), data); - - data->offset = pos; - - EVP_MD_CTX *context = EVP_MD_CTX_new(); - os_sha1 output; - - if (OS_SHA1_File_Nbytes(path, &context, output, OS_BINARY, pos) < 0) { - merror(FAIL_SHA1_GEN, path); - EVP_MD_CTX_free(context); - os_free(data); - return -1; - } - memcpy(data->hash, output, sizeof(os_sha1)); - data->context = context; - - if (OSHash_Update_ex(files_status, path, data) != 1) { - if (OSHash_Add_ex(files_status, path, data) != 2) { - EVP_MD_CTX_free(context); - os_free(data); - return -1; - } - } - - return 0; -} - -STATIC int64_t w_set_to_pos(logreader * lf, int64_t pos, int mode) { - - if (lf == NULL || lf->file == NULL) { - return -1; - } - - if (w_fseek(lf->fp, pos, mode) < 0) { - merror(FSEEK_ERROR, lf->file, errno, strerror(errno)); - fclose(lf->fp); - lf->fp = NULL; - return -1; - } - - return w_ftell(lf->fp); -} - -bool w_get_hash_context(logreader *lf, EVP_MD_CTX ** context, int64_t position) { - - os_file_status_t * data = (os_file_status_t *) OSHash_Get_ex(files_status, lf->file); - - if (data == NULL) { - os_sha1 output; - if (OS_SHA1_File_Nbytes_with_fp_check(lf->file, context, output, OS_BINARY, position, lf->fd) < 0) { - return false; - } - } else { - EVP_DigestInit(*context, EVP_sha1()); - EVP_MD_CTX_copy(*context, data->context); - } - return true; -} - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) -void w_macos_release_log_show(void) { - - if (macos_processes != NULL && macos_processes->show.wfd != NULL) { - mdebug1("macOS ULS: Releasing macOS `log show` resources."); - if (macos_processes->show.wfd->pid > 0) { - kill(macos_processes->show.wfd->pid, SIGTERM); - } - if (macos_processes->show.child > 0) { - kill(macos_processes->show.child, SIGTERM); - } - wpclose(macos_processes->show.wfd); - macos_processes->show.wfd = NULL; - macos_processes->show.child = 0; - } -} - -void w_macos_release_log_stream(void) { - - if (macos_processes != NULL && macos_processes->stream.wfd != NULL) { - mdebug1("macOS ULS: Releasing macOS `log stream` resources."); - if (macos_processes->stream.wfd->pid > 0) { - kill(macos_processes->stream.wfd->pid, SIGTERM); - } - if (macos_processes->stream.child > 0) { - kill(macos_processes->stream.child, SIGTERM); - } - wpclose(macos_processes->stream.wfd); - macos_processes->stream.wfd = NULL; - macos_processes->stream.child = 0; - } -} - -void w_macos_release_log_execution(void) { - - w_macos_release_log_show(); - w_macos_release_log_stream(); -} - -#endif diff --git a/src/modules/logcollector/src/logcollector.cpp b/src/modules/logcollector/src/logcollector.cpp new file mode 100644 index 0000000000..bd648fcce8 --- /dev/null +++ b/src/modules/logcollector/src/logcollector.cpp @@ -0,0 +1,126 @@ +#include + +#include +#include +#include +#include + +#include +#include +#include + +#include "file_reader.hpp" + +using namespace logcollector; + + +void Logcollector::Start() { + if (!m_enabled) { + LogInfo("Logcollector module is disabled."); + return; + } + + LogInfo("Logcollector module started."); + m_ioContext.run(); +} + +void Logcollector::EnqueueTask(boost::asio::awaitable task) { + boost::asio::co_spawn(m_ioContext, std::move(task), boost::asio::detached); +} + +void Logcollector::Setup(std::shared_ptr configurationParser) { + if (!configurationParser) { + LogError("Invalid Configuration Parser passed to setup, module set to disabled."); + m_enabled = false; + return; + } + + m_enabled = configurationParser->GetConfig("logcollector", "enabled").value_or(config::logcollector::DEFAULT_ENABLED); + + if (m_ioContext.stopped()) + { + m_ioContext.restart(); + } + + SetupFileReader(configurationParser); +} + +void Logcollector::SetupFileReader(const std::shared_ptr configurationParser) { + auto fileWait = configurationParser->GetConfig("logcollector", "file_wait").value_or(config::logcollector::DEFAULT_FILE_WAIT); + + auto reloadInterval = configurationParser->GetConfig("logcollector", "reload_interval").value_or(config::logcollector::DEFAULT_RELOAD_INTERVAL); + + auto localfiles = configurationParser->GetConfig>("logcollector", "localfiles").value_or(std::vector({config::logcollector::DEFAULT_LOCALFILES})); + + for (auto& lf : localfiles) { + AddReader(std::make_shared(*this, lf, fileWait, reloadInterval)); + } +} + +void Logcollector::Stop() { + m_ioContext.stop(); + LogInfo("Logcollector module stopped."); +} + +// NOLINTBEGIN(performance-unnecessary-value-param) +Co_CommandExecutionResult Logcollector::ExecuteCommand(const std::string command, + [[maybe_unused]] const nlohmann::json parameters) { + LogInfo("Logcollector command: ", command); + co_return module_command::CommandExecutionResult{module_command::Status::SUCCESS, "OK"}; +} +// NOLINTEND(performance-unnecessary-value-param) + +void Logcollector::SetPushMessageFunction(const std::function& pushMessage) { + m_pushMessage = pushMessage; +} + +void Logcollector::SendMessage(const std::string& location, const std::string& log, const std::string& collectorType) { + auto metadata = nlohmann::json::object(); + auto data = nlohmann::json::object(); + + + auto getCurrentTimestamp = []() { + constexpr int MILLISECS_IN_A_SEC = 1000; + auto now = std::chrono::system_clock::now(); + auto time_t_now = std::chrono::system_clock::to_time_t(now); + auto milliseconds = std::chrono::duration_cast(now.time_since_epoch()).count() % MILLISECS_IN_A_SEC; + + std::tm tm_now{}; +#ifdef _WIN32 + gmtime_s(&tm_now, &time_t_now); // MSVC (Windows) +#else + gmtime_r(&time_t_now, &tm_now); // Linux/macOS (POSIX) +#endif + + // Formatear el timestamp + std::ostringstream oss; + oss << std::put_time(&tm_now, "%Y-%m-%dT%H:%M:%S") << '.' + << std::setw(3) << std::setfill('0') << milliseconds << "Z"; // Usar 'milliseconds' como entero + + return oss.str(); + }; + + metadata["module"] = m_moduleName; + metadata["type"] = collectorType; + + data["log"]["file"]["path"] = location; + data["tags"] = nlohmann::json::array({"mvp"}); + data["event"]["original"] = log; + data["event"]["ingested"] = getCurrentTimestamp(); + data["event"]["module"] = m_moduleName; + data["event"]["provider"] = "syslog"; + + auto message = Message(MessageType::STATELESS, data, m_moduleName, collectorType, metadata.dump()); + m_pushMessage(message); + + LogTrace("Message pushed: '{}':'{}'", location, log); +} + +void Logcollector::AddReader(std::shared_ptr reader) { + m_readers.push_back(reader); + EnqueueTask(reader->Run()); +} + +Awaitable Logcollector::Wait(std::chrono::milliseconds ms) { + co_await boost::asio::steady_timer(m_ioContext, ms).async_wait(boost::asio::use_awaitable); +} diff --git a/src/modules/logcollector/src/macos_log.c b/src/modules/logcollector/src/macos_log.c deleted file mode 100644 index e9e308e00f..0000000000 --- a/src/modules/logcollector/src/macos_log.c +++ /dev/null @@ -1,562 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) -#include "macos_log.h" - -/* Removes STATIC/INLINE qualifiers from the tests */ -#ifdef WAZUH_UNIT_TESTING -#define STATIC -#define INLINE -#else -#define STATIC static -#define INLINE inline -#endif - -STATIC w_macos_log_vault_t macos_log_vault = { .mutex = PTHREAD_RWLOCK_INITIALIZER, .timestamp = "", - .settings = NULL, .is_valid_data = false }; - -STATIC char * macos_codename = NULL; - -STATIC w_sysinfo_helpers_t * sysinfo = NULL; -/** - * @brief Check if agent is running on macOS Sierra - * - * @return true if agent is running in macOS Sierra. false otherwise - */ -bool w_is_macos_sierra() { - - if (macos_codename != NULL && strcmp(macos_codename, MACOS_SIERRA_CODENAME_STR) == 0) { - return true; - } - return false; -} - -/** - * @brief Prepend `script` command arguments when macOS Sierra is being used - * - * @param log_cmd_array array of arguments - * @param log_cmd_array_idx index of the array - */ -STATIC INLINE void w_macos_add_sierra_support(char ** log_cmd_array, size_t * log_cmd_array_idx) { - - w_strdup(SCRIPT_CMD_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(SCRIPT_CMD_ARGS, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(SCRIPT_CMD_SINK, log_cmd_array[(*log_cmd_array_idx)++]); -} - -/** - * @brief Validates whether the predicate is valid or not - * @param predicate Contains the `log`'s predicate filter to be used as a string - * @return true if valid, otherwise false - */ -STATIC INLINE bool w_macos_is_log_predicate_valid(char * predicate) { - - if (strlen(predicate) > 0) { - return true; - } - return false; -} - -/** - * @brief Adds to the `log show` aguments array the level arguments - * - * @param log_cmd_array `log show` array of arguments - * @param log_cmd_array_idx Index of the `log show` array - * @param level String that contains the `log show` levels - */ -STATIC INLINE void w_macos_log_show_array_add_level(char ** log_cmd_array, size_t * log_cmd_array_idx, char * level) { - - /* Log Show's Level section: adds, or not, `--debug` and/or `--info`. This that assumes `debug` contains `info` */ - if (level != NULL && strcmp(level, MACOS_LOG_LEVEL_DEFAULT_STR) != 0) { - - /* If the level is not `default`, because it is set to `info` or `debug`, then the info logs are acquired */ - w_strdup(SHOW_INFO_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - - if (strcmp(level, MACOS_LOG_LEVEL_DEBUG_STR) == 0) { - /* Only when the level is set to `debug` the debug logs are acquired */ - w_strdup(SHOW_DEBUG_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - } - } -} - -/** - * @brief Creates the predicate fragment related to the type that will be then concatenated with the rest of the filter - * - * @param type Contains the `log show`'s type filters to be used (as combined bit flags) - * @return char * containing a string with the predicate fragment related to the type or NULL if no type filter was set - */ -STATIC INLINE char * w_macos_log_show_create_type_predicate(int type) { - - char * type_predicate = NULL; - - if (type & MACOS_LOG_TYPE_ACTIVITY) { - w_strdup(SHOW_TYPE_ACTIVITY_STR, type_predicate); - } - if (type & MACOS_LOG_TYPE_LOG) { - if (type_predicate == NULL) { - w_strdup(SHOW_TYPE_LOG_STR, type_predicate); - } else { - type_predicate = w_strcat(type_predicate, SHOW_OR_TYPE_LOG_STR, strlen(SHOW_OR_TYPE_LOG_STR)); - } - } - if (type & MACOS_LOG_TYPE_TRACE) { - if (type_predicate == NULL) { - w_strdup(SHOW_TYPE_TRACE_STR, type_predicate); - } else { - type_predicate = w_strcat(type_predicate, SHOW_OR_TYPE_TRACE_STR, strlen(SHOW_OR_TYPE_TRACE_STR)); - } - } - - return type_predicate; -} - -/** - * @brief Adds to the `log show` aguments array the predicate arguments by joining user's predicate with the "type" one - * - * @param log_cmd_array `log show` array of arguments - * @param log_cmd_array_idx index of the `log show` array - * @param query String containing the user's raw predicate - * @param type_predicate String containing the predicate's type fragment - */ -STATIC INLINE void w_macos_log_show_array_add_predicate(char ** log_cmd_array, size_t * log_cmd_array_idx, char * query, - char * type_predicate) { - - char * predicate = NULL; - - if (query != NULL) { - if (w_macos_is_log_predicate_valid(query)) { - w_strdup(PREDICATE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - - if (type_predicate != NULL) { - const int PREDICATE_SIZE = strlen(query) + strlen(type_predicate) + strlen(QUERY_AND_TYPE_PREDICATE); - os_calloc(PREDICATE_SIZE, sizeof(char), predicate); - snprintf(predicate, PREDICATE_SIZE, QUERY_AND_TYPE_PREDICATE, query, type_predicate); - - } else { - w_strdup(query, predicate); - } - w_strdup(predicate, log_cmd_array[(*log_cmd_array_idx)++]); - os_free(predicate); - - } else if (type_predicate != NULL) { - w_strdup(PREDICATE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(type_predicate, log_cmd_array[(*log_cmd_array_idx)++]); - } - } else if (type_predicate != NULL) { - w_strdup(PREDICATE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(type_predicate, log_cmd_array[(*log_cmd_array_idx)++]); - } -} - -/** - * @brief Generates the `log show` command array with its arguments - * - * @param predicate Contains the `log show`'s predicate filter to be used as a string - * @param level Contains, or not, the `log show`'s level filter to be used as a string (default/info/debug) - * @param type Contains the `log show`'s type filters to be used (as combined bit flags) - * @return A pointer to an array containing the executable arguments - */ -STATIC INLINE char ** w_macos_create_log_show_array(char * start_date, char * query, char * level, int type) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - char * type_predicate = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - if (w_is_macos_sierra()) { - w_macos_add_sierra_support(log_cmd_array, &log_cmd_array_idx); - } - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(start_date, log_cmd_array[log_cmd_array_idx++]); - - w_macos_log_show_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - type_predicate = w_macos_log_show_create_type_predicate(type); - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - os_free(type_predicate); - - return log_cmd_array; -} - -/** - * @brief Adds to the `log stream` aguments array the level arguments - * - * @param log_cmd_array `log stream` array of arguments - * @param log_cmd_array_idx index of the `log stream` array - * @param level string that contains the `log stream` levels - */ -STATIC INLINE void w_macos_log_stream_array_add_level(char ** log_cmd_array, size_t * log_cmd_array_idx, char * level) { - - if (level != NULL) { - w_strdup(LEVEL_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(level, log_cmd_array[(*log_cmd_array_idx)++]); - } -} - -/** - * @brief Adds to the `log stream` aguments array the type arguments - * - * @param log_cmd_array `log stream` array of arguments - * @param log_cmd_array_idx index of the `log stream` array - * @param type Contains the `log stream`'s type filters to be used (as combined bit flags) - */ -STATIC INLINE void w_macos_log_stream_array_add_type(char ** log_cmd_array, size_t * log_cmd_array_idx, int type) { - - if (type != 0) { - if (type & MACOS_LOG_TYPE_ACTIVITY) { - w_strdup(TYPE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(MACOS_LOG_TYPE_ACTIVITY_STR, log_cmd_array[(*log_cmd_array_idx)++]); - } - if (type & MACOS_LOG_TYPE_LOG) { - w_strdup(TYPE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(MACOS_LOG_TYPE_LOG_STR, log_cmd_array[(*log_cmd_array_idx)++]); - } - if (type & MACOS_LOG_TYPE_TRACE) { - w_strdup(TYPE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - w_strdup(MACOS_LOG_TYPE_TRACE_STR, log_cmd_array[(*log_cmd_array_idx)++]); - } - } -} - -/** - * @brief Adds to the `log stream` aguments array the predicate arguments - * - * @param log_cmd_array `log stream` array of arguments - * @param log_cmd_array_idx index of the `log stream` array - * @param predicate string that contains the `log stream` predicate - */ -STATIC INLINE void w_macos_log_stream_array_add_predicate(char ** log_cmd_array, size_t * log_cmd_array_idx, - char * predicate) { - - if (predicate != NULL && w_macos_is_log_predicate_valid(predicate)) { - w_strdup(PREDICATE_OPT_STR, log_cmd_array[(*log_cmd_array_idx)++]); - - w_strdup(predicate, log_cmd_array[(*log_cmd_array_idx)++]); - } -} - -/** - * @brief Generates the `log stream` command array with its arguments - * - * @param predicate Contains the `log stream`'s predicate filter to be used as a string - * @param level Contains, or not, the `log stream`'s level filter to be used as a string (default/info/debug) - * @param type Contains the `log stream`'s type filters to be used (as combined bit flags) - * @return A pointer to an array containing the executable arguments - */ -STATIC char ** w_macos_create_log_stream_array(char * predicate, char * level, int type) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_STREAM_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - if (w_is_macos_sierra()) { - w_macos_add_sierra_support(log_cmd_array, &log_cmd_array_idx); - } - - /* Adding `log` and `stream` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_STREAM_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - w_macos_log_stream_array_add_type(log_cmd_array, &log_cmd_array_idx, type); - - w_macos_log_stream_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - w_macos_log_stream_array_add_predicate(log_cmd_array, &log_cmd_array_idx, predicate); - - return log_cmd_array; -} - -/** - * @brief Executes the `log stream/show` command with its arguments and sets to non-blocking the output pipe - * - * @param log_cmd_array Contains the arguments of the command to be executed - * @param flags Are the flags to be used along with wpopenv() - * @return A pointer to a fulfilled wfd_t structure, on success, or NULL - */ -STATIC wfd_t * w_macos_log_exec(char ** log_cmd_array, u_int32_t flags) { - - int log_pipe_fd = -1; - int log_pipe_fd_flags = 0; - wfd_t * macos_log_wfd = wpopenv(*log_cmd_array, log_cmd_array, flags); - - if (macos_log_wfd == NULL) { - merror(WPOPENV_ERROR, strerror(errno), errno); - } else { - /* The file descriptor, from which the output of `log stream` will be read, is set to non-blocking */ - log_pipe_fd = fileno(macos_log_wfd->file_out); // Gets the file descriptor from a file pointer - - if (log_pipe_fd <= 0) { - merror(FP_TO_FD_ERROR, strerror(errno), errno); - wpclose(macos_log_wfd); - macos_log_wfd = NULL; - } else { - log_pipe_fd_flags = fcntl(log_pipe_fd, F_GETFL, 0); // Gets current flags - - if (log_pipe_fd_flags < 0) { - merror(GET_FLAGS_ERROR, strerror(errno), errno); - wpclose(macos_log_wfd); - macos_log_wfd = NULL; - } else { - log_pipe_fd_flags |= O_NONBLOCK; // Adds the NON-BLOCKING flag to current flags - const int set_flags_retval = fcntl(log_pipe_fd, F_SETFL, log_pipe_fd_flags); // Sets the new Flags - - if (set_flags_retval < 0) { - merror(SET_FLAGS_ERROR, strerror(errno), errno); - wpclose(macos_log_wfd); - macos_log_wfd = NULL; - } - } - } - } - - return macos_log_wfd; -} - -/** - * @brief Checks whether the `log` command can be executed or not by using the access() function - * @warning if macOS Sierra is beeing used, also `script` command will be checked. - * @return true when `log` command can be executed, false otherwise. - */ -STATIC INLINE bool w_macos_is_log_executable(void) { - - if (w_is_macos_sierra() && access(SCRIPT_CMD_STR, X_OK) != 0) { - merror(ACCESS_ERROR, SCRIPT_CMD_STR, strerror(errno), errno); - return false; - } - - const int retval = access(LOG_CMD_STR, X_OK); - if (retval == 0) { - return true; - } - merror(ACCESS_ERROR, LOG_CMD_STR, strerror(errno), errno); - return false; -} - -/** - * @brief Creates the environment for collecting "show" logs on macOS Systems - * - * @param lf localfile's logreader structure with `log show`'s arguments and its configuration structure to be set - */ -STATIC INLINE void w_macos_create_log_show_env(logreader * lf) { - - char ** log_show_array = NULL; - - char * timestamp = w_macos_get_last_log_timestamp(); - - lf->macos_log->processes.show.wfd = NULL; - - if (timestamp[0] == '\0') { - os_free(timestamp); - return; - } - - log_show_array = w_macos_create_log_show_array(timestamp, lf->query, lf->query_level, lf->query_type); - - lf->macos_log->processes.show.wfd = w_macos_log_exec(log_show_array, W_BIND_STDOUT | W_BIND_STDERR); - - char * log_show_str = w_strcat_list(log_show_array, ' '); - - if (lf->macos_log->processes.show.wfd != NULL) { - lf->macos_log->state = LOG_RUNNING_SHOW; - minfo(LOGCOLLECTOR_MACOS_LOG_SHOW_INFO, log_show_str); - } else { - merror(LOGCOLLECTOR_MACOS_LOG_SHOW_EXEC_ERROR, log_show_str); - } - - os_free(timestamp); - os_free(log_show_str); - free_strarray(log_show_array); -} - -/** - * @brief Creates the environment for collecting "stream" logs on MacOS Systems - * - * @param lf localfile's logreader structure with `log stream`'s arguments and its configuration structure to be set - */ -STATIC INLINE void w_macos_create_log_stream_env(logreader * lf) { - - char ** log_stream_array = NULL; - - lf->macos_log->processes.stream.wfd = NULL; - - log_stream_array = w_macos_create_log_stream_array(lf->query, lf->query_level, lf->query_type); - - lf->macos_log->processes.stream.wfd = w_macos_log_exec(log_stream_array, W_BIND_STDOUT | W_BIND_STDERR); - - char * log_stream_str = w_strcat_list(log_stream_array, ' '); - - if (lf->macos_log->processes.stream.wfd != NULL) { - if (lf->macos_log->state == LOG_NOT_RUNNING) { - lf->macos_log->state = LOG_RUNNING_STREAM; - } - minfo(LOGCOLLECTOR_MACOS_LOG_STREAM_INFO, log_stream_str); - } else { - merror(LOGCOLLECTOR_MACOS_LOG_STREAM_EXEC_ERROR, log_stream_str); - } - - os_free(log_stream_str); - free_strarray(log_stream_array); -} - -void w_macos_create_log_env(logreader * lf, w_sysinfo_helpers_t * global_sysinfo) { - - lf->macos_log->state = LOG_NOT_RUNNING; - - sysinfo = global_sysinfo; - - macos_codename = w_get_os_codename(sysinfo); - - if (w_macos_is_log_executable()) { - - /* `log stream` command parameters are stored to keep track of the settings changes that may occur, - and to determine whether past events should be retrieved or not */ - char ** current_settings_list = w_macos_create_log_stream_array(lf->query, lf->query_level, lf->query_type); - lf->macos_log->current_settings = w_strcat_list(current_settings_list, ' '); - free_strarray(current_settings_list); - - if (macos_codename != NULL) { - mdebug1("macOS ULS: Creating environment for macOS %s.", macos_codename); - } - - /* If only-future-events is disabled, so past events are retrieved, then `log show` is also executed */ - if (!lf->future) { - char * previous_settings = w_macos_get_log_settings(); - - if (previous_settings != NULL) { - if (strcmp(lf->macos_log->current_settings, previous_settings) == 0) { - w_macos_create_log_show_env(lf); - } else { - mdebug1("macOS ULS: Current predicate differs from the stored one. Discarding old events."); - } - os_free(previous_settings); - } - } - - w_macos_create_log_stream_env(lf); - } - os_free(lf->file); - lf->fp = NULL; -} - -pid_t w_get_first_child(pid_t parent_pid) { - - pid_t first_child = 0; - pid_t * childs = w_get_process_childs(sysinfo, parent_pid, 1); - if (childs != NULL && *childs != 0) { - first_child = *childs; - } - os_free(childs); - - return first_child; -} - -void w_macos_set_last_log_timestamp(char * timestamp) { - - w_rwlock_wrlock(&macos_log_vault.mutex); - strncpy(macos_log_vault.timestamp, timestamp, OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN); - w_rwlock_unlock(&macos_log_vault.mutex); -} - -char * w_macos_get_last_log_timestamp(void) { - - char * short_timestamp = NULL; - w_rwlock_rdlock(&macos_log_vault.mutex); - w_strdup(macos_log_vault.timestamp, short_timestamp); - w_rwlock_unlock(&macos_log_vault.mutex); - return short_timestamp; -} - -void w_macos_set_log_settings(char * settings) { - - w_rwlock_wrlock(&macos_log_vault.mutex); - os_free(macos_log_vault.settings); - w_strdup(settings, macos_log_vault.settings); - w_rwlock_unlock(&macos_log_vault.mutex); -} - -char * w_macos_get_log_settings(void) { - - char * settings = NULL; - w_rwlock_rdlock(&macos_log_vault.mutex); - w_strdup(macos_log_vault.settings, settings); - w_rwlock_unlock(&macos_log_vault.mutex); - return settings; -} - - -bool w_macos_get_is_valid_data() { - - w_rwlock_rdlock(&macos_log_vault.mutex); - bool retval = macos_log_vault.is_valid_data; - w_rwlock_unlock(&macos_log_vault.mutex); - - return retval; -} - -void w_macos_set_is_valid_data(bool is_valid) { - - w_rwlock_wrlock(&macos_log_vault.mutex); - macos_log_vault.is_valid_data = is_valid; - w_rwlock_unlock(&macos_log_vault.mutex); -} - -cJSON * w_macos_get_status_as_JSON(void) { - - if (!w_macos_get_is_valid_data()) { - return NULL; - } - - cJSON * macos_log = NULL; - char * timestamp = w_macos_get_last_log_timestamp(); - char * settings = w_macos_get_log_settings(); - - if (w_strlen(timestamp) == OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN && settings != NULL) { - macos_log = cJSON_CreateObject(); - cJSON_AddItemToObject(macos_log, OS_LOGCOLLECTOR_JSON_TIMESTAMP, cJSON_CreateString(timestamp)); - cJSON_AddItemToObject(macos_log, OS_LOGCOLLECTOR_JSON_SETTINGS, cJSON_CreateString(settings)); - } - os_free(settings); - os_free(timestamp); - - return macos_log; -} - -void w_macos_set_status_from_JSON(cJSON * global_json) { - cJSON * macos_log = cJSON_GetObjectItem(global_json, OS_LOGCOLLECTOR_JSON_MACOS); - char * timestamp = cJSON_GetStringValue(cJSON_GetObjectItem(macos_log, OS_LOGCOLLECTOR_JSON_TIMESTAMP)); - char * settings = cJSON_GetStringValue(cJSON_GetObjectItem(macos_log, OS_LOGCOLLECTOR_JSON_SETTINGS)); - if (w_strlen(timestamp) == OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN && settings != NULL) { - w_macos_set_last_log_timestamp(timestamp); - w_macos_set_log_settings(settings); - w_macos_set_is_valid_data(true); - } -} - -#endif diff --git a/src/modules/logcollector/src/main.c b/src/modules/logcollector/src/main.c deleted file mode 100644 index 0d657a22c8..0000000000 --- a/src/modules/logcollector/src/main.c +++ /dev/null @@ -1,198 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Logcollector daemon - * Monitor some files and forward the output to our analysis system - */ - -#include "shared.h" -#include -#include -#include -#include -#include -#include -#include - -#include "os_regex/os_regex.h" -#include "logcollector.h" - -/* Prototypes */ -static void help_logcollector(char * home_path) __attribute__((noreturn)); - - -/* Print help statement */ -static void help_logcollector(char * home_path) -{ - print_header(); - print_out(" %s: -[Vhdtf] [-c config]", ARGV0); - print_out(" -V Version and license message"); - print_out(" -h This help message"); - print_out(" -d Execute in debug mode. This parameter"); - print_out(" can be specified multiple times"); - print_out(" to increase the debug level."); - print_out(" -t Test configuration"); - print_out(" -f Run in foreground"); - print_out(" -c Configuration file to use (default: %s)", OSSECCONF); - print_out(" "); - os_free(home_path); - exit(1); -} - -int main(int argc, char **argv) -{ - int c; - int debug_level = 0; - int test_config = 0, run_foreground = 0; - - /* Set the name */ - OS_SetName(ARGV0); - - // Define current working directory - char * home_path = w_homedir(argv[0]); - if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); - } - - const char *cfg = OSSECCONF; - gid_t gid; - const char *group = GROUPGLOBAL; - lc_debug_level = getDefine_Int("logcollector", "debug", 0, 2); - - /* Setup random */ - srandom_init(); - - while ((c = getopt(argc, argv, "Vtdhfc:")) != -1) { - switch (c) { - case 'V': - print_version(); - break; - case 'h': - help_logcollector(home_path); - break; - case 'd': - nowDebug(); - debug_level = 1; - break; - case 'f': - run_foreground = 1; - break; - case 'c': - if (!optarg) { - merror_exit("-c needs an argument"); - } - cfg = optarg; - break; - case 't': - test_config = 1; - break; - default: - help_logcollector(home_path); - break; - } - - } - - /* Check if the group given is valid */ - gid = Privsep_GetGroup(group); - if (gid == (gid_t) - 1) { - merror_exit(USER_ERROR, "", group, strerror(errno), errno); - } - - /* Privilege separation */ - if (Privsep_SetGroup(gid) < 0) { - merror_exit(SETGID_ERROR, group, errno, strerror(errno)); - } - - /* Check current debug_level - * Command line setting takes precedence - */ - if (debug_level == 0) { - /* Get debug level */ - debug_level = lc_debug_level; - while (debug_level != 0) { - nowDebug(); - debug_level--; - } - } - - mdebug1(WAZUH_HOMEDIR, home_path); - os_free(home_path); - - /* Init message queue */ - w_msg_hash_queues_init(); - - /* Read config file */ - if (LogCollectorConfig(cfg) < 0) { - mlerror_exit(LOGLEVEL_ERROR, CONFIG_ERROR, cfg); - } - - /* Exit if test config */ - if (test_config) { - exit(0); - } - - /* No file available to monitor -- continue */ - if (logff == NULL) { - os_calloc(2, sizeof(logreader), logff); - logff[0].file = NULL; - logff[0].ffile = NULL; - logff[0].logformat = NULL; - logff[0].fp = NULL; - logff[1].file = NULL; - logff[1].logformat = NULL; - - minfo(NO_FILE); - } - - /* No sockets defined */ - if (logsk == NULL) { - os_calloc(2, sizeof(socket_forwarder), logsk); - logsk[0].name = NULL; - logsk[0].location = NULL; - logsk[0].mode = 0; - logsk[0].prefix = NULL; - logsk[1].name = NULL; - logsk[1].location = NULL; - logsk[1].mode = 0; - logsk[1].prefix = NULL; - } - - /* Start signal handler */ - StartSIG(ARGV0); - - // Set max open files limit - struct rlimit rlimit = { nofile, nofile }; - - if (setrlimit(RLIMIT_NOFILE, &rlimit) < 0) { - merror("Could not set resource limit for file descriptors to %d: %s (%d)", (int)nofile, strerror(errno), errno); - } - - if (!run_foreground) { - /* Going on daemon mode */ - nowDaemon(); - goDaemon(); - } - - /* Create PID file */ - if (CreatePID(ARGV0, getpid()) < 0) { - merror_exit(PID_ERROR); - } - - /* Start the queue */ - if ((logr_queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - merror_exit(QUEUE_FATAL, DEFAULTQUEUE); - } - - /* Main loop */ - LogCollectorStart(); - - return (0); -} diff --git a/src/modules/logcollector/src/read_audit.c b/src/modules/logcollector/src/read_audit.c deleted file mode 100644 index 75d9c11a5a..0000000000 --- a/src/modules/logcollector/src/read_audit.c +++ /dev/null @@ -1,161 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - -#define MAX_CACHE 16 -#define MAX_HEADER 64 - -/* Compile message from cache and send through queue */ -static void audit_send_msg(char **cache, int top, int drop_it, logreader *lf) { - int i; - size_t n = 0; - size_t z; - char message[OS_MAX_LOG_SIZE] = {0}; - - for (i = 0; i < top; i++) { - z = strlen(cache[i]); - - if (n + z + 1 < sizeof(message)) { - if (n > 0) - message[n++] = ' '; - - strncat(message + n, cache[i], OS_MAX_LOG_SIZE - 1 - n); - n += z; - } - - free(cache[i]); - } - message[n] = '\0'; - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, message)) { - /* Send message to queue */ - w_msg_hash_queues_push(message, (char *)lf->file, strlen(message) + 1, lf->log_target, LOCALFILE_MQ); - } -} - -void *read_audit(logreader *lf, int *rc, int drop_it) { - char *cache[MAX_CACHE]; - char header[MAX_HEADER] = { '\0' }; - int icache = 0; - char buffer[OS_MAX_LOG_SIZE]; - char *id; - char *p; - size_t z; - int64_t offset = 0; - int64_t rbytes = 0; - - int lines = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - offset = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, offset); - - for (offset = w_ftell(lf->fp); can_read() && fgets(buffer, OS_MAX_LOG_SIZE, lf->fp) && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - lines++; - - if (buffer[rbytes - 1] == '\n') { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, buffer); - } - - buffer[rbytes - 1] = '\0'; - - if ((int64_t)strlen(buffer) != rbytes - 1) - { - mdebug2("Line in '%s' contains some zero-bytes (valid=" FTELL_TT " / total=" FTELL_TT "). Dropping line.", lf->file, FTELL_INT64 strlen(buffer), FTELL_INT64 rbytes - 1); - continue; - } - } else { - if (rbytes == OS_MAX_LOG_SIZE - 1) { - // Message too large, discard line - for (offset += rbytes; fgets(buffer, OS_MAX_LOG_SIZE, lf->fp); offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, buffer); - } - - if (buffer[rbytes - 1] == '\n') { - break; - } - } - } else if (feof(lf->fp)) { - mdebug2("Message not complete. Trying again: '%s'", buffer); - - if (fseek(lf->fp, offset, SEEK_SET) < 0) { - merror(FSEEK_ERROR, lf->file, errno, strerror(errno)); - break; - } - } - - break; - } - - // Extract header: "\.*type=\.* msg=audit(.*):" - // -- - - if (strlen(buffer) == 0) { - mdebug2("audit reader: empty line, skipping."); - break; - } - - if (!((id = strstr(buffer, "type=")) && (id = strstr(id + 5, " msg=audit(")) && (p = strstr(id += 11, "):")))) { - mwarn("Discarding audit message because of invalid syntax."); - break; - } - - z = p - id; - - if (strncmp(id, header, z)) { - // Current message belongs to another event: send cached messages - if (icache > 0) - audit_send_msg(cache, icache, drop_it, lf); - - // Store current event - *cache = strdup(buffer); - icache = 1; - strncpy(header, id, z < MAX_HEADER ? z : MAX_HEADER - 1); - } else { - // The header is the same: store - if (icache == MAX_CACHE) - merror("Discarding audit message because cache is full."); - else - cache[icache++] = strdup(buffer); - } - } - - if (icache > 0) - audit_send_msg(cache, icache, drop_it, lf); - if (is_valid_context_file) { - w_update_file_status(lf->file, offset, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return NULL; -} diff --git a/src/modules/logcollector/src/read_command.c b/src/modules/logcollector/src/read_command.c deleted file mode 100644 index 08da2ed1a4..0000000000 --- a/src/modules/logcollector/src/read_command.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" - - -/* Read Output of commands */ -void *read_command(logreader *lf, int *rc, int drop_it) { - size_t cmd_size = 0; - char *p; - char str[OS_MAXSTR + 1]; - FILE *cmd_output; - int lines = 0; - - str[OS_MAXSTR] = '\0'; - *rc = 0; - - mdebug2("Running command '%s'", lf->command); - - cmd_output = popen(lf->command, "r"); - if (!cmd_output) { - merror("Unable to execute command: '%s'.", - lf->command); - - lf->command = NULL; - return (NULL); - } - - snprintf(str, 256, "ossec: output: '%s': ", - (NULL != lf->alias) - ? lf->alias - : lf->command); - cmd_size = strlen(str); - - while (can_read() && fgets(str + cmd_size, OS_MAXSTR - OS_LOG_HEADER - 256, cmd_output) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - /* Get the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - } - - /* Remove empty lines */ -#ifdef WIN32 - if (str[0] == '\r' && str[1] == '\0') { - continue; - } -#endif - if (str[0] == '\0') { - continue; - } - - /* Check ignore and restrict log regex, if configured. */ - if (check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - continue; - } - - mdebug2("Reading command message: '%s'", str); - - /* Send message to queue */ - if (drop_it == 0) { - w_msg_hash_queues_push(str, lf->alias ? lf->alias : lf->command, strlen(str) + 1, lf->log_target, LOCALFILE_MQ); - } - - continue; - } - - pclose(cmd_output); - - mdebug2("Read %d lines from command '%s'", lines, lf->command); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_djb_multilog.c b/src/modules/logcollector/src/read_djb_multilog.c deleted file mode 100644 index a411537cc4..0000000000 --- a/src/modules/logcollector/src/read_djb_multilog.c +++ /dev/null @@ -1,203 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Read DJB multilog */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* To translate between month (int) to month (char) */ -static const char *(djb_month[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" - }; -static char djb_host[512 + 1]; - - -/* Initialize multilog */ -int init_djbmultilog(logreader *lf) { - char *djbp_name = NULL; - char *tmp_str = NULL; - - lf->djb_program_name = NULL; - - /* Initialize hostname */ - memset(djb_host, '\0', 512 + 1); - -#ifndef WIN32 - if (gethostname(djb_host, 512 - 1) != 0) { - strncpy(djb_host, "unknown", 512 - 1); - } else { - char *_ltmp; - - /* Remove domain part if available */ - _ltmp = strchr(djb_host, '.'); - if (_ltmp) { - *_ltmp = '\0'; - } - } -#else - strncpy(djb_host, "win32", 512 - 1); -#endif - - /* Multilog must be in the following format: /path/program_name/current */ - tmp_str = strrchr(lf->file, '/'); - if (!tmp_str) { - return (0); - } - - /* Must end with /current and must not be in the beginning of the string */ - if ((strcmp(tmp_str, "/current") != 0) || (tmp_str == lf->file)) { - return (0); - } - - tmp_str[0] = '\0'; - - /* Get final name */ - djbp_name = strrchr(lf->file, '/'); - if (djbp_name == lf->file) { - tmp_str[0] = '/'; - return (0); - } - - os_strdup(djbp_name + 1, lf->djb_program_name); - tmp_str[0] = '/'; - - minfo("Using program name '%s' for DJB multilog file: '%s'.", - lf->djb_program_name, lf->file); - - return (1); -} - -void *read_djbmultilog(logreader *lf, int *rc, int drop_it) { - size_t str_len = 0; - int need_clear = 0; - char *p; - char str[OS_MAX_LOG_SIZE] = {0}; - char buffer[OS_MAX_LOG_SIZE] = {0}; - int lines = 0; - *rc = 0; - - /* Must have a valid program name */ - if (!lf->djb_program_name) { - return (NULL); - } - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - /* Get new entry */ - while (can_read() && fgets(str, OS_MAX_LOG_SIZE, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - lines++; - /* Get buffer size */ - str_len = strlen(str); - - /* Getting the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - - /* If need_clear is set, we just get the line and ignore it */ - if (need_clear) { - need_clear = 0; - continue; - } - } else { - need_clear = 1; - } - - /* Multilog messages have the following format: - * @40000000463246020c2ca16c xx... - */ - if ((str_len > 26) && - (str[0] == '@') && - isalnum((int)str[1]) && - isalnum((int)str[2]) && - isalnum((int)str[3]) && - isalnum((int)str[24]) && - (str[25] == ' ')) { - /* Remove spaces and tabs */ - p = str + 26; - while (*p == ' ' || *p == '\t') { - p++; - } - - /* If message has a valid syslog header, send as is */ - if ((str_len > 44) && - (p[3] == ' ') && - (p[6] == ' ') && - (p[9] == ':') && - (p[12] == ':') && - (p[15] == ' ')) { - p += 16; - snprintf(buffer, sizeof(buffer), "%s", p); - } else { - /* We will add a proper syslog header */ - time_t djbtime; - struct tm tm_result = { .tm_sec = 0 }; - - djbtime = time(NULL); - localtime_r(&djbtime, &tm_result); - - /* Syslog time: Apr 27 14:50:32 */ - const int size = snprintf(buffer, sizeof(buffer), "%s %02d %02d:%02d:%02d %s %s: %s", - djb_month[tm_result.tm_mon], - tm_result.tm_mday, - tm_result.tm_hour, - tm_result.tm_min, - tm_result.tm_sec, - djb_host, - lf->djb_program_name, - p); - - if (size < 0) { - merror("Error %d (%s) while reading message: '%s' (length = " FTELL_TT "): '%s'...", errno, strerror(errno), lf->file, FTELL_INT64 size, buffer); - } else if ((size_t)size >= sizeof(buffer)) { - merror("Message size too big on file '%s' (length = " FTELL_TT "): '%s'...", lf->file, FTELL_INT64 size, buffer); - } - } - } - - else { - mdebug2("Invalid DJB log: '%s'", str); - continue; - } - - /* Check ignore and restrict log regex, if configured. */ - if (check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - continue; - } - - mdebug2("Reading DJB multilog message: '%s'", buffer); - - /* Send message to queue */ - if (drop_it == 0) { - w_msg_hash_queues_push(buffer, lf->file, strlen(buffer) + 1, lf->log_target, LOCALFILE_MQ); - } - } - - current_position = w_ftell(lf->fp); - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_fullcommand.c b/src/modules/logcollector/src/read_fullcommand.c deleted file mode 100644 index f083a1f1e6..0000000000 --- a/src/modules/logcollector/src/read_fullcommand.c +++ /dev/null @@ -1,84 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2010 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" - - -/* Read Output of commands */ -void *read_fullcommand(logreader *lf, int *rc, int drop_it) { - size_t n = 0; - size_t cmd_size = 0; - char *p; - char str[OS_MAXSTR + 1]; - char strfinal[OS_MAXSTR + 1]; - FILE *cmd_output; - - str[OS_MAXSTR] = '\0'; - strfinal[OS_MAXSTR] = '\0'; - *rc = 0; - - mdebug2("Running full command '%s'", lf->command); - - cmd_output = popen(lf->command, "r"); - if (!cmd_output) { - merror("Unable to execute command: '%s'.", - lf->command); - - lf->command = NULL; - return (NULL); - } - - snprintf(str, 256, "ossec: output: '%s':\n", - (NULL != lf->alias) - ? lf->alias - : lf->command); - cmd_size = strlen(str); - - n = fread(str + cmd_size, 1, OS_MAXSTR - OS_LOG_HEADER - 256, cmd_output); - if (n > 0) { - str[cmd_size + n] = '\0'; - - /* Get the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - } - - mdebug2("Reading command message: '%s'", str); - - /* Remove empty lines */ - n = 0; - p = str; - while (*p != '\0') { - if (p[0] == '\r') { - p++; - continue; - } - - if (p[0] == '\n' && p[1] == '\n') { - p++; - } - strfinal[n] = *p; - n++; - p++; - } - strfinal[n] = '\0'; - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, strfinal)) { - /* Send message to queue */ - w_msg_hash_queues_push(strfinal, lf->alias ? lf->alias : lf->command, strlen(strfinal) + 1, lf->log_target, LOCALFILE_MQ); - } - } - - pclose(cmd_output); - - return (NULL); -} diff --git a/src/modules/logcollector/src/read_journald.c b/src/modules/logcollector/src/read_journald.c deleted file mode 100644 index 34f1d8cec6..0000000000 --- a/src/modules/logcollector/src/read_journald.c +++ /dev/null @@ -1,238 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifdef __linux__ - -#include "shared.h" -#include "logcollector.h" -#include "journal_log.h" - -#ifdef WAZUH_UNIT_TESTING -// Remove STATIC qualifier from tests -#define STATIC -#define INLINE -// Ajust the buffer size for testing -#undef OS_MAXSTR -#define OS_MAXSTR 16 -#undef OS_LOG_HEADER -#define OS_LOG_HEADER 0 -#else -#define STATIC static -#define INLINE inline -#endif - -/* Constants */ -#define OFE_TIMESTAMP "timestamp" - -/** - * @brief Configuration and status of the journal log - * @note not thread safe, only accessible from Inputs threads - */ -typedef struct { - unsigned long owner_id; ///< Owner ID of the journal log - bool is_disabled; ///< Flag to disable the journal log, error on initialization - w_journal_context_t * journal_ctx; ///< Journal log context -} w_journald_global_t; ///< Current configuration and status of the journal log - -STATIC w_journald_global_t gs_journald_global = { - .owner_id = 0, - .is_disabled = false, - .journal_ctx = NULL, -}; ///< Current configuration and status of the journal log - -/** - * @brief Only future events configuration and status - * @note Only accessible from Input Owner Thread and Deamon Thread (main thread) - */ -typedef struct { - bool exist_journal; ///< Flag to indicate if the journal log exists - bool only_future_events; ///< Flag to indicate if only future events are read - uint64_t last_read_timestamp; ///< Last read timestamp from the journal log - pthread_mutex_t mutex; ///< Mutex to protect the timestamp, only resource shared with the Input Owner Thread -} w_journald_ofe_t; - -STATIC w_journald_ofe_t gs_journald_ofe = { - .exist_journal = false, - .only_future_events = true, - .last_read_timestamp = 0, - .mutex = PTHREAD_MUTEX_INITIALIZER, -}; ///< Only future events configuration and status - -#ifdef WAZUH_UNIT_TESTING -void set_gs_journald_ofe(bool exist, bool ofe, uint64_t timestamp) { - gs_journald_ofe.exist_journal = exist; - gs_journald_ofe.only_future_events = ofe; - gs_journald_ofe.last_read_timestamp = timestamp; -} - -void set_gs_journald_global(unsigned long owner_id, bool is_disabled, void * journal_ctx) { - gs_journald_global.owner_id = owner_id; - gs_journald_global.is_disabled = is_disabled; - gs_journald_global.journal_ctx = journal_ctx; -} - -bool journald_isDisabled() { - return gs_journald_global.is_disabled; -} -#endif - - -bool w_journald_can_read(unsigned long owner_id) { - - if (gs_journald_global.is_disabled) { - return false; - } - - if (gs_journald_global.owner_id == 0) { - - gs_journald_global.owner_id = owner_id; - - if (gs_journald_global.journal_ctx == NULL && w_journal_context_create(&gs_journald_global.journal_ctx) != 0) { - merror(LOGCOLLECTOR_JOURNAL_LOG_DISABLING); - gs_journald_global.is_disabled = true; - return false; - } - - // Set the pointer to the journal log - w_mutex_lock(&gs_journald_ofe.mutex); - uint64_t lr_ts = gs_journald_ofe.last_read_timestamp; - w_mutex_unlock(&gs_journald_ofe.mutex); - - int ret = gs_journald_ofe.only_future_events - ? w_journal_context_seek_most_recent(gs_journald_global.journal_ctx) - : w_journal_context_seek_timestamp(gs_journald_global.journal_ctx, lr_ts); - - if (ret < 0) { - merror(LOGCOLLECTOR_JOURNAL_LOG_FAIL_SEEK, strerror(-ret)); - gs_journald_global.is_disabled = true; - return false; - } - - minfo(LOGCOLLECTOR_JOURNALD_MONITORING); - - } else if (gs_journald_global.owner_id != owner_id) { - return false; - } - - return true; -} - -void * read_journald(logreader * lf, int * rc, __attribute__((unused)) int drop_it) { - const unsigned long MAX_LINE_LEN = OS_MAXSTR - OS_LOG_HEADER; - char read_buffer[OS_MAXSTR + 1]; - read_buffer[OS_MAXSTR] = '\0'; - int count_logs = 0; - *rc = 0; - w_journal_filters_list_t filters = lf->journal_log->disable_filters ? NULL : lf->journal_log->filters; - - while ((maximum_lines == 0 || count_logs < maximum_lines) && can_read()) { - // Get the next entry - int result_get_next = w_journal_context_next_newest_filtered(gs_journald_global.journal_ctx, filters); - if (result_get_next < 0) { - merror(LOGCOLLECTOR_JOURNAL_LOG_FAIL_NEXT, strerror(-result_get_next)); - gs_journald_global.is_disabled = true; - break; - } else if (result_get_next == 0) { - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_NO_NEW); - break; - } - - // Get the message - w_journal_entry_t * entry = - w_journal_entry_dump(gs_journald_global.journal_ctx, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - char * entry_str = w_journal_entry_to_string(entry); - w_journal_entry_free(entry); - - if (entry_str == NULL) { - merror(LOGCOLLECTOR_JOURNAL_LOG_FAIL_GET); - break; - } - - // Copy the message to the buffer - unsigned long entry_str_len = strlen(entry_str); - if (entry_str_len > MAX_LINE_LEN) { - mdebug1(LOGCOLLECTOR_JOURNAL_LOG_TRUNCATED); - entry_str_len = MAX_LINE_LEN; - } - strncpy(read_buffer, entry_str, entry_str_len); - read_buffer[entry_str_len] = '\0'; - os_free(entry_str); - - if (isDebug()) { - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_READING, read_buffer); - } - - // Send the message to the manager - w_msg_hash_queues_push(read_buffer, JOURNALD_LOG, entry_str_len + 1, lf->log_target, LOCALFILE_MQ); - count_logs++; - } - - // Update timestamp - w_mutex_lock(&gs_journald_ofe.mutex); - gs_journald_ofe.last_read_timestamp = gs_journald_global.journal_ctx->timestamp; - w_mutex_unlock(&gs_journald_ofe.mutex); - - return NULL; -} - -/** ONLY FUTURE EVENTS configuration */ - -void w_journald_set_ofe(bool ofe) { - gs_journald_ofe.only_future_events = ofe; - gs_journald_ofe.exist_journal = true; -} - -cJSON * w_journald_get_status_as_JSON() { - - // Maybe journal log is not initialized yet - if (!gs_journald_ofe.exist_journal) { - return NULL; - } - - w_mutex_lock(&gs_journald_ofe.mutex); - uint64_t timestamp = gs_journald_ofe.last_read_timestamp; - w_mutex_unlock(&gs_journald_ofe.mutex); - - // Convert the timestamp uint64_t to a string - char timestamp_str[OS_SIZE_256] = {0}; - snprintf(timestamp_str, OS_SIZE_256 - 1, "%" PRIu64, timestamp); - cJSON * journald_log = cJSON_CreateObject(); - cJSON_AddStringToObject(journald_log, OFE_TIMESTAMP, timestamp_str); - - return journald_log; -} - -void w_journald_set_status_from_JSON(cJSON * global_json) { - - if (global_json == NULL) { - return; - } - - cJSON * jurnald_log = cJSON_GetObjectItem(global_json, JOURNALD_LOG); - char * timestamp = cJSON_GetStringValue(cJSON_GetObjectItem(jurnald_log, OFE_TIMESTAMP)); - - if (timestamp == NULL) { - return; - } - - // Convert the timestamp to a uint64_t - uint64_t timestamp_uint = strtoull(timestamp, NULL, 10); - if (timestamp_uint == 0 || timestamp_uint == ULLONG_MAX) { - return; - } - - // Set the timestamp - w_mutex_lock(&gs_journald_ofe.mutex); - gs_journald_ofe.last_read_timestamp = timestamp_uint; - w_mutex_unlock(&gs_journald_ofe.mutex); - - mdebug2(LOGCOLLECTOR_JOURNAL_LOG_SET_LAST, timestamp_uint); -} - -#endif diff --git a/src/modules/logcollector/src/read_json.c b/src/modules/logcollector/src/read_json.c deleted file mode 100644 index b39c7186ff..0000000000 --- a/src/modules/logcollector/src/read_json.c +++ /dev/null @@ -1,168 +0,0 @@ -/* Copyright (C) 2015 Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Read the json */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Read json files */ -void *read_json(logreader *lf, int *rc, int drop_it) { - int __ms = 0; - int __ms_reported = 0; - int i; - char *jsonParsed; - char str[OS_MAXSTR + 1]; - int lines = 0; - cJSON * obj; - int64_t offset = 0; - int64_t rbytes = 0; - - str[OS_MAXSTR] = '\0'; - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - for (offset = w_ftell(lf->fp); can_read() && fgets(str, OS_MAXSTR - OS_LOG_HEADER, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - lines++; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - str[rbytes - 1] = '\0'; - - if ((int64_t)strlen(str) != rbytes - 1) - { - mdebug2("Line in '%s' contains some zero-bytes (valid=" FTELL_TT " / total=" FTELL_TT "). Dropping line.", lf->file, FTELL_INT64 strlen(str), FTELL_INT64 rbytes - 1); - continue; - } - } - - /* If we didn't get the new line, because the - * size is large, send what we got so far. - */ - else if (rbytes == OS_MAXSTR - OS_LOG_HEADER - 1) { - /* Message size > maximum allowed */ - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - __ms = 1; - } else if (feof(lf->fp)) { - /* Message not complete. Return. */ - mdebug2("Message not complete from '%s'. Trying again: '%.*s'%s", lf->file, sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - if(current_position >= 0) { - w_fseek(lf->fp, current_position, SEEK_SET); - } - break; - } - -#ifdef WIN32 - char * p; - - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on Windows) */ - if (rbytes <= 2) { - current_position = w_ftell(lf->fp); - continue; - } - /* Windows can have comment on their logs */ - - if (str[0] == '#') { - current_position = w_ftell(lf->fp); - continue; - } -#endif - - /* Check ignore and restrict log regex, if configured. */ - if (check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - continue; - } - - const char *jsonErrPtr; - if (obj = cJSON_ParseWithOpts(str, &jsonErrPtr, 0), obj && cJSON_IsObject(obj)) { - for (i = 0; lf->labels && lf->labels[i].key; i++) { - W_JSON_AddField(obj, lf->labels[i].key, lf->labels[i].value); - } - - jsonParsed = cJSON_PrintUnformatted(obj); - cJSON_Delete(obj); - } else { - cJSON_Delete(obj); - mdebug1("Line '%.*s'%s read from '%s' is not a JSON object.", sample_log_length, str, rbytes > sample_log_length ? "..." : "", lf->file); - continue; - } - - mdebug2("Reading json message: '%.*s'%s", sample_log_length, jsonParsed, strlen(jsonParsed) > (size_t)sample_log_length ? "..." : ""); - - /* Send message to queue */ - if (drop_it == 0) { - w_msg_hash_queues_push(jsonParsed, lf->file, strlen(jsonParsed) + 1, lf->log_target, LOCALFILE_MQ); - } - free(jsonParsed); - /* Incorrect message size */ - if (__ms) { - // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2) - // truncate str before logging to ossec.log - - if (!__ms_reported) { - merror("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - __ms_reported = 1; - } else { - mdebug2("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - } - - for (offset += rbytes; fgets(str, OS_MAXSTR - 2, lf->fp) != NULL; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - break; - } - } - __ms = 0; - } - - current_position = w_ftell(lf->fp); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_macos.c b/src/modules/logcollector/src/read_macos.c deleted file mode 100644 index f5198a0a30..0000000000 --- a/src/modules/logcollector/src/read_macos.c +++ /dev/null @@ -1,452 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#if defined(Darwin) || (defined(__linux__) && defined(WAZUH_UNIT_TESTING)) - -#include "shared.h" -#include "logcollector.h" -#include "macos_log.h" - -#ifdef WAZUH_UNIT_TESTING -// Remove STATIC qualifier from tests -#define STATIC -#define INLINE -#else -#define STATIC static -#define INLINE inline -#endif - -#define LOG_ERROR_STR "log:" -#define LOG_ERROR_LENGHT 4 - -/** - * @brief Gets a log from macOS log's output - * - * @param [out] buffer Contains the read log - * @param length Buffer's max length - * @param stream File pointer to log stream's output pipe - * @param macos_log_cfg macOS log configuration structure - * @return true if a new log was collected, - * false otherwise - */ -STATIC bool w_macos_log_getlog(char * buffer, int length, FILE * stream, w_macos_log_config_t * macos_log_cfg); - -/** - * @brief Restores the context from backup - * - * @warning Notice that `buffer` must be previously allocated, the function does - * not verify nor allocate or release the buffer memory - * @param buffer Destination buffer - * @param ctxt Backup context - * @return true if the context was restored, otherwise returns false - */ -STATIC bool w_macos_log_ctxt_restore(char * buffer, w_macos_log_ctxt_t * ctxt); - -/** - * @brief Generates a backup of the reading context - * - * @param buffer Context to backup - * @param ctxt Context's backup destination - */ -STATIC INLINE void w_macos_log_ctxt_backup(char * buffer, w_macos_log_ctxt_t * ctxt); - -/** - * @brief Cleans the backup context - * - * @warning Notice that this function does not release the context memory - * @param ctxt context backup to clean - */ -STATIC INLINE void w_macos_log_ctxt_clean(w_macos_log_ctxt_t * ctxt); - -/** - * @brief Checks if a backup context has expired - * - * @todo Remove timeout and use a define - * @param timeout A timeout that a context without updating is valid - * @param ctxt Context to check - * @return true if the context has expired, otherwise returns false - */ -STATIC bool w_macos_is_log_ctxt_expired(time_t timeout, w_macos_log_ctxt_t * ctxt); - -/** - * @brief Gets the pointer to the beginning of the last line contained in the string - * - * @warning If `str` has one line, returns NULL - * @warning If `str` ends with a `\n`, this newline character is ignored - * @param str String to be analyzed - * @return Pointer to the beginning of the last line, NULL otherwise - */ -STATIC char * w_macos_log_get_last_valid_line(char * str); - -/** - * @brief Checks whether the `log stream` cli command returns a header or a log. - * - * Detects predicate errors and discards filtering headers and columun descriptions. - * @param macos_log_cfg macOS log configuration structure - * @param buffer line to check - * @return Returns false if the read line is a log, otherwise returns true - */ -STATIC bool w_macos_is_log_header(w_macos_log_config_t * macos_log_cfg, char * buffer); - -/** - * @brief Trim milliseconds from a macOS ULS full timestamp - * - * @param full_timestamp Timestamp to trim - * @warning @full_timestamp must be an array with \ref OS_LOGCOLLECTOR_TIMESTAMP_FULL_LEN +1 length - * @warning @full_timestamp must be in format i.e 2020-11-09 05:45:08.000000-0800 - * @warning return value will be in short format timestamp i.e 2020-11-09 05:45:08-0800 - * @return Allocated short timestamp. NULL on error - */ -STATIC char * w_macos_trim_full_timestamp(const char * full_timestamp); - -void * read_macos(logreader * lf, int * rc, __attribute__((unused)) int drop_it) { - - char full_timestamp[OS_LOGCOLLECTOR_TIMESTAMP_FULL_LEN + 1] = {'\0'}; - const int MAX_LINE_LEN = OS_MAXSTR - OS_LOG_HEADER; - char read_buffer[OS_MAXSTR + 1]; - char * short_timestamp = NULL; - unsigned long size = 0; - int count_logs = 0; - - wfd_t * log_mode_wfd = (lf->macos_log->state == LOG_RUNNING_SHOW) ? - lf->macos_log->processes.show.wfd : lf->macos_log->processes.stream.wfd; - - if (can_read() == 0) { - return NULL; - } - - read_buffer[OS_MAXSTR] = '\0'; - *rc = 0; - - while ((maximum_lines == 0 || count_logs < maximum_lines) - && w_macos_log_getlog(read_buffer, MAX_LINE_LEN, log_mode_wfd->file_out, lf->macos_log)) { - - size = strlen(read_buffer); - if (size > 0) { - /* Check ignore and restrict log regex, if configured. */ - if (check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, read_buffer)) { - continue; - } - - w_msg_hash_queues_push(read_buffer, MACOS_LOG_NAME, size + 1, lf->log_target, LOCALFILE_MQ); - memcpy(full_timestamp, read_buffer, OS_LOGCOLLECTOR_TIMESTAMP_FULL_LEN); - } else { - mdebug2("macOS ULS: Discarding empty message."); - } - - count_logs++; - } - - short_timestamp = w_macos_trim_full_timestamp(full_timestamp); - if (short_timestamp != NULL) { - w_macos_set_last_log_timestamp(short_timestamp); - if (!lf->macos_log->store_current_settings) { - w_macos_set_log_settings(lf->macos_log->current_settings); - lf->macos_log->store_current_settings = true; - } - os_free(short_timestamp); - } - - /* This "if" is true when the amount of readed logs is less than the maximum allowed */ - if (count_logs < maximum_lines) { - int status = 0; - int retval = 0; - - /* Checks if the macOS' log process is still alive or exited */ - retval = waitpid(log_mode_wfd->pid, &status, WNOHANG); // Tries to get the child' "soul" - if (retval == log_mode_wfd->pid) { // This is true in the case that the child exited - if (lf->macos_log->state == LOG_RUNNING_SHOW) { - if (status == 0) { - // Normal process' end of execution - minfo(MACOS_LOG_SHOW_CHILD_EXITED, log_mode_wfd->pid, status); - } else { - // Abnormal process' end of execution - merror(MACOS_LOG_SHOW_CHILD_EXITED, log_mode_wfd->pid, status); - } - w_macos_release_log_show(); - if (lf->macos_log->processes.stream.wfd != NULL) { - /* This variable is reseted as, by changing the log mode, stream header must be processed as well */ - /* In case a multi-line context is still stored, it is forced to send it */ - lf->macos_log->is_header_processed = false; - lf->macos_log->ctxt.force_send = (lf->macos_log->ctxt.buffer[0] != '\0'); - lf->macos_log->state = LOG_RUNNING_STREAM; - } else { - lf->macos_log->state = LOG_NOT_RUNNING; - } - } else { // LOG_RUNNING_STREAM - merror(MACOS_LOG_STREAM_CHILD_EXITED, log_mode_wfd->pid, status); - w_macos_release_log_stream(); - lf->macos_log->state = LOG_NOT_RUNNING; - } - } else if (retval != 0) { - merror(WAITPID_ERROR, errno, strerror(errno)); - } - } - - return NULL; -} - -STATIC bool w_macos_log_getlog(char * buffer, int length, FILE * stream, w_macos_log_config_t * macos_log_cfg) { - - bool retval = false; // This variable will be set to true if there is a buffered log - - int offset = 0; // Amount of chars in the buffer - char * str = buffer; // Auxiliar buffer pointer, it points where the new data will be stored - int chunk_sz = 0; // Size of the last read data - char * last_line = NULL; // Pointer to the last line stored in the buffer - bool is_buffer_full; // Will be set to true if the buffer is full (forces data to be sent) - bool is_endline; // Will be set to true if the last read line ends with an '\n' character - bool do_split; // Indicates whether the buffer will be splited (two chunks at most) - - *str = '\0'; - - /* Checks if a context recover is needed for incomplete logs */ - if (w_macos_log_ctxt_restore(str, &macos_log_cfg->ctxt)) { - offset = strlen(str); - - /* If the context is expired then frees it and returns the log */ - if (w_macos_is_log_ctxt_expired((time_t) MACOS_LOG_TIMEOUT, &macos_log_cfg->ctxt) - || (macos_log_cfg->ctxt.force_send)) { - w_macos_log_ctxt_clean(&macos_log_cfg->ctxt); - /* delete last end-of-line character */ - if (buffer[offset - 1] == '\n') { - buffer[offset - 1] = '\0'; - } - /* Force sending the last log of `log show` */ - retval = (macos_log_cfg->is_header_processed || macos_log_cfg->ctxt.force_send); - macos_log_cfg->ctxt.force_send = false; - - return retval; - } - - str += offset; - } - - /* Gets streamed data, the minimum chunk size of a log is one line */ - while (can_read() && (fgets(str, length - offset, stream) != NULL)) { - - chunk_sz = strlen(str); - offset += chunk_sz; - str += chunk_sz; - last_line = NULL; - is_buffer_full = false; - is_endline = (*(str - 1) == '\n'); - do_split = false; - - /* Deletes CR from macOS Sierra */ - if (is_endline && offset >= 2 && *(str - 2) == '\r') { - str--; - offset--; - *str = '\0'; - *(str - 1) = '\n'; - } - - /* Avoid fgets infinite loop behavior when size parameter is 1 - * If we didn't get the new line, because the size is large, send what we got so far. - */ - if (offset + 1 == length) { - // Cleans the context and forces to send a log - w_macos_log_ctxt_clean(&macos_log_cfg->ctxt); - is_buffer_full = true; - } else if (!is_endline) { - mdebug2("macOS ULS: Incomplete message."); - // Saves the context - w_macos_log_ctxt_backup(buffer, &macos_log_cfg->ctxt); - continue; - } - - /* Checks if the first line is the header or an error in the predicate. */ - if (!macos_log_cfg->is_header_processed) { - /* Get child PID in case of macOS Sierra */ - if (w_is_macos_sierra()) { - if (macos_log_cfg->processes.show.wfd != NULL && macos_log_cfg->processes.show.child == 0) { - macos_log_cfg->processes.show.child = - w_get_first_child(macos_log_cfg->processes.show.wfd->pid); - } - if (macos_log_cfg->processes.stream.wfd != NULL && macos_log_cfg->processes.stream.child == 0) { - macos_log_cfg->processes.stream.child = - w_get_first_child(macos_log_cfg->processes.stream.wfd->pid); - } - } - /* Processes and discards lines up to the first log */ - if (w_macos_is_log_header(macos_log_cfg, buffer)) { - // Forces to continue reading - w_macos_log_ctxt_clean(&macos_log_cfg->ctxt); - retval = true; - *buffer = '\0'; - break; - } - } - - /* If this point has been reached, there is something to process in the buffer. */ - - last_line = w_macos_log_get_last_valid_line(buffer); - - if (isDebug() == 2) { - char * d_str_msg = (last_line == NULL) ? buffer : (last_line +1); - bool is_chunck_message = (int) w_strlen(d_str_msg) - 1 > sample_log_length; - int d_str_lenght = is_chunck_message ? sample_log_length : (int) w_strlen(d_str_msg) - 1; - - mdebug2("Reading macOS message: '%.*s'%s", d_str_lenght, d_str_msg, is_chunck_message ? "..." : ""); - - } - - /* If there are 2 logs, they should be splited before sending them */ - if (is_endline && last_line != NULL) { - do_split = w_expression_match(macos_log_cfg->log_start_regex, last_line + 1, NULL, NULL); - } - - if (!do_split && is_buffer_full) { - /* If the buffer is full but the message is larger than the buffer size, - * then the rest of the message is discarded up to the '\n' character. - */ - if (!is_endline) { - if (last_line == NULL) { - int c; - // Discards the rest of the log, up to the end of line - do { - c = fgetc(stream); - } while (c != '\n' && c != '\0' && c != EOF); - mdebug2("macOS ULS: Maximum message length reached. The remainder was discarded."); - } else { - do_split = true; - mdebug2("macOS ULS: Maximum message length reached. The remainder will be send separately."); - } - } - } - - /* splits the logs */ - /* If a new log is received, we store it in the context and send the previous one. */ - if (do_split) { - w_macos_log_ctxt_clean(&macos_log_cfg->ctxt); - *last_line = '\0'; - strncpy(macos_log_cfg->ctxt.buffer, last_line + 1, offset - (last_line - buffer) + 1); - macos_log_cfg->ctxt.timestamp = time(NULL); - } else if (!is_buffer_full) { - w_macos_log_ctxt_backup(buffer, &macos_log_cfg->ctxt); - } - - if (do_split || is_buffer_full) { - retval = true; - /* deletes last end-of-line character */ - if (buffer[offset - 1] == '\n') { - buffer[offset - 1] = '\0'; - } - break; - } - } - - return retval; -} - -STATIC bool w_macos_log_ctxt_restore(char * buffer, w_macos_log_ctxt_t * ctxt) { - - if (ctxt->buffer[0] == '\0') { - return false; - } - - strcpy(buffer, ctxt->buffer); - return true; -} - -STATIC bool w_macos_is_log_ctxt_expired(time_t timeout, w_macos_log_ctxt_t * ctxt) { - - if (time(NULL) - ctxt->timestamp > timeout) { - return true; - } - - return false; -} - -STATIC INLINE void w_macos_log_ctxt_clean(w_macos_log_ctxt_t * ctxt) { - - ctxt->buffer[0] = '\0'; - ctxt->timestamp = 0; -} - -STATIC INLINE void w_macos_log_ctxt_backup(char * buffer, w_macos_log_ctxt_t * ctxt) { - - /* Backup */ - strncpy(ctxt->buffer, buffer, OS_MAXSTR - 1); - ctxt->timestamp = time(NULL); -} - -STATIC char * w_macos_log_get_last_valid_line(char * str) { - - char * retval = NULL; - char ignored_char = '\0'; - size_t size = 0; - - if (str == NULL || *str == '\0') { - return retval; - } - - /* Ignores the last character */ - size = strlen(str); - - ignored_char = str[size - 1]; - str[size - 1] = '\0'; - - retval = strrchr(str, '\n'); - str[size - 1] = ignored_char; - - return retval; -} - -STATIC bool w_macos_is_log_header(w_macos_log_config_t * macos_log_cfg, char * buffer) { - - bool retval = true; - const ssize_t buffer_size = strlen(buffer); - - /* if the buffer contains a log, then there won't be headers anymore */ - if (w_expression_match(macos_log_cfg->log_start_regex, buffer, NULL, NULL)) { - macos_log_cfg->is_header_processed = true; - w_macos_set_is_valid_data(true); - retval = false; - } - /* Error in the execution of the `log stream` cli command, probably there is an error in the predicate. */ - else if (strncmp(buffer, LOG_ERROR_STR, LOG_ERROR_LENGHT) == 0) { - - // "log: error description:\n" - if (buffer[buffer_size - 2] == ':') { - buffer[buffer_size - 2] = '\0'; - } else if (buffer[buffer_size - 1] == '\n') { - buffer[buffer_size - 1] = '\0'; - } - merror(LOGCOLLECTOR_MACOS_LOG_ERROR_AFTER_EXEC, buffer); - w_macos_set_is_valid_data(false); - } - /* Rows header or remaining error lines */ - else { - if (buffer[buffer_size - 1] == '\n') { - buffer[buffer_size - 1] = '\0'; - } - mdebug2("macOS ULS: Reading other log headers or errors: '%s'.", buffer); - } - - return retval; -} - -STATIC char * w_macos_trim_full_timestamp(const char * full_timestamp) { - - char * short_timestamp = NULL; - - if (w_strlen(full_timestamp) == OS_LOGCOLLECTOR_TIMESTAMP_FULL_LEN) { - - os_calloc(OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN + 1, sizeof(char), short_timestamp); - memcpy(short_timestamp, full_timestamp, OS_LOGCOLLECTOR_TIMESTAMP_BASIC_LEN); - memcpy(short_timestamp + OS_LOGCOLLECTOR_TIMESTAMP_BASIC_LEN, - full_timestamp + OS_LOGCOLLECTOR_TIMESTAMP_BASIC_LEN + OS_LOGCOLLECTOR_TIMESTAMP_MS_LEN, - OS_LOGCOLLECTOR_TIMESTAMP_TZ_LEN); - } - - return short_timestamp; -} - -#endif diff --git a/src/modules/logcollector/src/read_mssql_log.c b/src/modules/logcollector/src/read_mssql_log.c deleted file mode 100644 index ae33c90602..0000000000 --- a/src/modules/logcollector/src/read_mssql_log.c +++ /dev/null @@ -1,166 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Read MS SQL logs */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Send MS SQL message and check the return code */ -static void __send_mssql_msg(logreader *lf, int drop_it, char *buffer) { - mdebug2("Reading MSSQL message: '%s'", buffer); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, buffer)) { - /* Send message to queue */ - w_msg_hash_queues_push(buffer, lf->file, strlen(buffer) + 1, lf->log_target, LOCALFILE_MQ); - } -} - -/* Read MS SQL log files */ -void *read_mssql_log(logreader *lf, int *rc, int drop_it) { - size_t str_len = 0; - int need_clear = 0; - char *p; - char str[OS_MAX_LOG_SIZE]; - char buffer[OS_MAX_LOG_SIZE]; - int lines = 0; - /* Zero buffer and str */ - buffer[0] = '\0'; - buffer[OS_MAX_LOG_SIZE - 1] = '\0'; - str[OS_MAX_LOG_SIZE - 1] = '\0'; - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - /* Get new entry */ - while (can_read() && fgets(str, OS_MAX_LOG_SIZE, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - /* Get buffer size */ - str_len = strlen(str); - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Check str_len size. Very useless, but just to make sure */ - if (str_len >= sizeof(buffer) - 2) { - str_len = sizeof(buffer) - 10; - } - - /* Get the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - - /* If need clear is set, we just get the line and ignore it */ - if (need_clear) { - need_clear = 0; - continue; - } - } else { - need_clear = 1; - } - -#ifdef WIN32 - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on windows) */ - if (str_len <= 1) { - continue; - } - - /* Windows can have comment on their logs */ - if (str[0] == '#') { - continue; - } -#endif - - /* MS SQL messages have the following formats: - * 2009-03-25 04:47:30.01 Server - * 2003-10-09 00:00:06.68 sys1 - * 2009-02-06 11:48:59 Server - */ - if ((str_len > 19) && - (str[4] == '-') && - (str[7] == '-') && - (str[10] == ' ') && - (str[13] == ':') && - (str[16] == ':') && - isdigit((int)str[0]) && - isdigit((int)str[1]) && - isdigit((int)str[2]) && - isdigit((int)str[3])) { - - /* If the saved message is empty, set it and continue */ - if (buffer[0] == '\0') { - snprintf(buffer, sizeof(buffer), "%s", str); - continue; - } - - /* If not, send the saved one and store the new one for later */ - else { - __send_mssql_msg(lf, drop_it, buffer); - - /* Store current one at the buffer */ - snprintf(buffer, sizeof(buffer), "%s", str); - } - } - - /* Query logs can be in multiple lines - * They always start with a tab in the additional lines - */ - else if ((str_len > 2) && (buffer[0] != '\0')) { - /* Size of the buffer */ - size_t buffer_len = strlen(buffer); - - p = str; - - /* Remove extra spaces and tabs */ - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Add additional message to the saved buffer */ - if (sizeof(buffer) - buffer_len > str_len) { - /* Here we make sure that the size of the buffer - * minus what was used (strlen) is greater than - * the length of the received message. - */ - buffer[buffer_len] = ' '; - buffer[buffer_len + 1] = '\0'; - strncat(buffer, str, str_len + 3); - } - } - } - - current_position = w_ftell(lf->fp); - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - /* Send whatever is stored */ - if (buffer[0] != '\0') { - __send_mssql_msg(lf, drop_it, buffer); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_multiline.c b/src/modules/logcollector/src/read_multiline.c deleted file mode 100644 index 2fd28153c7..0000000000 --- a/src/modules/logcollector/src/read_multiline.c +++ /dev/null @@ -1,154 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2010 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Read multiline logs */ -void *read_multiline(logreader *lf, int *rc, int drop_it) { - int __ms = 0; - int __ms_reported = 0; - int linesgot = 0; - size_t buffer_size = 0; - char str[OS_MAX_LOG_SIZE] = {0}; - char buffer[OS_MAX_LOG_SIZE] = {0}; - int lines = 0; - int size = 0; - int64_t offset = 0; - int64_t rbytes = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - for (offset = w_ftell(lf->fp); can_read() && fgets(str, OS_MAX_LOG_SIZE, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - lines++; - linesgot++; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - str[rbytes - 1] = '\0'; - - if ((int64_t)strlen(str) != rbytes - 1) - { - mdebug2("Line in '%s' contains some zero-bytes (valid=" FTELL_TT " / total=" FTELL_TT "). Dropping line.", lf->file, FTELL_INT64 strlen(str), FTELL_INT64 rbytes - 1); - continue; - } - } - - /* If we didn't get the new line, because the - * size is large, send what we got so far. - */ - else if (rbytes == OS_MAX_LOG_SIZE - 1) { - /* Message size > maximum allowed */ - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - __ms = 1; - } else if (feof(lf->fp)) { - /* Message not complete. Return. */ - mdebug2("Message not complete from '%s'. Trying again: '%.*s'%s", lf->file, sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - if(current_position >= 0) { - w_fseek(lf->fp, current_position, SEEK_SET); - } - break; - } - -#ifdef WIN32 - char * p; - - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } -#endif - - /* Add to buffer */ - buffer_size = strlen(buffer); - if (buffer[0] != '\0' && buffer_size < sizeof(buffer) - 1) { - buffer[buffer_size] = ' '; - buffer_size++; - } - - size = snprintf(buffer + buffer_size, sizeof(buffer) - buffer_size, "%s", str); - - if ((size_t)size >= sizeof(buffer) - buffer_size) { - __ms = 1; - } - - if (linesgot < lf->linecount) { - continue; - } - linesgot = 0; - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, buffer)) { - /* Send message to queue */ - mdebug2("Reading message: '%.*s'%s", sample_log_length, buffer, strlen(buffer) > (size_t)sample_log_length ? "..." : ""); - w_msg_hash_queues_push(buffer, lf->file, strlen(buffer) + 1, lf->log_target, LOCALFILE_MQ); - } - - buffer[0] = '\0'; - - - /* Incorrect message size */ - if (__ms) { - if (!__ms_reported) { - merror("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - __ms_reported = 1; - } else { - mdebug2("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - } - - for (offset += rbytes; fgets(str, sizeof(str), lf->fp) != NULL; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - break; - } - } - __ms = 0; - } - - current_position = w_ftell(lf->fp); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_multiline_regex.c b/src/modules/logcollector/src/read_multiline_regex.c deleted file mode 100644 index b085408b54..0000000000 --- a/src/modules/logcollector/src/read_multiline_regex.c +++ /dev/null @@ -1,563 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" - -#ifdef WAZUH_UNIT_TESTING -// Remove STATIC qualifier from tests -#define STATIC -#else -#define STATIC static -#endif - -/** - * @brief Restore read context from backup - * - * Restores the buffer and number of lines reads from a context backup - * Buffer must be allocated, function does not check, allocate or release memory from the buffer - * @param buffer Destination buffer - * @param readed_lines Destination number of lines read - * @param ctxt context backup - * @return true if a context was restored. Otherwise returns false - */ -STATIC bool multiline_ctxt_restore(char * buffer, int * readed_lines, w_multiline_ctxt_t * ctxt); - -/** - * @brief Generate a backup of the reading context - * - * If the backup does not exist (*ctxt = NULL), it creates it. - * If the backup exists, the new content is appended and updates the lines read - * @param buffer to backup - * @param readed_lines to backup - * @param ctxt backup destination - */ -STATIC void multiline_ctxt_backup(char * buffer, int readed_lines, w_multiline_ctxt_t ** ctxt); - -/** - * @brief frees a context backup - * - * @param ctxt context backup to free - */ -STATIC void multiline_ctxt_free(w_multiline_ctxt_t ** ctxt); - -/** - * @brief check if a context in a backup expired - * - * @param timeout A timeout that a context without updating is valid. - * @param ctxt context to check - * @return true if the context does not exist or expired. Otherwise returns false - */ -STATIC bool multiline_ctxt_is_expired(time_t timeout, w_multiline_ctxt_t * ctxt); - -/** - * @brief Get log from file with multiline log support. - * - * @param buffer readed log output - * @param length max lenth - * @param stream log file - * @param ml_cfg multiline configuration - * @return if = 0 indicates no more logs available. - * if > 0 indicate log's lines count. - */ -STATIC int multiline_getlog(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); - -/** - * @brief Get log from file with multiline log support using \ref ML_MATCH_START - * - * @param buffer readed log output - * @param length max lenth - * @param stream log file - * @param ml_cfg multiline configuration - * @return if = 0 indicates no more logs available. - * if > 0 indicate log's lines count. - */ -STATIC int multiline_getlog_start(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); - -/** - * @brief Get log from file with multiline log support using \ref ML_MATCH_END - * - * @param buffer readed log output - * @param length max lenth - * @param stream log file - * @param ml_cfg multiline configuration - * @return if = 0 indicates no more logs available. - * if > 0 indicate log's lines count. - */ -STATIC int multiline_getlog_end(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); - -/** - * @brief Get log from file with multiline log support using \ref ML_MATCH_ALL - * - * @param buffer readed log output - * @param length max lenth - * @param stream log file - * @param ml_cfg multiline configuration - * @return if = 0 indicates no more logs available. - * if > 0 indicate log's lines count. - */ -STATIC int multiline_getlog_all(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); - -/** - * @brief Get specific chunk of file between two positions - * - * @param stream File stream - * @param initial_pos initial position - * @param final_pos final position - * @return allocated buffer containing the readed chunk. NULL on error - */ -STATIC char * get_file_chunk(FILE * stream, int64_t initial_pos, int64_t final_pos); - -/* Misc functions */ - -/** - * @brief If the last character of the string is an end of line, replace it. - * - * Replace the last character of `str` (only if it is an end of line) according to` type`. - * if type is ML_REPLACE_NO_REPLACE does not replace the end of the line - * if type is ML_REPLACE_NONE remove the end of the line - * if type is ML_REPLACE_WSPACE replace the end of line with a blank space ' ' - * if type is ML_REPLACE_TAB replace the end of line with a tab character '\t' - * @param str String to replace character. - * @param type Replacement type - */ -STATIC void multiline_replace(char * str, w_multiline_replace_type_t type); - -void * read_multiline_regex(logreader * lf, int * rc, int drop_it) { - char read_buffer[OS_MAXSTR + 1]; - int count_lines = 0; - int rlines; - const int max_line_len = OS_MAXSTR - OS_LOG_HEADER; - - /* Continue from last read line */ - EVP_MD_CTX *context = NULL; - int64_t initial_pos; - char * raw_data = NULL; - - if (can_read() == 0) { - return NULL; - } else if (lf->multiline->offset_last_read == 0 || w_ftell(lf->fp) < lf->multiline->offset_last_read) { - lf->multiline->offset_last_read = w_ftell(lf->fp); - } - - context = EVP_MD_CTX_new(); - bool is_valid_context_file = w_get_hash_context(lf, &context, lf->multiline->offset_last_read); - - read_buffer[OS_MAXSTR] = '\0'; - *rc = 0; - - while (rlines = multiline_getlog(read_buffer, max_line_len, lf->fp, lf->multiline), - rlines > 0 && (maximum_lines == 0 || count_lines < maximum_lines)) { - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, read_buffer)) { - /* Send message to queue */ - w_msg_hash_queues_push(read_buffer, lf->file, strlen(read_buffer) + 1, lf->log_target, LOCALFILE_MQ); - } - count_lines += rlines; - - /* Continue from last read line */ - initial_pos = lf->multiline->offset_last_read; - lf->multiline->offset_last_read = w_ftell(lf->fp); - - raw_data = get_file_chunk(lf->fp, initial_pos, lf->multiline->offset_last_read); - if (raw_data == NULL) { - continue; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, raw_data); - } - - os_free(raw_data); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, lf->multiline->offset_last_read, context); - } else { - EVP_MD_CTX_free(context); - } - - return NULL; -} - -STATIC int multiline_getlog(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg) { - - int readed_lines = 0; - - switch (ml_cfg->match_type) { - case ML_MATCH_START: - readed_lines = multiline_getlog_start(buffer, length, stream, ml_cfg); - break; - - case ML_MATCH_END: - readed_lines = multiline_getlog_end(buffer, length, stream, ml_cfg); - break; - - case ML_MATCH_ALL: - readed_lines = multiline_getlog_all(buffer, length, stream, ml_cfg); - break; - - default: - *buffer = '\0'; - break; - } - - return readed_lines; -} - -STATIC int multiline_getlog_start(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg) { - - char * str = buffer; - char * retstr = NULL; - int offset = 0; - int chunk_sz = 0; - bool collecting_lines = false; - int readed_lines = 0; - int c = 0; - *str = '\0'; - int64_t pos = w_ftell(stream); - - /* Check if a context restore is needed */ - if (ml_cfg->ctxt) { - multiline_ctxt_restore(str, &readed_lines, ml_cfg->ctxt); - offset = strlen(str); - str += offset; - collecting_lines = true; - /* If the context it's expired then free it and return log */ - if (multiline_ctxt_is_expired(ml_cfg->timeout, ml_cfg->ctxt)) { - multiline_ctxt_free(&ml_cfg->ctxt); - /* delete last end-of-line character (LF / CR LF) */ - multiline_replace(buffer, ML_REPLACE_NONE); - return readed_lines; - } - } - - while (can_read() && (retstr = fgets(str, length - offset, stream)) != NULL) { - - /* Check if current line match start regex */ - if (collecting_lines && w_expression_match(ml_cfg->regex, str, NULL, NULL)) { - /* Rewind. This line dont belong to last log */ - buffer[offset] = '\0'; - multiline_replace(buffer, ML_REPLACE_NONE); - w_fseek(stream, pos, SEEK_SET); - break; - } - - multiline_replace(str, ml_cfg->replace_type); - chunk_sz = strlen(str); - offset += chunk_sz; - str += chunk_sz; - readed_lines++; - /* Save current posistion in case we have to rewind */ - pos = w_ftell(stream); - collecting_lines = true; - /* Allow save new content in the context in case can_read() fail */ - retstr = NULL; - /* Avoid fgets infinite loop behavior when size parameter is 1 */ - if (offset == length - 1) { - break; - } - } - - /* Check if we have to save/create context in case - Multiline log found but MAYBE not finished yet */ - if (collecting_lines && retstr == NULL && length > offset + 1) { - multiline_ctxt_backup(buffer, readed_lines, &ml_cfg->ctxt); - readed_lines = 0; - } else if (length == offset + 1) { - // Discard the rest of the log, moving the pointer to the next end of line - while (true) { - c = fgetc(stream); - if (c == '\n' || c == '\0' || c == EOF) { - break; - } - } - } - - /* If the lastest line complete the multiline log, free the context */ - if (ml_cfg->ctxt && readed_lines > 0) { - multiline_ctxt_free(&ml_cfg->ctxt); - } - - return readed_lines; -} - -STATIC int multiline_getlog_end(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg) { - char * str = buffer; - char * retstr = NULL; - int offset = 0; - int chunk_sz = 0; - bool collecting_lines = false; - int readed_lines = 0; - int c = 0; - *str = '\0'; - - /* Check if a context restore is needed */ - if (ml_cfg->ctxt) { - multiline_ctxt_restore(str, &readed_lines, ml_cfg->ctxt); - offset = strlen(str); - str += offset; - collecting_lines = true; - /* If the context it's expired then free it and return log */ - if (multiline_ctxt_is_expired(ml_cfg->timeout, ml_cfg->ctxt)) { - multiline_ctxt_free(&ml_cfg->ctxt); - /* delete last end-of-line character (LF / CR LF) */ - multiline_replace(buffer, ML_REPLACE_NONE); - return readed_lines; - } - } - - while (can_read() && (retstr = fgets(str, length - offset, stream)) != NULL) { - - readed_lines++; - if (w_expression_match(ml_cfg->regex, str, NULL, NULL)) { - multiline_replace(buffer, ML_REPLACE_NONE); - collecting_lines = false; - break; - } - multiline_replace(str, ml_cfg->replace_type); - chunk_sz = strlen(str); - offset += chunk_sz; - str += chunk_sz; - collecting_lines = true; - /* Allow save new content in the context in case can_read() fail */ - retstr = NULL; - /* Avoid fgets infinite loop behauvior when size parameter is 1 */ - if (offset == length - 1) { - break; - } - } - - /* Check if we have to save/create context in case - Multiline log found but not finished yet */ - if (collecting_lines && retstr == NULL && length > offset + 1) { - multiline_ctxt_backup(buffer, readed_lines, &ml_cfg->ctxt); - readed_lines = 0; - } else if (length == offset + 1) { - // Discard the rest of the log, moving the pointer to the next end of line - while (true) { - c = fgetc(stream); - if (c == '\n' || c == '\0' || c == EOF) { - break; - } - } - } - - /* If the lastest line complete the multiline log, free the context */ - if (ml_cfg->ctxt && readed_lines > 0) { - multiline_ctxt_free(&ml_cfg->ctxt); - } - - return readed_lines; -} - -STATIC int multiline_getlog_all(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg) { - - char * str = buffer; - char * retstr = NULL; - int offset = 0; - int chunk_sz = 0; - bool collecting_lines = false; - int readed_lines = 0; - int c = 0; - *str = '\0'; - - /* Check if a context restore is needed */ - if (ml_cfg->ctxt) { - multiline_ctxt_restore(str, &readed_lines, ml_cfg->ctxt); - offset = strlen(str); - str += offset; - collecting_lines = true; - /* If the context it's expired then free it and return log */ - if (multiline_ctxt_is_expired(ml_cfg->timeout, ml_cfg->ctxt)) { - multiline_ctxt_free(&ml_cfg->ctxt); - /* delete last end-of-line character (LF / CR LF) */ - multiline_replace(buffer, ML_REPLACE_NONE); - return readed_lines; - } - } - - while (can_read() && (retstr = fgets(str, length - offset, stream)) != NULL) { - - readed_lines++; - if (w_expression_match(ml_cfg->regex, buffer, NULL, NULL)) { - multiline_replace(buffer, ML_REPLACE_NONE); - collecting_lines = false; - break; - } - - multiline_replace(str, ml_cfg->replace_type); - chunk_sz = strlen(str); - offset += chunk_sz; - str += chunk_sz; - collecting_lines = true; - /* Allow save new content in the context in case can_read() fail */ - retstr = NULL; - /* Avoid fgets infinite loop behauvior when size parameter is 1 */ - if (offset == length - 1) { - break; - } - } - - /* Check if we have to save/create context in case - Multiline log found but not finished yet */ - if (collecting_lines && retstr == NULL && length > offset + 1) { - multiline_ctxt_backup(buffer, readed_lines, &ml_cfg->ctxt); - readed_lines = 0; - } else if (length == offset + 1) { - // Discard the rest of the log, moving the pointer to the next end of line - while (true) { - c = fgetc(stream); - if (c == '\n' || c == '\0' || c == EOF) { - break; - } - } - } - - /* If the lastest line complete the multiline log, free the context */ - if (ml_cfg->ctxt && readed_lines > 0) { - multiline_ctxt_free(&ml_cfg->ctxt); - } - - return readed_lines; -} - -STATIC void multiline_replace(char * str, w_multiline_replace_type_t type) { - - const char newline = '\n'; - const char creturn = '\r'; - const char tab = '\t'; - const char wspace = ' '; - char * pos_newline; - char * pos_creturn; - - if (str == NULL || str[0] == '\0') { - return; - } - - if (pos_newline = (str + strlen(str) - 1), *pos_newline != newline) { - return; - } - - pos_creturn = (strlen(str) > 1) && (*(pos_newline - 1) == creturn) ? (pos_newline - 1) : NULL; - - switch (type) { - case ML_REPLACE_WSPACE: - if (pos_creturn) { - *pos_creturn = wspace; - *pos_newline = '\0'; - } else { - *pos_newline = wspace; - } - - break; - - case ML_REPLACE_TAB: - if (pos_creturn) { - *pos_creturn = tab; - *pos_newline = '\0'; - } else { - *pos_newline = tab; - } - - break; - - case ML_REPLACE_NONE: - if (pos_creturn) { - *pos_creturn = '\0'; - } else { - *pos_newline = '\0'; - } - break; - - default: - case ML_REPLACE_NO_REPLACE: - break; - } -} - -STATIC void multiline_ctxt_backup(char * buffer, int readed_lines, w_multiline_ctxt_t ** ctxt) { - - size_t current_bsize = strlen(buffer); - - if (*ctxt && (strlen((*ctxt)->buffer) == current_bsize)) { - return; - } - - if (*ctxt) { - size_t old_size = strlen((*ctxt)->buffer); - os_realloc((*ctxt)->buffer, sizeof(char) * (current_bsize + 1), (*ctxt)->buffer); - strcpy((*ctxt)->buffer + old_size, buffer + old_size); - - } else { - os_calloc(1, sizeof(w_multiline_ctxt_t), *ctxt); - os_calloc(current_bsize + 1, sizeof(char), (*ctxt)->buffer); - strcpy((*ctxt)->buffer, buffer); - } - - (*ctxt)->lines_count = readed_lines; - (*ctxt)->timestamp = time(NULL); -} - -STATIC void multiline_ctxt_free(w_multiline_ctxt_t ** ctxt) { - - if ((*ctxt) == NULL) { - return; - } - if ((*ctxt)->buffer) { - os_free((*ctxt)->buffer); - } - - os_free(*ctxt); -} - -STATIC bool multiline_ctxt_restore(char * buffer, int * readed_lines, w_multiline_ctxt_t * ctxt) { - - if (ctxt == NULL) { - return false; - } - strcpy(buffer, ctxt->buffer); - *readed_lines = ctxt->lines_count; - return true; -} - -STATIC bool multiline_ctxt_is_expired(time_t timeout, w_multiline_ctxt_t * ctxt) { - - if (ctxt == NULL) { - return true; - } - - if (time(NULL) - ctxt->timestamp > timeout) { - return true; - } - - return false; -} - -STATIC char * get_file_chunk(FILE * stream, int64_t initial_pos, int64_t final_pos) { - - char * ret_buffer = NULL; - int64_t read_length = final_pos - initial_pos; - - if (read_length <= 0 || w_fseek(stream, initial_pos, SEEK_SET) != 0) { - return ret_buffer; - } - - os_calloc((size_t) read_length + 1, sizeof(char), ret_buffer); - int64_t ret = (int64_t) fread(ret_buffer, sizeof(char), read_length, stream); - - if (ret != read_length) { - /* do not move the pointer to the file, it will remain at the end */ - os_free(ret_buffer); - } - - return ret_buffer; -} diff --git a/src/modules/logcollector/src/read_mysql_log.c b/src/modules/logcollector/src/read_mysql_log.c deleted file mode 100644 index 014cd3f5fa..0000000000 --- a/src/modules/logcollector/src/read_mysql_log.c +++ /dev/null @@ -1,261 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Read MySQL logs */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - -/* Starting last time */ -static char __mysql_last_time[36] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - - -void *read_mysql_log(logreader *lf, int *rc, int drop_it) { - size_t str_len = 0; - int need_clear = 0; - char *p; - char str[OS_MAX_LOG_SIZE] = {0}; - char buffer[OS_MAX_LOG_SIZE] = {0}; - int lines = 0; - int bytes_written = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - /* Get new entry */ - while (can_read() && fgets(str, sizeof(str), lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - /* Get buffer size */ - str_len = strlen(str); - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Get the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - - /* If need clear is set, we just get the line and ignore it */ - if (need_clear) { - need_clear = 0; - continue; - } - } else { - need_clear = 1; - } - -#ifdef WIN32 - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on windows) */ - if (str_len <= 2) { - continue; - } - - - /* Windows can have comment on their logs */ - if (str[0] == '#') { - continue; - } -#endif - - /* MySQL messages have the following format: - * 070823 21:01:30 xx - */ - if ((str_len > 18) && - (str[6] == ' ') && - (str[9] == ':') && - (str[12] == ':') && - isdigit((int)str[0]) && - isdigit((int)str[1]) && - isdigit((int)str[2]) && - isdigit((int)str[3]) && - isdigit((int)str[4]) && - isdigit((int)str[5]) && - isdigit((int)str[7]) && - isdigit((int)str[8])) { - /* Save last time */ - strncpy(__mysql_last_time, str, 16); - __mysql_last_time[15] = '\0'; - - - /* Remove spaces and tabs */ - p = str + 15; - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Valid MySQL message */ - bytes_written = snprintf(buffer, sizeof(buffer), "MySQL log: %s %s", - __mysql_last_time, p); - } - - /* MySQL 5.7 messages have the following format(in case of NOT utc): - * YYYY-MM-DDThh:mm:ss.uuuuuu±hh:mm XX - * ref: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_log_timestamps - */ - else if ((str_len > 35) && - (str[4] == '-') && - (str[7] == '-') && - (str[10] == 'T') && - (str[13] == ':') && - (str[16] == ':') && - (str[19] == '.') && - ((str[26] == '-') || (str[26] == '+')) && - (str[29] == ':') && - (str[32] == ' ') && - isdigit((int)str[0]) && - isdigit((int)str[1]) && - isdigit((int)str[2]) && - isdigit((int)str[3]) && - isdigit((int)str[5]) && - isdigit((int)str[6]) && - isdigit((int)str[8]) && - isdigit((int)str[9]) && - isdigit((int)str[11]) && - isdigit((int)str[12]) && - isdigit((int)str[14]) && - isdigit((int)str[15]) && - isdigit((int)str[17]) && - isdigit((int)str[18]) && - isdigit((int)str[20]) && - isdigit((int)str[21]) && - isdigit((int)str[22]) && - isdigit((int)str[23]) && - isdigit((int)str[24]) && - isdigit((int)str[25]) && - isdigit((int)str[27]) && - isdigit((int)str[28]) && - isdigit((int)str[30]) && - isdigit((int)str[31])) { - /* Save last time */ - strncpy(__mysql_last_time, str, 33); - __mysql_last_time[32] = '\0'; - - /* Remove spaces and tabs */ - p = str + 32; - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Valid MySQL message */ - bytes_written = snprintf(buffer, sizeof(buffer), "MySQL log: %s %s", - __mysql_last_time, p); - } - - /* MySQL 5.7 messages have the following format(in case of utc): - * YYYY-MM-DDThh:mm:ss.uuuuuuZ XX - * ref: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_log_timestamps - */ - else if ((str_len > 30) && - (str[4] == '-') && - (str[7] == '-') && - (str[10] == 'T') && - (str[13] == ':') && - (str[16] == ':') && - (str[19] == '.') && - (str[26] == 'Z') && - (str[27] == ' ') && - isdigit((int)str[0]) && - isdigit((int)str[1]) && - isdigit((int)str[2]) && - isdigit((int)str[3]) && - isdigit((int)str[5]) && - isdigit((int)str[6]) && - isdigit((int)str[8]) && - isdigit((int)str[9]) && - isdigit((int)str[11]) && - isdigit((int)str[12]) && - isdigit((int)str[14]) && - isdigit((int)str[15]) && - isdigit((int)str[17]) && - isdigit((int)str[18]) && - isdigit((int)str[20]) && - isdigit((int)str[21]) && - isdigit((int)str[22]) && - isdigit((int)str[23]) && - isdigit((int)str[24]) && - isdigit((int)str[25])) { - /* Save last time */ - strncpy(__mysql_last_time, str, 28); - __mysql_last_time[27] = '\0'; - - /* Remove spaces and tabs */ - p = str + 27; - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Valid MySQL message */ - bytes_written = snprintf(buffer, sizeof(buffer), "MySQL log: %s %s", - __mysql_last_time, p); - } - - /* Multiple events at the same second share the same timestamp: - * 0909 2020 2020 2020 20 - */ - else if ((str_len > 10) && (__mysql_last_time[0] != '\0') && - (str[0] == 0x09) && - (str[1] == 0x09) && - (str[2] == 0x20) && - (str[3] == 0x20) && - (str[4] == 0x20) && - (str[5] == 0x20) && - (str[6] == 0x20) && - (str[7] == 0x20)) { - p = str + 2; - - /* Remove extra spaces and tabs */ - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Valid MySQL message */ - bytes_written = snprintf(buffer, sizeof(buffer), "MySQL log: %s %s", - __mysql_last_time, p); - } else { - continue; - } - - if (bytes_written < 0) { - merror("Error %d (%s) while reading message: '%s' (length = " FTELL_TT "): '%s'...", errno, strerror(errno), lf->file, FTELL_INT64 bytes_written, buffer); - } else if ((size_t)bytes_written >= sizeof(buffer)) { - merror("Message size too big on file '%s' (length = " FTELL_TT "): '%s'...", lf->file, FTELL_INT64 bytes_written, buffer); - } - - mdebug2("Reading mysql messages: '%s'", buffer); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, buffer)) { - /* Send message to queue */ - w_msg_hash_queues_push(buffer, lf->file, strlen(buffer) + 1, lf->log_target, LOCALFILE_MQ); - } - } - - current_position = w_ftell(lf->fp); - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_nmapg.c b/src/modules/logcollector/src/read_nmapg.c deleted file mode 100644 index efe1ab928a..0000000000 --- a/src/modules/logcollector/src/read_nmapg.c +++ /dev/null @@ -1,284 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - -#define NMAPG_HOST "Host: " -#define NMAPG_PORT "Ports:" -#define NMAPG_OPEN "open/" -#define NMAPG_STAT "Status:" -#define PORT_PROTO " %s(%s)" - -/* Prototypes */ -static char *__go_after(char *x, const char *y); -static char *__get_port(char *str, char *proto, char *port, size_t msize); - - -/* Get port and protocol */ -static char *__get_port(char *str, char *proto, char *port, size_t msize) -{ - int filtered = 0; - char *p, *q; - - /* Remov whitespace */ - while (*str == ' ') { - str++; - } - - /* Get port */ - p = strchr(str, '/'); - if (!p) { - return (NULL); - } - *p = '\0'; - p++; - - /* Get port */ - strncpy(port, str, msize); - port[msize - 1] = '\0'; - - /* Check if the port is open */ - q = __go_after(p, NMAPG_OPEN); - if (!q) { - /* Port is not open */ - filtered = 1; - q = p; - - /* Going to the start of protocol field */ - p = strchr(q, '/'); - if (!p) { - return (NULL); - } - p++; - } else { - p = q; - } - - /* Get protocol */ - str = p; - p = strchr(str, '/'); - if (!p) { - return (NULL); - } - *p = '\0'; - p++; - - strncpy(proto, str, msize); - proto[msize - 1] = '\0'; - - /* Set proto to null if port is not open */ - if (filtered) { - proto[0] = '\0'; - } - - /* Remove slashes */ - if (*p == '/') { - p++; - q = p; - p = strchr(p, ','); - if (p) { - return (p); - } - - return (q); - } - - return (NULL); -} - -/* Check if the string matches */ -static char *__go_after(char *x, const char *y) -{ - size_t x_s; - size_t y_s; - - /* X and Y must be not null */ - if (!x || !y) { - return (NULL); - } - - x_s = strlen(x); - y_s = strlen(y); - - if (x_s <= y_s) { - return (NULL); - } - - /* String does not match */ - if (strncmp(x, y, y_s) != 0) { - return (NULL); - } - - x += y_s; - - return (x); -} - -/* Read Nmap grepable files */ -void *read_nmapg(logreader *lf, int *rc, int drop_it) { - int final_msg_s; - int index = 0; - int need_clear = 0; - - char str[OS_MAX_LOG_SIZE] = {0}; - char final_msg[OS_MAX_LOG_SIZE] = {0}; - char port[17] = {0}; - char proto[17] = {0}; - - char *ip = NULL; - char *p; - char *q; - - int lines = 0; - int bytes_written = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - while (can_read() && fgets(str, sizeof(str), lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* If need clear is set, we need to clear the line */ - if (need_clear) { - if (q = strchr(str, '\n'), q != NULL) { - need_clear = 0; - } - continue; - } - - /* Remove \n at the end of the string */ - if ((q = strchr(str, '\n')) != NULL) { - *q = '\0'; - } else { - need_clear = 1; - } - - /* Do not get commented lines */ - if ((str[0] == '#') || (str[0] == '\0')) { - continue; - } - - /* Get host */ - q = __go_after(str, NMAPG_HOST); - if (!q) { - goto file_error; - } - - /* Get ip/hostname */ - p = strchr(q, ')'); - if (!p) { - goto file_error; - } - - /* Setting the valid ip */ - ip = q; - - /* Get the ports */ - q = strchr(p, '\t'); - if (!q) { - goto file_error; - } - q++; - - /* Now fixing p, to have the closing parenthesis */ - p++; - *p = '\0'; - - /* q now should point to the ports */ - p = __go_after(q, NMAPG_PORT); - if (!p) { - /* Check if no port is available */ - p = __go_after(q, NMAPG_STAT); - if (p) { - continue; - } - - goto file_error; - } - - /* Generate final msg */ - bytes_written = snprintf(final_msg, sizeof(final_msg), "Host: %s, open ports:", - ip); - - if (bytes_written < 0) { - final_msg_s = 0; - merror("Error %d (%s) formatting string from file '%s' (length = " FTELL_TT "): '%s'...", errno, strerror(errno), lf->file, FTELL_INT64 bytes_written, final_msg); - } else if ((size_t)bytes_written < sizeof(final_msg)) { - final_msg_s = OS_MAX_LOG_SIZE - strlen(final_msg); - } else { - final_msg_s = 0; - merror("Large message size from file '%s' (length = " FTELL_TT "): '%s'...", lf->file, FTELL_INT64 bytes_written, final_msg); - } - - /* Get port and protocol */ - do { - /* Avoid filling the buffer (3*port size) */ - if (final_msg_s < 27) { - break; - } - - p = __get_port(p, proto, port, 9); - if (!p) { - mdebug1("Bad formated nmap grepable file (port)."); - break; - } - - /* Port not open */ - if (proto[0] == '\0') { - continue; - } - - /* Add ports */ - index = strlen(final_msg); - index = snprintf((final_msg + index), final_msg_s, PORT_PROTO, port, proto); - final_msg_s -= index; - - } while (*p == ',' && (p++)); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, final_msg)) { - /* Send message to queue */ - w_msg_hash_queues_push(final_msg, lf->file, strlen(final_msg) + 1, lf->log_target, HOSTINFO_MQ); - } - - /* Get next */ - continue; - - /* Handle errors */ -file_error: - - merror("Bad formated nmap grepable file."); - EVP_MD_CTX_free(context); - *rc = -1; - return (NULL); - - } - - current_position = w_ftell(lf->fp); - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_ossecalert.c b/src/modules/logcollector/src/read_ossecalert.c deleted file mode 100644 index ae07a5221b..0000000000 --- a/src/modules/logcollector/src/read_ossecalert.c +++ /dev/null @@ -1,120 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2012 Daniel B. Cid (http://dcid.me) - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "headers/read-alert.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -void *read_ossecalert(logreader *lf, __attribute__((unused)) int *rc, int drop_it) { - alert_data *al_data; - char user_msg[256]; - char srcip_msg[256]; - char syslog_msg[OS_SIZE_2048 + 1]; - - *rc = 0; - - al_data = GetAlertData(0, lf->fp); - if (!al_data) { - return (NULL); - } - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - os_sha1 output; - int64_t current_position = w_ftell(lf->fp); - - if (OS_SHA1_File_Nbytes(lf->file, &context, output, OS_BINARY, current_position) < 0) { - merror(FAIL_SHA1_GEN, lf->file); - } - - w_update_file_status(lf->file, current_position, context); - - memset(syslog_msg, '\0', OS_SIZE_2048 + 1); - - /* Add source ip */ - if (!al_data->srcip || - ((al_data->srcip[0] == '(') && - (al_data->srcip[1] == 'n') && - (al_data->srcip[2] == 'o'))) { - srcip_msg[0] = '\0'; - } else { - snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip); - } - - /* Add username */ - if (!al_data->user || - ((al_data->user[0] == '(') && - (al_data->user[1] == 'n') && - (al_data->user[2] == 'o'))) { - user_msg[0] = '\0'; - } else { - snprintf(user_msg, 255, " user: %s;", al_data->user); - } - - if (al_data->log[1] == NULL) { - /* Build syslog message */ - snprintf(syslog_msg, OS_SIZE_2048, - "ossec: Alert Level: %d; Rule: %d - %s; " - "Location: %s;%s%s %s", - al_data->level, al_data->rule, al_data->comment, - al_data->location, - srcip_msg, - user_msg, - al_data->log[0]); - } else { - char *tmp_msg = NULL; - short int j = 0; - - while (al_data->log[j] != NULL) { - tmp_msg = os_LoadString(tmp_msg, al_data->log[j]); - tmp_msg = os_LoadString(tmp_msg, "\n"); - if (tmp_msg == NULL) { - FreeAlertData(al_data); - return (NULL); - } - j++; - } - - if (tmp_msg == NULL) { - FreeAlertData(al_data); - return (NULL); - } - - if (strlen(tmp_msg) > 1596) { - tmp_msg[1594] = '.'; - tmp_msg[1595] = '.'; - tmp_msg[1596] = '.'; - tmp_msg[1597] = '\0'; - } - snprintf(syslog_msg, OS_SIZE_2048, - "ossec: Alert Level: %d; Rule: %d - %s; " - "Location: %s;%s%s %s", - al_data->level, al_data->rule, al_data->comment, - al_data->location, - srcip_msg, - user_msg, - tmp_msg); - - free(tmp_msg); - } - - /* Clear the memory */ - FreeAlertData(al_data); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, syslog_msg)) { - /* Send message to queue */ - w_msg_hash_queues_push(syslog_msg, lf->file, strlen(syslog_msg) + 1, lf->log_target, LOCALFILE_MQ); - } - - return (NULL); -} diff --git a/src/modules/logcollector/src/read_postgresql_log.c b/src/modules/logcollector/src/read_postgresql_log.c deleted file mode 100644 index e69201c2ad..0000000000 --- a/src/modules/logcollector/src/read_postgresql_log.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Read PostgreSQL logs */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Send pgsql message and check the return code */ -static void __send_pgsql_msg(logreader *lf, int drop_it, char *buffer) { - mdebug2("Reading PostgreSQL message: '%s'", buffer); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, buffer)) { - /* Send message to queue */ - w_msg_hash_queues_push(buffer, lf->file, strlen(buffer) + 1, lf->log_target, LOCALFILE_MQ); - } -} - -/* Read PostgreSQL log files */ -void *read_postgresql_log(logreader *lf, int *rc, int drop_it) { - size_t str_len = 0; - int need_clear = 0; - char *p; - char str[OS_MAX_LOG_SIZE] = {0}; - char buffer[OS_MAX_LOG_SIZE] = {0}; - int lines = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - /* Get new entry */ - while (can_read() && fgets(str, sizeof(str), lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - /* Get buffer size */ - str_len = strlen(str); - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Check str_len size. Very useless, but just to make sure.. */ - if (str_len >= sizeof(buffer) - 2) { - str_len = sizeof(buffer) - 10; - } - - /* Get the last occurrence of \n */ - if ((p = strrchr(str, '\n')) != NULL) { - *p = '\0'; - - /* If need_clear is set, we just get the line and ignore it. */ - if (need_clear) { - need_clear = 0; - continue; - } - } else { - need_clear = 1; - } - -#ifdef WIN32 - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on Windows) */ - if (str_len <= 1) { - continue; - } - - /* Windows can have comment on their logs */ - if (str[0] == '#') { - continue; - } -#endif - - /* PostgreSQL messages have the following format: - * [2007-08-31 19:17:32.186 ADT] 192.168.2.99:db_name - */ - if ((str_len > 32) && - (str[0] == '[') && - (str[5] == '-') && - (str[8] == '-') && - (str[11] == ' ') && - (str[14] == ':') && - (str[17] == ':') && - isdigit((int)str[1]) && - isdigit((int)str[12])) { - - /* If the saved message is empty, set it and continue */ - if (buffer[0] == '\0') { - snprintf(buffer, sizeof(buffer), "%s", str); - continue; - } - - /* If not, send the saved one and store the new one for later */ - else { - __send_pgsql_msg(lf, drop_it, buffer); - /* Store current one at the buffer */ - snprintf(buffer, sizeof(buffer), "%s", str); - } - } - - /* Query logs can be in multiple lines - * They always start with a tab in the additional ones - */ - else if ((str_len > 2) && (buffer[0] != '\0') && - (str[0] == '\t')) { - /* Size of the buffer */ - size_t buffer_len = strlen(buffer); - - p = str + 1; - - /* Remove extra spaces and tabs */ - while (*p == ' ' || *p == '\t') { - p++; - } - - /* Add additional message to the saved buffer */ - if (sizeof(buffer) - buffer_len > str_len) { - /* Here we make sure that the size of the buffer - * minus what was used (strlen) is greater than - * the length of the received message. - */ - buffer[buffer_len] = ' '; - buffer[buffer_len + 1] = '\0'; - strncat(buffer, str, str_len + 3); - } - } - - } - - /* Send whatever is stored */ - if (buffer[0] != '\0') { - __send_pgsql_msg(lf, drop_it, buffer); - } - - current_position = w_ftell(lf->fp); - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_snortfull.c b/src/modules/logcollector/src/read_snortfull.c deleted file mode 100644 index 3fe8392efc..0000000000 --- a/src/modules/logcollector/src/read_snortfull.c +++ /dev/null @@ -1,136 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - -#define LABEL_PREPROCESSOR_MESSAGE "[Classification: Preprocessor] [Priority: 3] " - -/* Read snort_full files */ -void *read_snortfull(logreader *lf, int *rc, int drop_it) { - int f_msg_size = OS_MAX_LOG_SIZE - 1; - const char *one = "one"; - const char *two = "two"; - const char *p = NULL; - char *q; - char str[OS_MAX_LOG_SIZE] = {0}; - char f_msg[OS_MAX_LOG_SIZE] = {0}; - int lines = 0; - - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - while (can_read() && fgets(str, sizeof(str), lf->fp) != NULL && (!maximum_lines || lines < maximum_lines)) { - - lines++; - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Remove \n at the end of the string */ - if ((q = strrchr(str, '\n')) != NULL) { - *q = '\0'; - } else { - goto file_error; - } - - /* First part of the message */ - if (p == NULL) { - if (strncmp(str, "[**] [", 6) == 0) { - snprintf(f_msg, sizeof(f_msg), "%s", str); - f_msg_size -= strlen(str); - p = one; - } - } else { - if (p == one) { - /* Second line has the [Classification: */ - if (strncmp(str, "[Classification: ", 16) == 0) { - strncat(f_msg, str, f_msg_size); - f_msg_size -= strlen(str); - p = two; - } else if (strncmp(str, "[Priority: ", 10) == 0) { - strncat(f_msg, LABEL_PREPROCESSOR_MESSAGE, f_msg_size); - f_msg_size -= sizeof(LABEL_PREPROCESSOR_MESSAGE) - 1; - p = two; - } - - /* If it is a preprocessor message, it will not have - * the classification. - */ - else if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { - strncat(f_msg, LABEL_PREPROCESSOR_MESSAGE, f_msg_size); - f_msg_size -= sizeof(LABEL_PREPROCESSOR_MESSAGE) - 1; - strncat(f_msg, ++q, f_msg_size - 40); - - /* Clean for next event */ - p = NULL; - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - /* Send message to queue */ - w_msg_hash_queues_push(str, lf->file, strlen(f_msg), lf->log_target, LOCALFILE_MQ); - } - - f_msg[0] = '\0'; - f_msg_size = OS_MAX_LOG_SIZE - 1; - str[0] = '\0'; - } else { - goto file_error; - } - } else if (p == two) { - /* Third line has the 01/13-15 (date) */ - if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { - strncat(f_msg, ++q, f_msg_size); - p = NULL; - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - /* Send message to queue */ - w_msg_hash_queues_push(str, lf->file, strlen(str) + 1, lf->log_target, LOCALFILE_MQ); - } - - f_msg[0] = '\0'; - f_msg_size = OS_MAX_LOG_SIZE - 1; - str[0] = '\0'; - } else { - goto file_error; - } - - } - } - - continue; - -file_error: - - merror("Bad formated snort full file."); - *rc = -1; - EVP_MD_CTX_free(context); - return (NULL); - - } - - current_position = w_ftell(lf->fp); - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_syslog.c b/src/modules/logcollector/src/read_syslog.c deleted file mode 100644 index 1355fc1b56..0000000000 --- a/src/modules/logcollector/src/read_syslog.c +++ /dev/null @@ -1,154 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Read the syslog */ - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Read syslog files */ -void *read_syslog(logreader *lf, int *rc, int drop_it) { - int __ms = 0; - int __ms_reported = 0; - char str[OS_MAXSTR + 1]; - int64_t current_position = 0; - int lines = 0; - int64_t offset = 0; - int64_t rbytes = 0; - - str[OS_MAXSTR] = '\0'; - *rc = 0; - - /* Obtain context to calculate hash */ - current_position = w_ftell(lf->fp); - - EVP_MD_CTX *context = EVP_MD_CTX_new(); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - for (offset = w_ftell(lf->fp); can_read() && fgets(str, OS_MAXSTR - OS_LOG_HEADER, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - lines++; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - str[rbytes - 1] = '\0'; - - if ((int64_t)strlen(str) != rbytes - 1) - { - mdebug2("Line in '%s' contains some zero-bytes (valid=" FTELL_TT "/ total=" FTELL_TT "). Dropping line.", lf->file, FTELL_INT64 strlen(str), FTELL_INT64 rbytes - 1); - continue; - } - } - - /* If we didn't get the new line, because the - * size is large, send what we got so far. - */ - else if (rbytes == OS_MAXSTR - OS_LOG_HEADER - 1) { - /* Message size > maximum allowed */ - __ms = 1; - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - str[rbytes - 1] = '\0'; - } else { - /* We may not have gotten a line feed - * because we reached EOF. - */ - if (feof(lf->fp)) { - /* Message not complete. Return. */ - mdebug2("Message not complete from '%s'. Trying again: '%.*s'%s", lf->file, sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - if(current_position >= 0) { - w_fseek(lf->fp, current_position, SEEK_SET); - } - break; - } - } - -#ifdef WIN32 - char * p; - - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on Windows) */ - if (rbytes <= 2) { - current_position = w_ftell(lf->fp); - continue; - } - - /* Windows can have comment on their logs */ - if (str[0] == '#') { - current_position = w_ftell(lf->fp); - continue; - } -#endif - - mdebug2("Reading syslog message: '%.*s'%s", sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - - /* Check ignore and restrict log regex, if configured. */ - if (drop_it == 0 && !check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, str)) { - /* Send message to queue */ - w_msg_hash_queues_push(str, lf->file, rbytes, lf->log_target, LOCALFILE_MQ); - } - - /* Incorrect message size */ - if (__ms) { - // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2) - // truncate str before logging to ossec.log - - if (!__ms_reported) { - merror("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - __ms_reported = 1; - } else { - mdebug2("Large message size from file '%s' (length = " FTELL_TT "): '%.*s'...", lf->file, FTELL_INT64 rbytes, sample_log_length, str); - } - - for (offset += rbytes; fgets(str, OS_MAXSTR - 2, lf->fp) != NULL; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - break; - } - } - __ms = 0; - } - current_position = w_ftell(lf->fp); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} diff --git a/src/modules/logcollector/src/read_ucs2_be.c b/src/modules/logcollector/src/read_ucs2_be.c deleted file mode 100644 index 90afbddcc1..0000000000 --- a/src/modules/logcollector/src/read_ucs2_be.c +++ /dev/null @@ -1,172 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Read the syslog */ -#ifdef WIN32 - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" -#define OS_MAXSTR_BE OS_MAXSTR * 2 - -/* Read ucs2 files */ -void *read_ucs2_be(logreader *lf, int *rc, int drop_it) { - int __ms = 0; - int __ms_reported = 0; - char str[OS_MAXSTR_BE + 1]; - int lines = 0; - int64_t offset = 0; - int64_t rbytes = 0; - - str[OS_MAXSTR_BE] = '\0'; - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - for (offset = w_ftell(lf->fp); can_read() && fgets(str, OS_MAXSTR_BE - OS_LOG_HEADER, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - lines++; - - mdebug2("Bytes read from '%s': %lld bytes",lf->file,rbytes); - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - str[rbytes - 1] = '\0'; - } - /* If we didn't get the new line, because the - * size is large, send what we got so far. - */ - else if (rbytes == OS_MAXSTR_BE - OS_LOG_HEADER - 1) { - /* Message size > maximum allowed */ - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - __ms = 1; - str[rbytes - 1] = '\0'; - } else { - /* We may not have gotten a line feed - * because we reached EOF. - */ - if (lf->ucs2 == UCS2_LE && feof(lf->fp)) { - /* Message not complete. Return. */ - mdebug2("Message not complete from '%s'. Trying again: '%.*s'%s", lf->file, sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - w_fseek(lf->fp, current_position, SEEK_SET); - break; - } - } - - char * p; - - if ((p = strrchr(str, '\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on Windows) */ - if (rbytes <= 4) { - current_position = w_ftell(lf->fp); - continue; - } - - /* Windows can have comment on their logs */ - if (str[1] == '#') { - current_position = w_ftell(lf->fp); - continue; - } - - mdebug2("Reading syslog message: '%.*s'%s", sample_log_length, str, rbytes > sample_log_length ? "..." : ""); - - /* Send message to queue */ - if (drop_it == 0) { - - long int utf8_bytes = 0; - char *utf8_string = NULL; - - /* If the file is Big Endian, swap every byte */ - int i; - int j = 0; - for (i = 0; i < (OS_MAXSTR_BE / 2); i++) { - char c = str[j]; - str[j] = str[j+1]; - str[j+1] = c; - j+=2; - } - - if (utf8_bytes = WideCharToMultiByte(CP_UTF8, 0, (wchar_t *) str, -1, NULL, 0, NULL, NULL), utf8_bytes > 0) { - os_calloc(utf8_bytes + 1, sizeof(char), utf8_string); - utf8_bytes = WideCharToMultiByte(CP_UTF8, 0, (wchar_t *) str, -1, utf8_string, utf8_bytes, NULL, NULL); - utf8_string[utf8_bytes] = '\0'; - mdebug2("Line converted to UTF-8 is %ld bytes",utf8_bytes); - } - - if (!utf8_bytes) { - mdebug1("Couldn't transform read line to UTF-8: %lu.", GetLastError()); - os_free(utf8_string); - continue; - } - - if (!check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, utf8_string)) { - w_msg_hash_queues_push(utf8_string, lf->file, utf8_bytes, lf->log_target, LOCALFILE_MQ); - } - - os_free(utf8_string); - } - /* Incorrect message size */ - if (__ms) { - - if (!__ms_reported) { - merror("Large message size from file '%s' (length = %lld): '%.*s'...", lf->file, rbytes, sample_log_length, str); - __ms_reported = 1; - } else { - mdebug2("Large message size from file '%s' (length = %lld): '%.*s'...", lf->file, rbytes, sample_log_length, str); - } - - for (offset += rbytes; fgets(str, OS_MAXSTR_BE - 2, lf->fp) != NULL; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, str); - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 1] == '\n') { - break; - } - } - __ms = 0; - } - current_position = w_ftell(lf->fp); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} -#endif diff --git a/src/modules/logcollector/src/read_ucs2_le.c b/src/modules/logcollector/src/read_ucs2_le.c deleted file mode 100644 index 77933f59e3..0000000000 --- a/src/modules/logcollector/src/read_ucs2_le.c +++ /dev/null @@ -1,166 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -/* Read the syslog */ -#ifdef WIN32 - -#include "shared.h" -#include "logcollector.h" -#include "os_crypto/sha1/sha1_op.h" - - -/* Read ucs2 files */ -void *read_ucs2_le(logreader *lf, int *rc, int drop_it) { - int __ms = 0; - int __ms_reported = 0; - wchar_t str[OS_MAXSTR + 1]; - int lines = 0; - int64_t offset = 0; - int64_t rbytes = 0; - - str[OS_MAXSTR] = '\0'; - *rc = 0; - - /* Obtain context to calculate hash */ - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t current_position = w_ftell(lf->fp); - bool is_valid_context_file = w_get_hash_context(lf, &context, current_position); - - for (offset = w_ftell(lf->fp); can_read() && fgetws(str, OS_MAXSTR - OS_LOG_HEADER, lf->fp) != NULL && (!maximum_lines || lines < maximum_lines) && offset >= 0; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - lines++; - - mdebug2("Bytes read from '%s': %lld bytes",lf->file,rbytes); - - /* Flow control */ - if (rbytes <= 0) { - break; - } - - wchar_t * n; - /* Get the last occurrence of \n */ - if ((n = wcsrchr(str, L'\n')) != NULL) { - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, (char *) str); - } - *n = '\0'; - } - /* If we didn't get the new line, because the - * size is large, send what we got so far. - */ - if (rbytes == OS_MAXSTR - OS_LOG_HEADER - 1) { - /* Message size > maximum allowed */ - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, (char *) str); - } - __ms = 1; - str[rbytes - 1] = '\0'; - } else { - /* We may not have gotten a line feed - * because we reached EOF. - */ - if (lf->ucs2 == UCS2_LE && feof(lf->fp)) { - /* Message not complete. Return. */ - mdebug2("Message not complete from '%s'. Trying again: '%.*s'%s", lf->file, sample_log_length,(char* ) str, rbytes > sample_log_length ? "..." : ""); - w_fseek(lf->fp, current_position, SEEK_SET); - break; - } - } - - wchar_t * p; - - if ((p = wcsrchr(str, L'\r')) != NULL) { - *p = '\0'; - } - - /* Look for empty string (only on Windows) */ - if (rbytes <= 4) { - current_position = w_ftell(lf->fp); - continue; - } - - /* Windows can have comment on their logs */ - if (str[0] == '#') { - current_position = w_ftell(lf->fp); - continue; - } - - mdebug2("Reading syslog message: '%.*s'%s", sample_log_length, (char * )str, rbytes > sample_log_length ? "..." : ""); - - /* Send message to queue */ - if (drop_it == 0) { - - long int utf8_bytes = 0; - char *utf8_string = NULL; - - if (utf8_bytes = WideCharToMultiByte(CP_UTF8, 0, (wchar_t *)str, -1, NULL, 0, NULL, NULL), utf8_bytes > 0) { - os_calloc(utf8_bytes + 1, sizeof(char), utf8_string); - utf8_bytes = WideCharToMultiByte(CP_UTF8, 0, (wchar_t *)str, -1, utf8_string, utf8_bytes, NULL, NULL); - utf8_string[utf8_bytes] = '\0'; - mdebug2("Line converted to UTF-8 is %ld bytes",utf8_bytes); - } - - if (!utf8_bytes) { - mdebug1("Couldn't transform read line to UTF-8: %lu.", GetLastError()); - os_free(utf8_string); - continue; - } - - if (!check_ignore_and_restrict(lf->regex_ignore, lf->regex_restrict, utf8_string)) { - w_msg_hash_queues_push(utf8_string, lf->file, utf8_bytes, lf->log_target, LOCALFILE_MQ); - } - - os_free(utf8_string); - } - /* Incorrect message size */ - if (__ms) { - // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2) - // truncate str before logging to ossec.log - - if (!__ms_reported) { - merror("Large message size from file '%s' (length = %lld): '%.*s'...", lf->file, rbytes, sample_log_length, (char* ) str); - __ms_reported = 1; - } else { - mdebug2("Large message size from file '%s' (length = %lld): '%.*s'...", lf->file, rbytes, sample_log_length, (char* ) str); - } - - for (offset += rbytes; fgetws(str, OS_MAXSTR - 2, lf->fp) != NULL; offset += rbytes) { - rbytes = w_ftell(lf->fp) - offset; - - /* Flow control */ - if (rbytes <= 1) { - break; - } - - if (is_valid_context_file) { - OS_SHA1_Stream(context, NULL, (char *) str); - } - - /* Get the last occurrence of \n */ - if (str[rbytes - 2] == '\n') { - break; - } - } - __ms = 0; - } - - current_position = w_ftell(lf->fp); - } - - if (is_valid_context_file) { - w_update_file_status(lf->file, current_position, context); - } else { - EVP_MD_CTX_free(context); - } - - mdebug2("Read %d lines from %s", lines, lf->file); - return (NULL); -} -#endif diff --git a/src/modules/logcollector/src/read_win_el.c b/src/modules/logcollector/src/read_win_el.c deleted file mode 100644 index 25d243a953..0000000000 --- a/src/modules/logcollector/src/read_win_el.c +++ /dev/null @@ -1,662 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "logcollector.h" -#include "state.h" - -#ifdef WIN32 - -#define BUFFER_SIZE 2048*256 - -/* Event logging local structure */ -typedef struct _os_el { - int time_of_last; - char *name; - - EVENTLOGRECORD *er; - HANDLE h; - - DWORD record; - -} os_el; - -/** Global variables **/ - -/* Maximum of 9 event log sources */ -os_el el[9]; -int el_last = 0; -void *vista_sec_id_hash = NULL; -void *dll_hash = NULL; - - -/* Start the event logging for each el */ -int startEL(char *app, os_el *el) -{ - DWORD NumberOfRecords = 0; - - /* Open the event log */ - el->h = OpenEventLog(NULL, app); - if (!el->h) { - merror(EVTLOG_OPEN, app); - return (-1); - } - - el->name = app; - if (GetOldestEventLogRecord(el->h, &el->record) == 0) { - /* Unable to read oldest event log record */ - merror(EVTLOG_GETLAST, app); - CloseEventLog(el->h); - el->h = NULL; - return (-1); - } - - if (GetNumberOfEventLogRecords(el->h, &NumberOfRecords) == 0) { - merror(EVTLOG_GETLAST, app); - CloseEventLog(el->h); - el->h = NULL; - return (-1); - } - - if (NumberOfRecords <= 0) { - return (0); - } - - return ((int)NumberOfRecords); -} - -/* Returns a string that is a human readable datetime from an epoch int */ -char *epoch_to_human(time_t epoch) -{ - static char buf[80]; - struct tm tm_result = { .tm_sec = 0 }; - - localtime_r(&epoch, &tm_result); - strftime(buf, sizeof(buf), "%Y %b %d %H:%M:%S", &tm_result); - return (buf); -} - -/* Returns a string related to the category id of the log */ -char *el_getCategory(int category_id) -{ - char *cat; - switch (category_id) { - case EVENTLOG_ERROR_TYPE: - cat = "ERROR"; - break; - case EVENTLOG_WARNING_TYPE: - cat = "WARNING"; - break; - case EVENTLOG_INFORMATION_TYPE: - cat = "INFORMATION"; - break; - case EVENTLOG_AUDIT_SUCCESS: - cat = "AUDIT_SUCCESS"; - break; - case EVENTLOG_AUDIT_FAILURE: - cat = "AUDIT_FAILURE"; - break; - default: - cat = "Unknown"; - break; - } - return (cat); -} - -/* Returns the event */ -char *el_getEventDLL(char *evt_name, char *source, char *event) -{ - char *ret_str; - HKEY key; - DWORD ret; - char keyname[512] = {'\0'}; - char *skey = NULL, *sval = NULL; - - snprintf(keyname, 510, - "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s", - evt_name, - source); - - /* Check if we have it in memory */ - ret_str = OSHash_Get(dll_hash, keyname + 42); - if (ret_str) { - return (ret_str); - } - - /* Open Registry */ - if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, - KEY_ALL_ACCESS, &key) != ERROR_SUCCESS) { - return (NULL); - } - - ret = MAX_PATH - 1; - if (RegQueryValueEx(key, "EventMessageFile", NULL, - NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS) { - event[0] = '\0'; - RegCloseKey(key); - return (NULL); - } else { - /* Adding to memory */ - skey = strdup(keyname + 42); - sval = strdup(event); - - if (skey != NULL && sval != NULL) { - if (OSHash_Add(dll_hash, skey, sval) != 2) free(sval); - free(skey); - } else { - merror(MEM_ERROR, errno, strerror(errno)); - if (skey != NULL) free(skey); - if (sval != NULL) free(sval); - } - - skey = NULL; - sval = NULL; - } - - RegCloseKey(key); - return (event); -} - -/* Returns a descriptive message of the event - Vista only */ -char *el_vista_getMessage(int evt_id_int, LPTSTR *el_sstring) -{ - DWORD fm_flags = 0; - LPSTR message = NULL; - char *desc_string; - char evt_id[16]; - - /* Flags for format event */ - fm_flags |= FORMAT_MESSAGE_FROM_STRING; - fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER; - fm_flags |= FORMAT_MESSAGE_ARGUMENT_ARRAY; - - /* Get descriptive message */ - evt_id[15] = '\0'; - snprintf(evt_id, 15, "%d", evt_id_int); - - desc_string = OSHash_Get(vista_sec_id_hash, evt_id); - if (!desc_string) { - return (NULL); - } - - if (!FormatMessage(fm_flags, desc_string, 0, 0, - (LPTSTR) &message, 0, el_sstring)) { - return (NULL); - } - - return (message); -} - -/* Returns a descriptive message of the event */ -char *el_getMessage(EVENTLOGRECORD *er, char *name, - char *source, LPTSTR *el_sstring) -{ - DWORD fm_flags = 0; - char tmp_str[257]; - char event[MAX_PATH + 1]; - char *curr_str; - char *next_str; - LPSTR message = NULL; - - HMODULE hevt; - - /* Initialize variables */ - event[MAX_PATH] = '\0'; - tmp_str[256] = '\0'; - - /* Flags for format event */ - fm_flags |= FORMAT_MESSAGE_FROM_HMODULE; - fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER; - fm_flags |= FORMAT_MESSAGE_ARGUMENT_ARRAY; - - /* Get the file name from the registry (stored on event) */ - if (!(curr_str = el_getEventDLL(name, source, event))) { - return (NULL); - } - - /* If our event has multiple libraries, try each one of them */ - while ((next_str = strchr(curr_str, ';'))) { - *next_str = '\0'; - - ExpandEnvironmentStrings(curr_str, tmp_str, 255); - - /* Revert back old value */ - *next_str = ';'; - - /* Load library */ - hevt = LoadLibraryEx(tmp_str, NULL, - DONT_RESOLVE_DLL_REFERENCES | - LOAD_LIBRARY_AS_DATAFILE); - if (hevt) { - if (!FormatMessage(fm_flags, hevt, er->EventID, 0, - (LPTSTR) &message, 0, el_sstring)) { - message = NULL; - } - FreeLibrary(hevt); - - /* If we have a message, we can return it */ - if (message) { - return (message); - } - } - - curr_str = next_str + 1; - } - - /* Get last value */ - ExpandEnvironmentStrings(curr_str, tmp_str, 255); - hevt = LoadLibraryEx(tmp_str, NULL, - DONT_RESOLVE_DLL_REFERENCES | - LOAD_LIBRARY_AS_DATAFILE); - if (hevt) { - int hr; - if (hr = FormatMessage(fm_flags, hevt, er->EventID, - 0, - (LPTSTR) &message, 0, el_sstring), !hr) { - message = NULL; - } - FreeLibrary(hevt); - - /* If we have a message, we can return it */ - if (message) { - return (message); - } - } - - return (NULL); -} - -/* Reads the event log */ -void readel(os_el *el, int printit) -{ - DWORD _evtid = 65535; - DWORD nstr; - DWORD user_size; - DWORD domain_size; - DWORD read, needed; - int size_left; - int str_size; - int id; - static int counter = 0; - - char mbuffer[BUFFER_SIZE + 1]; - LPSTR sstr = NULL; - - char *tmp_str = NULL; - char *category; - char *source; - char *computer_name; - char *descriptive_msg; - - char el_user[OS_FLSIZE + 1]; - char el_domain[OS_FLSIZE + 1]; - char el_string[OS_MAXSTR + 1]; - char final_msg[OS_MAXSTR + 1]; - LPSTR el_sstring[OS_FLSIZE + 1] = {0}; - - /* er must point to the mbuffer */ - el->er = (EVENTLOGRECORD *) &mbuffer; - - /* Zero the values */ - el_string[OS_MAXSTR] = '\0'; - el_user[OS_FLSIZE] = '\0'; - el_domain[OS_FLSIZE] = '\0'; - final_msg[OS_MAXSTR] = '\0'; - - /* Event log is not open */ - if (!el->h) { - el->er = NULL; - return; - } - - /* Read the event log */ - while (ReadEventLog(el->h, - EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ, - 0, - el->er, BUFFER_SIZE - 1, &read, &needed)) { - if (!printit) { - /* Set er to the beginning of the buffer */ - el->er = (EVENTLOGRECORD *)&mbuffer; - continue; - } - - - while (read > 0) { - /* We need to initialize every variable before the loop */ - category = el_getCategory(el->er->EventType); - source = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD)); - computer_name = source + strlen(source) + 1; - descriptive_msg = NULL; - - /* Get event id */ - id = (int)el->er->EventID & _evtid; - - /* Initialize domain/user size */ - user_size = 255; - domain_size = 255; - el_domain[0] = '\0'; - el_user[0] = '\0'; - - /* We must have some description */ - if (el->er->NumStrings) { - size_left = OS_MAXSTR - OS_SIZE_1024; - - sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset); - el_string[0] = '\0'; - - for (nstr = 0; nstr < el->er->NumStrings && sstr; nstr++) { - str_size = strlen(sstr); - if (size_left > 1) { - strncat(el_string, sstr, size_left); - } - - tmp_str = strchr(el_string, '\0'); - if (tmp_str) { - *tmp_str = ' '; - tmp_str++; - *tmp_str = '\0'; - } else { - merror("Invalid application string (size+)"); - } - size_left -= str_size + 2; - - if (nstr <= 92) { - el_sstring[nstr] = (LPSTR)sstr; - el_sstring[nstr + 1] = NULL; - } - - sstr = strchr( (LPSTR)sstr, '\0'); - if (sstr) { - sstr++; - } - } - - /* Get a more descriptive message (if available) */ - if (isVista && strcmp(el->name, "Security") == 0) { - descriptive_msg = el_vista_getMessage(id, el_sstring); - } - - else { - descriptive_msg = el_getMessage(el->er, - el->name, - source, - el_sstring); - } - - if (descriptive_msg != NULL) { - /* format message */ - win_format_event_string(descriptive_msg); - } - } else { - strncpy(el_string, "(no message)", 128); - } - - /* Get username */ - if (el->er->UserSidLength) { - SID_NAME_USE account_type; - if (!LookupAccountSid(NULL, - (SID *)((LPSTR)el->er + - el->er->UserSidOffset), - el_user, - &user_size, - el_domain, - &domain_size, - &account_type)) { - strncpy(el_user, "(no user)", 255); - strncpy(el_domain, "no domain", 255); - } - } - - else if (isVista && strcmp(el->name, "Security") == 0) { - int uid_array_id = -1; - - switch (id) { - case 4624: - uid_array_id = 5; - break; - case 4634: - uid_array_id = 1; - break; - case 4647: - uid_array_id = 1; - break; - case 4769: - uid_array_id = 0; - break; - } - - if ((uid_array_id >= 0) && - el_sstring[uid_array_id] && - el_sstring[uid_array_id + 1]) { - strncpy(el_user, el_sstring[uid_array_id], OS_FLSIZE); - strncpy(el_domain, el_sstring[uid_array_id + 1], OS_FLSIZE); - } else { - strncpy(el_user, "(no user)", 255); - strncpy(el_domain, "no domain", 255); - } - } - - else { - strncpy(el_user, "(no user)", 255); - strncpy(el_domain, "no domain", 255); - } - - if (printit) { - DWORD _evtid = 65535; - int id = (int)el->er->EventID & _evtid; - - final_msg[OS_MAXSTR - OS_LOG_HEADER] = '\0'; - final_msg[OS_MAXSTR - OS_LOG_HEADER - 1] = '\0'; - - snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER - 1, - "%s WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s", - epoch_to_human((int)el->er->TimeGenerated), - el->name, - category, - id, - source, - el_user, - el_domain, - computer_name, - descriptive_msg != NULL ? descriptive_msg : el_string); - - w_logcollector_state_update_file(el->name, strlen(final_msg)); - - if (SendMSG(logr_queue, final_msg, "WinEvtLog", LOCALFILE_MQ) < 0) { - merror(QUEUE_SEND); - w_logcollector_state_update_target(el->name, "agent", true); - } else { - w_logcollector_state_update_target(el->name, "agent", false); - } - } - - if (descriptive_msg != NULL) { - LocalFree(descriptive_msg); - } - - /* Change the point to the er */ - read -= el->er->Length; - el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length); - } - - /* Set er to the beginning of the buffer */ - el->er = (EVENTLOGRECORD *)&mbuffer; - } - - id = GetLastError(); - if (id == ERROR_HANDLE_EOF) { - el->er = NULL; - return; - } - - /* Event log was cleared */ - else if (id == ERROR_EVENTLOG_FILE_CHANGED) { - char msg_alert[512 + 1]; - msg_alert[512] = '\0'; - mwarn("Event log cleared: '%s'", el->name); - - /* Send message about cleared */ - snprintf(msg_alert, 512, "ossec: Event log cleared: '%s'", el->name); - SendMSG(logr_queue, msg_alert, "WinEvtLog", LOCALFILE_MQ); - - /* Close the event log and reopen */ - CloseEventLog(el->h); - el->h = NULL; - - /* Reopen */ - if (startEL(el->name, el) < 0) { - merror("Unable to reopen event log '%s'", el->name); - } - } - - - /* Event log was closed and re-opened */ - else if (id == ERROR_INVALID_HANDLE) { - mdebug1("The EventLog service has been restarted. Reconnecting to '%s' channel.", el->name); - - CloseEventLog(el->h); - el->h = NULL; - - /* Reopen */ - if (startEL(el->name, el) < 0) { - merror( - "Could not subscribe for (%s) which returned (%d)", - el->name, - id); - } else { - counter = 0; - minfo("'%s' channel has been reconnected succesfully.", el->name); - } - } - - else if (id == RPC_S_SERVER_UNAVAILABLE || id == RPC_S_UNKNOWN_IF) { - /* Prevent message flooding when EventLog is stopped */ - el->er = NULL; - if (counter == 0) { - mwarn("The EventLog service is down. Unable to collect logs from its channels."); - counter = 1; - } - } - - else { - mdebug1("Error reading event log: %d", id); - } -} - -/* Read Windows Vista security description */ -void win_read_vista_sec() -{ - char *p = NULL, *key = NULL, *desc = NULL; - char buf[OS_MAXSTR + 1] = {'\0'}; - FILE *fp; - - /* Vista security */ - fp = wfopen("vista_sec.txt", "r"); - if (!fp) merror_exit("Unable to read vista security descriptions."); - - /* Creating the hash */ - vista_sec_id_hash = OSHash_Create(); - if (!vista_sec_id_hash) { - fclose(fp); - merror_exit("Unable to read vista security descriptions."); - } - - /* Read the whole file and add it to memory */ - while (fgets(buf, OS_MAXSTR, fp) != NULL) { - /* Get the last occurrence of \n */ - if ((p = strrchr(buf, '\n')) != NULL) { - *p = '\0'; - } - - p = strchr(buf, ','); - if (!p) { - merror("Invalid entry on the Vista security description."); - continue; - } - - *p = '\0'; - p++; - - /* Remove whitespace */ - while (*p == ' ') { - p++; - } - - /* Allocate memory */ - key = strdup(buf); - desc = strdup(p); - - if (!key || !desc) { - merror("Invalid entry on the Vista security description."); - if (key) free(key); - if (desc) free(desc); - } else { - /* Insert on hash */ - if (OSHash_Add(vista_sec_id_hash, key, desc) != 2) free(desc); - - /* OSHash_Add() duplicates the key, but not the data */ - free(key); - } - - /* Reset pointer addresses before using strdup() again */ - /* The hash will keep the needed memory references */ - key = NULL; - desc = NULL; - } - - fclose(fp); -} - -/* Start the event logging for windows */ -void win_startel(char *evt_log) -{ - int entries_count = 0; - - /* Maximum size */ - if (el_last == 9) { - merror(EVTLOG_DUP, evt_log); - return; - } - - /* Create the DLL hash */ - if (!dll_hash) { - dll_hash = OSHash_Create(); - if (!dll_hash) { - merror("Unable to create DLL hash."); - } - } - - w_logcollector_state_add_file(evt_log); - w_logcollector_state_add_target(evt_log, "agent"); - - /* Start event log -- going to last available record */ - if (entries_count = startEL(evt_log, &el[el_last]), entries_count < 0) { - merror(INV_EVTLOG, evt_log); - return; - } else { - readel(&el[el_last], 0); - } - el_last++; -} - -/* Read the event logging for windows */ -void win_readel() -{ - int i = 0; - - /* Sleep plus 2 seconds before reading again */ - Sleep(2000); - - for (; i < el_last; i++) { - readel(&el[i], 1); - } -} - -#endif diff --git a/src/modules/logcollector/src/read_win_event_channel.c b/src/modules/logcollector/src/read_win_event_channel.c deleted file mode 100644 index b8e2989975..0000000000 --- a/src/modules/logcollector/src/read_win_event_channel.c +++ /dev/null @@ -1,683 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifdef WIN32 -#ifdef EVENTCHANNEL_SUPPORT - -/* Saying we are on Vista in order to have the API */ -#define _WIN32_WINNT 0x0600 - -/* Using Secure APIs */ -#define MINGW_HAS_SECURE_API 1 - -/* Bookmarks directory */ -#define BOOKMARKS_DIR "bookmarks" - -/* Logging levels */ -#define WINEVENT_AUDIT 0 -#define WINEVENT_CRITICAL 1 -#define WINEVENT_ERROR 2 -#define WINEVENT_WARNING 3 -#define WINEVENT_INFORMATION 4 -#define WINEVENT_VERBOSE 5 - -/* Audit types */ -#define WINEVENT_AUDIT_FAILURE 0x10000000000000LL -#define WINEVENT_AUDIT_SUCCESS 0x20000000000000LL - -#include "shared.h" -#include "logcollector.h" -#include "state.h" - -#include -#include -#include -#include -#include - -#ifdef WAZUH_UNIT_TESTING -#include "../unit_tests/wrappers/wazuh/shared/debug_op_wrappers.h" -#include "../unit_tests/wrappers/windows/errhandlingapi_wrappers.h" -#include "../unit_tests/wrappers/windows/winbase_wrappers.h" -#include "../unit_tests/wrappers/windows/winevt_wrappers.h" - -// Remove static qualifier when unit testing -#define STATIC -#else -#define STATIC static -#endif - -typedef struct _os_event { - char *name; - unsigned int id; - char *source; - SID *uid; - char *user; - char *domain; - char *computer; - char *message; - ULONGLONG time_created; - char *timestamp; - int64_t keywords; - int64_t level; - char *category; -} os_event; - -typedef struct _os_channel { - char *evt_log; - char *bookmark_name; - char bookmark_enabled; - char bookmark_filename[OS_MAXSTR]; - char *query; - int reconnect_time; - EVT_HANDLE subscription; -} os_channel; - -STATIC char *get_message(EVT_HANDLE evt, LPCWSTR provider_name, DWORD flags); -STATIC EVT_HANDLE read_bookmark(os_channel *channel); - -wchar_t *convert_unix_string(char *string) -{ - wchar_t *dest = NULL; - size_t size = 0; - int result = 0; - - if (string == NULL) { - return (NULL); - } - - /* Determine size required */ - size = MultiByteToWideChar(CP_UTF8, - MB_ERR_INVALID_CHARS, - string, - -1, - NULL, - 0); - - if (size == 0) { - merror( - "Could not MultiByteToWideChar() when determining size which returned (%lu)", - GetLastError()); - return (NULL); - } - - if ((dest = calloc(size, sizeof(wchar_t))) == NULL) { - merror( - "Could not calloc() memory for MultiByteToWideChar() which returned [(%d)-(%s)]", - errno, - strerror(errno)); - return (NULL); - } - - result = MultiByteToWideChar(CP_UTF8, - MB_ERR_INVALID_CHARS, - string, - -1, - dest, - size); - - if (result == 0) { - merror( - "Could not MultiByteToWideChar() which returned (%lu)", - GetLastError()); - free(dest); - return (NULL); - } - - return (dest); -} - -STATIC char *get_message(EVT_HANDLE evt, LPCWSTR provider_name, DWORD flags) -{ - char *message = NULL; - EVT_HANDLE publisher = NULL; - DWORD size = 0; - wchar_t *buffer = NULL; - int result = 0; - - publisher = EvtOpenPublisherMetadata(NULL, - provider_name, - NULL, - 0, - 0); - if (publisher == NULL) { - LSTATUS err = GetLastError(); - char error_msg[OS_SIZE_1024]; - memset(error_msg, 0, OS_SIZE_1024); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS - | FORMAT_MESSAGE_MAX_WIDTH_MASK, - NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), - (LPTSTR) &error_msg, OS_SIZE_1024, NULL); - - mdebug1( - "Could not EvtOpenPublisherMetadata() with flags (%lu) which returned (%lu): %s", - flags, - err, - error_msg); - goto cleanup; - } - - /* Make initial call to determine buffer size */ - result = EvtFormatMessage(publisher, - evt, - 0, - 0, - NULL, - flags, - 0, - NULL, - &size); - if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - merror( - "Could not EvtFormatMessage() to determine buffer size with flags (%lu) which returned (%lu)", - flags, - GetLastError()); - goto cleanup; - } - - /* Increase buffer size by one due to the difference in the size count between EvtFormatMessage() and - WideCharToMultiByte() */ - size += 1; - if ((buffer = calloc(size, sizeof(wchar_t))) == NULL) { - merror( - "Could not calloc() memory which returned [(%d)-(%s)]", - errno, - strerror(errno)); - goto cleanup; - } - - result = EvtFormatMessage(publisher, - evt, - 0, - 0, - NULL, - flags, - size, - buffer, - &size); - if (result == FALSE) { - merror( - "Could not EvtFormatMessage() with flags (%lu) which returned (%lu)", - flags, - GetLastError()); - goto cleanup; - } - - message = convert_windows_string(buffer); - -cleanup: - free(buffer); - - if (publisher != NULL) { - EvtClose(publisher); - } - - return (message); -} - -/* Read an existing bookmark (if one exists) */ -EVT_HANDLE read_bookmark(os_channel *channel) -{ - EVT_HANDLE bookmark = NULL; - size_t size = 0; - FILE *fp = NULL; - wchar_t bookmark_xml[OS_MAXSTR]; - - /* If we have a stored bookmark, start from it */ - if ((fp = wfopen(channel->bookmark_filename, "r")) == NULL) { - /* Check if the error was not because the - * file did not exist which should be logged - */ - if (errno != ENOENT) { - merror( - "Could not wfopen() existing bookmark (%s) for (%s) which returned [(%d)-(%s)]", - channel->bookmark_filename, - channel->evt_log, - errno, - strerror(errno)); - } - return (NULL); - } - - size = fread(bookmark_xml, sizeof(wchar_t), OS_MAXSTR, fp); - if (ferror(fp)) { - merror( - "Could not fread() bookmark (%s) for (%s) which returned [(%d)-(%s)]", - channel->bookmark_filename, - channel->evt_log, - errno, - strerror(errno)); - fclose(fp); - return (NULL); - } - - fclose(fp); - - /* Make sure bookmark data was read */ - if (size == 0) { - return (NULL); - } - - /* Make sure bookmark is terminated properly */ - bookmark_xml[size] = L'\0'; - - /* Create bookmark from saved XML */ - if ((bookmark = EvtCreateBookmark(bookmark_xml)) == NULL) { - merror( - "Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)", - channel->bookmark_filename, - channel->evt_log, - GetLastError()); - return (NULL); - } - - return (bookmark); -} - -/* Update the log position of a bookmark */ -int update_bookmark(EVT_HANDLE evt, os_channel *channel) -{ - DWORD size = 0; - DWORD count = 0; - void *buffer = NULL; - int result = 0; - int status = 0; - EVT_HANDLE bookmark = NULL; - FILE *fp = NULL; - - if ((bookmark = EvtCreateBookmark(NULL)) == NULL) { - merror( - "Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)", - channel->bookmark_filename, - channel->evt_log, - GetLastError()); - goto cleanup; - } - - if (!EvtUpdateBookmark(bookmark, evt)) { - merror( - "Could not EvtUpdateBookmark() bookmark (%s) for (%s) which returned (%lu)", - channel->bookmark_filename, - channel->evt_log, - GetLastError()); - goto cleanup; - } - - /* Make initial call to determine buffer size */ - result = EvtRender(NULL, - bookmark, - EvtRenderBookmark, - 0, - NULL, - &size, - &count); - if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - merror( - "Could not EvtRender() to get buffer size to update bookmark (%s) for (%s) which returned (%lu)", - channel->bookmark_filename, - channel->evt_log, - GetLastError()); - goto cleanup; - } - - if (buffer = calloc(size, sizeof(void)), buffer == NULL) { - merror( - "Could not calloc() memory to save bookmark (%s) for (%s) which returned [(%d)-(%s)]", - channel->bookmark_filename, - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - if (!EvtRender(NULL, - bookmark, - EvtRenderBookmark, - size, - buffer, - &size, - &count)) { - merror( - "Could not EvtRender() bookmark (%s) for (%s) which returned (%lu)", - channel->bookmark_filename, channel->evt_log, - GetLastError()); - goto cleanup; - } - - if ((fp = wfopen(channel->bookmark_filename, "w")) == NULL) { - mwarn( - "Could not wfopen() bookmark (%s) for (%s) which returned [(%d)-(%s)]", - channel->bookmark_filename, - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - if ((fwrite(buffer, 1, size, fp)) < size) { - merror( - "Could not fwrite() to bookmark (%s) for (%s) which returned [(%d)-(%s)]", - channel->bookmark_filename, - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - fclose(fp); - - /* Success */ - status = 1; - -cleanup: - free(buffer); - - if (bookmark != NULL) { - EvtClose(bookmark); - } - - if (fp) { - fclose(fp); - } - - return (status); -} - - -void send_channel_event(EVT_HANDLE evt, os_channel *channel) -{ - DWORD buffer_length = 0; - PEVT_VARIANT properties_values = NULL; - DWORD count = 0; - int result = 0; - wchar_t *wprovider_name = NULL; - char *provider_name = NULL; - char *msg_from_prov = NULL; - char *xml_event = NULL; - char *beg_prov = NULL; - char *end_prov = NULL; - char *find_prov = NULL; - size_t num; - - os_malloc(OS_MAXSTR, provider_name); - - result = EvtRender(NULL, - evt, - EvtRenderEventXml, - 0, - NULL, - &buffer_length, - &count); - if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - merror( - "Could not EvtRender() to determine buffer size for (%s) which returned (%lu)", - channel->evt_log, - GetLastError()); - goto cleanup; - } - - if ((properties_values = malloc(buffer_length)) == NULL) { - merror( - "Could not malloc() memory to process event (%s) which returned [(%d)-(%s)]", - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - if (!EvtRender(NULL, - evt, - EvtRenderEventXml, - buffer_length, - properties_values, - &buffer_length, - &count)) { - merror( - "Could not EvtRender() for (%s) which returned (%lu)", - channel->evt_log, - GetLastError()); - goto cleanup; - } - xml_event = convert_windows_string((LPCWSTR) properties_values); - - if (!xml_event) { - goto cleanup; - } - - find_prov = strstr(xml_event, "Provider Name="); - - if(find_prov){ - beg_prov = strchr(find_prov, '\''); - if(beg_prov){ - end_prov = strchr(beg_prov+1, '\''); - - if (end_prov){ - num = end_prov - beg_prov - 1; - - if(num > OS_MAXSTR - 1){ - mwarn("The event message has exceeded the maximum size."); - goto cleanup; - } - - memcpy(provider_name, beg_prov+1, num); - provider_name[num] = '\0'; - find_prov = '\0'; - beg_prov = '\0'; - end_prov = '\0'; - } - } - } - - if (provider_name) { - wprovider_name = convert_unix_string(provider_name); - - if (wprovider_name && (msg_from_prov = get_message(evt, wprovider_name, EvtFormatMessageEvent)) == NULL) { - merror( - "Could not get message for (%s)", - channel->evt_log); - } - } - - win_format_event_string(xml_event); - - w_logcollector_state_update_file(channel->evt_log, strlen(xml_event)); - - if (SendMSG(logr_queue, xml_event, "EventChannel", WIN_EVT_MQ) < 0) { - merror(QUEUE_SEND); - w_logcollector_state_update_target(channel->evt_log, "agent", true); - } else { - w_logcollector_state_update_target(channel->evt_log, "agent", false); - } - - if (channel->bookmark_enabled) { - update_bookmark(evt, channel); - } - -cleanup: - os_free(msg_from_prov); - os_free(xml_event); - os_free(properties_values); - os_free(provider_name); - os_free(wprovider_name); - - return; -} - -/** - * @brief Destroy os_channel structure - * - * This function closes the subscription and frees the tructure, including bookmark_name. - * Nothing happens if channel is NULL. - * - * @param channel Pointer to an os_channel structure. - */ -void os_channel_destroy(os_channel * channel) { - if (channel != NULL) { - free(channel->bookmark_name); - - if (channel->subscription != NULL) { - if (!EvtClose(channel->subscription)) { - merror("Could not close subscription to channel '%s': %lu", channel->evt_log, GetLastError()); - } - } - - free(channel); - } -} - -DWORD WINAPI event_channel_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, os_channel *channel, EVT_HANDLE evt) -{ - if (action == EvtSubscribeActionDeliver) { - send_channel_event(evt, channel); - } else { - mwarn("The eventlog service is down. Unable to collect logs from '%s' channel.", channel->evt_log); - - while(1) { - /* Try to restart EventChannel */ - if (win_start_event_channel(channel->evt_log, !channel->bookmark_enabled, channel->query, channel->reconnect_time) == -1) { - mdebug1("Trying to reconnect %s channel in %i seconds.", channel->evt_log, channel->reconnect_time ); - sleep(channel->reconnect_time); - } else { - minfo("'%s' channel has been reconnected succesfully.", channel->evt_log); - os_channel_destroy(channel); - break; - } - } - } - - return (0); -} - -int win_start_event_channel(char *evt_log, char future, char *query, int reconnect_time) -{ - wchar_t *wchannel = NULL; - wchar_t *wquery = NULL; - char *filtered_query = NULL; - os_channel *channel = NULL; - DWORD flags = EvtSubscribeToFutureEvents; - EVT_HANDLE bookmark = NULL; - int status = 0; - - os_calloc(1, sizeof(os_channel), channel); - - channel->evt_log = evt_log; - channel->reconnect_time = reconnect_time; - - /* Create copy of event log string */ - os_strdup(channel->evt_log, channel->bookmark_name); - - /* Create copy of query string */ - channel->query = query; - - /* Replace '/' with '_' */ - if (strchr(channel->bookmark_name, '/')) { - *(strrchr(channel->bookmark_name, '/')) = '_'; - } - - /* Convert evt_log to Windows string */ - if ((wchannel = convert_unix_string(channel->evt_log)) == NULL) { - merror( - "Could not convert_unix_string() evt_log for (%s) which returned [(%d)-(%s)]", - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - /* Convert query to Windows string */ - if (query) { - if ((filtered_query = filter_special_chars(query)) == NULL) { - merror( - "Could not filter_special_chars() query for (%s) which returned [(%d)-(%s)]", - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - - if ((wquery = convert_unix_string(filtered_query)) == NULL) { - merror( - "Could not convert_unix_string() query for (%s) which returned [(%d)-(%s)]", - channel->evt_log, - errno, - strerror(errno)); - goto cleanup; - } - } - - channel->bookmark_enabled = !future; - - if (channel->bookmark_enabled) { - /* Create bookmark file name */ - snprintf(channel->bookmark_filename, - sizeof(channel->bookmark_filename), "%s/%s", BOOKMARKS_DIR, - channel->bookmark_name); - - /* Try to read existing bookmark */ - if ((bookmark = read_bookmark(channel)) != NULL) { - flags = EvtSubscribeStartAfterBookmark; - } - } - - channel->subscription = EvtSubscribe(NULL, - NULL, - wchannel, - wquery, - bookmark, - channel, - (EVT_SUBSCRIBE_CALLBACK)event_channel_callback, - flags); - - if (channel->subscription == NULL && flags == EvtSubscribeStartAfterBookmark) { - channel->subscription = EvtSubscribe(NULL, - NULL, - wchannel, - wquery, - NULL, - channel, - (EVT_SUBSCRIBE_CALLBACK)event_channel_callback, - EvtSubscribeToFutureEvents); - } - - if (channel->subscription == NULL) { - unsigned long id = GetLastError(); - if (id != RPC_S_SERVER_UNAVAILABLE && id != RPC_S_UNKNOWN_IF) { - merror( - "Could not EvtSubscribe() for (%s) which returned (%lu)", - channel->evt_log, - id); - } - goto cleanup; - } - - w_logcollector_state_add_file(channel->evt_log); - w_logcollector_state_add_target(channel->evt_log, "agent"); - - /* Success */ - status = 1; - -cleanup: - free(wchannel); - free(wquery); - free(filtered_query); - - if (status == 0) { - os_channel_destroy(channel); - } - - if (bookmark != NULL) { - EvtClose(bookmark); - } - - return status ? 0 : -1; -} - -#endif /* EVENTCHANNEL_SUPPORT */ -#endif /* WIN32 */ diff --git a/src/modules/logcollector/src/reader.hpp b/src/modules/logcollector/src/reader.hpp new file mode 100644 index 0000000000..dd63fc4938 --- /dev/null +++ b/src/modules/logcollector/src/reader.hpp @@ -0,0 +1,29 @@ +#pragma once + +#include + +namespace logcollector { + +using Awaitable = boost::asio::awaitable; + +/// @brief Interface for log readers +class IReader { +public: + /// @brief Constructor + /// @param logcollector Logcollector instance + IReader(Logcollector& logcollector) : + m_logcollector(logcollector) { } + + /// @brief Destructor + virtual ~IReader() = default; + + /// @brief Runs the log reader + /// @return Awaitable result + virtual Awaitable Run() = 0; + +protected: + /// @brief Logcollector instance + Logcollector& m_logcollector; +}; + +} diff --git a/src/modules/logcollector/src/state.c b/src/modules/logcollector/src/state.c deleted file mode 100644 index 329045b9fc..0000000000 --- a/src/modules/logcollector/src/state.c +++ /dev/null @@ -1,425 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "state.h" -#include "shared.h" - -#ifdef WAZUH_UNIT_TESTING -#define STATIC -#else -#define STATIC static -#endif - -#define W_LC_STATE_TIME_FORMAT "%Y-%m-%d %H:%M:%S" ///< Time format for the JSON and the file output -#define W_LC_STATE_TIME_LENGHT (19 + 1) ///< Maximum time size - -/* Global variables */ - -w_lc_state_type_t g_lc_state_type; ///< state enabled flag -bool g_lc_state_file_enabled; ///< state file dump enable -cJSON * g_lc_json_stats; ///< JSON representation of states -w_lc_state_storage_t * g_lc_states_global; ///< global state struct storage -w_lc_state_storage_t * g_lc_states_interval; ///< interval state struct storage -pthread_mutex_t g_lc_raw_stats_mutex; ///< g_lc_states_* structs mutual exclusion mechanism -pthread_mutex_t g_lc_json_stats_mutex; ///< g_lc_json_stats mutual exclusion mechanism - -/** - * @brief Trigger the generation of states - * - */ -STATIC void w_logcollector_state_generate(); - -/** - * @brief Generate and process the current states information - * - * @param state state to generate - * @param restart restart counters and date after generating - * @return cJSON * json decription with state information - */ -STATIC cJSON * _w_logcollector_generate_state(w_lc_state_storage_t * state, bool restart); - -/** - * @brief Update/register current event and byte count for a particular file/location - * - * @param state state to be used - * @param fpath file path or locafile location value - * @param bytes amount of bytes - */ -STATIC void _w_logcollector_state_update_file(w_lc_state_storage_t * state, char * fpath, uint64_t bytes); - -/** - * @brief Update/register current drop count for a target belonging to a particular file - * - * @param state state to be used - * @param fpath file path or locafile location value - * @param target target name - * @param dropped true if want to register a drop. - */ -STATIC void _w_logcollector_state_update_target(w_lc_state_storage_t * state, char * fpath, char * target, bool dropped); - -/** - * @brief Removes the `fpath` file from `state` - * - * @param state state to be used - * @param fpath file path or locafile location value - */ -STATIC void _w_logcollector_state_delete_file(w_lc_state_storage_t * state, char * fpath); - -/** - * @brief Dump state information to file - * - */ -STATIC void w_logcollector_state_dump(); - -#ifdef WIN32 -DWORD WINAPI w_logcollector_state_main(void * args) { -#else -void * w_logcollector_state_main(void * args) { -#endif - - int interval = *(int *) args; - - if (interval > 0) { - while (FOREVER()) { - sleep(interval); - w_logcollector_state_generate(); - if (g_lc_state_file_enabled) { - w_logcollector_state_dump(); - } - } - } - -#ifndef WIN32 - return NULL; -#else - return 0; -#endif -} - -STATIC void w_logcollector_state_dump() { - - cJSON * lc_state_json = w_logcollector_state_get(); - char * lc_state_str = cJSON_Print(lc_state_json); - cJSON_Delete(lc_state_json); - - // Add trailing newline - const size_t len = strlen(lc_state_str); - os_realloc(lc_state_str, len + 2, lc_state_str); - lc_state_str[len] = '\n'; - lc_state_str[len + 1] = '\0'; - - FILE * lc_state_file = NULL; - - if (lc_state_file = wfopen(LOGCOLLECTOR_STATE, "w"), lc_state_file != NULL) { - if (fwrite(lc_state_str, sizeof(char), len + 1, lc_state_file) < 1) { - merror(FWRITE_ERROR, LOGCOLLECTOR_STATE, errno, strerror(errno)); - } - fclose(lc_state_file); - } else { - merror(FOPEN_ERROR, LOGCOLLECTOR_STATE, errno, strerror(errno)); - } - - os_free(lc_state_str); -} - -void w_logcollector_state_init(w_lc_state_type_t state_type, bool state_file_enabled) { - - w_mutex_init(&g_lc_raw_stats_mutex, NULL); - - if (state_type & LC_STATE_GLOBAL) { - - os_calloc(1, sizeof(w_lc_state_storage_t), g_lc_states_global); - - g_lc_states_global->start = time(NULL); - - if (g_lc_states_global->states = OSHash_Create(), g_lc_states_global->states == NULL) { - merror_exit(HCREATE_ERROR, LOGCOLLECTOR_STATE_DESCRIPTION); - } - if (OSHash_setSize(g_lc_states_global->states, LOGCOLLECTOR_STATE_FILES_MAX) == 0) { - merror_exit(HSETSIZE_ERROR, LOGCOLLECTOR_STATE_DESCRIPTION); - } - } - - if (state_type & LC_STATE_INTERVAL) { - w_mutex_init(&g_lc_json_stats_mutex, NULL); - - os_calloc(1, sizeof(w_lc_state_storage_t), g_lc_states_interval); - - g_lc_states_interval->start = time(NULL); - - if (g_lc_states_interval->states = OSHash_Create(), g_lc_states_interval->states == NULL) { - merror_exit(HCREATE_ERROR, LOGCOLLECTOR_STATE_DESCRIPTION); - } - - if (OSHash_setSize(g_lc_states_interval->states, LOGCOLLECTOR_STATE_FILES_MAX) == 0) { - merror_exit(HSETSIZE_ERROR, LOGCOLLECTOR_STATE_DESCRIPTION); - } - } - - g_lc_state_type = state_type; - g_lc_state_file_enabled = state_file_enabled; -} - -void w_logcollector_state_update_target(char * fpath, char * target, bool dropped) { - - if (fpath == NULL || target == NULL) { - return; - } - - w_mutex_lock(&g_lc_raw_stats_mutex); - - if (g_lc_state_type & LC_STATE_GLOBAL) { - _w_logcollector_state_update_target(g_lc_states_global, fpath, target, dropped); - } - - if (g_lc_state_type & LC_STATE_INTERVAL) { - _w_logcollector_state_update_target(g_lc_states_interval, fpath, target, dropped); - } - w_mutex_unlock(&g_lc_raw_stats_mutex); -} - -void w_logcollector_state_update_file(char * fpath, uint64_t bytes) { - - if (fpath == NULL) { - return; - } - - w_mutex_lock(&g_lc_raw_stats_mutex); - - if (g_lc_state_type & LC_STATE_GLOBAL) { - _w_logcollector_state_update_file(g_lc_states_global, fpath, bytes); - } - if (g_lc_state_type & LC_STATE_INTERVAL) { - _w_logcollector_state_update_file(g_lc_states_interval, fpath, bytes); - } - - w_mutex_unlock(&g_lc_raw_stats_mutex); -} - -void _w_logcollector_state_update_file(w_lc_state_storage_t * state, char * fpath, uint64_t bytes) { - - w_lc_state_file_t * data = NULL; - - // Try to get file stats. Create it if not initialized yet, - if (data = (w_lc_state_file_t *) OSHash_Get(state->states, fpath), data == NULL) { - os_calloc(1, sizeof(w_lc_state_file_t), data); - os_calloc(1, sizeof(w_lc_state_target_t *), data->targets); - } - - if (bytes > 0) { - data->events++; - data->bytes += bytes; - } - - if (OSHash_Update(state->states, fpath, data) != 1) { - if (OSHash_Add(state->states, fpath, data) != 2) { - w_lc_state_target_t ** target = data->targets; - while (*target != NULL) { - os_free(*target); - target++; - } - os_free(data->targets); - os_free(data); - merror(HUPDATE_ERROR, fpath, LOGCOLLECTOR_STATE_DESCRIPTION); - } - } -} - -void _w_logcollector_state_update_target(w_lc_state_storage_t * state, char * fpath, char * target, bool dropped) { - - w_lc_state_file_t * data = NULL; - w_lc_state_target_t ** current_target = NULL; - int len = 0; - - // Try to get file stats. Create it if not initialized yet, - if (data = (w_lc_state_file_t *) OSHash_Get(state->states, fpath), data == NULL) { - os_calloc(1, sizeof(w_lc_state_file_t), data); - os_calloc(1, sizeof(w_lc_state_target_t *), data->targets); - } - - // Try to find target - for (len = 0, current_target = data->targets; *current_target != NULL; len++, current_target++) { - if (strcmp(target, (*current_target)->name) == 0) { - break; - } - } - - // If target was not found, create it. - if (*current_target == NULL) { - os_realloc(data->targets, (len + 2) * sizeof(w_lc_state_target_t *), data->targets); - os_calloc(1, sizeof(w_lc_state_target_t), data->targets[len]); - data->targets[len + 1] = NULL; - current_target = &data->targets[len]; - os_strdup(target, (*current_target)->name); - } - - if (dropped) { - (*current_target)->drops++; - } - - if (OSHash_Update(state->states, fpath, data) != 1) { - if (OSHash_Add(state->states, fpath, data) != 2) { - w_lc_state_target_t ** target = data->targets; - while (*target != NULL) { - os_free((*target)->name); - os_free(*target); - target++; - } - os_free(data->targets); - os_free(data); - merror(HUPDATE_ERROR, fpath, LOGCOLLECTOR_STATE_DESCRIPTION); - } - } -} - -void w_logcollector_state_delete_file(char * fpath) { - - if (fpath == NULL) { - return; - } - - w_mutex_lock(&g_lc_raw_stats_mutex); - - if (g_lc_state_type & LC_STATE_GLOBAL) { - _w_logcollector_state_delete_file(g_lc_states_global, fpath); - } - if (g_lc_state_type & LC_STATE_INTERVAL) { - _w_logcollector_state_delete_file(g_lc_states_interval, fpath); - } - - w_mutex_unlock(&g_lc_raw_stats_mutex); -} - -void _w_logcollector_state_delete_file(w_lc_state_storage_t * state, char * fpath) { - - w_lc_state_file_t * data = NULL; - - if (data = (w_lc_state_file_t *) OSHash_Delete(state->states, fpath), data == NULL) { - return; - } - - w_lc_state_target_t ** target = data->targets; - while (*target != NULL) { - os_free((*target)->name); - os_free(*target); - target++; - } - os_free(data->targets); - os_free(data); - - return; -} - -void w_logcollector_state_generate() { - - if (g_lc_state_type & LC_STATE_INTERVAL) { - w_mutex_lock(&g_lc_json_stats_mutex); - } - w_mutex_lock(&g_lc_raw_stats_mutex); - cJSON_Delete(g_lc_json_stats); - - g_lc_json_stats = cJSON_CreateObject(); - if (g_lc_state_type & LC_STATE_GLOBAL) { - cJSON * lc_stats_json_global = _w_logcollector_generate_state(g_lc_states_global, false); - cJSON_AddItemToObject(g_lc_json_stats, "global", lc_stats_json_global); - } - if (g_lc_state_type & LC_STATE_INTERVAL) { - cJSON * lc_stats_json_interval = _w_logcollector_generate_state(g_lc_states_interval, true); - cJSON_AddItemToObject(g_lc_json_stats, "interval", lc_stats_json_interval); - } - - w_mutex_unlock(&g_lc_raw_stats_mutex); - if (g_lc_state_type & LC_STATE_INTERVAL) { - w_mutex_unlock(&g_lc_json_stats_mutex); - } -} - -cJSON * w_logcollector_state_get() { - - cJSON * json_state = NULL; - - if (g_lc_state_type & LC_STATE_INTERVAL) { - w_mutex_lock(&g_lc_json_stats_mutex); - if (g_lc_json_stats != NULL) { - json_state = cJSON_Duplicate(g_lc_json_stats, true); - } - w_mutex_unlock(&g_lc_json_stats_mutex); - } else if (g_lc_state_type & LC_STATE_GLOBAL) { - w_mutex_lock(&g_lc_raw_stats_mutex); - json_state = _w_logcollector_generate_state(g_lc_states_global, false); - w_mutex_unlock(&g_lc_raw_stats_mutex); - } - - return json_state; -} - -cJSON * _w_logcollector_generate_state(w_lc_state_storage_t * state, bool restart) { - - OSHashNode * hash_node = NULL; - unsigned int index = 0; - struct tm tm = {.tm_sec = 0}; - char timestamp_tmp[W_LC_STATE_TIME_LENGHT] = {0}; - - if (hash_node = OSHash_Begin(state->states, &index), hash_node == NULL) { - return NULL; - } - - cJSON * lc_stats_json = cJSON_CreateObject(); - cJSON * lc_stats_files_array = cJSON_CreateArray(); - - // Iterate for each file - while (hash_node) { - w_lc_state_file_t * data = hash_node->data; - - // Target logic - cJSON * lc_stats_targets_array = cJSON_CreateArray(); - w_lc_state_target_t ** target = data->targets; - while (*target != NULL) { - cJSON * lc_stats_target = cJSON_CreateObject(); - cJSON_AddStringToObject(lc_stats_target, "name", (*target)->name); - cJSON_AddNumberToObject(lc_stats_target, "drops", (*target)->drops); - cJSON_AddItemToArray(lc_stats_targets_array, lc_stats_target); - if (restart) { - (*target)->drops = 0; - } - target++; - } - - // Files - cJSON * lc_stats_file = cJSON_CreateObject(); - cJSON_AddStringToObject(lc_stats_file, "location", hash_node->key); - cJSON_AddNumberToObject(lc_stats_file, "events", data->events); - cJSON_AddNumberToObject(lc_stats_file, "bytes", data->bytes); - cJSON_AddItemToObject(lc_stats_file, "targets", lc_stats_targets_array); - - if (restart) { - data->bytes = 0; - data->events = 0; - } - cJSON_AddItemToArray(lc_stats_files_array, lc_stats_file); - hash_node = OSHash_Next(state->states, &index, hash_node); - } - - // Convert timestamp to string - localtime_r(&state->start, &tm); - strftime(timestamp_tmp, sizeof(timestamp_tmp), W_LC_STATE_TIME_FORMAT, &tm); - cJSON_AddStringToObject(lc_stats_json, "start", timestamp_tmp); - - time_t now = time(NULL); - localtime_r(&now, &tm); - strftime(timestamp_tmp, sizeof(timestamp_tmp), W_LC_STATE_TIME_FORMAT, &tm); - cJSON_AddStringToObject(lc_stats_json, "end", timestamp_tmp); - - cJSON_AddItemToObject(lc_stats_json, "files", lc_stats_files_array); - - if (restart) { - state->start = time(NULL); - } - return lc_stats_json; -} diff --git a/src/modules/logcollector/tests/CMakeLists.txt b/src/modules/logcollector/tests/CMakeLists.txt new file mode 100644 index 0000000000..bdf76cb71d --- /dev/null +++ b/src/modules/logcollector/tests/CMakeLists.txt @@ -0,0 +1,5 @@ +cmake_minimum_required(VERSION 3.22) + +project(LogcollectorTests) + +add_subdirectory(unit) diff --git a/src/modules/logcollector/tests/integration/conftest.py b/src/modules/logcollector/tests/integration/conftest.py deleted file mode 100644 index 62ed660e13..0000000000 --- a/src/modules/logcollector/tests/integration/conftest.py +++ /dev/null @@ -1,369 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - Created by Wazuh, Inc. . - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -''' -import os -import sys -import subprocess -import pytest -from typing import List - -from os.path import join as path_join - -from wazuh_testing import session_parameters -from wazuh_testing.constants import platforms -from wazuh_testing.constants.paths import ROOT_PREFIX -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.paths import WAZUH_PATH -from wazuh_testing.constants.paths.configurations import WAZUH_CONF_PATH -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.logger import logger -from wazuh_testing.modules.logcollector.patterns import LOGCOLLECTOR_MODULE_START -from wazuh_testing.tools.monitors.file_monitor import FileMonitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service -from wazuh_testing.utils.file import truncate_file, replace_regex_in_file, write_json_file - -# Logcollector internal paths -LOGCOLLECTOR_OFE_PATH = path_join(WAZUH_PATH, 'queue', 'logcollector', 'file_status.json') - - -# - - - - - - - - - - - - - - - - - - - - - - - - -Pytest configuration - - - - - - - - - - - - - - - - - - - - - - - - - -def pytest_addoption(parser: pytest.Parser) -> None: - """Add command-line options to the tests. - - Args: - parser (pytest.Parser): Parser for command line arguments and ini-file values. - """ - parser.addoption( - "--tier", - action="append", - metavar="level", - default=None, - type=int, - help="only run tests with a tier level equal to 'level'", - ) - parser.addoption( - "--tier-minimum", - action="store", - metavar="minimum_level", - default=-1, - type=int, - help="only run tests with a tier level greater or equal than 'minimum_level'" - ) - parser.addoption( - "--tier-maximum", - action="store", - metavar="maximum_level", - default=sys.maxsize, - type=int, - help="only run tests with a tier level less or equal than 'minimum_level'" - ) - - -def pytest_collection_modifyitems(config: pytest.Config, items: List[pytest.Item]) -> None: - """Deselect tests that do not match with the specified environment or tier. - - Args: - config (pytest.Config): Access to configuration values, pluginmanager and plugin hooks. - items (list): List of items where each item is a basic test invocation. - """ - selected_tests = [] - deselected_tests = [] - _platforms = set([platforms.LINUX, - platforms.WINDOWS, - platforms.MACOS]) - - for item in items: - supported_platforms = _platforms.intersection( - mark.name for mark in item.iter_markers()) - plat = sys.platform - - selected = True - if supported_platforms and plat not in supported_platforms: - selected = False - - # Consider only first mark - levels = [mark.kwargs['level'] - for mark in item.iter_markers(name="tier")] - if levels and len(levels) > 0: - tiers = item.config.getoption("--tier") - if tiers is not None and levels[0] not in tiers: - selected = False - elif item.config.getoption("--tier-minimum") > levels[0]: - selected = False - elif item.config.getoption("--tier-maximum") < levels[0]: - selected = False - if selected: - selected_tests.append(item) - else: - deselected_tests.append(item) - - config.hook.pytest_deselected(items=deselected_tests) - items[:] = selected_tests - - -# - - - - - - - - - - - - - - - - - - - - - - -End of Pytest configuration - - - - - - - - - - - - - - - - - - - - - - - - - -@pytest.fixture() -def set_wazuh_configuration(test_configuration: dict) -> None: - """Set wazuh configuration - - Args: - test_configuration (dict): Configuration template data to write in the ossec.conf - """ - # Save current configuration - backup_config = configuration.get_wazuh_conf() - - # Configuration for testing - test_config = configuration.set_section_wazuh_conf(test_configuration.get('sections')) - - # Set new configuration - configuration.write_wazuh_conf(test_config) - - # Set current configuration - session_parameters.current_configuration = test_config - - yield - - # Restore previous configuration - configuration.write_wazuh_conf(backup_config) - - -@pytest.fixture() -def truncate_monitored_files() -> None: - """Truncate all the log files and json alerts files before and after the test execution""" - log_files = [WAZUH_LOG_PATH] - - for log_file in log_files: - if os.path.isfile(os.path.join(ROOT_PREFIX, log_file)): - truncate_file(log_file) - - yield - - for log_file in log_files: - if os.path.isfile(os.path.join(ROOT_PREFIX, log_file)): - truncate_file(log_file) - - -@pytest.fixture() -def configure_local_internal_options(request: pytest.FixtureRequest, test_metadata) -> None: - """Configure the local internal options file. - - Takes the `local_internal_options` variable from the request. - The `local_internal_options` is a dict with keys and values as the Wazuh `local_internal_options` format. - E.g.: local_internal_options = {'monitord.rotate_log': '0', 'syscheck.debug': '0' } - - Args: - request (pytest.FixtureRequest): Provide information about the current test function which made the request. - test_metadata (map): Data with configuration parameters - """ - try: - local_internal_options = request.param - except AttributeError: - try: - local_internal_options = getattr(request.module, 'local_internal_options') - except AttributeError: - raise AttributeError('Error when using the fixture "configure_local_internal_options", no ' - 'parameter has been passed explicitly, nor is the variable local_internal_options ' - 'found in the module.') from AttributeError - - backup_local_internal_options = configuration.get_local_internal_options_dict() - - if test_metadata and 'local_internal_options' in test_metadata: - for key in test_metadata['local_internal_options']: - local_internal_options[key] = test_metadata['local_internal_options'][key] - - configuration.set_local_internal_options_dict(local_internal_options) - - yield - - configuration.set_local_internal_options_dict(backup_local_internal_options) - - -def daemons_handler_implementation(request: pytest.FixtureRequest) -> None: - """Helper function to handle Wazuh daemons. - - It uses `daemons_handler_configuration` of each module in order to configure the behavior of the fixture. - - The `daemons_handler_configuration` should be a dictionary with the following keys: - daemons (list, optional): List with every daemon to be used by the module. In case of empty a ValueError - will be raised - all_daemons (boolean): Configure to restart all wazuh services. Default `False`. - ignore_errors (boolean): Configure if errors in daemon handling should be ignored. This option is available - in order to use this fixture along with invalid configuration. Default `False` - - Args: - request (pytest.FixtureRequest): Provide information about the current test function which made the request. - """ - daemons = [] - ignore_errors = False - all_daemons = False - - if config := getattr(request.module, 'daemons_handler_configuration', None): - if 'daemons' in config: - daemons = config['daemons'] - if not daemons or len(daemons) == 0 or type(daemons) not in [list, tuple]: - logger.error('Daemons list/tuple is not set') - raise ValueError - - if 'all_daemons' in config: - logger.debug(f"Wazuh control set to {config['all_daemons']}") - all_daemons = config['all_daemons'] - - if 'ignore_errors' in config: - logger.debug(f"Ignore error set to {config['ignore_errors']}") - ignore_errors = config['ignore_errors'] - else: - logger.debug("Wazuh control set to 'all_daemons'") - all_daemons = True - - try: - if all_daemons: - logger.debug('Restarting wazuh using wazuh-control') - control_service('restart') - else: - for daemon in daemons: - logger.debug(f"Restarting {daemon}") - # Restart daemon instead of starting due to legacy used fixture in the test suite. - control_service('restart', daemon=daemon) - - except ValueError as value_error: - logger.error(f"{str(value_error)}") - if not ignore_errors: - raise value_error - except subprocess.CalledProcessError as called_process_error: - logger.error(f"{str(called_process_error)}") - if not ignore_errors: - raise called_process_error - - yield - - if all_daemons: - logger.debug('Stopping wazuh using wazuh-control') - control_service('stop') - else: - for daemon in daemons: - logger.debug(f"Stopping {daemon}") - control_service('stop', daemon=daemon) - - -@pytest.fixture() -def daemons_handler(request: pytest.FixtureRequest) -> None: - """Wrapper of `daemons_handler_implementation` which contains the general implementation. - - Args: - request (pytest.FixtureRequest): Provide information about the current test function which made the request. - """ - yield from daemons_handler_implementation(request) - - -@pytest.fixture(scope='module') -def daemons_handler_module(request: pytest.FixtureRequest) -> None: - """Wrapper of `daemons_handler_implementation` which contains the general implementation. - - Args: - request (pytest.FixtureRequest): Provide information about the current test function which made the request. - """ - yield from daemons_handler_implementation(request) - - -@pytest.fixture() -def stop_logcollector(request): - """Stop wazuh-logcollector and truncate logs file.""" - control_service('stop', daemon=LOGCOLLECTOR_DAEMON) - truncate_file(WAZUH_LOG_PATH) - - -@pytest.fixture() -def wait_for_logcollector_start(request): - # Wait for logcollector thread to start - log_monitor = FileMonitor(WAZUH_LOG_PATH) - log_monitor.start(callback=callbacks.generate_callback(LOGCOLLECTOR_MODULE_START)) - assert (log_monitor.callback_result != None), f'Error logcollector start event not detected' - - -@pytest.fixture() -def remove_all_localfiles_wazuh_config(request): - """Configure a custom settting for testing. Restart Wazuh is needed for applying the configuration. """ - # Backup the original configuration - backup_config = configuration.get_wazuh_conf() - - # Remove localfiles from the configuration - list_tags = [r"[\s\S]*?<\/localfile>"] - replace_regex_in_file(list_tags, [''] * len(list_tags), WAZUH_CONF_PATH, True) - - yield - configuration.write_wazuh_conf(backup_config) - - -@pytest.fixture() -def reset_ofe_status(request: pytest.FixtureRequest, test_metadata: dict): - """Reset the status file of the logcollector only future events.""" - - def get_journal_last_log_timestamp(): - ''' - Get the timestamp of the last log message in the journal. - - Returns: - int: The timestamp of the last log message in the journal. - ''' - from subprocess import Popen, PIPE - from shlex import split - - # Get the last log message in the journal - command = 'journalctl -o json -n1' - process = Popen(split(command), stdout=PIPE, stderr=PIPE) - output, error = process.communicate() - - if error: - raise Exception(f"Error getting the last log message from the journal: {error.decode()}") - - # Get the timestamp of the last log message - import json - log_message = json.loads(output.decode()) - return log_message.get('_SOURCE_REALTIME_TIMESTAMP') - - def get_ofe_journald(): - ''' - Get the status of the logcollector for journald. - - Set the timestamp of the last log message in the journal as the timestamp for the journald. - if the test_metadata contains the key 'force_timestamp', the value of this key will be used as the timestamp. - - Returns: - dict: The status of the logcollector for journald. - ''' - - if 'force_timestamp' in test_metadata: - epoch_timestamp = test_metadata['force_timestamp'] - else: - epoch_timestamp = get_journal_last_log_timestamp() - - status: dict = { "timestamp": str(epoch_timestamp) } - return status - - # File status for logcollector - file_status: dict = {} - - # Configure the file status for each logreader - file_status['journald'] = get_ofe_journald() - - # Write the file status - write_json_file(LOGCOLLECTOR_OFE_PATH, file_status) - - -@pytest.fixture() -def pre_send_journal_logs(request: pytest.FixtureRequest, test_metadata: dict): - """Send log messages to the journal before starting the logcollector.""" - from utils import send_log_to_journal - - if 'pre_input_logs' not in test_metadata: - raise Exception(f"The test_metadata does not contain the key 'pre_input_logs'") - else: - for log_message in test_metadata['pre_input_logs']: - send_log_to_journal(log_message) diff --git a/src/modules/logcollector/tests/integration/pytest.ini b/src/modules/logcollector/tests/integration/pytest.ini deleted file mode 100644 index a4d99caad2..0000000000 --- a/src/modules/logcollector/tests/integration/pytest.ini +++ /dev/null @@ -1,10 +0,0 @@ -[pytest] -addopts = --strict-markers -markers = - tier(level) - darwin - linux - win32 - agent -filterwarnings= - ignore::urllib3.exceptions.InsecureRequestWarning diff --git a/src/modules/logcollector/tests/integration/test_configuration/__init__.py b/src/modules/logcollector/tests/integration/test_configuration/__init__.py deleted file mode 100644 index fb5b8575fc..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/__init__.py +++ /dev/null @@ -1,11 +0,0 @@ -""" -Copyright (C) 2015-2024, Wazuh Inc. -Created by Wazuh, Inc. . -This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -""" -from pathlib import Path - -# Constants & base paths -TEST_DATA_PATH = Path(Path(__file__).parent, 'data') -TEST_CASES_PATH = Path(TEST_DATA_PATH, 'test_cases') -CONFIGURATIONS_PATH = Path(TEST_DATA_PATH, 'configuration_templates') diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration.yaml deleted file mode 100644 index cdcb2e5794..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: localfile - elements: - - command: - value: 'COMMAND' - - log_format: - value: 'LOG_FORMAT' - - alias: - value: 'ALIAS' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_command.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_command.yaml deleted file mode 100644 index 2710134901..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_command.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- sections: - - section: localfile - elements: - - command: - value: 'COMMAND' - - log_format: - value: 'LOG_FORMAT' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_label.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_label.yaml deleted file mode 100644 index 43fb1f0f8e..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_label.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- sections: - - section: localfile - elements: - - location: - value: 'LOCATION' - - log_format: - value: 'json' - - label: - value: 'LABEL' - attributes: - - key: KEY diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format.yaml deleted file mode 100644 index 793af6c698..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: localfile - elements: - - command: - value: 'COMMAND' - - location: - value: 'LOCATION' - - log_format: - value: 'LOG_FORMAT' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format_location.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format_location.yaml deleted file mode 100644 index 802489f05e..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_log_format_location.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- sections: - - section: localfile - elements: - - location: - value: 'LOCATION' - - log_format: - value: 'LOG_FORMAT' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_out_format.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_out_format.yaml deleted file mode 100644 index 3d8d0818ac..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_out_format.yaml +++ /dev/null @@ -1,19 +0,0 @@ -- sections: - - section: socket - elements: - - name: - value: 'SOCKET_NAME' - - location: - value: 'SOCKET_PATH' - - section: localfile - elements: - - location: - value: 'LOCATION' - - log_format: - value: 'LOG_FORMAT' - - target: - value: 'TARGET' - - out_format: - value: OUT_FORMAT - attributes: - - target: TARGET_OUT_FORMAT diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_reconnect_time.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_reconnect_time.yaml deleted file mode 100644 index 3bdbfaa95c..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_reconnect_time.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- sections: - - section: localfile - elements: - - location: - value: 'LOCATION' - - log_format: - value: 'LOG_FORMAT' - - reconnect_time: - value: 'RECONNECT_TIME' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_target.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_target.yaml deleted file mode 100644 index 5ff58c5b9c..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_basic_configuration_target.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- sections: - - section: socket - elements: - - name: - value: 'SOCKET_NAME' - - location: - value: 'SOCKET_PATH' - - section: localfile - elements: - - location: - value: 'LOCATION' - - log_format: - value: 'LOG_FORMAT' - - target: - value: 'TARGET' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_duplicated_macos_configuration.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_duplicated_macos_configuration.yaml deleted file mode 100644 index 5722700e5e..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_duplicated_macos_configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ -- sections: - - section: localfile - attributes: - - name: 'logcollector_configuration_block1' - elements: - - location: - value: 'LOCATION1' - - log_format: - value: 'LOG_FORMAT1' - - section: localfile - attributes: - - name: 'logcollector_configuration_block2' - elements: - - location: - value: 'LOCATION2' - - log_format: - value: 'LOG_FORMAT2' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_no_defined_location_macos_configuration.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_no_defined_location_macos_configuration.yaml deleted file mode 100644 index fac708f8ce..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/configuration_templates/wazuh_no_defined_location_macos_configuration.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- sections: - - section: localfile - elements: - - log_format: - value: 'LOG_FORMAT' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_alias.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_alias.yaml deleted file mode 100644 index 476ae4921d..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_alias.yaml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Basic configuration alias - description: Basic configuration alias - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: 'to_replace' - ALIAS: 'alias' - metadata: - log_format: 'command' - command: 'to_replace' - alias: 'alias' - -- name: Basic configuration alias - description: Basic configuration alias - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: 'to_replace' - ALIAS: 'alias2' - metadata: - log_format: 'full_command' - command: 'to_replace' - alias: 'alias2' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_command.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_command.yaml deleted file mode 100644 index 466302f76f..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_command.yaml +++ /dev/null @@ -1,89 +0,0 @@ -- name: Basic configuration command - description: Basic configuration command - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: 'echo Testing' - metadata: - log_format: 'command' - command: 'echo Testing' - -- name: Basic configuration command - description: Basic configuration command - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: 'df -P' - metadata: - log_format: 'command' - command: 'df -P' - -- name: Basic configuration command - description: Basic configuration command - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: 'find / -type f -perm 4000' - metadata: - log_format: 'command' - command: 'find / -type f -perm 4000' - -- name: Basic configuration command - description: Basic configuration command - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: 'ls /tmp/*' - metadata: - log_format: 'command' - command: 'ls /tmp/*' - -- name: Basic configuration command - description: Basic configuration command - configuration_parameters: - LOG_FORMAT: 'command' - COMMAND: '/tmp/script/my_script -a 1 -v 2 -b 3 -g 444 -k Testing' - metadata: - log_format: 'command' - command: '/tmp/script/my_script -a 1 -v 2 -b 3 -g 444 -k Testing' - -- name: Basic configuration full_command - description: Basic configuration full_command - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: 'echo Testing' - metadata: - log_format: 'full_command' - command: 'echo Testing' - -- name: Basic configuration full_command - description: Basic configuration full_command - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: 'df -P' - metadata: - log_format: 'full_command' - command: 'df -P' - -- name: Basic configuration full_command - description: Basic configuration full_command - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: 'find / -type f -perm 4000' - metadata: - log_format: 'full_command' - command: 'find / -type f -perm 4000' - -- name: Basic configuration full_command - description: Basic configuration full_command - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: 'ls /tmp/*' - metadata: - log_format: 'full_command' - command: 'ls /tmp/*' - -- name: Basic configuration full_command - description: Basic configuration full_command - configuration_parameters: - LOG_FORMAT: 'full_command' - COMMAND: '/tmp/script/my_script -a 1 -v 2 -b 3 -g 444 -k Testing' - metadata: - log_format: 'full_command' - command: '/tmp/script/my_script -a 1 -v 2 -b 3 -g 444 -k Testing' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_journald.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_journald.yaml deleted file mode 100644 index 96626cd668..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_journald.yaml +++ /dev/null @@ -1,353 +0,0 @@ -- name: Journald default configuration - description: A basic configuration for journald, 1 block without filters - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - metadata: - expected_logs: - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - only-future-events: 'yes' - target: - - agent - -- name: Journald, ignore bad location - description: A basic configuration for journald ignore the bad location - configuration_parameters: - - - location: - value: bad location - - log_format: - value: journald - metadata: - expected_logs: - - .*Invalid location value 'bad location'.*Default value will be used - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - only-future-events: 'yes' - target: - - agent - -- name: Journald, ignore missing location - description: A basic configuration for journald ignore the missing location - configuration_parameters: - - - log_format: - value: journald - metadata: - expected_logs: - - .*Missing 'location' element when using 'journald' as 'log_format'. Default value will be used. - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries..* - expected_config: - logformat: journald - only-future-events: 'yes' - target: - - agent - -- name: Journald fail basic configuration - description: A basic configuration for journald, 1 block without filters, but fails building the filter (Missing field) - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - filter: - value: '\w+' - attributes: - - not_field: 'syslogtag' - - ignore_if_missing: 'yes' - metadata: - expected_logs: - - ".*The field for the journal filter cannot be empty.*" - - ".*Cannot add filter, the block will be ignored.*" - journal_disabled: True - -- name: Test merge 2 blocks of journal and both with filters - description: Test merge blocks of journal and both with filters, the localfiles merge on one logreader - configuration_parameters: - # Block 1 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 1A' - attributes: - - field: 'field 1A' - - ignore_if_missing: 'yes' - - filter: - value: 'Filter 1B' - attributes: - - field: 'field 1B' - # Block 2 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 2A' - attributes: - - field: 'field 2A' - metadata: - expected_logs: - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - filters_disabled: false - filters: - - - expression: Filter 1A - field: field 1A - ignore_if_missing: true - - expression: Filter 1B - field: field 1B - ignore_if_missing: false - - - expression: Filter 2A - field: field 2A - ignore_if_missing: false - only-future-events: 'yes' - target: - - agent - -- name: Test merge with 3 blocks and all with filters - description: Test merge 3 blocks and all with filters, the localfiles merge on one logreader - configuration_parameters: - # Block 1 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 1A' - attributes: - - field: 'field 1A' - - ignore_if_missing: 'yes' - - filter: - value: 'Filter 1B' - attributes: - - field: 'field 1B' - # Block 2 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 2A' - attributes: - - field: 'field 2A' - # Block 3 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 3A' - attributes: - - field: 'field 3A' - - ignore_if_missing: 'no' - metadata: - expected_logs: - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - filters_disabled: false - filters: - - - expression: Filter 1A - field: field 1A - ignore_if_missing: true - - expression: Filter 1B - field: field 1B - ignore_if_missing: false - - - expression: Filter 2A - field: field 2A - ignore_if_missing: false - - - expression: Filter 3A - field: field 3A - ignore_if_missing: false - only-future-events: 'yes' - target: - - agent - - -- name: Test merge with 3 blocks and 1 without filters - description: Test merge with 3 blocks and 1 without filters, then the global filters are disabled - configuration_parameters: - # Block 1 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 1A' - attributes: - - field: 'field 1A' - - ignore_if_missing: 'yes' - - filter: - value: 'Filter 1B' - attributes: - - field: 'field 1B' - # Block 2 - - - location: - value: journald - - log_format: - value: journald - # Block 3 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 3A' - attributes: - - field: 'field 3A' - - ignore_if_missing: 'no' - metadata: - expected_logs: - - .*The filters of the journald log will be disabled in the merge.* - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - filters_disabled: true - filters: - - - expression: 'Filter 1A' - field: field 1A - ignore_if_missing: true - - expression: 'Filter 1B' - field: field 1B - ignore_if_missing: false - - - expression: 'Filter 3A' - field: field 3A - ignore_if_missing: false - only-future-events: 'yes' - target: - - agent - - -- name: Test merge with 3 blocks and all with filters, but 1 block fails compiling the regex - description: Test merge with 3 blocks and all with filters, but 1 block fails compiling the regex, the block will be ignored - configuration_parameters: - # Block 1 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: '\w+ Filter 1A' - attributes: - - field: 'field 1A' - - ignore_if_missing: 'yes' - - filter: - value: '\w+ Filter 1B' - attributes: - - field: 'field 1B' - # Block 2 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: '\w+ [ Filter 2A' - attributes: - - field: 'field 2A' - # Block 3 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: '\w+ Filter 3A' - attributes: - - field: 'field 3A' - - ignore_if_missing: 'no' - metadata: - expected_logs: - - .*Error compiling the PCRE2 expression.* - - .*Cannot add filter, the block will be ignored - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - filters_disabled: false - filters: - - - expression: \w+ Filter 1A - field: field 1A - ignore_if_missing: true - - expression: \w+ Filter 1B - field: field 1B - ignore_if_missing: false - - - expression: \w+ Filter 3A - field: field 3A - ignore_if_missing: false - only-future-events: 'yes' - target: - - agent - -- name: Test merge with 3 blocks and all with filters, preserve only-future-events from last block - description: Test merge with 3 blocks and all with filters, preserve only-future-events from last block - configuration_parameters: - # Block 1 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 1A' - attributes: - - field: 'field 1A' - - ignore_if_missing: 'yes' - - filter: - value: 'Filter 1B' - attributes: - - field: 'field 1B' - # Block 2 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 2A' - attributes: - - field: 'field 2A' - # Block 3 - - - location: - value: journald - - log_format: - value: journald - - filter: - value: 'Filter 3A' - attributes: - - field: 'field 3A' - - ignore_if_missing: 'no' - - only-future-events: - value: 'no' - metadata: - expected_logs: - - .*Socket target for 'journald' -> agent - - .*Monitoring journal entries. - expected_config: - logformat: journald - only-future-events: 'no' - filters: - - - expression: Filter 1A - field: field 1A - ignore_if_missing: true - - expression: Filter 1B - field: field 1B - ignore_if_missing: false - - - expression: Filter 2A - field: field 2A - ignore_if_missing: false - - - expression: Filter 3A - field: field 3A - ignore_if_missing: false - filters_disabled: false - max-size: '0' - target: - - agent diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_label.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_label.yaml deleted file mode 100644 index 4974e95b03..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_label.yaml +++ /dev/null @@ -1,87 +0,0 @@ -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: '@source' - metadata: - location: 'to_replace' - label: 'myapp' - key: '@source' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: 'agent.type' - metadata: - location: 'to_replace' - label: 'myapp' - key: 'agent.type' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: 'agent.location' - metadata: - location: 'to_replace' - label: 'myapp' - key: 'agent.location' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: 'agent.idgroup' - metadata: - location: 'to_replace' - label: 'myapp' - key: 'agent.idgroup' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: 'group.groupnname' - metadata: - location: 'to_replace' - label: 'myapp' - key: 'group.groupnname' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: '109304' - metadata: - location: 'to_replace' - label: 'myapp' - key: '109304' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: 'TestingTagNames' - metadata: - location: 'to_replace' - label: 'myapp' - key: 'TestingTagNames' - -- name: Basic configuration label - description: Basic configuration label - configuration_parameters: - LOCATION: 'to_replace' - LABEL: 'myapp' - KEY: '?atag_tname' - metadata: - location: 'to_replace' - label: 'myapp' - key: '?atag_tname' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location.yaml deleted file mode 100644 index a3b2cc27a0..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location.yaml +++ /dev/null @@ -1,79 +0,0 @@ -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: 'test.txt' - LOG_FORMAT: 'syslog' - metadata: - location: 'test.txt' - log_format: 'syslog' - validate_config: True - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: '*' - LOG_FORMAT: 'syslog' - metadata: - location: '*' - log_format: 'syslog' - validate_config: False - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: 'Testing white spaces' - LOG_FORMAT: 'syslog' - metadata: - location: 'Testing white spaces' - log_format: 'syslog' - validate_config: True - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: '%F%H%K%L' - LOG_FORMAT: 'syslog' - metadata: - location: '%F%H%K%L' - log_format: 'syslog' - validate_config: False - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: 'test.*' - LOG_FORMAT: 'syslog' - metadata: - location: 'test.*' - log_format: 'syslog' - validate_config: False - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: 'c*test.txt' - LOG_FORMAT: 'syslog' - metadata: - location: 'c*test.txt' - log_format: 'syslog' - validate_config: False - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: '?^*We.- Nmae' - LOG_FORMAT: 'syslog' - metadata: - location: '?^*We.- Nmae' - log_format: 'syslog' - validate_config: False - -- name: Basic configuration location - description: Basic configuration location - configuration_parameters: - LOCATION: 'file.log-%Y-%m-%d' - LOG_FORMAT: 'syslog' - metadata: - location: 'file.log-%Y-%m-%d' - log_format: 'syslog' - validate_config: False diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_macos.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_macos.yaml deleted file mode 100644 index 869f64ac1d..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_macos.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Basic configuration location macos - description: Basic configuration location macos - configuration_parameters: - LOCATION: 'macos' - LOG_FORMAT: 'macos' - metadata: - location: 'macos' - log_format: 'macos' - validate_config: True diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_win.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_win.yaml deleted file mode 100644 index c9a8717745..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_location_win.yaml +++ /dev/null @@ -1,80 +0,0 @@ -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Microsoft-Windows-Sysmon/Operational' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Microsoft-Windows-Sysmon/Operational' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Application' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Application' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Security' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'System' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'System' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Microsoft-Windows-Windows Defender/Operational' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Microsoft-Windows-Windows Defender/Operational' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'File Replication Service' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'File Replication Service' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'Service Microsoft-Windows-TerminalServices-RemoteConnectionManager' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'Service Microsoft-Windows-TerminalServices-RemoteConnectionManager' - log_format: 'eventchannel' - -- name: Basic configuration location windows - description: Basic configuration location windows - configuration_parameters: - LOCATION: 'invalidchannel' - LOG_FORMAT: 'eventchannel' - metadata: - location: 'invalidchannel' - log_format: 'eventchannel' diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format.yaml deleted file mode 100644 index 2143bf83bf..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format.yaml +++ /dev/null @@ -1,197 +0,0 @@ -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'syslog' - metadata: - location: 'to_replace' - log_format: 'syslog' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'json' - metadata: - location: 'to_replace' - log_format: 'json' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'snort-full' - metadata: - location: 'to_replace' - log_format: 'snort-full' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'mysql_log' - metadata: - location: 'to_replace' - log_format: 'mysql_log' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'postgresql_log' - metadata: - location: 'to_replace' - log_format: 'postgresql_log' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'nmapg' - metadata: - location: 'to_replace' - log_format: 'nmapg' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'iis' - metadata: - location: 'to_replace' - log_format: 'iis' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'command' - COMMAND: 'example-command' - metadata: - location: 'to_replace' - log_format: 'command' - command: 'example-command' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'full_command' - COMMAND: 'example-command' - metadata: - location: 'to_replace' - log_format: 'full_command' - command: 'example-command' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: '/var/log/testing/current' - LOG_FORMAT: 'djb-multilog' - metadata: - location: '/var/log/testing/current' - log_format: 'djb-multilog' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'multi-line:3' - metadata: - location: 'to_replace' - log_format: 'multi-line:3' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'squid' - metadata: - location: 'to_replace' - log_format: 'squid' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'audit' - metadata: - location: 'to_replace' - log_format: 'audit' - valid_value: True - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'invalid' - metadata: - location: 'to_replace' - log_format: 'invalid' - valid_value: False - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'testing' - metadata: - location: 'to_replace' - log_format: 'testing' - valid_value: False - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'iisTesting' - metadata: - location: 'to_replace' - log_format: 'iisTesting' - valid_value: False - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'nmapgFSKF' - metadata: - location: 'to_replace' - log_format: 'nmapgFSKF' - valid_value: False - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'jsonLGK' - COMMAND: 'example-command' - metadata: - location: 'to_replace' - log_format: 'jsonLGK' - command: 'example-command' - valid_value: False - -- name: Basic configuration log format - description: Basic configuration log format - configuration_parameters: - LOCATION: 'to_replace' - LOG_FORMAT: 'commandFLKD' - COMMAND: 'example-command' - metadata: - location: 'to_replace' - log_format: 'commandFLKD' - command: 'example-command' - valid_value: False diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_duplicated.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_duplicated.yaml deleted file mode 100644 index 7ac9a0bd7f..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_duplicated.yaml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Basic configuration log format macos duplicated - description: Basic configuration log format duplicated - configuration_parameters: - LOCATION1: 'macos' - LOG_FORMAT1: 'macos' - LOCATION2: 'macos' - LOG_FORMAT2: 'macos' - metadata: - location1: 'macos' - log_format1: 'macos' - location2: 'macos' - log_format2: 'macos' - valid_value: True diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_no_defined.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_no_defined.yaml deleted file mode 100644 index d70cc13b83..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_macos_no_defined.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Basic configuration log format macos location no defined - description: Basic configuration log format macos location no defined - configuration_parameters: - LOG_FORMAT: 'macos' - metadata: - log_format: 'macos' - valid_value: True diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_win.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_win.yaml deleted file mode 100644 index 2188ffe94f..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_log_format_win.yaml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Basic configuration log format windows - description: Basic configuration log format windows - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventlog' - metadata: - location: 'Security' - log_format: 'eventlog' - valid_value: True - -- name: Basic configuration log format windows - description: Basic configuration log format windows - configuration_parameters: - LOCATION: '/tmp/test.txt' - LOG_FORMAT: 'eventchannel' - metadata: - location: '/tmp/test.txt' - log_format: 'eventchannel' - valid_value: True diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_out_format.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_out_format.yaml deleted file mode 100644 index 43a544da71..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_out_format.yaml +++ /dev/null @@ -1,219 +0,0 @@ -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(timestamp %Y-%m-%d %H:%M:%S)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(timestamp %Y-%m-%d %H:%M:%S)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(log)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(log)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(base64_log)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(base64_log)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(json_escaped_log)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(json_escaped_log)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(location)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(location)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(output)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(output)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(command)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(command)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(timestamp)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(timestamp)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(hostname)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(hostname)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(host_ip)' - TARGET_OUT_FORMAT: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(host_ip)' - target_out_format: 'custom_socket' - valid_value: True - -- name: Basic configuration out format - description: Basic configuration out format - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - OUT_FORMAT: '$(host_ip)' - TARGET_OUT_FORMAT: 'no_defined_custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - out_format: '$(host_ip)' - target_out_format: 'no_defined_custom_socket' - valid_value: False diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_reconnect_time.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_reconnect_time.yaml deleted file mode 100644 index 3fcebe0fba..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_reconnect_time.yaml +++ /dev/null @@ -1,131 +0,0 @@ -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '3s' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '3s' - valid_value: True - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '4000s' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '4000s' - valid_value: True - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '5m' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '5m' - valid_value: True - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '99h' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '99h' - valid_value: True - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '94201d' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '94201d' - valid_value: True - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '44sTesting' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '44sTesting' - valid_value: False - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: 'Testing44s' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: 'Testing44s' - valid_value: False - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '9hTesting' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '9hTesting' - valid_value: False - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '400mTesting' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '400mTesting' - valid_value: False - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: '3992' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: '3992' - valid_value: False - -- name: Basic configuration reconnect time - description: Basic configuration reconnect time - configuration_parameters: - LOCATION: 'Security' - LOG_FORMAT: 'eventchannel' - RECONNECT_TIME: 'Testing' - metadata: - location: 'Security' - log_format: 'eventchannel' - reconnect_time: 'Testing' - valid_value: False diff --git a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_target.yaml b/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_target.yaml deleted file mode 100644 index b0fbfe61ac..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/data/test_cases/cases_basic_configuration_target.yaml +++ /dev/null @@ -1,47 +0,0 @@ -- name: Basic configuration target - description: Basic configuration target - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'syslog' - TARGET: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'syslog' - target: 'custom_socket' - valid_value: True - -- name: Basic configuration target - description: Basic configuration target - configuration_parameters: - SOCKET_NAME: 'custom_socket' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'json' - TARGET: 'custom_socket' - metadata: - socket_name: 'custom_socket' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'json' - target: 'custom_socket' - valid_value: True - -- name: Basic configuration target - description: Basic configuration target - configuration_parameters: - SOCKET_NAME: 'custom_socket2' - SOCKET_PATH: '/var/log/messages' - LOCATION: '/tmp/testing.log' - LOG_FORMAT: 'json' - TARGET: 'custom_socket' - metadata: - socket_name: 'custom_socket2' - socket_path: '/var/log/messages' - location: '/tmp/testing.log' - log_format: 'json' - target: 'custom_socket' - valid_value: False diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_alias.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_alias.py deleted file mode 100644 index 30203b57a0..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_alias.py +++ /dev/null @@ -1,164 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the log collector generates events using the alias - specified in the 'alias' tag when monitoring a command, and the Wazuh API returns the same - values for the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - - macos - - windows - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - - Windows 10 - - Windows Server 2019 - - Windows Server 2016 - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias - -tags: - - logcollector_configuration -''' -import pytest -import sys - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS, MACOS -from wazuh_testing.modules.agentd import configuration as agentd_configuration -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Variables -local_internal_options = {logcollector_configuration.LOGCOLLECTOR_DEBUG: '2', logcollector_configuration.LOGCOLLECTOR_REMOTE_COMMANDS: '1', agentd_configuration.AGENTD_WINDOWS_DEBUG: '2'} - -if sys.platform == WINDOWS: - command = 'tasklist' -elif sys.platform == MACOS: - command = 'ps aux' -else: - command = 'ps -aux' - -# Test metadata, configuration and ids. -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_alias.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) -for test in test_metadata: - if test['command']: - test['command'] = command -for test in test_configuration: - if test['COMMAND']: - test['COMMAND'] = command -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_alias(test_configuration, test_metadata, configure_local_internal_options, truncate_monitored_files, - set_wazuh_configuration, daemons_handler): - ''' - description: Check if the 'wazuh-logcollector' daemon changes a command name in the log messages by - the one defined in the 'alias' tag. For this purpose, the test will monitor a command - using an alias. Then, it will verify that the 'reading command' event is generated. - This event includes the output of the command executed and its alias. Finally, the test - will verify that the Wazuh API returns the same values for the 'localfile' section that - the configured one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - configure_local_internal_options: - type: fixture - brief: Configure the Wazuh local internal options. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - assertions: - - Verify that the logcollector monitors a command with an assigned alias. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - input_description: A configuration template (test_basic_configuration_alias) is contained in an external YAML file - (wazuh_basic_configuration.yaml). That template is combined with two test cases defined - in the module. Those include configuration settings for the 'wazuh-logcollector' daemon. - - expected_output: - - r'Reading command message.*' - - tags: - - logs - ''' - - # Wait for command - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_READING_COMMAND_ALIAS, { - 'alias': test_metadata['alias'] - })) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_COMMAND_MONITORING - - if sys.platform != WINDOWS: - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_command.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_command.py deleted file mode 100644 index c178ce88b3..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_command.py +++ /dev/null @@ -1,160 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if monitored commands that use several parameters are - correctly executed by the logcollector, and the Wazuh API returns the same values for - the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - - macos - - windows - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - - Windows 10 - - Windows Server 2019 - - Windows Server 2016 - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format - -tags: - - logcollector_configuration -''' -import pytest, sys - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Variables -local_internal_options = {logcollector_configuration.LOGCOLLECTOR_DEBUG: '2', logcollector_configuration.LOGCOLLECTOR_REMOTE_COMMANDS: '1'} - -# Test metadata, configuration and ids. -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_command.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_command.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) - -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_command(test_configuration, test_metadata, configure_local_internal_options, truncate_monitored_files, - set_wazuh_configuration, daemons_handler): - ''' - description: Check if the 'wazuh-logcollector' daemon can monitor commands that use multiple parameters. - For this purpose, the test will configure the logcollector to monitor a command, setting it - in the 'command' tag. Once the logcollector has started, it will check if the 'monitoring' - event, indicating that the command is being monitored, has been generated. Finally, the test - will verify that the Wazuh API returns the same values for the 'localfile' section that - the configured one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - configure_local_internal_options: - type: fixture - brief: Configure the Wazuh local internal options. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - assertions: - - Verify that the logcollector monitors the command specified in the 'command' tag. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - input_description: A configuration template (test_basic_configuration_location) is contained in an external - YAML file (wazuh_basic_configuration.yaml). That template is combined with different - test cases defined in the module. Those include configuration settings for - the 'wazuh-logcollector' daemon. - - expected_output: - - r'INFO: Monitoring .* of command.*' - - tags: - - logs - ''' - - # Wait for command - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - callback = None - if test_metadata['log_format'] == 'full_command': - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MONITORING_FULL_COMMAND, { - 'command': test_metadata['command'] - }) - else: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MONITORING_COMMAND, { - 'command': test_metadata['command'] - }) - wazuh_log_monitor.start(callback=callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_COMMAND_MONITORING - - if sys.platform != WINDOWS: - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_journald.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_journald.py deleted file mode 100644 index 9c9580a047..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_journald.py +++ /dev/null @@ -1,155 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the Wazuh component (agent or manager) starts when - the 'localfile' with 'journal' as 'log_format' is set in the configuration, and the Wazuh API returns the - correct values for the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - -tier: 0 - -modules: - - logcollector - -components: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - -os_version: - - Arch Linux - - Amazon Linux 2 - - CentOS 8 - - Debian Buster - - Red Hat 8 - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html - -tags: - - logcollector -''' - - -import pytest - -from pathlib import Path - -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.utils import configuration - -from . import TEST_CASES_PATH -from utils import build_tc_config, assert_list_logs - - -LOG_COLLECTOR_GLOBAL_TIMEOUT = 40 - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.tier(level=0)] - -# Configuration -journald_case_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_journald.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(journald_case_path) -test_configuration = build_tc_config(test_configuration) - -daemon_debug = logcollector_configuration.LOGCOLLECTOR_DEBUG - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - -local_internal_options = {daemon_debug: '1'} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_location(test_configuration, test_metadata, truncate_monitored_files, configure_local_internal_options, - remove_all_localfiles_wazuh_config, set_wazuh_configuration, daemons_handler, wait_for_logcollector_start): - ''' - description: Check if the 'wazuh-logcollector' daemon starts properly when the 'journald' tag is used as log_format. - For this purpose, the test will configure the logcollector to monitor a 'journald'. - Finally, the test will verify that the Wazuh component is started by checking its process, and the Wazuh API returns the correct values - for the 'localfile' section. - - wazuh_min_version: 4.9.0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - configure_local_internal_options: - type: fixture - brief: Configure the 'local_internal_options' section in the 'internal_options.conf' file. - - remove_all_localfiles_wazuh_config: - type: fixture - brief: Remove all 'localfile' sections from the Wazuh configuration. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - wait_for_logcollector_start: - type: fixture - brief: Wait for the logcollector startup log. - - assertions: - - Verify that the Wazuh component (agent or manager) can start when the 'jouranld' tag is used as log_format. - - Verify that the Wazuh API returns the correct values for the 'localfile' section. - - Verify the correct messages are generated in the log file in the correct order. - - input_description: A configuration file with journal block settings and the expected output for each test case. - Those include configuration settings for `journal` configuration in 'wazuh-logcollector'. - - expected_output: - - Boolean values to indicate the state of the Wazuh component. - - Did not receive the expected "ERROR: Could not EvtSubscribe() for ... which returned ..." event. - - tags: - - invalid_settings - ''' - - # Logcollector always start, regardless of the configuration - utils.check_logcollector_socket() - - # Check the messages in the log file - if 'expected_logs' in test_metadata: - assert_list_logs(test_metadata['expected_logs']) - - # Get the localfile list from the runtime configuration - localfile_list = utils.get_localfile_runtime_configuration() - - # Regardless of configuration, there should never be more than one journal block. - if 'journal_disabled' in test_metadata and test_metadata['journal_disabled']: - assert len(localfile_list) == 0, f"Invalid configuration but journal block found." - return - else: - assert len(localfile_list) == 1, f"Invalid configuration. More than one journal block found." - - # Validate the test configuration with the runtime configuration - if 'expected_config' in test_metadata: - assert localfile_list[0] == test_metadata['expected_config'], f"Invalid configuration. Expected: {test_metadata['expected_config']}. Found: {localfile_list[0]}" diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_label.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_label.py deleted file mode 100644 index e2068a12cb..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_label.py +++ /dev/null @@ -1,160 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the Wazuh component (agent or manager) starts when - the 'label' tag is set in the configuration, and the Wazuh API returns the same values for - the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - - macos - - windows - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - - Windows 10 - - Windows Server 2019 - - Windows Server 2016 - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#label - -tags: - - logcollector_configuration -''' - -import pytest, sys, tempfile, re, os - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service -from wazuh_testing.utils.file import truncate_file - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Configuration -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_label.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_label.yaml') - -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) - -folder_path = tempfile.gettempdir() -location = os.path.join(folder_path, 'test.txt') -for test in test_metadata: - if test['location']: - test['location'] = re.escape(location) -for test in test_configuration: - if test['LOCATION']: - test['LOCATION'] = location - -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_label(test_configuration, test_metadata, set_wazuh_configuration, daemons_handler_module, stop_logcollector): - ''' - description: Check if the 'wazuh-logcollector' daemon can monitor log files configured to use labels. - For this purpose, the test will configure the logcollector to use labels, setting them - in the label 'tag'. Once the logcollector has started, it will check if the 'analyzing' - event, indicating that the testing log file is being monitored, has been generated. - Finally, the test will verify that the Wazuh API returns the same values for - the 'localfile' section that the configured one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler_module: - type: fixture - brief: Handler of Wazuh daemons. - - stop_logcollector: - type: fixture - brief: Stop logcollector daemon. - - assertions: - - Verify that the logcollector monitors files when using the 'label' tag. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - input_description: A configuration template (test_basic_configuration_label) is contained in an external - YAML file (wazuh_basic_configuration.yaml). That template is combined with different - test cases defined in the module. Those include configuration settings for - the 'wazuh-logcollector' daemon. - - expected_output: - - r'Analyzing file.*' - - tags: - - invalid_settings - - logs - ''' - - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - - # Wait for command - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_ANALYZING_FILE, { - 'file': test_metadata['location'] - }), timeout=10) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_ANALYZING_FILE - - if sys.platform != WINDOWS: - utils.check_logcollector_socket() - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_location.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_location.py deleted file mode 100644 index 7d0340dc80..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_location.py +++ /dev/null @@ -1,194 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the Wazuh component (agent or manager) starts when - the 'location' tag is set in the configuration, and the Wazuh API returns the same values for - the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - -tier: 0 - -modules: - - logcollector - -components: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - - macos - - windows - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - - Windows 10 - - Windows Server 2019 - - Windows Server 2016 - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format - -tags: - - logcollector -''' - - -import pytest, sys, os -import tempfile - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS, MACOS -from wazuh_testing.modules.agentd import configuration as agentd_configuration -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -LOG_COLLECTOR_GLOBAL_TIMEOUT = 40 - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Configuration -default_config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_log_format_location.yaml') -default_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_location.yaml') - -macos_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_location_macos.yaml') - -win_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_location_win.yaml') - -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(default_cases_path) - -folder_path = tempfile.gettempdir() -for test in test_metadata: - if test['location']: - location = test['location'] - test['location'] = f'{os.path.join(folder_path, location)}' -for test in test_configuration: - if test['LOCATION']: - location = test['LOCATION'] - test['LOCATION'] = f'{os.path.join(folder_path, location)}' - -test_configuration = configuration.load_configuration_template(default_config_path, test_configuration, test_metadata) - -test_macos_configuration, test_macos_metadata, test_macos_cases_ids = configuration.get_test_cases_data(macos_cases_path) -test_macos_dup_configuration = configuration.load_configuration_template(default_config_path, test_macos_configuration, test_macos_metadata) - -test_win_configuration, test_win_metadata, test_win_cases_ids = configuration.get_test_cases_data(win_cases_path) -test_win_configuration = configuration.load_configuration_template(default_config_path, test_win_configuration, test_win_metadata) - - -daemon_debug = logcollector_configuration.LOGCOLLECTOR_DEBUG - -if sys.platform == MACOS: - test_configuration += test_macos_dup_configuration - test_metadata += test_macos_metadata - test_cases_ids += test_macos_cases_ids -if sys.platform == WINDOWS: - test_configuration += test_win_configuration - test_metadata += test_win_metadata - test_cases_ids += test_win_cases_ids - daemon_debug = agentd_configuration.AGENTD_WINDOWS_DEBUG - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - -local_internal_options = {daemon_debug: '1'} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_location(test_configuration, test_metadata, truncate_monitored_files, configure_local_internal_options, - set_wazuh_configuration, daemons_handler, wait_for_logcollector_start): - ''' - description: Check if the 'wazuh-logcollector' daemon starts properly when the 'location' tag is used. - For this purpose, the test will configure the logcollector to monitor a 'syslog' directory - and use a pathname with special characteristics. Finally, the test will verify that the - Wazuh component is started by checking its process, and the Wazuh API returns the same - values for the 'localfile' section that the configured one. - - wazuh_min_version: 4.2.0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - wait_for_logcollector_start: - type: fixture - brief: Wait for the logcollector startup log. - - assertions: - - Verify that the Wazuh component (agent or manager) can start when the 'location' tag is used. - - Verify that the Wazuh API returns the same value for the 'localfile' section as the configured one. - - Verify that the expected event is present in the log file. - - input_description: A configuration template (test_basic_configuration_location) is contained in an external - YAML file (wazuh_basic_configuration.yaml). That template is combined with different - test cases defined in the module. Those include configuration settings for - the 'wazuh-logcollector' daemon. - - expected_output: - - Boolean values to indicate the state of the Wazuh component. - - Did not receive the expected "ERROR: Could not EvtSubscribe() for ... which returned ..." event. - - tags: - - invalid_settings - ''' - - if sys.platform == WINDOWS: - if test_metadata['location'] == 'invalidchannel': - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_EVENTCHANNEL_BAD_FORMAT, - {'event_location': test_metadata['location']}) - wazuh_log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, callback=callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_EVENTCHANNEL - else: - if test_metadata['validate_config']: - utils.check_logcollector_socket() - if test_metadata['location'] != 'macos' and test_metadata['log_format'] != 'macos': - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_log_format.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_log_format.py deleted file mode 100644 index d8ec6639cb..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_log_format.py +++ /dev/null @@ -1,327 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the logcollector detects invalid values for - the 'log_format' tag and the Wazuh API returns the same values for the configured - 'localfile' section. They also check some special aspects when macOS is used. - Log data collection is the real-time process of making sense out of - the records generated by servers or devices. This component can receive logs through - text files or Windows event logs. It can also directly receive logs via remote syslog - which is useful for firewalls and other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - - macos - - windows - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - - Windows 10 - - Windows Server 2019 - - Windows Server 2016 - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location - -tags: - - logcollector_configuration -''' - -import pytest, sys, os, tempfile, re -import subprocess as sb - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH, MACOS_LOG_COMMAND_PATH -from wazuh_testing.constants.platforms import WINDOWS, MACOS -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.modules.logcollector import patterns, PREFIX -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service -from wazuh_testing.utils.file import truncate_file - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -LOG_COLLECTOR_GLOBAL_TIMEOUT = 40 - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.win32, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Configuration - -default_config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_log_format.yaml') -default_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_log_format.yaml') - -macos_duplicated_config_path = Path(CONFIGURATIONS_PATH, 'wazuh_duplicated_macos_configuration.yaml') -macos_duplicated_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_log_format_macos_duplicated.yaml') - -macos_no_defined_config_path = Path(CONFIGURATIONS_PATH, 'wazuh_no_defined_location_macos_configuration.yaml') -macos_no_defined_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_log_format_macos_no_defined.yaml') - -win_config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_log_format_location.yaml') -win_cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_log_format_win.yaml') - -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(default_cases_path) - -folder_path = tempfile.gettempdir() -location = os.path.join(folder_path, 'test.txt') -for test in test_metadata: - if test['location'] and test['log_format'] != 'djb-multilog': - test['location'] = re.escape(location) -for test in test_configuration: - if test['LOCATION'] and test['LOG_FORMAT'] != 'djb-multilog': - test['LOCATION'] = location - -test_configuration = configuration.load_configuration_template(default_config_path, test_configuration, test_metadata) - -test_macos_dup_configuration, test_macos_dup_metadata, test_macos_dup_cases_ids = configuration.get_test_cases_data(macos_duplicated_cases_path) -test_macos_dup_configuration = configuration.load_configuration_template(macos_duplicated_config_path, test_macos_dup_configuration, test_macos_dup_metadata) - -test_macos_nodef_configuration, test_macos_nodef_metadata, test_macos_nodef_cases_ids = configuration.get_test_cases_data(macos_no_defined_cases_path) -test_macos_nodef_configuration = configuration.load_configuration_template(macos_no_defined_config_path, test_macos_nodef_configuration, test_macos_nodef_metadata) - -test_win_configuration, test_win_metadata, test_win_cases_ids = configuration.get_test_cases_data(win_cases_path) -test_win_configuration = configuration.load_configuration_template(win_config_path, test_win_configuration, test_win_metadata) - - -if sys.platform == MACOS: - test_configuration += test_macos_dup_configuration - test_configuration += test_macos_nodef_configuration - test_metadata += test_macos_dup_metadata - test_metadata += test_macos_nodef_metadata - test_cases_ids += test_macos_dup_cases_ids - test_cases_ids += test_macos_nodef_cases_ids -if sys.platform == WINDOWS: - test_configuration += test_win_configuration - test_metadata += test_win_metadata - test_cases_ids += test_win_cases_ids - - -local_internal_options = {logcollector_configuration.LOGCOLLECTOR_REMOTE_COMMANDS: '1', logcollector_configuration.LOGCOLLECTOR_DEBUG: '2'} - -log_format_not_print_analyzing_info = ['command', 'full_command', 'eventlog', 'eventchannel', 'macos'] - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -def check_log_format_valid(test_configuration, test_metadata): - """Check if Wazuh run correctly with the specified log formats. - - Ensure logcollector allows the specified log formats. Also, in the case of the manager instance, check if the API - answer for localfile block coincides. - - Raises: - TimeoutError: If the "Analyzing file" callback is not generated. - AssertError: In the case of a server instance, the API response is different that the real configuration. - """ - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - - if test_metadata['log_format'] not in log_format_not_print_analyzing_info: - wazuh_log_monitor.start(timeout=5, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_ANALYZING_FILE, - {'file': test_metadata['location']})) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_ANALYZING_FILE - elif 'command' in test_metadata['log_format']: - if test_metadata['log_format'] == 'full_command': - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MONITORING_FULL_COMMAND, { - 'command': test_metadata['command']}) - else: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MONITORING_COMMAND, { - 'command': test_metadata['command']}) - wazuh_log_monitor.start(timeout=5, callback=callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_COMMAND_MONITORING - elif test_metadata['log_format'] == 'djb-multilog': - wazuh_log_monitor.start(timeout=5, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_DJB_PROGRAM_NAME, - {'program_name': test_metadata['location']})) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_DJB_MULTILOG_NOT_PRODUCED - elif test_metadata['log_format'] == 'macos': - if 'location' in test_metadata and test_metadata['location'] != 'macos': - wazuh_log_monitor.start(timeout=5, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MACOS_INVALID_LOCATION, - {'location': test_metadata['location']})) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_INVALID_MACOS_VALUE - if 'location' not in test_metadata: - wazuh_log_monitor.start(timeout=5, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MACOS_MISSING_LOCATION)) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_MISSING_LOCATION_VALUE - - wazuh_log_monitor.start(timeout=5, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MACOS_MONITORING_LOGS, - {'command_path': MACOS_LOG_COMMAND_PATH})) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_MACOS_LOG_NOT_PRODUCED - - -def check_log_format_invalid(test_metadata): - """Check if Wazuh fails because a invalid frequency configuration value. - - Args: - test_configuration (dict): Dictionary with the localfile configuration. - - Raises: - TimeoutError: If error callback are not generated. - """ - - if test_metadata['valid_value']: - pytest.skip('Valid values provided') - - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - log_callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_INVALID_VALUE_ELEMENT, - {'prefix' : PREFIX, - 'option': 'log_format', - 'value' : test_metadata['log_format']}) - wazuh_log_monitor.start(timeout=5, callback=log_callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_GENERIC_MESSAGE - - log_callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_CONFIGURATION_ERROR, - {'prefix' : PREFIX, - 'severity' : 'ERROR', - 'conf_path' : "etc/ossec.conf"}) - wazuh_log_monitor.start(timeout=5, callback=log_callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_GENERIC_MESSAGE - - if sys.platform != WINDOWS: - - log_callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_CONFIGURATION_ERROR, - {'prefix' : PREFIX, - 'severity' : 'ERROR', - 'conf_path' : "etc/ossec.conf"}) - wazuh_log_monitor.start(timeout=5, callback=log_callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_GENERIC_MESSAGE - - -def check_log_file_duplicated(): - """Check if Wazuh shows a warning message when the configuration is duplicated.""" - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_LOG_FILE_DUPLICATED)) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_LOG_FILE_DUPLICATED - wazuh_log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_MACOS_MONITORING_LOGS, - {'command_path': MACOS_LOG_COMMAND_PATH})) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_ANALYZING_MACOS - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_log_format(test_configuration, test_metadata, configure_local_internal_options, truncate_monitored_files, - set_wazuh_configuration, daemons_handler_module, stop_logcollector): - ''' - description: Check if the 'wazuh-logcollector' daemon detects invalid configurations for the 'log_format' tag. - It also checks some special aspects when using macOS. For this purpose, the test will set a - 'localfile' section using valid/invalid values for the 'log_format' tag. Then, it will check if - an error event is generated when using an invalid value. If macOS is the host system, the test - will verify that only one configuration block is used, and the 'location' tag allows invalid values. - Finally, the test will verify that the Wazuh API returns the same values for the 'localfile' section - that the configured one. - - wazuh_min_version: 4.4.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - configure_local_internal_options: - type: fixture - brief: Configure the Wazuh local internal options. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler_module: - type: fixture - brief: Handler of Wazuh daemons. - - stop_logcollector: - type: fixture - brief: Stop logcollector daemon. - - assertions: - - Verify that the logcollector generates error events when using invalid values for the 'log_format' tag. - - Verify that the logcollector accepts invalid values for the 'location' tag when 'macos' log format is set. - - Verify that the logcollector uses the default macOS value for the 'location' tag when it is not defined. - - Verify that the logcollector allows only one macOS configuration section. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - - input_description: A configuration templates (test_basic_configuration_log_format) are contained in externals - YAML files (wazuh_basic_configuration.yaml, wazuh_duplicated_macos_configuration.yaml, and - wazuh_no_defined_location_macos_configuration.yaml). Those templates are combined with - different test cases defined in the module. Those include configuration settings for - the 'wazuh-logcollector' daemon. - - expected_output: - - r'Analyzing file.*' - - r'INFO: Monitoring .* of command.*' - - r'INFO: Using program name .* for DJB multilog file.*' - - r'Invalid value for element .*' - - r'Configuration error at .*' - - r"Can't add more than one 'macos' block" - - r'Monitoring macOS logs with' - - r"Invalid location value .* when using 'macos' as 'log_format'. Default value will be used." - - r"Missing 'location' element when using 'macos' as 'log_format'. Default value will be used." - - tags: - - invalid_settings - - logs - ''' - - if test_metadata['valid_value']: - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - if 'location1' in test_metadata: - check_log_file_duplicated() - else: - check_log_format_valid(test_configuration, test_metadata) - else: - if sys.platform == WINDOWS: - pytest.xfail("Windows agent allows invalid localfile configuration:\ - https://github.com/wazuh/wazuh/issues/10890") - expected_exception = ValueError - else: - expected_exception = sb.CalledProcessError - - with pytest.raises(expected_exception): - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - check_log_format_invalid(test_metadata) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_out_format.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_out_format.py deleted file mode 100644 index 8a72f14d13..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_out_format.py +++ /dev/null @@ -1,163 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the logcollector detects invalid values for - the 'out_format' tag and the Wazuh API returns the same values for the configured - 'localfile' section. Log data collection is the real-time process of making sense out - of the records generated by servers or devices. This component can receive logs through - text files or Windows event logs. It can also directly receive logs via remote syslog - which is useful for firewalls and other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#out-format - -tags: - - logcollector_configuration -''' -import pytest, sys - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.tier(level=0)] - -# Configuration -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_out_format.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_out_format.yaml') -local_internal_options = {logcollector_configuration.LOGCOLLECTOR_DEBUG: '2'} - -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) - -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_out_format(test_configuration, test_metadata, set_wazuh_configuration, configure_local_internal_options, daemons_handler_module, stop_logcollector): - ''' - description: Check if the 'wazuh-logcollector' daemon detects invalid settings for the 'out_format' tag. - For this purpose, the test will set a 'localfile' section using both valid and invalid values - for that tag. It also will set a 'socket' section to specify a custom socket. Finally, the - test will verify that the 'socket target' event is triggered when using a valid value or if - an error event is generated when using an invalid one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - configure_local_internal_options: - type: fixture - brief: Configure the Wazuh local internal options. - - daemons_handler_module: - type: fixture - brief: Handler of Wazuh daemons. - - stop_logcollector: - type: fixture - brief: Stop logcollector daemon. - - assertions: - - Verify that the logcollector generates error events when using invalid values - for the 'out_format' tag. - - Verify that the logcollector generates 'socket target' events when using valid values - for the 'out_format' tag. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - input_description: A configuration template (test_basic_configuration_out_format) is contained in an - external YAML file (wazuh_basic_configuration.yaml). That template is combined with - different test cases defined in the module. Those include configuration settings - for the 'wazuh-logcollector' daemon. - - expected_output: - - r'DEBUG: Socket target for .* -> .*' - - r'WARNING: Log target .* not found for the output format of localfile .*' - - tags: - - invalid_settings - - logs - ''' - - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - - callback = None - assert_error = None - if test_metadata['valid_value']: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_SOCKET_TARGET_VALID, { - 'location': test_metadata['location'], - 'socket_name': test_metadata['target'] - }) - assert_error = patterns.ERROR_TARGET_SOCKET - else: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_LOG_TARGET_NOT_FOUND, { - 'socket_name': test_metadata['target_out_format'], - 'location': test_metadata['location'] - }) - assert_error = patterns.ERROR_TARGET_SOCKET_NOT_FOUND - - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(callback, timeout=10) - - assert wazuh_log_monitor.callback_result, assert_error - - - if test_metadata['valid_value'] and sys.platform != WINDOWS: - utils.check_logcollector_socket() - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_reconnect_time.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_reconnect_time.py deleted file mode 100644 index ad4e6cfa2e..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_reconnect_time.py +++ /dev/null @@ -1,151 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024 Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the logcollector detects invalid values for the - 'reconnect_time' tag. Log data collection is the real-time process of making sense out - of the records generated by servers or devices. This component can receive logs through - text files or Windows event logs. It can also directly receive logs via remote syslog - which is useful for firewalls and other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - -os_platform: - - windows - -os_version: - - Windows 10 - - Windows 8 - - Windows 7 - - Windows Server 2019 - - Windows Server 2016 - - Windows Server 2012 - - Windows Server 2003 - - Windows XP - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#reconnect-time - -tags: - - logcollector_configuration -''' -import pytest - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service -from wazuh_testing.utils.file import truncate_file - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -LOG_COLLECTOR_GLOBAL_TIMEOUT = 40 - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.win32, pytest.mark.tier(level=0)] - -# Test metadata, configuration and ids. -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_reconnect_time.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_reconnect_time.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -problematic_values = ['44sTesting', '9hTesting', '400mTesting', '3992'] - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_reconnect_time(test_configuration, test_metadata, truncate_monitored_files, - set_wazuh_configuration, daemons_handler_module, stop_logcollector): - ''' - description: Check if the 'wazuh-logcollector' daemon detects invalid settings for the 'reconnect_time' tag. - For this purpose, the test will set a 'localfile' section using both valid and invalid values - for that tag. Finally, the test will verify that the 'analyzing' event is triggered when using - a valid value or if the 'invalid' event is generated when using an invalid one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler_module: - type: fixture - brief: Handler of Wazuh daemons. - - stop_logcollector: - type: fixture - brief: Stop logcollector daemon. - - assertions: - - Verify that the logcollector generates 'invalid' events when using invalid values - for the 'reconnect_time' tag. - - Verify that the logcollector monitors a log file when using valid values for the 'reconnect_time' tag. - - input_description: A configuration template (test_basic_configuration_reconnect_time) is contained in an - external YAML file (wazuh_basic_configuration.yaml). That template is combined with - different test cases defined in the module. Those include configuration settings - for the 'wazuh-logcollector' daemon. - - expected_output: - - r'Analyzing event log.*' - - r'Invalid reconnection time value. Changed to .* seconds.' - - tags: - - invalid_settings - - logs - ''' - - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - - if test_metadata['valid_value']: - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_ANALYZING_EVENT_LOG, - {'event_location': test_metadata['location']}) - wazuh_log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, callback=callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_GENERIC_MESSAGE - else: - if test_metadata['reconnect_time'] in problematic_values: - pytest.xfail("Logcolector accepts invalid values. Issue: https://github.com/wazuh/wazuh/issues/8158") - else: - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - callback = callbacks.generate_callback(patterns.LOGCOLLECTOR_INVALID_RECONNECTION_TIME_VALUE, - {'severity': 'WARNING', - 'default_value':'5'}) - wazuh_log_monitor.start(timeout=5, callback=callback) - assert (wazuh_log_monitor.callback_result != None), patterns.ERROR_INVALID_RECONNECTION_TIME diff --git a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_target.py b/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_target.py deleted file mode 100644 index 629e301211..0000000000 --- a/src/modules/logcollector/tests/integration/test_configuration/test_basic_configuration_target.py +++ /dev/null @@ -1,163 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the logcollector detects that a custom socket is - undefined if the 'target' attribute of the 'out_format' tag has the name of an unexistent - socket (invalid value). Log data collection is the real-time process of making sense out - of the records generated by servers or devices. This component can receive logs through - text files or Windows event logs. It can also directly receive logs via remote syslog - which is useful for firewalls and other such devices. - -components: - - logcollector - -suite: configuration - -targets: - - agent - -daemons: - - wazuh-logcollector - -os_platform: - - linux - - macos - -os_version: - - Arch Linux - - Amazon Linux 2 - - Amazon Linux 1 - - CentOS 8 - - CentOS 7 - - Debian Buster - - Red Hat 8 - - macOS Catalina - - macOS Server - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#out-format - -tags: - - logcollector_configuration -''' - -import pytest, sys - -from pathlib import Path - -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH -from wazuh_testing.constants.platforms import WINDOWS -from wazuh_testing.constants.daemons import LOGCOLLECTOR_DAEMON -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.modules.logcollector import patterns -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks, configuration -from wazuh_testing.utils.services import control_service -from wazuh_testing.utils.file import truncate_file - -from . import TEST_CASES_PATH, CONFIGURATIONS_PATH - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.darwin, pytest.mark.tier(level=0)] - -# Configuration -cases_path = Path(TEST_CASES_PATH, 'cases_basic_configuration_target.yaml') -config_path = Path(CONFIGURATIONS_PATH, 'wazuh_basic_configuration_target.yaml') -local_internal_options = {logcollector_configuration.LOGCOLLECTOR_DEBUG: '2'} - -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(cases_path) - -test_configuration = configuration.load_configuration_template(config_path, test_configuration, test_metadata) - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - - -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_target(test_configuration, test_metadata, set_wazuh_configuration, configure_local_internal_options, daemons_handler_module, stop_logcollector): - ''' - description: Check if the 'wazuh-logcollector' daemon detects invalid configurations for the 'target' attribute - of the 'out_format' tag. For this purpose, the test will set a 'socket' section to specify a custom - socket, and a 'localfile' section using valid/invalid values for that attribute. Then, it will check - if an event indicating that the socket is not defined when using an invalid value, or if an event - indicating that the socket is detected when using valid ones. Finally, the test will verify that - the Wazuh API returns the same values for the 'localfile' section that the configured one. - - wazuh_min_version: 4.2.0 - - tier: 0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - configure_local_internal_options: - type: fixture - brief: Configure the Wazuh local internal options. - - daemons_handler_module: - type: fixture - brief: Handler of Wazuh daemons. - - stop_logcollector: - type: fixture - brief: Stop logcollector daemon. - - assertions: - - Verify that the logcollector detects undefined sockets when using invalid values for the 'target' attribute. - - Verify that the logcollector detects custom sockets when using valid values for the 'target' attribute. - - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. - - input_description: A configuration template (test_basic_configuration_target) is contained in an external - YAML file (wazuh_basic_configuration.yaml). That template is combined with different - test cases defined in the module. Those include configuration settings - for the 'wazuh-logcollector' daemon. - - expected_output: - - r'Socket target for .* -> .*' - - r'Socket .* for .* is not defined." - - tags: - - invalid_settings - ''' - - control_service('start', daemon=LOGCOLLECTOR_DAEMON) - - callback = None - assert_error = None - if test_metadata['valid_value']: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_SOCKET_TARGET_VALID, { - 'location': test_metadata['location'], - 'socket_name': test_metadata['target'] - }) - assert_error = patterns.ERROR_TARGET_SOCKET - else: - callback=callbacks.generate_callback(patterns.LOGCOLLECTOR_SOCKET_TARGET_NOT_DEFINED, { - 'socket_name': test_metadata['target'], - 'location': test_metadata['location'] - }) - assert_error = patterns.ERROR_TARGET_SOCKET_NOT_FOUND - - wazuh_log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - wazuh_log_monitor.start(callback, timeout=10) - assert wazuh_log_monitor.callback_result, assert_error - - if test_metadata['valid_value'] and sys.platform != WINDOWS: - utils.check_logcollector_socket() - utils.validate_test_config_with_module_config(test_configuration=test_configuration) diff --git a/src/modules/logcollector/tests/integration/test_read/__init__.py b/src/modules/logcollector/tests/integration/test_read/__init__.py deleted file mode 100644 index c1e575f1cd..0000000000 --- a/src/modules/logcollector/tests/integration/test_read/__init__.py +++ /dev/null @@ -1,12 +0,0 @@ -""" -Copyright (C) 2015-2024, Wazuh Inc. -Created by Wazuh, Inc. . -This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -""" -from pathlib import Path - - -# Constants & base paths -TEST_DATA_PATH = Path(Path(__file__).parent, 'data') -TEST_CASES_PATH = Path(TEST_DATA_PATH, 'test_cases') -CONFIGURATIONS_PATH = Path(TEST_DATA_PATH, 'configuration_templates') diff --git a/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_basic.yaml b/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_basic.yaml deleted file mode 100644 index 2f88721fea..0000000000 --- a/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_basic.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Basic configuration for journald without filters or merge -- name: Test Journal reader default configuration - description: A basic configuration for journald, 1 block without filters, read all - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - metadata: - expected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ \S+\[\d+]: This is a message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ \S+\[\d+]: This is a message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ \S+\[\d+]: This is a message from journald 3' - input_logs: - - message: This is a message from journald 1 - - message: This is a message from journald 2 - - message: This is a message from journald 3 - - -- name: Test Journal reader Filter by field - description: Test Journal reader, filter by field - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - filter: - value: test-IT-tag-\d - attributes: - - field: SYSLOG_IDENTIFIER - - ignore_if_missing: 'no' - metadata: - expected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-1\[\d+]: This is a message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-2\[\d+]: This is a message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-3\[\d+]: This is a message from journald 3' - unexpected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ other-tag\[\d+]: .*' - - '\w+ \d+ \d+:\d+:\d+ \S+ other-tag-2\[\d+]: .*' - input_logs: - - message: "This is a message from journald 1" - tag: "test-IT-tag-1" - - message: "This is a message from other proccess" - tag: "other-tag" - - message: "This is a message from journald 2" - tag: "test-IT-tag-2" - - message: "This is a message from other proccess 2" - tag: "other-tag-2" - - message: "This is a message from journald 3" - tag: "test-IT-tag-3" - - -- name: Test Journal reader, merge, with disabled filters in journal - description: Disable filters on merge, 2 blocks, 1 with filter, 1 without filter - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - filter: - value: test-IT-tag-\d - attributes: - - field: SYSLOG_IDENTIFIER - - ignore_if_missing: 'no' - - - location: - value: journald - - log_format: - value: journald - metadata: - expected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-1\[\d+]: This is a message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ other-tag\[\d+]: .*' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-2\[\d+]: This is a message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ other-tag-2\[\d+]: .*' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-IT-tag-3\[\d+]: This is a message from journald 3' - input_logs: - - message: "This is a message from journald 1" - tag: "test-IT-tag-1" - - message: "This is a message from other proccess" - tag: "other-tag" - - message: "This is a message from journald 2" - tag: "test-IT-tag-2" - - message: "This is a message from other proccess 2" - tag: "other-tag-2" - - message: "This is a message from journald 3" - tag: "test-IT-tag-3" diff --git a/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_ofe.yaml b/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_ofe.yaml deleted file mode 100644 index 8a86b0219e..0000000000 --- a/src/modules/logcollector/tests/integration/test_read/data/test_cases/cases_read_journald_ofe.yaml +++ /dev/null @@ -1,132 +0,0 @@ -- name: Test Journal only future events - description: This test check if logcollector is able to read old logs from journald before the agent starts - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - only-future-events: - value: 'no' - - filter: - value: test-journald-ofe - attributes: - - field: SYSLOG_IDENTIFIER - - ignore_if_missing: 'no' - - metadata: - expected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 3' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 4' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 5' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 6' - # Logs before the start the agent - pre_input_logs: - - message: "Message from journald 1" - tag: "test-journald-ofe" - - message: "Message from journald 2" - tag: "test-journald-ofe" - - message: "Message from journald 3" - tag: "test-journald-ofe" - # Logs after the start the agent - post_input_logs: - - message: "Message from journald 4" - tag: "test-journald-ofe" - - message: "Message from journald 5" - tag: "test-journald-ofe" - - message: "Message from journald 6" - tag: "test-journald-ofe" - - -# Basic configuration for journald without filters or merge -- name: Test Journal only future events, with timestamp set in the future - description: | - This test set the timestamp in the future, so it shuold be detected and - the logs should be read in realtime before logcollector starts - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - only-future-events: - value: 'no' - - filter: - value: test-journald-ofe - attributes: - - field: SYSLOG_IDENTIFIER - - ignore_if_missing: 'no' - - metadata: - force_timestamp: "2051233199000000" # 2034-12-31 23:59:59 - unexpected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 3' - expected_logs: - - The timestamp '2051233199000000' is in the future or invalid. Using the most recent entry. - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 4' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 5' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 6' - # Logs before the start the agent - pre_input_logs: - - message: "Message from journald 1" - tag: "test-journald-ofe" - - message: "Message from journald 2" - tag: "test-journald-ofe" - - message: "Message from journald 3" - tag: "test-journald-ofe" - # Logs after the start the agent - post_input_logs: - - message: "Message from journald 4" - tag: "test-journald-ofe" - - message: "Message from journald 5" - tag: "test-journald-ofe" - - message: "Message from journald 6" - tag: "test-journald-ofe" - -# Basic configuration for journald without filters or merge -- name: Test Journal only future events, with timestamp set in the future - description: | - This test set the timestamp in the future, so it shuold be detected and the logs - should be read in realtime before logcollector starts - configuration_parameters: - - - location: - value: journald - - log_format: - value: journald - - only-future-events: - value: 'no' - - filter: - value: test-journald-ofe - attributes: - - field: SYSLOG_IDENTIFIER - - ignore_if_missing: 'no' - - metadata: - force_timestamp: "0" # 2034-12-31 23:59:59 - unexpected_logs: - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 1' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 2' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 3' - expected_logs: - - The timestamp '0' is in the future or invalid. Using the most recent entry. - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 4' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 5' - - '\w+ \d+ \d+:\d+:\d+ \S+ test-journald-ofe\[\d+]: Message from journald 6' - # Logs before the start the agent - pre_input_logs: - - message: "Message from journald 1" - tag: "test-journald-ofe" - - message: "Message from journald 2" - tag: "test-journald-ofe" - - message: "Message from journald 3" - tag: "test-journald-ofe" - # Logs after the start the agent - post_input_logs: - - message: "Message from journald 4" - tag: "test-journald-ofe" - - message: "Message from journald 5" - tag: "test-journald-ofe" - - message: "Message from journald 6" - tag: "test-journald-ofe" diff --git a/src/modules/logcollector/tests/integration/test_read/test_read_journald_basic.py b/src/modules/logcollector/tests/integration/test_read/test_read_journald_basic.py deleted file mode 100644 index d262a9e6f1..0000000000 --- a/src/modules/logcollector/tests/integration/test_read/test_read_journald_basic.py +++ /dev/null @@ -1,167 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the Wazuh component (agent or manager) starts when - the 'location' tag is set in the configuration, and the Wazuh API returns the same values for - the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - This test suite will check the 'journald' log format, which is a system service that collects and stores - logging data. The 'journald' log format is used by the 'systemd-journald' API. - -tier: 0 - -modules: - - logcollector - -components: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - -os_version: - - Arch Linux - - Amazon Linux 2 - - CentOS 8 - - Debian Buster - - Red Hat 8 - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html - -tags: - - logcollector -''' - - -import pytest - -from pathlib import Path - -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.utils import configuration - -from . import TEST_CASES_PATH -from utils import build_tc_config, assert_list_logs, assert_not_list_logs, send_log_to_journal - - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.tier(level=0)] - -# Configuration -journald_case_path = Path(TEST_CASES_PATH, 'cases_read_journald_basic.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(journald_case_path) -test_configuration = build_tc_config(test_configuration) - -daemon_debug = logcollector_configuration.LOGCOLLECTOR_DEBUG - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - -local_internal_options = {daemon_debug: '2'} - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_location(test_configuration, test_metadata, truncate_monitored_files, configure_local_internal_options, - remove_all_localfiles_wazuh_config, set_wazuh_configuration, daemons_handler, wait_for_logcollector_start): - ''' - description: Check if the 'wazuh-logcollector' daemon starts properly when the 'journald' tag is used and read the logs from the 'systemd/journald' component. - For this purpose, the test will configure the logcollector to monitor a 'journald'. - Finally, the test will verify that the Wazuh-logcollector read the logs, and the Wazuh API returns the correct values - for the 'localfile' section. - - wazuh_min_version: 4.9.0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - configure_local_internal_options: - type: fixture - brief: Configure the 'local_internal_options' section in the 'internal_options.conf' file. - - remove_all_localfiles_wazuh_config: - type: fixture - brief: Remove all 'localfile' sections from the Wazuh configuration. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - wait_for_logcollector_start: - type: fixture - brief: Wait for the logcollector startup log. - - assertions: - - Verify that the Wazuh component (agent or manager) can start when the 'jouranld' tag is used. - - Verify that the Wazuh component (agent or manager) can read the logs from the 'systemd-journald'. - - Verify the correct messages are generated in the log file in the correct order. - - - input_description: A configuration file with journal block settings and the expected log messages. - Those include configuration settings for `journal` configuration in 'wazuh-logcollector'. - - expected_output: - - Boolean values to indicate the state of the Wazuh component. - - Did not receive the expected "ERROR: Could not EvtSubscribe() for ... which returned ..." event. - - tags: - - invalid_settings - ''' - - # Logcollector always start, regardless of the configuration - utils.check_logcollector_socket() - - # Send log messages to the monitored file - if 'input_logs' not in test_metadata: - raise Exception(f"Log messages not found in the test metadata.") - else: - for log_message in test_metadata['input_logs']: - send_log_to_journal(log_message) - - # Check the messages in the log file - if 'expected_logs' in test_metadata: - # Append regex to expected logs - for i, log_message in enumerate(test_metadata['expected_logs']): - test_metadata['expected_logs'][i] = f".*Reading from journal: '{log_message}'" - assert_list_logs(test_metadata['expected_logs']) - - if 'unexpected_logs' in test_metadata: - # Append regex to unexpected logs - for i, log_message in enumerate(test_metadata['unexpected_logs']): - test_metadata['unexpected_logs'][i] = f".*Reading from journal: '{log_message}'" - assert_not_list_logs(test_metadata['unexpected_logs']) - - # Get the localfile list from the runtime configuration - localfile_list = utils.get_localfile_runtime_configuration() - - # Regardless of configuration, there should never be more than one journal block. - if 'journal_disabled' in test_metadata and test_metadata['journal_disabled']: - assert len(localfile_list) == 0, f"Invalid configuration but journal block found." - return - else: - assert len(localfile_list) == 1, f"Invalid configuration. More than one journal block found." diff --git a/src/modules/logcollector/tests/integration/test_read/test_read_journald_ofe.py b/src/modules/logcollector/tests/integration/test_read/test_read_journald_ofe.py deleted file mode 100644 index f8735429b7..0000000000 --- a/src/modules/logcollector/tests/integration/test_read/test_read_journald_ofe.py +++ /dev/null @@ -1,178 +0,0 @@ -''' -copyright: Copyright (C) 2015-2024, Wazuh Inc. - - Created by Wazuh, Inc. . - - This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 - -type: integration - -brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. - Specifically, these tests will check if the Wazuh component (agent or manager) starts when - the 'location' tag is set in the configuration, and the Wazuh API returns the same values for - the configured 'localfile' section. - Log data collection is the real-time process of making sense out of the records generated by - servers or devices. This component can receive logs through text files or Windows event logs. - It can also directly receive logs via remote syslog which is useful for firewalls and - other such devices. - This test suite will check the 'journald' log format, which is a system service that collects and stores - logging data. The 'journald' log format is used by the 'systemd-journald' API. - -tier: 0 - -modules: - - logcollector - -components: - - agent - -daemons: - - wazuh-logcollector - - wazuh-apid - -os_platform: - - linux - -os_version: - - Arch Linux - - Amazon Linux 2 - - CentOS 8 - - Debian Buster - - Red Hat 8 - - Ubuntu Focal - - Ubuntu Bionic - -references: - - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html - - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html - -tags: - - logcollector -''' - - -import pytest - -from pathlib import Path - -from wazuh_testing.modules.logcollector import utils -from wazuh_testing.modules.logcollector import configuration as logcollector_configuration -from wazuh_testing.utils import configuration -from wazuh_testing.utils.file import write_json_file - -from . import TEST_CASES_PATH -from utils import build_tc_config, assert_list_logs, assert_not_list_logs, send_log_to_journal - -# Marks -pytestmark = [pytest.mark.agent, pytest.mark.linux, pytest.mark.tier(level=0)] - -# Configuration -journald_case_path = Path(TEST_CASES_PATH, 'cases_read_journald_ofe.yaml') -test_configuration, test_metadata, test_cases_ids = configuration.get_test_cases_data(journald_case_path) -test_configuration = build_tc_config(test_configuration) - -daemon_debug = logcollector_configuration.LOGCOLLECTOR_DEBUG - -# Test daemons to restart. -daemons_handler_configuration = {'all_daemons': True} - -local_internal_options = {daemon_debug: '2'} - - -# Test function. -@pytest.mark.parametrize('test_configuration, test_metadata', zip(test_configuration, test_metadata), ids=test_cases_ids) -def test_configuration_location(test_configuration, test_metadata, truncate_monitored_files, configure_local_internal_options, - reset_ofe_status, remove_all_localfiles_wazuh_config, set_wazuh_configuration, pre_send_journal_logs, - daemons_handler, wait_for_logcollector_start): - ''' - description: Check if the 'wazuh-logcollector' daemon starts properly when the 'journald' tag is used - and read the logs from the 'systemd/journald' component and is able to read logs older than - the current start logcollector time. - For this purpose, the test will configure the logcollector to monitor a 'journald' with only-future-event = no and - manipulate the journalctl logs to send logs older than the current logcollector start time. - Finally, the test will verify that the Wazuh-logcollector read the logs, and the Wazuh API returns the correct values - for the 'localfile' section. - - wazuh_min_version: 4.9.0 - - parameters: - - test_configuration: - type: data - brief: Configuration used in the test. - - test_metadata: - type: data - brief: Configuration cases. - - truncate_monitored_files: - type: fixture - brief: Reset the 'ossec.log' file and start a new monitor. - - configure_local_internal_options: - type: fixture - brief: Configure the 'local_internal_options' section in the 'internal_options.conf' file. - - remove_all_localfiles_wazuh_config: - type: fixture - brief: Remove all 'localfile' sections from the Wazuh configuration. - - reset_ofe_status: - type: fixture - brief: Reset the 'only-future-event' status in the 'status' file. - - set_wazuh_configuration: - type: fixture - brief: Configure a custom environment for testing. - - pre_send_journal_logs: - type: fixture - brief: Send logs to the journalctl before the logcollector starts. - - daemons_handler: - type: fixture - brief: Handler of Wazuh daemons. - - wait_for_logcollector_start: - type: fixture - brief: Wait for the logcollector startup log. - - assertions: - - Verify that the Wazuh component (agent or manager) can start when the 'jouranld' tag is used. - - Verify that the Wazuh component (agent or manager) can read the logs from the 'journald' log format and the logs older than the current logcollector start time. - - input_description: A configuration file with journal block settings and the expected log messages. - Those include configuration settings for `journal` configuration in 'wazuh-logcollector'. - - expected_output: - - Boolean values to indicate the state of the Wazuh component. - - Did not receive the expected "ERROR: Could not EvtSubscribe() for ... which returned ..." event. - - tags: - - invalid_settings - ''' - - # Logcollector always start, regardless of the configuration - utils.check_logcollector_socket() - - # Send log messages to the monitored file - if 'post_input_logs' in test_metadata: - for log_message in test_metadata['post_input_logs']: - send_log_to_journal(log_message) - - # Check the messages in the log file - if 'expected_logs' in test_metadata: - # Append regex to expected logs - for i, log_message in enumerate(test_metadata['expected_logs']): - test_metadata['expected_logs'][i] = f".*logcollector.*{log_message}.*" - assert_list_logs(test_metadata['expected_logs']) - - if 'unexpected_logs' in test_metadata: - # Append regex to unexpected logs - for i, log_message in enumerate(test_metadata['unexpected_logs']): - test_metadata['unexpected_logs'][i] = f".*logcollector.*{log_message}.*" - assert_not_list_logs(test_metadata['unexpected_logs']) - - # Get the localfile list from the runtime configuration - localfile_list = utils.get_localfile_runtime_configuration() - - # Regardless of configuration, there should never be more than one journal block. - if 'journal_disabled' in test_metadata and test_metadata['journal_disabled']: - assert len(localfile_list) == 0, f"Invalid configuration but journal block found." - return - else: - assert len(localfile_list) == 1, f"Invalid configuration. More than one journal block found." - - # Validate the test configuration with the runtime configuration - if 'expected_config' in test_metadata: - assert localfile_list[0] == test_metadata['expected_config'], f"Invalid configuration. Expected: {test_metadata['expected_config']}. Found: {localfile_list[0]}" diff --git a/src/modules/logcollector/tests/integration/utils.py b/src/modules/logcollector/tests/integration/utils.py deleted file mode 100644 index 90ea2038cc..0000000000 --- a/src/modules/logcollector/tests/integration/utils.py +++ /dev/null @@ -1,121 +0,0 @@ -""" -Copyright (C) 2015-2024, Wazuh Inc. -Created by Wazuh, Inc. . -This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 -""" -from os.path import join as path_join - - -from wazuh_testing.tools.monitors import file_monitor -from wazuh_testing.utils import callbacks -from wazuh_testing.constants.paths.logs import WAZUH_LOG_PATH - -def build_tc_config(tc_conf_list): - ''' - Build the configuration for each test case. - - Args: - tc_conf_list (list): List of test case localfile configurations. - - Returns: - list: List of configurations for each test case. - ''' - - config_list = [] # List of configurations for each test case - - # Build the configuration for each test case - for tc_config in tc_conf_list: - sections = [] - # Build the configuration for each localfile - for i, elements in enumerate(tc_config, start=1): - section = { - "section": "localfile", - "attributes": [{"unique_id": str(i)}], # Prevents duplicated localfiles sections - "elements": elements - } - sections.append(section) - - config_list.append({"sections": sections}) - - return config_list - - -def assert_list_logs(regex_messages: list): - ''' - Asserts if the expected messages are present in the log file in the expected order. - - Args: - regex_messages (list): List of regular expressions to search in the log file. - ''' - - def get_epoch_timestamp(log): - ''' - Get the timestamp of the log message in epoch format. - - Args: - log (str): Log message. - - Returns: - int: Timestamp of the log message. - ''' - from datetime import datetime - - date_str = log.split(' ')[0] + ' ' + log.split(' ')[1] - return int(datetime.strptime(date_str, '%Y/%m/%d %H:%M:%S').timestamp()) - - - # Monitor the ossec.log file - log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - - last_log_timestamp = 0 - - for regex in regex_messages: - log_monitor.start(callback=callbacks.generate_callback(regex)) - assert (log_monitor.callback_result != None), f'Did not receive the expected messages in the log file. Expected: {regex}' - - log_timestamp = get_epoch_timestamp(log_monitor.callback_result) - assert (log_timestamp >= last_log_timestamp), f'The logs are not in the expected order. Expected: {regex}' - last_log_timestamp = log_timestamp - -def assert_not_list_logs(regex_messages: list): - ''' - Asserts if the expected messages are not present in the log file, the timeout is set to 0. - - The function will return an assertion error if the expected messages are found in the log file. - The function dont wait for the messages to appear in the log file, reads the current content of the file. - - Args: - regex_messages (list): List of regular expressions to search in the log file. - ''' - - # Monitor the ossec.log file - log_monitor = file_monitor.FileMonitor(WAZUH_LOG_PATH) - - for regex in regex_messages: - log_monitor.start(callback=callbacks.generate_callback(regex), timeout=0) - assert (log_monitor.callback_result == None), f'Received the expected messages in the log file. Expected: {regex}' - -# Journal functions -def send_log_to_journal(conf_message: dict): - ''' - Send a log message to the journal. - - This function sends a log message to the journal using the 'logger' command to avoid use third-party libraries. - Args: - conf_message (dic): The message to send to the journal, with the following fields: - - message (str): The message to send to the journal. - - tag (str): The tag of the message. Default is 'wazuh-itest'. - - priority (str): The priority of the message. Default is 'info'. - ''' - import subprocess as sp - - # Send the log message to the journal - try: - tag = conf_message['tag'] if 'tag' in conf_message else 'wazuh-itest' - priority = conf_message['priority'] if 'priority' in conf_message else 'info' - message = conf_message['message'] - if not message: - raise Exception("The message field is required in the configuration.") - sp.run(['logger', '-t', tag, '-p', priority, message], check=True) - except sp.CalledProcessError as e: - raise Exception(f"Error sending log message to journal: {e}") diff --git a/src/modules/logcollector/tests/unit/CMakeLists.txt b/src/modules/logcollector/tests/unit/CMakeLists.txt new file mode 100644 index 0000000000..5f1b910762 --- /dev/null +++ b/src/modules/logcollector/tests/unit/CMakeLists.txt @@ -0,0 +1,25 @@ +find_package(GTest CONFIG REQUIRED) + +FILE(GLOB LOGCOLLECTOR_TEST_SOURCES *_test.cpp) + +add_executable(logcollector_unit_tests ${LOGCOLLECTOR_TEST_SOURCES}) +configure_target(logcollector_unit_tests) + +target_include_directories(logcollector_unit_tests PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR}/../../src +) + +target_link_libraries(logcollector_unit_tests PRIVATE + Logcollector + MultiTypeQueue + ConfigurationParser + Logger + GTest::gtest + GTest::gtest_main + GTest::gmock + GTest::gmock_main) + +# TO DO: Fix unit tests for Apple +if(NOT APPLE) + add_test(NAME LogcollectorUnitTests COMMAND logcollector_unit_tests) +endif() diff --git a/src/modules/logcollector/tests/unit/file_reader_test.cpp b/src/modules/logcollector/tests/unit/file_reader_test.cpp new file mode 100644 index 0000000000..b443ece8c4 --- /dev/null +++ b/src/modules/logcollector/tests/unit/file_reader_test.cpp @@ -0,0 +1,98 @@ +#include +#include +#include +#include + +#include +#include +#include "queue_mock.hpp" +#include "tempfile.hpp" +#include "logcollector_mock.hpp" + +using namespace logcollector; + +class MockCallback { +public: + MOCK_METHOD(void, Call, (const std::string &), ()); +}; + +TEST(Localfile, FullLine) +{ + auto stream = std::make_shared(); + auto lf = Localfile(stream); + + *stream << "Hello World\n"; + auto answer = lf.NextLog(); + ASSERT_EQ(answer, "Hello World"); +} + +TEST(Localfile, PartialLine) +{ + auto stream = std::make_shared(); + auto lf = Localfile(stream); + + *stream << "Hello World"; + auto answer = lf.NextLog(); + ASSERT_EQ(answer, ""); + + *stream << "\n"; + answer = lf.NextLog(); + ASSERT_EQ(answer, "Hello World"); +} + +TEST(Localfile, OpenError) +{ + try { + auto lf = Localfile("unexisting.file"); + FAIL() << "Expected OpenError"; + } catch (OpenError & err) { + ASSERT_STREQ(err.what(), "Cannot open file: unexisting.file"); + } +} + +TEST(Localfile, Rotated) +{ + auto fileA = TempFile("/tmp/A.log", "Hello World"); + auto lf = Localfile("/tmp/A.log"); + + lf.SeekEnd(); + ASSERT_FALSE(lf.Rotated()); + + fileA.Truncate(); + ASSERT_TRUE(lf.Rotated()); +} + +TEST(Localfile, Deleted) +{ + auto fileA = std::make_unique("/tmp/A.log", "Hello World"); + auto lf = Localfile("/tmp/A.log"); + + fileA.reset(); + + try { + lf.Rotated(); + FAIL() << "Expected OpenError"; + } catch (OpenError & err) { + ASSERT_STREQ(err.what(), "Cannot open file: /tmp/A.log"); + } +} + +TEST(FileReader, Reload) { + spdlog::default_logger()->sinks().clear(); + MockCallback mockCallback; + + EXPECT_CALL(mockCallback, Call("/tmp/A.log")).Times(1); + EXPECT_CALL(mockCallback, Call("/tmp/B.log")).Times(1); + EXPECT_CALL(mockCallback, Call("/tmp/C.log")).Times(1); + EXPECT_CALL(mockCallback, Call("/tmp/D.log")).Times(1); + + auto a = TempFile("/tmp/A.log"); + auto b = TempFile("/tmp/B.log"); + auto c = TempFile("/tmp/C.log"); + + FileReader reader(Logcollector::Instance(), "/tmp/*.log", 500, 60000); //NOLINT + reader.Reload([&](Localfile& lf) { mockCallback.Call(lf.Filename()); }); + + auto d = TempFile("/tmp/D.log"); + reader.Reload([&](Localfile& lf) { mockCallback.Call(lf.Filename()); }); +} diff --git a/src/modules/logcollector/tests/unit/logcollector_mock.hpp b/src/modules/logcollector/tests/unit/logcollector_mock.hpp new file mode 100644 index 0000000000..d480db3c1f --- /dev/null +++ b/src/modules/logcollector/tests/unit/logcollector_mock.hpp @@ -0,0 +1,27 @@ +#pragma once + +#include +#include +#include + +using namespace logcollector; + +class LogcollectorMock : public Logcollector { +public: + LogcollectorMock() { + ON_CALL(*this, AddReader(::testing::_)) + .WillByDefault(::testing::Invoke([this](std::shared_ptr reader) { + this->Logcollector::AddReader(reader); + }) + ); + } + + void SetupFileReader(std::shared_ptr configurationParser) { + Logcollector::SetupFileReader(configurationParser); + } + + MOCK_METHOD(void, AddReader, (std::shared_ptr reader), (override)); + MOCK_METHOD(void, SendMessage, (const std::string& location, const std::string& log, + const std::string& collectorType), (override)); + MOCK_METHOD(void, EnqueueTask, (Awaitable task), (override)); +}; diff --git a/src/modules/logcollector/tests/unit/logcollector_test.cpp b/src/modules/logcollector/tests/unit/logcollector_test.cpp new file mode 100644 index 0000000000..659851452e --- /dev/null +++ b/src/modules/logcollector/tests/unit/logcollector_test.cpp @@ -0,0 +1,44 @@ +#include +#include "logcollector_mock.hpp" +#include +#include +#include "tempfile.hpp" + +using namespace configuration; +using namespace logcollector; + +TEST(Logcollector, AddReader) { + auto logcollector = LogcollectorMock(); + auto a = TempFile("/tmp/A.log"); + auto fileReader = std::make_shared(logcollector, "/tmp/*.log", 500, 60000); //NOLINT + + EXPECT_CALL(logcollector, EnqueueTask(::testing::_)).Times(1); + EXPECT_CALL(logcollector, AddReader(::testing::_)); + + logcollector.AddReader(fileReader); +} + +TEST(Logcollector, SetupFileReader) { + auto constexpr CONFIG_RAW = R"( + logcollector: + localfiles: + - /var/log/auth.log + - /var/log/syslog + reload_interval: 60 + file_wait: 500 + )"; + + std::shared_ptr capturedReader1; + std::shared_ptr capturedReader2; + auto logcollector = LogcollectorMock(); + auto config = std::make_shared(std::string(CONFIG_RAW)); + + EXPECT_CALL(logcollector, AddReader(::testing::_)).Times(2) + .WillOnce(::testing::SaveArg<0>(&capturedReader1)) + .WillOnce(::testing::SaveArg<0>(&capturedReader2)); + + logcollector.SetupFileReader(config); + + ASSERT_NE(capturedReader1, nullptr); + ASSERT_NE(capturedReader2, nullptr); +} diff --git a/src/modules/logcollector/tests/unit/queue_mock.hpp b/src/modules/logcollector/tests/unit/queue_mock.hpp new file mode 100644 index 0000000000..bffde325b5 --- /dev/null +++ b/src/modules/logcollector/tests/unit/queue_mock.hpp @@ -0,0 +1,36 @@ +#pragma once + +#include +#include + +class QueueMock : public IMultiTypeQueue { +public: + MOCK_METHOD(int, push, (Message message, bool shouldWait), (override)); + MOCK_METHOD(boost::asio::awaitable, pushAwaitable, (Message message), + (override)); + MOCK_METHOD(int, push, (std::vector messages), (override)); + MOCK_METHOD(Message, getNext, + (MessageType type, const std::string module, + const std::string moduleType), + (override)); + MOCK_METHOD(boost::asio::awaitable>, getNextNAwaitable, + (MessageType type, int messageQuantity, + const std::string moduleName, const std::string moduleType), + (override)); + MOCK_METHOD(std::vector, getNextN, + (MessageType type, int messageQuantity, + const std::string moduleName, const std::string moduleType), + (override)); + MOCK_METHOD(bool, pop, (MessageType type, const std::string moduleName), + (override)); + MOCK_METHOD(int, popN, + (MessageType type, int messageQuantity, + const std::string moduleName), + (override)); + MOCK_METHOD(bool, isEmpty, (MessageType type, const std::string moduleName), + (override)); + MOCK_METHOD(bool, isFull, (MessageType type, const std::string moduleName), + (override)); + MOCK_METHOD(int, storedItems, + (MessageType type, const std::string moduleName), (override)); +}; diff --git a/src/modules/logcollector/tests/unit/tempfile.hpp b/src/modules/logcollector/tests/unit/tempfile.hpp new file mode 100644 index 0000000000..0e4bc2986d --- /dev/null +++ b/src/modules/logcollector/tests/unit/tempfile.hpp @@ -0,0 +1,38 @@ +#pragma once + +#include + +class TempFile { +public: + TempFile(std::string path, const std::string& str = "") : + m_path(std::move(path)), + m_stream(m_path) + { + if (!str.empty()) { + Write(str); + } + } + + void Write(const std::string& str) { + m_stream.write(str.data(), static_cast(str.size())); + m_stream.flush(); + } + + void Truncate() { + std::filesystem::resize_file(m_path, 0); + m_stream.seekp(0); + } + + ~TempFile() { + std::error_code ec; + std::filesystem::remove(m_path, ec); + } + + const std::string& Path() const { + return m_path; + } + +private: + std::string m_path; + std::ofstream m_stream; +}; diff --git a/src/modules/logcollector/tests/unit/tests/CMakeLists.txt b/src/modules/logcollector/tests/unit/tests/CMakeLists.txt deleted file mode 100644 index 4816b5402d..0000000000 --- a/src/modules/logcollector/tests/unit/tests/CMakeLists.txt +++ /dev/null @@ -1,166 +0,0 @@ -# Generate logcollector library -file(GLOB logcollector_files - ${SRC_FOLDER}/logcollector/*.o) -add_library(LOGCOLLECTOR_O STATIC ${logcollector_files}) -set_source_files_properties( - ${logcollector_files} - PROPERTIES - EXTERNAL_OBJECT true - GENERATED true -) -set_target_properties( - LOGCOLLECTOR_O - PROPERTIES - LINKER_LANGUAGE C -) -target_link_libraries(LOGCOLLECTOR_O ${WAZUHLIB} ${WAZUHEXT} -lpthread) - -if(${TARGET} STREQUAL "winagent") - link_directories(${SRC_FOLDER}/syscheckd/build/bin) -endif(${TARGET} STREQUAL "winagent") - -#include wrappers -include(${SRC_FOLDER}/unit_tests/wrappers/wazuh/shared/shared.cmake) - -# Generate logcollector tests -if(${TARGET} STREQUAL "winagent") - list(APPEND logcollector_names "test_read_win_event_channel") - list(APPEND logcollector_flags "-Wl,--wrap,wstr_split -Wl,--wrap=syscom_dispatch -Wl,--wrap=Start_win32_Syscheck \ - -Wl,--wrap=is_fim_shutdown -Wl,--wrap,convert_windows_string \ - ${DEBUG_OP_WRAPPERS}") -else() - list(APPEND logcollector_names "test_logcollector") - list(APPEND logcollector_flags "-Wl,--wrap,OS_SHA1_Stream -Wl,--wrap,merror_exit \ - -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets -Wl,--wrap,fread -Wl,--wrap,fseek \ - -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fgetpos \ - -Wl,--wrap,cJSON_CreateObject -Wl,--wrap,cJSON_AddArrayToObject -Wl,--wrap,cJSON_AddStringToObject \ - -Wl,--wrap,cJSON_AddStringToObject -Wl,--wrap,cJSON_AddItemToArray -Wl,--wrap,pthread_rwlock_wrlock \ - -Wl,--wrap,cJSON_PrintUnformatted -Wl,--wrap,cJSON_Delete -Wl,--wrap,fopen -Wl,--wrap,clearerr \ - -Wl,--wrap,cJSON_GetObjectItem -Wl,--wrap,cJSON_GetArraySize -Wl,--wrap,cJSON_GetArrayItem \ - -Wl,--wrap,cJSON_GetStringValue -Wl,--wrap,OS_SHA1_File_Nbytes -Wl,--wrap,fileno -Wl,--wrap,fstat \ - -Wl,--wrap,pthread_rwlock_rdlock -Wl,--wrap,pthread_rwlock_unlock -Wl,--wrap,wfopen \ - -Wl,--wrap,stat -Wl,--wrap=fgetc -Wl,--wrap=w_fseek -Wl,--wrap,w_ftell \ - -Wl,--wrap,OS_SHA1_File_Nbytes_with_fp_check -Wl,--wrap,cJSON_CreateString \ - -Wl,--wrap,cJSON_AddItemToObject -Wl,--wrap,wpclose -Wl,--wrap,kill \ - -Wl,--wrap,so_get_function_sym -Wl,--wrap,so_get_module_handle -Wl,--wrap,popen ${DEBUG_OP_WRAPPERS} \ - ${HASH_OP_WRAPPERS}") - - list(APPEND logcollector_names "test_read_multiline_regex") - list(APPEND logcollector_flags "-Wl,--wrap,fopen -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets -Wl,--wrap,popen \ - -Wl,--wrap,fread -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fseek -Wl,--wrap=fgetc\ - -Wl,--wrap,time -Wl,--wrap,can_read -Wl,--wrap,w_ftell -Wl,--wrap,w_expression_match \ - -Wl,--wrap,w_msg_hash_queues_push -Wl,--wrap,fgetpos -Wl,--wrap=w_update_file_status \ - -Wl,--wrap=w_get_hash_context -Wl,--wrap=_fseeki64 -Wl,--wrap=OS_SHA1_Stream \ - -Wl,--wrap=w_fseek -Wl,--wrap,_mdebug2 -Wl,--wrap,wfopen") - - list(APPEND logcollector_names "test_localfile_config") - list(APPEND logcollector_flags "-Wl,--wrap,fopen -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets -Wl,--wrap,wfopen \ - -Wl,--wrap,fread -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fseek -Wl,--wrap=fgetc\ - -Wl,--wrap,w_get_attr_val_by_name -Wl,--wrap,fgetpos -Wl,--wrap,popen ${DEBUG_OP_WRAPPERS} \ - -Wl,--wrap,cJSON_CreateObject -Wl,--wrap,cJSON_AddStringToObject \ - -Wl,--wrap,cJSON_AddBoolToObject -Wl,--wrap,cJSON_Delete -Wl,--wrap,cJSON_CreateArray \ - -Wl,--wrap,cJSON_AddItemToArray") - - list(APPEND logcollector_names "test_state") - list(APPEND logcollector_flags "-Wl,--wrap,fopen -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets \ - -Wl,--wrap,fread -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fseek -Wl,--wrap=fgetc \ - -Wl,--wrap,fgetpos -Wl,--wrap,time -Wl,--wrap,wfopen \ - -Wl,--wrap,cJSON_CreateObject -Wl,--wrap,cJSON_CreateArray \ - -Wl,--wrap,cJSON_AddStringToObject -Wl,--wrap,cJSON_AddNumberToObject \ - -Wl,--wrap,cJSON_AddItemToArray -Wl,--wrap,cJSON_AddItemToObject \ - -Wl,--wrap,pthread_mutex_unlock -Wl,--wrap,pthread_mutex_lock \ - -Wl,--wrap,cJSON_Delete -Wl,--wrap,cJSON_Print -Wl,--wrap,getDefine_Int \ - -Wl,--wrap,FOREVER -Wl,--wrap,sleep -Wl,--wrap,getpid -Wl,--wrap,cJSON_Duplicate \ - -Wl,--wrap,strftime -Wl,--wrap,popen ${DEBUG_OP_WRAPPERS} ${HASH_OP_WRAPPERS}") - - list(APPEND logcollector_names "test_lccom") - list(APPEND logcollector_flags "-Wl,--wrap,w_logcollector_state_get -Wl,--wrap,cJSON_CreateObject \ - -Wl,--wrap,cJSON_AddNumberToObject \ - -Wl,--wrap,cJSON_AddObjectToObject -Wl,--wrap,cJSON_AddStringToObject \ - -Wl,--wrap,cJSON_AddItemToObject -Wl,--wrap,cJSON_AddFalseToObject -Wl,--wrap,cJSON_PrintUnformatted \ - -Wl,--wrap,cJSON_Delete -Wl,--wrap,_mwarn -Wl,--wrap,stat -Wl,--wrap,_mdebug2 \ - -Wl,--wrap,difftime -Wl,--wrap,strftime ${DEBUG_OP_WRAPPERS}") - - list(APPEND logcollector_names "test_macos_log") - list(APPEND logcollector_flags "-Wl,--wrap,wpopenv -Wl,--wrap,fileno -Wl,--wrap,fcntl -Wl,--wrap,_merror \ - -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets -Wl,--wrap,fgetpos \ - -Wl,--wrap,fopen -Wl,--wrap,fread -Wl,--wrap,fseek -Wl,--wrap,fwrite \ - -Wl,--wrap,remove -Wl,--wrap,fgetc -Wl,--wrap,wpclose -Wl,--wrap,access \ - -Wl,--wrap,getpid -Wl,--wrap,_minfo -Wl,--wrap,pthread_rwlock_wrlock \ - -Wl,--wrap,pthread_rwlock_unlock -Wl,--wrap,pthread_rwlock_rdlock \ - -Wl,--wrap,so_get_function_sym -Wl,--wrap,so_get_module_handle -Wl,--wrap,wfopen \ - -Wl,--wrap,_mdebug1 -Wl,--wrap,w_get_os_codename -Wl,--wrap,w_get_process_childs -Wl,--wrap,popen") - - list(APPEND logcollector_names "test_read_macos") - list(APPEND logcollector_flags "-Wl,--wrap,w_expression_match -Wl,--wrap,can_read -Wl,--wrap,fgets \ - -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgetpos -Wl,--wrap,_mdebug2\ - -Wl,--wrap,fopen -Wl,--wrap,fread -Wl,--wrap,fseek -Wl,--wrap,fwrite -Wl,--wrap,popen \ - -Wl,--wrap,remove -Wl,--wrap,fgetc -Wl,--wrap,_merror -Wl,--wrap,waitpid \ - -Wl,--wrap,w_msg_hash_queues_push -Wl,--wrap,_mdebug1 -Wl,--wrap,_minfo \ - -Wl,--wrap,kill -Wl,--wrap,wpopenv -Wl,--wrap,wpclose -Wl,--wrap,strerror \ - -Wl,--wrap,time -Wl,--wrap,so_get_function_sym -Wl,--wrap,so_get_module_handle \ - -Wl,--wrap,isDebug -Wl,--wrap,w_get_first_child -Wl,--wrap,w_is_macos_sierra \ - -Wl,--wrap,w_macos_set_log_settings -Wl,--wrap,w_macos_set_last_log_timestamp \ - -Wl,--wrap,w_macos_set_is_valid_data -Wl,--wrap,wfopen") - - list(APPEND logcollector_names "test_read_multiline") - list(APPEND logcollector_flags "-Wl,--wrap,fopen -Wl,--wrap,popen -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets \ - -Wl,--wrap,fread -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fseek -Wl,--wrap=fgetc \ - -Wl,--wrap,time -Wl,--wrap,can_read -Wl,--wrap,w_ftell -Wl,--wrap,w_expression_match \ - -Wl,--wrap,fgetpos -Wl,--wrap=w_update_file_status -Wl,--wrap,_merror \ - -Wl,--wrap=w_get_hash_context -Wl,--wrap=_fseeki64 -Wl,--wrap=OS_SHA1_Stream \ - -Wl,--wrap=w_fseek -Wl,--wrap,wfopen") - - list(APPEND logcollector_names "test_read_journal") - list(APPEND logcollector_flags "-Wl,--wrap,_mwarn -Wl,--wrap,fgets -Wl,--wrap,remove -Wl,--wrap,fgetc \ - -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgetpos -Wl,--wrap,_mdebug2\ - -Wl,--wrap,fopen -Wl,--wrap,fread -Wl,--wrap,fseek -Wl,--wrap,fwrite -Wl,--wrap,popen \ - -Wl,--wrap,w_journal_context_create -Wl,--wrap,w_journal_context_seek_most_recent \ - -Wl,--wrap,w_journal_context_seek_timestamp -Wl,--wrap,w_journal_entry_dump \ - -Wl,--wrap,w_journal_entry_to_string -Wl,--wrap,w_journal_entry_free \ - -Wl,--wrap,w_journal_context_next_newest_filtered -Wl,--wrap,_merror -Wl,--wrap,_minfo \ - -Wl,--wrap,_mdebug1 -Wl,--wrap,_mdebug2 -Wl,--wrap,isDebug -Wl,--wrap,w_msg_hash_queues_push \ - -Wl,--wrap,can_read") - - list(APPEND logcollector_names "test_journal_log") - list(APPEND logcollector_flags "-Wl,--wrap,stat -Wl,--wrap,_mwarn -Wl,--wrap,dlsym -Wl,--wrap,dlerror -Wl,--wrap,gettimeofday \ - -Wl,--wrap,_mdebug1 -Wl,--wrap,_mdebug2 -Wl,--wrap,isDebug \ - -Wl,--wrap,fopen -Wl,--wrap,popen -Wl,--wrap,fclose -Wl,--wrap,fflush -Wl,--wrap,fgets \ - -Wl,--wrap,fread -Wl,--wrap,fwrite -Wl,--wrap,remove -Wl,--wrap,fseek -Wl,--wrap=fgetc \ - -Wl,--wrap,fgetpos -Wl,--wrap,gmtime_r -Wl,--wrap,getline -Wl,--wrap,dlopen -Wl,--wrap,dlclose \ - -Wl,--wrap,sd_journal_open -Wl,--wrap,sd_journal_close -Wl,--wrap,sd_journal_previous \ - -Wl,--wrap,sd_journal_next -Wl,--wrap,sd_journal_seek_tail \ - -Wl,--wrap,sd_journal_seek_realtime_usec -Wl,--wrap,sd_journal_get_realtime_usec \ - -Wl,--wrap,sd_journal_get_data -Wl,--wrap,sd_journal_restart_data \ - -Wl,--wrap,sd_journal_enumerate_data -Wl,--wrap,sd_journal_get_cutoff_realtime_usec \ - -Wl,--wrap,cJSON_CreateObject -Wl,--wrap,cJSON_AddArrayToObject -Wl,--wrap,cJSON_AddStringToObject \ - -Wl,--wrap,cJSON_AddStringToObject -Wl,--wrap,cJSON_AddItemToArray -Wl,--wrap,pthread_rwlock_wrlock \ - -Wl,--wrap,cJSON_PrintUnformatted -Wl,--wrap,cJSON_Delete") -endif() - -list(LENGTH logcollector_names count) -math(EXPR count "${count} - 1") -foreach(counter RANGE ${count}) - list(GET logcollector_names ${counter} logcollector_test_name) - list(GET logcollector_flags ${counter} logcollector_test_flags) - add_executable(${logcollector_test_name} ${logcollector_test_name}.c) - target_link_libraries( - ${logcollector_test_name} - ${WAZUHLIB} - ${WAZUHEXT} - LOGCOLLECTOR_O - ${TEST_DEPS} - ) - - if(${TARGET} STREQUAL "winagent") - target_link_libraries(${logcollector_test_name} fimdb) - endif(${TARGET} STREQUAL "winagent") - - if(NOT logcollector_test_flags STREQUAL " ") - target_link_libraries( - ${logcollector_test_name} - ${logcollector_test_flags} - ) - endif() - add_test(NAME ${logcollector_test_name} COMMAND ${logcollector_test_name}) -endforeach() diff --git a/src/modules/logcollector/tests/unit/tests/json_data.h b/src/modules/logcollector/tests/unit/tests/json_data.h deleted file mode 100644 index b6c69b99ce..0000000000 --- a/src/modules/logcollector/tests/unit/tests/json_data.h +++ /dev/null @@ -1,60 +0,0 @@ -#ifndef _JSON_DATA_H -#define _JSON_DATA_H - -//global full json -char *global_outjson = "{\"error\":0,\"remaining\":false,\"json_updated\":false,\"data\":{\"global\":{\"start\":\"2023-06-28 16:31:45\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"last -n 20\",\"events\":25,\"bytes\":20175,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-1234567-689.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":11,\"bytes\":925,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":5,\"bytes\":495,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-977.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-902.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-875.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-87.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-838.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-800.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-773.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-736.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-671.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-634.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-532.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-468.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-430.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-366.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-329.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-264.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-227.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-162.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-125.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-12.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-968.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-930.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-866.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-829.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-78.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-764.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-727.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-662.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-625.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-598.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-560.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-523.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-496.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-459.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-421.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-40.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-394.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-357.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-292.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-255.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-218.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-190.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-153.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-116.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-959.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-921.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-894.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-857.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-792.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-755.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-718.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-690.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-69.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-653.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-616.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-589.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-551.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-514.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-487.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-412.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-385.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-348.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-310.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-31.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-283.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-246.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-209.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-181.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-144.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-107.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-987.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-97.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-912.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-885.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-848.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-810.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-8.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-783.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-746.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-709.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-681.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-644.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-607.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-542.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-505.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-478.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-440.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-403.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-376.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-339.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-301.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-274.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-237.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-22.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-172.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-135.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-978.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-940.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-903.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-88.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-876.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-839.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-801.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-774.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-737.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-672.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-635.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-570.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-533.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-50.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-469.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-431.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-367.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-265.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-228.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-163.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-13.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-126.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-969.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-931.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-867.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-79.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-765.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-728.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-663.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-626.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-599.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-561.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-524.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-497.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-422.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-41.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-395.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-358.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-320.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-293.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-256.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-219.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-191.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-154.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-117.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-922.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-895.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-858.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-820.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-793.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-756.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-719.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-691.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-654.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-617.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-552.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-515.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-488.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-450.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-413.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-386.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-349.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-32.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-311.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-284.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-247.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-182.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-145.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-108.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-988.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-98.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-950.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-913.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-9.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-886.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-849.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-811.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-784.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-747.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-682.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-645.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-608.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-60.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-580.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-543.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-506.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-479.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-441.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-404.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-377.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-302.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-275.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-238.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-23.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-200.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-173.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-136.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-979.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-941.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-904.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-89.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-877.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-802.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-775.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-738.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-700.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-673.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-636.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-571.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-534.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-51.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-432.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-368.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-330.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-266.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-229.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-164.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-14.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-127.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-932.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-868.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-830.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-766.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-729.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-664.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-627.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-562.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-525.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-498.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-460.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-423.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-42.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-396.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-359.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-321.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-294.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-257.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-192.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-155.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-118.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-960.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-923.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-896.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-859.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-821.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-794.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-757.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-70.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-692.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-655.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-618.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-590.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-553.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-516.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-489.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-451.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-414.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-387.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-33.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-312.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-285.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-248.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-210.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-183.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-146.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-109.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"netstat listening ports\",\"events\":25,\"bytes\":7625,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-99.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-989.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-951.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-914.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-887.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-812.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-785.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-748.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-710.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-683.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-646.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-61.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-609.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-581.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-544.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-507.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-442.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-405.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-378.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-340.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-303.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-276.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-24.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-239.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-201.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-174.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-137.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-942.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-905.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-878.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-840.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-803.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-776.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-739.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-701.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-674.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-637.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-572.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-535.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-52.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-470.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-433.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-369.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-331.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-267.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-165.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-15.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-128.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-0.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-970.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-933.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-869.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-831.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-80.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-767.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-665.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-628.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-563.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-526.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-499.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-461.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-43.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-424.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-397.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-322.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-295.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-258.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-220.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-193.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-156.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-119.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-961.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-924.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-897.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-822.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-795.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-758.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-720.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-71.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-693.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-656.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-619.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-591.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-554.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-517.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-452.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-415.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-388.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-350.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-34.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-313.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-286.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-249.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-211.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-184.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-147.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-952.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-915.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-888.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-850.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-813.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-786.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-749.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-711.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-684.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-647.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-62.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-582.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-545.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-508.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-480.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-443.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-406.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-379.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-341.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-304.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-277.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-25.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-202.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-175.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-138.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-100.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-980.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-943.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-906.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-90.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-879.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-841.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-804.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-777.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-702.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-675.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-638.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-600.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-573.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-536.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-53.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-471.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-434.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-332.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-268.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-230.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-166.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-16.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-129.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-971.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-934.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-832.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-81.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-768.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-730.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-666.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-629.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-564.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-527.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-462.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-44.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-425.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-398.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-360.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-323.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-296.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-259.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-221.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-194.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-157.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"df -P\",\"events\":225,\"bytes\":20025,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-962.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-925.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-898.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-860.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-823.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-796.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-759.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-721.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-72.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-694.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-657.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-592.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-555.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-518.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-490.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-453.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-416.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-389.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-351.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-35.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-314.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-287.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-212.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-185.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-148.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-110.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-990.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-953.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-916.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-889.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-851.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-814.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-787.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-712.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-685.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-648.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-63.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-610.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-583.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-546.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-509.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-481.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-444.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-407.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-342.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-305.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-278.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-26.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-240.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-203.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-176.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-139.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-101.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-981.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-944.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-91.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-907.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-842.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-805.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-778.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-740.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-703.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-676.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-639.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-601.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-574.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-54.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-537.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-472.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-435.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-370.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-333.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-269.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-231.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-2.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-17.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-167.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-972.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-935.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-870.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-833.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-82.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-769.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-731.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-667.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-45.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-963.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-926.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-899.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-861.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-824.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-797.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-73.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-722.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-695.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-658.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-620.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-36.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-991.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-954.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-917.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-852.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-815.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-788.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-750.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-713.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-686.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-649.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-64.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-611.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-27.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-102.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-28 18:56:47\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"last -n 20\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-1234567-689.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-977.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-902.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-875.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-87.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-838.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-800.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-773.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-736.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-671.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-634.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-532.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-468.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-430.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-366.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-329.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-264.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-227.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-162.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-125.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-12.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-968.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-930.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-866.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-829.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-78.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-764.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-727.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-662.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-625.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-598.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-560.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-523.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-496.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-459.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-421.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-40.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-394.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-357.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-292.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-255.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-218.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-190.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-153.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-116.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-959.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-921.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-894.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-857.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-792.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-755.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-718.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-690.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-69.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-653.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-616.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-589.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-551.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-514.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-487.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-412.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-385.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-348.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-310.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-31.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-283.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-246.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-209.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-181.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-144.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-107.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-987.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-97.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-912.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-885.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-848.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-810.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-8.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-783.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-746.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-709.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-681.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-644.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-607.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-542.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-505.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-478.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-440.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-403.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-376.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-339.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-301.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-274.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-237.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-22.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-172.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-135.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-978.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-940.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-903.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-88.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-876.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-839.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-801.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-774.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-737.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-672.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-635.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-570.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-533.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-50.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-469.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-431.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-367.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-265.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-228.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-163.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-13.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-126.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-969.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-931.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-867.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-79.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-765.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-728.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-663.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-626.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-599.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-561.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-524.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-497.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-422.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-41.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-395.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-358.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-320.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-293.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-256.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-219.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-191.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-154.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-117.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-922.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-895.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-858.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-820.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-793.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-756.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-719.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-691.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-654.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-617.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-552.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-515.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-488.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-450.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-413.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-386.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-349.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-32.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-311.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-284.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-247.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-182.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-145.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-108.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-988.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-98.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-950.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-913.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-9.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-886.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-849.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-811.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-784.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-747.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-682.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-645.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-608.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-60.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-580.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-543.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-506.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-479.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-441.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-404.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-377.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-302.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-275.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-238.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-23.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-200.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-173.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-136.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-979.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-941.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-904.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-89.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-877.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-802.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-775.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-738.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-700.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-673.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-636.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-571.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-534.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-51.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-432.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-368.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-330.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-266.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-229.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-164.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-14.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-127.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-932.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-868.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-830.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-766.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-729.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-664.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-627.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-562.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-525.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-498.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-460.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-423.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-42.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-396.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-359.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-321.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-294.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-257.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-192.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-155.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-118.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-960.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-923.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-896.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-859.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-821.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-794.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-757.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-70.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-692.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-655.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-618.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-590.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-553.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-516.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-489.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-451.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-414.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-387.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-33.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-312.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-285.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-248.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-210.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-183.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-146.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-109.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"netstat listening ports\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-99.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-989.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-951.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-914.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-887.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-812.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-785.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-748.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-710.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-683.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-646.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-61.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-609.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-581.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-544.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-507.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-442.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-405.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-378.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-340.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-303.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-276.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-24.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-239.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-201.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-174.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-137.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-942.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-905.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-878.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-840.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-803.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-776.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-739.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-701.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-674.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-637.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-572.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-535.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-52.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-470.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-433.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-369.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-331.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-267.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-165.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-15.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-128.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-0.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-970.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-933.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-869.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-831.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-80.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-767.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-665.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-628.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-563.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-526.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-499.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-461.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-43.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-424.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-397.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-322.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-295.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-258.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-220.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-193.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-156.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-119.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-961.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-924.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-897.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-822.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-795.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-758.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-720.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-71.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-693.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-656.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-619.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-591.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-554.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-517.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-452.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-415.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-388.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-350.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-34.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-313.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-286.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-249.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-211.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-184.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-147.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-952.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-915.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-888.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-850.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-813.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-786.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-749.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-711.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-684.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-647.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-62.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-582.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-545.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-508.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-480.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-443.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-406.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-379.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-341.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-304.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-277.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-25.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-202.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-175.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-138.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-100.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-980.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-943.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-906.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-90.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-879.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-841.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-804.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-777.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-702.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-675.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-638.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-600.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-573.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-536.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-53.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-471.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-434.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-332.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-268.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-230.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-166.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-16.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-129.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-971.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-934.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-832.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-81.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-768.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-730.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-666.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-629.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-564.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-527.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-462.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-44.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-425.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-398.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-360.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-323.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-296.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-259.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-221.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-194.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-157.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"df -P\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-962.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-925.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-898.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-860.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-823.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-796.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-759.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-721.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-72.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-694.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-657.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-592.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-555.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-518.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-490.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-453.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-416.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-389.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-351.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-35.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-314.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-287.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-212.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-185.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-148.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-110.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-990.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-953.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-916.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-889.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-851.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-814.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-787.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-712.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-685.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-648.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-63.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-610.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-583.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-546.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-509.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-481.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-444.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-407.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-342.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-305.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-278.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-26.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-240.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-203.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-176.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-139.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-101.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-981.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-944.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-91.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-907.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-842.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-805.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-778.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-740.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-703.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-676.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-639.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-601.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-574.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-54.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-537.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-472.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-435.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-370.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-333.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-269.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-231.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-2.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-17.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-167.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-972.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-935.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-870.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-833.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-82.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-769.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-731.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-667.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-45.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-963.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-926.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-899.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-861.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-824.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-797.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-73.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-722.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-695.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-658.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-620.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-36.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-991.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-954.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-917.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-852.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-815.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-788.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-750.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-713.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-686.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-649.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-64.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-611.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-27.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-102.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//reponse first block -char *outjson_block1 = "{\"error\":0,\"remaining\":true ,\"json_updated\":false,\"data\":{\"global\":{\"start\":\"2023-06-28 16:31:45\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"last -n 20\",\"events\":25,\"bytes\":20175,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-1234567-689.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":11,\"bytes\":925,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":5,\"bytes\":495,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-977.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-902.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-875.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-87.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-838.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-800.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-773.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-736.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-671.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-634.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-532.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-468.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-430.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-366.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-329.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-264.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-227.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-162.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-125.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-12.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-968.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-930.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-866.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-829.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-78.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-764.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-727.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-662.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-625.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-598.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-560.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-523.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-496.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-459.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-421.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-40.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-394.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-357.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-292.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-255.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-218.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-190.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-153.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-116.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-959.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-921.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-894.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-857.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-792.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-755.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-718.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-690.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-69.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-653.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-616.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-589.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-551.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-514.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-487.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-412.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-385.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-348.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-310.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-31.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-283.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-246.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-209.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-181.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-144.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-107.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-987.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-97.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-912.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-885.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-848.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-810.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-8.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-783.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-746.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-709.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-681.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-644.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-607.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-542.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-505.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-478.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-440.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-403.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-376.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-339.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-301.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-274.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-237.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-22.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-172.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-135.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-978.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-940.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-903.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-88.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-876.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-839.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-801.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-774.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-737.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-672.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-635.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-570.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-533.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-50.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-469.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-431.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-367.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-265.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-228.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-163.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-13.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-126.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-969.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-931.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-867.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-79.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-765.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-728.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-663.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-626.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-599.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-561.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-524.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-497.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-422.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-41.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-395.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-358.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-320.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-293.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-256.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-219.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-191.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-154.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-117.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-922.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-895.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-858.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-820.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-793.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-756.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-719.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-691.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-654.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-617.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-552.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-515.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-488.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-450.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-413.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-386.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-349.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-32.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-311.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-284.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-247.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-182.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-145.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-108.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-988.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-98.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-950.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-913.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-9.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-886.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-849.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-811.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-784.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-747.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-682.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-645.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-608.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-60.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-580.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-543.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-506.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-479.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-441.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-404.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-377.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-302.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-275.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-238.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-23.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-200.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-173.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-136.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-979.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-941.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-904.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-89.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-877.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-802.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-775.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-738.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-700.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-673.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-636.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-571.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-534.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-51.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-432.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-368.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-330.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-266.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-229.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-164.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-14.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-127.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-932.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-868.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-830.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-766.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-729.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-664.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-627.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-562.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-525.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-498.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-460.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-423.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-42.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-396.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-359.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-321.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-294.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-257.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-192.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-155.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-118.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-960.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-923.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-896.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-859.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-821.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//reponse second block -char *outjson_block2 = "{\"error\":0,\"remaining\":true ,\"json_updated\":false,\"data\":{\"global\":{\"start\":\"2023-06-28 16:31:45\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-794.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-757.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-70.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-692.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-655.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-618.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-590.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-553.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-516.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-489.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-451.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-414.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-387.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-33.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-312.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-285.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-248.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-210.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-183.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-146.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-109.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"netstat listening ports\",\"events\":25,\"bytes\":7625,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-99.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-989.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-951.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-914.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-887.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-812.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-785.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-748.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-710.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-683.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-646.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-61.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-609.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-581.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-544.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-507.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-442.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-405.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-378.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-340.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-303.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-276.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-24.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-239.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-201.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-174.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-137.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-942.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-905.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-878.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-840.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-803.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-776.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-739.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-701.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-674.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-637.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-572.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-535.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-52.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-470.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-433.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-369.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-331.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-267.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-165.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-15.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-128.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-0.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-970.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-933.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-869.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-831.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-80.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-767.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-665.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-628.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-563.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-526.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-499.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-461.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-43.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-424.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-397.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-322.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-295.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-258.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-220.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-193.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-156.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-119.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-961.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-924.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-897.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-822.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-795.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-758.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-720.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-71.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-693.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-656.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-619.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-591.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-554.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-517.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-452.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-415.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-388.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-350.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-34.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-313.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-286.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-249.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-211.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-184.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-147.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-952.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-915.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-888.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-850.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-813.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-786.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-749.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-711.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-684.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-647.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-62.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-582.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-545.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-508.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-480.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-443.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-406.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-379.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-341.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-304.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-277.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-25.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-202.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-175.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-138.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-100.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-980.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-943.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-906.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-90.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-879.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-841.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-804.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-777.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-702.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-675.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-638.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-600.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-573.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-536.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-53.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-471.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-434.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-332.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-268.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-230.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-166.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-16.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-129.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-971.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-934.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-832.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-81.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-768.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-730.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-666.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-629.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-564.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-527.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-462.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-44.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-425.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-398.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-360.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-323.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-296.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-259.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-221.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-194.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-157.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"df -P\",\"events\":225,\"bytes\":20025,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-962.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-925.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-898.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-860.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-823.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-796.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-759.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-721.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-72.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-694.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-657.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-592.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-555.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-518.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-490.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-453.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-416.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-389.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-351.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-35.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-314.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-287.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-212.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-185.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-148.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-110.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-990.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-953.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-916.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-889.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-851.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-814.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-787.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-712.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-685.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-648.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-63.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-610.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-583.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-546.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-509.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-481.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-444.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-407.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-342.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-305.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-278.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-26.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-240.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-203.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-176.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-139.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-101.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-981.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-944.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-91.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-907.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-842.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-805.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-778.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-740.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-703.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-676.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-639.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-601.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-574.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-54.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-537.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-472.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-435.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-370.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-333.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-269.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-231.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-2.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-17.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-167.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-972.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-935.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-870.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-833.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-82.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-769.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-731.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-667.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-45.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-963.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-926.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-899.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-861.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-824.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-797.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-73.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-722.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-695.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-658.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-620.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-36.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-991.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-954.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-917.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-852.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-815.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-788.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-750.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-713.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-686.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-649.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-64.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-611.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-27.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-102.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-28 18:56:47\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"last -n 20\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-1234567-689.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//reponse third block -char *outjson_block3 = "{\"error\":0,\"remaining\":true ,\"json_updated\":false,\"data\":{\"interval\":{\"start\":\"2023-06-28 18:56:47\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-977.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-902.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-875.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-87.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-838.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-800.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-773.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-736.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-671.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-634.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-532.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-468.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-430.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-366.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-329.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-264.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-227.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-162.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-125.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-12.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-968.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-930.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-866.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-829.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-78.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-764.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-727.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-662.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-625.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-598.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-560.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-523.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-496.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-459.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-421.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-40.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-394.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-357.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-292.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-255.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-218.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-190.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-153.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-116.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-959.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-921.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-894.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-857.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-792.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-755.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-718.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-690.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-69.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-653.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-616.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-589.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-551.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-514.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-487.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-412.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-385.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-348.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-310.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-31.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-283.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-246.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-209.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-181.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-144.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-107.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-987.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-97.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-912.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-885.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-848.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-810.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-8.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-783.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-746.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-709.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-681.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-644.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-607.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-542.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-505.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-478.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-440.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-403.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-376.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-339.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-301.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-274.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-237.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-22.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-172.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-135.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-978.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-940.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-903.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-88.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-876.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-839.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-801.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-774.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-737.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-672.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-635.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-570.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-533.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-50.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-469.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-431.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-367.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-265.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-228.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-163.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-13.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-126.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-969.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-931.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-867.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-79.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-765.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-728.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-663.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-626.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-599.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-561.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-524.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-497.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-422.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-41.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-395.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-358.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-320.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-293.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-256.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-219.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-191.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-154.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-117.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-922.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-895.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-858.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-820.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-793.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-756.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-719.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-691.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-654.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-617.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-552.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-515.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-488.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-450.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-413.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-386.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-349.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-32.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-311.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-284.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-247.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-182.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-145.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-108.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-988.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-98.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-950.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-913.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-9.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-886.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-849.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-811.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-784.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-747.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-682.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-645.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-608.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-60.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-580.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-543.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-506.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-479.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-441.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-404.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-377.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-302.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-275.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-238.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-23.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-200.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-173.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-136.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-979.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-941.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-904.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-89.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-877.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-802.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-775.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-738.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-700.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-673.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-636.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-571.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-534.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-51.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-432.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-368.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-330.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-266.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-229.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-164.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-14.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-127.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-932.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-868.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-830.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-766.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-729.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-664.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-627.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-562.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-525.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-498.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-460.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-423.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-42.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-396.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-359.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-321.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-294.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-257.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-192.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-155.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-118.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-960.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-923.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-896.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-859.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-821.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-794.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-757.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-70.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-692.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-655.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-618.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-590.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-553.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-516.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-489.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-451.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-414.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-387.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-33.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-312.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-285.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-248.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-210.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-183.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-146.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-109.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"netstat listening ports\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-99.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-989.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-951.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-914.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-887.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-812.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-785.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-748.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-710.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-683.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-646.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-61.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-609.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-581.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-544.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-507.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-442.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-405.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-378.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-340.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-303.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-276.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-24.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-239.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-201.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-174.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-137.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-942.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-905.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-878.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-840.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-803.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-776.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-739.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-701.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-674.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-637.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-572.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-535.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-52.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-470.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-433.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-369.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-331.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-267.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-165.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-15.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-128.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-0.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-970.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-933.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-869.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-831.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-80.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-767.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-665.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-628.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-563.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-526.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-499.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-461.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-43.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-424.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-397.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-322.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-295.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-258.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-220.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-193.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-156.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-119.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-961.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-924.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-897.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-822.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-795.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-758.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-720.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-71.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-693.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-656.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-619.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-591.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-554.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-517.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-452.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-415.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-388.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-350.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-34.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-313.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-286.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-249.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-211.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-184.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-147.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-952.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-915.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-888.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-850.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-813.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-786.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-749.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-711.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-684.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-647.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-62.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-582.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-545.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-508.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-480.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-443.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-406.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-379.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-341.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-304.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-277.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-25.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-202.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-175.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-138.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-100.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-980.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-943.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-906.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-90.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-879.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-841.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-804.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-777.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-702.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-675.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-638.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-600.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-573.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-536.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-53.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-471.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-434.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-332.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-268.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-230.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-166.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-16.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-129.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-971.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-934.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-832.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-81.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-768.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-730.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-666.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-629.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-564.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-527.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-462.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-44.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-425.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-398.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-360.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-323.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-296.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-259.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-221.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-194.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-157.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"df -P\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-962.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-925.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-898.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-860.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-823.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-796.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-759.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-721.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-72.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-694.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-657.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-592.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-555.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-518.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-490.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-453.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-416.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-389.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-351.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-35.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-314.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-287.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-212.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-185.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-148.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-110.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-990.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-953.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-916.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-889.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-851.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-814.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-787.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-712.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-685.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-648.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-63.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-610.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-583.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-546.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-509.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-481.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-444.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-407.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-342.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-305.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-278.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-26.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-240.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-203.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-176.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-139.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-101.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-981.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-944.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-91.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-907.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-842.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-805.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-778.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-740.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-703.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-676.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-639.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-601.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-574.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-54.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-537.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-472.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-435.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-370.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-333.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-269.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-231.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-2.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-17.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-167.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-972.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-935.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-870.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-833.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-82.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-769.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-731.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-667.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-45.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-963.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-926.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-899.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-861.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-824.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-797.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-73.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-722.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-695.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-658.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-620.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-36.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-991.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-954.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-917.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-852.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-815.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-788.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-750.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-713.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-686.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//reponse fourth block -char *outjson_block4 = "{\"error\":0,\"remaining\":false,\"json_updated\":false,\"data\":{\"interval\":{\"start\":\"2023-06-28 18:56:47\",\"end\":\"2023-06-28 18:57:47\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-649.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-64.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-611.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-27.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-102.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//json for case 1 -char * outjson1 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.logJULIAN1\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log1\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.logJULIAN2\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log2\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.logJULIAN3\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log3\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.logJULIAN4\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log4\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-982.logJULIAN5\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log5\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -//response block case 1 -char *outjson_block_case_1 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -char * outjson2 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - -//response block case 2 -char *outjson_block_case_2 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - -//json for case 5 -char * outjson5 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -char *outjson_block_case_5 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-171.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1365.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - - -char *outjson_block_case_5_1 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-134.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.loGG\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - -char * outjson6 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - - -char *outjson_block_case_6 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-908.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-880.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-843.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-806.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-779.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-741.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-704.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-677.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-602.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-55.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-3.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-18.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1565.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1528.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1463.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1426.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1399.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1361.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1324.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1297.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1222.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1195.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1158.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1120.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1093.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1056.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1019.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"last -n 20\",\"events\":1,\"bytes\":66,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-973.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-936.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-871.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-834.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-83.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-732.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-668.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-630.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-46.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1593.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1556.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1519.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1491.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1454.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1417.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1352.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1315.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1288.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1250.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1213.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1186.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1149.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1111.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1084.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1047.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/dpkg.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-964.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-927.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-862.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-825.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-798.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-760.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-74.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-723.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-696.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-659.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-621.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-37.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1584.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1547.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1482.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1445.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1408.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1380.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1343.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1306.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1279.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1241.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1204.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1177.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1102.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1075.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1038.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1000.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-992.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-955.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-918.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-890.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-853.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-816.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-789.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-751.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-714.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-687.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-65.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-612.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-28.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1575.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1538.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1500.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1473.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1436.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1371.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1334.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1232.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1168.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1130.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1066.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1029.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-983.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-946.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-93.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-909.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-881.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-844.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-807.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-742.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-705.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-678.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-640.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-603.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-56.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-4.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-19.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1566.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1529.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1464.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1427.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1362.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1325.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1298.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1260.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1223.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1196.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1159.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1121.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1094.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1057.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-974.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-937.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-872.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-84.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-835.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-770.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-733.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-669.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-631.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-47.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1594.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1557.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1492.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1455.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1418.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1390.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1353.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1316.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1289.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1251.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1214.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1187.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1112.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1085.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1048.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1010.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-965.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-928.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-863.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-826.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-799.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-761.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-75.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-724.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-697.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-622.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-38.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1585.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1548.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1510.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1483.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1446.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1409.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1381.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1344.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1307.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1242.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1205.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1178.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1140.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1103.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1076.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1039.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1001.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-993.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-956.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-919.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-891.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-854.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-817.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-752.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-715.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-688.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-66.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-650.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-613.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-29.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1576.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1539.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1501.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1474.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1437.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1372.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1335.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1270.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1233.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1169.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1131.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1067.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/ossec/logs/active-responses.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-984.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-947.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-94.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-882.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-845.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-808.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-780.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-743.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-706.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-679.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-641.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-604.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-57.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-5.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1567.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1465.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1428.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1363.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1326.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1299.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1261.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1224.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1197.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1122.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1095.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1058.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1020.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-975.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-938.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-900.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-873.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-85.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-836.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-771.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-734.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-632.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-48.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1595.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1558.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1520.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1493.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1456.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1419.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1391.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1354.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1317.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1252.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1215.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1188.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1150.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1113.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1086.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1049.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1011.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-10.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-966.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-929.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-864.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-827.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-762.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-76.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-725.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-698.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-660.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-623.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-39.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1586.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1549.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1511.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1484.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1447.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1382.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1345.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1308.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1280.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1243.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1206.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1179.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1141.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1104.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1077.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1002.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/syslog\",\"events\":4,\"bytes\":245,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/var/log/auth.log\",\"events\":1,\"bytes\":87,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-994.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-957.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-892.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-855.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-818.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-790.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-753.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-716.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-689.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-67.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-651.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-614.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1577.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1502.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1475.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1438.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1400.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1373.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1336.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1271.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1234.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1132.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1068.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1030.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-985.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-95.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-948.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-910.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-883.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-846.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-809.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-781.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-744.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-707.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-642.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-605.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-6.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-58.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-20.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1568.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1530.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1466.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1429.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1364.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1327.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1262.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1225.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1198.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1160.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1123.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1096.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1059.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1021.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-976.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-939.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-901.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-874.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-86.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-837.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-772.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-735.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-670.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-633.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-569.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-531.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-49.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-467.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-365.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-328.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-263.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-226.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-199.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-161.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1596.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1559.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1521.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1494.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1457.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1392.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1355.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1318.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1290.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1253.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-124.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1216.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1189.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1151.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1114.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-11.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1087.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1012.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-967.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-865.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-828.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-77.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-763.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-726.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-699.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-661.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-624.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-597.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-522.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-495.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-458.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-420.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-393.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-356.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-319.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-291.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-254.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-217.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1587.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-152.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1512.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1485.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1448.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1410.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1383.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1346.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1309.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1281.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1244.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1207.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-115.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1142.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1105.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1078.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1040.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1003.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/var/log/kern.log\",\"events\":0,\"bytes\":0,\"targets\":[{\"name\":\"agent\",\"drops\":0}]},{\"location\":\"/root/logs/my-log-for-any-thing-example-995.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-958.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-920.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-893.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-856.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-819.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-791.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-754.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-717.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-68.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-652.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-615.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-588.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-550.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-513.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-486.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-449.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-411.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-384.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-347.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-30.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-282.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-245.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-208.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-180.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1578.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1540.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1503.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1476.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1439.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-143.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1401.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1374.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1337.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1272.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1235.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1170.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1133.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-106.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1031.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-986.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-96.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-949.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-911.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-884.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-847.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-782.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-745.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-708.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-7.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-680.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-643.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-606.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-59.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-579.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-541.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-504.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-477.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-402.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-375.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-338.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-300.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-273.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-236.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-21.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - - -char *outjson_block_case_6_1 = "{\"error\":0,\"data\":{\"global\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]}}}"; - - -char *outjson_no_global = "{\"error\":0,\"data\":{\"glob\":{\"start\":\"2023-06-01 19:20:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-982.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-945.log\",\"events\":0,\"bytes\":0,\"targets\":[]},{\"location\":\"/root/logs/my-log-for-any-thing-example-92.log\",\"events\":0,\"bytes\":0,\"targets\":[]}]},\"interval\":{\"start\":\"2023-06-01 19:21:35\",\"end\":\"2023-06-01 19:22:35\",\"files\":[{\"location\":\"/root/logs/my-log-for-any-thing-example-1069.log\",\"events\":0,\"bytes\":0,\"targets\":[]}"; - -#endif /*_JSON_DATA_H*/ diff --git a/src/modules/logcollector/tests/unit/tests/test_journal_log.c b/src/modules/logcollector/tests/unit/tests/test_journal_log.c deleted file mode 100644 index ff19679358..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_journal_log.c +++ /dev/null @@ -1,4562 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/journal_log.h" - -#include "../wrappers/posix/stat_wrappers.h" -#include "../wrappers/common.h" -#include "../wrappers/externals/pcre2/pcre2_wrappers.h" -#include "../wrappers/externals/cJSON/cJSON_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" -#include "../wrappers/linux/dlfcn_wrappers.h" - -#define _XOPEN_SOURCE - -bool is_owned_by_root(const char * library_path); -bool load_and_validate_function(void * handle, const char * name, void ** func); -uint64_t w_get_epoch_time(); -char * w_timestamp_to_string(uint64_t timestamp); -char * w_timestamp_to_journalctl_since(uint64_t timestamp); -char * find_library_path(const char * library_name); -w_journal_lib_t * w_journal_lib_init(); -cJSON * entry_as_json(w_journal_context_t * ctx); -char * get_field_ptr(w_journal_context_t * ctx, const char * field); -char * create_plain_syslog(const char * timestamp, - const char * hostname, - const char * syslog_identifier, - const char * pid, - const char * message); -char * entry_as_syslog(w_journal_context_t * ctx); -w_journal_entry_t * w_journal_entry_dump(w_journal_context_t * ctx, w_journal_entry_dump_type_t type); - -// Mocks - -/* Mock of the sd_journal_* functions */ -int __wrap_sd_journal_open(sd_journal ** journal, int flags) { return mock_type(int); } - -void __wrap_sd_journal_close(sd_journal * j) { function_called(); } - -int __wrap_sd_journal_previous(sd_journal * j) { return mock_type(int); } - -int __wrap_sd_journal_next(sd_journal * j) { return mock_type(int); } - -int __wrap_sd_journal_seek_tail(sd_journal * j) { return mock_type(int); } - -int __wrap_sd_journal_seek_realtime_usec(sd_journal * j, uint64_t usec) { return mock_type(int); } - -// The expected value is returned in the usec parameter -// If the expected value positive, the function returns 0 and the expected value is stored in usec -int __wrap_sd_journal_get_realtime_usec(sd_journal * j, uint64_t * usec) { - int64_t ret = mock_type(int64_t); - if (ret >= 0) { - *usec = (uint64_t) ret; - return 0; - } - return ret; -} - -int __wrap_sd_journal_get_data(sd_journal * j, const char * field, const void ** data, size_t * length) { - check_expected(field); - int retval = mock_type(int); - // If function returns a positive value, return a simulated data - if (retval >= 0) { - *data = mock_ptr_type(char *); - *length = strlen(*data); - } - return retval; -} - -int __wrap_sd_journal_restart_data(sd_journal * j) { return mock_type(int); } - -int __wrap_sd_journal_enumerate_data(sd_journal * j, const void ** data, size_t * length) { - - int retval = mock_type(int); - if (retval > 0) { - *data = mock_ptr_type(char *); - *length = strlen(*data); - } - return retval; -} - -int __wrap_sd_journal_get_cutoff_realtime_usec(sd_journal * j, uint64_t * from, uint64_t * to) { - int64_t ret = mock_type(int64_t); - if (ret >= 0) { - *from = (uint64_t) ret; - return 0; - } - return ret; -} - -extern unsigned int __real_gmtime_r(const time_t * t, struct tm * tm); -unsigned int __wrap_gmtime_r(__attribute__((__unused__)) const time_t * t, __attribute__((__unused__)) struct tm * tm) { - unsigned int mock = mock_type(unsigned int); - if (mock == 0) { - return mock; - } else { - return __real_gmtime_r(t, tm); - } -} - -int __wrap_isDebug() { return mock(); } - -/* setup/teardown */ - -static int group_setup(void ** state) { - test_mode = 1; - w_test_pcre2_wrappers(false); - return 0; -} - -static int group_teardown(void ** state) { - test_mode = 0; - w_test_pcre2_wrappers(true); - return 0; -} - -// Test is_owned_by_root - -// Test is_owned_by_root with root owned -void test_is_owned_by_root_root_owned(void ** state) { - (void) state; - - const char * library_path = "existent_file_root"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_value(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - bool result = is_owned_by_root(library_path); - - // Assert - assert_true(result); -} - -// Test is_owned_by_root with not root owned -void test_is_owned_by_root_not_root_owned(void ** state) { - (void) state; - - const char * library_path = "existent_file_no_root"; - - struct stat mock_stat; - mock_stat.st_uid = 1000; - - expect_value(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - bool result = is_owned_by_root(library_path); - - // Assert - assert_false(result); -} - -// Test is_owned_by_root with stat fails -void test_is_owned_by_root_stat_fails(void ** state) { - (void) state; - - const char * library_path = "nonexistent_file"; - - struct stat mock_stat; - mock_stat.st_uid = 1000; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, -1); - - bool result = is_owned_by_root(library_path); - - // Assert - assert_false(result); -} - -// Test load_and_validate_function - -// Test load_and_validate_function success -static void test_load_and_validate_function_success(void ** state) { - // Arrange - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - const char * function_name = "valid_function"; - void * function_pointer; - - expect_any(__wrap_dlsym, handle); - expect_string(__wrap_dlsym, symbol, "valid_function"); - will_return(__wrap_dlsym, mock_function); - - // Act - bool result = load_and_validate_function(handle, function_name, &function_pointer); - - // Assert - assert_true(result); - assert_non_null(function_pointer); -} - -// Test load_and_validate_function failure -static void test_load_and_validate_function_failure(void ** state) { - // Arrange - void * handle = NULL; // Simulate invalid handle - void * mock_function = NULL; - const char * function_name = "invalid_function"; - void * function_pointer = (void *) 1; - - expect_any(__wrap_dlsym, handle); - expect_string(__wrap_dlsym, symbol, "invalid_function"); - will_return(__wrap_dlsym, mock_function); - - will_return(__wrap_dlerror, "ERROR"); - - expect_string(__wrap__mwarn, formatted_msg, "(8008): Failed to load 'invalid_function': 'ERROR'."); - - // Act - bool result = load_and_validate_function(handle, function_name, &function_pointer); - - // Assert - assert_false(result); - assert_null(function_pointer); -} - -// Test w_get_epoch_time - -static void test_w_get_epoch_time(void ** state) { - // Arrange - will_return(__wrap_gettimeofday, 0); - - // Act - uint64_t result = w_get_epoch_time(); - - // Cant assert the result because it is a time value and the wrapper is not set in the test - -} - -// Test w_timestamp_to_string - -static void test_w_timestamp_to_string(void ** state) { - // Arrange - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds - will_return(__wrap_gmtime_r, 1); - - // Act - char * result = w_timestamp_to_string(timestamp); - - // Assert - free(result); -} - -// Test w_timestamp_to_journalctl_since - -static void test_w_timestamp_to_journalctl_since_success(void ** state) { - // Arrange - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - - will_return(__wrap_gmtime_r, 1618849174000000); - - // Act - char * result = w_timestamp_to_journalctl_since(timestamp); - - // Assert - assert_non_null(result); - - // Verify the result is the expected format - assert_int_equal(strlen(result), strlen("1900-01-00 00:00:00")); - assert_string_equal(result, "2021-04-19 16:19:34"); - free(result); -} - -static void test_w_timestamp_to_journalctl_since_failure(void ** state) { - // Arrange - uint64_t timestamp = 0; // Timestamp que provocará el error - - will_return(__wrap_gmtime_r, 0); - - // Act - char * result = w_timestamp_to_journalctl_since(timestamp); - - // Assert - assert_null(result); -} - -// Test find_library_path - -static void test_find_library_path_success(void ** state) { - // Arrange - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /path/to/libtest.so\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // Act - char * result = find_library_path("libtest.so"); - - // Assert - assert_non_null(result); - assert_string_equal(result, "/path/to/libtest.so"); - - // Clean - free(result); -} - -static void test_find_library_path_failure(void ** state) { - // Arrange - - // Set expectations for fopen - const char * library_name = "libtest.so"; - const char * expected_mode = "r"; - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Setting the return value for fopen - FILE * maps_file = NULL; // Simulate fopen error - will_return(__wrap_fopen, maps_file); - - // Act - char * result = find_library_path(library_name); - - // Assert - assert_null(result); - - // Clean - free(result); -} - -#define W_LIB_SYSTEMD "libsystemd.so.0" -#define RTLD_LAZY 1 - -// Test w_journal_lib_init - -// Define a test case for the scenario where dlopen fails -static void test_w_journal_lib_init_dlopen_fail(void ** state) { - // Arrange - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, NULL); - - will_return(__wrap_dlerror, "Library load failed"); - - expect_string(__wrap__mwarn, formatted_msg, "(8008): Failed to load 'libsystemd.so.0': 'Library load failed'."); - - // Act - w_journal_lib_t * result = w_journal_lib_init(); - - // Assert - assert_null(result); -} - -// Define a test case for the scenario where find_library_path fails -static void test_w_journal_lib_init_find_library_path_fail(void ** state) { - // Arrange - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_failure - // Set expectations for fopen - const char * library_name = "libtest.so"; - const char * expected_mode = "r"; - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Setting the return value for fopen - FILE * maps_file = NULL; // Simulate fopen error - will_return(__wrap_fopen, maps_file); - - // expect_any(__wrap_mwarn, id); - expect_string(__wrap__mwarn, formatted_msg, "(8009): The library 'libsystemd.so.0' is not owned by the root user."); - - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - - // Act - w_journal_lib_t * result = w_journal_lib_init(); - - // Assert - assert_null(result); -} - -// Define a test case for the scenario where is_owned_by_root fails -static void test_w_journal_lib_init_is_owned_by_root_fail(void ** state) { - // Arrange - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_stat_fails - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 1000; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, -1); - - // expect_any(__wrap_mwarn, id); - expect_string(__wrap__mwarn, formatted_msg, "(8009): The library 'libsystemd.so.0' is not owned by the root user."); - - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - - // Act - w_journal_lib_t * result = w_journal_lib_init(); - - // Assert - assert_null(result); -} - -// Define a test case for the scenario where load_and_validate_function fails -static void test_w_journal_lib_init_load_and_validate_function_fail(void ** state) { - // Arrange - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - // test_load_and_validate_function_failure - void * handle = NULL; // Simulate invalid handle - void * mock_function = NULL; - const char * function_name = "sd_journal_open"; - void * function_pointer = (void *) 1; - - expect_any(__wrap_dlsym, handle); - expect_string(__wrap_dlsym, symbol, function_name); - will_return(__wrap_dlsym, mock_function); - - will_return(__wrap_dlerror, "ERROR"); - - expect_string(__wrap__mwarn, formatted_msg, "(8008): Failed to load 'sd_journal_open': 'ERROR'."); - - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); - - // Act - w_journal_lib_t * result = w_journal_lib_init(); - - // Assert - assert_null(result); -} - -// Define a test case for the scenario where everything succeeds - -// Auxiliary function for setting dlsym wrap expectations -static void setup_dlsym_expectations(const char * symbol) { - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0x1; - - if (strcmp(symbol, "sd_journal_open") == 0) { - mock_function = (void *) __wrap_sd_journal_open; - } else if (strcmp(symbol, "sd_journal_close") == 0) { - mock_function = (void *) __wrap_sd_journal_close; - } else if (strcmp(symbol, "sd_journal_previous") == 0) { - mock_function = (void *) __wrap_sd_journal_previous; - } else if (strcmp(symbol, "sd_journal_next") == 0) { - mock_function = (void *) __wrap_sd_journal_next; - } else if (strcmp(symbol, "sd_journal_seek_tail") == 0) { - mock_function = (void *) __wrap_sd_journal_seek_tail; - } else if (strcmp(symbol, "sd_journal_seek_realtime_usec") == 0) { - mock_function = (void *) __wrap_sd_journal_seek_realtime_usec; - } else if (strcmp(symbol, "sd_journal_get_realtime_usec") == 0) { - mock_function = (void *) __wrap_sd_journal_get_realtime_usec; - } else if (strcmp(symbol, "sd_journal_get_data") == 0) { - mock_function = (void *) __wrap_sd_journal_get_data; - } else if (strcmp(symbol, "sd_journal_restart_data") == 0) { - mock_function = (void *) __wrap_sd_journal_restart_data; - } else if (strcmp(symbol, "sd_journal_enumerate_data") == 0) { - mock_function = (void *) __wrap_sd_journal_enumerate_data; - } else if (strcmp(symbol, "sd_journal_get_cutoff_realtime_usec") == 0) { - mock_function = (void *) __wrap_sd_journal_get_cutoff_realtime_usec; - } else { - // Invalid symbol - assert_true(false); - } - - expect_any(__wrap_dlsym, handle); - expect_string(__wrap_dlsym, symbol, symbol); - will_return(__wrap_dlsym, mock_function); -} - -static void test_w_journal_lib_init_success(void ** state) { - // Arrange - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - // Act - w_journal_lib_t * result = w_journal_lib_init(); - - // Assert - assert_non_null(result); - free(result); -} - -// Test w_journal_context_create - -// Test case for a successful context creation -static void test_w_journal_context_create_success(void ** state) { - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expect to call w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - // Open the journal - will_return(__wrap_sd_journal_open, 0); - - // Call the function under test - int ret = w_journal_context_create(&ctx); - - // Check the result - assert_int_equal(ret, 0); // Success - assert_non_null(ctx); // ctx non null - - // Clear dynamically allocated memory - os_free(ctx->journal); - os_free(ctx->lib); - os_free(ctx); -} - -// Test case for a failure due to NULL context pointer -static void test_w_journal_context_create_null_pointer(void ** state) { - // Call the function with a NULL context pointer - int ret = w_journal_context_create(NULL); - - // Check the result - assert_int_equal(ret, -1); -} - -// Test case for a failure in library initialization -static void test_w_journal_context_create_lib_init_fail(void ** state) { - // Allocate memory for the context - w_journal_context_t * ctx = NULL; - - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, NULL); - - will_return(__wrap_dlerror, "Library load failed"); - - expect_string(__wrap__mwarn, formatted_msg, "(8008): Failed to load 'libsystemd.so.0': 'Library load failed'."); - - // Call the function under test - int ret = w_journal_context_create(&ctx); - - // Check the result - assert_int_equal(ret, -1); - assert_null(ctx); -} - -// Test case for a failure in journal opening -static void test_w_journal_context_create_journal_open_fail(void ** state) { - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, -1); // Fail w_journal_lib_open - expect_string(__wrap__mwarn, formatted_msg, "(8010): Failed open journal log: 'Operation not permitted'."); - - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - - // Call the function under test - int ret = w_journal_context_create(&ctx); - - // Check the result - assert_int_equal(ret, -1); - assert_null(ctx); -} - -// Test w_journal_context_free - -// Test case for freeing a NULL context -static void test_w_journal_context_free_null(void ** state) { - w_journal_context_t * ctx = NULL; - w_journal_context_free(ctx); // Should not cause any issues - - // Assert - assert_null(ctx); -} - -// Test case for freeing a valid context -static void test_w_journal_context_free_valid(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - - // Perform the function under test - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - - // No need to check the memory deallocation of ctx since it's freed -} - -// Test w_journal_context_update_timestamp - -// Test for w_journal_context_update_timestamp succeeds -static void test_w_journal_context_update_timestamp_success(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - w_journal_context_update_timestamp(ctx); - - // Verify that the timestamp has been updated correctly. - assert_int_equal(ctx->timestamp, 123456); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_update_timestamp with null ctx -static void test_w_journal_context_update_timestamp_ctx_null(void ** state) { - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Perform the function under test - w_journal_context_update_timestamp(ctx); -} - -// Test for w_journal_context_update_timestamp with error when getting the timestamp -static void test_w_journal_context_update_timestamp_fail(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_get_realtime_usec, -EACCES); // Fail to get the timestamp value and return an error - will_return(__wrap_gettimeofday, NULL); - expect_string(__wrap__mwarn, - formatted_msg, - "(8011): Failed to read timestamp from journal log: 'Permission denied'. Using current time."); - w_journal_context_update_timestamp(ctx); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test w_journal_context_seek_most_recent - -// Test for w_journal_context_seek_most_recent update timestamp -static void test_w_journal_context_seek_most_recent_update_tamestamp(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_seek_tail, 0); // Mocked return value - will_return(__wrap_sd_journal_previous, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - int ret = w_journal_context_seek_most_recent(ctx); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_most_recent with error when seeking tail -static void test_w_journal_context_seek_most_recent_seek_tail_fail(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_seek_tail, -1); // Mocked return value - int ret = w_journal_context_seek_most_recent(ctx); - - // Check the result - assert_int_equal(ret, -1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_most_recent success -static void test_w_journal_context_seek_most_recent_success(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_seek_tail, 0); // Mocked return value - will_return(__wrap_sd_journal_previous, 0); // Mocked return value - int ret = w_journal_context_seek_most_recent(ctx); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_most_recent with null ctx -static void test_w_journal_context_seek_most_recent_ctx_null(void ** state) { - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Perform the function under test - int ret = w_journal_context_seek_most_recent(ctx); - - // Check the result - assert_int_equal(ret, -1); -} - -// Test w_journal_context_seek_timestamp - -// Test for w_journal_context_seek_timestamp with null params -static void test_w_journal_context_seek_timestamp_null_params(void ** state) { - assert_int_equal(w_journal_context_seek_timestamp(NULL, 0), -1); -} - -// Test for w_journal_context_seek_timestamp with future timestamp -static void test_w_journal_context_seek_timestamp_future_timestamp(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_gettimeofday, NULL); - expect_string(__wrap__mwarn, - formatted_msg, - "(8012): The timestamp '1234567' is in the future or invalid. Using the most recent entry."); - will_return(__wrap_sd_journal_seek_tail, 0); // Mocked return value - will_return(__wrap_sd_journal_previous, 0); // Mocked return value - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp error when getting oldest timestamp -static void test_w_journal_context_seek_timestamp_fail_read_old_ts(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, -1); // Mocked oldest timestamp - expect_string(__wrap__mwarn, - formatted_msg, - "(8013): Failed to read oldest timestamp from journal log: 'Operation not permitted'."); - will_return(__wrap_sd_journal_seek_realtime_usec, 0); - will_return(__wrap_sd_journal_next, 0); - - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp with timestamp older than oldest available -static void test_w_journal_context_seek_timestamp_change_ts(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1233, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 22345678); // Mocked oldest timestamp - expect_string( - __wrap__mwarn, - formatted_msg, - "(8014): The timestamp '1234567' is older than the oldest available in journal. Using the oldest entry."); - will_return(__wrap_sd_journal_seek_realtime_usec, 0); - will_return(__wrap_sd_journal_next, 0); - - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp with error when seeking timestamp -static void test_w_journal_context_seek_timestamp_seek_timestamp_fail(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 0); // Mocked oldest timestamp - will_return(__wrap_sd_journal_seek_realtime_usec, -1); - - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, -1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp with error when seek the timestamp -static void test_w_journal_context_seek_timestamp_fail_seek(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 0); // Mocked oldest timestamp - will_return(__wrap_sd_journal_seek_realtime_usec, -1); - - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, -1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp with error when getting next entry -static void test_w_journal_context_seek_timestamp_next_fail(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 0); // Mocked oldest timestamp - will_return(__wrap_sd_journal_seek_realtime_usec, 0); - will_return(__wrap_sd_journal_next, -1); - - int ret = w_journal_context_seek_timestamp(ctx, 1234567); - - // Check the result - assert_int_equal(ret, -1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_seek_timestamp success -static void test_w_journal_context_seek_timestamp_success(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 0); // Mocked oldest timestamp - will_return(__wrap_sd_journal_seek_realtime_usec, 0); - will_return(__wrap_sd_journal_next, 0); - - int ret = w_journal_context_seek_timestamp(ctx, 123457); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -static void test_w_journal_context_seek_timestamp_success_new_entry(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - struct timeval expected_time = {.tv_sec = 1234, .tv_usec = 5678}; - struct timeval actual_time; - will_return(__wrap_gettimeofday, &expected_time); - will_return(__wrap_sd_journal_get_cutoff_realtime_usec, 0); // Mocked oldest timestamp - will_return(__wrap_sd_journal_seek_realtime_usec, 0); - will_return(__wrap_sd_journal_next, 1); - - // update timestamp - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - int ret = w_journal_context_seek_timestamp(ctx, 123457); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test w_journal_context_next_newest - -// Test for w_journal_context_next_newest with null ctx -static void test_w_journal_context_next_newest_ctx_null(void ** state) { - // Perform the function under test - int ret = w_journal_context_next_newest(NULL); - - // Check the result - assert_int_equal(ret, -1); -} - -// Test for w_journal_context_next_newest updating timestamp -static void test_w_journal_context_next_newest_update_timestamp(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - int ret = w_journal_context_next_newest(ctx); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_next_newest success -static void test_w_journal_context_next_newest_success(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 0); // Mocked return value - - int ret = w_journal_context_next_newest(ctx); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test w_journal_filter_apply - -// Test for w_journal_filter_apply with null params -void test_w_journal_filter_apply_null_params(void ** state) { - - assert_int_equal(w_journal_filter_apply(NULL, (w_journal_filter_t *) 0x1), -1); - assert_int_equal(w_journal_filter_apply((w_journal_context_t *) 0x1, NULL), -1); -} - -// Test for w_journal_filter_apply with fail to get data -void test_w_journal_filter_apply_fail_get_data_ignore_test(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Set timestamp - ctx->timestamp = 123456; - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field_to_ignore", ".", true)); - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field_no_ignore", ".", false)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field_to_ignore"); - will_return(__wrap_sd_journal_get_data, -1); // Fail get data, ignore - - expect_string(__wrap_sd_journal_get_data, field, "field_no_ignore"); - will_return(__wrap_sd_journal_get_data, -1); // Fail get data, not ignore - - // Expect err message and return error - expect_string(__wrap__mdebug2, - formatted_msg, - "(9003): Failed to get data field 'field_no_ignore' from entry with timestamp '123456'. Error: " - "Operation not permitted"); - - // Apply filter - assert_int_equal(-1, w_journal_filter_apply(ctx, ufilters)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_filter_apply with fail parse data -void test_w_journal_filter_apply_fail_parse(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Set timestamp - ctx->timestamp = 123456; - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "f="); // Should be a valid data, 'field=' - - // Apply filter - assert_int_equal(-1, w_journal_filter_apply(ctx, ufilters)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_filter_apply with empty field -void test_w_journal_filter_apply_empty_field(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Set timestamp - ctx->timestamp = 123456; - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "field="); // Empty field - - // Apply filter - assert_int_equal(0, w_journal_filter_apply(ctx, ufilters)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_filter_apply with match fail -void test_w_journal_filter_apply_match_fail(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Set timestamp - ctx->timestamp = 123456; - - // Create filter for arg, match with number fail - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", "^\\d", false)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "field=test text"); // Empty field - - // Apply filter - assert_int_equal(0, w_journal_filter_apply(ctx, ufilters)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_filter_apply with match success -void test_w_journal_filter_apply_match_success(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Set timestamp - ctx->timestamp = 123456; - - // Create filter for arg, match with number ok - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", "^\\d", false)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "field=123123"); // Empty field - - // Apply filter - assert_int_equal(1, w_journal_filter_apply(ctx, ufilters)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free - // Free filter - w_journal_filter_free(ufilters); -} - -// Test w_journal_context_next_newest_filtered - -// Test for w_journal_context_next_newest_filtered with null filters -static void test_w_journal_context_next_newest_filtered_null_filters(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 0); // Mocked return value - int ret = w_journal_context_next_newest_filtered(ctx, NULL); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_next_newest_filtered with no filters -static void test_w_journal_context_next_newest_filtered_no_filters(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 0); // Mocked return value - int ret = w_journal_context_next_newest_filtered(ctx, (w_journal_filters_list_t) NULL); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); -} - -// Test for w_journal_context_next_newest_filtered with one filter -static void test_w_journal_context_next_newest_filtered_one_filter(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 0); // Mocked return value - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - - int ret = w_journal_context_next_newest_filtered(ctx, (w_journal_filters_list_t) ufilters); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_context_next_newest_filtered is debug -static void test_w_journal_context_next_newest_filtered_is_debug(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - - // Set debug - will_return(__wrap_isDebug, 1); - - will_return(__wrap_gmtime_r, 0); // Mocked time - // mock mdebug2 - expect_string(__wrap__mdebug2, formatted_msg, "(9004): Checking filters for timestamp 'unknown'"); - - int ret = w_journal_context_next_newest_filtered(ctx, (w_journal_filters_list_t) ufilters); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_context_next_newest_filtered is debug false -static void test_w_journal_context_next_newest_filtered_is_debug_false(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - // Create filter for arg, ignore if missing data = false - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - - // Set debug - will_return(__wrap_isDebug, 0); - - int ret = w_journal_context_next_newest_filtered(ctx, (w_journal_filters_list_t) ufilters); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); - // Free filter - w_journal_filter_free(ufilters); -} - -// Test for w_journal_context_next_newest_filtered with filter apply -static void test_w_journal_context_next_newest_filtered_filter_apply(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - // Set debug - will_return(__wrap_isDebug, 0); - - // Create filter for arg, ignore if missing data = false - w_journal_filters_list_t filter_list = NULL; - - // Prepare the filter - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", ".", true)); - // Add filter to the list - assert_true(w_journal_add_filter_to_list(&filter_list, ufilters)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "field=123123"); // Empty field - - int ret = w_journal_context_next_newest_filtered(ctx, filter_list); - - // Check the result - assert_int_equal(ret, 1); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); - // Free filter list - w_journal_filters_list_free(filter_list); -} - -// Test for w_journal_context_next_newest_filtered with filter apply fail -static void test_w_journal_context_next_newest_filtered_filter_apply_fail(void ** state) { - // test_w_journal_context_create_success - // Define a pointer to w_journal_context_t - w_journal_context_t * ctx = NULL; - - // Expectativas de llamada a w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); // Mocked handle - - // test_find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - - // Simulate the successful opening of a file - FILE * maps_file = (FILE *) 0x123456; // Simulated address - will_return(__wrap_fopen, maps_file); - - // Simulate a line containing the searched library - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - - // test_is_owned_by_root_root_owned - - const char * library_path = "/libsystemd.so.0"; - - struct stat mock_stat; - mock_stat.st_uid = 0; - - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - - void * handle = (void *) 1; // Simulate handle - void * mock_function = (void *) 0xabcdef; - - // Set expectations for dlsym wrap - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - - // Perform the function under test - will_return(__wrap_sd_journal_next, 1); // Mocked return value - will_return(__wrap_sd_journal_get_realtime_usec, 123456); // Mocked timestamp - - // Set debug - will_return(__wrap_isDebug, 0); - - // Create filter for arg, ignore if missing data = false - w_journal_filters_list_t filter_list = NULL; - - // Prepare the filter - w_journal_filter_t * ufilters = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&ufilters, "field", "^\\d", true)); - // Add filter to the list - assert_true(w_journal_add_filter_to_list(&filter_list, ufilters)); - - // Apply filter expected - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); // get data ok, the load data - will_return(__wrap_sd_journal_get_data, "field=test"); // Empty field - - will_return(__wrap_sd_journal_next, 0); - - int ret = w_journal_context_next_newest_filtered(ctx, filter_list); - - // Check the result - assert_int_equal(ret, 0); - - // Memory release - expect_function_call(__wrap_sd_journal_close); - expect_value(__wrap_dlclose, handle, (void *) 0x123456); // Mocked handle - will_return(__wrap_dlclose, 0); // Simulate dlclose success - w_journal_context_free(ctx); - // Free filter list - w_journal_filters_list_free(filter_list); -} - -// Test entry_as_json -void test_entry_as_json_empty(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - will_return(__wrap_cJSON_CreateObject, (cJSON *) 0x123456); - will_return(__wrap_sd_journal_restart_data, 0); - // Empty entry - will_return(__wrap_sd_journal_enumerate_data, 0); - expect_function_call(__wrap_cJSON_Delete); - - assert_null(entry_as_json(ctx)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_json_fail_parse_field(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - will_return(__wrap_cJSON_CreateObject, (cJSON *) 0x123456); - will_return(__wrap_sd_journal_restart_data, 0); - // Empty entry - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field >> no equal sign"); - will_return(__wrap_sd_journal_enumerate_data, 0); - expect_function_call(__wrap_cJSON_Delete); - - assert_null(entry_as_json(ctx)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_json_success(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - will_return(__wrap_cJSON_CreateObject, (cJSON *) 0x123456); - will_return(__wrap_sd_journal_restart_data, 0); - // 3 entryes - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field=value"); - expect_string(__wrap_cJSON_AddStringToObject, name, "field"); - expect_string(__wrap_cJSON_AddStringToObject, string, "value"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field2=123"); - expect_string(__wrap_cJSON_AddStringToObject, name, "field2"); - expect_string(__wrap_cJSON_AddStringToObject, string, "123"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field3="); - expect_string(__wrap_cJSON_AddStringToObject, name, "field3"); - expect_string(__wrap_cJSON_AddStringToObject, string, ""); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 0); - - assert_non_null(entry_as_json(ctx)); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -// Test get_field_ptr -void test_get_field_ptr_fail_get_data(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, -1); - - assert_null(get_field_ptr(ctx, "field")); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_get_field_ptr_fail_parse(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "field >> no equal sign"); - - assert_null(get_field_ptr(ctx, "field")); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_get_field_ptr_empty_field(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "field="); - - char * value = get_field_ptr(ctx, "field"); - assert_non_null(value); - assert_string_equal(value, ""); - os_free(value); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_get_field_ptr_success(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - - // Expect - expect_string(__wrap_sd_journal_get_data, field, "field"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "field=value"); - - char * val = get_field_ptr(ctx, "field"); - assert_non_null(val); - assert_string_equal(val, "value"); - os_free(val); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -// Test create_plain_syslog -void test_create_plain_syslog_with_pid(void ** state) { - - char * retval = create_plain_syslog("", "hosname", "tag", "pid", "message"); - assert_non_null(retval); - assert_string_equal(retval, " hosname tag[pid]: message"); - os_free(retval); -} - -void test_create_plain_syslog_without_pid(void ** state) { - - char * retval = create_plain_syslog("", "hosname", "tag", NULL, "message"); - assert_non_null(retval); - assert_string_equal(retval, " hosname tag: message"); - os_free(retval); -} - -// Test entry_as_syslog -void test_entry_as_syslog_success(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_PID="); - - // Get timestamp - - will_return(__wrap_gmtime_r, timestamp); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_non_null(retval); - assert_string_equal(retval, "Apr 19 16:19:34 []: "); - os_free(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_success_system_pid(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_PID="); - - // Get timestamp - - will_return(__wrap_gmtime_r, timestamp); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_non_null(retval); - assert_string_equal(retval, "Apr 19 16:19:34 []: "); - os_free(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_success_no_pid(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - // Get timestamp - - will_return(__wrap_gmtime_r, timestamp); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_non_null(retval); - assert_string_equal(retval, "Apr 19 16:19:34 : "); - os_free(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_missing_hostname(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - // Debug msg - expect_string(__wrap__mdebug2, - formatted_msg, - "(9002): Failed to get the required fields, discarted log with timestamp '1618849174000000'"); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_null(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_missing_tag(void ** state) { - - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - // Debug msg - expect_string(__wrap__mdebug2, - formatted_msg, - "(9002): Failed to get the required fields, discarted log with timestamp '1618849174000000'"); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_null(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_missing_message(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - // Debug msg - expect_string(__wrap__mdebug2, - formatted_msg, - "(9002): Failed to get the required fields, discarted log with timestamp '1618849174000000'"); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_null(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_entry_as_syslog_missing_timestamp(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, 0); - - // Debug msg - expect_string(__wrap__mdebug2, - formatted_msg, - "(9002): Failed to get the required fields, discarted log with timestamp '1618849174000000'"); - - // Check the result - char * retval = entry_as_syslog(ctx); - assert_null(retval); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -// Test w_journal_entry_dump -void test_w_journal_entry_dump_null_params(void ** state) { - assert_null(w_journal_entry_dump(NULL, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG)); - assert_null(w_journal_entry_dump(NULL, W_JOURNAL_ENTRY_DUMP_TYPE_JSON)); -} - -void test_w_journal_entry_dump_invalid_type(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->timestamp = 123456; - ctx->journal = (void *) 0x123456; - - assert_null(w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_INVALID)); - - // Test Free invalid - w_journal_entry_t * entry = calloc(1, sizeof(w_journal_entry_t)); - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_INVALID; - entry->timestamp = ctx->timestamp; - assert_null(w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_INVALID)); - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_w_journal_entry_dump_json_success(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->timestamp = 123456; - ctx->journal = (void *) 0x123456; - - // Expect - will_return(__wrap_cJSON_CreateObject, (cJSON *) 0x123456); - will_return(__wrap_sd_journal_restart_data, 0); - // 3 entryes - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field=value"); - expect_string(__wrap_cJSON_AddStringToObject, name, "field"); - expect_string(__wrap_cJSON_AddStringToObject, string, "value"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field2=123"); - expect_string(__wrap_cJSON_AddStringToObject, name, "field2"); - expect_string(__wrap_cJSON_AddStringToObject, string, "123"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 1); - will_return(__wrap_sd_journal_enumerate_data, "field3="); - expect_string(__wrap_cJSON_AddStringToObject, name, "field3"); - expect_string(__wrap_cJSON_AddStringToObject, string, ""); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_sd_journal_enumerate_data, 0); - - w_journal_entry_t * entry = w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_JSON); - assert_non_null(entry); - assert_non_null(entry->data.json); - assert_int_equal(entry->type, W_JOURNAL_ENTRY_DUMP_TYPE_JSON); - assert_int_equal(entry->timestamp, ctx->timestamp); - - // Free entry (test) - expect_function_call(__wrap_cJSON_Delete); - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_w_journal_entry_dump_syslog_fail_json(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->timestamp = 123456; - ctx->journal = (void *) 0x123456; - - // Expect - will_return(__wrap_cJSON_CreateObject, (cJSON *) 0x123456); - will_return(__wrap_sd_journal_restart_data, 0); - // Empty entry - will_return(__wrap_sd_journal_enumerate_data, 0); - expect_function_call(__wrap_cJSON_Delete); - - w_journal_entry_t * entry = w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_JSON); - assert_null(entry); - - // Free entry (test) - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_w_journal_entry_dump_syslog_success(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->journal = (void *) 0x123456; - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Expect - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - w_journal_entry_t * entry = w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - assert_non_null(entry); - assert_non_null(entry->data.syslog); - assert_int_equal(entry->type, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - assert_int_equal(entry->timestamp, ctx->timestamp); - - // Free entry (test) - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_w_journal_entry_dump_syslog_fail(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->journal = (void *) 0x123456; - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Extract fail - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, -1); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - // Debug msg - expect_string(__wrap__mdebug2, - formatted_msg, - "(9002): Failed to get the required fields, discarted log with timestamp '1618849174000000'"); - - // Get timestamp - - w_journal_entry_t * entry = w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - assert_null(entry); - // Free entry (test) - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -// Test w_journal_entry_to_string -void test_w_journal_entry_to_string_null_params(void ** state) { assert_null(w_journal_entry_to_string(NULL)); } - -void test_w_journal_entry_to_string_syslog(void ** state) { - // init ctx - w_journal_context_t * ctx = NULL; - // >>>> Start Init conext - // w_journal_lib_init - expect_string(__wrap_dlopen, filename, W_LIB_SYSTEMD); - expect_value(__wrap_dlopen, flags, RTLD_LAZY); - will_return(__wrap_dlopen, (void *) 0x123456); - // find_library_path_success - expect_string(__wrap_fopen, path, "/proc/self/maps"); - expect_string(__wrap_fopen, mode, "r"); - FILE * maps_file = (FILE *) 0x123456; - will_return(__wrap_fopen, maps_file); - char * simulated_line = strdup("00400000-0040b000 r-xp 00000000 08:01 6711792 /libsystemd.so.0\n"); - will_return(__wrap_getline, simulated_line); - expect_value(__wrap_fclose, _File, 0x123456); - will_return(__wrap_fclose, 1); - // is_owned_by_root_root_owned - const char * library_path = "/libsystemd.so.0"; - struct stat mock_stat; - mock_stat.st_uid = 0; - expect_string(__wrap_stat, __file, library_path); - will_return(__wrap_stat, &mock_stat); - will_return(__wrap_stat, 0); - void * handle = (void *) 1; - void * mock_function = (void *) 0xabcdef; - // dlsym - setup_dlsym_expectations("sd_journal_open"); - setup_dlsym_expectations("sd_journal_close"); - setup_dlsym_expectations("sd_journal_previous"); - setup_dlsym_expectations("sd_journal_next"); - setup_dlsym_expectations("sd_journal_seek_tail"); - setup_dlsym_expectations("sd_journal_seek_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_realtime_usec"); - setup_dlsym_expectations("sd_journal_get_data"); - setup_dlsym_expectations("sd_journal_restart_data"); - setup_dlsym_expectations("sd_journal_enumerate_data"); - setup_dlsym_expectations("sd_journal_get_cutoff_realtime_usec"); - will_return(__wrap_sd_journal_open, 0); - w_journal_context_create(&ctx); - // <<<< End init conetxt - ctx->journal = (void *) 0x123456; - uint64_t timestamp = 1618849174000000; // Timestamp in microseconds (2021-04-19 16:19:34) - ctx->timestamp = timestamp; - - // Expect - - // Extract - expect_string(__wrap_sd_journal_get_data, field, "_HOSTNAME"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "_HOSTNAME="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_IDENTIFIER"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_IDENTIFIER="); - - expect_string(__wrap_sd_journal_get_data, field, "MESSAGE"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "MESSAGE="); - - expect_string(__wrap_sd_journal_get_data, field, "SYSLOG_PID"); - will_return(__wrap_sd_journal_get_data, 0); - will_return(__wrap_sd_journal_get_data, "SYSLOG_PID="); - - // Get timestamp - will_return(__wrap_gmtime_r, timestamp); - - w_journal_entry_t * entry = w_journal_entry_dump(ctx, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - assert_non_null(entry); - assert_non_null(entry->data.syslog); - assert_int_equal(entry->type, W_JOURNAL_ENTRY_DUMP_TYPE_SYSLOG); - assert_int_equal(entry->timestamp, ctx->timestamp); - - char * str = w_journal_entry_to_string(entry); - assert_non_null(str); - assert_string_equal(str, "Apr 19 16:19:34 []: "); - - // Free entry (test) - os_free(str); - w_journal_entry_free(entry); - - // >>>> Start context free - expect_value(__wrap_dlclose, handle, (void *) 0x123456); - will_return(__wrap_dlclose, 0); - expect_function_call(__wrap_sd_journal_close); - w_journal_context_free(ctx); - // <<<< End Context free -} - -void test_w_journal_entry_to_string_json(void ** state) { - w_journal_entry_t * entry = calloc(1, sizeof(w_journal_entry_t)); - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_JSON; - entry->timestamp = 123456; - entry->data.json = (cJSON *) 0x123456; - - will_return(__wrap_cJSON_PrintUnformatted, strdup("json_string")); - char * str = w_journal_entry_to_string(entry); - - assert_non_null(str); - assert_string_equal(str, "json_string"); - - os_free(str); - os_free(entry); -} - -void test_w_journal_entry_to_string_invalid_type(void ** state) { - - w_journal_entry_t * entry = calloc(1, sizeof(w_journal_entry_t)); - entry->type = W_JOURNAL_ENTRY_DUMP_TYPE_INVALID; - entry->timestamp = 123456; - entry->data.json = (cJSON *) 0x123456; - - char * str = w_journal_entry_to_string(entry); - - assert_null(str); - - os_free(entry); -} - -int main(void) { - - const struct CMUnitTest tests[] = { - // Test is_owned_by_root - cmocka_unit_test(test_is_owned_by_root_root_owned), - cmocka_unit_test(test_is_owned_by_root_not_root_owned), - cmocka_unit_test(test_is_owned_by_root_stat_fails), - // Test load_and_validate_function - cmocka_unit_test(test_load_and_validate_function_success), - cmocka_unit_test(test_load_and_validate_function_failure), - // Test w_get_epoch_time - cmocka_unit_test(test_w_get_epoch_time), - // Test w_timestamp_to_string - cmocka_unit_test(test_w_timestamp_to_string), - cmocka_unit_test(test_w_timestamp_to_journalctl_since_success), - cmocka_unit_test(test_w_timestamp_to_journalctl_since_failure), - // Test find_library_path - cmocka_unit_test(test_find_library_path_success), - cmocka_unit_test(test_find_library_path_failure), - // Test w_journal_context_create - cmocka_unit_test(test_w_journal_lib_init_dlopen_fail), - cmocka_unit_test(test_w_journal_lib_init_find_library_path_fail), - cmocka_unit_test(test_w_journal_lib_init_is_owned_by_root_fail), - cmocka_unit_test(test_w_journal_lib_init_load_and_validate_function_fail), - cmocka_unit_test(test_w_journal_lib_init_success), - // Test w_journal_context_create - cmocka_unit_test(test_w_journal_context_create_success), - cmocka_unit_test(test_w_journal_context_create_null_pointer), - cmocka_unit_test(test_w_journal_context_create_lib_init_fail), - cmocka_unit_test(test_w_journal_context_create_journal_open_fail), - // Test w_journal_context_free - cmocka_unit_test(test_w_journal_context_free_null), - cmocka_unit_test(test_w_journal_context_free_valid), - // Test w_journal_context_update_timestamp - cmocka_unit_test(test_w_journal_context_update_timestamp_success), - cmocka_unit_test(test_w_journal_context_update_timestamp_ctx_null), - cmocka_unit_test(test_w_journal_context_update_timestamp_fail), - // Test w_journal_context_seek_timestamp - cmocka_unit_test(test_w_journal_context_seek_most_recent_update_tamestamp), - cmocka_unit_test(test_w_journal_context_seek_most_recent_seek_tail_fail), - cmocka_unit_test(test_w_journal_context_seek_most_recent_success), - cmocka_unit_test(test_w_journal_context_seek_most_recent_ctx_null), - // Test w_journal_context_seek_timestamp - cmocka_unit_test(test_w_journal_context_seek_timestamp_null_params), - cmocka_unit_test(test_w_journal_context_seek_timestamp_future_timestamp), - cmocka_unit_test(test_w_journal_context_seek_timestamp_fail_read_old_ts), - cmocka_unit_test(test_w_journal_context_seek_timestamp_change_ts), - cmocka_unit_test(test_w_journal_context_seek_timestamp_fail_seek), - cmocka_unit_test(test_w_journal_context_seek_timestamp_seek_timestamp_fail), - cmocka_unit_test(test_w_journal_context_seek_timestamp_next_fail), - cmocka_unit_test(test_w_journal_context_seek_timestamp_success), - cmocka_unit_test(test_w_journal_context_seek_timestamp_success_new_entry), - // Test w_journal_context_next_newest - cmocka_unit_test(test_w_journal_context_next_newest_ctx_null), - cmocka_unit_test(test_w_journal_context_next_newest_update_timestamp), - cmocka_unit_test(test_w_journal_context_next_newest_success), - // Test w_journal_filter_apply - cmocka_unit_test(test_w_journal_filter_apply_null_params), - cmocka_unit_test(test_w_journal_filter_apply_fail_get_data_ignore_test), - cmocka_unit_test(test_w_journal_filter_apply_fail_parse), - cmocka_unit_test(test_w_journal_filter_apply_empty_field), - cmocka_unit_test(test_w_journal_filter_apply_match_fail), - cmocka_unit_test(test_w_journal_filter_apply_match_success), - // Test w_journal_context_next_newest_filtered - cmocka_unit_test(test_w_journal_context_next_newest_filtered_null_filters), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_no_filters), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_one_filter), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_is_debug), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_is_debug_false), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_filter_apply), - cmocka_unit_test(test_w_journal_context_next_newest_filtered_filter_apply_fail), - // Test entry_as_json - cmocka_unit_test(test_entry_as_json_empty), - cmocka_unit_test(test_entry_as_json_fail_parse_field), - cmocka_unit_test(test_entry_as_json_success), - // Test get_field_ptr - cmocka_unit_test(test_get_field_ptr_fail_get_data), - cmocka_unit_test(test_get_field_ptr_fail_parse), - cmocka_unit_test(test_get_field_ptr_empty_field), - cmocka_unit_test(test_get_field_ptr_success), - // Test create_plain_syslog - cmocka_unit_test(test_create_plain_syslog_with_pid), - cmocka_unit_test(test_create_plain_syslog_without_pid), - // Test entry_as_syslog - cmocka_unit_test(test_entry_as_syslog_success), - cmocka_unit_test(test_entry_as_syslog_success_system_pid), - cmocka_unit_test(test_entry_as_syslog_success_no_pid), - cmocka_unit_test(test_entry_as_syslog_missing_hostname), - cmocka_unit_test(test_entry_as_syslog_missing_tag), - cmocka_unit_test(test_entry_as_syslog_missing_message), - cmocka_unit_test(test_entry_as_syslog_missing_timestamp), - // Test w_journal_entry_dump - cmocka_unit_test(test_w_journal_entry_dump_null_params), - cmocka_unit_test(test_w_journal_entry_dump_invalid_type), - cmocka_unit_test(test_w_journal_entry_dump_json_success), - cmocka_unit_test(test_w_journal_entry_dump_syslog_fail_json), - cmocka_unit_test(test_w_journal_entry_dump_syslog_success), - cmocka_unit_test(test_w_journal_entry_dump_syslog_fail), - // Test w_journal_entry_to_string - cmocka_unit_test(test_w_journal_entry_to_string_null_params), - cmocka_unit_test(test_w_journal_entry_to_string_syslog), - cmocka_unit_test(test_w_journal_entry_to_string_json), - cmocka_unit_test(test_w_journal_entry_to_string_invalid_type), - - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_lccom.c b/src/modules/logcollector/tests/unit/tests/test_lccom.c deleted file mode 100644 index 3670719d36..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_lccom.c +++ /dev/null @@ -1,386 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include - -#include "../../headers/shared.h" -#include "../../logcollector/state.h" -#include "../../logcollector/logcollector.h" -#include "../../wazuh_modules/wmodules.h" -#include "../../os_net/os_net.h" - -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/debug_op_wrappers.h" -#include "../wrappers/externals/cJSON/cJSON_wrappers.h" - -#include "json_data.h" - -size_t lccom_getstate(char ** output, bool getNextPage); -uint16_t getJsonStr64kBlockFromLatestIndex(char **output, bool getNextPage); -void addStartandEndTagsToJsonStrBlock(char *buffJson, char *headerGlobal, char *headerInterval, char *headerData, size_t LenHeaderInterval, size_t LenHeaderData, size_t LenHeaderGlobal, size_t counter, bool getNextPage); -bool isJsonUpdated(void); - -/* setup/teardown */ - -static int setup_group(void ** state) { - test_mode = 1; - return 0; -} - -static int teardown_group(void ** state) { - test_mode = 0; - return 0; -} - -/* wraps */ - -cJSON * __wrap_w_logcollector_state_get() { - return mock_type(cJSON *); -} - -double __wrap_difftime (time_t __time1, time_t __time0) { - return mock(); -} - -/* tests */ - -/* lccom_getstate */ - -void test_lccom_getstate_ok(void ** state) { - - char * output = NULL; - char json[] = "test json"; - state_interval = true; - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 2); - will_return(__wrap_w_logcollector_state_get, (cJSON *) 3); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "error"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 0); - will_return(__wrap_cJSON_AddNumberToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "remaining"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "json_updated"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, 0); - - will_return(__wrap_cJSON_PrintUnformatted, json); - expect_function_call(__wrap_cJSON_Delete); - - size_t retval = lccom_getstate(&output, false); - - assert_int_equal(strlen(json), retval); - assert_string_equal(json, output); -} - -void test_lccom_getstate_null(void ** state) { - - char * output = NULL; - char json[] = "test json"; - state_interval = true; - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 2); - will_return(__wrap_w_logcollector_state_get, NULL); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "error"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 1); - will_return(__wrap_cJSON_AddNumberToObject, NULL); - - expect_string(__wrap_cJSON_AddObjectToObject, name, "data"); - expect_value(__wrap_cJSON_AddObjectToObject, object, (cJSON *) 2); - will_return(__wrap_cJSON_AddObjectToObject, NULL); - - expect_string(__wrap_cJSON_AddStringToObject, name, "message"); - expect_string(__wrap_cJSON_AddStringToObject, string, "Statistics unavailable"); - will_return(__wrap_cJSON_AddStringToObject, 0); - - expect_string(__wrap__mdebug1, formatted_msg, "At LCCOM getstate: Statistics unavailable"); - - will_return(__wrap_cJSON_PrintUnformatted, json); - expect_function_call(__wrap_cJSON_Delete); - - size_t retval = lccom_getstate(&output, false); - - assert_int_equal(strlen(json), retval); - assert_string_equal(json, output); -} - - -void _test_lccom_getstate_tmp (char *fullJson, char *ExpectedBlock, bool getNextPage){ - char * output = NULL; - char *json = NULL; - os_strdup(fullJson, json); - state_interval = true; - struct stat stat_buf = { .st_mode = 0040000 }; - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 2); - will_return(__wrap_w_logcollector_state_get, (cJSON *) 3); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "error"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 0); - will_return(__wrap_cJSON_AddNumberToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "remaining"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "json_updated"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, 0); - - will_return(__wrap_cJSON_PrintUnformatted, json); - expect_function_call(__wrap_cJSON_Delete); - - if (strstr(fullJson, outjson2) == NULL) { - expect_string(__wrap_stat, __file, "var/run/wazuh-logcollector.state"); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - will_return(__wrap_difftime, 10); - will_return(__wrap_strftime,"Wed Dec 31 19:00:00 1969"); - will_return(__wrap_strftime, 20); - expect_string(__wrap__mdebug2, formatted_msg, " Wed Dec 31 19:00:00 1969 var/run/wazuh-logcollector.state"); - } - - size_t retval = lccom_getstate(&output, getNextPage); - assert_int_equal(strlen(output), retval); - assert_string_equal(ExpectedBlock, output); - os_free(output); -} - - -void test_lccom_getstate_first_json_block_greather_than_64k(void ** state) { - _test_lccom_getstate_tmp (global_outjson, outjson_block1, false); -} - -void test_lccom_getstate_second_json_block_greather_than_64k(void ** state) { - _test_lccom_getstate_tmp (global_outjson, outjson_block2, true); -} - -void test_lccom_getstate_third_json_block_greather_than_64k(void ** state) { - _test_lccom_getstate_tmp (global_outjson, outjson_block3, true); -} - -void test_lccom_getstate_end_json_block_lower_than_64k(void ** state) { - _test_lccom_getstate_tmp (global_outjson, outjson_block4, true); -} - -void test_lccom_getstate_first_json_block_greather_than_64k_case1(void ** state) { - _test_lccom_getstate_tmp (outjson1, outjson_block_case_1, false); -} - -void test_lccom_getstate_first_json_block_lower_than_64k_case2(void ** state) { - _test_lccom_getstate_tmp (outjson2, outjson_block_case_2, false); -} - -void test_lccom_getstate_first_json_block_lower_than_64k_case5(void ** state) { - _test_lccom_getstate_tmp (outjson5, outjson_block_case_5, false); -} - -void test_lccom_getstate_first_json_block_lower_than_64k_case5_block1(void ** state) { - _test_lccom_getstate_tmp (outjson5, outjson_block_case_5_1, true); -} - -void test_lccom_getstate_first_json_block_lower_than_64k_case6(void ** state) { - _test_lccom_getstate_tmp (outjson6, outjson_block_case_6, false); -} - -void test_lccom_getstate_first_json_block_lower_than_64k_case6_block1(void ** state) { - _test_lccom_getstate_tmp (outjson6, outjson_block_case_6_1, true); -} - -void test_lccom_getstate_first_json_block_no_global(void ** state) { - expect_string(__wrap__mwarn, formatted_msg, "'global' tag no found in logcollector JSON stats"); - addStartandEndTagsToJsonStrBlock(outjson_no_global, "{\"global\":{\"start\":", "\"interval\":{\"start\":", "{\"error\":0,\"data\":{\"global\":{\"start\":", 0, 0, 0, 0, false); - assert_string_equal(outjson_no_global, outjson_no_global); -} - -void test_lccom_getJsonStr64kBlockFromLatestIndex(void ** state) { - char * output = NULL; - char *json = NULL; - os_strdup(outjson2, json); - - size_t retval = getJsonStr64kBlockFromLatestIndex(&json, false); - assert_int_equal(strlen(json), retval); - assert_string_equal(outjson2, json); - os_free(json); -} - -void test_lccom_isJsonUpdated(void ** state) { - struct stat stat_buf = { .st_mode = 0040000 }; - expect_string(__wrap_stat, __file, "var/run/wazuh-logcollector.state"); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - will_return(__wrap_difftime, 10); - will_return(__wrap_strftime,"Wed Dec 31 19:00:00 1969"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap__mdebug2, formatted_msg, " Wed Dec 31 19:00:00 1969 var/run/wazuh-logcollector.state"); - size_t retval = isJsonUpdated(); -} - -void test_lccom_dispatch_getconfig_ok() { - char * command = NULL; - char * output = NULL; - - os_strdup("getconfig test", command); - - expect_string(__wrap__mdebug1, formatted_msg, "At LCCOM getconfig: Could not get 'test' section"); - - size_t retval = lccom_dispatch(command, &output); - - assert_int_equal(retval, 35); - assert_string_equal(output, "err Could not get requested section"); - - os_free(command); - os_free(output); -} - -void test_lccom_dispatch_getconfig_err() { - char * command = NULL; - char * output = NULL; - - os_strdup("getconfig", command); - - expect_string(__wrap__mdebug1, formatted_msg, "LCCOM getconfig needs arguments."); - - size_t retval = lccom_dispatch(command, &output); - - assert_int_equal(retval, 35); - assert_string_equal(output, "err LCCOM getconfig needs arguments"); - - os_free(command); - os_free(output); -} - -void test_lccom_dispatch_getstate() { - char * command = NULL; - char * output = NULL; - char json[] = "test json"; - state_interval = true; - - os_strdup("getstate", command); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 2); - will_return(__wrap_w_logcollector_state_get, (cJSON *) 3); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "error"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 0); - will_return(__wrap_cJSON_AddNumberToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "remaining"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "json_updated"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, 0); - - will_return(__wrap_cJSON_PrintUnformatted, strdup(json)); - expect_function_call(__wrap_cJSON_Delete); - - size_t retval = lccom_dispatch(command, &output); - - assert_int_equal(retval, 9); - assert_string_equal(output, "test json"); - - os_free(command); - os_free(output); -} - -void test_lccom_dispatch_getstate_next() { - char * command = NULL; - char * output = NULL; - char json[] = "test json"; - state_interval = true; - - os_strdup("getstate next", command); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 2); - will_return(__wrap_w_logcollector_state_get, (cJSON *) 3); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "error"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 0); - will_return(__wrap_cJSON_AddNumberToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "remaining"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_string(__wrap_cJSON_AddFalseToObject, name, "json_updated"); - will_return(__wrap_cJSON_AddFalseToObject, NULL); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, 0); - - will_return(__wrap_cJSON_PrintUnformatted, strdup(json)); - expect_function_call(__wrap_cJSON_Delete); - - size_t retval = lccom_dispatch(command, &output); - - assert_int_equal(retval, 9); - assert_string_equal(output, "test json"); - - os_free(command); - os_free(output); -} - -void test_lccom_dispatch_err() { - char * command = NULL; - char * output = NULL; - - os_strdup("test", command); - - expect_string(__wrap__mdebug1, formatted_msg, "LCCOM Unrecognized command 'test'."); - - size_t retval = lccom_dispatch(command, &output); - - assert_int_equal(retval, 24); - assert_string_equal(output, "err Unrecognized command"); - - os_free(command); - os_free(output); -} - -int main(void) { - const struct CMUnitTest tests[] = { - - // Tests lccom_getstate - cmocka_unit_test(test_lccom_getstate_ok), - cmocka_unit_test(test_lccom_getstate_null), - cmocka_unit_test(test_lccom_getstate_first_json_block_greather_than_64k), - cmocka_unit_test(test_lccom_getstate_second_json_block_greather_than_64k), - cmocka_unit_test(test_lccom_getstate_third_json_block_greather_than_64k), - cmocka_unit_test(test_lccom_getstate_end_json_block_lower_than_64k), - cmocka_unit_test(test_lccom_getstate_first_json_block_greather_than_64k_case1), - cmocka_unit_test(test_lccom_getstate_first_json_block_lower_than_64k_case2), - cmocka_unit_test(test_lccom_getstate_first_json_block_lower_than_64k_case5), - cmocka_unit_test(test_lccom_getstate_first_json_block_lower_than_64k_case5_block1), - cmocka_unit_test(test_lccom_getstate_first_json_block_lower_than_64k_case6), - cmocka_unit_test(test_lccom_getstate_first_json_block_lower_than_64k_case6_block1), - cmocka_unit_test(test_lccom_getstate_first_json_block_no_global), - cmocka_unit_test(test_lccom_getJsonStr64kBlockFromLatestIndex), - cmocka_unit_test(test_lccom_isJsonUpdated), - cmocka_unit_test(test_lccom_dispatch_getconfig_ok), - cmocka_unit_test(test_lccom_dispatch_getconfig_err), - cmocka_unit_test(test_lccom_dispatch_getstate), - cmocka_unit_test(test_lccom_dispatch_getstate_next), - cmocka_unit_test(test_lccom_dispatch_err), - }; - - return cmocka_run_group_tests(tests, setup_group, teardown_group); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_localfile_config.c b/src/modules/logcollector/tests/unit/tests/test_localfile_config.c deleted file mode 100644 index f570ab7306..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_localfile_config.c +++ /dev/null @@ -1,1106 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include - -#include "shared.h" -#include "../config/localfile-config.h" -#include "../config/config.h" -#include "../wrappers/wazuh/os_xml/os_xml_wrappers.h" -#include "../wrappers/externals/pcre2/pcre2_wrappers.h" -#include "../wrappers/externals/cJSON/cJSON_wrappers.h" - -const char * multiline_attr_match_str(w_multiline_match_type_t match_type); -const char * multiline_attr_replace_str(w_multiline_replace_type_t replace_type); -unsigned int w_get_attr_timeout(xml_node * node); -w_multiline_replace_type_t w_get_attr_replace(xml_node * node); -w_multiline_match_type_t w_get_attr_match(xml_node * node); -int w_logcollector_get_macos_log_type(const char * content); - -// Journal -#define VALID_PCRE2_REGEX "valid regex \\w+" -#define INVALID_PCRE2_REGEX "invalid regex [a \\w+{-1" - -_w_journal_filter_unit_t * create_unit_filter(const char * field, char * expression, bool ignore_if_missing); -void free_unit_filter(_w_journal_filter_unit_t * unit); -cJSON * unit_filter_as_json(_w_journal_filter_unit_t * unit); -cJSON * filter_as_json(w_journal_filter_t * filter); - -/* setup/teardown */ -static int setup_group(void **state) { - test_mode = 1; - w_test_pcre2_wrappers(false); - return 0; -} - -static int teardown_group(void **state) { - test_mode = 0; - w_test_pcre2_wrappers(true); - return 0; -} - -/* wraps */ - -/* tests */ - -/* multiline_attr_replace_str */ -void test_multiline_attr_replace_str_no_replace(void ** state) { - w_multiline_replace_type_t replace_type = ML_REPLACE_NO_REPLACE; - const char expected_retval[] = "no-replace"; - const char * retval = multiline_attr_replace_str(replace_type); - assert_string_equal(retval, expected_retval); -} - -void test_multiline_attr_replace_str_none(void ** state) { - w_multiline_replace_type_t replace_type = ML_REPLACE_NONE; - const char expected_retval[] = "none"; - const char * retval = multiline_attr_replace_str(replace_type); - assert_string_equal(retval, expected_retval); -} - -void test_multiline_attr_replace_str_ws(void ** state) { - w_multiline_replace_type_t replace_type = ML_REPLACE_WSPACE; - const char expected_retval[] = "wspace"; - const char * retval = multiline_attr_replace_str(replace_type); - assert_string_equal(retval, expected_retval); -} - -void test_multiline_attr_replace_str_tab(void ** state) { - w_multiline_replace_type_t replace_type = ML_REPLACE_TAB; - const char expected_retval[] = "tab"; - const char * retval = multiline_attr_replace_str(replace_type); - assert_string_equal(retval, expected_retval); -} - -/* multiline_attr_match_str */ -void test_multiline_attr_match_str_start(void ** state) { - w_multiline_match_type_t match_type = ML_MATCH_START; - const char expected_retval[] = "start"; - const char * retval = multiline_attr_match_str(match_type); - assert_string_equal(retval, expected_retval); -} - -void test_multiline_attr_match_str_all(void ** state) { - w_multiline_match_type_t match_type = ML_MATCH_ALL; - const char expected_retval[] = "all"; - const char * retval = multiline_attr_match_str(match_type); - assert_string_equal(retval, expected_retval); -} - -void test_multiline_attr_match_str_end(void ** state) { - w_multiline_match_type_t match_type = ML_MATCH_END; - const char expected_retval[] = "end"; - const char * retval = multiline_attr_match_str(match_type); - assert_string_equal(retval, expected_retval); -} - -/* w_get_attr_timeout */ -void test_w_get_attr_timeout_missing(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, NULL); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_empty(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, ""); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value '' for attribute 'timeout' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_not_number(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, "test"); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value 'test' for attribute 'timeout' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_mixed(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, "11test11"); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value '11test11' for attribute 'timeout' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_zero(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, "0"); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value '0' for attribute 'timeout' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_out_range(void ** state) { - - unsigned int expect_retval = MULTI_LINE_REGEX_TIMEOUT; - unsigned int retval; - char str_timeout[10] = {0}; - char str_msg[300] = {0}; - - sprintf(str_timeout, "%i", MULTI_LINE_REGEX_MAX_TIMEOUT + 4); - sprintf(str_msg, "(8000): Invalid value '%s' for attribute 'timeout' in " - "'multiline_regex' option. Default value will be used.", str_timeout); - - will_return(__wrap_w_get_attr_val_by_name, str_timeout); - expect_string(__wrap__mwarn, formatted_msg, str_msg); - - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_timeout_out_ok(void ** state) { - - unsigned int expect_retval = 30; - unsigned int retval; - - will_return(__wrap_w_get_attr_val_by_name, "30"); - retval = w_get_attr_timeout(NULL); - - assert_int_equal(expect_retval, retval); -} - -// Test w_get_attr_replace -void test_w_get_attr_replace_missing(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_NO_REPLACE; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, NULL); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_replace_no_replace(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_NO_REPLACE; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "no-replace"); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_replace_ws(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_WSPACE; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "wspace"); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_replace_tab(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_TAB; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "tab"); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_replace_none(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_NONE; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "none"); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_replace_invalid(void ** state) { - - w_multiline_replace_type_t expect_retval = ML_REPLACE_NO_REPLACE; - w_multiline_replace_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "invalid_attr"); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value 'invalid_attr' for attribute 'replace' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_replace(NULL); - - assert_int_equal(expect_retval, retval); -} - -/* w_get_attr_match */ -void test_w_get_attr_match_invalid(void ** state) { - - w_multiline_match_type_t expect_retval = ML_MATCH_START; - w_multiline_match_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "invalid_attr"); - expect_string(__wrap__mwarn, formatted_msg, - "(8000): Invalid value 'invalid_attr' for attribute 'match' in " - "'multiline_regex' option. Default value will be used."); - retval = w_get_attr_match(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_match_missing(void ** state) { - - w_multiline_match_type_t expect_retval = ML_MATCH_START; - w_multiline_match_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, NULL); - retval = w_get_attr_match(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_match_start(void ** state) { - - w_multiline_match_type_t expect_retval = ML_MATCH_START; - w_multiline_match_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "start"); - retval = w_get_attr_match(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_match_all(void ** state) { - - w_multiline_match_type_t expect_retval = ML_MATCH_ALL; - w_multiline_match_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "all"); - retval = w_get_attr_match(NULL); - - assert_int_equal(expect_retval, retval); -} - -void test_w_get_attr_match_end(void ** state) { - - w_multiline_match_type_t expect_retval = ML_MATCH_END; - w_multiline_match_type_t retval; - - will_return(__wrap_w_get_attr_val_by_name, "end"); - retval = w_get_attr_match(NULL); - - assert_int_equal(expect_retval, retval); -} - -/* w_logcollector_get_macos_log_type */ -void test_w_logcollector_get_macos_log_type_content_NULL(void ** state) { - const char * content = NULL; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, 0); -} - -void test_w_logcollector_get_macos_log_type_content_empty(void ** state) { - const char * content = ""; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, 0); -} - -void test_w_logcollector_get_macos_log_type_content_ignore_values(void ** state) { - const char * content = " hello, ,world "; - - expect_string(__wrap__mwarn, formatted_msg, "(8003): Invalid value 'hello' for attribute 'type' in 'query' option."\ - " Attribute will be ignored."); - - expect_string(__wrap__mwarn, formatted_msg, "(8003): Invalid value 'world' for attribute 'type' in 'query' option."\ - " Attribute will be ignored."); - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, 0); -} - -void test_w_logcollector_get_macos_log_type_content_activity(void ** state) { - const char * content = " activity "; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_ACTIVITY); -} - -void test_w_logcollector_get_macos_log_type_content_log(void ** state) { - const char * content = "log "; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_LOG); -} - -void test_w_logcollector_get_macos_log_type_content_trace(void ** state) { - const char * content = " trace, "; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_TRACE); -} - -void test_w_logcollector_get_macos_log_type_content_trace_activity(void ** state) { - const char * content = " trace, activity,,"; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_TRACE | MACOS_LOG_TYPE_ACTIVITY); -} - -void test_w_logcollector_get_macos_log_type_content_trace_log_activity(void ** state) { - const char * content = " trace, ,activity,,log "; - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_TRACE | MACOS_LOG_TYPE_ACTIVITY | MACOS_LOG_TYPE_LOG); -} - -void test_w_logcollector_get_macos_log_type_content_log_multiword_invalid(void ** state) { - const char * content = "log, trace activity"; - - expect_string(__wrap__mwarn, formatted_msg, - "(8003): Invalid value 'trace activity' for attribute 'type' in 'query' option." - " Attribute will be ignored."); - - int ret = w_logcollector_get_macos_log_type(content); - assert_int_equal(ret, MACOS_LOG_TYPE_LOG); -} - -/* init_w_journal_log_config_t */ -void test_init_w_journal_log_config_t_ok(void ** state) { - w_journal_log_config_t * config = NULL; - bool ret = init_w_journal_log_config_t(&config); - assert_true(ret); - assert_non_null(config); - assert_false(config->disable_filters); - assert_null(config->filters); - os_free(config); -} - -void test_init_w_journal_log_config_t_fail(void ** state) { - w_journal_log_config_t * config = (w_journal_log_config_t *) 0x1; - bool ret = init_w_journal_log_config_t(&config); - assert_false(ret); - assert_non_null(config); -} - -/* w_journal_log_config_free */ -void test_w_journal_log_config_free_null(void ** state) { - w_journal_log_config_t * config = NULL; - - w_journal_log_config_free(NULL); - w_journal_log_config_free(&config); -} - -void test_w_journal_log_config_free_ok(void ** state) { - - w_journal_log_config_t * config = NULL; - - assert_true(init_w_journal_log_config_t(&config)); - w_journal_log_config_free(&config); -} - -/* free_unit_filter */ -void test_free_unit_filter_null(void ** state) { - _w_journal_filter_unit_t * ufilter = NULL; - free_unit_filter(ufilter); -} - -void test_free_unit_filter_ok(void ** state) { - _w_journal_filter_unit_t * ufilter = calloc(1, sizeof(_w_journal_filter_unit_t)); - ufilter->field = strdup("test"); - w_calloc_expression_t(&ufilter->exp, EXP_TYPE_PCRE2); - w_expression_compile(ufilter->exp, VALID_PCRE2_REGEX, 0); - - free_unit_filter(ufilter); -} - -/* create_unit_filter */ -void test_create_unit_filter_null_param(void ** state) { - - assert_null(create_unit_filter("field", NULL, false)); - assert_null(create_unit_filter(NULL, VALID_PCRE2_REGEX, false)); -} - -void test_create_unit_filter_inv_expresion(void ** state) { - - assert_null(create_unit_filter("fied", INVALID_PCRE2_REGEX, false)); -} - -void test_create_unit_filter_ok(void ** state) { - _w_journal_filter_unit_t * ufilter = create_unit_filter("fied_test", VALID_PCRE2_REGEX, true); - - assert_non_null(ufilter); - assert_true(ufilter->ignore_if_missing); - assert_string_equal(ufilter->exp->pcre2->raw_pattern, VALID_PCRE2_REGEX); - assert_string_equal(ufilter->field, "fied_test"); - - free_unit_filter(ufilter); -} - -/* unit_filter_as_json */ -void test_unit_filter_as_json_null_params(void ** state) { - - _w_journal_filter_unit_t unit = {.exp = NULL, .field = NULL, .ignore_if_missing = false}; - - assert_null(unit_filter_as_json(NULL)); - - assert_null(unit_filter_as_json(&unit)); - - unit.field = "test field"; - assert_null(unit_filter_as_json(&unit)); -} - -void test_unit_filter_as_json_ok(void ** state) { - - _w_journal_filter_unit_t unit = {.exp = NULL, .field = "test field", .ignore_if_missing = true}; - - w_calloc_expression_t(&unit.exp, EXP_TYPE_PCRE2); - w_expression_compile(unit.exp, VALID_PCRE2_REGEX, 0); - - will_return(__wrap_cJSON_CreateObject, (void *) 0x1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "field"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test field"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "expression"); - expect_string(__wrap_cJSON_AddStringToObject, string, VALID_PCRE2_REGEX); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_AddBoolToObject, (cJSON *) 1); - - assert_non_null(unit_filter_as_json(&unit)); - - w_free_expression(unit.exp); -} - -/* w_journal_filter_add_condition */ -void test_w_journal_filter_add_condition_null_params(void ** state) { - w_journal_filter_t * filters = NULL; - assert_int_not_equal(0, w_journal_filter_add_condition(&filters, "field", NULL, false)); - assert_int_not_equal(0, w_journal_filter_add_condition(&filters, NULL, VALID_PCRE2_REGEX, false)); - assert_int_not_equal(0, w_journal_filter_add_condition(NULL, "field", VALID_PCRE2_REGEX, false)); -} - -void test_w_journal_filter_add_condition_bad_exp(void ** state) { - w_journal_filter_t * filters = NULL; - assert_int_not_equal(0, w_journal_filter_add_condition(&filters, "field", INVALID_PCRE2_REGEX, false)); -} - -void test_w_journal_filter_add_condition_ok_first_cond(void ** state) { - w_journal_filter_t * filters = NULL; - - assert_int_equal(0, w_journal_filter_add_condition(&filters, "field", VALID_PCRE2_REGEX, false)); - - assert_non_null(filters); - assert_int_equal(1, filters->units_size); - assert_non_null(filters->units); - assert_non_null(filters->units[0]); - assert_non_null(filters->units[0]->exp->pcre2->code); - assert_null(filters->units[1]); - - w_journal_filter_free(filters); // test w_journal_filter_free -} - -void test_w_journal_filter_add_condition_ok_other_cond(void ** state) { - - w_journal_filter_t * filters = NULL; - - assert_int_equal(0, w_journal_filter_add_condition(&filters, "field", VALID_PCRE2_REGEX, false)); - - assert_non_null(filters); - assert_int_equal(1, filters->units_size); - assert_non_null(filters->units); - assert_non_null(filters->units[0]); - assert_non_null(filters->units[0]->exp->pcre2->code); - assert_int_equal(filters->units[0]->ignore_if_missing, false); - assert_null(filters->units[1]); - - // Add second filter - assert_int_equal(0, w_journal_filter_add_condition(&filters, "field2", VALID_PCRE2_REGEX, true)); - - assert_int_equal(2, filters->units_size); - assert_non_null(filters->units); - assert_non_null(filters->units[0]); - assert_non_null(filters->units[0]->exp->pcre2->code); - assert_string_equal(filters->units[0]->field, "field"); - assert_non_null(filters->units[1]); - assert_non_null(filters->units[1]->exp->pcre2->code); - assert_int_equal(filters->units[1]->ignore_if_missing, true); - assert_string_equal(filters->units[1]->field, "field2"); - - assert_null(filters->units[2]); - - w_journal_filter_free(filters); // test w_journal_filter_free -} - -/* w_journal_filter_free */ -void test_w_journal_filter_free_null(void ** state) { w_journal_filter_free(NULL); } - -/* Test filter_as_json */ -void test_filter_as_json_null_params(void ** state) { - - w_journal_filter_t filter = {0}; - - assert_null(filter_as_json(NULL)); - assert_null(filter_as_json(&filter)); -} - -void test_filter_as_json_fail_array(void ** state) { - - w_journal_filter_t * filter = NULL; - - assert_int_equal(0, w_journal_filter_add_condition(&filter, "test field", VALID_PCRE2_REGEX, false)); - - will_return(__wrap_cJSON_CreateArray, (cJSON *) NULL); - - assert_null(filter_as_json(filter)); - - w_journal_filter_free(filter); -} - -void test_filter_as_json_one_unit(void ** state) { - - w_journal_filter_t * filter = NULL; - - assert_int_equal(0, w_journal_filter_add_condition(&filter, "test field", VALID_PCRE2_REGEX, false)); - - will_return(__wrap_cJSON_CreateArray, (cJSON *) 0x1); - - // start: unit filter as json - will_return(__wrap_cJSON_CreateObject, (void *) 0x1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "field"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test field"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "expression"); - expect_string(__wrap_cJSON_AddStringToObject, string, VALID_PCRE2_REGEX); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_AddBoolToObject, (cJSON *) 1); - // end: unit filter as json - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - assert_non_null(filter_as_json(filter)); - - w_journal_filter_free(filter); -} - -/* w_journal_add_filter_to_list */ -void test_w_journal_add_filter_to_list_null_params(void ** state) { - - w_journal_filters_list_t list = NULL; - w_journal_filter_t filter; - assert_false(w_journal_add_filter_to_list(&list, NULL)); - assert_false(w_journal_add_filter_to_list(NULL, &filter)); -} - -void test_w_journal_add_filter_to_list_new_list(void ** state) { - - w_journal_filters_list_t list = NULL; - w_journal_filter_t filter = {0}; - - assert_true(w_journal_add_filter_to_list(&list, &filter)); - - assert_non_null(list); - assert_non_null(list[0]); - assert_ptr_equal(list[0], &filter); - assert_null(list[1]); - - os_free(list); -} - -void test_w_journal_add_filter_to_list_exist_list(void ** state) { - - w_journal_filters_list_t list = NULL; - w_journal_filter_t filter = {0}; - - assert_true(w_journal_add_filter_to_list(&list, &filter)); - - assert_non_null(list); - assert_non_null(list[0]); - assert_ptr_equal(list[0], &filter); - assert_null(list[1]); - - // Add second item - w_journal_filter_t filter2 = {0}; - assert_true(w_journal_add_filter_to_list(&list, &filter2)); - - assert_non_null(list[0]); - assert_ptr_equal(list[0], &filter); - assert_non_null(list[1]); - assert_ptr_equal(list[1], &filter2); - assert_null(list[2]); - - os_free(list); -} - -// Test w_journal_filter_list_as_json -void test_w_journal_filter_list_as_json_null_params(void ** state) { assert_null(w_journal_filter_list_as_json(NULL)); } - -void test_w_journal_filter_list_as_json_fail_array(void ** state) { - - w_journal_filters_list_t list = NULL; - - // Prepare the filter - w_journal_filter_t * filter = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&filter, "test field", VALID_PCRE2_REGEX, false)); - // Add filter to the list - assert_true(w_journal_add_filter_to_list(&list, filter)); - - // Print the list - // start: Print as json - will_return(__wrap_cJSON_CreateArray, (cJSON *) NULL); - assert_null(w_journal_filter_list_as_json(list)); - - w_journal_filters_list_free(list); // Test w_journal_filters_list_free -} - -void test_w_journal_filter_list_as_json_success(void ** state) { - - w_journal_filters_list_t list = NULL; - - // Prepare the filter - w_journal_filter_t * filter = NULL; - assert_int_equal(0, w_journal_filter_add_condition(&filter, "test field", VALID_PCRE2_REGEX, false)); - // Add filter to the list - assert_true(w_journal_add_filter_to_list(&list, filter)); - - // Print the list - - // start: Print as json - will_return(__wrap_cJSON_CreateArray, (cJSON *) 0x1); - - // - filter_as_json - will_return(__wrap_cJSON_CreateArray, (cJSON *) 0x1); - // - - unit_filter_as_json - will_return(__wrap_cJSON_CreateObject, (void *) 0x1); - expect_string(__wrap_cJSON_AddStringToObject, name, "field"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test field"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - expect_string(__wrap_cJSON_AddStringToObject, name, "expression"); - expect_string(__wrap_cJSON_AddStringToObject, string, VALID_PCRE2_REGEX); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 1); - will_return(__wrap_cJSON_AddBoolToObject, (cJSON *) 1); - // - end: filter_as_json - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - assert_non_null(w_journal_filter_list_as_json(list)); - - w_journal_filters_list_free(list); // Test w_journal_filters_list_free -} - -// ------------------------------------------------ -/* journald_add_condition_to_filter */ -void test_journald_add_condition_to_filter_invalid_params(void ** state) { - - assert_false(journald_add_condition_to_filter(NULL, NULL)); - assert_false(journald_add_condition_to_filter(NULL, (w_journal_filter_t **) 0x1)); - assert_false(journald_add_condition_to_filter((xml_node *) 0x1, NULL)); -} - -void test_journald_add_condition_to_filter_non_field(void ** state) { - - xml_node node = {0}; - char * node_content = "regex xml content"; - node.content = node_content; - - w_journal_filter_t * filter = NULL; - - // Null field - will_return(__wrap_w_get_attr_val_by_name, NULL); - expect_string(__wrap__mwarn, formatted_msg, "(8019): The field for the journal filter cannot be empty."); - - assert_false(journald_add_condition_to_filter(&node, &filter)); -} - -void test_journald_add_condition_to_filter_empty_field(void ** state) { - - xml_node node = {0}; - char * node_content = "regex xml content"; - node.content = node_content; - - w_journal_filter_t * filter = NULL; - - // Null field - will_return(__wrap_w_get_attr_val_by_name, ""); - expect_string(__wrap__mwarn, formatted_msg, "(8019): The field for the journal filter cannot be empty."); - - assert_false(journald_add_condition_to_filter(&node, &filter)); -} - -void test_journald_add_condition_to_filter_empty_regex(void ** state) { - - xml_node node = {0}; - char * node_content = ""; - node.content = node_content; - - w_journal_filter_t * filter = NULL; - - // Null field - will_return(__wrap_w_get_attr_val_by_name, "field"); - expect_string(__wrap__mwarn, formatted_msg, "(8020): The expression for the journal filter cannot be empty."); - - assert_false(journald_add_condition_to_filter(&node, &filter)); -} - -void test_journald_add_condition_to_filter_null_regex(void ** state) { - - xml_node node = {0}; - node.content = NULL; - - w_journal_filter_t * filter = NULL; - - // Null field - will_return(__wrap_w_get_attr_val_by_name, "field"); - expect_string(__wrap__mwarn, formatted_msg, "(8020): The expression for the journal filter cannot be empty."); - - assert_false(journald_add_condition_to_filter(&node, &filter)); -} - -void test_journald_add_condition_to_filter_ingore_no(void ** state) { - - xml_node node = {0}; - node.content = VALID_PCRE2_REGEX; - - w_journal_filter_t * filter = NULL; - - will_return(__wrap_w_get_attr_val_by_name, "field"); - will_return(__wrap_w_get_attr_val_by_name, "no"); - - // w_journal_filter_add_condition ok - assert_true(journald_add_condition_to_filter(&node, &filter)); - - assert_non_null(filter); - assert_int_equal(filter->units_size, 1); - assert_non_null(filter->units); - assert_non_null(filter->units[0]); - assert_string_equal(filter->units[0]->exp->pcre2->raw_pattern, VALID_PCRE2_REGEX); - assert_string_equal(filter->units[0]->field, "field"); - assert_false(filter->units[0]->ignore_if_missing); - assert_null(filter->units[1]); - - w_journal_filter_free(filter); -} - -void test_journald_add_condition_to_filter_ingore_missing(void ** state) { - - xml_node node = {0}; - node.content = VALID_PCRE2_REGEX; - - w_journal_filter_t * filter = NULL; - - will_return(__wrap_w_get_attr_val_by_name, "field"); - will_return(__wrap_w_get_attr_val_by_name, NULL); - - // w_journal_filter_add_condition ok - assert_true(journald_add_condition_to_filter(&node, &filter)); - - assert_non_null(filter); - assert_int_equal(filter->units_size, 1); - assert_non_null(filter->units); - assert_non_null(filter->units[0]); - assert_string_equal(filter->units[0]->exp->pcre2->raw_pattern, VALID_PCRE2_REGEX); - assert_string_equal(filter->units[0]->field, "field"); - assert_false(filter->units[0]->ignore_if_missing); - assert_null(filter->units[1]); - - w_journal_filter_free(filter); -} - -void test_journald_add_condition_to_filter_ingore_wrong(void ** state) { - - xml_node node = {0}; - node.content = VALID_PCRE2_REGEX; - - w_journal_filter_t * filter = NULL; - - will_return(__wrap_w_get_attr_val_by_name, "field"); - will_return(__wrap_w_get_attr_val_by_name, "bad attribute"); - expect_string(__wrap__mwarn, - formatted_msg, - "(8000): Invalid value 'bad attribute' for attribute 'ignore_if_missing' in 'journal' option. " - "Default value will be used."); - - // w_journal_filter_add_condition ok - assert_true(journald_add_condition_to_filter(&node, &filter)); - - assert_non_null(filter); - assert_int_equal(filter->units_size, 1); - assert_non_null(filter->units); - assert_non_null(filter->units[0]); - assert_string_equal(filter->units[0]->exp->pcre2->raw_pattern, VALID_PCRE2_REGEX); - assert_string_equal(filter->units[0]->field, "field"); - assert_false(filter->units[0]->ignore_if_missing); - assert_null(filter->units[1]); - - w_journal_filter_free(filter); -} - -void test_journald_add_condition_to_filter_ingore_yes(void ** state) { - - xml_node node = {0}; - node.content = VALID_PCRE2_REGEX; - - w_journal_filter_t * filter = NULL; - - will_return(__wrap_w_get_attr_val_by_name, "field"); - will_return(__wrap_w_get_attr_val_by_name, "yes"); - - // w_journal_filter_add_condition ok - assert_true(journald_add_condition_to_filter(&node, &filter)); - - assert_non_null(filter); - assert_int_equal(filter->units_size, 1); - assert_non_null(filter->units); - assert_non_null(filter->units[0]); - assert_string_equal(filter->units[0]->exp->pcre2->raw_pattern, VALID_PCRE2_REGEX); - assert_string_equal(filter->units[0]->field, "field"); - assert_true(filter->units[0]->ignore_if_missing); - assert_null(filter->units[1]); - - w_journal_filter_free(filter); -} - -void test_journald_add_condition_to_filter_fail_regex(void ** state) { - - xml_node node = {0}; - node.content = INVALID_PCRE2_REGEX; - - w_journal_filter_t * filter = NULL; - - will_return(__wrap_w_get_attr_val_by_name, "field"); - will_return(__wrap_w_get_attr_val_by_name, "no"); - - expect_string( - __wrap__mwarn, - formatted_msg, - "(8021): Error compiling the PCRE2 expression 'invalid regex [a \\w+{-1' for field 'field' in journal filter."); - // w_journal_filter_add_condition fail - assert_false(journald_add_condition_to_filter(&node, &filter)); -} - -/* w_multiline_log_config_free */ -void test_w_multiline_log_config_free_null(void **state) -{ - w_multiline_log_config_free(NULL); - - w_multiline_config_t *config = NULL; - w_multiline_log_config_free(&config); -} - -void test_w_multiline_log_config_free_success(void ** state) { - w_multiline_config_t * config = NULL; - os_calloc(1, sizeof(w_multiline_config_t), config); - - // Set a valid config - - // Regex config - w_calloc_expression_t(&config->regex, EXP_TYPE_PCRE2); - assert_true(w_expression_compile(config->regex, "valid regex .*", 0)); - - // collector config - config->match_type = ML_MATCH_START; - config->replace_type = ML_REPLACE_NO_REPLACE; - config->timeout = 10; - - // Simulate non-empty ctxt - os_calloc(1, sizeof(w_multiline_ctxt_t), config->ctxt); - os_calloc(100, sizeof(char), config->ctxt->buffer); - - w_multiline_log_config_free(&config); - assert_null(config); -} - -// Test w_multiline_log_config_clone -void test_w_multiline_log_config_clone_null(void ** state) { - assert_null(w_multiline_log_config_clone(NULL)); -} - -void test_w_multiline_log_config_clone_success(void ** state) { - - - w_multiline_config_t * config = NULL; - os_calloc(1, sizeof(w_multiline_config_t), config); - - // Set a valid config - w_calloc_expression_t(&config->regex, EXP_TYPE_PCRE2); - assert_true(w_expression_compile(config->regex, "valid regex .*", 0)); - - // collector config - config->match_type = ML_MATCH_END; - config->replace_type = ML_REPLACE_NONE; - config->timeout = 10; - - // Simulate non-empty ctxt - os_calloc(1, sizeof(w_multiline_ctxt_t), config->ctxt); - os_calloc(100, sizeof(char), config->ctxt->buffer); - - - // Test clone - w_multiline_config_t * cloned_config = w_multiline_log_config_clone(config); - w_multiline_log_config_free(&config); - - // Checks - assert_non_null(cloned_config); - assert_non_null(cloned_config->regex); - assert_string_equal(w_expression_get_regex_pattern(cloned_config->regex), "valid regex .*"); - - assert_int_equal(cloned_config->match_type, ML_MATCH_END); - assert_int_equal(cloned_config->replace_type, ML_REPLACE_NONE); - assert_int_equal(cloned_config->timeout, 10); - - assert_null(cloned_config->ctxt); // Should be a empty context - - w_multiline_log_config_free(&cloned_config); - -} - -/* main */ - -int main(void) { - const struct CMUnitTest tests[] = { - // Tests replace_char - cmocka_unit_test(test_multiline_attr_match_str_start), - cmocka_unit_test(test_multiline_attr_match_str_all), - cmocka_unit_test(test_multiline_attr_match_str_end), - // Tests multiline_attr_replace_str - cmocka_unit_test(test_multiline_attr_replace_str_no_replace), - cmocka_unit_test(test_multiline_attr_replace_str_none), - cmocka_unit_test(test_multiline_attr_replace_str_ws), - cmocka_unit_test(test_multiline_attr_replace_str_tab), - // Tests w_get_attr_timeout - cmocka_unit_test(test_w_get_attr_timeout_missing), - cmocka_unit_test(test_w_get_attr_timeout_empty), - cmocka_unit_test(test_w_get_attr_timeout_zero), - cmocka_unit_test(test_w_get_attr_timeout_not_number), - cmocka_unit_test(test_w_get_attr_timeout_mixed), - cmocka_unit_test(test_w_get_attr_timeout_out_range), - cmocka_unit_test(test_w_get_attr_timeout_out_ok), - // Tests w_get_attr_replace - cmocka_unit_test(test_w_get_attr_replace_missing), - cmocka_unit_test(test_w_get_attr_replace_no_replace), - cmocka_unit_test(test_w_get_attr_replace_ws), - cmocka_unit_test(test_w_get_attr_replace_tab), - cmocka_unit_test(test_w_get_attr_replace_none), - cmocka_unit_test(test_w_get_attr_replace_invalid), - // Tests w_get_attr_match - cmocka_unit_test(test_w_get_attr_match_missing), - cmocka_unit_test(test_w_get_attr_match_start), - cmocka_unit_test(test_w_get_attr_match_all), - cmocka_unit_test(test_w_get_attr_match_end), - cmocka_unit_test(test_w_get_attr_match_invalid), - // Tests w_logcollector_get_macos_log_type - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_NULL), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_empty), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_ignore_values), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_activity), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_log), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_trace), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_trace_activity), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_trace_log_activity), - cmocka_unit_test(test_w_logcollector_get_macos_log_type_content_log_multiword_invalid), - // Test init_w_journal_log_config_t - cmocka_unit_test(test_init_w_journal_log_config_t_fail), - cmocka_unit_test(test_init_w_journal_log_config_t_ok), - // Test w_journal_log_config_free - cmocka_unit_test(test_w_journal_log_config_free_null), - cmocka_unit_test(test_w_journal_log_config_free_ok), - // Test free_unit_filter - cmocka_unit_test(test_free_unit_filter_null), - cmocka_unit_test(test_free_unit_filter_ok), - // Test create_unit_filter - cmocka_unit_test(test_create_unit_filter_null_param), - cmocka_unit_test(test_create_unit_filter_inv_expresion), - cmocka_unit_test(test_create_unit_filter_ok), - // Test unit_filter_as_json - cmocka_unit_test(test_unit_filter_as_json_null_params), - cmocka_unit_test(test_unit_filter_as_json_ok), - // Test w_journal_filter_add_condition - cmocka_unit_test(test_w_journal_filter_add_condition_null_params), - cmocka_unit_test(test_w_journal_filter_add_condition_bad_exp), - cmocka_unit_test(test_w_journal_filter_add_condition_ok_first_cond), - cmocka_unit_test(test_w_journal_filter_add_condition_ok_other_cond), - // Test w_journal_filter_add_condition w_journal_filter_free - cmocka_unit_test(test_w_journal_filter_free_null), - // Test filter_as_json - cmocka_unit_test(test_filter_as_json_null_params), - cmocka_unit_test(test_filter_as_json_fail_array), - cmocka_unit_test(test_filter_as_json_one_unit), - // Test w_journal_add_filter_to_list - cmocka_unit_test(test_w_journal_add_filter_to_list_null_params), - cmocka_unit_test(test_w_journal_add_filter_to_list_new_list), - cmocka_unit_test(test_w_journal_add_filter_to_list_exist_list), - // Test w_journal_filter_list_as_json - cmocka_unit_test(test_w_journal_filter_list_as_json_null_params), - cmocka_unit_test(test_w_journal_filter_list_as_json_fail_array), - cmocka_unit_test(test_w_journal_filter_list_as_json_success), - // Test journald_add_condition_to_filter - cmocka_unit_test(test_journald_add_condition_to_filter_invalid_params), - cmocka_unit_test(test_journald_add_condition_to_filter_non_field), - cmocka_unit_test(test_journald_add_condition_to_filter_empty_field), - cmocka_unit_test(test_journald_add_condition_to_filter_empty_regex), - cmocka_unit_test(test_journald_add_condition_to_filter_null_regex), - cmocka_unit_test(test_journald_add_condition_to_filter_ingore_no), - cmocka_unit_test(test_journald_add_condition_to_filter_ingore_missing), - cmocka_unit_test(test_journald_add_condition_to_filter_ingore_wrong), - cmocka_unit_test(test_journald_add_condition_to_filter_ingore_yes), - cmocka_unit_test(test_journald_add_condition_to_filter_fail_regex), - // Test w_multiline_log_config_free - cmocka_unit_test(test_w_multiline_log_config_free_null), - cmocka_unit_test(test_w_multiline_log_config_free_success), - // Test w_multiline_log_config_clone - cmocka_unit_test(test_w_multiline_log_config_clone_null), - cmocka_unit_test(test_w_multiline_log_config_clone_success), - - }; - return cmocka_run_group_tests(tests, setup_group, teardown_group); - //return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_logcollector.c b/src/modules/logcollector/tests/unit/tests/test_logcollector.c deleted file mode 100644 index b0de0c0868..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_logcollector.c +++ /dev/null @@ -1,2786 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include - -#include "../../headers/shared.h" -#include "../../logcollector/logcollector.h" -#include -#include -#include "../../os_crypto/sha1/sha1_op.h" - -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/hash_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" -#include "../wrappers/wazuh/shared/debug_op_wrappers.h" -#include "../wrappers/externals/cJSON/cJSON_wrappers.h" -#include "../wrappers/wazuh/shared/file_op_wrappers.h" -#include "../wrappers/wazuh/os_crypto/sha1_op_wrappers.h" -#include "../wrappers/posix/pthread_wrappers.h" -#include "../wrappers/posix/signal_wrappers.h" - - -extern OSHash *files_status; - -bool w_get_hash_context(logreader *lf, EVP_MD_CTX **context, int64_t position); -ssize_t w_set_to_pos(logreader *lf, long pos, int mode); -char * w_save_files_status_to_cJSON(); -void w_save_file_status(); -void w_load_files_status(cJSON *global_json); -void w_initialize_file_status(); -int w_update_hash_node(char * path, int64_t pos); -int w_set_to_last_line_read(logreader *lf); -void free_files_status_data(os_file_status_t *data); - -// Auxiliar structs -typedef struct test_logcollector_s { - logreader *log_reader; - EVP_MD_CTX *context; - os_file_status_t *status; - OSHashNode *node; -} test_logcollector_t; - -extern w_macos_log_vault_t macos_log_vault; -extern w_macos_log_procceses_t * macos_processes; -static wfd_t * stream_backup; -static wfd_t * show_backup; - -// Aux functions -void set_gs_journald_ofe(bool exist, bool ofe, uint64_t timestamp); - -/* setup/teardown */ - -static int setup_group(void **state) { - test_mode = 1; - macos_log_vault.is_valid_data = true; - return 0; -} - -static int teardown_group(void **state) { - test_mode = 0; - return 0; -} - -void free_os_file_status_t_struct(os_file_status_t *data) { - EVP_MD_CTX_free(data->context); - os_free(data); -} - -static int setup_local_hashmap(void **state) { - if (setup_hashmap(state) != 0) { - return 1; - } - __real_OSHash_SetFreeDataPointer(mock_hashmap, (void (*)(void *))free_os_file_status_t_struct); - files_status = mock_hashmap; - return 0; -} - -static int teardown_local_hashmap(void **state) { - if (teardown_hashmap(state) != 0) { - return 1; - } - return 0; -} - -static int setup_log_context(void **state) { - if (setup_local_hashmap(state) != 0) { - return 1; - } - - test_logcollector_t *test_struct = calloc(1, sizeof(test_logcollector_t)); - if (test_struct == NULL) { - return 1; - } - - test_struct->log_reader = calloc(1, sizeof(logreader)); - test_struct->context = EVP_MD_CTX_new(); - test_struct->status = calloc(1, sizeof(os_file_status_t)); - test_struct->node = calloc(1, sizeof(OSHashNode)); - - if (test_struct->log_reader == NULL || test_struct->context == NULL || test_struct->status == NULL || - test_struct->node == NULL) { - return 1; - } - - test_struct->log_reader->fp = (FILE *) 1; - *state = test_struct; - return 0; -} - -static int teardown_log_context(void **state) { - if (teardown_local_hashmap(state) != 0) { - return 1; - } - test_logcollector_t * test_struct = *state; - - expect_any(__wrap_fclose, _File); - will_return_always(__wrap_fclose, 0); - Free_Logreader(test_struct->log_reader); - - free(test_struct->log_reader); - EVP_MD_CTX_free(test_struct->context); - free(test_struct->status); - free(test_struct->node); - free(test_struct); - - return 0; -} - -static int setup_process(void **state) { - w_macos_log_procceses_t * local_macos_processes = calloc(1, sizeof(w_macos_log_procceses_t)); - os_calloc(1, sizeof(wfd_t), local_macos_processes->show.wfd); - os_calloc(1, sizeof(wfd_t), local_macos_processes->stream.wfd); - stream_backup = local_macos_processes->stream.wfd; - show_backup = local_macos_processes->show.wfd; - *state = local_macos_processes; - - return 0; -} - -static int teardown_process(void **state) { - w_macos_log_procceses_t * local_macos_processes = *state; - - os_free(stream_backup); - os_free(show_backup); - os_free(local_macos_processes); - - return 0; -} - -static int setup_regex(void **state) { - logreader *regex_config = calloc(1, sizeof(logreader)); - regex_config->regex_ignore = NULL; - regex_config->regex_restrict = NULL; - - regex_config->regex_ignore = OSList_Create(); - if (regex_config->regex_ignore == NULL) { - merror(MEM_ERROR, errno, strerror(errno)); - return -1; - } - OSList_SetFreeDataPointer(regex_config->regex_ignore, (void (*)(void *))w_free_expression); - - regex_config->regex_restrict = OSList_Create(); - if (regex_config->regex_restrict == NULL) { - merror(MEM_ERROR, errno, strerror(errno)); - return -1; - } - OSList_SetFreeDataPointer(regex_config->regex_restrict, (void (*)(void *))w_free_expression); - - *state = regex_config; - - return 0; -} - -static int teardown_regex(void **state) { - logreader *regex_config = *state; - - expect_function_call_any(__wrap_pthread_rwlock_wrlock); - expect_function_call_any(__wrap_pthread_rwlock_unlock); - - if (regex_config->regex_ignore) { - OSList_Destroy(regex_config->regex_ignore); - regex_config->regex_ignore = NULL; - } - if (regex_config->regex_restrict) { - OSList_Destroy(regex_config->regex_restrict); - regex_config->regex_restrict = NULL; - } - - os_free(regex_config); - - return 0; -} - -/* wraps */ - -/* tests */ - -/* w_get_hash_context */ - -void test_w_get_hash_context_NULL_file_exist(void ** state) { - EVP_MD_CTX *context = NULL; - int64_t position = 10; - test_logcollector_t *test_struct = *state; - - logreader *lf = test_struct->log_reader; - - lf->file = strdup("/test_path"); - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, lf->file); - will_return(__wrap_OSHash_Get_ex, NULL); - - expect_string(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fname, lf->file); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, mode, OS_BINARY); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, nbytes, position); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fd_check, 0); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, 0); - - bool ret = w_get_hash_context(lf, &context, position); - - assert_true(ret); -} - -void test_w_get_hash_context_NULL_file_not_exist(void ** state) { - EVP_MD_CTX *context = EVP_MD_CTX_new(); - int64_t position = 10; - test_logcollector_t *test_struct = *state; - logreader *lf = test_struct->log_reader; - - lf->file = strdup("/test_path"); - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, lf->file); - will_return(__wrap_OSHash_Get_ex, NULL); - - expect_string(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fname, lf->file); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, mode, OS_BINARY); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, nbytes, position); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fd_check, 0); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, -1); - - bool ret = w_get_hash_context (lf, &context, position); - EVP_MD_CTX_free(context); - assert_false(ret); -} - -void test_w_get_hash_context_done(void ** state) { - int64_t position = 10; - test_logcollector_t *test_struct = *state; - - logreader *lf = test_struct->log_reader; - EVP_MD_CTX *context = test_struct->context; - os_file_status_t *data = test_struct->status; - - lf->file = strdup("/test_path"); - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, lf->file); - will_return(__wrap_OSHash_Get_ex, NULL); - - expect_string(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fname, lf->file); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, mode, OS_BINARY); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, nbytes, position); - expect_value(__wrap_OS_SHA1_File_Nbytes_with_fp_check, fd_check, 0); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes_with_fp_check, -1); - - bool ret = w_get_hash_context (lf, &context, position); - - assert_false(ret); -} - -/* w_update_file_status */ -void test_w_update_file_status_fail_update_add_table_hash(void ** state) { - char * path = "test/test.log"; - long pos = 0; - EVP_MD_CTX *context = EVP_MD_CTX_new(); - - expect_value(__wrap_OS_SHA1_Stream, buf, NULL); - will_return(__wrap_OS_SHA1_Stream, "a7a899f25aeda32989d1029839ef2e594835c211"); - - will_return(__wrap_OSHash_Update_ex, 0); - - OSHash_Add_ex_check_data = 0; - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, path); - will_return(__wrap_OSHash_Add_ex, 0); - - int retval = w_update_file_status(path, pos, context); - - assert_int_equal(retval,-1); -} - -void test_w_update_file_status_update_fail_add_OK(void ** state) { - - char * path = "test/test.log"; - long pos = 0; - EVP_MD_CTX *context = EVP_MD_CTX_new(); - - expect_value(__wrap_OS_SHA1_Stream, buf, NULL); - will_return(__wrap_OS_SHA1_Stream, "a7a899f25aeda32989d1029839ef2e594835c211"); - - will_return(__wrap_OSHash_Update_ex, 0); - - OSHash_Add_ex_check_data = 0; - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, path); - will_return(__wrap_OSHash_Add_ex, 2); - - int retval = w_update_file_status(path, pos, context); - - assert_int_equal(retval,0); - -} - -void test_w_update_file_status_update_OK(void ** state) { - char * path = "test/test.log"; - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - data->context = EVP_MD_CTX_new(); - - __real_OSHash_Add_ex(mock_hashmap, path, data); - - long pos = 0; - EVP_MD_CTX *context = EVP_MD_CTX_new(); - - expect_value(__wrap_OS_SHA1_Stream, buf, NULL); - will_return(__wrap_OS_SHA1_Stream, "a7a899f25aeda32989d1029839ef2e594835c211"); - - will_return(__wrap_OSHash_Update_ex, 1); - - int retval = w_update_file_status(path, pos, context); - - assert_int_equal(retval,0);; -} - -/* w_set_to_pos */ - -void test_w_set_to_pos_localfile_NULL(void ** state) { - logreader *lf = NULL; - long pos = 0; - int mode = OS_BINARY; - - int retval = w_set_to_pos(lf, pos, mode); - - assert_int_equal(retval, -1); - -} - -void test_w_set_to_pos_fseek_error(void ** state) { - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - lf->fp = (FILE*)1; - os_strdup("test", lf->file); - long pos = 0; - int mode = OS_BINARY; - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, -1); - - expect_string(__wrap__merror, formatted_msg, "(1116): Could not set position in file 'test' due to [(0)-(Success)]."); - - expect_value(__wrap_fclose, _File, 1); - will_return(__wrap_fclose, 1); - - int retval = w_set_to_pos(lf, pos, mode); - - assert_int_equal(retval, -1); - - os_free(lf->file); - os_free(lf->fp); - os_free(lf); -} - -void test_w_set_to_pos_OK(void ** state) { - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - lf->fp = (FILE*)1; - os_strdup("test", lf->file); - long pos = 0; - int mode = OS_BINARY; - fpos_t position_stack = {.__pos = 1}; - test_position = &position_stack; - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - expect_value(__wrap_w_ftell, x, 1); - will_return(__wrap_w_ftell, 1); - - ssize_t retval = w_set_to_pos(lf, pos, mode); - - assert_int_equal(retval, 1); - - os_free(lf->file); - os_free(lf); -} - -/* w_save_files_status_to_cJSON */ - -void test_w_save_files_status_to_cJSON_begin_NULL(void ** state) { - OSHashNode *hash_node = NULL; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - char * ret = w_save_files_status_to_cJSON(); - assert_null(ret); -} - -void test_w_save_files_status_to_cJSON_OK(void ** state) { - test_logcollector_t *test_data = *state; - - os_file_status_t * data = test_data->status; - OSHashNode *hash_node = test_data->node; - - strcpy(data->hash,"test1234"); - data->offset = 5; - - hash_node->key = "test"; - hash_node->data = data; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddArrayToObject, name, "files"); - will_return(__wrap_cJSON_AddArrayToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "path"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "hash"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test1234"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "offset"); - expect_string(__wrap_cJSON_AddStringToObject, string, "5"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_value(__wrap_OSHash_Next, self, files_status); - will_return(__wrap_OSHash_Next, NULL); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_PrintUnformatted, "test_1234"); - - expect_function_call(__wrap_cJSON_Delete); - - char * ret = w_save_files_status_to_cJSON(); - - assert_string_equal(ret, "test_1234"); -} - -void test_w_save_files_status_to_cJSON_macos_invalid_vault(void ** state) { - test_mode = 1; - - OSHashNode *hash_node = NULL; - - strcpy(macos_log_vault.timestamp,"any timestamp"); - macos_log_vault.settings = "my settings"; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - char * ret = w_save_files_status_to_cJSON(); - assert_null(ret); - -} - -void test_w_save_files_status_to_cJSON_macos_valid_vault(void ** state) { - test_mode = 1; - - OSHashNode *hash_node = NULL; - w_macos_log_procceses_t * bak_macos_processes = macos_processes; - macos_processes = (w_macos_log_procceses_t *) 1; - - strcpy(macos_log_vault.timestamp,"2021-04-27 08:07:20-0700"); - macos_log_vault.settings = "/usr/bin/log stream --style syslog"; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_CreateString, string, "2021-04-27 08:07:20-0700"); - will_return(__wrap_cJSON_CreateString, (cJSON *) 1); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - expect_string(__wrap_cJSON_CreateString, string, "/usr/bin/log stream --style syslog"); - will_return(__wrap_cJSON_CreateString, (cJSON *) 1); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - will_return(__wrap_cJSON_PrintUnformatted, "test_1234"); - - expect_function_call(__wrap_cJSON_Delete); - - char * ret = w_save_files_status_to_cJSON(); - - assert_string_equal(ret, "test_1234"); - macos_processes = bak_macos_processes; - -} - -void test_w_save_files_status_to_cJSON_journal_valid(void ** state) { - test_mode = 1; - - OSHashNode * hash_node = NULL; - - strcpy(macos_log_vault.timestamp, "any timestamp"); - macos_log_vault.settings = "my settings"; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - // Set journald - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - expect_string(__wrap_cJSON_AddStringToObject, name, "timestamp"); - expect_string(__wrap_cJSON_AddStringToObject, string, "123456"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *) 2); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 3); - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - will_return(__wrap_cJSON_PrintUnformatted, "test_1234"); - expect_function_call(__wrap_cJSON_Delete); - - set_gs_journald_ofe(true, false, 123456); - - assert_non_null(w_save_files_status_to_cJSON()); - - set_gs_journald_ofe(false, true, 0); -} - -void test_w_save_files_status_invalid_vault(void ** state) { - - test_mode = 1; - bool back_valid_json = macos_log_vault.is_valid_data; - macos_log_vault.is_valid_data = false; - - OSHashNode *hash_node = NULL; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - char * ret = w_save_files_status_to_cJSON(); - assert_null(ret); - assert_false(macos_log_vault.is_valid_data); - macos_log_vault.is_valid_data = back_valid_json; - -} - -void test_w_save_files_status_to_cJSON_data(void ** state) { - test_mode = 1; - - w_macos_log_procceses_t * bak_macos_processes = macos_processes; - macos_processes = (w_macos_log_procceses_t *) 1; - os_file_status_t * data; - os_calloc(1, sizeof(os_file_status_t), data); - strcpy(data->hash,"test1234"); - data->offset = 5; - - OSHashNode *hash_node = NULL; - os_calloc(1, sizeof(OSHashNode), hash_node); - hash_node->key = "test"; - hash_node->data = data; - - strcpy(macos_log_vault.timestamp,"2021-04-27 08:07:20-0700"); - macos_log_vault.settings = "/usr/bin/log stream --style syslog"; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddArrayToObject, name, "files"); - will_return(__wrap_cJSON_AddArrayToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "path"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "hash"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test1234"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "offset"); - expect_string(__wrap_cJSON_AddStringToObject, string, "5"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_value(__wrap_OSHash_Next, self, files_status); - will_return(__wrap_OSHash_Next, NULL); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_CreateString, string, "2021-04-27 08:07:20-0700"); - will_return(__wrap_cJSON_CreateString, (cJSON *) 1); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - expect_string(__wrap_cJSON_CreateString, string, "/usr/bin/log stream --style syslog"); - will_return(__wrap_cJSON_CreateString, (cJSON *) 1); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_cJSON_AddItemToObject, true); - - will_return(__wrap_cJSON_PrintUnformatted, "test_1234"); - - expect_function_call(__wrap_cJSON_Delete); - - char * ret = w_save_files_status_to_cJSON(); - - assert_string_equal(ret, "test_1234"); - macos_processes = bak_macos_processes; - os_free(data); - os_free(hash_node); - -} - -/* w_save_file_status */ - -void test_w_save_file_status_str_NULL(void ** state) { - OSHashNode *hash_node = NULL; - strcpy(macos_log_vault.timestamp,"any timestamp"); - macos_log_vault.settings = "my settings"; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - w_save_file_status(); - -} - - -void test_w_save_file_status_wfopen_error(void ** state) { - test_logcollector_t *test_data = *state; - - os_file_status_t * data = test_data->status; - OSHashNode *hash_node = test_data->node; - - strcpy(data->hash,"test1234"); - data->offset = 5; - - hash_node->key = "test"; - hash_node->data = data; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddArrayToObject, name, "files"); - will_return(__wrap_cJSON_AddArrayToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "path"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "hash"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test1234"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "offset"); - expect_string(__wrap_cJSON_AddStringToObject, string, "5"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_value(__wrap_OSHash_Next, self, files_status); - will_return(__wrap_OSHash_Next, NULL); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_PrintUnformatted, "test_1234"); - - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, "queue/logcollector/file_status.json"); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, 0); - - expect_string(__wrap__merror_exit, formatted_msg, "(1103): Could not open file 'queue/logcollector/file_status.json' due to [(0)-(Success)]."); - expect_assert_failure(w_save_file_status()); -} - -void test_w_save_file_status_fwrite_error(void ** state) { - test_logcollector_t *test_data = *state; - - os_file_status_t * data = test_data->status; - OSHashNode *hash_node = test_data->node; - - strcpy(data->hash,"test1234"); - data->offset = 5; - - hash_node->key = "test"; - hash_node->data = data; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddArrayToObject, name, "files"); - will_return(__wrap_cJSON_AddArrayToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "path"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "hash"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test1234"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "offset"); - expect_string(__wrap_cJSON_AddStringToObject, string, "5"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_value(__wrap_OSHash_Next, self, files_status); - will_return(__wrap_OSHash_Next, NULL); - - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_PrintUnformatted, strdup("test_1234")); - - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, "queue/logcollector/file_status.json"); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, "test"); - - will_return(__wrap_fwrite, 0); - - expect_string(__wrap__merror, formatted_msg, "(1110): Could not write file 'queue/logcollector/file_status.json' due to [(0)-(Success)]."); - - expect_function_call(__wrap_clearerr); - expect_string(__wrap_clearerr, __stream, "test"); - - expect_value(__wrap_fclose, _File, "test"); - will_return(__wrap_fclose, 1); - - w_save_file_status(); -} - -void test_w_save_file_status_OK(void ** state) { - test_logcollector_t *test_data = *state; - - os_file_status_t * data = test_data->status; - OSHashNode *hash_node = test_data->node; - - strcpy(data->hash,"test1234"); - data->offset = 5; - - hash_node->key = "test"; - hash_node->data = data; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - expect_value(__wrap_OSHash_Begin, self, files_status); - will_return(__wrap_OSHash_Begin, hash_node); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddArrayToObject, name, "files"); - will_return(__wrap_cJSON_AddArrayToObject, (cJSON *) 1); - - will_return(__wrap_cJSON_CreateObject, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "path"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "hash"); - expect_string(__wrap_cJSON_AddStringToObject, string, "test1234"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "offset"); - expect_string(__wrap_cJSON_AddStringToObject, string, "5"); - will_return(__wrap_cJSON_AddStringToObject, (cJSON *)1); - - expect_function_call(__wrap_cJSON_AddItemToArray); - will_return(__wrap_cJSON_AddItemToArray, true); - - expect_value(__wrap_OSHash_Next, self, files_status); - will_return(__wrap_OSHash_Next, NULL); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_cJSON_PrintUnformatted, strdup("test_1234")); - - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, "queue/logcollector/file_status.json"); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, "test"); - - will_return(__wrap_fwrite, 1); - - expect_value(__wrap_fclose, _File, "test"); - will_return(__wrap_fclose, 1); - - w_save_file_status(); -} - -/* w_load_files_status */ - -void test_w_load_files_status_empty_array(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - // >> w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - - // >> w_journald_set_status_from_JSON// << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_path_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_path_str_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_no_file(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, -1); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_hash_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_hash_str_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_offset_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_offset_str_NULL(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} - -void test_w_load_files_status_invalid_offset(void ** state) { - cJSON *global_json = (cJSON*)1; - - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "-1"); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_update_add_fail(void ** state) { - char * file = "test"; - - cJSON *global_json = (cJSON*)1; - - int mode = OS_BINARY; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "32bb98743e298dee0a654a654765c765d765ae80"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 0); - - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, file); - will_return(__wrap_OSHash_Add_ex, 0); - - expect_string(__wrap__merror, formatted_msg, "(1298): Failure to add 'test' to 'file_status' hash table"); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} - -void test_w_load_files_status_update_hash_fail (void ** state) { - char * file = "test"; - - cJSON *global_json = (cJSON*)1; - - int mode = OS_BINARY; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "32bb98743e298dee0a654a654765c765d765ae80"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, -1); - - expect_string(__wrap__mdebug1, formatted_msg, "(9000): File 'test' no longer exists."); - - w_load_files_status(global_json); -} - -void test_w_load_files_status_update_fail(void ** state) { - char * file = "test"; - - cJSON *global_json = (cJSON*)1; - - int mode = OS_BINARY; - struct stat stat_buf = { .st_mode = 0040000 }; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "32bb98743e298dee0a654a654765c765d765ae80"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 0); - - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, file); - will_return(__wrap_OSHash_Add_ex, 2); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - w_load_files_status(global_json); - -} - -void test_w_load_files_status_OK(void ** state) { - char * file = "test"; - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - data->context = EVP_MD_CTX_new(); - - __real_OSHash_Add_ex(mock_hashmap, file, data); - cJSON *global_json = (cJSON*)1; - - int mode = OS_BINARY; - struct stat stat_buf = { .st_mode = 0040000 }; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "32bb98743e298dee0a654a654765c765d765ae80"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 1); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - -} - -void test_w_load_files_status_valid_timestamp_only(void ** state) { - test_mode = 1; - - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "2021-04-27 08:07:20-0700"); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - - assert_string_equal(macos_log_vault.settings, "my settings"); - assert_string_equal(macos_log_vault.timestamp, "hi 123"); -} - -void test_w_load_files_status_valid_settings_only(void ** state) { - test_mode = 1; - - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "/usr/bin/log stream --style syslog"); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - - assert_string_equal(macos_log_vault.settings, "my settings"); - assert_string_equal(macos_log_vault.timestamp, "hi 123"); - -} - -void test_w_load_files_status_valid_vault(void ** state) { - test_mode = 1; - - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - os_strdup("my settings", macos_log_vault.settings); - macos_log_vault.is_valid_data = false; - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "2021-04-27 08:07:20-0700"); - - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "/usr/bin/log stream --style syslog"); - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - // << w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // >> w_journald_set_status_from_JSON - - w_load_files_status(global_json); - - assert_string_equal(macos_log_vault.timestamp, "2021-04-27 08:07:20-0700"); - assert_string_equal(macos_log_vault.settings, "/usr/bin/log stream --style syslog"); - assert_true(macos_log_vault.is_valid_data); - - os_free(macos_log_vault.settings); -} - -// Related only to journal -void test_w_load_files_status_jorunal_no_journal_obj(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - // >> w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_macos_set_status_from_JSON - - // >> w_journald_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} -void test_w_load_files_status_jorunal_no_journal_timestmap(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - // >> w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_macos_set_status_from_JSON - - // >> w_journald_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, 0x1); - will_return(__wrap_cJSON_GetObjectItem, 0x0); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} -void test_w_load_files_status_jorunal_invalid_timestamp(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - // >> w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_macos_set_status_from_JSON - - // >> w_journald_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, "invalid timestamp"); - // << w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} -void test_w_load_files_status_jorunal_success(void ** state) { - cJSON *global_json = (cJSON*)1; - strcpy(macos_log_vault.timestamp,"hi 123"); - macos_log_vault.settings = "my settings"; - - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 0); - // >> w_macos_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, NULL); - // << w_macos_set_status_from_JSON - - // >> w_journald_set_status_from_JSON - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetObjectItem, NULL); - will_return(__wrap_cJSON_GetStringValue, "123456"); - expect_string(__wrap__mdebug2, formatted_msg, "(9009): Setting last read timestamp to '123456'"); - // << w_journald_set_status_from_JSON - - w_load_files_status(global_json); -} - -/* w_initialize_file_status */ - -void test_w_initialize_file_status_OSHash_Create_fail(void ** state) { - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, NULL); - - expect_string(__wrap__merror_exit, formatted_msg, "(1296): Unable to create a 'file_status' hash table"); - - expect_assert_failure(w_initialize_file_status()); -} - -void test_w_initialize_file_status_OSHash_setSize_fail(void ** state) { - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, 1); - - will_return(__wrap_OSHash_setSize, NULL); - - expect_string(__wrap__merror_exit, formatted_msg, "(1297): Unable to set size of 'file_status' hash table"); - - expect_assert_failure(w_initialize_file_status()); - -} - -void test_w_initialize_file_status_fopen_fail(void ** state) { - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, 1); - - will_return(__wrap_OSHash_setSize, 1); - - expect_function_call(__wrap_OSHash_SetFreeDataPointer); - will_return(__wrap_OSHash_SetFreeDataPointer, 1); - - expect_string(__wrap_wfopen, path, LOCALFILE_STATUS); - expect_string(__wrap_wfopen, mode, "r"); - will_return(__wrap_wfopen, NULL); - - expect_string(__wrap__merror, formatted_msg, "(1103): Could not open file 'queue/logcollector/file_status.json' due to [(0)-(Success)]."); - - w_initialize_file_status(); -} - -void test_w_initialize_file_status_fread_fail(void ** state) { - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, 1); - - will_return(__wrap_OSHash_setSize, 1); - - expect_function_call(__wrap_OSHash_SetFreeDataPointer); - will_return(__wrap_OSHash_SetFreeDataPointer, 1); - - expect_string(__wrap_wfopen, path, LOCALFILE_STATUS); - expect_string(__wrap_wfopen, mode, "r"); - will_return(__wrap_wfopen, "test"); - - will_return(__wrap_fread, "test"); - will_return(__wrap_fread, 0); - - expect_string(__wrap__merror, formatted_msg, "(1115): Could not read from file 'queue/logcollector/file_status.json' due to [(0)-(Success)]."); - - expect_function_call(__wrap_clearerr); - expect_string(__wrap_clearerr, __stream, "test"); - - expect_value(__wrap_fclose, _File, "test"); - will_return(__wrap_fclose, 1); - - w_initialize_file_status(); -} - -void test_w_initialize_file_status_OK(void ** state) { - int mode = OS_BINARY; - char * file = "test"; - struct stat stat_buf = { .st_mode = 0040000 }; - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - data->context = EVP_MD_CTX_new(); - - __real_OSHash_Add_ex(mock_hashmap, file, data); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, 1); - - will_return(__wrap_OSHash_setSize, 1); - - expect_function_call(__wrap_OSHash_SetFreeDataPointer); - will_return(__wrap_OSHash_SetFreeDataPointer, 1); - - expect_string(__wrap_wfopen, path, LOCALFILE_STATUS); - expect_string(__wrap_wfopen, mode, "r"); - will_return(__wrap_wfopen, "test"); - - will_return(__wrap_fread, "test"); - will_return(__wrap_fread, 1); - - //w_load_files_status - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetArraySize, 1); - - will_return(__wrap_cJSON_GetArrayItem, NULL); - - //Path - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "test"); - - expect_string(__wrap_stat, __file, file); - will_return(__wrap_stat, &stat_buf); - will_return(__wrap_stat, 0); - - //Hash - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "32bb98743e298dee0a654a654765c765d765ae80"); - - //Offset - will_return(__wrap_cJSON_GetObjectItem, 1); - - will_return(__wrap_cJSON_GetStringValue, "1"); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 1); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - will_return(__wrap_cJSON_GetObjectItem, NULL); - - will_return(__wrap_cJSON_GetStringValue, NULL); - - expect_function_call(__wrap_cJSON_Delete); - - expect_value(__wrap_fclose, _File, "test"); - will_return(__wrap_fclose, 1); - - w_initialize_file_status(); -} - -/* w_update_hash_node */ - -void test_w_update_hash_node_path_NULL(void ** state) { - char * path = NULL; - - int ret = w_update_hash_node(path, 0); - - assert_int_equal(ret, -1); - -} - -void test_w_update_hash_node_update_fail(void ** state) { - int mode = OS_BINARY; - char * path = "test"; - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, path); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 0); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 0); - - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, path); - will_return(__wrap_OSHash_Add_ex, 2); - - int ret = w_update_hash_node(path, 0); - - assert_int_equal(ret, 0); -} - -void test_w_update_hash_node_sha_fail(void ** state) { - int mode = OS_BINARY; - - char * path = "test"; - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, path); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 0); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, -1); - - expect_string(__wrap__merror, formatted_msg, "(1969): Failure to generate the SHA1 hash from file 'test'"); - - int ret = w_update_hash_node(path, 0); - - assert_int_equal(ret, -1); - -} - -void test_w_update_hash_node_add_fail(void ** state) { - int mode = OS_BINARY; - - char * path = "test"; - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, path); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 0); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 0); - - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, path); - will_return(__wrap_OSHash_Add_ex, 0); - - int ret = w_update_hash_node(path, 0); - - assert_int_equal(ret, -1); - -} - -void test_w_update_hash_node_OK(void ** state) { - int mode = OS_BINARY; - char * path = "test"; - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - data->context = EVP_MD_CTX_new(); - - __real_OSHash_Add_ex(mock_hashmap, path, data); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, path); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 0); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 1); - - int ret = w_update_hash_node(path, 0); - - assert_int_equal(ret, 0); -} - -/* w_set_to_last_line_read */ -void test_w_set_to_last_line_read_null_reader(void ** state) { - logreader lf = {0}; - int ret = w_set_to_last_line_read(&lf); - assert_int_equal(ret, 0); - -} - -void test_w_set_to_last_line_read_OSHash_Get_ex_fail(void ** state) { - fpos_t position_stack = {.__pos = 1}; - logreader log_reader = {.fp = (FILE *)1, .file = "test"}; - - test_position = &position_stack; - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - os_file_status_t * data; - os_malloc(sizeof(os_file_status_t), data); - data->context = EVP_MD_CTX_new(); - - __real_OSHash_Add_ex(mock_hashmap, log_reader.file, data); - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, NULL); - - //w_set_pos - long pos = 0; - int mode = OS_BINARY; - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - expect_value(__wrap_w_ftell, x, 1); - will_return(__wrap_w_ftell, 1); - - expect_value(__wrap_w_ftell, x, 1); - will_return(__wrap_w_ftell, 1); - - - //w_update_hash_node - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, log_reader.file); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 1); - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, 0); -} - -void test_w_set_to_last_line_read_fstat_fail(void ** state) { - os_file_status_t *data = *state; - - logreader log_reader = {.fp = (FILE *)1, .file = "test"}; - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, 1); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 0); - will_return(__wrap_fstat, -1); - - expect_string(__wrap__merror, formatted_msg, "(1118): Could not retrieve information of file 'test' due to [(0)-(Success)]."); - - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, -1); -} - -void test_w_set_to_last_line_read_OS_SHA1_File_Nbytes_fail(void ** state) { - int mode = OS_BINARY; - - os_file_status_t data = {0}; - fpos_t position_stack = {.__pos = 1}; - logreader log_reader = {.fp = (FILE *)1, .file= "test"}; - test_position = &position_stack; - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, &data); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 0); - will_return(__wrap_fstat, 1); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 0); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, -1); - - expect_string(__wrap__merror, formatted_msg, "(1969): Failure to generate the SHA1 hash from file 'test'"); - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, -1); -} - -void test_w_set_to_last_line_read_diferent_file(void ** state) { - int mode = OS_BINARY; - os_file_status_t data = {.hash = "1234", .offset = 1}; - logreader log_reader = {.fp = (FILE *)1, .file= "test"}; - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, &data); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 0); - will_return(__wrap_fstat, 1); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "32bb98743e298dee0a654a654765c765d765ae80"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - //w_set_pos - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, -1); - - expect_string(__wrap__merror, formatted_msg, "(1116): Could not set position in file 'test' due to [(0)-(Success)]."); - - expect_value(__wrap_fclose, _File, 1); - will_return(__wrap_fclose, 1); - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, -1); -} - -void test_w_set_to_last_line_read_same_file(void ** state) { - int mode = OS_BINARY; - - os_file_status_t data = {.hash = "1234", .offset = 1}; - logreader log_reader = {.fp = (FILE *)1, .file= "test", .diff_max_size = 0}; - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, &data); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 1); - will_return(__wrap_fstat, 1); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "1234"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - //w_set_pos - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 1); - will_return(__wrap_w_fseek, -1); - - expect_string(__wrap__merror, formatted_msg, "(1116): Could not set position in file 'test' due to [(0)-(Success)]."); - - expect_value(__wrap_fclose, _File, 1); - will_return(__wrap_fclose, 1); - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, -1); -} - -void test_w_set_to_last_line_read_same_file_rotate(void ** state) { - int mode = OS_BINARY; - logreader log_reader = {.fp = (FILE *)1, .file= "test", .diff_max_size = 0}; - os_file_status_t data = {.hash = "1234", .offset = 1}; - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, &data); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 10); - will_return(__wrap_fstat, 1); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "1234"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, -1); - - expect_string(__wrap__merror, formatted_msg, "(1116): Could not set position in file 'test' due to [(0)-(Success)]."); - - expect_value(__wrap_fclose, _File, 1); - will_return(__wrap_fclose, 1); - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, -1); -} - -void test_w_set_to_last_line_read_update_hash_node_error(void ** state) { - int mode = OS_BINARY; - logreader log_reader = {.fp = (FILE *)1, .file= "test", .diff_max_size = 0}; - os_file_status_t data = {.hash = "1234", .offset = 1}; - - - expect_any(__wrap_OSHash_Get_ex, self); - expect_string(__wrap_OSHash_Get_ex, key, "test"); - will_return(__wrap_OSHash_Get_ex, &data); - - expect_value(__wrap_fileno, __stream, log_reader.fp); - will_return(__wrap_fileno, 1); - - expect_value(__wrap_fstat, __fd, 1); - will_return(__wrap_fstat, 0040000); - will_return(__wrap_fstat, 10); - will_return(__wrap_fstat, 1); - - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "1234"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - //w_set_pos - - os_calloc(1, sizeof(fpos_t), test_position); - test_position->__pos = 1; - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - expect_value(__wrap_w_ftell, x, 1); - will_return(__wrap_w_ftell, 1); - - //w_update_hash_node - expect_string(__wrap_OS_SHA1_File_Nbytes, fname, "test"); - expect_value(__wrap_OS_SHA1_File_Nbytes, mode, mode); - expect_value(__wrap_OS_SHA1_File_Nbytes, nbytes, 1); - will_return(__wrap_OS_SHA1_File_Nbytes, "1234"); - will_return(__wrap_OS_SHA1_File_Nbytes, 1); - - will_return(__wrap_OSHash_Update_ex, 0); - - expect_value(__wrap_OSHash_Add_ex, self, files_status); - expect_string(__wrap_OSHash_Add_ex, key, log_reader.file); - will_return(__wrap_OSHash_Add_ex, 0); - - expect_string(__wrap__merror, formatted_msg, "(1299): Failure to update 'test' to 'file_status' hash table"); - - int ret = w_set_to_last_line_read(&log_reader); - - assert_int_equal(ret, 1); -} - -/* _macos_release_log_show */ - -void test_w_macos_release_log_show_not_launched(void ** state) { - macos_processes = *state; - macos_processes->show.wfd = NULL; - - w_macos_release_log_show(); - -} - -void test_w_macos_release_log_show_launched_and_running(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd->pid = 10; - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_show(); - - assert_null(macos_processes->show.wfd); - -} - -void test_w_macos_release_log_show_launched_and_running_with_child(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd->pid = 10; - macos_processes->show.child = 11; - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 11); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_show(); - - assert_null(macos_processes->show.wfd); - -} - -void test_w_macos_release_log_show_launched_and_not_running(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd->pid = 0; - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_show(); - - assert_null(macos_processes->show.wfd); - -} - -/* w_macos_release_log_stream */ - -void test_w_macos_release_log_stream_not_launched(void ** state) { - - macos_processes = *state; - macos_processes->stream.wfd = NULL; - - w_macos_release_log_stream(); - -} - -void test_w_macos_release_log_stream_launched_and_running(void ** state) { - - macos_processes = *state; - macos_processes->stream.wfd->pid = 10; - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_stream(); - - assert_null(macos_processes->stream.wfd); - -} - -void test_w_macos_release_log_stream_launched_and_running_with_child(void ** state) { - - macos_processes = *state; - macos_processes->stream.wfd->pid = 10; - macos_processes->stream.child = 11; - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 11); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_stream(); - - assert_null(macos_processes->stream.wfd); - -} - -void test_w_macos_release_log_stream_launched_and_not_running(void ** state) { - - macos_processes = *state; - macos_processes->stream.wfd->pid = 0; - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_stream(); - - assert_null(macos_processes->stream.wfd); - -} - -/* w_macos_release_log_execution */ - -void test_w_macos_release_log_execution_log_stream_and_show_not_launched(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd = NULL; - macos_processes->stream.wfd = NULL; - - w_macos_release_log_execution(); - -} - -void test_w_macos_release_log_execution_log_stream_and_show_launched_and_running(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd->pid =10; - macos_processes->stream.wfd->pid = 11; - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 11); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_execution(); - - assert_null(macos_processes->stream.wfd); - assert_null(macos_processes->show.wfd); - -} - -void test_w_macos_release_log_execution_log_stream_launched_and_show_not_launched(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd = NULL; - macos_processes->stream.wfd->pid = 10; - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_execution(); - - assert_null(macos_processes->stream.wfd); - -} - -void test_w_macos_release_log_execution_log_stream_not_launched_and_show_launched(void ** state) { - - macos_processes = *state; - macos_processes->show.wfd->pid = 10; - macos_processes->stream.wfd = NULL; - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, 0); - - w_macos_release_log_execution(); - - assert_null(macos_processes->show.wfd); - -} - -void check_ignore_and_restrict_null_config(void ** state) { - logreader *regex_config = *state; - - int ret = check_ignore_and_restrict(NULL, NULL, "testing log line"); - assert_false(ret); -} - -void check_ignore_and_restrict_not_ignored(void ** state) { - logreader *regex_config = *state; - w_expression_t * expression_ignore; - char *str_test = "testing log not match"; - - expect_function_call_any(__wrap_pthread_rwlock_wrlock); - expect_function_call_any(__wrap_pthread_rwlock_unlock); - expect_function_call_any(__wrap_pthread_rwlock_rdlock); - - w_calloc_expression_t(&expression_ignore, EXP_TYPE_PCRE2); - w_expression_compile(expression_ignore, "ignore.*", 0); - OSList_InsertData(regex_config->regex_ignore, NULL, expression_ignore); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 0); - - int ret = check_ignore_and_restrict(regex_config->regex_ignore, NULL, str_test); - - assert_false(ret); -} - -void check_ignore_and_restrict_ignored(void ** state) { - logreader *regex_config = *state; - w_expression_t * expression_ignore; - char *str_test = "testing log with ignore word"; - char *aux[2]; - aux[0] = str_test; - aux[1] = str_test+1; - char log_str[PATH_MAX + 1] = {0}; - - expect_function_call_any(__wrap_pthread_rwlock_wrlock); - expect_function_call_any(__wrap_pthread_rwlock_unlock); - - w_calloc_expression_t(&expression_ignore, EXP_TYPE_PCRE2); - w_expression_compile(expression_ignore, "ignore.*", 0); - OSList_InsertData(regex_config->regex_ignore, NULL, expression_ignore); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 1); - will_return(wrap_pcre2_get_ovector_pointer, aux); - - snprintf(log_str, PATH_MAX, LF_MATCH_REGEX, "testing log with ignore word", "ignore", "ignore.*"); - expect_string(__wrap__mdebug2, formatted_msg, log_str); - - int ret = check_ignore_and_restrict(regex_config->regex_ignore, NULL, str_test); - - assert_true(ret); -} - -void check_ignore_and_restrict_not_restricted(void ** state) { - logreader *regex_config = *state; - w_expression_t * expression_restrict; - char *str_test = "testing log with restrict word"; - char *aux[2]; - aux[0] = str_test; - aux[1] = str_test+1; - - expect_function_call_any(__wrap_pthread_rwlock_wrlock); - expect_function_call_any(__wrap_pthread_rwlock_unlock); - expect_function_call_any(__wrap_pthread_rwlock_rdlock); - - w_calloc_expression_t(&expression_restrict, EXP_TYPE_PCRE2); - w_expression_compile(expression_restrict, "restrict.*", 0); - OSList_InsertData(regex_config->regex_restrict, NULL, expression_restrict); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 1); - will_return(wrap_pcre2_get_ovector_pointer, aux); - - int ret = check_ignore_and_restrict(NULL, regex_config->regex_restrict, str_test); - - assert_false(ret); -} - -void check_ignore_and_restrict_restricted(void ** state) { - logreader *regex_config = *state; - w_expression_t * expression_restrict; - char *str_test = "testing log not match"; - char log_str[PATH_MAX + 1] = {0}; - - expect_function_call_any(__wrap_pthread_rwlock_wrlock); - expect_function_call_any(__wrap_pthread_rwlock_unlock); - - w_calloc_expression_t(&expression_restrict, EXP_TYPE_PCRE2); - w_expression_compile(expression_restrict, "restrict.*", 0); - OSList_InsertData(regex_config->regex_restrict, NULL, expression_restrict); - - will_return(wrap_pcre2_match_data_create_from_pattern, 1); - will_return(wrap_pcre2_match, 0); - - snprintf(log_str, PATH_MAX, LF_MATCH_REGEX, "testing log not match", "restrict", "restrict.*"); - expect_string(__wrap__mdebug2, formatted_msg, log_str); - - int ret = check_ignore_and_restrict(NULL, regex_config->regex_restrict, str_test); - - assert_true(ret); -} - -int main(void) { - const struct CMUnitTest tests[] = { - // Test w_get_hash_context - cmocka_unit_test_setup_teardown(test_w_get_hash_context_NULL_file_exist, setup_log_context, teardown_log_context), - cmocka_unit_test_setup_teardown(test_w_get_hash_context_NULL_file_not_exist, setup_log_context, teardown_log_context), - cmocka_unit_test_setup_teardown(test_w_get_hash_context_done, setup_log_context, teardown_log_context), - - // Test w_update_file_status - cmocka_unit_test_setup_teardown(test_w_update_file_status_fail_update_add_table_hash, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_update_file_status_update_fail_add_OK, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_update_file_status_update_OK, setup_local_hashmap, teardown_local_hashmap), - - // Test w_set_to_pos - cmocka_unit_test_setup_teardown(test_w_set_to_pos_localfile_NULL, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_pos_fseek_error, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_pos_OK, setup_local_hashmap, teardown_local_hashmap), - - // Test w_save_files_status_to_cJSON - // Related only to files - cmocka_unit_test_setup_teardown(test_w_save_files_status_to_cJSON_begin_NULL, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_save_files_status_to_cJSON_OK, setup_log_context, teardown_log_context), - // Related only to macos - cmocka_unit_test(test_w_save_files_status_to_cJSON_macos_invalid_vault), - cmocka_unit_test(test_w_save_files_status_to_cJSON_macos_valid_vault), - // Related only to journal - cmocka_unit_test(test_w_save_files_status_to_cJSON_journal_valid), - // Related to files and macos - cmocka_unit_test(test_w_save_files_status_to_cJSON_data), - - // Test w_save_file_status - cmocka_unit_test_setup_teardown(test_w_save_file_status_str_NULL, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_save_file_status_wfopen_error, setup_log_context, teardown_log_context), - cmocka_unit_test_setup_teardown(test_w_save_file_status_fwrite_error, setup_log_context, teardown_log_context), - cmocka_unit_test_setup_teardown(test_w_save_file_status_OK, setup_log_context, teardown_log_context), - - // Test w_load_files_status - cmocka_unit_test(test_w_load_files_status_empty_array), - cmocka_unit_test(test_w_load_files_status_path_NULL), - cmocka_unit_test(test_w_load_files_status_path_str_NULL), - cmocka_unit_test(test_w_load_files_status_no_file), - cmocka_unit_test(test_w_load_files_status_hash_NULL), - cmocka_unit_test(test_w_load_files_status_hash_str_NULL), - cmocka_unit_test(test_w_load_files_status_offset_NULL), - cmocka_unit_test(test_w_load_files_status_offset_str_NULL), - cmocka_unit_test(test_w_load_files_status_invalid_offset), - cmocka_unit_test_setup_teardown(test_w_load_files_status_update_add_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_load_files_status_update_hash_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_load_files_status_update_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_load_files_status_OK, setup_local_hashmap, teardown_local_hashmap), - // Related only to macos - cmocka_unit_test(test_w_load_files_status_valid_timestamp_only), - cmocka_unit_test(test_w_load_files_status_valid_settings_only), - cmocka_unit_test(test_w_load_files_status_valid_vault), - cmocka_unit_test(test_w_save_files_status_invalid_vault), - // Related only to journal - cmocka_unit_test(test_w_load_files_status_jorunal_no_journal_obj), - cmocka_unit_test(test_w_load_files_status_jorunal_no_journal_timestmap), - cmocka_unit_test(test_w_load_files_status_jorunal_invalid_timestamp), - cmocka_unit_test(test_w_load_files_status_jorunal_success), - - - // Test w_initialize_file_status - cmocka_unit_test(test_w_initialize_file_status_OSHash_Create_fail), - cmocka_unit_test(test_w_initialize_file_status_OSHash_setSize_fail), - cmocka_unit_test(test_w_initialize_file_status_fopen_fail), - cmocka_unit_test(test_w_initialize_file_status_fread_fail), - cmocka_unit_test_setup_teardown(test_w_initialize_file_status_OK, setup_local_hashmap, teardown_local_hashmap), - - // Test w_update_hash_node - cmocka_unit_test(test_w_update_hash_node_path_NULL), - cmocka_unit_test(test_w_update_hash_node_sha_fail), - cmocka_unit_test_setup_teardown(test_w_update_hash_node_update_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_update_hash_node_add_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_update_hash_node_OK, setup_local_hashmap, teardown_local_hashmap), - - // Test w_set_to_last_line_read - cmocka_unit_test(test_w_set_to_last_line_read_null_reader), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_OSHash_Get_ex_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test(test_w_set_to_last_line_read_fstat_fail), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_OS_SHA1_File_Nbytes_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_diferent_file, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_same_file, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_same_file_rotate, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test_w_set_to_last_line_read_update_hash_node_error, setup_local_hashmap, teardown_local_hashmap), - - // Test w_macos_release_log_show - cmocka_unit_test_setup_teardown(test_w_macos_release_log_show_not_launched, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_show_launched_and_running, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_show_launched_and_running_with_child, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_show_launched_and_not_running, setup_process, teardown_process), - - - // Test w_macos_release_log_stream - cmocka_unit_test_setup_teardown(test_w_macos_release_log_stream_not_launched, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_stream_launched_and_running, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_stream_launched_and_running_with_child, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_stream_launched_and_not_running, setup_process, teardown_process), - - // Test w_macos_release_log_execution - cmocka_unit_test_setup_teardown(test_w_macos_release_log_execution_log_stream_and_show_not_launched, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_execution_log_stream_and_show_launched_and_running, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_execution_log_stream_launched_and_show_not_launched, setup_process, teardown_process), - cmocka_unit_test_setup_teardown(test_w_macos_release_log_execution_log_stream_not_launched_and_show_launched, setup_process, teardown_process), - - // Test w_macos_release_log_execution - cmocka_unit_test_setup_teardown(check_ignore_and_restrict_null_config, setup_regex, teardown_regex), - cmocka_unit_test_setup_teardown(check_ignore_and_restrict_not_ignored, setup_regex, teardown_regex), - cmocka_unit_test_setup_teardown(check_ignore_and_restrict_ignored, setup_regex, teardown_regex), - cmocka_unit_test_setup_teardown(check_ignore_and_restrict_not_restricted, setup_regex, teardown_regex), - cmocka_unit_test_setup_teardown(check_ignore_and_restrict_restricted, setup_regex, teardown_regex) - - }; - - return cmocka_run_group_tests(tests, setup_group, teardown_group); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_macos_log.c b/src/modules/logcollector/tests/unit/tests/test_macos_log.c deleted file mode 100644 index 44a1caccd4..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_macos_log.c +++ /dev/null @@ -1,3483 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/logcollector.h" -#include "../wrappers/posix/pthread_wrappers.h" -#include "../../headers/shared.h" -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/file_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" -#include "../wrappers/linux/socket_wrappers.h" -#include "../wrappers/posix/unistd_wrappers.h" -#include "../wrappers/wazuh/shared/sysinfo_utils_wrappers.h" - -bool w_macos_is_log_predicate_valid(char * predicate); -char ** w_macos_create_log_stream_array(char * predicate, char * level, int type); -wfd_t * w_macos_log_exec(char ** log_cmd_array, u_int32_t flags); -void w_macos_create_log_env(logreader * lf, w_sysinfo_helpers_t * global_sysinfo); -bool w_macos_is_log_executable(void); -void w_macos_create_log_stream_env(logreader * lf); -void w_macos_log_show_array_add_level(char ** log_cmd_array, size_t * log_cmd_array_idx, char * level); -char * w_macos_log_show_create_type_predicate(int type); -void w_macos_log_show_array_add_predicate(char ** log_cmd_array, - size_t * log_cmd_array_idx, - char * query, - char * type_predicate); -char ** w_macos_create_log_show_array(char * start_date, char * query, char * level, int type); -void w_macos_set_last_log_timestamp(char * timestamp); -char * w_macos_get_last_log_timestamp(); -void w_macos_set_last_log_settings(char * timestamp); -char * w_macos_get_last_log_settings(); -void w_macos_create_log_show_env(logreader * lf); -void w_macos_create_log_stream_env(logreader * lf); -void w_macos_add_sierra_support(char ** log_cmd_array, size_t * log_cmd_array_idx); -pid_t w_get_first_child(pid_t parent_pid); - -extern w_macos_log_vault_t macos_log_vault; - -extern char * macos_codename; - -/* setup/teardown */ - -static int group_setup(void ** state) { - test_mode = 1; - return 0; - -} - -static int group_teardown(void ** state) { - test_mode = 0; - return 0; - -} - -static int setup_file(void **state) { - wfd_t * wfd = calloc(1, sizeof(wfd_t)); - - *state = wfd; - - return 0; -} - -static int teardown_file(void **state) { - wfd_t * wfd = *state; - - free(wfd); - - return 0; -} - -static int teardown_settings(void **state) { - os_free(macos_log_vault.settings); - - return 0; -} - -static int setup_timestamp_null(void **state) { - macos_log_vault.timestamp[0] = '\0'; - - return 0; -} - -static int teardown_timestamp_null(void **state) { - strncpy(macos_log_vault.timestamp, "2021-04-27 12:29:25-0700", OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN); - - return 0; -} - -/* wraps */ - - -/* w_macos_is_log_predicate_valid */ -void test_w_macos_is_log_predicate_valid_empty(void ** state) { - - char predicate[] = ""; - - bool ret = w_macos_is_log_predicate_valid(predicate); - assert_false(ret); - -} - -void test_w_macos_is_log_predicate_valid_existing(void ** state) { - - char predicate[] = "test"; - - bool ret = w_macos_is_log_predicate_valid(predicate); - assert_true(ret); - -} - -/* w_macos_create_log_stream_array */ -void test_w_macos_create_log_stream_array_NULL(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_null(ret[4]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_level_default(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], level); - assert_null(ret[6]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], level); - assert_null(ret[6]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], level); - assert_null(ret[6]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_type_activity(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_null(ret[6]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_null(ret[6]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_null(ret[6]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_activity_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_null(ret[8]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_activity_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_null(ret[8]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_null(ret[8]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_type_activity_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_null(ret[10]); - - free_strarray(ret); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("default", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "default"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("info", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "info"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_log(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("debug", level); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "debug"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - -} - - -//PREDICADO - -void test_w_macos_create_log_stream_array_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--predicate"); - assert_string_equal(ret[5], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[6]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], "default"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], "info"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 0; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--level"); - assert_string_equal(ret[5], "debug"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_activity_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--predicate"); - assert_string_equal(ret[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[8]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_activity_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_activity_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_type_activity_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "default"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "default"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_default_type_activity_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("default", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "default"); - assert_string_equal(ret[12], "--predicate"); - assert_string_equal(ret[13], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[14]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "info"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "info"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_info_type_activity_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("info", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "info"); - assert_string_equal(ret[12], "--predicate"); - assert_string_equal(ret[13], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[14]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 1; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 2; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 4; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "trace"); - assert_string_equal(ret[6], "--level"); - assert_string_equal(ret[7], "debug"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_log_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 3; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 5; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 6; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "log"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "trace"); - assert_string_equal(ret[8], "--level"); - assert_string_equal(ret[9], "debug"); - assert_string_equal(ret[10], "--predicate"); - assert_string_equal(ret[11], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[12]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace_predicate(void ** state) { - - char * predicate = NULL; - char * level = NULL; - int type = 7; - - os_strdup("debug", level); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", predicate); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "stream"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--type"); - assert_string_equal(ret[5], "activity"); - assert_string_equal(ret[6], "--type"); - assert_string_equal(ret[7], "log"); - assert_string_equal(ret[8], "--type"); - assert_string_equal(ret[9], "trace"); - assert_string_equal(ret[10], "--level"); - assert_string_equal(ret[11], "debug"); - assert_string_equal(ret[12], "--predicate"); - assert_string_equal(ret[13], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(ret[14]); - - free_strarray(ret); - os_free(level); - os_free(predicate); - -} - -void test_w_macos_create_log_stream_array_on_sierra(void ** state) { - - int type = 0; - char * level = NULL; - char * predicate = NULL; - char * backup_codename = NULL; - - /* Sets the name "Sierra" to the global variable for the system to be identified as a Sierra Version of macOS */ - if (macos_codename != NULL) { - /* Just in case, backups the previous codename to be restored */ - w_strdup(macos_codename, backup_codename); - } - - w_strdup(MACOS_SIERRA_CODENAME_STR, macos_codename); - - char ** ret = w_macos_create_log_stream_array(predicate, level, type); - - assert_string_equal(ret[0], SCRIPT_CMD_STR); - assert_string_equal(ret[1], SCRIPT_CMD_ARGS); - assert_string_equal(ret[2], SCRIPT_CMD_SINK); - assert_string_equal(ret[3], "/usr/bin/log"); - assert_string_equal(ret[4], "stream"); - assert_string_equal(ret[5], "--style"); - assert_string_equal(ret[6], "syslog"); - assert_null(ret[7]); - - free_strarray(ret); - - os_free(macos_codename); - if (backup_codename != NULL) { - w_strdup(backup_codename, macos_codename); - os_free(backup_codename); - } -} - -/* w_macos_log_exec */ -void test_w_macos_log_exec_wpopenv_error(void ** state) { - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, NULL); - - expect_string(__wrap__merror, formatted_msg, "(1974): An error ocurred while calling wpopenv(): Success (0)."); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_null(ret); - os_free(log_cmd_array); - -} - -void test_w_macos_log_exec_fileno_error(void ** state) { - - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 0); - - expect_string(__wrap__merror, formatted_msg, - "(1971): The file descriptor couldn't be obtained from the file pointer of the Log Stream pipe: Success (0)."); - - will_return(__wrap_wpclose, 0); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_ptr_equal(ret, 0); - os_free(log_cmd_array); - -} - -void test_w_macos_log_exec_fp_to_fd_error(void ** state) { - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 0); - - expect_string(__wrap__merror, formatted_msg, - "(1971): The file descriptor couldn't be obtained from the file pointer of the Log Stream pipe: Success (0)."); - - will_return(__wrap_wpclose, 0); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_ptr_equal(ret, 0); - os_free(log_cmd_array); - -} - -void test_w_macos_log_exec_get_flags_error(void ** state) { - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, -1); - - expect_string(__wrap__merror, formatted_msg, - "(1972): The flags couldn't be obtained from the file descriptor: Success (0)."); - - will_return(__wrap_wpclose, 0); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_ptr_equal(ret, 0); - os_free(log_cmd_array); - -} - -void test_w_macos_log_exec_set_flags_error(void ** state) { - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, 0); - - will_return(__wrap_fcntl, -1); - - expect_string(__wrap__merror, formatted_msg, - "(1973): The flags couldn't be set in the file descriptor: Success (0)."); - - will_return(__wrap_wpclose, 0); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_ptr_equal(ret, 0); - - os_free(log_cmd_array); - -} - -void test_w_macos_log_exec_success(void ** state) { - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - char * log_cmd_array = NULL; - os_strdup("log stream", log_cmd_array); - u_int32_t flags = 0; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, 0); - - will_return(__wrap_fcntl, 0); - - wfd_t * ret = w_macos_log_exec(&log_cmd_array, flags); - - assert_ptr_equal(ret->file_out, wfd->file_out); - assert_int_equal(ret->pid, 0); - - os_free(log_cmd_array); - -} - -/* w_macos_is_log_executable */ -void test_w_macos_is_log_executable_success(void ** state) { - - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - bool ret = w_macos_is_log_executable(); - - assert_true(ret); - -} - -void test_w_macos_is_log_executable_error(void ** state) { - - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 1); - - expect_string(__wrap__merror, formatted_msg, "(1250): Error trying to execute \"/usr/bin/log\": Success (0)."); - - bool ret = w_macos_is_log_executable(); - - assert_false(ret); - -} - -void test_w_macos_is_log_executable_sierra_access_fail(void ** state) { - - char * backup_codename = NULL; - - if (macos_codename != NULL) { - w_strdup(macos_codename, backup_codename); - } - - w_strdup(MACOS_SIERRA_CODENAME_STR, macos_codename); - - expect_string(__wrap_access, __name, "/usr/bin/script"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 1); - - expect_string(__wrap__merror, formatted_msg, "(1250): Error trying to execute \"/usr/bin/script\": Success (0)."); - - bool ret = w_macos_is_log_executable(); - - assert_false(ret); - - os_free(macos_codename); - if (backup_codename != NULL) { - w_strdup(backup_codename, macos_codename); - os_free(backup_codename); - } -} - -/* w_macos_create_log_stream_env */ -void test_w_macos_create_log_stream_env_not_executable(void ** state) { - - logreader *current = NULL; - os_calloc(1, sizeof(logreader), current); - current->fp = (FILE*)1; - os_strdup("test", current->file); - current->diff_max_size = 0; - - os_calloc(1, sizeof(w_macos_log_config_t), current->macos_log); - current->macos_log->state = LOG_NOT_RUNNING; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", current->query); - os_strdup("debug", current->query_level); - current->query_type = 7; - - os_calloc(1, sizeof(wfd_t), current->macos_log->processes.stream.wfd); - current->macos_log->processes.stream.wfd->file_out = (FILE*)1; - - // test_w_macos_is_log_executable_error - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 1); - - expect_string(__wrap__merror, formatted_msg, "(1250): Error trying to execute \"/usr/bin/log\": Success (0)."); - - w_macos_create_log_stream_env(current); - - os_free(current->file); - os_free(current->query); - os_free(current->query_level); - os_free(current->macos_log->processes.stream.wfd); - os_free(current->macos_log); - os_free(current); - -} - -void test_w_macos_create_log_stream_env_log_wfd_NULL(void ** state) { - - logreader *current = NULL; - os_calloc(1, sizeof(logreader), current); - current->fp = (FILE*)1; - os_strdup("test", current->file); - current->diff_max_size = 0; - - os_calloc(1, sizeof(w_macos_log_config_t), current->macos_log); - current->macos_log->state = LOG_NOT_RUNNING; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", current->query); - os_strdup("debug", current->query_level); - current->query_type = 7; - - // test_w_macos_is_log_executable_error - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - // test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace_predicate - - // test_w_macos_log_exec_wpopenv_error - will_return(__wrap_wpopenv, NULL); - - expect_string(__wrap__merror, formatted_msg, "(1974): An error ocurred while calling wpopenv(): Success (0)."); - - w_macos_create_log_stream_env(current); - - os_free(current->file); - os_free(current->query); - os_free(current->query_level); - os_free(current->macos_log->processes.stream.wfd); - os_free(current->macos_log); - os_free(current); - -} - -void test_w_macos_create_log_stream_env_complete(void ** state) { - - logreader *current = NULL; - os_calloc(1, sizeof(logreader), current); - current->fp = (FILE*)1; - os_strdup("test", current->file); - current->diff_max_size = 0; - - os_calloc(1, sizeof(w_macos_log_config_t), current->macos_log); - current->macos_log->state = LOG_NOT_RUNNING; - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", current->query); - os_strdup("debug", current->query_level); - current->query_type = 7; - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - // test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace_predicate - - // test_w_macos_log_exec_success - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, 0); - - will_return(__wrap_fcntl, 0); - - expect_string(__wrap__minfo, formatted_msg, "(1604): Monitoring macOS logs with: /usr/bin/log stream --style syslog --type activity --type log --type trace --level debug --predicate processImagePath CONTAINS[c] 'com.apple.geod'"); - - w_macos_create_log_stream_env(current); - - os_free(current->file); - os_free(current->query); - os_free(current->query_level); - os_free(current->macos_log); - os_free(current); - -} - -/* w_macos_log_show_array_add_level */ - -void test_w_macos_log_show_array_add_level_NULL(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - char * type_predicate = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * level = NULL; - - w_macos_log_show_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_null(log_cmd_array[6]); - - free_strarray(log_cmd_array); - -} - -void test_w_macos_log_show_array_add_level_default(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - char * type_predicate = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * level = MACOS_LOG_LEVEL_DEFAULT_STR; - - w_macos_log_show_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_null(log_cmd_array[6]); - - free_strarray(log_cmd_array); - -} - -void test_w_macos_log_show_array_add_level_info(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - char * type_predicate = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * level = SHOW_INFO_OPT_STR; - - w_macos_log_show_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--info"); - assert_null(log_cmd_array[7]); - - free_strarray(log_cmd_array); - -} - -void test_w_macos_log_show_array_add_level_debug(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - char * type_predicate = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * level = MACOS_LOG_LEVEL_DEBUG_STR; - - w_macos_log_show_array_add_level(log_cmd_array, &log_cmd_array_idx, level); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--info"); - assert_string_equal(log_cmd_array[7], "--debug"); - assert_null(log_cmd_array[8]); - - free_strarray(log_cmd_array); - -} - -/* w_macos_log_show_create_type_predicate */ - -void test_w_macos_log_show_create_type_predicate_NULL(void ** state) { - - char * type_predicate = NULL; - - int type = 0; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_null(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_activity(void ** state) { - - char * type_predicate = NULL; - - int type = 1; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_log(void ** state) { - - char * type_predicate = NULL; - - int type = 2; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == logEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_trace(void ** state) { - - char * type_predicate = NULL; - - int type = 4; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == traceEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_activity_log(void ** state) { - - char * type_predicate = NULL; - - int type = 3; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent " \ - "OR eventType == logEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_activity_trace(void ** state) { - - char * type_predicate = NULL; - - int type = 5; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent " \ - "OR eventType == traceEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_log_trace(void ** state) { - - char * type_predicate = NULL; - - int type = 6; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == logEvent OR eventType == traceEvent"); - - os_free(type_predicate); - -} - -void test_w_macos_log_show_create_type_predicate_activity_log_trace(void ** state) { - - char * type_predicate = NULL; - - int type = 7; - - type_predicate = w_macos_log_show_create_type_predicate(type); - - assert_string_equal(type_predicate, "eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent " \ - "OR eventType == logEvent " \ - "OR eventType == traceEvent"); - - os_free(type_predicate); - -} - -/* w_macos_log_show_array_add_predicate */ - -void test_w_macos_log_show_array_add_predicate_query_and_predicate_null(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - - char * type_predicate = NULL; - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_null(log_cmd_array[6]); - - free_strarray(log_cmd_array); - -} - -void test_w_macos_log_show_array_add_predicate_query_null_and_valid_predicate(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - - char * type_predicate = NULL; - os_strdup("eventType == logEvent", type_predicate); - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--predicate"); - assert_string_equal(log_cmd_array[7], "eventType == logEvent"); - assert_null(log_cmd_array[8]); - - free_strarray(log_cmd_array); - os_free(query); - os_free(type_predicate); - -} - -void test_w_macos_log_show_array_add_predicate_invalid_query_and_predicate_null(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - os_strdup("", query); - - char * type_predicate = NULL; - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_null(log_cmd_array[6]); - - free_strarray(log_cmd_array); - os_free(query); - os_free(type_predicate); - -} - -void test_w_macos_log_show_array_add_predicate_invalid_query_valid_type_and_predicate_null(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - os_strdup("", query); - - char * type_predicate = NULL; - w_strdup("message CONTAINS \"test\"", type_predicate); - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--predicate"); - assert_string_equal(log_cmd_array[7], "message CONTAINS \"test\""); - assert_null(log_cmd_array[8]); - - free_strarray(log_cmd_array); - os_free(query); - os_free(type_predicate); - -} - -void test_w_macos_log_show_array_add_predicate_valid_query_and_predicate_null(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", query); - - char * type_predicate = NULL; - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--predicate"); - assert_string_equal(log_cmd_array[7], "processImagePath CONTAINS[c] 'com.apple.geod'"); - assert_null(log_cmd_array[8]); - - free_strarray(log_cmd_array); - os_free(query); - os_free(type_predicate); - -} - -void test_w_macos_log_show_array_add_predicate_valid_query_and_predicate(void ** state) { - - size_t log_cmd_array_idx = 0; - char ** log_cmd_array = NULL; - - os_calloc(MAX_LOG_SHOW_CMD_ARGS + 1, sizeof(char *), log_cmd_array); - - /* Adding `log` and `show` to the array */ - w_strdup(LOG_CMD_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(LOG_SHOW_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the style lines to the array (`--style syslog`) */ - w_strdup(STYLE_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup(SYSLOG_STR, log_cmd_array[log_cmd_array_idx++]); - - /* Adding the starting date lines to the array (`--start 2021-04-27 12:29:25-0700`) */ - w_strdup(SHOW_START_OPT_STR, log_cmd_array[log_cmd_array_idx++]); - w_strdup("2021-04-27 12:29:25-0700", log_cmd_array[log_cmd_array_idx++]); - - char * query = NULL; - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", query); - - char * type_predicate = NULL; - os_strdup("eventType == logEvent", type_predicate); - - w_macos_log_show_array_add_predicate(log_cmd_array, &log_cmd_array_idx, query, type_predicate); - - assert_string_equal(log_cmd_array[0], "/usr/bin/log"); - assert_string_equal(log_cmd_array[1], "show"); - assert_string_equal(log_cmd_array[2], "--style"); - assert_string_equal(log_cmd_array[3], "syslog"); - assert_string_equal(log_cmd_array[4], "--start"); - assert_string_equal(log_cmd_array[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(log_cmd_array[6], "--predicate"); - assert_string_equal(log_cmd_array[7], "( processImagePath CONTAINS[c] 'com.apple.geod' ) AND ( eventType == logEvent )"); - assert_null(log_cmd_array[8]); - - free_strarray(log_cmd_array); - os_free(query); - os_free(type_predicate); - -} - -/* w_macos_create_log_show_array */ - -void test_w_macos_create_log_show_array_complete(void ** state) { - - char start_date[25] = "2021-04-27 12:29:25-0700"; - - char * query = NULL; - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", query); - - char * level = MACOS_LOG_LEVEL_DEBUG_STR; - - int type = 7; - - char ** ret = w_macos_create_log_show_array(start_date, query, level, type); - - assert_string_equal(ret[0], "/usr/bin/log"); - assert_string_equal(ret[1], "show"); - assert_string_equal(ret[2], "--style"); - assert_string_equal(ret[3], "syslog"); - assert_string_equal(ret[4], "--start"); - assert_string_equal(ret[5], "2021-04-27 12:29:25-0700"); - assert_string_equal(ret[6], "--info"); - assert_string_equal(ret[7], "--debug"); - assert_string_equal(ret[8], "--predicate"); - assert_string_equal(ret[9], "( processImagePath CONTAINS[c] 'com.apple.geod' ) " \ - "AND ( eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent " \ - "OR eventType == logEvent OR eventType == traceEvent )"); - assert_null(ret[10]); - - free_strarray(ret); - os_free(query); - -} - -void test_w_macos_create_log_show_array_complete_on_sierra(void ** state) { - - char start_date[25] = "2021-04-27 12:29:25-0700"; - - char * query = NULL; - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", query); - - char * level = MACOS_LOG_LEVEL_DEBUG_STR; - - int type = 7; - - char * backup_codename = NULL; - - if (macos_codename != NULL) { - w_strdup(macos_codename, backup_codename); - } - - w_strdup(MACOS_SIERRA_CODENAME_STR, macos_codename); - - char ** ret = w_macos_create_log_show_array(start_date, query, level, type); - - assert_string_equal(ret[0], SCRIPT_CMD_STR); - assert_string_equal(ret[1], SCRIPT_CMD_ARGS); - assert_string_equal(ret[2], SCRIPT_CMD_SINK); - assert_string_equal(ret[3], "/usr/bin/log"); - assert_string_equal(ret[4], "show"); - assert_string_equal(ret[5], "--style"); - assert_string_equal(ret[6], "syslog"); - assert_string_equal(ret[7], "--start"); - assert_string_equal(ret[8], "2021-04-27 12:29:25-0700"); - assert_string_equal(ret[9], "--info"); - assert_string_equal(ret[10], "--debug"); - assert_string_equal(ret[11], "--predicate"); - assert_string_equal(ret[12], "( processImagePath CONTAINS[c] 'com.apple.geod' ) " \ - "AND ( eventType == activityCreateEvent " \ - "OR eventType == activityTransitionEvent " \ - "OR eventType == userActionEvent " \ - "OR eventType == logEvent OR eventType == traceEvent )"); - assert_null(ret[13]); - - free_strarray(ret); - os_free(query); - - os_free(macos_codename); - if (backup_codename != NULL) { - w_strdup(backup_codename, macos_codename); - os_free(backup_codename); - } -} - -/* w_macos_set_last_log_timestamp */ - -void test_w_macos_set_last_log_timestamp_complete(void ** state) { - - char * timestamp = NULL; - os_strdup("2021-04-27 12:29:25-0700", timestamp); - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - w_macos_set_last_log_timestamp(timestamp); - - os_free(timestamp); - -} - -/* w_macos_get_last_log_timestamp */ - -void test_w_macos_get_last_log_timestamp_complete(void ** state) { - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - char * ret = w_macos_get_last_log_timestamp(); - - assert_string_equal(ret, "2021-04-27 12:29:25-0700"); - - os_free(ret); - -} - -/* w_macos_set_log_settings */ - -void test_w_macos_set_log_settings_complete(void ** state) { - - char * settings = NULL; - os_strdup("test", settings); - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - w_macos_set_log_settings(settings); - - os_free(settings); - -} - -/* w_macos_get_log_settings */ - -void test_w_macos_get_log_settings_complete(void ** state) { - - os_strdup("test", macos_log_vault.settings); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - char * ret = w_macos_get_log_settings(); - - assert_string_equal(ret, "test"); - - os_free(ret); - -} - -/* w_macos_create_log_show_env */ - -void test_w_macos_create_log_show_env_timestamp_NULL(void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - // test_w_macos_get_last_log_timestamp_complete */ - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - w_macos_create_log_show_env(lf); - - os_free(lf->macos_log); - os_free(lf); - -} - -void test_w_macos_create_log_show_env_show_wfd_NULL(void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - - // test_w_macos_get_last_log_timestamp_complete - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - // test_w_macos_log_exec_wpopenv_error - will_return(__wrap_wpopenv, NULL); - - expect_string(__wrap__merror, formatted_msg, "(1974): An error ocurred while calling wpopenv(): Success (0)."); - - expect_string(__wrap__merror, formatted_msg, "(1605): Error while trying to execute `log show` as follows: " \ - "/usr/bin/log show --style syslog --start 2021-04-27 12:29:25-0700 " \ - "--info --debug --predicate processImagePath CONTAINS[c] 'com.apple.geod'."); - - w_macos_create_log_show_env(lf); - - os_free(lf->macos_log->processes.show.wfd); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); - -} - -void test_w_macos_create_log_show_env_success(void ** state) { - - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - - // test_w_macos_get_last_log_timestamp_complete - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - // test_w_macos_log_exec_success - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, 0); - - will_return(__wrap_fcntl, 0); - - expect_string(__wrap__minfo, formatted_msg, "(1603): Monitoring macOS old logs with: " \ - "/usr/bin/log show --style syslog --start 2021-04-27 12:29:25-0700 " \ - "--info --debug --predicate processImagePath CONTAINS[c] 'com.apple.geod'."); - - w_macos_create_log_show_env(lf); - - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); - -} - -/* w_macos_create_log_stream_env */ -void test_w_macos_create_log_stream_env_show_wfd_NULL(void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - - // test_w_macos_log_exec_wpopenv_error - will_return(__wrap_wpopenv, NULL); - - expect_string(__wrap__merror, formatted_msg, "(1974): An error ocurred while calling wpopenv(): Success (0)."); - - expect_string(__wrap__merror, formatted_msg, "(1606): Error while trying to execute `log stream` as follows: " \ - "/usr/bin/log stream --style syslog --level debug " \ - "--predicate processImagePath CONTAINS[c] 'com.apple.geod'."); - - w_macos_create_log_stream_env(lf); - - os_free(lf->macos_log->processes.show.wfd); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); - -} - -void test_w_macos_create_log_stream_env_success(void ** state) { - - wfd_t * wfd = *state; - wfd->file_out = (FILE*) 1234; - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - - // test_w_macos_log_exec_success - will_return(__wrap_wpopenv, wfd); - - expect_value(__wrap_fileno, __stream, wfd->file_out); - will_return(__wrap_fileno, 1); - - will_return(__wrap_fcntl, 0); - - will_return(__wrap_fcntl, 0); - - expect_string(__wrap__minfo, formatted_msg, "(1604): Monitoring macOS logs with: " \ - "/usr/bin/log stream --style syslog --level debug " \ - "--predicate processImagePath CONTAINS[c] 'com.apple.geod'."); - - w_macos_create_log_stream_env(lf); - - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); - -} - -void test_w_macos_create_log_env_codename_null_only_future (void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - lf->future = 1; // No past events - - will_return(__wrap_w_get_os_codename, NULL); - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - will_return(__wrap_wpopenv, NULL); - - expect_any(__wrap__merror, formatted_msg); - expect_any(__wrap__merror, formatted_msg); - - w_macos_create_log_env(lf, NULL); - - os_free(lf->macos_log->current_settings); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); -} - -void test_w_macos_create_log_env_codename_not_null_only_future (void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - lf->future = 1; // No past events - - will_return(__wrap_w_get_os_codename, "macTEST"); - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Creating environment for macOS macTEST."); - - will_return(__wrap_wpopenv, NULL); - - expect_any(__wrap__merror, formatted_msg); - expect_any(__wrap__merror, formatted_msg); - - w_macos_create_log_env(lf, NULL); - - os_free(lf->macos_log->current_settings); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); -} - -void test_w_macos_create_log_env_codename_null_previous_settings_null (void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - - lf->query_type = 0; - lf->future = 0; // Look for past events - macos_log_vault.settings = NULL; - - will_return(__wrap_w_get_os_codename, NULL); - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_wpopenv, NULL); - - expect_any(__wrap__merror, formatted_msg); - expect_any(__wrap__merror, formatted_msg); - - w_macos_create_log_env(lf, NULL); - - os_free(lf->macos_log->current_settings); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); -} - -void test_w_macos_create_log_env_codename_null_current_and_previous_settings_missmatch (void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - lf->future = 0; // Look for past events - - /* Forces the missmatch */ - w_strdup("some random setting", macos_log_vault.settings); - - will_return(__wrap_w_get_os_codename, NULL); - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - /* For reading the */ - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Current predicate differs from the stored one. Discarding old events."); - - will_return(__wrap_wpopenv, NULL); - - expect_any(__wrap__merror, formatted_msg); - expect_any(__wrap__merror, formatted_msg); - - w_macos_create_log_env(lf, NULL); - - os_free(macos_log_vault.settings); - os_free(lf->macos_log->current_settings); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); -} - -void test_w_macos_create_log_env_codename_null_settings_match (void ** state) { - - logreader *lf = NULL; - os_calloc(1, sizeof(logreader), lf); - os_calloc(1, sizeof(w_macos_log_config_t), lf->macos_log); - - os_strdup("processImagePath CONTAINS[c] 'com.apple.geod'", lf->query); - os_strdup(MACOS_LOG_LEVEL_DEBUG_STR, lf->query_level); - lf->query_type = 0; - lf->future = 0; // Look for past events - w_strdup("/usr/bin/log stream --style syslog --level debug --predicate processImagePath CONTAINS[c] 'com.apple.geod'", macos_log_vault.settings); - - bzero(macos_log_vault.timestamp, OS_LOGCOLLECTOR_TIMESTAMP_SHORT_LEN + 1); // Prevents log show execution - - will_return(__wrap_w_get_os_codename, NULL); - - // test_w_macos_is_log_executable_success - expect_string(__wrap_access, __name, "/usr/bin/log"); - expect_value(__wrap_access, __type, 1); - will_return(__wrap_access, 0); - - // w_macos_get_log_settings locks - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - // w_macos_get_last_log_timestamp locks - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - will_return(__wrap_wpopenv, NULL); - - expect_any(__wrap__merror, formatted_msg); - expect_any(__wrap__merror, formatted_msg); - - w_macos_create_log_env(lf, NULL); - - os_free(macos_log_vault.settings); - os_free(lf->macos_log->current_settings); - os_free(lf->query_level); - os_free(lf->query); - os_free(lf->macos_log); - os_free(lf); -} - -void test_w_macos_add_sierra_support(void ** state) { - - size_t index = 0; - char ** log_cmd_array_idx = NULL; - os_calloc(4, sizeof(char *), log_cmd_array_idx); - - w_macos_add_sierra_support(log_cmd_array_idx, &index); - - assert_int_equal(index, 3); - assert_string_equal(log_cmd_array_idx[0], SCRIPT_CMD_STR); - assert_string_equal(log_cmd_array_idx[1], SCRIPT_CMD_ARGS); - assert_string_equal(log_cmd_array_idx[2], SCRIPT_CMD_SINK); - - free_strarray(log_cmd_array_idx); -} - -void test_w_get_first_child_NULL(void ** state) { - - will_return(__wrap_w_get_process_childs, NULL); - - assert_int_equal(w_get_first_child(0), 0); -} - -void test_w_get_first_child_non_null_non_zero(void ** state) { - - pid_t * pid_array = NULL; - - os_calloc(4, sizeof(pid_t), pid_array); - - pid_array[0] = 7; - pid_array[1] = 9; - pid_array[2] = 11; - pid_array[3] = 0; - - will_return(__wrap_w_get_process_childs, pid_array); - - assert_int_equal(w_get_first_child(0), 7); -} - -void test_w_get_first_child_non_null_zero(void ** state) { - - pid_t * pid_array = NULL; - - os_calloc(4, sizeof(pid_t), pid_array); - - pid_array[0] = 0; - pid_array[1] = 9; - pid_array[2] = 11; - pid_array[3] = 20; - - will_return(__wrap_w_get_process_childs, pid_array); - - assert_int_equal(w_get_first_child(0), 0); -} - -// Test w_macos_set_is_valid_data -void test_w_macos_set_is_valid_data_ok(void ** state) { - - bool bak_is_valid_data = macos_log_vault.is_valid_data; - macos_log_vault.is_valid_data = false; - - expect_function_call(__wrap_pthread_rwlock_wrlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - w_macos_set_is_valid_data(true); - - assert_true(macos_log_vault.is_valid_data); - macos_log_vault.is_valid_data = bak_is_valid_data; - -} - -// Test w_macos_get_is_valid_data -void test_w_macos_get_is_valid_data_ok(void ** state) { - - bool bak_is_valid_data = macos_log_vault.is_valid_data; - macos_log_vault.is_valid_data = false; - - expect_function_call(__wrap_pthread_rwlock_rdlock); - expect_function_call(__wrap_pthread_rwlock_unlock); - - assert_false(w_macos_get_is_valid_data()); - macos_log_vault.is_valid_data = bak_is_valid_data; -} - -int main(void) { - - const struct CMUnitTest tests[] = { - // Test w_macos_is_log_predicate_valid - cmocka_unit_test(test_w_macos_is_log_predicate_valid_empty), - cmocka_unit_test(test_w_macos_is_log_predicate_valid_existing), - // Test w_macos_create_log_stream_array - cmocka_unit_test(test_w_macos_create_log_stream_array_NULL), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_log), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace), - cmocka_unit_test(test_w_macos_create_log_stream_array_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_type_activity_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_default_type_activity_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_info_type_activity_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_log_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_level_debug_type_activity_log_trace_predicate), - cmocka_unit_test(test_w_macos_create_log_stream_array_on_sierra), - // Test w_macos_log_exec - cmocka_unit_test(test_w_macos_log_exec_wpopenv_error), - cmocka_unit_test_setup_teardown(test_w_macos_log_exec_fileno_error, setup_file, teardown_file), - cmocka_unit_test_setup_teardown(test_w_macos_log_exec_fp_to_fd_error, setup_file, teardown_file), - cmocka_unit_test_setup_teardown(test_w_macos_log_exec_get_flags_error, setup_file, teardown_file), - cmocka_unit_test_setup_teardown(test_w_macos_log_exec_set_flags_error, setup_file, teardown_file), - cmocka_unit_test_setup_teardown(test_w_macos_log_exec_success, setup_file, teardown_file), - // Test w_macos_is_log_executable - cmocka_unit_test(test_w_macos_is_log_executable_success), - cmocka_unit_test(test_w_macos_is_log_executable_error), - cmocka_unit_test(test_w_macos_is_log_executable_sierra_access_fail), - // Test w_macos_log_show_array_add_level - cmocka_unit_test(test_w_macos_log_show_array_add_level_NULL), - cmocka_unit_test(test_w_macos_log_show_array_add_level_default), - cmocka_unit_test(test_w_macos_log_show_array_add_level_info), - cmocka_unit_test(test_w_macos_log_show_array_add_level_debug), - // Test w_macos_log_show_create_type_predicate - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_NULL), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_activity), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_log), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_trace), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_activity_log), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_activity_trace), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_log_trace), - cmocka_unit_test(test_w_macos_log_show_create_type_predicate_activity_log_trace), - // Test w_macos_log_show_array_add_predicate - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_query_and_predicate_null), - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_query_null_and_valid_predicate), - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_invalid_query_and_predicate_null), - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_invalid_query_valid_type_and_predicate_null), - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_valid_query_and_predicate_null), - cmocka_unit_test(test_w_macos_log_show_array_add_predicate_valid_query_and_predicate), - // Test w_macos_create_log_show_array - cmocka_unit_test(test_w_macos_create_log_show_array_complete), - cmocka_unit_test(test_w_macos_create_log_show_array_complete_on_sierra), - // Test w_macos_set_last_log_timestamp - cmocka_unit_test(test_w_macos_set_last_log_timestamp_complete), - // Test w_macos_get_last_log_timestamp - cmocka_unit_test(test_w_macos_get_last_log_timestamp_complete), - // Test w_macos_set_log_settings - cmocka_unit_test_teardown(test_w_macos_set_log_settings_complete, teardown_settings), - // Test w_macos_get_log_settings - cmocka_unit_test_teardown(test_w_macos_get_log_settings_complete, teardown_settings), - // Test w_macos_create_log_show_env - cmocka_unit_test_setup_teardown(test_w_macos_create_log_show_env_timestamp_NULL, setup_timestamp_null, teardown_timestamp_null), - cmocka_unit_test(test_w_macos_create_log_show_env_show_wfd_NULL), - cmocka_unit_test_setup_teardown(test_w_macos_create_log_show_env_success, setup_file, teardown_file), - // Test w_macos_create_log_stream_env - cmocka_unit_test(test_w_macos_create_log_stream_env_show_wfd_NULL), - cmocka_unit_test_setup_teardown(test_w_macos_create_log_stream_env_success, setup_file, teardown_file), - // Test w_macos_create_log_env - cmocka_unit_test(test_w_macos_create_log_env_codename_null_only_future), - cmocka_unit_test(test_w_macos_create_log_env_codename_not_null_only_future), - cmocka_unit_test(test_w_macos_create_log_env_codename_null_previous_settings_null), - cmocka_unit_test(test_w_macos_create_log_env_codename_null_current_and_previous_settings_missmatch), - cmocka_unit_test(test_w_macos_create_log_env_codename_null_settings_match), - // Test w_macos_add_sierra_support - cmocka_unit_test(test_w_macos_add_sierra_support), - // Test w_get_first_child - cmocka_unit_test(test_w_get_first_child_NULL), - cmocka_unit_test(test_w_get_first_child_non_null_non_zero), - cmocka_unit_test(test_w_get_first_child_non_null_zero), - // Test w_macos_set_is_valid_data - cmocka_unit_test(test_w_macos_set_is_valid_data_ok), - // Test w_macos_get_is_valid_data - cmocka_unit_test(test_w_macos_get_is_valid_data_ok), - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_read_journal.c b/src/modules/logcollector/tests/unit/tests/test_read_journal.c deleted file mode 100644 index 2080a895f1..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_read_journal.c +++ /dev/null @@ -1,348 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Includes */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/logcollector.h" -#include "../../logcollector/journal_log.h" -#include "../../headers/shared.h" -#include "../wrappers/common.h" - -bool w_journald_can_read(unsigned long owner_id); -void set_gs_journald_global(unsigned long owner_id, bool is_disabled, void * journal_ctx); - -/* setup/teardown */ - -static int group_setup(void ** state) { - test_mode = 1; - return 0; -} - -static int group_teardown(void ** state) { - test_mode = 0; - return 0; -} - -/* Wraps of journal_log */ -int __wrap_w_journal_context_create(w_journal_context_t ** ctx) { return mock_type(int); } - -int __wrap_w_journal_context_seek_most_recent(w_journal_context_t * ctx) { return mock_type(int); } - -int __wrap_w_journal_context_seek_timestamp(w_journal_context_t * ctx, uint64_t timestamp) { - // check timestamp - check_expected(timestamp); - return mock_type(int); -} - -int __wrap_w_journal_context_next_newest_filtered(w_journal_context_t * ctx, w_journal_filters_list_t filters) { - return mock_type(int); -} - -w_journal_entry_t * __wrap_w_journal_entry_dump(w_journal_context_t * ctx, w_journal_entry_dump_type_t type) { - return mock_type(w_journal_entry_t *); -} - -char * __wrap_w_journal_entry_to_string(w_journal_entry_t * entry) { return mock_type(char *); } - -void __wrap_w_journal_entry_free(w_journal_entry_t * entry) { function_called(); } - -/* Aux setters */ -void set_gs_journald_ofe(bool exist, bool ofe, uint64_t timestamp); -bool journald_isDisabled(); - -/* Other wraps */ -int __wrap_isDebug() { return mock(); } - -int __wrap_w_msg_hash_queues_push( - const char * str, char * file, unsigned long size, logtarget * targets, char queue_mq) { - check_expected(str); - check_expected(size); - return mock_type(int); -} - -int __wrap_can_read() { return mock_type(int); } - -/* Test w_journald_can_read */ -void test_w_journald_can_read_disable(void ** state) { - set_gs_journald_global(0, true, NULL); - assert_false(w_journald_can_read(0)); -} - -void test_w_journald_can_read_check_owner(void ** state) { - set_gs_journald_global(2, false, NULL); - assert_false(w_journald_can_read(1)); - assert_true(w_journald_can_read(2)); -} - -void test_w_journald_can_read_first_time_init_fail() { - int tid = 3; - - set_gs_journald_global(0, false, NULL); - - will_return(__wrap_w_journal_context_create, -1); - expect_string(__wrap__merror, formatted_msg, "(1608): Failed to connect to the journal, disabling journal log."); - - assert_false(w_journald_can_read(tid)); - assert_true(journald_isDisabled()); -} - -void test_w_journald_can_read_first_time_init_fail_seek() { - int tid = 3; - - set_gs_journald_global(0, false, NULL); - set_gs_journald_ofe(true, true, 123); - - will_return(__wrap_w_journal_context_create, 0); - - will_return(__wrap_w_journal_context_seek_most_recent, -1); - - expect_string(__wrap__merror, - formatted_msg, - "(1609): Failed to move to the end of the journal, disabling journal log: Operation not permitted."); - - assert_false(w_journald_can_read(tid)); - assert_true(journald_isDisabled()); -} - -void test_w_journald_can_read_first_time_init_ofe_yes(void ** state) { - - int tid = 3; - - set_gs_journald_global(0, false, NULL); - set_gs_journald_ofe(true, true, 123); - - will_return(__wrap_w_journal_context_create, 0); - - will_return(__wrap_w_journal_context_seek_most_recent, 0); - - expect_string(__wrap__minfo, formatted_msg, "(9203): Monitoring journal entries."); - - assert_true(w_journald_can_read(tid)); - assert_false(journald_isDisabled()); -} - -void test_w_journald_can_read_first_time_init_ofe_no(void ** state) { - int tid = 3; - - set_gs_journald_global(0, false, NULL); - set_gs_journald_ofe(true, false, 123); - - will_return(__wrap_w_journal_context_create, 0); - - expect_value(__wrap_w_journal_context_seek_timestamp, timestamp, 123); - will_return(__wrap_w_journal_context_seek_timestamp, 0); - - expect_string(__wrap__minfo, formatted_msg, "(9203): Monitoring journal entries."); - - assert_true(w_journald_can_read(tid)); - assert_false(journald_isDisabled()); -} - -/* w_journald_set_ofe */ -void test_w_journald_set_ofe(void ** state) { - w_journald_set_ofe(true); - w_journald_set_ofe(false); -} - -void test_read_journald_can_read_false(void ** state) { - - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - will_return(__wrap_can_read, 0); - - assert_null(read_journald(&lf, &rc, 0)); - assert_false(journald_isDisabled()); -} - -void test_read_journald_next_entry_error(void ** state) { - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - // Can read - will_return(__wrap_can_read, 1); - - // Fail get nex entry - will_return(__wrap_w_journal_context_next_newest_filtered, -1); - expect_string(__wrap__merror, - formatted_msg, - "(1610): Failed to get the next entry, disabling journal log: Operation not permitted."); - - assert_null(read_journald(&lf, &rc, 0)); - assert_true(journald_isDisabled()); -} - -void test_read_journald_next_entry_no_new_entry(void ** state) { - - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - // Can read - will_return(__wrap_can_read, 1); - - // Nothing to read - will_return(__wrap_w_journal_context_next_newest_filtered, 0); - expect_string(__wrap__mdebug2, formatted_msg, "(9006): No new entries in the journal."); - - assert_null(read_journald(&lf, &rc, 0)); - assert_false(journald_isDisabled()); -} - -void test_read_journald_dump_entry_error(void ** state) { - - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - // Can read - will_return(__wrap_can_read, 1); - - // Fail get nex entry - will_return(__wrap_w_journal_context_next_newest_filtered, 1); - will_return(__wrap_w_journal_entry_dump, NULL); - will_return(__wrap_w_journal_entry_to_string, NULL); - expect_function_call(__wrap_w_journal_entry_free); - - expect_string(__wrap__merror, formatted_msg, "(1611): Failed to get the message from the journal"); - - assert_null(read_journald(&lf, &rc, 0)); - assert_false(journald_isDisabled()); -} - -void test_read_journald_dump_entry_max_len(void ** state) { - - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - // Can read - will_return(__wrap_can_read, 1); - - // Fail get nex entry - will_return(__wrap_w_journal_context_next_newest_filtered, 1); - will_return(__wrap_w_journal_entry_dump, 0x1); - will_return(__wrap_w_journal_entry_to_string, strdup("MAX_STR_>>>_16_|xxxxxxxx")); - expect_function_call(__wrap_w_journal_entry_free); - - expect_string( - __wrap__mdebug1, formatted_msg, "(9007): Message size > maximum allowed, The message will be truncated."); - - will_return(__wrap_isDebug, 0); - - // Check message - expect_string(__wrap_w_msg_hash_queues_push, str, "MAX_STR_>>>_16_|"); - expect_value(__wrap_w_msg_hash_queues_push, size, strlen("MAX_STR_>>>_16_|") + 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - - // Brek the loop - will_return(__wrap_can_read, 0); - - assert_null(read_journald(&lf, &rc, 0)); - assert_false(journald_isDisabled()); -} - -void test_read_journald_dump_entry_debug(void ** state) { - - // Prepare environment - w_journal_context_t ctxt = {0}; - set_gs_journald_global(0, false, &ctxt); - - // Prepare args - logreader lf = {0}; - w_journal_log_config_t journal_log = {0}; - lf.journal_log = &journal_log; - int rc = 0; - - // Can read - will_return(__wrap_can_read, 1); - - // Fail get nex entry - will_return(__wrap_w_journal_context_next_newest_filtered, 1); - will_return(__wrap_w_journal_entry_dump, 0x1); - will_return(__wrap_w_journal_entry_to_string, strdup("message test")); - expect_function_call(__wrap_w_journal_entry_free); - - will_return(__wrap_isDebug, 2); - - expect_string(__wrap__mdebug2, formatted_msg, "(9008): Reading from journal: 'message test'."); - - // Check message - expect_string(__wrap_w_msg_hash_queues_push, str, "message test"); - expect_value(__wrap_w_msg_hash_queues_push, size, strlen("message test") + 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - - // Brek the loop - will_return(__wrap_can_read, 0); - - assert_null(read_journald(&lf, &rc, 0)); - assert_false(journald_isDisabled()); -} - -int main(void) { - - const struct CMUnitTest tests[] = { - cmocka_unit_test(test_w_journald_set_ofe), - /* Test w_journald_can_read */ - cmocka_unit_test(test_w_journald_can_read_disable), - cmocka_unit_test(test_w_journald_can_read_check_owner), - cmocka_unit_test(test_w_journald_can_read_first_time_init_fail), - cmocka_unit_test(test_w_journald_can_read_first_time_init_fail_seek), - cmocka_unit_test(test_w_journald_can_read_first_time_init_ofe_yes), - cmocka_unit_test(test_w_journald_can_read_first_time_init_ofe_no), - /* Test read_journald */ - cmocka_unit_test(test_read_journald_can_read_false), - cmocka_unit_test(test_read_journald_next_entry_error), - cmocka_unit_test(test_read_journald_next_entry_no_new_entry), - cmocka_unit_test(test_read_journald_dump_entry_error), - cmocka_unit_test(test_read_journald_dump_entry_max_len), - cmocka_unit_test(test_read_journald_dump_entry_debug), - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_read_macos.c b/src/modules/logcollector/tests/unit/tests/test_read_macos.c deleted file mode 100644 index ca53f412b9..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_read_macos.c +++ /dev/null @@ -1,1945 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Includes */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/logcollector.h" -#include "../../headers/shared.h" -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/file_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" -#include "../wrappers/linux/socket_wrappers.h" -#include "../wrappers/wazuh/shared/expression_wrappers.h" -#include "../wrappers/wazuh/logcollector/logcollector_wrappers.h" -#include "../wrappers/wazuh/logcollector/macos_log_wrappers.h" -#include "../wrappers/posix/signal_wrappers.h" -#include "../wrappers/linux/wait_wrappers.h" -#include "../wrappers/posix/time_wrappers.h" - -/* Defines */ - -#define TESTING_MAXIMUM_LINES 1000 - -/* Prototypes */ - -bool w_macos_log_ctxt_restore(char * buffer, w_macos_log_ctxt_t * ctxt); -void w_macos_log_ctxt_backup(char * buffer, w_macos_log_ctxt_t * ctxt); -void w_macos_log_ctxt_clean(w_macos_log_ctxt_t * ctxt); -bool w_macos_is_log_ctxt_expired(time_t timeout, w_macos_log_ctxt_t * ctxt); -char * w_macos_log_get_last_valid_line(char * str); -bool w_macos_is_log_header(w_macos_log_config_t * macos_log_cfg, char * buffer); -bool w_macos_log_getlog(char * buffer, int length, FILE * stream, w_macos_log_config_t * macos_log_cfg); -char * w_macos_trim_full_timestamp(char *); -char * w_macos_get_last_log_timestamp(void); - -/* Globals */ - -extern w_macos_log_procceses_t * macos_processes; - -extern int maximum_lines; -extern int errno; - -/* Tests */ - -/* setup/teardown */ - -static int group_setup(void ** state) { - - test_mode = 1; - return 0; -} - -static int group_teardown(void ** state) { - - test_mode = 0; - return 0; -} - -/* wraps */ - -int __wrap_isDebug() { - return mock(); -} - -int __wrap_can_read() { - - return mock_type(int); -} - -// todo: this function is repeated in other file -int __wrap_w_msg_hash_queues_push(void) { - - return mock_type(int); -} - -/* tests */ - -/* w_macos_log_ctxt_restore */ - -void test_w_macos_log_ctxt_restore_false(void ** state) { - - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - - char * buffer = NULL; - - bool ret = w_macos_log_ctxt_restore(buffer, &ctxt); - assert_false(ret); -} - -void test_w_macos_log_ctxt_restore_true(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - bool ret = w_macos_log_ctxt_restore(buffer, &ctxt); - assert_true(ret); -} - -/* w_macos_log_ctxt_backup */ - -void test_w_macos_log_ctxt_backup_success(void ** state) { - - w_macos_log_ctxt_t ctxt; - char buffer[OS_MAXSTR + 1]; - - buffer[OS_MAXSTR] = '\0'; - - strncpy(buffer, "test\n", OS_MAXSTR); - will_return(__wrap_time, 123456); - - w_macos_log_ctxt_backup(buffer, &ctxt); - - assert_string_equal(ctxt.buffer, "test\n"); - assert_int_equal(ctxt.timestamp, 123456); -} - -/* w_macos_log_ctxt_clean */ - -void test_w_macos_log_ctxt_clean_success(void ** state) { - - w_macos_log_ctxt_t ctxt; - - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - ctxt.timestamp = 123456; - - - w_macos_log_ctxt_clean(&ctxt); - - assert_int_equal(ctxt.timestamp, 0); - assert_string_equal(ctxt.buffer, "\0"); -} - -/* w_macos_is_log_ctxt_expired */ - -void test_w_macos_is_log_ctxt_expired_true(void ** state) { - - w_macos_log_ctxt_t ctxt; - time_t timeout = (time_t) MACOS_LOG_TIMEOUT; - - ctxt.timestamp = (time_t) 1000; - - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - bool ret = w_macos_is_log_ctxt_expired(timeout, &ctxt); - - assert_true(ret); -} - -void test_w_macos_is_log_ctxt_expired_false(void ** state) { - - w_macos_log_ctxt_t ctxt; - time_t timeout = (time_t) MACOS_LOG_TIMEOUT; - - ctxt.timestamp = 1000; - - // threshold timeout - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT); - - bool ret = w_macos_is_log_ctxt_expired(timeout, &ctxt); - - assert_false(ret); -} - -/* w_macos_log_get_last_valid_line */ - -void test_w_macos_log_get_last_valid_line_str_null(void ** state) { - - char * str = NULL; - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_null(ret); -} - -void test_w_macos_log_get_last_valid_line_str_empty(void ** state) { - - char * str = '\0'; - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_null(ret); -} - -void test_w_macos_log_get_last_valid_line_str_without_new_line(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_null(ret); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_new_line_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_null(ret); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_new_line_not_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n2021-04-22 12:00:00.230270-0700 test2", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_string_equal(ret, "\n2021-04-22 12:00:00.230270-0700 test2"); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_two_new_lines_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n2021-04-22 12:00:00.230270-0700 test2\n", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_string_equal(ret, "\n2021-04-22 12:00:00.230270-0700 test2\n"); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_two_new_lines_not_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n2021-04-22 12:00:00.230270-0700 test2\n2021-04-22 12:00:00.230270-0700 test3", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_string_equal(ret, "\n2021-04-22 12:00:00.230270-0700 test3"); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_three_new_lines_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n2021-04-22 12:00:00.230270-0700 test2\n2021-04-22 12:00:00.230270-0700 test3\n", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_string_equal(ret, "\n2021-04-22 12:00:00.230270-0700 test3\n"); - os_free(str); -} - -void test_w_macos_log_get_last_valid_line_str_with_three_new_lines_not_end(void ** state) { - - char * str = NULL; - - os_strdup("2021-04-22 12:00:00.230270-0700 test\n2021-04-22 12:00:00.230270-0700 test2\n2021-04-22 12:00:00.230270-0700 test3\n2021-04-22 12:00:00.230270-0700 test4", str); - - char * ret = w_macos_log_get_last_valid_line(str); - - assert_string_equal(ret, "\n2021-04-22 12:00:00.230270-0700 test4"); - os_free(str); -} - -/* w_macos_is_log_header */ - -void test_w_macos_is_log_header_false(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("test", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = false; - - will_return(__wrap_w_expression_match, true); - expect_value(__wrap_w_macos_set_is_valid_data, is_valid, true); - - bool ret = w_macos_is_log_header(& macos_log_cfg, buffer); - - assert_false(ret); - - os_free(buffer); -} - -void test_w_macos_is_log_header_log_stream_execution_error_after_exec(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("log: test", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = true; - - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__merror, formatted_msg, "(1602): Execution error 'log: test'"); - - expect_value(__wrap_w_macos_set_is_valid_data, is_valid, false); - - bool ret = w_macos_is_log_header(&macos_log_cfg, buffer); - - assert_true(ret); - - os_free(buffer); -} - -void test_w_macos_is_log_header_log_stream_execution_error_colon(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("log: ", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = true; - - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__merror, formatted_msg, "(1602): Execution error 'log'"); - expect_value(__wrap_w_macos_set_is_valid_data, is_valid, false); - - bool ret = w_macos_is_log_header(& macos_log_cfg, buffer); - - assert_true(ret); - - os_free(buffer); -} - -void test_w_macos_is_log_header_log_stream_execution_error_line_break(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("log: test\n", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = true; - - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__merror, formatted_msg, "(1602): Execution error 'log: test'"); - expect_value(__wrap_w_macos_set_is_valid_data, is_valid, false); - - bool ret = w_macos_is_log_header(& macos_log_cfg, buffer); - - assert_true(ret); - - os_free(buffer); -} - -void test_w_macos_is_log_header_reading_other_log(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("test", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = false; - - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Reading other log headers or errors: 'test'."); - - bool ret = w_macos_is_log_header(& macos_log_cfg, buffer); - - assert_true(ret); - - os_free(buffer); -} - -void test_w_macos_is_log_header_reading_other_log_line_break(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char * buffer = NULL; - os_strdup("test\n", buffer); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.log_start_regex = NULL; - macos_log_cfg.is_header_processed = false; - - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Reading other log headers or errors: 'test'."); - - bool ret = w_macos_is_log_header(& macos_log_cfg, buffer); - - assert_true(ret); - - os_free(buffer); -} - -/* w_macos_log_getlog */ -void test_w_macos_log_getlog_context_expired(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_true - ctxt.timestamp = (time_t) 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR - OS_LOG_HEADER; - - FILE * stream = NULL; - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_true(ret); - assert_string_equal(buffer, "test"); -} - -void test_w_macos_log_getlog_context_expired_new_line(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_true - ctxt.timestamp = (time_t) 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR - OS_LOG_HEADER; - - FILE * stream = NULL; - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_true(ret); - assert_string_equal(buffer, "test"); -} - -void test_w_macos_log_getlog_context_not_expired(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR - OS_LOG_HEADER; - - FILE * stream = (FILE*)1; - - will_return(__wrap_can_read, 1); - - expect_value(__wrap_fgets, __stream, (FILE*)1); - will_return(__wrap_fgets, NULL); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal("test\n", macos_log_cfg.ctxt.buffer); - assert_int_equal(ctxt.timestamp, 1000); -} - -void test_w_macos_log_getlog_context_buffer_full(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\n", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 1; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test"); - - //test_w_macos_log_get_last_valid_line - - will_return(__wrap_isDebug, 0); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, "test"); - assert_true(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_context_buffer_full_no_endl_force_split(void ** state) { - - /* It must split the log, because the last line received (incomplete) can be part of a second log */ - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - ctxt.timestamp = 1000; - ctxt.force_send = false; - - const char *test_str = "test large\nlog"; - char buffer[OS_MAXSTR + 1]; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(test_str) + 1; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, test_str); - - will_return(__wrap_isDebug, 0); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Maximum message length reached. The remainder will be send separately."); - will_return(__wrap_time, 1000); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, "test large"); - assert_string_equal(macos_log_cfg.ctxt.buffer, "log"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000); - assert_true(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_context_not_endline(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test-\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 10; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test"); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Incomplete message."); - will_return(__wrap_time, ctxt.timestamp + 1); - - //test_w_macos_log_ctxt_backup_success - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(macos_log_cfg.ctxt.buffer, "test-test"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000 + 1); - assert_false(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_context_full_buffer(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test--max...\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "more content................"); - int length = strlen(ctxt.buffer) + strlen("more content...") + 1; - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_fgetc, '\n'); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Maximum message length reached. The remainder was discarded."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, "test--max...more content..."); - assert_string_equal("", macos_log_cfg.ctxt.buffer); - assert_int_equal(0, macos_log_cfg.ctxt.timestamp); - assert_true(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_discards_irrelevant_headers(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "Other headers, line1\n\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = false; - - int length = strlen(ctxt.buffer) + 100; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "Other headers, line2\n"); - - will_return(__wrap_w_is_macos_sierra, false); - - //test_w_macos_is_log_header_reading_other_log - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Reading other log headers or errors:" - " 'Other headers, line1\nOther headers, line2'."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, ""); - assert_true(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_discards_irrelevant_headers_sierra_child_processes_already_set(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "Other headers, line1\n\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = false; - macos_log_cfg.processes.show.wfd = (wfd_t*) 123; - macos_log_cfg.processes.stream.wfd = (wfd_t*) 124; - macos_log_cfg.processes.show.child = 5; - macos_log_cfg.processes.stream.child = 6; - - int length = strlen(ctxt.buffer) + 100; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "Other headers, line2\n"); - - will_return(__wrap_w_is_macos_sierra, true); - - //test_w_macos_is_log_header_reading_other_log - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Reading other log headers or errors:" - " 'Other headers, line1\nOther headers, line2'."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, ""); - assert_true(ret); - assert(macos_log_cfg.processes.show.child == 5); - assert(macos_log_cfg.processes.stream.child == 6); - - os_free(stream); -} - -void test_w_macos_log_getlog_discards_irrelevant_headers_sierra_stream_and_show_without_child_pid(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "Other headers, line1\n\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = false; - os_calloc(1, sizeof(wfd_t), macos_log_cfg.processes.show.wfd); - os_calloc(1, sizeof(wfd_t), macos_log_cfg.processes.stream.wfd); - macos_log_cfg.processes.show.wfd->pid = 10; - macos_log_cfg.processes.stream.wfd->pid = 11; - macos_log_cfg.processes.show.child = 0; - macos_log_cfg.processes.stream.child = 0; - - int length = strlen(ctxt.buffer) + 100; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "Other headers, line2\n"); - - will_return(__wrap_w_is_macos_sierra, true); - expect_value(__wrap_w_get_first_child, parent_pid, 10); - will_return(__wrap_w_get_first_child, 5); - expect_value(__wrap_w_get_first_child, parent_pid, 11); - will_return(__wrap_w_get_first_child, 6); - - - //test_w_macos_is_log_header_reading_other_log - will_return(__wrap_w_expression_match, false); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Reading other log headers or errors:" - " 'Other headers, line1\nOther headers, line2'."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, ""); - assert_true(ret); - assert(macos_log_cfg.processes.show.child == 5); - assert(macos_log_cfg.processes.stream.child == 6); - - os_free(stream); - os_free(macos_log_cfg.processes.show.wfd); - os_free(macos_log_cfg.processes.stream.wfd); -} - -void test_w_macos_log_getlog_split_two_logs(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "log 1 first line\nlog 1 second line\n", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 100; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "log 2 first line\r\n"); - - //test_w_macos_log_get_last_valid_line - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, 1001); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, "log 1 first line\nlog 1 second line"); - assert_string_equal(macos_log_cfg.ctxt.buffer, "log 2 first line\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1001); - assert_true(ret); - - os_free(stream); -} - -void test_w_macos_log_getlog_backup_context(void ** state) { - - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - ctxt.timestamp = 0; - ctxt.force_send = false; - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test\n"); - will_return(__wrap_time, 1000); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - will_return(__wrap_isDebug, 0); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal(macos_log_cfg.ctxt.buffer, "test\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000); - - os_free(stream); -} - -void test_w_macos_log_getlog_backup_context_sierra(void ** state) { - - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - ctxt.timestamp = 0; - ctxt.force_send = false; - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test\r\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_time, 1000); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal(macos_log_cfg.ctxt.buffer, "test\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000); - - os_free(stream); -} - -void test_w_macos_log_getlog_backup_context_sierra_multiline(void ** state) { - - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - ctxt.timestamp = 0; - ctxt.force_send = false; - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test multiline line 1\r\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_time, 1000); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test multiline line 2\r\n"); - will_return(__wrap_w_expression_match, false); - will_return(__wrap_time, 1000); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - will_return(__wrap_isDebug, 0); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal(macos_log_cfg.ctxt.buffer, "test multiline line 1\ntest multiline line 2\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000); - - os_free(stream); -} - -void test_w_macos_log_getlog_backup_context_sierra_new_line(void ** state) { - - w_macos_log_ctxt_t ctxt; - ctxt.buffer[0] = '\0'; - ctxt.timestamp = 0; - ctxt.force_send = false; - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "\r\n"); - will_return(__wrap_time, 1000); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - will_return(__wrap_isDebug, 0); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal(macos_log_cfg.ctxt.buffer, "\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1000); - - os_free(stream); -} - -void test_w_macos_log_getlog_cannot_read(void ** state) { - - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test", OS_MAXSTR); - ctxt.force_send = false; - time_t now = 1000; - ctxt.timestamp = now; - will_return(__wrap_time, 1000 + 1); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = OS_MAXSTR; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 0); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_false(ret); - assert_string_equal(macos_log_cfg.ctxt.buffer, "test"); - assert(macos_log_cfg.ctxt.timestamp == now); - os_free(stream); - -} - -void test_w_macos_log_getlog_discard_until_null(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 1; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test"); - - will_return(__wrap_isDebug, 0); - - //test_w_macos_log_ctxt_backup_success - - will_return(__wrap_fgetc, 'X'); - will_return(__wrap_fgetc, 'X'); - will_return(__wrap_fgetc, NULL); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Maximum message length reached. The remainder was discarded."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - //assert_string_equal(buffer, "test"); - assert_true(ret); - - os_free(stream); - -} - -void test_w_macos_log_getlog_discard_until_eof(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "test\0", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 1; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_fgetc, 'X'); - will_return(__wrap_fgetc, 'X'); - will_return(__wrap_fgetc, EOF); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Maximum message length reached. The remainder was discarded."); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - //assert_string_equal(buffer, "test"); - assert_true(ret); - - os_free(stream); - -} - -void test_w_macos_log_getlog_split_two_logs_debug(void ** state) { - - //test_w_macos_ctxt_restore_true - w_macos_log_ctxt_t ctxt; - strncpy(ctxt.buffer, "log 1 first line\nlog 1 second line\n", OS_MAXSTR); - - char buffer[OS_MAXSTR + 1]; - buffer[OS_MAXSTR] = '\0'; - - //test_w_macos_is_log_ctxt_expired_false - ctxt.timestamp = 1000; - ctxt.force_send = false; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - w_macos_log_config_t macos_log_cfg; - macos_log_cfg.ctxt = ctxt; - macos_log_cfg.is_header_processed = true; - - int length = strlen(ctxt.buffer) + 100; - - FILE * stream; - os_calloc(1, sizeof(FILE *), stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "log 2 first line\r\n"); - - //test_w_macos_log_ctxt_backup_success - - //test_w_macos_is_log_header_false - will_return(__wrap_w_expression_match, true); - - //test_w_macos_log_get_last_valid_line - - will_return(__wrap_isDebug, 2); - - expect_string(__wrap__mdebug2, formatted_msg, "Reading macOS message: ''..."); - - will_return(__wrap_time, 1001); - - bool ret = w_macos_log_getlog(buffer, length, stream, &macos_log_cfg); - - assert_string_equal(buffer, "log 1 first line\nlog 1 second line"); - assert_string_equal(macos_log_cfg.ctxt.buffer, "log 2 first line\n"); - assert_int_equal(macos_log_cfg.ctxt.timestamp, 1001); - assert_true(ret); - - os_free(stream); -} - -/* w_macos_trim_full_timestamp */ - -void test_w_macos_trim_full_timestamp_null_pointer(void ** state) { - - assert_null(w_macos_trim_full_timestamp(NULL)); -} - -void test_w_macos_trim_full_timestamp_empty_string(void ** state) { - - assert_null(w_macos_trim_full_timestamp("")); -} - -void test_w_macos_trim_full_timestamp_incomplete_timestamp(void ** state) { - - char * INCOMPLETE_TIMESTAMP = "2019-12-14 05:43:58.9"; - - assert_null(w_macos_trim_full_timestamp(INCOMPLETE_TIMESTAMP)); -} - -void test_w_macos_trim_full_timestamp_full_timestamp(void ** state) { - - char * FULL_TIMESTAMP = "2019-12-14 05:43:58.972536-0800"; - char * EXPECTED_TRIMMED_TIMESTAMP = "2019-12-14 05:43:58-0800"; - char * retstr; - - retstr = w_macos_trim_full_timestamp(FULL_TIMESTAMP); - - assert_non_null(retstr); - assert_string_equal(retstr, EXPECTED_TRIMMED_TIMESTAMP); - - os_free(retstr); -} - -/* read_macos */ - -void test_read_macos_can_read_false(void ** state) { - - logreader dummy_lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), dummy_lf.macos_log); - dummy_lf.macos_log->state = LOG_RUNNING_STREAM; - - will_return(__wrap_can_read, 0); - - assert_null(read_macos(&dummy_lf, &dummy_rc, 0)); - - os_free(dummy_lf.macos_log); -} - -void test_read_macos_getlog_false(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - - will_return(__wrap_can_read, 1); - will_return(__wrap_can_read, 0); // forces w_macos_log_getlog to return NULL - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 0); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_empty_log(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->is_header_processed = true; - - - will_return(__wrap_can_read, 1); - - // This block forces w_macos_log_getlog to return "true" and an empty buffer - lf.macos_log->ctxt.buffer[0] = '\n'; - lf.macos_log->ctxt.buffer[1] = '\0'; - lf.macos_log->ctxt.timestamp = 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Discarding empty message."); - will_return(__wrap_can_read, 0); // second loop - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 0); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_incomplete_short_log(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->ctxt.buffer[0] = '\0'; - - will_return(__wrap_can_read, 1); - - will_return(__wrap_can_read, 1); - lf.macos_log->ctxt.timestamp = 1000; - will_return(__wrap_time, 999 + MACOS_LOG_TIMEOUT); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "test"); - - expect_string(__wrap__mdebug2, formatted_msg, "macOS ULS: Incomplete message."); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 0); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_single_full_log_store_timestamp_and_setting(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->is_header_processed = true; - lf.macos_log->store_current_settings = false; - lf.macos_log->current_settings = "some log command with predicate and stuff"; - lf.macos_log->ctxt.timestamp = 1000; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_can_read, 1); - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 0); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - expect_string(__wrap_w_macos_set_log_settings, settings, lf.macos_log->current_settings); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 0); - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_true(lf.macos_log->store_current_settings); - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_more_logs_than_maximum(void ** state) { - - logreader lf; - int dummy_rc; - int TIMESTAMP_TIME = 10; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->is_header_processed = true; - lf.macos_log->store_current_settings = true; - lf.macos_log->ctxt.timestamp = TIMESTAMP_TIME; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - maximum_lines = 3; - - will_return(__wrap_can_read, 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:54.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:55.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:56.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:55-0700"); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - maximum_lines = TESTING_MAXIMUM_LINES; - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_disable_maximum_lines(void ** state) { - - logreader lf; - int dummy_rc; - int TIMESTAMP_TIME = 10; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->is_header_processed = true; - lf.macos_log->store_current_settings = true; - lf.macos_log->ctxt.timestamp = TIMESTAMP_TIME; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - maximum_lines = 0; - - will_return(__wrap_can_read, 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:54.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:55.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_time, TIMESTAMP_TIME); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "2021-05-17 15:31:56.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_isDebug, 0); - - will_return(__wrap_w_expression_match, true); - will_return(__wrap_time, TIMESTAMP_TIME); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_time, TIMESTAMP_TIME + 100); - will_return(__wrap_w_msg_hash_queues_push, 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:56-0700"); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - maximum_lines = TESTING_MAXIMUM_LINES; - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_toggle_correctly_ended_show_to_stream(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.show.wfd); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - wfd_t * show_ptr = lf.macos_log->processes.show.wfd; - wfd_t * stream_ptr = lf.macos_log->processes.stream.wfd; - lf.macos_log->state = LOG_RUNNING_SHOW; - lf.macos_log->processes.show.wfd->pid = 10; - lf.macos_log->processes.stream.wfd->pid = 11; - macos_processes = &lf.macos_log->processes; - lf.macos_log->store_current_settings = true; - lf.macos_log->is_header_processed = true; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - - // Save an expired context to send it immediately - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib)\n"); - lf.macos_log->ctxt.timestamp = 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - will_return(__wrap_can_read, 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 10); - - expect_string(__wrap__minfo, formatted_msg, "(1607): macOS 'log show' process exited, pid: 10, exit value: 0."); - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, NULL); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_string_equal(lf.macos_log->ctxt.buffer, ""); - assert_true(lf.macos_log->store_current_settings); - assert_int_equal(lf.macos_log->state, LOG_RUNNING_STREAM); - assert_non_null(lf.macos_log->processes.stream.wfd); - assert_false(lf.macos_log->is_header_processed); - - os_free(show_ptr); - os_free(stream_ptr); - os_free(lf.macos_log); -} - -void test_read_macos_toggle_faulty_ended_show_to_stream(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.show.wfd); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - wfd_t * show_ptr = lf.macos_log->processes.show.wfd; - wfd_t * stream_ptr = lf.macos_log->processes.stream.wfd; - lf.macos_log->state = LOG_RUNNING_SHOW; - lf.macos_log->processes.show.wfd->pid = 10; - lf.macos_log->processes.stream.wfd->pid = 11; - macos_processes = &lf.macos_log->processes; - lf.macos_log->store_current_settings = true; - lf.macos_log->is_header_processed = true; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - - // Save an expired context to send it immediately - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib)\n"); - lf.macos_log->ctxt.timestamp = 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - will_return(__wrap_can_read, 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 1); - will_return(__wrap_waitpid, 10); - - expect_string(__wrap__merror, formatted_msg, "(1607): macOS 'log show' process exited, pid: 10, exit value: 1."); - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, NULL); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_string_equal(lf.macos_log->ctxt.buffer, ""); - assert_true(lf.macos_log->store_current_settings); - assert_int_equal(lf.macos_log->state, LOG_RUNNING_STREAM); - assert_non_null(lf.macos_log->processes.stream.wfd); - assert_false(lf.macos_log->is_header_processed); - - os_free(show_ptr); - os_free(stream_ptr); - os_free(lf.macos_log); -} - -void test_read_macos_toggle_correctly_ended_show_to_faulty_stream(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.show.wfd); - wfd_t * show_ptr = lf.macos_log->processes.show.wfd; - lf.macos_log->state = LOG_RUNNING_SHOW; - lf.macos_log->processes.show.wfd->pid = 10; - lf.macos_log->processes.stream.wfd = NULL; - macos_processes = &lf.macos_log->processes; - lf.macos_log->store_current_settings = true; - lf.macos_log->is_header_processed = true; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - - // Save an expired context to send it immediately - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib)\n"); - lf.macos_log->ctxt.timestamp = 1000; - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - will_return(__wrap_can_read, 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 10); - - expect_string(__wrap__minfo, formatted_msg, "(1607): macOS 'log show' process exited, pid: 10, exit value: 0."); - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log show` resources."); - - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, NULL); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_string_equal(lf.macos_log->ctxt.buffer, ""); - assert_true(lf.macos_log->store_current_settings); - assert_int_equal(lf.macos_log->state, LOG_NOT_RUNNING); - assert_null(macos_processes->show.wfd); - - os_free(show_ptr); - os_free(lf.macos_log); -} - -void test_read_macos_faulty_ended_stream(void ** state) { - - logreader lf; - int dummy_rc; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - wfd_t * stream_ptr = lf.macos_log->processes.stream.wfd; - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = 10; - macos_processes = &lf.macos_log->processes; - lf.macos_log->store_current_settings = true; - lf.macos_log->is_header_processed = true; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - - // Save an expired context to send it immediately - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib)\n"); - lf.macos_log->ctxt.timestamp = 1000; - - will_return(__wrap_can_read, 1); - - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 1); - will_return(__wrap_waitpid, 10); - - expect_string(__wrap__merror, formatted_msg, "(1607): macOS 'log stream' process exited, pid: 10, exit value: 1."); - expect_string(__wrap__mdebug1, formatted_msg, "macOS ULS: Releasing macOS `log stream` resources."); - - expect_value(__wrap_kill, sig, SIGTERM); - expect_value(__wrap_kill, pid, 10); - will_return(__wrap_kill, 0); - will_return(__wrap_wpclose, NULL); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_string_equal(lf.macos_log->ctxt.buffer, ""); - assert_true(lf.macos_log->store_current_settings); - assert_int_equal(lf.macos_log->state, LOG_NOT_RUNNING); - assert_null(macos_processes->show.wfd); - - - os_free(stream_ptr); - os_free(lf.macos_log); -} - -void test_read_macos_faulty_waitpid(void ** state) { - - logreader lf; - int dummy_rc; - errno = 123; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = 10; - macos_processes = &lf.macos_log->processes; - lf.macos_log->store_current_settings = true; - lf.macos_log->is_header_processed = true; - lf.regex_ignore = NULL; - lf.regex_restrict = NULL; - - // Save an expired context to send it immediately - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib)\n"); - lf.macos_log->ctxt.timestamp = 1000; - - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - - will_return(__wrap_can_read, 1); - will_return(__wrap_w_msg_hash_queues_push, 0); - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_string(__wrap_w_macos_set_last_log_timestamp, timestamp, "2021-05-17 15:31:53-0700"); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 1); - will_return(__wrap_waitpid, 2); - will_return(__wrap_strerror, "error test"); - - expect_string(__wrap__merror, formatted_msg, "(1111): Error during waitpid()-call due to [(123)-(error test)]."); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - assert_string_equal(lf.macos_log->ctxt.buffer, ""); - assert_true(lf.macos_log->store_current_settings); - assert_null(macos_processes->show.wfd); - - - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); -} - -void test_read_macos_log_ignored(void ** state) { - logreader lf; - int dummy_rc; - char log_str[PATH_MAX + 1] = {0}; - w_expression_t * expression_ignore; - - os_calloc(1, sizeof(w_macos_log_config_t), lf.macos_log); - os_calloc(1, sizeof(wfd_t), lf.macos_log->processes.stream.wfd); - - lf.regex_ignore = OSList_Create(); - OSList_SetFreeDataPointer(lf.regex_ignore, (void (*)(void *))w_free_expression); - - w_calloc_expression_t(&expression_ignore, EXP_TYPE_PCRE2); - w_expression_compile(expression_ignore, "ignore.*", 0); - OSList_InsertData(lf.regex_ignore, NULL, expression_ignore); - - lf.macos_log->state = LOG_RUNNING_STREAM; - lf.macos_log->processes.stream.wfd->pid = getpid(); - lf.macos_log->is_header_processed = true; - lf.macos_log->store_current_settings = false; - lf.macos_log->current_settings = "some log command with predicate and stuff"; - lf.macos_log->ctxt.timestamp = 1000; - lf.regex_restrict = NULL; - strcpy(lf.macos_log->ctxt.buffer, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name\n"); - - will_return(__wrap_can_read, 1); - will_return(__wrap_time, 1000 + MACOS_LOG_TIMEOUT + 1); - will_return(__wrap_w_expression_match, true); - - snprintf(log_str, PATH_MAX, LF_MATCH_REGEX, "2021-05-17 15:31:53.586313-0700 localhost sshd[880]: (libsystem_info.dylib) Created Activity ID: 0x2040, Description: Retrieve User by Name", "ignore", "ignore.*"); - expect_string(__wrap__mdebug2, formatted_msg, log_str); - - will_return(__wrap_can_read, 0); - - expect_any(__wrap_waitpid, __pid); - expect_any(__wrap_waitpid, __options); - will_return(__wrap_waitpid, 0); - will_return(__wrap_waitpid, 0); - - assert_null(read_macos(&lf, &dummy_rc, 0)); - - os_free(lf.macos_log->processes.stream.wfd); - os_free(lf.macos_log); - - if (lf.regex_ignore) { - OSList_Destroy(lf.regex_ignore); - lf.regex_ignore = NULL; - } -} - -int main(void) { - - maximum_lines = TESTING_MAXIMUM_LINES; - const struct CMUnitTest tests[] = { - // Test w_macos_log_ctxt_restore - cmocka_unit_test(test_w_macos_log_ctxt_restore_false), - cmocka_unit_test(test_w_macos_log_ctxt_restore_true), - // Test w_macos_log_ctxt_backup - cmocka_unit_test(test_w_macos_log_ctxt_backup_success), - // Test w_macos_log_ctxt_clean - cmocka_unit_test(test_w_macos_log_ctxt_clean_success), - // Test w_macos_is_log_ctxt_expired - cmocka_unit_test(test_w_macos_is_log_ctxt_expired_true), - cmocka_unit_test(test_w_macos_is_log_ctxt_expired_false), - // Test w_macos_log_get_last_valid_line - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_null), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_empty), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_without_new_line), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_with_new_line_end), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_with_new_line_not_end), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_with_two_new_lines_end), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_with_two_new_lines_not_end), - cmocka_unit_test(test_w_macos_log_get_last_valid_line_str_with_three_new_lines_not_end), - // Test w_macos_is_log_header - cmocka_unit_test(test_w_macos_is_log_header_false), - cmocka_unit_test(test_w_macos_is_log_header_log_stream_execution_error_after_exec), - cmocka_unit_test(test_w_macos_is_log_header_log_stream_execution_error_colon), - cmocka_unit_test(test_w_macos_is_log_header_log_stream_execution_error_line_break), - cmocka_unit_test(test_w_macos_is_log_header_reading_other_log), - cmocka_unit_test(test_w_macos_is_log_header_reading_other_log_line_break), - // Test w_macos_log_getlog - cmocka_unit_test(test_w_macos_log_getlog_context_expired), - cmocka_unit_test(test_w_macos_log_getlog_context_expired_new_line), - cmocka_unit_test(test_w_macos_log_getlog_context_not_expired), - cmocka_unit_test(test_w_macos_log_getlog_context_buffer_full), - cmocka_unit_test(test_w_macos_log_getlog_context_buffer_full_no_endl_force_split), - cmocka_unit_test(test_w_macos_log_getlog_context_not_endline), - cmocka_unit_test(test_w_macos_log_getlog_context_full_buffer), - cmocka_unit_test(test_w_macos_log_getlog_discards_irrelevant_headers), - cmocka_unit_test(test_w_macos_log_getlog_discards_irrelevant_headers_sierra_child_processes_already_set), - cmocka_unit_test(test_w_macos_log_getlog_discards_irrelevant_headers_sierra_stream_and_show_without_child_pid), - cmocka_unit_test(test_w_macos_log_getlog_split_two_logs), - cmocka_unit_test(test_w_macos_log_getlog_backup_context), - cmocka_unit_test(test_w_macos_log_getlog_backup_context_sierra), - cmocka_unit_test(test_w_macos_log_getlog_backup_context_sierra_multiline), - cmocka_unit_test(test_w_macos_log_getlog_backup_context_sierra_new_line), - cmocka_unit_test(test_w_macos_log_getlog_cannot_read), - cmocka_unit_test(test_w_macos_log_getlog_discard_until_eof), - cmocka_unit_test(test_w_macos_log_getlog_discard_until_null), - cmocka_unit_test(test_w_macos_log_getlog_split_two_logs_debug), - // Test w_macos_trim_full_timestamp - cmocka_unit_test(test_w_macos_trim_full_timestamp_null_pointer), - cmocka_unit_test(test_w_macos_trim_full_timestamp_empty_string), - cmocka_unit_test(test_w_macos_trim_full_timestamp_incomplete_timestamp), - cmocka_unit_test(test_w_macos_trim_full_timestamp_full_timestamp), - // Test w_read_macos - cmocka_unit_test(test_read_macos_can_read_false), - cmocka_unit_test(test_read_macos_getlog_false), - cmocka_unit_test(test_read_macos_empty_log), - cmocka_unit_test(test_read_macos_incomplete_short_log), - cmocka_unit_test(test_read_macos_single_full_log_store_timestamp_and_setting), - cmocka_unit_test(test_read_macos_more_logs_than_maximum), - cmocka_unit_test(test_read_macos_disable_maximum_lines), - cmocka_unit_test(test_read_macos_toggle_correctly_ended_show_to_stream), - cmocka_unit_test(test_read_macos_toggle_faulty_ended_show_to_stream), - cmocka_unit_test(test_read_macos_toggle_correctly_ended_show_to_faulty_stream), - cmocka_unit_test(test_read_macos_faulty_ended_stream), - cmocka_unit_test(test_read_macos_faulty_waitpid), - cmocka_unit_test(test_read_macos_log_ignored), - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_read_multiline.c b/src/modules/logcollector/tests/unit/tests/test_read_multiline.c deleted file mode 100644 index c2ab1c86c4..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_read_multiline.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/logcollector.h" -#include "../../headers/shared.h" -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/file_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" - -/* Setup & Teardown */ - -static int group_setup(void ** state) { - test_mode = 1; - return 0; -} - -static int group_teardown(void ** state) { - test_mode = 0; - return 0; -} - -/* Wraps */ -int __wrap_can_read() { - return mock_type(int); -} - -bool __wrap_w_get_hash_context(const char * path, EVP_MD_CTX * context, int64_t position) { - return mock_type(bool); -} - -int __wrap_w_update_file_status(const char * path, int64_t pos, EVP_MD_CTX * context) { - bool free_context = mock_type(bool); - if (free_context) { - EVP_MD_CTX_free(context); - } - return mock_type(int); -} - -void __wrap_OS_SHA1_Stream(EVP_MD_CTX *c, os_sha1 output, char * buf) { - function_called(); - return; -} - -/* Tests */ - -void test_buffer_space(void ** state) { - logreader lf = { .file = "test", .linecount = 3 }; - int rc; - char * input_str = malloc(OS_MAX_LOG_SIZE); - memset(input_str, '.', OS_MAX_LOG_SIZE - 1); - input_str[OS_MAX_LOG_SIZE - 1] = '\0'; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_w_get_hash_context, true); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, input_str); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) OS_MAX_LOG_SIZE - 1); - - expect_function_call(__wrap_OS_SHA1_Stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "\n"); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) OS_MAX_LOG_SIZE); - - expect_function_call(__wrap_OS_SHA1_Stream); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, input_str); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) (OS_MAX_LOG_SIZE) * 2 - 1); - - expect_function_call(__wrap_OS_SHA1_Stream); - - expect_any(__wrap__merror, formatted_msg); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) (OS_MAX_LOG_SIZE) * 2 - 1); - - will_return(__wrap_can_read, 0); - - will_return(__wrap_w_update_file_status, true); - will_return(__wrap_w_update_file_status, 0); - - read_multiline(&lf, &rc, 1); - - free(input_str); -} - -void test_buffer_space_invalid_context(void ** state) { - logreader lf = { .file = "test", .linecount = 3 }; - int rc; - char * input_str = malloc(OS_MAX_LOG_SIZE); - memset(input_str, '.', OS_MAX_LOG_SIZE - 1); - input_str[OS_MAX_LOG_SIZE - 1] = '\0'; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_w_get_hash_context, false); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, input_str); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) OS_MAX_LOG_SIZE - 1); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "\n"); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) OS_MAX_LOG_SIZE); - - will_return(__wrap_can_read, 1); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, input_str); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) (OS_MAX_LOG_SIZE) * 2 - 1); - - expect_any(__wrap__merror, formatted_msg); - - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) (OS_MAX_LOG_SIZE) * 2 - 1); - - will_return(__wrap_can_read, 0); - - read_multiline(&lf, &rc, 1); - - free(input_str); -} - -int main(void) { - const struct CMUnitTest tests[] = { - cmocka_unit_test(test_buffer_space), - cmocka_unit_test(test_buffer_space_invalid_context), - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_read_multiline_regex.c b/src/modules/logcollector/tests/unit/tests/test_read_multiline_regex.c deleted file mode 100644 index eb700dd30c..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_read_multiline_regex.c +++ /dev/null @@ -1,1902 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include - -#include "../../logcollector/logcollector.h" -#include "../../headers/shared.h" -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/file_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" - -void multiline_replace(char * buffer, w_multiline_replace_type_t type); -bool multiline_ctxt_is_expired(time_t timeout, w_multiline_ctxt_t * ctxt); -bool multiline_ctxt_restore(char * buffer, int * readed_lines, w_multiline_ctxt_t * ctxt); -void multiline_ctxt_free(w_multiline_ctxt_t ** ctxt); -void multiline_ctxt_backup(char * buffer, int readed_lines, w_multiline_ctxt_t ** ctxt); - -int multiline_getlog_start(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); -int multiline_getlog_end(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); -int multiline_getlog_all(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); -int multiline_getlog(char * buffer, int length, FILE * stream, w_multiline_config_t * ml_cfg); -void * read_multiline_regex(logreader * lf, int * rc, int drop_it); -char * get_file_chunk(FILE * stream, int64_t initial_pos, int64_t final_pos); - -/* setup/teardown */ - -static int group_setup(void ** state) { - test_mode = 1; - return 0; -} - -static int group_teardown(void ** state) { - test_mode = 0; - return 0; -} - -/* wraps */ -int __wrap_can_read() { - return mock_type(int); -} - -bool __wrap_w_expression_match(w_expression_t * expression, const char * str_test, const char ** end_match, - regex_matching * regex_match) { - return mock_type(bool); -} - -int __wrap_w_msg_hash_queues_push(const char * str, char * file, unsigned long size, logtarget * targets, - char queue_mq) { - return mock_type(int); -} - -bool __wrap_w_get_hash_context(const char * path, EVP_MD_CTX * context, int64_t position) { - return mock_type(bool); -} - -int __wrap_w_update_file_status(const char * path, int64_t pos, EVP_MD_CTX * context) { - bool free_context = mock_type(bool); - if (free_context) { - EVP_MD_CTX_free(context); - } - return mock_type(int); -} - -void __wrap_OS_SHA1_Stream(EVP_MD_CTX *c, os_sha1 output, char * buf) { - function_called(); - return; -} - -/* tests */ - -/* multiline_replace linux */ -void test_multiline_replace_ws_not_found(void ** state) { - - char str[] = "test replace white space"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace white space"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_ws_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_ws_char_empty_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - char str[] = ""; - multiline_replace(str, type); -} - -void test_multiline_replace_ws_char_noreplace(void ** state) { - - char str[] = "test replace\nwhite space"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace\nwhite space"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_ws_char_replace_last(void ** state) { - - char str[] = "test replace\ntab\n"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace\ntab "; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_tab_not_found(void ** state) { - - char str[] = "test replace tab"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace tab"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_tab_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_TAB; - multiline_replace(NULL, type); -} - -void test_multiline_replace_tab_char_empty_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_TAB; - char str[] = ""; - multiline_replace(str, type); -} - -void test_multiline_replace_tab_char_noreplace(void ** state) { - - char str[] = "test replace\ntab"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace\ntab"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_tab_char_replace_last(void ** state) { - - char str[] = "test replace\ntab\n"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace\ntab\t"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_none_not_found(void ** state) { - - char str[] = "test replace none"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace none"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_none_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_NONE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_none_char_empty_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_NONE; - char str[] = ""; - multiline_replace(str, type); -} - -void test_multiline_replace_none_char_noreplace(void ** state) { - - char str[] = "test replace\nnone"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace\nnone"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_none_char_replace_last(void ** state) { - - char str[] = "test replace\nnone\n"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace\nnone"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_noreplace_not_found(void ** state) { - - char str[] = "test replace no replace"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace no replace"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_noreplace_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_noreplace_char_replace(void ** state) { - - char str[] = "test replace\nno replace"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace\nno replace"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_noreplace_char_replace_last(void ** state) { - - char str[] = "test replace\nno replace\n"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace\nno replace\n"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -/* multiline_replace windows */ -void test_multiline_replace_w_ws_not_found(void ** state) { - - char str[] = "test replace white space"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace white space"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_ws_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_w_ws_char_noreplace(void ** state) { - - char str[] = "test replace\r\nwhite space"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace\r\nwhite space"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_ws_char_replace_last(void ** state) { - - char str[] = "test replace\r\ntab\r\n"; - w_multiline_replace_type_t type = ML_REPLACE_WSPACE; - const char str_expected[] = "test replace\r\ntab "; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_tab_not_found(void ** state) { - - char str[] = "test replace tab"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace tab"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_tab_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_TAB; - multiline_replace(NULL, type); -} - -void test_multiline_replace_w_tab_char_noreplace(void ** state) { - - char str[] = "test replace\r\ntab"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace\r\ntab"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_tab_char_replace_last(void ** state) { - - char str[] = "test replace\r\ntab\r\n"; - w_multiline_replace_type_t type = ML_REPLACE_TAB; - const char str_expected[] = "test replace\r\ntab\t"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_none_not_found(void ** state) { - - char str[] = "test replace none"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace none"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_none_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_NONE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_w_none_char_noreplace(void ** state) { - - char str[] = "test replace\r\nnone"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace\r\nnone"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_none_char_replace_last(void ** state) { - - char str[] = "test replace\r\nnone\r\n"; - w_multiline_replace_type_t type = ML_REPLACE_NONE; - const char str_expected[] = "test replace\r\nnone"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_noreplace_not_found(void ** state) { - - char str[] = "test replace no replace"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace no replace"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_noreplace_char_null_str(void ** state) { - - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - multiline_replace(NULL, type); -} - -void test_multiline_replace_w_noreplace_char_noreplace(void ** state) { - - char str[] = "test replace\r\nno replace"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace\r\nno replace"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} - -void test_multiline_replace_w_noreplace_char_replace_last(void ** state) { - - char str[] = "test replace\r\nno replace\r\n"; - w_multiline_replace_type_t type = ML_REPLACE_NO_REPLACE; - const char str_expected[] = "test replace\r\nno replace\r\n"; - - multiline_replace(str, type); - assert_string_equal(str, str_expected); -} -// Test multiline_ctxt_is_expired -void test_multiline_ctxt_is_expired_not_found(void ** state) { assert_true(multiline_ctxt_is_expired(1, NULL)); } - -void test_multiline_ctxt_is_expired_not_expired(void ** state) { - - w_multiline_ctxt_t ctxt = {.timestamp = 50}; - unsigned int timeout = 75; - - will_return(__wrap_time, (unsigned int) 100); - - assert_false(multiline_ctxt_is_expired(timeout, &ctxt)); -} - -void test_multiline_ctxt_is_expired_expired(void ** state) { - w_multiline_ctxt_t ctxt = {.timestamp = 50}; - unsigned int timeout = 10; - - will_return(__wrap_time, (unsigned int) 100); - - assert_true(multiline_ctxt_is_expired(timeout, &ctxt)); -} - -/* multiline_ctxt_restore */ -void test_multiline_ctxt_restore_restore(void ** state) { - - // orginal content - w_multiline_ctxt_t ctxt = { - .buffer = "Test buffer", - .lines_count = 100, - .timestamp = 0, - }; - // restore - int readed_lines = -1; - char * buffer; - os_calloc(strlen(ctxt.buffer) + 1, sizeof(char), buffer); - - assert_true(multiline_ctxt_restore(buffer, &readed_lines, &ctxt)); - assert_int_equal(readed_lines, ctxt.lines_count); - assert_string_equal(buffer, ctxt.buffer); - - os_free(buffer); -} - -void test_multiline_ctxt_restore_null(void ** state) { - - // restore - int readed_lines = -1; - char * buffer = NULL; - - assert_false(multiline_ctxt_restore(buffer, &readed_lines, NULL)); - assert_int_equal(readed_lines, -1); - assert_null(buffer); -} - -/* multiline_ctxt_free */ -void test_multiline_ctxt_free_null(void ** state) { - - w_multiline_ctxt_t * ctxt = NULL; - multiline_ctxt_free(&ctxt); -} - -void test_multiline_ctxt_free_free(void ** state) { - - w_multiline_ctxt_t * ctxt; - os_calloc(1, sizeof(w_multiline_ctxt_t), ctxt); - os_calloc(1, sizeof(char), ctxt->buffer); - multiline_ctxt_free(&ctxt); - assert_null(ctxt); -} - -/* multiline_ctxt_backup */ -void test_multiline_ctxt_backup_no_restore(void ** state) { - - char buffer[] = "hi!, no new content"; - int readed_lines = 6; - w_multiline_ctxt_t * ctxt; - os_calloc(1, sizeof(w_multiline_ctxt_t), ctxt); - w_strdup(buffer, ctxt->buffer); - ctxt->lines_count = readed_lines; - ctxt->timestamp = (time_t) 5; - - multiline_ctxt_backup(buffer, readed_lines, &ctxt); - - assert_int_equal(ctxt->timestamp, 5); - assert_int_equal(readed_lines, 6); - assert_string_equal(buffer, ctxt->buffer); - - multiline_ctxt_free(&ctxt); -} - -void test_multiline_ctxt_backup_new_ctxt(void ** state) { - - char buffer[] = "hi!, new content"; - int readed_lines = 6; - w_multiline_ctxt_t * ctxt = NULL; - - will_return(__wrap_time, 10); - multiline_ctxt_backup(buffer, readed_lines, &ctxt); - - assert_int_equal(ctxt->timestamp, 10); - assert_int_equal(readed_lines, 6); - assert_string_equal(buffer, ctxt->buffer); - - multiline_ctxt_free(&ctxt); -} - -void test_multiline_ctxt_backup_increment(void ** state) { - - char buffer[] = "old content + New content"; - int readed_lines = 6; - w_multiline_ctxt_t * ctxt; - os_calloc(1, sizeof(w_multiline_ctxt_t), ctxt); - w_strdup("old content + ", ctxt->buffer); - ctxt->lines_count = 5; - ctxt->timestamp = (time_t) 5; - - will_return(__wrap_time, 10); - multiline_ctxt_backup(buffer, readed_lines, &ctxt); - - assert_int_equal(ctxt->timestamp, 10); - assert_int_equal(readed_lines, 6); - assert_string_equal(buffer, ctxt->buffer); - - multiline_ctxt_free(&ctxt); -} - -/* multiline_getlog_start */ -void test_multiline_getlog_start_single_no_context(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - will_return(__wrap_time, 1); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 0); - assert_string_equal(ml_confg.ctxt->buffer, "no match\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 1); - assert_int_equal(ml_confg.ctxt->timestamp, 1); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_start_ctxt_timeout(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - os_strdup("no match\n", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 1; - ml_confg.ctxt->timestamp = 0; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - will_return(__wrap_time, timeout + 1); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match"); -} - -void test_multiline_getlog_start_ctxt_append_ctxt(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - const char * msg = "no match\nno match2\n"; - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_time, timeout - 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match3\n"); - will_return(__wrap_w_expression_match, false); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - will_return(__wrap_time, timeout); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "no match\nno match2\nno match3\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 3); - assert_int_equal(ml_confg.ctxt->timestamp, timeout); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_start_ctxt_match(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - const char * msg = "no match\nno match2\n"; - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_time, timeout - 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "match"); - will_return(__wrap_w_expression_match, true); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match\nno match2"); -} - -void test_multiline_getlog_start_no_ctxt_match(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match2\n"); - will_return(__wrap_w_expression_match, false); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "match"); - will_return(__wrap_w_expression_match, true); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_string_equal(buffer, "no match\nno match2"); - assert_null(ml_confg.ctxt); -} - -void test_multiline_getlog_start_no_ctxt_overflow(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "01234567890123456789------"); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "0123456789012345678"); -} - -void test_multiline_getlog_start_ctxt_overflow(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "0123456789------"); - - will_return(__wrap_w_expression_match, false); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "123456789\n012345678"); -} - -void test_multiline_getlog_start_no_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_can_read, 0); - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_null(ml_confg.ctxt); -} - -void test_multiline_getlog_start_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_START; - ml_confg.ctxt->lines_count = 1; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 0); - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "123456789\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 1); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_start_match_multi_replace(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NONE; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match-\n"); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, ">no match2\n"); - - will_return(__wrap_w_expression_match, false); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "next header"); - will_return(__wrap_w_expression_match, true); - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - retval = multiline_getlog_start(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match->no match2"); -} - -/* multiline_getlog_end_single */ -void test_multiline_getlog_end_single_match_no_context(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "end match"); -} - -void test_multiline_getlog_end_ctxt_timeout(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - os_strdup("no match\n", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 1; - ml_confg.ctxt->timestamp = 0; - - will_return(__wrap_time, timeout + 1); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match"); -} - -void test_multiline_getlog_end_ctxt_append_ctxt(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - const char * msg = "no match\nno match2\n"; - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - - will_return(__wrap_time, timeout - 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match3\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - will_return(__wrap_time, timeout); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "no match\nno match2\nno match3\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 3); - assert_int_equal(ml_confg.ctxt->timestamp, timeout); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_end_multi_match_no_context(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup("initial\n ctx\n", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_time, timeout - 1); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 4); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "initial\n ctx\nno match\nend match"); -} - -void test_multiline_getlog_end_multi_match_context(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match\nend match"); -} - -void test_multiline_getlog_end_no_ctxt_overflow(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "01234567890123456789------"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "0123456789012345678"); -} - -void test_multiline_getlog_end_ctxt_overflow(void ** state) { - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "0123456789------"); - - will_return(__wrap_w_expression_match, false); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "123456789\n012345678"); -} - -void test_multiline_getlog_end_no_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_can_read, 0); - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_null(ml_confg.ctxt); -} - -void test_multiline_getlog_end_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - ml_confg.ctxt->lines_count = 1; - - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 0); - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "123456789\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 1); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_end_match_multi_replace(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup("initial ctx", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NONE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_time, timeout - 1); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_end(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 4); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "initial ctxno matchend match"); -} - -// Test multiline_getlog_all -void test_multiline_getlog_all_single_match_no_context(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "all match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "all match"); -} - -void test_multiline_getlog_all_ctxt_timeout(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - os_strdup("no match\n", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 1; - ml_confg.ctxt->timestamp = 0; - - will_return(__wrap_time, timeout + 1); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match"); -} - -void test_multiline_getlog_all_ctxt_append_ctxt(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500 + 1] = {0}; - const char * msg = "no match\nno match2\n"; - w_multiline_config_t ml_confg = {0}; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - - will_return(__wrap_time, timeout - 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match3\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - will_return(__wrap_time, timeout); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "no match\nno match2\nno match3\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 3); - assert_int_equal(ml_confg.ctxt->timestamp, timeout); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_all_multi_match_no_context(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup("initial\n ctx\n", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_time, timeout - 1); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 4); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "initial\n ctx\nno match\nend match"); -} - -void test_multiline_getlog_all_multi_match_context(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match\nend match"); -} - -void test_multiline_getlog_all_no_ctxt_overflow(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "01234567890123456789------"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "0123456789012345678"); -} - -void test_multiline_getlog_all_ctxt_overflow(void ** state) { - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "0123456789------"); - - will_return(__wrap_w_expression_match, false); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '-'); - will_return(__wrap_fgetc, '\0'); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "123456789\n012345678"); -} - -void test_multiline_getlog_all_no_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_can_read, 0); - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_null(ml_confg.ctxt); -} - -void test_multiline_getlog_all_ctxt_cant_read(void ** state) { - - int retval; - const size_t buffer_size = 20; - const time_t timeout = (time_t) 100; - char buffer[20]; - w_multiline_config_t ml_confg = {0}; - - const char * msg = "123456789\n"; - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - ml_confg.ctxt->lines_count = 1; - - will_return(__wrap_time, 0); - - will_return(__wrap_can_read, 0); - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - assert_int_equal(retval, 0); - assert_non_null(ml_confg.ctxt); - assert_string_equal(ml_confg.ctxt->buffer, "123456789\n"); - assert_int_equal(ml_confg.ctxt->lines_count, 1); - multiline_ctxt_free(&ml_confg.ctxt); -} - -void test_multiline_getlog_all_match_multi_replace(void ** state) { - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup("initial ctx", ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NONE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_time, timeout - 1); - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "no match\n"); - will_return(__wrap_w_expression_match, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog_all(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 4); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "initial ctxno matchend match"); -} - -/* multiline_getlog */ -void test_multiline_getlog_unknown(void ** state) { - - char buffer[] = "1234567890"; - int length = 100; - int retval; - w_multiline_config_t ml_cfg = {0}; - ml_cfg.match_type = ML_MATCH_MAX; - - retval = multiline_getlog(buffer, length, 0, &ml_cfg); - - assert_int_equal(retval, 0); - assert_int_equal(strlen(buffer), 0); -} - -void test_multiline_getlog_start(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500] = {0}; - const char * msg = "no match\nno match2\n"; - w_multiline_config_t ml_confg = {0}; - - os_calloc(1, sizeof(w_multiline_config_t), ml_confg.ctxt); - os_strdup(msg, ml_confg.ctxt->buffer); - ml_confg.ctxt->lines_count = 2; - ml_confg.ctxt->timestamp = 0; - ml_confg.timeout = timeout; - ml_confg.match_type = ML_MATCH_START; - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, 0); - will_return(__wrap_time, timeout - 1); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "match"); - will_return(__wrap_w_expression_match, true); - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 0); - will_return(__wrap_w_fseek, 0); - - retval = multiline_getlog(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 2); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "no match\nno match2"); -} - -void test_multiline_getlog_end(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "end match"); -} - -void test_multiline_getlog_all(void ** state) { - - int retval; - const size_t buffer_size = 500; - const time_t timeout = (time_t) 100; - char buffer[500]; - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = timeout; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_ALL; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - - retval = multiline_getlog(buffer, buffer_size, 0, &ml_confg); - - assert_int_equal(retval, 1); - assert_null(ml_confg.ctxt); - assert_string_equal(buffer, "end match"); -} - -/* read_multiline_regex */ -void test_read_multiline_regex_log_process(void ** state) { - - logreader lf = {0}; - int rc = 0; - int drop_it = 0; - - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = 500; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - lf.multiline = &ml_confg; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 5); - will_return(__wrap_w_get_hash_context, true); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - will_return(__wrap_w_msg_hash_queues_push, 0); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 10); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 5); - will_return(__wrap_w_fseek, 0); - - will_return(__wrap_fread, "test0"); - will_return(__wrap_fread, 5); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_function_call(__wrap_OS_SHA1_Stream); - will_return(__wrap_w_update_file_status, true); - will_return(__wrap_w_update_file_status, 0); - - void * retval = read_multiline_regex(&lf, &rc, drop_it); - assert_ptr_equal(retval, NULL); - assert_null(ml_confg.ctxt); -} - -void test_read_multiline_regex_no_aviable_log(void ** state) { - logreader lf = {0}; - int rc = 0; - int drop_it = 0; - - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = 500; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - lf.multiline = &ml_confg; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 5); - will_return(__wrap_w_get_hash_context, true); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - will_return(__wrap_w_update_file_status, true); - will_return(__wrap_w_update_file_status, 0); - - void * retval = read_multiline_regex(&lf, &rc, drop_it); - assert_ptr_equal(retval, NULL); - assert_null(ml_confg.ctxt); -} - -void test_read_multiline_regex_cant_read(void ** state) { - logreader lf = {0}; - int rc = 0; - int drop_it = 0; - - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = 500; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - lf.multiline = &ml_confg; - - will_return(__wrap_can_read, 0); - void * retval = read_multiline_regex(&lf, &rc, drop_it); - assert_ptr_equal(retval, NULL); - assert_null(ml_confg.ctxt); -} - -void test_read_multiline_regex_invalid_context(void ** state) { - - logreader lf = {0}; - int rc = 0; - int drop_it = 0; - - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = 500; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - lf.multiline = &ml_confg; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 5); - will_return(__wrap_w_get_hash_context, false); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "end match\n"); - will_return(__wrap_w_expression_match, true); - will_return(__wrap_w_msg_hash_queues_push, 0); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 10); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 5); - will_return(__wrap_w_fseek, 0); - - will_return(__wrap_fread, "test0"); - will_return(__wrap_fread, 5); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - void * retval = read_multiline_regex(&lf, &rc, drop_it); - assert_ptr_equal(retval, NULL); - assert_null(ml_confg.ctxt); -} - -void test_read_multiline_regex_log_ignored(void ** state) { - - logreader lf = {0}; - int rc = 0; - int drop_it = 0; - char log_str[PATH_MAX + 1] = {0}; - w_expression_t * expression_ignore; - - lf.regex_ignore = OSList_Create(); - OSList_SetFreeDataPointer(lf.regex_ignore, (void (*)(void *))w_free_expression); - - w_calloc_expression_t(&expression_ignore, EXP_TYPE_PCRE2); - w_expression_compile(expression_ignore, "ignore.*", 0); - OSList_InsertData(lf.regex_ignore, NULL, expression_ignore); - - w_multiline_config_t ml_confg = {0}; - - ml_confg.timeout = 500; - ml_confg.replace_type = ML_REPLACE_NO_REPLACE; - ml_confg.match_type = ML_MATCH_END; - - lf.multiline = &ml_confg; - - will_return(__wrap_can_read, 1); - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 5); - will_return(__wrap_w_get_hash_context, true); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, "ignore this log\n"); - will_return(__wrap_w_expression_match, true); - - will_return(__wrap_w_expression_match, true); - - snprintf(log_str, PATH_MAX, LF_MATCH_REGEX, "ignore this log", "ignore", "ignore.*"); - expect_string(__wrap__mdebug2, formatted_msg, log_str); - - expect_any(__wrap_w_ftell, x); - will_return(__wrap_w_ftell, (int64_t) 10); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 5); - will_return(__wrap_w_fseek, 0); - - will_return(__wrap_fread, "test0"); - will_return(__wrap_fread, 5); - - will_return(__wrap_can_read, 1); - expect_any(__wrap_fgets, __stream); - will_return(__wrap_fgets, NULL); - - expect_function_call(__wrap_OS_SHA1_Stream); - will_return(__wrap_w_update_file_status, true); - will_return(__wrap_w_update_file_status, 0); - - void * retval = read_multiline_regex(&lf, &rc, drop_it); - - assert_ptr_equal(retval, NULL); - assert_null(ml_confg.ctxt); - - if (lf.regex_ignore) { - OSList_Destroy(lf.regex_ignore); - lf.regex_ignore = NULL; - } -} - -// Test get_file_chunk -void test_get_file_chunk_fseek_fail(void ** state) { - - char * retval; - int64_t initial_pos = 10; - int64_t final_pos = 5; - - retval = get_file_chunk(NULL, initial_pos, final_pos); - assert_null(retval); -} - -void test_get_file_chunk_size_reduce(void ** state) { - - char * retval; - int64_t initial_pos = 5; - int64_t final_pos = 10; - - will_return(__wrap_fread, "test"); - will_return(__wrap_fread, 4); - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 5); - will_return(__wrap_w_fseek, 0); - - retval = get_file_chunk(NULL, initial_pos, final_pos); - assert_null(retval); -} - -void test_get_file_chunk_ok(void ** state) { - - char * retval; - int64_t initial_pos = 5; - int64_t final_pos = 10; - - expect_any(__wrap_w_fseek, x); - expect_value(__wrap_w_fseek, pos, 5); - will_return(__wrap_w_fseek, 0); - will_return(__wrap_fread, "test"); - will_return(__wrap_fread, 5); - - retval = get_file_chunk(NULL, initial_pos, final_pos); - assert_string_equal("test", retval); - os_free(retval); -} - -int main(void) { - const struct CMUnitTest tests[] = { - // Test replace_char - cmocka_unit_test(test_multiline_replace_ws_not_found), - cmocka_unit_test(test_multiline_replace_ws_char_null_str), - cmocka_unit_test(test_multiline_replace_ws_char_empty_str), - cmocka_unit_test(test_multiline_replace_ws_char_noreplace), - cmocka_unit_test(test_multiline_replace_ws_char_replace_last), - cmocka_unit_test(test_multiline_replace_tab_not_found), - cmocka_unit_test(test_multiline_replace_tab_char_null_str), - cmocka_unit_test(test_multiline_replace_tab_char_empty_str), - cmocka_unit_test(test_multiline_replace_tab_char_noreplace), - cmocka_unit_test(test_multiline_replace_tab_char_replace_last), - cmocka_unit_test(test_multiline_replace_none_not_found), - cmocka_unit_test(test_multiline_replace_none_char_null_str), - cmocka_unit_test(test_multiline_replace_none_char_empty_str), - cmocka_unit_test(test_multiline_replace_none_char_noreplace), - cmocka_unit_test(test_multiline_replace_none_char_replace_last), - cmocka_unit_test(test_multiline_replace_noreplace_not_found), - cmocka_unit_test(test_multiline_replace_noreplace_char_null_str), - cmocka_unit_test(test_multiline_replace_noreplace_char_replace), - cmocka_unit_test(test_multiline_replace_noreplace_char_replace_last), - cmocka_unit_test(test_multiline_replace_w_ws_not_found), - cmocka_unit_test(test_multiline_replace_w_ws_char_null_str), - cmocka_unit_test(test_multiline_replace_w_ws_char_noreplace), - cmocka_unit_test(test_multiline_replace_w_ws_char_replace_last), - cmocka_unit_test(test_multiline_replace_w_tab_not_found), - cmocka_unit_test(test_multiline_replace_w_tab_char_null_str), - cmocka_unit_test(test_multiline_replace_w_tab_char_noreplace), - cmocka_unit_test(test_multiline_replace_w_tab_char_replace_last), - cmocka_unit_test(test_multiline_replace_w_none_not_found), - cmocka_unit_test(test_multiline_replace_w_none_char_null_str), - cmocka_unit_test(test_multiline_replace_w_none_char_noreplace), - cmocka_unit_test(test_multiline_replace_w_none_char_replace_last), - cmocka_unit_test(test_multiline_replace_w_noreplace_not_found), - cmocka_unit_test(test_multiline_replace_w_noreplace_char_null_str), - cmocka_unit_test(test_multiline_replace_w_noreplace_char_noreplace), - cmocka_unit_test(test_multiline_replace_w_noreplace_char_replace_last), - // Test multiline_ctxt_is_expired - cmocka_unit_test(test_multiline_ctxt_is_expired_not_found), - cmocka_unit_test(test_multiline_ctxt_is_expired_not_expired), - cmocka_unit_test(test_multiline_ctxt_is_expired_expired), - // Test multiline_ctxt_restore - cmocka_unit_test(test_multiline_ctxt_restore_null), - cmocka_unit_test(test_multiline_ctxt_restore_restore), - // Test multiline_ctxt_free - cmocka_unit_test(test_multiline_ctxt_free_null), - cmocka_unit_test(test_multiline_ctxt_free_free), - // Test multiline_ctxt_backup - cmocka_unit_test(test_multiline_ctxt_backup_no_restore), - cmocka_unit_test(test_multiline_ctxt_backup_new_ctxt), - cmocka_unit_test(test_multiline_ctxt_backup_increment), - // Test multiline_getlog_start - cmocka_unit_test(test_multiline_getlog_start_single_no_context), - cmocka_unit_test(test_multiline_getlog_start_ctxt_timeout), - cmocka_unit_test(test_multiline_getlog_start_ctxt_append_ctxt), - cmocka_unit_test(test_multiline_getlog_start_ctxt_match), - cmocka_unit_test(test_multiline_getlog_start_no_ctxt_match), - cmocka_unit_test(test_multiline_getlog_start_no_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_start_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_start_no_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_start_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_start_match_multi_replace), - // Test multiline_getlog_end - cmocka_unit_test(test_multiline_getlog_end_single_match_no_context), - cmocka_unit_test(test_multiline_getlog_end_ctxt_timeout), - cmocka_unit_test(test_multiline_getlog_end_ctxt_append_ctxt), - cmocka_unit_test(test_multiline_getlog_end_multi_match_no_context), - cmocka_unit_test(test_multiline_getlog_end_multi_match_context), - cmocka_unit_test(test_multiline_getlog_end_no_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_end_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_end_no_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_end_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_end_match_multi_replace), - // Test multiline_getlog_all - cmocka_unit_test(test_multiline_getlog_all_single_match_no_context), - cmocka_unit_test(test_multiline_getlog_all_ctxt_timeout), - cmocka_unit_test(test_multiline_getlog_all_ctxt_append_ctxt), - cmocka_unit_test(test_multiline_getlog_all_multi_match_no_context), - cmocka_unit_test(test_multiline_getlog_all_multi_match_context), - cmocka_unit_test(test_multiline_getlog_all_no_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_all_ctxt_overflow), - cmocka_unit_test(test_multiline_getlog_all_no_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_all_ctxt_cant_read), - cmocka_unit_test(test_multiline_getlog_all_match_multi_replace), - // Tests multiline_getlog - cmocka_unit_test(test_multiline_getlog_unknown), - cmocka_unit_test(test_multiline_getlog_start), - cmocka_unit_test(test_multiline_getlog_end), - cmocka_unit_test(test_multiline_getlog_all), - // Tests read_multiline_regex - cmocka_unit_test(test_read_multiline_regex_no_aviable_log), - cmocka_unit_test(test_read_multiline_regex_log_process), - cmocka_unit_test(test_read_multiline_regex_cant_read), - cmocka_unit_test(test_read_multiline_regex_invalid_context), - cmocka_unit_test(test_read_multiline_regex_log_ignored), - // Test get_file_chunk - cmocka_unit_test(test_get_file_chunk_fseek_fail), - cmocka_unit_test(test_get_file_chunk_size_reduce), - cmocka_unit_test(test_get_file_chunk_ok), - }; - - return cmocka_run_group_tests(tests, group_setup, group_teardown); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_read_win_event_channel.c b/src/modules/logcollector/tests/unit/tests/test_read_win_event_channel.c deleted file mode 100644 index 30dcba1fbd..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_read_win_event_channel.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ -#include "shared.h" - -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -typedef struct test_struct { - EVT_HANDLE evt; - LPCWSTR provider_name; - const char *message; -} test_struct_t; - -char *get_message(EVT_HANDLE evt, LPCWSTR provider_name, DWORD flags); - -/* Setup & Teardown */ - -static int test_setup(void ** state) { - test_struct_t *init_data = NULL; - - os_calloc(1, sizeof(test_struct_t), init_data); - init_data->evt = NULL; - init_data->provider_name = L"provider_name"; - init_data->message = "Test_Message"; - *state = init_data; - - test_mode = 1; - return 0; -} - -static int test_teardown(void ** state) { - test_struct_t *data = (test_struct_t*)*state; - - os_free(data); - - test_mode = 0; - return 0; -} - -/* Wraps */ - -/* Tests */ - -void test_get_message_get_publisher_fail(void ** state) { - test_struct_t *data = (test_struct_t *)*state; - - expect_value(wrap_EvtOpenPublisherMetadata, Session, NULL); - expect_string(wrap_EvtOpenPublisherMetadata, PublisherId, data->provider_name); - expect_value(wrap_EvtOpenPublisherMetadata, LogFilePath, NULL); - expect_value(wrap_EvtOpenPublisherMetadata, Locale, 0); - expect_value(wrap_EvtOpenPublisherMetadata, Flags, 0); - will_return(wrap_EvtOpenPublisherMetadata, NULL); - - will_return(wrap_GetLastError, ERROR_FILE_NOT_FOUND); - will_return(wrap_FormatMessage, "File not found."); - expect_string(__wrap__mdebug1, formatted_msg, "Could not EvtOpenPublisherMetadata() with flags (1) which returned (2): File not found."); - - assert_null(get_message(data->evt, data->provider_name, EvtFormatMessageEvent)); -} - -void test_get_message_get_size_fail(void ** state) { - test_struct_t *data = (test_struct_t *)*state; - - expect_value(wrap_EvtOpenPublisherMetadata, Session, NULL); - expect_string(wrap_EvtOpenPublisherMetadata, PublisherId, data->provider_name); - expect_value(wrap_EvtOpenPublisherMetadata, LogFilePath, NULL); - expect_value(wrap_EvtOpenPublisherMetadata, Locale, 0); - expect_value(wrap_EvtOpenPublisherMetadata, Flags, 0); - will_return(wrap_EvtOpenPublisherMetadata, 1); - - will_return(wrap_EvtFormatMessage, strlen(data->message)); - will_return(wrap_EvtFormatMessage, TRUE); - will_return(wrap_GetLastError, ERROR_INSUFFICIENT_BUFFER); - expect_string(__wrap__merror, formatted_msg, "Could not EvtFormatMessage() to determine buffer size with flags (1) which returned (122)"); - - will_return(wrap_EvtClose, TRUE); - - assert_null(get_message(data->evt, data->provider_name, EvtFormatMessageEvent)); - -} - -void test_get_message_format_fail(void ** state) { - test_struct_t *data = (test_struct_t *)*state; - - expect_value(wrap_EvtOpenPublisherMetadata, Session, NULL); - expect_string(wrap_EvtOpenPublisherMetadata, PublisherId, data->provider_name); - expect_value(wrap_EvtOpenPublisherMetadata, LogFilePath, NULL); - expect_value(wrap_EvtOpenPublisherMetadata, Locale, 0); - expect_value(wrap_EvtOpenPublisherMetadata, Flags, 0); - will_return(wrap_EvtOpenPublisherMetadata, 1); - - will_return(wrap_EvtFormatMessage, strlen(data->message)); - will_return(wrap_EvtFormatMessage, FALSE); - will_return(wrap_GetLastError, ERROR_INSUFFICIENT_BUFFER); - - will_return(wrap_EvtFormatMessage, data->message); - will_return(wrap_EvtFormatMessage, FALSE); - will_return(wrap_GetLastError, ERROR_INSUFFICIENT_BUFFER); - expect_string(__wrap__merror, formatted_msg, "Could not EvtFormatMessage() with flags (1) which returned (122)"); - - will_return(wrap_EvtClose, TRUE); - - assert_null(get_message(data->evt, data->provider_name, EvtFormatMessageEvent)); -} - -void test_get_message_convert_string_fail(void ** state) { - test_struct_t *data = (test_struct_t *)*state; - - expect_value(wrap_EvtOpenPublisherMetadata, Session, NULL); - expect_string(wrap_EvtOpenPublisherMetadata, PublisherId, data->provider_name); - expect_value(wrap_EvtOpenPublisherMetadata, LogFilePath, NULL); - expect_value(wrap_EvtOpenPublisherMetadata, Locale, 0); - expect_value(wrap_EvtOpenPublisherMetadata, Flags, 0); - will_return(wrap_EvtOpenPublisherMetadata, 1); - - will_return(wrap_EvtFormatMessage, strlen(data->message)); - will_return(wrap_EvtFormatMessage, FALSE); - will_return(wrap_GetLastError, ERROR_INSUFFICIENT_BUFFER); - - will_return(wrap_EvtFormatMessage, data->message); - will_return(wrap_EvtFormatMessage, TRUE); - - expect_string(__wrap_convert_windows_string, string, "Test_Message"); - will_return(__wrap_convert_windows_string, NULL); - - will_return(wrap_EvtClose, TRUE); - - assert_null(get_message(data->evt, data->provider_name, EvtFormatMessageEvent)); -} - -void test_get_message_success(void ** state) { - test_struct_t *data = (test_struct_t *)*state; - - expect_value(wrap_EvtOpenPublisherMetadata, Session, NULL); - expect_string(wrap_EvtOpenPublisherMetadata, PublisherId, data->provider_name); - expect_value(wrap_EvtOpenPublisherMetadata, LogFilePath, NULL); - expect_value(wrap_EvtOpenPublisherMetadata, Locale, 0); - expect_value(wrap_EvtOpenPublisherMetadata, Flags, 0); - will_return(wrap_EvtOpenPublisherMetadata, 1); - - will_return(wrap_EvtFormatMessage, strlen(data->message)); - will_return(wrap_EvtFormatMessage, FALSE); - will_return(wrap_GetLastError, ERROR_INSUFFICIENT_BUFFER); - - will_return(wrap_EvtFormatMessage, data->message); - will_return(wrap_EvtFormatMessage, TRUE); - - expect_string(__wrap_convert_windows_string, string, "Test_Message"); - will_return(__wrap_convert_windows_string, "Test_Message"); - - will_return(wrap_EvtClose, TRUE); - - assert_non_null(get_message(data->evt, data->provider_name, EvtFormatMessageEvent)); -} - -int main(void) { - const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(test_get_message_get_publisher_fail, test_setup, test_teardown), - cmocka_unit_test_setup_teardown(test_get_message_get_size_fail, test_setup, test_teardown), - cmocka_unit_test_setup_teardown(test_get_message_format_fail, test_setup, test_teardown), - cmocka_unit_test_setup_teardown(test_get_message_convert_string_fail, test_setup, test_teardown), - cmocka_unit_test_setup_teardown(test_get_message_success, test_setup, test_teardown) - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/src/modules/logcollector/tests/unit/tests/test_state.c b/src/modules/logcollector/tests/unit/tests/test_state.c deleted file mode 100644 index e735467778..0000000000 --- a/src/modules/logcollector/tests/unit/tests/test_state.c +++ /dev/null @@ -1,1233 +0,0 @@ -/* - * Copyright (C) 2015, Wazuh Inc. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include -#include -#include -#include -#include -#include - -#include "../../headers/shared.h" -#include "../../logcollector/state.h" - -#include "../wrappers/common.h" -#include "../wrappers/wazuh/shared/hash_op_wrappers.h" -#include "../wrappers/wazuh/shared/validate_op_wrappers.h" -#include "../wrappers/libc/stdio_wrappers.h" -#include "../wrappers/posix/unistd_wrappers.h" -#include "../wrappers/externals/cJSON/cJSON_wrappers.h" -#include "../wrappers/posix/pthread_wrappers.h" - -void w_logcollector_state_init(w_lc_state_type_t state_type, bool state_file_enabled); -cJSON * w_logcollector_state_get(); -cJSON * _w_logcollector_generate_state(w_lc_state_storage_t * state, bool restart); -void _w_logcollector_state_update_file(w_lc_state_storage_t * state, char * fpath, uint64_t bytes); -void w_logcollector_state_update_file(char * fpath, uint64_t bytes); -void _w_logcollector_state_update_target(w_lc_state_storage_t * state, char * fpath, char * target, bool dropped); -void w_logcollector_state_update_target(char * fpath, char * target, bool dropped); -void w_logcollector_state_generate(); -void w_logcollector_state_dump(); -void * w_logcollector_state_main(__attribute__((unused)) void * args); -void _w_logcollector_state_delete_file(w_lc_state_storage_t * state, char * fpath); -void w_logcollector_state_delete_file(char * fpath); - -extern cJSON * g_lc_json_stats; -extern w_lc_state_storage_t * g_lc_states_global; -extern w_lc_state_storage_t * g_lc_states_interval; -extern w_lc_state_type_t g_lc_state_type; - -void free_state_file(w_lc_state_file_t * data) { - if (data == NULL) { - return; - } - - if (data->targets != NULL) { - w_lc_state_target_t ** target = data->targets; - while (target && *target != NULL) { - os_free((*target)->name); - os_free(*target); - target++; - } - os_free(data->targets); - } - os_free(data); -} - -/* setup/teardown */ -static int setup_local_hashmap(void **state) { - if (mock_hashmap == NULL) { - will_return(__wrap_time, (time_t) 50); - if (setup_hashmap(state) != 0) { - return 1; - } - } - - OSHash *hash; - - will_return(__wrap_time, (time_t) 50); - - - hash = __real_OSHash_Create(); - - if (hash == NULL) { - return -1; - } - - *state = hash; - - return 0; -} - - -static int setup_hashmap_state_file(void **state) { - if (setup_local_hashmap(state) != 0) { - return 1; - } - __real_OSHash_SetFreeDataPointer(mock_hashmap, (void (*)(void *))free_state_file); - - return 0; -} - -static int teardown_local_hashmap(void **state) { - if (teardown_hashmap(state) != 0) { - return 1; - } - OSHash *hash = *state; - - if (hash == NULL) { - return 0; - } - - OSHash_Free(hash); - return 0; -} - -static int setup_global_variables(void ** state) { - os_calloc(1, sizeof(w_lc_state_storage_t), g_lc_states_global); - os_calloc(1, sizeof(w_lc_state_storage_t), g_lc_states_interval); - - if (setup_local_hashmap((void **)&(g_lc_states_global->states))) { - return -1; - } - - if (setup_local_hashmap((void **)&(g_lc_states_interval->states))) { - return -1; - } - - return 0; -} - -static int teardown_global_variables(void ** state) { - if (g_lc_states_global != NULL) { - if (teardown_local_hashmap((void **)&(g_lc_states_global->states))) { - return -1; - } - } - - if (g_lc_states_interval != NULL) { - if (teardown_local_hashmap((void **)&(g_lc_states_interval->states))) { - return -1; - } - } - - os_free(g_lc_states_global); - os_free(g_lc_states_interval); - - return 0; -} - -static int setup_group(void ** state) { - test_mode = 1; - return 0; -} - -static int teardown_group(void ** state) { - test_mode = 0; - return 0; -} - -static int setup_global(void ** state) { - char **array = calloc(10, sizeof(char*)); - - if(array == NULL) - return -1; - - *state = array; - - return 0; -} - -static int teardown_global(void ** state) { - - return 0; -} - -/* wraps */ -size_t __wrap_strftime(char *s, size_t max, const char *format, - const struct tm *tm) { - strncpy(s, mock_type(char *), max); - return mock(); -} - -/* tests */ - -/* w_logcollector_state_init */ -void test_w_logcollector_state_init_fail_hash_create_global(void ** state) { - will_return(__wrap_time, (time_t) 50); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, NULL); - - expect_string(__wrap__merror_exit, formatted_msg, "(1296): Unable to create a 'logcollector_state' hash table"); - expect_assert_failure(w_logcollector_state_init(LC_STATE_GLOBAL|LC_STATE_INTERVAL, true)); -} - -void test_w_logcollector_state_init_fail_hash_create_interval(void ** state) { - os_free(g_lc_states_global); - os_free(g_lc_states_interval); - OSHash *mock_local_hash = *state; - will_return(__wrap_time, (time_t) 50); - - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, mock_local_hash); - - will_return(__wrap_OSHash_setSize, 1); - will_return(__wrap_time, 51); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, NULL); - - expect_string(__wrap__merror_exit, formatted_msg, "(1296): Unable to create a 'logcollector_state' hash table"); - expect_assert_failure(w_logcollector_state_init(LC_STATE_GLOBAL|LC_STATE_INTERVAL, true)); -} - -void test_w_logcollector_state_init_fail_hash_setsize_global(void ** state) { - os_free(g_lc_states_global); - os_free(g_lc_states_interval); - - OSHash *mock_local_hash = *state; - - will_return(__wrap_time, (time_t) 50); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, mock_local_hash); - will_return(__wrap_OSHash_setSize, 0); - - expect_string(__wrap__merror_exit, formatted_msg, "(1297): Unable to set size of 'logcollector_state' hash table"); - - expect_assert_failure(w_logcollector_state_init(LC_STATE_GLOBAL|LC_STATE_INTERVAL, true)); -} - -void test_w_logcollector_state_init_fail_hash_setsize_interval(void ** state) { - os_free(g_lc_states_global); - os_free(g_lc_states_interval); - will_return_always(__wrap_time, (time_t) 50); - - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, __real_OSHash_Create()); - will_return(__wrap_OSHash_setSize, 1); - - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, __real_OSHash_Create()); - will_return(__wrap_OSHash_setSize, 0); - - expect_string(__wrap__merror_exit, formatted_msg, "(1297): Unable to set size of 'logcollector_state' hash table"); - - expect_assert_failure(w_logcollector_state_init(LC_STATE_GLOBAL|LC_STATE_INTERVAL, true)); -} - -void test_w_logcollector_state_init_ok(void ** state) { - g_lc_state_type = 0; - will_return(__wrap_time, (time_t) 50); - will_return(__wrap_time, (time_t) 51); - - OSHash *global_state = __real_OSHash_Create(); - OSHash *states_interval = __real_OSHash_Create(); - - will_return(__wrap_time, (time_t) 50); - will_return(__wrap_time, (time_t) 51); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, global_state); - - expect_function_call(__wrap_OSHash_Create); - will_return(__wrap_OSHash_Create, states_interval); - - will_return(__wrap_OSHash_setSize, 1); - will_return(__wrap_OSHash_setSize, 1); - - w_logcollector_state_init(LC_STATE_GLOBAL | LC_STATE_INTERVAL, true); - - assert_non_null(g_lc_states_global); - assert_non_null(g_lc_states_interval); - - assert_ptr_equal(g_lc_states_global->states, global_state); - assert_ptr_equal(g_lc_states_interval->states, states_interval); - - assert_int_equal(g_lc_state_type, LC_STATE_GLOBAL | LC_STATE_INTERVAL); -} - - -void test_w_logcollector_state_get_null(void ** state) { - g_lc_state_type = LC_STATE_INTERVAL; - g_lc_json_stats = NULL; - expect_function_call(__wrap_pthread_mutex_lock); - expect_function_call(__wrap_pthread_mutex_unlock); - assert_null(w_logcollector_state_get()); -} - -void test_w_logcollector_state_get_non_null(void ** state) { - - cJSON * expect_retval = (cJSON *) 3; - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - g_lc_json_stats = (cJSON *) 5; - - expect_function_call(__wrap_pthread_mutex_lock); - will_return(__wrap_cJSON_Duplicate, expect_retval); - expect_function_call(__wrap_pthread_mutex_unlock); - - cJSON * retval = w_logcollector_state_get(); - - assert_ptr_not_equal(g_lc_json_stats, retval); - assert_ptr_equal(expect_retval, retval); -} - -/* Test _w_logcollector_generate_state */ -void test__w_logcollector_generate_state_fail_get_node(void ** state) { - - w_lc_state_storage_t stats = {.states = (OSHash *) 2}; - cJSON * retval; - expect_value(__wrap_OSHash_Begin, self, stats.states); - will_return(__wrap_OSHash_Begin, NULL); - - retval = _w_logcollector_generate_state(&stats, 0); - assert_null(retval); -} - -void test__w_logcollector_generate_state_one_target(void ** state) { - cJSON * retval; - w_lc_state_storage_t stats = {.states = (OSHash *) 2 , }; - w_lc_state_target_t target = {.drops = 10, .name = "sock1"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node = {.data = &data, .key = "key_test"}; - - expect_value(__wrap_OSHash_Begin, self, stats.states); - will_return(__wrap_OSHash_Begin, &hash_node); - - will_return_always(__wrap_cJSON_AddNumberToObject, 1); - will_return_always(__wrap_cJSON_AddStringToObject, 1); - will_return_always(__wrap_cJSON_AddItemToArray, true); - will_return_always(__wrap_cJSON_AddItemToObject, true); - - will_return_always(__wrap_cJSON_CreateObject, (cJSON *) 10); - will_return_always(__wrap_cJSON_CreateArray, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, stats.states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - retval = _w_logcollector_generate_state(&stats, false); - assert_ptr_equal(retval, (cJSON *) 10); - assert_int_equal(data.bytes, 100); - assert_int_equal(data.events, 5); -} - -void test__w_logcollector_generate_state_one_target_restart(void ** state) { - - cJSON * retval; - w_lc_state_storage_t stats = {.states = (OSHash *) 2, .start = (time_t) 2020}; - w_lc_state_target_t target = {.drops = 10, .name = "sock1"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node = {.data = &data, .key = "key_test"}; - - expect_value(__wrap_OSHash_Begin, self, stats.states); - will_return(__wrap_OSHash_Begin, &hash_node); - - will_return_always(__wrap_cJSON_AddNumberToObject, 1); - will_return_always(__wrap_cJSON_AddStringToObject, 1); - will_return_always(__wrap_cJSON_AddItemToArray, true); - will_return_always(__wrap_cJSON_AddItemToObject, true); - - will_return_always(__wrap_cJSON_CreateObject, (cJSON *) 10); - will_return_always(__wrap_cJSON_CreateArray, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, stats.states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20);; - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_time, (time_t) 2525); - - retval = _w_logcollector_generate_state(&stats, true); - - assert_ptr_equal(retval, (cJSON *) 10); - assert_int_equal(data.bytes, 0); - assert_int_equal(data.events, 0); - assert_int_equal(stats.start, 2525); -} - -/* Test _w_logcollector_state_update_file */ -void test__w_logcollector_state_update_file_new_data(void ** state) { - w_lc_state_storage_t stat = {0}; - stat.states = *state; - __real_OSHash_SetFreeDataPointer(mock_hashmap, (void (*)(void *))free_state_file); - - expect_value(__wrap_OSHash_Get, self, stat.states); - expect_string(__wrap_OSHash_Get, key, "/test_path"); - will_return(__wrap_OSHash_Get, NULL); - - will_return(__wrap_OSHash_Update, 0); - - expect_value(__wrap_OSHash_Add, key, "/test_path"); - will_return(__wrap_OSHash_Add, 2); - - _w_logcollector_state_update_file(&stat, "/test_path", 100); -} - -void test__w_logcollector_state_update_file_update(void ** state) { - w_lc_state_storage_t stat = { .states = *state }; - w_lc_state_file_t *data = calloc(1, sizeof(w_lc_state_file_t)); - - expect_value(__wrap_OSHash_Get, self, stat.states); - expect_string(__wrap_OSHash_Get, key, "/test_path"); - will_return(__wrap_OSHash_Get, data); - - will_return(__wrap_OSHash_Update, 1); - - _w_logcollector_state_update_file(&stat, "/test_path", 100); - - assert_int_equal(data->bytes, 100); - assert_int_equal(data->events, 1); - free(data); -} - -/* w_logcollector_state_update_file */ -void test__w_logcollector_state_update_file_fail_update(void ** state) { - w_lc_state_storage_t stat = { .states = *state }; - __real_OSHash_SetFreeDataPointer(stat.states, (void (*)(void *))free_state_file); - - w_lc_state_file_t * data = NULL; - os_calloc(1, sizeof(w_lc_state_file_t), data); - os_calloc(2, sizeof(w_lc_state_target_t *), data->targets); - os_calloc(1, sizeof(w_lc_state_target_t), data->targets[0]); - - expect_value(__wrap_OSHash_Get, self, stat.states); - expect_string(__wrap_OSHash_Get, key, "/test_path"); - will_return(__wrap_OSHash_Get, data); - - will_return(__wrap_OSHash_Update, 0); - expect_value(__wrap_OSHash_Add, key, "/test_path"); - will_return(__wrap_OSHash_Add, 0); - - expect_string(__wrap__merror, formatted_msg, - "(1299): Failure to update '/test_path' to 'logcollector_state' hash table"); - - _w_logcollector_state_update_file(&stat, "/test_path", 100); -} - -/* w_logcollector_state_update_file */ -void test_w_logcollector_state_update_file_null(void ** state) { - w_logcollector_state_update_file(NULL, 500); -} - - -/* _w_logcollector_state_update_target */ -void test__w_logcollector_state_update_target_get_file_stats_fail(void ** state) { - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - w_lc_state_storage_t stats = { .states = *state }; - w_lc_state_file_t *mock_entry = calloc(1, sizeof(w_lc_state_file_t)); - char *fpath = "/test_path"; - char *target = "test"; - - __real_OSHash_Add_ex(mock_hashmap, fpath, mock_entry); - bool dropped = false; - - expect_value(__wrap_OSHash_Get, self, stats.states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, NULL); - - will_return(__wrap_OSHash_Update, 1); - - _w_logcollector_state_update_target(&stats, fpath, target, dropped); -} - -void test__w_logcollector_state_update_target_find_target_fail(void ** state) { - char * fpath = "/test_path"; - char * target_str = "test2"; - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - - __real_OSHash_Add_ex(mock_hashmap, fpath, calloc(1, sizeof(w_lc_state_file_t))); - - w_lc_state_storage_t * stats = NULL; - os_calloc(1, sizeof(w_lc_state_storage_t), stats); - stats->states = *state; - stats->start = (time_t) 2020; - - w_lc_state_target_t * target; - os_calloc(1, sizeof(w_lc_state_target_t), target); - target->drops = 10; - os_strdup("test", target->name); - - w_lc_state_target_t ** target_array; - os_calloc(2, sizeof(w_lc_state_target_t *), target_array); - target_array[0] = target; - - w_lc_state_file_t * data; - os_calloc(1, sizeof(w_lc_state_file_t), data); - data->targets = target_array; - data->bytes = 100; - data->events = 5; - - bool dropped = false; - - expect_value(__wrap_OSHash_Get, self, stats->states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, data); - - will_return(__wrap_OSHash_Update, 1); - - _w_logcollector_state_update_target(stats, fpath, target_str, dropped); - free(stats); -} - - -void test__w_logcollector_state_update_target_find_target_ok(void ** state) { - char * fpath = "/test_path"; - char * target_str = "test"; - - bool dropped = false; - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - w_lc_state_storage_t stats = {.states = *state, .start = (time_t) 2020}; - w_lc_state_target_t target = {.drops = 10, .name = "test"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - - - expect_value(__wrap_OSHash_Get, self, stats.states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, &data); - - will_return(__wrap_OSHash_Update, 1); - - _w_logcollector_state_update_target(&stats, fpath, target_str, dropped); -} - -void test__w_logcollector_state_update_target_dropped_true(void ** state) { - - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - w_lc_state_storage_t stats = {.states = (OSHash *) *state, .start = (time_t) 2020}; - w_lc_state_target_t target = {.drops = 10, .name = "test"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - - char * fpath = "/test_path"; - char * target_str = "test"; - - expect_value(__wrap_OSHash_Get, self, stats.states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, &data); - - will_return(__wrap_OSHash_Update, 1); - bool dropped = true; - - _w_logcollector_state_update_target(&stats, fpath, target_str, dropped); -} - -void test__w_logcollector_state_update_target_OSHash_Update_fail(void ** state) { - - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - w_lc_state_storage_t stats = {.states = (OSHash *) *state, .start = (time_t) 2020}; - w_lc_state_target_t target = {.drops = 10, .name = "test"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - - char * fpath = "/test_path"; - char * target_str = "test"; - - bool dropped = true; - - - expect_value(__wrap_OSHash_Get, self, stats.states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, &data); - - will_return(__wrap_OSHash_Update, 0); - - expect_value(__wrap_OSHash_Add, key, "/test_path"); - will_return(__wrap_OSHash_Add, 2); - - _w_logcollector_state_update_target(&stats, fpath, target_str, dropped); -} - -void test__w_logcollector_state_update_target_OSHash_Add_fail(void ** state) { - - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - w_lc_state_storage_t stats = {.states = (OSHash *) *state}; - w_lc_state_target_t * target; - os_calloc(1, sizeof(w_lc_state_target_t), target); - target->drops = 10; - os_strdup("test", target->name); - - w_lc_state_target_t ** target_array; - os_calloc(2, sizeof(w_lc_state_target_t *), target_array); - target_array[0] = target; - - w_lc_state_file_t * data; - os_calloc(1, sizeof(w_lc_state_file_t), data); - data->targets = target_array; - data->bytes = 100; - data->events = 5; - - char * fpath = "/test_path"; - char * target_str = "test"; - - bool dropped = true; - - expect_value(__wrap_OSHash_Get, self, stats.states); - expect_string(__wrap_OSHash_Get, key, fpath); - will_return(__wrap_OSHash_Get, data); - - will_return(__wrap_OSHash_Update, 0); - - expect_value(__wrap_OSHash_Add, key, "/test_path"); - will_return(__wrap_OSHash_Add, 0); - - expect_string(__wrap__merror, formatted_msg, - "(1299): Failure to update '/test_path' to 'logcollector_state' hash table"); - - _w_logcollector_state_update_target(&stats, fpath, target_str, dropped); -} - -void test_w_logcollector_state_update_file_ok(void ** state) { - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - - w_lc_state_file_t data = {0}; - w_lc_state_file_t data2 = {.bytes = 10, .events = 5}; - - expect_function_call(__wrap_pthread_mutex_lock); - expect_value(__wrap_OSHash_Get, self, g_lc_states_global->states); - expect_string(__wrap_OSHash_Get, key, "/test_path"); - will_return(__wrap_OSHash_Get, &data); - - will_return(__wrap_OSHash_Update, 1); - - expect_value(__wrap_OSHash_Get, self, g_lc_states_interval->states); - expect_string(__wrap_OSHash_Get, key, "/test_path"); - will_return(__wrap_OSHash_Get, &data2); - - will_return(__wrap_OSHash_Update, 1); - - expect_function_call(__wrap_pthread_mutex_unlock); - w_logcollector_state_update_file("/test_path", 500); - - assert_int_equal(data.bytes, 500); - assert_int_equal(data.events, 1); - assert_int_equal(data2.bytes, 510); - assert_int_equal(data2.events, 6); -} - -// Tests w_logcollector_state_update_target -void test_w_logcollector_state_update_target_null_target(void ** state) { - w_logcollector_state_update_target("test path", NULL, false); -} - -void test_w_logcollector_state_update_target_null_path(void ** state) { - w_logcollector_state_update_target(NULL, "test_target", false); -} - -void test_w_logcollector_state_update_target_ok(void ** state) { - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL; - - w_lc_state_target_t target = {.drops = 10, .name = "test_target"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - - expect_function_call(__wrap_pthread_mutex_lock); - - expect_value(__wrap_OSHash_Get, self, g_lc_states_global->states); - expect_string(__wrap_OSHash_Get, key, "test_path"); - will_return(__wrap_OSHash_Get, &data); - - will_return(__wrap_OSHash_Update, 1); - - w_lc_state_target_t target2 = {.drops = 10, .name = "test_target"}; - w_lc_state_target_t * target_array2[2] = {&target, NULL}; - w_lc_state_file_t data2 = {.targets = (w_lc_state_target_t **) &target_array2, .bytes = 100, .events = 5}; - - expect_value(__wrap_OSHash_Get, self, g_lc_states_interval->states); - expect_string(__wrap_OSHash_Get, key, "test_path"); - will_return(__wrap_OSHash_Get, &data2); - - will_return(__wrap_OSHash_Update, 1); - - expect_function_call(__wrap_pthread_mutex_unlock); - - w_logcollector_state_update_target("test_path", "test_target", false); -} - -/* w_logcollector_state_generate */ -void test_w_logcollector_generate_state_ok(void ** state) { - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL;; - - w_lc_state_target_t target = {.drops = 10, .name = "sock1"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node = {.data = &data, .key = "key_test"}; - - expect_function_call(__wrap_pthread_mutex_lock); - expect_function_call(__wrap_pthread_mutex_lock); - - expect_function_call(__wrap_cJSON_Delete); - - will_return_always(__wrap_cJSON_CreateObject, (cJSON *) 10); - - expect_value(__wrap_OSHash_Begin, self, g_lc_states_global->states); - will_return(__wrap_OSHash_Begin, &hash_node); - - will_return_always(__wrap_cJSON_AddNumberToObject, 1); - will_return_always(__wrap_cJSON_AddStringToObject, 1); - will_return_always(__wrap_cJSON_AddItemToArray, true); - will_return_always(__wrap_cJSON_AddItemToObject, true); - - will_return_always(__wrap_cJSON_CreateArray, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - expect_function_call(__wrap_cJSON_AddItemToObject); - - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, g_lc_states_global->states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - g_lc_states_interval->start = (time_t) 2020; - - w_lc_state_file_t data2 = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node2 = {.data = &data2, .key = "key_test"}; - - expect_value(__wrap_OSHash_Begin, self, g_lc_states_interval->states); - will_return(__wrap_OSHash_Begin, &hash_node2); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - expect_function_call(__wrap_cJSON_AddItemToObject); - - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, g_lc_states_interval->states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_time, (time_t) 2525); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_pthread_mutex_unlock); - expect_function_call(__wrap_pthread_mutex_unlock); - - w_logcollector_state_generate(); - - assert_int_equal(data.bytes, 100); - assert_int_equal(data.events, 5); - assert_int_equal(data2.bytes, 0); - assert_int_equal(data2.events, 0); - assert_int_equal(g_lc_states_interval->start, 2525); -} - -/* w_logcollector_state_dump */ -void test_w_logcollector_state_dump_fail_open(void ** state) { - - expect_function_call(__wrap_pthread_mutex_lock); - will_return(__wrap_cJSON_Duplicate, (cJSON *) 3); - expect_function_call(__wrap_pthread_mutex_unlock); - will_return(__wrap_cJSON_Print, strdup("Test 123")); - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, LOGCOLLECTOR_STATE); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, NULL); - - const char * error_msg = "(1103): Could not open file " - "'" LOGCOLLECTOR_STATE "' due to"; - - expect_memory(__wrap__merror, formatted_msg, error_msg, strlen(error_msg)); - - w_logcollector_state_dump(); -} - -void test_w_logcollector_state_dump_fail_write(void ** state) { - - expect_function_call(__wrap_pthread_mutex_lock); - will_return(__wrap_cJSON_Duplicate, (cJSON *) 3); - expect_function_call(__wrap_pthread_mutex_unlock); - will_return(__wrap_cJSON_Print, strdup("Test 123")); - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, LOGCOLLECTOR_STATE); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, (FILE *) 100); - will_return(__wrap_fwrite, 0); - - const char * error_msg = "(1110): Could not write file " - "'" LOGCOLLECTOR_STATE "' due to"; - - expect_memory(__wrap__merror, formatted_msg, error_msg, strlen(error_msg)); - - expect_value(__wrap_fclose, _File, (FILE *) 100); - will_return(__wrap_fclose, 0); - - w_logcollector_state_dump(); -} - -void test_w_logcollector_state_dump_ok(void ** state) { - - expect_function_call(__wrap_pthread_mutex_lock); - will_return(__wrap_cJSON_Duplicate, (cJSON *) 3); - expect_function_call(__wrap_pthread_mutex_unlock); - will_return(__wrap_cJSON_Print, strdup("Test 123")); - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, LOGCOLLECTOR_STATE); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, (FILE *) 100); - will_return(__wrap_fwrite, 1); - - expect_value(__wrap_fclose, _File, (FILE *) 100); - will_return(__wrap_fclose, 0); - - w_logcollector_state_dump(); -} - -void test_w_logcollector_state_main_bad_interval(void ** state) { - - g_lc_state_type = LC_STATE_GLOBAL | LC_STATE_INTERVAL;; - int interval = -1; - w_logcollector_state_main((void *) &interval); -} - -void test_w_logcollector_state_main_ok(void ** state) { - - int interval = 105; - will_return(__wrap_FOREVER, 1); - expect_value(__wrap_sleep, seconds, interval); - - w_lc_state_target_t target = {.drops = 10, .name = "sock1"}; - w_lc_state_target_t * target_array[2] = {&target, NULL}; - - w_lc_state_file_t data = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node = {.data = &data, .key = "key_test"}; - - expect_function_call(__wrap_pthread_mutex_lock); - expect_function_call(__wrap_pthread_mutex_lock); - - expect_function_call(__wrap_cJSON_Delete); - - will_return_always(__wrap_cJSON_CreateObject, (cJSON *) 10); - - expect_value(__wrap_OSHash_Begin, self, g_lc_states_global->states); - will_return(__wrap_OSHash_Begin, &hash_node); - - will_return_always(__wrap_cJSON_AddNumberToObject, 1); - will_return_always(__wrap_cJSON_AddStringToObject, 1); - will_return_always(__wrap_cJSON_AddItemToArray, true); - will_return_always(__wrap_cJSON_AddItemToObject, true); - - will_return_always(__wrap_cJSON_CreateArray, (cJSON *) 1); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, g_lc_states_global->states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - g_lc_states_interval->start = (time_t) 2020; - - w_lc_state_file_t data2 = {.targets = (w_lc_state_target_t **) &target_array, .bytes = 100, .events = 5}; - OSHashNode hash_node2 = {.data = &data2, .key = "key_test"}; - - expect_value(__wrap_OSHash_Begin, self, g_lc_states_interval->states); - will_return(__wrap_OSHash_Begin, &hash_node2); - - expect_string(__wrap_cJSON_AddStringToObject, name, "name"); - expect_string(__wrap_cJSON_AddStringToObject, string, "sock1"); - - expect_string(__wrap_cJSON_AddNumberToObject, name, "drops"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 10); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - - expect_string(__wrap_cJSON_AddStringToObject, name, "location"); - expect_string(__wrap_cJSON_AddStringToObject, string, "key_test"); - expect_string(__wrap_cJSON_AddNumberToObject, name, "events"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 5); - expect_string(__wrap_cJSON_AddNumberToObject, name, "bytes"); - expect_value(__wrap_cJSON_AddNumberToObject, number, 100); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_cJSON_AddItemToArray); - - expect_value(__wrap_OSHash_Next, self, g_lc_states_interval->states); - will_return(__wrap_OSHash_Next, NULL); - - will_return(__wrap_strftime,"2019-02-05 12:18:37"); - will_return(__wrap_strftime, 20); - - expect_string(__wrap_cJSON_AddStringToObject, name, "start"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:37"); - - will_return(__wrap_time, (time_t) 2525); - will_return(__wrap_strftime,"2019-02-05 12:18:42"); - will_return(__wrap_strftime, 20); - expect_string(__wrap_cJSON_AddStringToObject, name, "end"); - expect_string(__wrap_cJSON_AddStringToObject, string, "2019-02-05 12:18:42"); - - expect_function_call(__wrap_cJSON_AddItemToObject); - will_return(__wrap_time, (time_t) 2525); - - expect_function_call(__wrap_cJSON_AddItemToObject); - - expect_function_call(__wrap_pthread_mutex_unlock); - expect_function_call(__wrap_pthread_mutex_unlock); - - expect_function_call(__wrap_pthread_mutex_lock); - will_return(__wrap_cJSON_Duplicate, (cJSON *) 3); - expect_function_call(__wrap_pthread_mutex_unlock); - will_return(__wrap_cJSON_Print, strdup("Test 123")); - expect_function_call(__wrap_cJSON_Delete); - - expect_string(__wrap_wfopen, path, LOGCOLLECTOR_STATE); - expect_string(__wrap_wfopen, mode, "w"); - will_return(__wrap_wfopen, (FILE *) 100); - will_return(__wrap_fwrite, 1); - - expect_value(__wrap_fclose, _File, (FILE *) 100); - will_return(__wrap_fclose, 0); - - will_return(__wrap_FOREVER, 0); - - w_logcollector_state_main((void *) &interval); -} - -/* _test_w_logcollector_state_delete_file */ - -void test__w_logcollector_state_delete_file_no_data(void ** state) { - w_lc_state_storage_t storage = { .states = *state }; - - expect_value(__wrap_OSHash_Delete, self, storage.states); - expect_string(__wrap_OSHash_Delete, key, "test_path"); - will_return(__wrap_OSHash_Delete, NULL); - - _w_logcollector_state_delete_file(&storage, "test_path"); -} - -void test__w_logcollector_state_delete_file_ok(void ** state) { - w_lc_state_storage_t storage = {.states = *state}; - - w_lc_state_file_t * data = NULL; - os_calloc(1, sizeof(w_lc_state_file_t), data); - os_calloc(3, sizeof(w_lc_state_target_t *), data->targets); - os_calloc(1, sizeof(w_lc_state_target_t), data->targets[0]); - os_strdup("target name 1", data->targets[0]->name); - os_calloc(1, sizeof(w_lc_state_target_t), data->targets[1]); - os_strdup("target name 2", data->targets[1]->name); - - expect_value(__wrap_OSHash_Delete, self, storage.states); - expect_string(__wrap_OSHash_Delete, key, "test_path"); - will_return(__wrap_OSHash_Delete, data); - - _w_logcollector_state_delete_file(&storage, "test_path"); -} - -/* w_logcollector_state_delete_file */ - -void test_w_logcollector_state_delete_file_fpath_NULL(void ** state) { - - char * fpath = NULL; - - w_logcollector_state_delete_file(fpath); - -} - -void test_w_logcollector_state_delete_file_global(void ** state) { - g_lc_state_type = 1; - char * fpath = "test"; - - expect_function_call(__wrap_pthread_mutex_lock); - - expect_value(__wrap_OSHash_Delete, self, g_lc_states_global->states); - expect_string(__wrap_OSHash_Delete, key, fpath); - will_return(__wrap_OSHash_Delete, NULL); - - expect_function_call(__wrap_pthread_mutex_unlock); - - w_logcollector_state_delete_file(fpath); -} - -void test_w_logcollector_state_delete_file_interval(void ** state) { - char * fpath = "test"; - g_lc_state_type = 2; - - expect_function_call(__wrap_pthread_mutex_lock); - - expect_value(__wrap_OSHash_Delete, self, g_lc_states_interval->states); - expect_string(__wrap_OSHash_Delete, key, fpath); - will_return(__wrap_OSHash_Delete, NULL); - - expect_function_call(__wrap_pthread_mutex_unlock); - - w_logcollector_state_delete_file(fpath); -} - -void test_w_logcollector_state_delete_file_global_interval(void ** state) { - char * fpath = "test"; - g_lc_state_type = 3; - - expect_function_call(__wrap_pthread_mutex_lock); - expect_value(__wrap_OSHash_Delete, self, g_lc_states_global->states); - expect_string(__wrap_OSHash_Delete, key, fpath); - will_return(__wrap_OSHash_Delete, NULL); - - expect_value(__wrap_OSHash_Delete, self, g_lc_states_interval->states); - expect_string(__wrap_OSHash_Delete, key, fpath); - will_return(__wrap_OSHash_Delete, NULL); - - expect_function_call(__wrap_pthread_mutex_unlock); - - w_logcollector_state_delete_file(fpath); -} - -int main(void) { - const struct CMUnitTest tests[] = { - // Tests w_logcollector_state_init - cmocka_unit_test_teardown(test_w_logcollector_state_init_fail_hash_create_global, teardown_global_variables), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_init_fail_hash_create_interval, setup_local_hashmap, teardown_global_variables), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_init_fail_hash_setsize_global, setup_local_hashmap, teardown_global_variables), - cmocka_unit_test_teardown(test_w_logcollector_state_init_fail_hash_setsize_interval, teardown_global_variables), - cmocka_unit_test_teardown(test_w_logcollector_state_init_ok, teardown_global_variables), - - // Tests w_logcollector_state_get - cmocka_unit_test(test_w_logcollector_state_get_null), - cmocka_unit_test(test_w_logcollector_state_get_non_null), - - // Tests _w_logcollector_generate_state - cmocka_unit_test_setup_teardown(test__w_logcollector_generate_state_fail_get_node, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_generate_state_one_target, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_generate_state_one_target_restart, setup_local_hashmap, teardown_local_hashmap), - - // Tests _w_logcollector_state_update_file - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_file_new_data, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_file_update, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_file_fail_update, setup_local_hashmap, teardown_local_hashmap), - - // Tests w_logcollector_state_update_file - cmocka_unit_test(test_w_logcollector_state_update_file_null), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_update_file_ok, setup_global_variables, teardown_global_variables), - - // Tests _w_logcollector_state_update_target - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_get_file_stats_fail, setup_hashmap_state_file, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_find_target_fail, setup_hashmap_state_file, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_find_target_ok, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_dropped_true, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_OSHash_Update_fail, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_update_target_OSHash_Add_fail, setup_local_hashmap, teardown_local_hashmap), - - // Tests w_logcollector_state_update_target - cmocka_unit_test(test_w_logcollector_state_update_target_null_path), - cmocka_unit_test(test_w_logcollector_state_update_target_null_target), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_update_target_ok, setup_global_variables, teardown_global_variables), - - // Tests w_logcollector_state_generate - cmocka_unit_test_setup_teardown(test_w_logcollector_generate_state_ok, setup_global_variables, teardown_global_variables), - - // Tests w_logcollector_state_dump - cmocka_unit_test(test_w_logcollector_state_dump_fail_open), - cmocka_unit_test(test_w_logcollector_state_dump_fail_write), - cmocka_unit_test(test_w_logcollector_state_dump_ok), - - // Tests w_logcollector_state_main - cmocka_unit_test(test_w_logcollector_state_main_bad_interval), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_main_ok, setup_global_variables, teardown_global_variables), - - // Test _w_logcollector_state_delete_file - cmocka_unit_test_setup_teardown(test__w_logcollector_state_delete_file_no_data, setup_local_hashmap, teardown_local_hashmap), - cmocka_unit_test_setup_teardown(test__w_logcollector_state_delete_file_ok, setup_local_hashmap, teardown_local_hashmap), - - // Test _w_logcollector_state_delete_file - cmocka_unit_test(test_w_logcollector_state_delete_file_fpath_NULL), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_delete_file_global, setup_global_variables, teardown_global_variables), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_delete_file_interval, setup_global_variables, teardown_global_variables), - cmocka_unit_test_setup_teardown(test_w_logcollector_state_delete_file_global_interval, setup_global_variables, teardown_global_variables), - - }; - - return cmocka_run_group_tests(tests, setup_group, teardown_group); -} diff --git a/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.c b/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.c deleted file mode 100644 index 4ce2df2e86..0000000000 --- a/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.c +++ /dev/null @@ -1,69 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "macos_log_wrappers.h" -#include -#include -#include -#include - -void __wrap_w_macos_create_log_env(logreader * lf, w_sysinfo_helpers_t * global_sysinfo) { - - check_expected_ptr(lf); - check_expected(global_sysinfo); -} - -void __wrap_w_macos_set_last_log_timestamp(char * timestamp) { - - check_expected(timestamp); -} - -void __wrap_w_macos_set_log_settings(char * settings) { - - check_expected(settings); -} - -char * __wrap_w_macos_get_last_log_timestamp(void) { - - return mock_ptr_type(char *); -} - -char * __wrap_w_macos_get_log_settings(void) { - - return mock_ptr_type(char *); -} - -cJSON * __wrap_w_macos_get_status_as_JSON(void) { - - return mock_ptr_type(cJSON *); -} - -void __wrap_w_macos_set_status_from_JSON(cJSON * global_json) { - - check_expected(global_json); -} - -bool __wrap_w_is_macos_sierra() { - - return mock_type(bool); -} - -pid_t __wrap_w_get_first_child(pid_t parent_pid) { - - check_expected(parent_pid); - return mock_type(pid_t); -} - -bool __wrap_w_macos_get_is_valid_data() { - return mock_type(bool); -} - -void __wrap_w_macos_set_is_valid_data(bool is_valid) { - check_expected(is_valid); -} diff --git a/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.h b/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.h deleted file mode 100644 index 674e793bc2..0000000000 --- a/src/modules/logcollector/tests/unit/wrappers/macos_log_wrappers.h +++ /dev/null @@ -1,37 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef MACOS_LOG_WRAPPERS_H -#define MACOS_LOG_WRAPPERS_H - -#include "../../../logcollector/macos_log.h" - -void __wrap_w_macos_create_log_env(logreader * lf, w_sysinfo_helpers_t * global_sysinfo); - -void __wrap_w_macos_set_last_log_timestamp(char * timestamp); - -void __wrap_w_macos_set_log_settings(char * settings); - -char * __wrap_w_macos_get_last_log_timestamp(void); - -char * __wrap_w_macos_get_log_settings(void); - -cJSON * __wrap_w_macos_get_status_as_JSON(void); - -void __wrap_w_macos_set_status_from_JSON(cJSON * global_json); - -bool __wrap_w_is_macos_sierra(); - -pid_t __wrap_w_get_first_child(pid_t parent_pid); - -bool __wrap_w_macos_get_is_valid_data(); - -void __wrap_w_macos_set_is_valid_data(bool is_valid); - -#endif diff --git a/src/modules/ms_graph/src/wm_ms_graph.c b/src/modules/ms_graph/src/wm_ms_graph.c index 99181e694d..f68beff75c 100644 --- a/src/modules/ms_graph/src/wm_ms_graph.c +++ b/src/modules/ms_graph/src/wm_ms_graph.c @@ -50,7 +50,7 @@ void* wm_ms_graph_main(wm_ms_graph* ms_graph) { if (!wm_ms_graph_setup(ms_graph)) { return NULL; } else { - mtinfo(WM_MS_GRAPH_LOGTAG, "Started module."); + LogInfo(WM_MS_GRAPH_LOGTAG, "Started module."); bool initial = true; int i; @@ -66,7 +66,7 @@ void* wm_ms_graph_main(wm_ms_graph* ms_graph) { if (time_sleep) { const time_t next_scan_time = sched_get_next_scan_time(ms_graph->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug1(WM_MS_GRAPH_LOGTAG, "Waiting until: %s", timestamp); + LogDebug(WM_MS_GRAPH_LOGTAG, "Waiting until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } @@ -75,12 +75,12 @@ void* wm_ms_graph_main(wm_ms_graph* ms_graph) { it = ms_graph->auth_config[i]; if (!it->access_token || time(NULL) >= it->token_expiration_time) { - mtinfo(WM_MS_GRAPH_LOGTAG, "Obtaining access token."); + LogInfo(WM_MS_GRAPH_LOGTAG, "Obtaining access token."); wm_ms_graph_get_access_token(it, ms_graph->curl_max_size); } if (it->access_token && time(NULL) < it->token_expiration_time) { - mtinfo(WM_MS_GRAPH_LOGTAG, "Scanning tenant '%s'", it->tenant_id); + LogInfo(WM_MS_GRAPH_LOGTAG, "Scanning tenant '%s'", it->tenant_id); wm_ms_graph_scan_relationships(ms_graph, it, initial); initial = false; } @@ -103,7 +103,7 @@ bool wm_ms_graph_setup(wm_ms_graph* ms_graph) { queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (queue_fd < 0) { - mterror(WM_MS_GRAPH_LOGTAG, "Unable to connect to Message Queue. Exiting..."); + LogError(WM_MS_GRAPH_LOGTAG, "Unable to connect to Message Queue. Exiting..."); #ifdef WAZUH_UNIT_TESTING return false; #else @@ -119,14 +119,14 @@ bool wm_ms_graph_setup(wm_ms_graph* ms_graph) { bool wm_ms_graph_check(wm_ms_graph* ms_graph) { if (!ms_graph || !ms_graph->enabled) { - mtinfo(WM_MS_GRAPH_LOGTAG, "Module disabled. Exiting..."); + LogInfo(WM_MS_GRAPH_LOGTAG, "Module disabled. Exiting..."); #ifdef WAZUH_UNIT_TESTING return false; #else pthread_exit(NULL); #endif } else if (!ms_graph->resources || ms_graph->num_resources == 0) { - mterror(WM_MS_GRAPH_LOGTAG, "Invalid module configuration (Missing API info, resources, relationships). Exiting..."); + LogError(WM_MS_GRAPH_LOGTAG, "Invalid module configuration (Missing API info, resources, relationships). Exiting..."); #ifdef WAZUH_UNIT_TESTING return false; #else @@ -135,7 +135,7 @@ bool wm_ms_graph_check(wm_ms_graph* ms_graph) { } else { for (unsigned int resource = 0; resource < ms_graph->num_resources; resource++) { if (ms_graph->resources[resource].num_relationships == 0) { - mterror(WM_MS_GRAPH_LOGTAG, "Invalid module configuration (Missing API info, resources, relationships). Exiting..."); + LogError(WM_MS_GRAPH_LOGTAG, "Invalid module configuration (Missing API info, resources, relationships). Exiting..."); #ifdef WAZUH_UNIT_TESTING return false; #else @@ -154,7 +154,7 @@ void wm_ms_graph_get_access_token(wm_ms_graph_auth* auth_config, const ssize_t c curl_response* response; snprintf(url, OS_SIZE_8192 - 1, WM_MS_GRAPH_ACCESS_TOKEN_URL, auth_config->login_fqdn, auth_config->tenant_id); - mtdebug1(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Access Token URL: '%s'", url); + LogDebug(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Access Token URL: '%s'", url); snprintf(payload, OS_SIZE_8192 - 1, WM_MS_GRAPH_ACCESS_TOKEN_PAYLOAD, auth_config->query_fqdn, auth_config->client_id, auth_config->secret_value); response = wurl_http_request(WURL_POST_METHOD, headers, url, payload, curl_max_size, WM_MS_GRAPH_DEFAULT_TIMEOUT); @@ -162,9 +162,9 @@ void wm_ms_graph_get_access_token(wm_ms_graph_auth* auth_config, const ssize_t c if (response->status_code != 200) { char status_code[4]; snprintf(status_code, 4, "%ld", response->status_code); - mtwarn(WM_MS_GRAPH_LOGTAG, "Received unsuccessful status code when attempting to obtain access token: Status code was '%s' & response was '%s'", status_code, response->body); + LogWarn(WM_MS_GRAPH_LOGTAG, "Received unsuccessful status code when attempting to obtain access token: Status code was '%s' & response was '%s'", status_code, response->body); } else if (response->max_size_reached) { - mtwarn(WM_MS_GRAPH_LOGTAG, "Reached maximum CURL size when attempting to obtain access token. Consider increasing the value of 'curl_max_size'."); + LogWarn(WM_MS_GRAPH_LOGTAG, "Reached maximum CURL size when attempting to obtain access token. Consider increasing the value of 'curl_max_size'."); } else { cJSON* response_body = NULL; if (response_body = cJSON_Parse(response->body), response_body) { @@ -174,16 +174,16 @@ void wm_ms_graph_get_access_token(wm_ms_graph_auth* auth_config, const ssize_t c os_strdup(access_token_value->valuestring, auth_config->access_token); auth_config->token_expiration_time = time(NULL) + access_token_expiration->valueint; } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "Incomplete access token response, value or expiration time not present."); + LogWarn(WM_MS_GRAPH_LOGTAG, "Incomplete access token response, value or expiration time not present."); } cJSON_Delete(response_body); } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "Failed to parse access token JSON body."); + LogWarn(WM_MS_GRAPH_LOGTAG, "Failed to parse access token JSON body."); } } wurl_free_response(response); } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "No response received when attempting to obtain access token."); + LogWarn(WM_MS_GRAPH_LOGTAG, "No response received when attempting to obtain access token."); } } @@ -245,13 +245,14 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut (!initial_scan && !relationship_state_struc.next_time)) { relationship_state_struc.next_time = now; if (wm_state_io(relationship_state_name, WM_IO_WRITE, &relationship_state_struc, sizeof(relationship_state_struc)) < 0) { - mterror(WM_MS_GRAPH_LOGTAG, "Couldn't save running state."); - } else if (isDebug()) { - gmtime_r(&now, &tm_aux); - strftime(start_time_str, sizeof(start_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_aux); - mtdebug1(WM_MS_GRAPH_LOGTAG, "Bookmark updated to '%s' for tenant '%s' resource '%s' and relationship '%s', waiting '%d' seconds to run first scan.", - start_time_str, auth_config->tenant_id, ms_graph->resources[resource_num].name, ms_graph->resources[resource_num].relationships[relationship_num], ms_graph->scan_config.interval); + LogError(WM_MS_GRAPH_LOGTAG, "Couldn't save running state."); } + // else if (isDebug()) { + // gmtime_r(&now, &tm_aux); + // strftime(start_time_str, sizeof(start_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_aux); + // LogDebug(WM_MS_GRAPH_LOGTAG, "Bookmark updated to '%s' for tenant '%s' resource '%s' and relationship '%s', waiting '%d' seconds to run first scan.", + // start_time_str, auth_config->tenant_id, ms_graph->resources[resource_num].name, ms_graph->resources[resource_num].relationships[relationship_num], ms_graph->scan_config.interval); + // } continue; } @@ -296,7 +297,7 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut next_page = true; while (next_page) { - mtdebug1(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Log URL: '%s'", url); + LogDebug(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Log URL: '%s'", url); fail = true; next_page = false; @@ -305,7 +306,7 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut if (response->status_code != 200) { char status_code[4]; snprintf(status_code, 4, "%ld", response->status_code); - mtwarn(WM_MS_GRAPH_LOGTAG, "Received unsuccessful status code when attempting to get relationship '%s' logs: Status code was '%s' & response was '%s'", + LogWarn(WM_MS_GRAPH_LOGTAG, "Received unsuccessful status code when attempting to get relationship '%s' logs: Status code was '%s' & response was '%s'", ms_graph->resources[resource_num].relationships[relationship_num], status_code, response->body); @@ -313,7 +314,7 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut auth_config->token_expiration_time = time(NULL); } } else if (response->max_size_reached) { - mtwarn(WM_MS_GRAPH_LOGTAG, "Reached maximum CURL size when attempting to get relationship '%s' logs. Consider increasing the value of 'curl_max_size'.", + LogWarn(WM_MS_GRAPH_LOGTAG, "Reached maximum CURL size when attempting to get relationship '%s' logs. Consider increasing the value of 'curl_max_size'.", ms_graph->resources[resource_num].relationships[relationship_num]); } else { cJSON* body_parse = NULL; @@ -342,20 +343,20 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut cJSON_AddItemToObject(full_log, WM_MS_GRAPH_CONTEXT.name, cJSON_Duplicate(log, true)); payload = cJSON_PrintUnformatted(full_log); - mtdebug2(WM_MS_GRAPH_LOGTAG, "Sending log: '%s'", payload); + LogDebug(WM_MS_GRAPH_LOGTAG, "Sending log: '%s'", payload); if (wm_sendmsg(1000000 / wm_max_eps, queue_fd, payload, WM_MS_GRAPH_CONTEXT.name, LOCALFILE_MQ) < 0) { - mterror(WM_MS_GRAPH_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_MS_GRAPH_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } os_free(payload); cJSON_Delete(full_log); } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "Failed to parse log array into singular log."); + LogWarn(WM_MS_GRAPH_LOGTAG, "Failed to parse log array into singular log."); } } fail = false; } else { - mtdebug2(WM_MS_GRAPH_LOGTAG, "No new logs received."); + LogDebug(WM_MS_GRAPH_LOGTAG, "No new logs received."); fail = false; } @@ -368,12 +369,12 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut cJSON_Delete(body_parse); } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "Failed to parse relationship '%s' JSON body.", ms_graph->resources[resource_num].relationships[relationship_num]); + LogWarn(WM_MS_GRAPH_LOGTAG, "Failed to parse relationship '%s' JSON body.", ms_graph->resources[resource_num].relationships[relationship_num]); } } wurl_free_response(response); } else { - mtwarn(WM_MS_GRAPH_LOGTAG, "No response received when attempting to get relationship '%s' from resource '%s' on API version '%s'.", + LogWarn(WM_MS_GRAPH_LOGTAG, "No response received when attempting to get relationship '%s' from resource '%s' on API version '%s'.", ms_graph->resources[resource_num].relationships[relationship_num], ms_graph->resources[resource_num].name, ms_graph->version); @@ -383,9 +384,9 @@ void wm_ms_graph_scan_relationships(wm_ms_graph* ms_graph, wm_ms_graph_auth* aut if (!inventory && !fail) { relationship_state_struc.next_time = now; if (wm_state_io(relationship_state_name, WM_IO_WRITE, &relationship_state_struc, sizeof(relationship_state_struc)) < 0) { - mterror(WM_MS_GRAPH_LOGTAG, "Couldn't save running state."); + LogError(WM_MS_GRAPH_LOGTAG, "Couldn't save running state."); } else { - mtdebug1(WM_MS_GRAPH_LOGTAG, "Bookmark updated to '%s' for tenant '%s' resource '%s' and relationship '%s', waiting '%d' seconds to run next scan.", + LogDebug(WM_MS_GRAPH_LOGTAG, "Bookmark updated to '%s' for tenant '%s' resource '%s' and relationship '%s', waiting '%d' seconds to run next scan.", end_time_str, auth_config->tenant_id, ms_graph->resources[resource_num].name, ms_graph->resources[resource_num].relationships[relationship_num], ms_graph->scan_config.interval); } } @@ -407,7 +408,7 @@ cJSON* wm_ms_graph_scan_apps_devices(const wm_ms_graph* ms_graph, const cJSON* a next_page = true; while (next_page) { - mtdebug1(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Log URL: '%s'", url); + LogDebug(WM_MS_GRAPH_LOGTAG, "Microsoft Graph API Log URL: '%s'", url); next_page = false; response = wurl_http_request(WURL_GET_METHOD, headers, url, "", ms_graph->curl_max_size, WM_MS_GRAPH_DEFAULT_TIMEOUT); @@ -479,7 +480,7 @@ void wm_ms_graph_destroy(wm_ms_graph* ms_graph) { void wm_ms_graph_cleanup() { close(queue_fd); - mtinfo(WM_MS_GRAPH_LOGTAG, "Module shutdown."); + LogInfo(WM_MS_GRAPH_LOGTAG, "Module shutdown."); } cJSON* wm_ms_graph_dump(const wm_ms_graph* ms_graph) { diff --git a/src/modules/office365/src/wm_office365.c b/src/modules/office365/src/wm_office365.c index b8c0d3c3ca..42850e0035 100644 --- a/src/modules/office365/src/wm_office365.c +++ b/src/modules/office365/src/wm_office365.c @@ -130,13 +130,13 @@ STATIC DWORD WINAPI wm_office365_main(void *arg) { void * wm_office365_main(wm_office365* office365_config) { #endif if (office365_config->enabled) { - mtinfo(WM_OFFICE365_LOGTAG, "Module Office365 started."); + LogInfo(WM_OFFICE365_LOGTAG, "Module Office365 started."); #ifndef WIN32 // Connect to queue office365_config->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (office365_config->queue_fd < 0) { - mterror(WM_OFFICE365_LOGTAG, "Can't connect to queue. Closing module."); + LogError(WM_OFFICE365_LOGTAG, "Can't connect to queue. Closing module."); return NULL; } #endif @@ -152,7 +152,7 @@ void * wm_office365_main(wm_office365* office365_config) { #endif } } else { - mtinfo(WM_OFFICE365_LOGTAG, "Module Office365 disabled."); + LogInfo(WM_OFFICE365_LOGTAG, "Module Office365 disabled."); } #ifdef WIN32 @@ -163,7 +163,7 @@ void * wm_office365_main(wm_office365* office365_config) { } void wm_office365_destroy(wm_office365* office365_config) { - mtinfo(WM_OFFICE365_LOGTAG, "Module Office365 finished."); + LogInfo(WM_OFFICE365_LOGTAG, "Module Office365 finished."); wm_office365_auth_destroy(office365_config->auth); wm_office365_subscription_destroy(office365_config->subscription); wm_office365_fail_destroy(office365_config->fails); @@ -317,7 +317,7 @@ STATIC void wm_office365_execute_scan(wm_office365* office365_config, int initia { next_auth = current_auth->next; - mtdebug1(WM_OFFICE365_LOGTAG, "Scanning tenant: '%s'", current_auth->tenant_id); + LogDebug(WM_OFFICE365_LOGTAG, "Scanning tenant: '%s'", current_auth->tenant_id); // Get access token if (!initial_scan || !office365_config->only_future_events) { @@ -329,7 +329,7 @@ STATIC void wm_office365_execute_scan(wm_office365* office365_config, int initia } else { if (tenant_fail = wm_office365_get_fail_by_tenant_and_subscription(office365_config->fails, current_auth->tenant_id, NULL), tenant_fail && tenant_fail->fails) { - mtinfo(WM_OFFICE365_LOGTAG, "Office365 tenant '%s', connected successfully.", current_auth->tenant_id); + LogInfo(WM_OFFICE365_LOGTAG, "Office365 tenant '%s', connected successfully.", current_auth->tenant_id); tenant_fail->fails = 0; } } @@ -359,15 +359,15 @@ STATIC void wm_office365_execute_scan(wm_office365* office365_config, int initia (!initial_scan && !tenant_state_struc.last_log_time)) { tenant_state_struc.last_log_time = now; if (wm_state_io(tenant_state_name, WM_IO_WRITE, &tenant_state_struc, sizeof(tenant_state_struc)) < 0) { - mterror(WM_OFFICE365_LOGTAG, "Couldn't save running state."); - } - else if (isDebug()) { - memset(start_time_str, '\0', 80); - gmtime_r(&now, &tm_aux); - strftime(start_time_str, sizeof(start_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_aux); - mtdebug1(WM_OFFICE365_LOGTAG, "Bookmark updated to '%s' for tenant '%s' and subscription '%s', waiting '%ld' seconds to run first scan.", - start_time_str, current_auth->tenant_id, current_subscription->subscription_name, office365_config->interval); + LogError(WM_OFFICE365_LOGTAG, "Couldn't save running state."); } + // else if (isDebug()) { + // memset(start_time_str, '\0', 80); + // gmtime_r(&now, &tm_aux); + // strftime(start_time_str, sizeof(start_time_str), "%Y-%m-%dT%H:%M:%SZ", &tm_aux); + // LogDebug(WM_OFFICE365_LOGTAG, "Bookmark updated to '%s' for tenant '%s' and subscription '%s', waiting '%ld' seconds to run first scan.", + // start_time_str, current_auth->tenant_id, current_subscription->subscription_name, office365_config->interval); + // } current_subscription = next_subscription; continue; } @@ -445,11 +445,11 @@ STATIC void wm_office365_execute_scan(wm_office365* office365_config, int initia payload = cJSON_PrintUnformatted(office365); - mtdebug2(WM_OFFICE365_LOGTAG, "Sending Office365 log: '%s'", payload); + LogDebug(WM_OFFICE365_LOGTAG, "Sending Office365 log: '%s'", payload); if (wm_sendmsg(WM_OFFICE365_MSG_DELAY, office365_config->queue_fd, payload, WM_OFFICE365_CONTEXT.name, LOCALFILE_MQ) < 0) { - mterror(WM_OFFICE365_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_OFFICE365_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } os_free(payload); @@ -493,10 +493,10 @@ STATIC void wm_office365_execute_scan(wm_office365* office365_config, int initia } else { tenant_state_struc.last_log_time = end_time; if (wm_state_io(tenant_state_name, WM_IO_WRITE, &tenant_state_struc, sizeof(tenant_state_struc)) < 0) { - mterror(WM_OFFICE365_LOGTAG, "Couldn't save running state."); + LogError(WM_OFFICE365_LOGTAG, "Couldn't save running state."); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Bookmark updated to '%s' for tenant '%s' and subscription '%s', waiting '%ld' seconds to run next scan.", + LogDebug(WM_OFFICE365_LOGTAG, "Bookmark updated to '%s' for tenant '%s' and subscription '%s', waiting '%ld' seconds to run next scan.", end_time_str, current_auth->tenant_id, current_subscription->subscription_name, office365_config->interval); } @@ -551,7 +551,7 @@ STATIC char* wm_office365_get_access_token(wm_office365_auth* auth, size_t max_s memset(url, '\0', OS_SIZE_8192); snprintf(url, OS_SIZE_8192 -1, WM_OFFICE365_API_ACCESS_TOKEN_URL, auth->login_fqdn, auth->tenant_id); - mtdebug1(WM_OFFICE365_LOGTAG, "Office 365 API access token URL: '%s'", url); + LogDebug(WM_OFFICE365_LOGTAG, "Office 365 API access token URL: '%s'", url); char auth_header[OS_SIZE_8192]; snprintf(auth_header, OS_SIZE_8192 -1, "Content-Type: application/x-www-form-urlencoded"); @@ -566,7 +566,7 @@ STATIC char* wm_office365_get_access_token(wm_office365_auth* auth, size_t max_s cJSON *response_json = NULL; if (response->max_size_reached) { - mtdebug1(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); + LogDebug(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); } else if (response_json = cJSON_Parse(response->body), response_json) { cJSON *access_token_json = cJSON_GetObjectItem(response_json, "access_token"); @@ -574,15 +574,15 @@ STATIC char* wm_office365_get_access_token(wm_office365_auth* auth, size_t max_s os_strdup(access_token_json->valuestring, access_token); } else { os_strdup(response->body, *error_msg); - mtdebug1(WM_OFFICE365_LOGTAG, "Error while getting access token: '%s'", response->body); + LogDebug(WM_OFFICE365_LOGTAG, "Error while getting access token: '%s'", response->body); } cJSON_Delete(response_json); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Error while parsing access token JSON response."); + LogDebug(WM_OFFICE365_LOGTAG, "Error while parsing access token JSON response."); } wurl_free_response(response); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Unknown error while getting access token."); + LogDebug(WM_OFFICE365_LOGTAG, "Unknown error while getting access token."); } os_free(headers); @@ -603,7 +603,7 @@ STATIC int wm_office365_manage_subscription(wm_office365_subscription* subscript snprintf(url, OS_SIZE_8192 -1, WM_OFFICE365_API_SUBSCRIPTION_URL, management_fqdn, client_id, WM_OFFICE365_API_SUBSCRIPTION_STOP, subscription->subscription_name); } - mtdebug1(WM_OFFICE365_LOGTAG, "Office 365 API subscription URL: '%s'", url); + LogDebug(WM_OFFICE365_LOGTAG, "Office 365 API subscription URL: '%s'", url); char auth_header1[OS_SIZE_8192]; snprintf(auth_header1, OS_SIZE_8192 -1, "Content-Type: application/json"); @@ -622,7 +622,7 @@ STATIC int wm_office365_manage_subscription(wm_office365_subscription* subscript cJSON *response_json = NULL; if (response->max_size_reached) { - mtdebug1(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); + LogDebug(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); } else if (response_json = cJSON_Parse(response->body), response_json) { cJSON *code_json = cJSON_GetObjectItem(cJSON_GetObjectItem(response_json, "error"), "code"); @@ -632,15 +632,15 @@ STATIC int wm_office365_manage_subscription(wm_office365_subscription* subscript ret_value = OS_SUCCESS; } else { os_strdup(response->body, *error_msg); - mtdebug1(WM_OFFICE365_LOGTAG, "Error while managing subscription: '%s'", response->body); + LogDebug(WM_OFFICE365_LOGTAG, "Error while managing subscription: '%s'", response->body); } cJSON_Delete(response_json); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Error while parsing managing subscription JSON response."); + LogDebug(WM_OFFICE365_LOGTAG, "Error while parsing managing subscription JSON response."); } wurl_free_response(response); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Unknown error while managing subscription."); + LogDebug(WM_OFFICE365_LOGTAG, "Unknown error while managing subscription."); } os_free(headers); @@ -653,7 +653,7 @@ STATIC cJSON* wm_office365_get_content_blobs(const char* url, const char* token, curl_response *response; cJSON *blobs_array = NULL; - mtdebug1(WM_OFFICE365_LOGTAG, "Office 365 API content blobs URL: '%s'", url); + LogDebug(WM_OFFICE365_LOGTAG, "Office 365 API content blobs URL: '%s'", url); char auth_header1[OS_SIZE_8192]; snprintf(auth_header1, OS_SIZE_8192 -1, "Content-Type: application/json"); @@ -673,7 +673,7 @@ STATIC cJSON* wm_office365_get_content_blobs(const char* url, const char* token, if (response->max_size_reached) { *buffer_size_reached = true; - mtdebug1(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); + LogDebug(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); } else if (response_json = cJSON_Parse(response->body), response_json) { cJSON *code_json = cJSON_GetObjectItem(cJSON_GetObjectItem(response_json, "error"), "code"); @@ -689,15 +689,15 @@ STATIC cJSON* wm_office365_get_content_blobs(const char* url, const char* token, blobs_array = cJSON_CreateArray(); } else { os_strdup(response->body, *error_msg); - mtdebug1(WM_OFFICE365_LOGTAG, "Error while getting content blobs: '%s'", response->body); + LogDebug(WM_OFFICE365_LOGTAG, "Error while getting content blobs: '%s'", response->body); } cJSON_Delete(response_json); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Error while parsing content blobs JSON response."); + LogDebug(WM_OFFICE365_LOGTAG, "Error while parsing content blobs JSON response."); } wurl_free_response(response); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Unknown error while getting content blobs."); + LogDebug(WM_OFFICE365_LOGTAG, "Unknown error while getting content blobs."); } os_free(headers); @@ -710,7 +710,7 @@ STATIC cJSON* wm_office365_get_logs_from_blob(const char* url, const char* token curl_response *response; cJSON *logs_array = NULL; - mtdebug1(WM_OFFICE365_LOGTAG, "Office 365 API content URI: '%s'", url); + LogDebug(WM_OFFICE365_LOGTAG, "Office 365 API content URI: '%s'", url); char auth_header1[OS_SIZE_8192]; snprintf(auth_header1, OS_SIZE_8192 -1, "Content-Type: application/json"); @@ -730,21 +730,21 @@ STATIC cJSON* wm_office365_get_logs_from_blob(const char* url, const char* token if (response->max_size_reached) { *buffer_size_reached = true; - mtdebug1(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); + LogDebug(WM_OFFICE365_LOGTAG, "Libcurl error, reached maximum response size."); } else if (response_json = cJSON_Parse(response->body), response_json) { if ((response->status_code == 200) && (response_json->type == cJSON_Array)) { logs_array = cJSON_Duplicate(response_json, true); } else { os_strdup(response->body, *error_msg); - mtdebug1(WM_OFFICE365_LOGTAG, "Error while getting logs from blob: '%s'", response->body); + LogDebug(WM_OFFICE365_LOGTAG, "Error while getting logs from blob: '%s'", response->body); } cJSON_Delete(response_json); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Error while parsing logs from blob JSON response."); + LogDebug(WM_OFFICE365_LOGTAG, "Error while parsing logs from blob JSON response."); } wurl_free_response(response); } else { - mtdebug1(WM_OFFICE365_LOGTAG, "Unknown error while getting logs from blob."); + LogDebug(WM_OFFICE365_LOGTAG, "Unknown error while getting logs from blob."); } os_free(headers); @@ -828,10 +828,10 @@ STATIC void wm_office365_scan_failure_action(wm_office365_fail** current_fails, payload = cJSON_PrintUnformatted(fail_office365); - mtwarn(WM_OFFICE365_LOGTAG, "Sending Office365 internal message: '%s'", payload); + LogWarn(WM_OFFICE365_LOGTAG, "Sending Office365 internal message: '%s'", payload); if (wm_sendmsg(WM_OFFICE365_MSG_DELAY, queue_fd, payload, WM_OFFICE365_CONTEXT.name, LOCALFILE_MQ) < 0) { - mterror(WM_OFFICE365_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_OFFICE365_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } os_free(payload); diff --git a/src/modules/office365/tests/integration/test_configuration/data/configuration_templates/config_invalid_configuration.yaml b/src/modules/office365/tests/integration/test_configuration/data/configuration_templates/config_invalid_configuration.yaml index c396371940..7de21a64d6 100644 --- a/src/modules/office365/tests/integration/test_configuration/data/configuration_templates/config_invalid_configuration.yaml +++ b/src/modules/office365/tests/integration/test_configuration/data/configuration_templates/config_invalid_configuration.yaml @@ -42,4 +42,4 @@ - name: syscollector elements: - disabled: - value: 'yes' \ No newline at end of file + value: 'yes' diff --git a/src/modules/office365/tests/integration/test_configuration/data/test_cases/cases_invalid_configuration.yaml b/src/modules/office365/tests/integration/test_configuration/data/test_cases/cases_invalid_configuration.yaml index 2040eb21ed..53193a1ed3 100644 --- a/src/modules/office365/tests/integration/test_configuration/data/test_cases/cases_invalid_configuration.yaml +++ b/src/modules/office365/tests/integration/test_configuration/data/test_cases/cases_invalid_configuration.yaml @@ -130,4 +130,4 @@ metadata: event_monitor: 'subscription' error_type: 'Empty' - module: 'office365' \ No newline at end of file + module: 'office365' diff --git a/src/modules/osquery/src/wm_osquery_monitor.c b/src/modules/osquery/src/wm_osquery_monitor.c index cffdd5a7ac..f29ee9b447 100644 --- a/src/modules/osquery/src/wm_osquery_monitor.c +++ b/src/modules/osquery/src/wm_osquery_monitor.c @@ -31,11 +31,11 @@ #undef mdebug1 #undef mdebug2 -#define minfo(msg, ...) _mtinfo(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mwarn(msg, ...) _mtwarn(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define merror(msg, ...) _mterror(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mdebug1(msg, ...) _mtdebug1(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mdebug2(msg, ...) _mtdebug2(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define minfo(msg, ...) LogInfo(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mwarn(msg, ...) LogWarn(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define merror(msg, ...) LogError(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mtdebug1(msg, ...) LogDebug(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mdebug2(msg, ...) LogDebug(WM_OSQUERYMONITOR_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) #ifdef WAZUH_UNIT_TESTING // Remove static qualifier when unit testing @@ -85,7 +85,7 @@ void *Read_Log(wm_osquery_monitor_t * osquery) while (result_log = wfopen(osquery->log_path, "r"), !result_log && active) { i += i < 60; - mwarn("Results file '%s' not available: %s (%d). Retrying in %d sec.", osquery->log_path, strerror(errno), errno, i); + LogWarn("Results file '%s' not available: %s (%d). Retrying in %d sec.", osquery->log_path, strerror(errno), errno, i); sleep(i); } @@ -97,12 +97,12 @@ void *Read_Log(wm_osquery_monitor_t * osquery) break; } - minfo("Following osquery results file '%s'.", osquery->log_path); + LogInfo("Following osquery results file '%s'.", osquery->log_path); // Move to end of the file if (fseek(result_log, 0, SEEK_END) < 0) { - merror(FSEEK_ERROR, osquery->log_path, errno, strerror(errno)); + LogError(FSEEK_ERROR, osquery->log_path, errno, strerror(errno)); fclose(result_log); continue; } @@ -110,7 +110,7 @@ void *Read_Log(wm_osquery_monitor_t * osquery) // Save file inode if (current_inode = get_fp_inode(result_log), current_inode == (wino_t)-1) { - merror("Couldn't get inode of file '%s': %s (%d)", osquery->log_path, strerror(errno), errno); + LogError("Couldn't get inode of file '%s': %s (%d)", osquery->log_path, strerror(errno), errno); fclose(result_log); continue; } @@ -158,10 +158,10 @@ void *Read_Log(wm_osquery_monitor_t * osquery) } payload = cJSON_PrintUnformatted(root); - mdebug2("Sending... '%s'", payload); + LogDebug("Sending... '%s'", payload); if (wm_sendmsg(osquery->msg_delay, osquery->queue_fd, payload, "osquery", LOCALFILE_MQ) < 0) { - mterror(WM_OSQUERYMONITOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_OSQUERYMONITOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } free(payload); @@ -170,7 +170,7 @@ void *Read_Log(wm_osquery_monitor_t * osquery) static int reported = 0; if (!reported) { - mwarn("Result line not in JSON format: '%64s'...", line); + LogWarn("Result line not in JSON format: '%64s'...", line); reported = 1; } } @@ -181,9 +181,9 @@ void *Read_Log(wm_osquery_monitor_t * osquery) switch (wm_osquery_check_logfile(osquery->log_path, result_log)) { case -1: if (errno == ENOENT) { - minfo("Results file '%s' was deleted.", osquery->log_path); + LogInfo("Results file '%s' was deleted.", osquery->log_path); } else { - mwarn("Couldn't access results file '%s': %s (%d)", osquery->log_path, strerror(errno), errno); + LogWarn("Couldn't access results file '%s': %s (%d)", osquery->log_path, strerror(errno), errno); } goto endloop; @@ -192,16 +192,16 @@ void *Read_Log(wm_osquery_monitor_t * osquery) sleep(1); break; case 1: - minfo("Results file '%s' truncated. Reloading.", osquery->log_path); + LogInfo("Results file '%s' truncated. Reloading.", osquery->log_path); if (fseek(result_log, 0, SEEK_SET) < 0) { - merror(FSEEK_ERROR, osquery->log_path, errno, strerror(errno)); + LogError(FSEEK_ERROR, osquery->log_path, errno, strerror(errno)); goto endloop; } break; case 2: - minfo("Results file '%s' rotated. Reloading.", osquery->log_path); + LogInfo("Results file '%s' rotated. Reloading.", osquery->log_path); goto endloop; } } @@ -287,7 +287,7 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) snprintf(osqueryd_path, sizeof(osqueryd_path), "%s/" OSQUERYD_BIN, osquery->bin_path); } - mdebug1("Launching '%s' with config file '%s'", osqueryd_path, osquery->config_path); + LogDebug("Launching '%s' with config file '%s'", osqueryd_path, osquery->config_path); #ifdef WIN32 snprintf(config_path, sizeof(config_path), "--config_path=\"%s\"", osquery->config_path); @@ -308,7 +308,7 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) // Check that the configuration file is valid if (access(osquery->config_path, R_OK) < 0) { - mwarn("The configuration file '%s' is not accessible: %s (%d)", osquery->config_path, strerror(errno), errno); + LogWarn("The configuration file '%s' is not accessible: %s (%d)", osquery->config_path, strerror(errno), errno); sleep(600); continue; } @@ -316,7 +316,7 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) // Run osquery if (wfd = wpopenl(osqueryd_path, W_BIND_STDERR, osqueryd_path, config_path, NULL), !wfd) { - mwarn("Couldn't execute osquery (%s). Sleeping for 10 minutes.", osqueryd_path); + LogWarn("Couldn't execute osquery (%s). Sleeping for 10 minutes.", osqueryd_path); sleep(600); continue; } @@ -346,9 +346,9 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) // Parse most common osquery errors if (strstr(text, "[Ref #1382]")) { - mwarn("osqueryd has unsafe permissions."); + LogWarn("osqueryd has unsafe permissions."); } else if (strstr(text, "[Ref #1629]")) { - mwarn("osqueryd initialize failed: Could not initialize database."); + LogWarn("osqueryd initialize failed: Could not initialize database."); } else if (end = wm_osquery_already_running(text), end) { os_free(strpid); strpid = end; @@ -363,17 +363,17 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) switch (text[0]) { case 'E': case 'W': - mwarn("%s", text); + LogWarn("%s", text); break; default: - mdebug2("%s", text); + LogDebug("%s", text); } } // Report to manager if (wm_sendmsg(osquery->msg_delay, osquery->queue_fd, text, "osquery", LOCALFILE_MQ) < 0) { - mterror(WM_OSQUERYMONITOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_OSQUERYMONITOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } } } @@ -392,24 +392,24 @@ void *Execute_Osquery(wm_osquery_monitor_t *osquery) if (wstatus == 127) { // 127 means error in exec - merror("Couldn't execute osquery (%s). Check file and permissions. Sleeping for 10 minutes.", osqueryd_path); + LogError("Couldn't execute osquery (%s). Check file and permissions. Sleeping for 10 minutes.", osqueryd_path); sleep(600); } else if (strpid) { // Osquery is already running. if (running_count == 1) { - minfo("osqueryd is already running with pid %s. Will run again in 1 minute.", strpid); + LogInfo("osqueryd is already running with pid %s. Will run again in 1 minute.", strpid); sleep(60); } else { - minfo("osqueryd is already running with pid %s. Will run again in 10 minutes.", strpid); + LogInfo("osqueryd is already running with pid %s. Will run again in 10 minutes.", strpid); sleep(600); } } else if (time(NULL) - time_started < 10) { // If osquery was alive less than 10 seconds, give up - merror("Osquery exited with code %d. Closing module.", wstatus); + LogError("Osquery exited with code %d. Closing module.", wstatus); active = 0; break; } else { - mwarn("Osquery exited with code %d. Restarting.", wstatus); + LogWarn("Osquery exited with code %d. Restarting.", wstatus); } } @@ -475,9 +475,9 @@ int wm_osquery_decorators(wm_osquery_monitor_t * osquery) if (root = json_fread(osquery->config_path, 1), !root) { if (errno) { - merror("Couldn't load configuration file '%s': %s (%d)", osquery->config_path, strerror(errno), errno); + LogError("Couldn't load configuration file '%s': %s (%d)", osquery->config_path, strerror(errno), errno); } else { - merror("Couldn't load configuration file '%s'. Maybe format is invalid.", osquery->config_path); + LogError("Couldn't load configuration file '%s'. Maybe format is invalid.", osquery->config_path); } goto end; @@ -505,10 +505,10 @@ int wm_osquery_decorators(wm_osquery_monitor_t * osquery) value = wstr_replace(labels[i].value, "'", "''"); if (snprintf(buffer, sizeof(buffer), "SELECT '%s' AS '%s';", value, key) < (int)sizeof(buffer)) { - mdebug2("Adding decorator: %s", buffer); + LogDebug("Adding decorator: %s", buffer); cJSON_AddItemToArray(always, cJSON_CreateString(buffer)); } else { - mwarn("Label '%s' too long. Couldn't insert decorator.", labels[i].key); + LogWarn("Label '%s' too long. Couldn't insert decorator.", labels[i].key); } free(key); @@ -524,7 +524,7 @@ int wm_osquery_decorators(wm_osquery_monitor_t * osquery) // Write new configuration if (json_fwrite(osquery->config_path, root) < 0) { - merror("Couldn't write JSON content into configuration '%s': %s (%d)", osquery->config_path, strerror(errno), errno); + LogError("Couldn't write JSON content into configuration '%s': %s (%d)", osquery->config_path, strerror(errno), errno); goto end; } @@ -555,9 +555,9 @@ int wm_osquery_packs(wm_osquery_monitor_t *osquery) if (root = json_fread(osquery->config_path, 1), !root) { if (errno) { - merror("Couldn't load configuration file '%s': %s (%d)", osquery->config_path, strerror(errno), errno); + LogError("Couldn't load configuration file '%s': %s (%d)", osquery->config_path, strerror(errno), errno); } else { - merror("Couldn't load configuration file '%s'. Maybe format is invalid.", osquery->config_path); + LogError("Couldn't load configuration file '%s'. Maybe format is invalid.", osquery->config_path); } return -1; @@ -575,11 +575,11 @@ int wm_osquery_packs(wm_osquery_monitor_t *osquery) // Check if the file exists if (access(osquery->packs[i]->path, R_OK) < 0) { - mwarn("Possible invalid configuration: Pack file '%s' is not accessible: %s (%d)", osquery->packs[i]->path, strerror(errno), errno); + LogWarn("Possible invalid configuration: Pack file '%s' is not accessible: %s (%d)", osquery->packs[i]->path, strerror(errno), errno); } } else if (!strchr(osquery->packs[i]->path, '*')) { // If name is "*" but no "*" is in the path, log a warning - mwarn("Possible invalid configuration for pack '*' (%s): no such wildcards.", osquery->packs[i]->path); + LogWarn("Possible invalid configuration for pack '*' (%s): no such wildcards.", osquery->packs[i]->path); } cJSON_AddStringToObject(packs, osquery->packs[i]->name, osquery->packs[i]->path); @@ -594,7 +594,7 @@ int wm_osquery_packs(wm_osquery_monitor_t *osquery) // Write new configuration if (json_fwrite(osquery->config_path, root) < 0) { - merror("Couldn't write JSON content into configuration '%s': %s (%d)", osquery->config_path, strerror(errno), errno); + LogError("Couldn't write JSON content into configuration '%s': %s (%d)", osquery->config_path, strerror(errno), errno); retval = -1; } @@ -612,7 +612,7 @@ void *wm_osquery_monitor_main(wm_osquery_monitor_t *osquery) { pthread_t treader = 0; if (osquery->disable) { - minfo("Module disabled. Exiting..."); + LogInfo("Module disabled. Exiting..."); #ifdef WIN32 return 0; #else @@ -620,7 +620,7 @@ void *wm_osquery_monitor_main(wm_osquery_monitor_t *osquery) { #endif } - minfo("Module started."); + LogInfo("Module started."); osquery->msg_delay = 1000000 / wm_max_eps; #ifndef WIN32 @@ -628,14 +628,14 @@ void *wm_osquery_monitor_main(wm_osquery_monitor_t *osquery) { osquery->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (osquery->queue_fd < 0) { - mterror(WM_OSQUERYMONITOR_LOGTAG, "Can't connect to queue. Closing module."); + LogError(WM_OSQUERYMONITOR_LOGTAG, "Can't connect to queue. Closing module."); return NULL; } #endif if( pthread_create(&treader, NULL, (void *)&Read_Log, osquery) != 0){ - merror("Error while creating Read_Log thread."); + LogError("Error while creating Read_Log thread."); #ifdef WIN32 return 0; #else @@ -655,7 +655,7 @@ void *wm_osquery_monitor_main(wm_osquery_monitor_t *osquery) { } if( pthread_create(&tlauncher, NULL, (void *)&Execute_Osquery, osquery) != 0){ - merror("Error while creating Execute_Osquery thread."); + LogError("Error while creating Execute_Osquery thread."); #ifdef WIN32 return 0; #else @@ -664,12 +664,12 @@ void *wm_osquery_monitor_main(wm_osquery_monitor_t *osquery) { } pthread_join(tlauncher, NULL); } else { - minfo("run_daemon disabled, finding detached osquery process results."); + LogInfo("run_daemon disabled, finding detached osquery process results."); } pthread_join(treader, NULL); - minfo("Closing module."); + LogInfo("Closing module."); #ifdef WIN32 return 0; #else diff --git a/src/modules/rootcheck/src/check_rc_dev.c b/src/modules/rootcheck/src/check_rc_dev.c index 5de2160b6d..775694efdf 100644 --- a/src/modules/rootcheck/src/check_rc_dev.c +++ b/src/modules/rootcheck/src/check_rc_dev.c @@ -31,7 +31,7 @@ static int read_dev_file(const char *file_name) /* Process directories recursively */ if (S_ISDIR(statbuf.st_mode)) { - mtdebug2(ARGV0, "Reading dir: %s\n", file_name); + LogDebug(ARGV0, "Reading dir: %s\n", file_name); return (read_dev_dir(file_name)); } @@ -51,7 +51,7 @@ static int read_dev_file(const char *file_name) notify_rk(ALERT_SYSTEM_CRIT, op_msg); } else { - mtdebug2(ARGV0, "Error %d (%s) with snprintf with file %s\n", errno, strerror(errno), file_name); + LogDebug(ARGV0, "Error %d (%s) with snprintf with file %s\n", errno, strerror(errno), file_name); } _dev_errors++; } @@ -96,7 +96,7 @@ static int read_dev_dir(const char *dir_name) }; if (dir_name == NULL || strlen(dir_name) > PATH_MAX) { - mterror(ARGV0, "Invalid directory given."); + LogError(ARGV0, "Invalid directory given."); return (-1); } @@ -160,7 +160,7 @@ void check_rc_dev(const char *basedir) char file_path[OS_SIZE_1024 + 1]; _dev_total = 0, _dev_errors = 0; - mtdebug1(ARGV0, "Starting on check_rc_dev"); + LogDebug(ARGV0, "Starting on check_rc_dev"); snprintf(file_path, OS_SIZE_1024, "%s/dev", basedir); diff --git a/src/modules/rootcheck/src/check_rc_files.c b/src/modules/rootcheck/src/check_rc_files.c index 34fc75d023..aaf8967cc5 100644 --- a/src/modules/rootcheck/src/check_rc_files.c +++ b/src/modules/rootcheck/src/check_rc_files.c @@ -28,7 +28,7 @@ void check_rc_files(const char *basedir, FILE *fp) int _errors = 0; int _total = 0; - mtdebug1(ARGV0, "Starting on check_rc_files"); + LogDebug(ARGV0, "Starting on check_rc_files"); while (fgets(buf, OS_SIZE_1024, fp) != NULL) { char *nbuf; @@ -123,7 +123,7 @@ void check_rc_files(const char *basedir, FILE *fp) if (*file == '*') { /* Maximum number of global files reached */ if (rk_sys_count >= MAX_RK_SYS) { - mterror(ARGV0, MAX_RK_MSG, MAX_RK_SYS); + LogError(ARGV0, MAX_RK_MSG, MAX_RK_SYS); } else { @@ -138,7 +138,7 @@ void check_rc_files(const char *basedir, FILE *fp) if (!rk_sys_name[rk_sys_count] || !rk_sys_file[rk_sys_count] ) { - mterror(ARGV0, MEM_ERROR, errno, strerror(errno)); + LogError(ARGV0, MEM_ERROR, errno, strerror(errno)); if (rk_sys_file[rk_sys_count]) { free(rk_sys_file[rk_sys_count]); @@ -172,7 +172,7 @@ void check_rc_files(const char *basedir, FILE *fp) } if (bytes_written < 0 || (size_t)bytes_written > (sizeof(file_path) - 1)) { - mtdebug2(ARGV0, "Path file was truncated (%s)\n", file_path); + LogDebug(ARGV0, "Path file was truncated (%s)\n", file_path); continue; } @@ -207,7 +207,7 @@ void check_rc_files(const char *basedir, FILE *fp) notify_rk(ALERT_ROOTKIT_FOUND, op_msg); } else { - mtdebug2(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_path); + LogDebug(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_path); } _errors = 1; diff --git a/src/modules/rootcheck/src/check_rc_if.c b/src/modules/rootcheck/src/check_rc_if.c index 83fcaec2c4..f6fe05e2b5 100644 --- a/src/modules/rootcheck/src/check_rc_if.c +++ b/src/modules/rootcheck/src/check_rc_if.c @@ -25,7 +25,7 @@ #include #endif -#include "headers/debug_op.h" +// #include "headers/debug_op.h" #include "headers/defs.h" #include "rootcheck.h" @@ -64,7 +64,7 @@ void check_rc_if() _fd = socket(AF_INET, SOCK_DGRAM, 0); if (_fd < 0) { - mterror(ARGV0, "Error checking interfaces (socket)"); + LogError(ARGV0, "Error checking interfaces (socket)"); return; } @@ -74,7 +74,7 @@ void check_rc_if() if (ioctl(_fd, SIOCGIFCONF, &_if) < 0) { close(_fd); - mterror(ARGV0, "Error checking interfaces (ioctl)"); + LogError(ARGV0, "Error checking interfaces (ioctl)"); return; } diff --git a/src/modules/rootcheck/src/check_rc_pids.c b/src/modules/rootcheck/src/check_rc_pids.c index 33f3e8a656..67a95fb10b 100644 --- a/src/modules/rootcheck/src/check_rc_pids.c +++ b/src/modules/rootcheck/src/check_rc_pids.c @@ -47,13 +47,13 @@ static int proc_opendir(int pid) if (noproc) { return (0); } - + dp = opendir("/proc"); if (!dp) { return 0; } closedir(dp); - + snprintf(dir, OS_SIZE_1024, "/proc/%d", pid); dp = opendir(dir); if (!dp) { diff --git a/src/modules/rootcheck/src/check_rc_policy.c b/src/modules/rootcheck/src/check_rc_policy.c index 92ebe1d253..6955d75639 100644 --- a/src/modules/rootcheck/src/check_rc_policy.c +++ b/src/modules/rootcheck/src/check_rc_policy.c @@ -17,7 +17,7 @@ */ void check_rc_unixaudit(FILE *fp, OSList *p_list) { - mtdebug1(ARGV0, "Starting on check_rc_unixaudit"); + LogDebug(ARGV0, "Starting on check_rc_unixaudit"); rkcl_get_entry(fp, "System Audit:", p_list); } @@ -26,7 +26,7 @@ void check_rc_unixaudit(FILE *fp, OSList *p_list) */ void check_rc_winaudit(FILE *fp, OSList *p_list) { - mtdebug1(ARGV0, "Starting on check_rc_winaudit"); + LogDebug(ARGV0, "Starting on check_rc_winaudit"); rkcl_get_entry(fp, "Windows Audit:", p_list); } @@ -35,7 +35,7 @@ void check_rc_winaudit(FILE *fp, OSList *p_list) */ void check_rc_winmalware(FILE *fp, OSList *p_list) { - mtdebug1(ARGV0, "Starting on check_rc_winmalware"); + LogDebug(ARGV0, "Starting on check_rc_winmalware"); rkcl_get_entry(fp, "Windows Malware:", p_list); } @@ -44,6 +44,6 @@ void check_rc_winmalware(FILE *fp, OSList *p_list) */ void check_rc_winapps(FILE *fp, OSList *p_list) { - mtdebug1(ARGV0, "Starting on check_rc_winapps"); + LogDebug(ARGV0, "Starting on check_rc_winapps"); rkcl_get_entry(fp, "Application Found:", p_list); } diff --git a/src/modules/rootcheck/src/check_rc_ports.c b/src/modules/rootcheck/src/check_rc_ports.c index 75d94a6f9c..eccfd6bd7c 100644 --- a/src/modules/rootcheck/src/check_rc_ports.c +++ b/src/modules/rootcheck/src/check_rc_ports.c @@ -37,7 +37,7 @@ static int run_netstat(int proto, int port) } else if (proto == IPPROTO_UDP) { snprintf(nt, OS_SIZE_1024, NETSTAT, "udp", port); } else { - mterror(ARGV0, "Netstat error (wrong protocol)"); + LogError(ARGV0, "Netstat error (wrong protocol)"); return (0); } diff --git a/src/modules/rootcheck/src/check_rc_readproc.c b/src/modules/rootcheck/src/check_rc_readproc.c index 8febcd6172..d44f68c029 100644 --- a/src/modules/rootcheck/src/check_rc_readproc.c +++ b/src/modules/rootcheck/src/check_rc_readproc.c @@ -47,7 +47,7 @@ int read_proc_dir(const char *dir_name, const char *pid, int position) struct dirent *entry = NULL; if ((dir_name == NULL) || (strlen(dir_name) > PATH_MAX)) { - mterror(ARGV0, "Invalid directory given"); + LogError(ARGV0, "Invalid directory given"); return (-1); } diff --git a/src/modules/rootcheck/src/check_rc_sys.c b/src/modules/rootcheck/src/check_rc_sys.c index 6009732626..305f4cf4f1 100644 --- a/src/modules/rootcheck/src/check_rc_sys.c +++ b/src/modules/rootcheck/src/check_rc_sys.c @@ -51,7 +51,7 @@ static int read_sys_file(const char *file_name, int do_read) notify_rk(ALERT_ROOTKIT_FOUND, op_msg); } else { - mtdebug2(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); + LogDebug(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); } _sys_errors++; @@ -116,7 +116,7 @@ static int read_sys_file(const char *file_name, int do_read) notify_rk(ALERT_ROOTKIT_FOUND, op_msg); } else { - mtdebug2(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); + LogDebug(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); } _sys_errors++; @@ -156,7 +156,7 @@ static int read_sys_file(const char *file_name, int do_read) notify_rk(ALERT_SYSTEM_CRIT, op_msg); } else { - mtdebug2(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); + LogDebug(ARGV0, "Error %d (%s) with snprintf with file %s", errno, strerror(errno), file_name); } _sys_errors++; @@ -189,7 +189,7 @@ static int read_sys_dir(const char *dir_name, int do_read) #endif if ((dir_name == NULL) || (strlen(dir_name) > PATH_MAX)) { - mterror(ARGV0, "Invalid directory given."); + LogError(ARGV0, "Invalid directory given."); return (-1); } @@ -372,7 +372,7 @@ void check_rc_sys(const char *basedir) char file_path[OS_SIZE_1024 + 1]; char dir_path[OS_SIZE_1024 + 1]; - mtdebug1(ARGV0, "Starting on check_rc_sys"); + LogDebug(ARGV0, "Starting on check_rc_sys"); _sys_errors = 0; _sys_total = 0; diff --git a/src/modules/rootcheck/src/check_rc_trojans.c b/src/modules/rootcheck/src/check_rc_trojans.c index e7c24bebee..6c8120a1c5 100644 --- a/src/modules/rootcheck/src/check_rc_trojans.c +++ b/src/modules/rootcheck/src/check_rc_trojans.c @@ -29,7 +29,7 @@ void check_rc_trojans(const char *basedir, FILE *fp) const char *(all_paths[]) = {"Windows\\", NULL}; #endif - mtdebug1(ARGV0, "Starting on check_rc_trojans"); + LogDebug(ARGV0, "Starting on check_rc_trojans"); while (fgets(buf, OS_SIZE_1024, fp) != NULL) { char *nbuf; diff --git a/src/modules/rootcheck/src/common.c b/src/modules/rootcheck/src/common.c index 0e67c350ca..d479b50527 100644 --- a/src/modules/rootcheck/src/common.c +++ b/src/modules/rootcheck/src/common.c @@ -133,11 +133,11 @@ int rk_check_file(char *file, char *pattern) } else { full_negate = pt_check_negate(pattern); /* Check for content in the file */ - mtdebug2(ARGV0, "Checking file: %s", file); + LogDebug(ARGV0, "Checking file: %s", file); fp = wfopen(file, "r"); if (fp) { - mtdebug2(ARGV0, "Starting new file: %s", file); + LogDebug(ARGV0, "Starting new file: %s", file); buf[OS_SIZE_2048] = '\0'; while (fgets(buf, OS_SIZE_2048, fp) != NULL) { char *nbuf; @@ -156,11 +156,11 @@ int rk_check_file(char *file, char *pattern) #endif /* Matched */ pt_result = pt_matches(buf, pattern); - mtdebug2(ARGV0, "Buf == \"%s\"", buf); - mtdebug2(ARGV0, "Pattern == \"%s\"", pattern); - mtdebug2(ARGV0, "pt_result == %d and full_negate == %d", pt_result, full_negate); + LogDebug(ARGV0, "Buf == \"%s\"", buf); + LogDebug(ARGV0, "Pattern == \"%s\"", pattern); + LogDebug(ARGV0, "pt_result == %d and full_negate == %d", pt_result, full_negate); if ((pt_result == 1 && full_negate == 0) ) { - mtdebug1(ARGV0, "Alerting file %s on line %s", file, buf); + LogDebug(ARGV0, "Alerting file %s on line %s", file, buf); int i = 0; char _b_msg[OS_SIZE_1024 + 1]; @@ -191,7 +191,7 @@ int rk_check_file(char *file, char *pattern) * break out of loop and make sure the full negate does * not alert. */ - mtdebug2(ARGV0, "Found a complete match for full_negate"); + LogDebug(ARGV0, "Found a complete match for full_negate"); full_negate = 0; break; } @@ -200,7 +200,7 @@ int rk_check_file(char *file, char *pattern) fclose(fp); if (full_negate == 1) { - mtdebug2(ARGV0, "Full_negate alerting - file %s", file); + LogDebug(ARGV0, "Full_negate alerting - file %s", file); int i = 0; char _b_msg[OS_SIZE_1024 + 1]; @@ -267,7 +267,7 @@ int pt_check_negate(const char *pattern) tmp_pattern = tmp_pt; } - mtdebug2(ARGV0, "Pattern: %s is fill_negate", pattern); + LogDebug(ARGV0, "Pattern: %s is fill_negate", pattern); free(mypattern); return (1); } @@ -323,7 +323,7 @@ int pt_matches(const char *str, char *pattern) } else if (strncasecmp(pattern, "r:", 2) == 0) { pattern += 2; if (OS_Regex(pattern, str)) { - mtdebug2(ARGV0, "Pattern: %s matches %s.", pattern, str); + LogDebug(ARGV0, "Pattern: %s matches %s.", pattern, str); ret_code = 1; } } else if (strncasecmp(pattern, "<:", 2) == 0) { @@ -451,7 +451,7 @@ int is_file(char *file_name) DIR *dp = NULL; if (!file_name) { - mtdebug2(ARGV0, "RK: Invalid file name: NULL!"); + LogDebug(ARGV0, "RK: Invalid file name: NULL!"); return ret; } diff --git a/src/modules/rootcheck/src/common_rcl.c b/src/modules/rootcheck/src/common_rcl.c index 97f929cd4f..55abe346ab 100644 --- a/src/modules/rootcheck/src/common_rcl.c +++ b/src/modules/rootcheck/src/common_rcl.c @@ -286,7 +286,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Get Windows rootdir */ _rkcl_getrootdir(root_dir, sizeof(root_dir)); if (root_dir[0] == '\0') { - mterror(ARGV0, INVALID_ROOTDIR); + LogError(ARGV0, INVALID_ROOTDIR); } #endif /* Get variables */ @@ -304,7 +304,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) if (rc_code == 0) { break; } else if (rc_code == -1) { - mterror(ARGV0, INVALID_RKCL_VAR, nbuf); + LogError(ARGV0, INVALID_RKCL_VAR, nbuf); goto clean_return; } } @@ -312,7 +312,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Get first name */ name = _rkcl_get_name(nbuf, ref, &condition); if (name == NULL || condition == RKCL_COND_INV) { - mterror(ARGV0, INVALID_RKCL_NAME, nbuf); + LogError(ARGV0, INVALID_RKCL_NAME, nbuf); goto clean_return; } @@ -321,7 +321,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) int g_found = 0; int not_found = 0; - mtdebug2(ARGV0, "Checking entry: '%s'.", name); + LogDebug(ARGV0, "Checking entry: '%s'.", name); /* Get each value */ do { @@ -342,7 +342,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Get value to look for */ value = _rkcl_get_value(nbuf, &type); if (value == NULL) { - mterror(ARGV0, INVALID_RKCL_VALUE, nbuf); + LogError(ARGV0, INVALID_RKCL_VALUE, nbuf); goto clean_return; } @@ -365,7 +365,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) if (value[0] == '$') { f_value = (char *) OSStore_Get(vars, value); if (!f_value) { - mterror(ARGV0, INVALID_RKCL_VAR, value); + LogError(ARGV0, INVALID_RKCL_VAR, value); continue; } } @@ -388,9 +388,9 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) } #endif - mtdebug2(ARGV0, "Checking file: '%s'.", f_value); + LogDebug(ARGV0, "Checking file: '%s'.", f_value); if (rk_check_file(f_value, pattern)) { - mtdebug2(ARGV0, "Found file."); + LogDebug(ARGV0, "Found file."); found = 1; } } @@ -409,9 +409,9 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) pattern = _rkcl_get_pattern(entry); } - mtdebug2(ARGV0, "Checking registry: '%s'.", value); + LogDebug(ARGV0, "Checking registry: '%s'.", value); if (is_registry(value, entry, pattern)) { - mtdebug2(ARGV0, "Found registry."); + LogDebug(ARGV0, "Found registry."); found = 1; } @@ -426,7 +426,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) file = _rkcl_get_pattern(value); if (!file) { - mterror(ARGV0, INVALID_RKCL_VAR, value); + LogError(ARGV0, INVALID_RKCL_VAR, value); continue; } @@ -436,7 +436,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) if (value[0] == '$') { f_value = (char *) OSStore_Get(vars, value); if (!f_value) { - mterror(ARGV0, INVALID_RKCL_VAR, value); + LogError(ARGV0, INVALID_RKCL_VAR, value); continue; } } else { @@ -452,17 +452,17 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) while (dir) { - mtdebug2(ARGV0, "Checking dir: %s", dir); + LogDebug(ARGV0, "Checking dir: %s", dir); short is_nfs = IsNFS(dir); if( is_nfs == 1 && rootcheck.skip_nfs ) { - mtdebug1(ARGV0, "rootcheck.skip_nfs enabled and %s is flagged as NFS.", dir); + LogDebug(ARGV0, "rootcheck.skip_nfs enabled and %s is flagged as NFS.", dir); } else { - mtdebug2(ARGV0, "%s => is_nfs=%d, skip_nfs=%d", dir, is_nfs, rootcheck.skip_nfs); + LogDebug(ARGV0, "%s => is_nfs=%d, skip_nfs=%d", dir, is_nfs, rootcheck.skip_nfs); if (rk_check_dir(dir, file, pattern)) { - mtdebug2(ARGV0, "Found dir."); + LogDebug(ARGV0, "Found dir."); found = 1; } } @@ -485,9 +485,9 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Check for a process */ else if (type == RKCL_TYPE_PROCESS) { - mtdebug2(ARGV0, "Checking process: '%s'.", value); + LogDebug(ARGV0, "Checking process: '%s'.", value); if (is_process(value, p_list)) { - mtdebug2(ARGV0, "Found process."); + LogDebug(ARGV0, "Found process."); found = 1; } } @@ -503,21 +503,21 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Check the conditions */ if (condition & RKCL_COND_ANY) { - mtdebug2(ARGV0, "Condition ANY."); + LogDebug(ARGV0, "Condition ANY."); if (found) { g_found = 1; } } else if (condition & RKCL_COND_NON) { - mtdebug2(ARGV0, "Condition NON."); + LogDebug(ARGV0, "Condition NON."); if (!found && (not_found != -1)) { - mtdebug2(ARGV0, "Condition NON setze not_found=1."); + LogDebug(ARGV0, "Condition NON setze not_found=1."); not_found = 1; } else { not_found = -1; } } else { /* Condition for ALL */ - mtdebug2(ARGV0, "Condition ALL."); + LogDebug(ARGV0, "Condition ALL."); if (found && (g_found != -1)) { g_found = 1; } else { @@ -591,7 +591,7 @@ int rkcl_get_entry(FILE *fp, const char *msg, OSList *p_list) /* Get name already read */ name = _rkcl_get_name(nbuf, ref, &condition); if (!name) { - mterror(ARGV0, INVALID_RKCL_NAME, nbuf); + LogError(ARGV0, INVALID_RKCL_NAME, nbuf); goto clean_return; } } while (nbuf != NULL); diff --git a/src/modules/rootcheck/src/os_string.c b/src/modules/rootcheck/src/os_string.c index 9c1b3805e3..d5f3e36afa 100644 --- a/src/modules/rootcheck/src/os_string.c +++ b/src/modules/rootcheck/src/os_string.c @@ -116,7 +116,7 @@ struct exec { #endif /* N_TXTOFF */ #include "headers/defs.h" -#include "headers/debug_op.h" +// #include "headers/debug_op.h" #include "headers/regex_op.h" #include "error_messages/error_messages.h" @@ -164,7 +164,7 @@ int os_string(char *file, char *regex) /* Allocate the buffer */ bfr = (unsigned char *) calloc(STR_MINLEN + 2, sizeof(unsigned char)); if (!bfr) { - mterror(ARGV0, MEM_ERROR, errno, strerror(errno)); + LogError(ARGV0, MEM_ERROR, errno, strerror(errno)); return (0); } diff --git a/src/modules/rootcheck/src/rootcheck.c b/src/modules/rootcheck/src/rootcheck.c index fd0db1c8bf..e6496cfcf2 100644 --- a/src/modules/rootcheck/src/rootcheck.c +++ b/src/modules/rootcheck/src/rootcheck.c @@ -79,25 +79,25 @@ int rootcheck_init(int test_config) /* Check if the configuration is present */ if (File_DateofChange(cfg) < 0) { - mterror(ARGV0, "Configuration file '%s' not found", cfg); + LogError(ARGV0, "Configuration file '%s' not found", cfg); return (-1); } /* Read configuration --function specified twice (check makefile) */ if (Read_Rootcheck_Config(cfg) < 0) { - mwarn(RCONFIG_ERROR, ARGV0, cfg); + LogWarn(RCONFIG_ERROR, ARGV0, cfg); return (1); } #ifndef WIN32 if(rootcheck.checks.rc_unixaudit && !test_config) { - mwarn("The check_unixaudit option is deprecated in favor of the SCA module."); + LogWarn("The check_unixaudit option is deprecated in favor of the SCA module."); } #endif #ifdef WIN32 if(rootcheck.checks.rc_winaudit && !test_config) { - mwarn("The check_winaudit option is deprecated in favor of the SCA module."); + LogWarn("The check_winaudit option is deprecated in favor of the SCA module."); } #endif @@ -110,27 +110,27 @@ int rootcheck_init(int test_config) /* Return 1 disables rootcheck */ if (rootcheck.disabled == 1) { - mtinfo(ARGV0, "Rootcheck disabled."); + LogInfo(ARGV0, "Rootcheck disabled."); return (1); } #ifndef WIN32 /* Check if Unix audit file is configured */ if (rootcheck.checks.rc_unixaudit && !rootcheck.unixaudit) { - mtferror(ARGV0, "System audit file not configured."); + LogError(ARGV0, "System audit file not configured."); } #endif /* Start up message */ #ifdef WIN32 - mtinfo(ARGV0, STARTUP_MSG, getpid()); + LogInfo(ARGV0, STARTUP_MSG, getpid()); #endif /* WIN32 */ /* Initialize rk list */ rk_sys_name = (char **) calloc(MAX_RK_SYS + 2, sizeof(char *)); rk_sys_file = (char **) calloc(MAX_RK_SYS + 2, sizeof(char *)); if (!rk_sys_name || !rk_sys_file) { - mterror_exit(ARGV0, MEM_ERROR, errno, strerror(errno)); + LogCritical(ARGV0, MEM_ERROR, errno, strerror(errno)); } rk_sys_name[0] = NULL; rk_sys_file[0] = NULL; @@ -142,11 +142,11 @@ void rootcheck_connect() { #ifndef WIN32 /* Connect to the queue if configured to do so */ if (rootcheck.notify == QUEUE) { - mtdebug1(ARGV0, "Starting queue ..."); + LogDebug(ARGV0, "Starting queue ..."); /* Start the queue */ if ((rootcheck.queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - mterror_exit(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); } } #endif @@ -163,7 +163,7 @@ void rootcheck_connect() { for (i = 0; rootcheck.ignore[i] != NULL; i++) { if (rootcheck.ignore_sregex[i]) { if (OSMatch_Execute(path_to_ignore, strlen(path_to_ignore), rootcheck.ignore_sregex[i])) { - mdebug1("'%s' matches the '%s' pattern, so it will be ignored.", path_to_ignore, rootcheck.ignore_sregex[i]->raw); + LogDebug("'%s' matches the '%s' pattern, so it will be ignored.", path_to_ignore, rootcheck.ignore_sregex[i]->raw); return 1; } #ifndef WIN32 @@ -171,7 +171,7 @@ void rootcheck_connect() { #else } else if (!strcasecmp(path_to_ignore, rootcheck.ignore[i])) { #endif - mdebug1("'%s' has been marked as ignored.", path_to_ignore); + LogDebug("'%s' has been marked as ignored.", path_to_ignore); return 1; } } diff --git a/src/modules/rootcheck/src/run_rk_check.c b/src/modules/rootcheck/src/run_rk_check.c index b93b5a9f2e..3e0c4588c5 100644 --- a/src/modules/rootcheck/src/run_rk_check.c +++ b/src/modules/rootcheck/src/run_rk_check.c @@ -39,14 +39,14 @@ int notify_rk(int rk_type, const char *msg) } if (SendMSG(rootcheck.queue, msg, ROOTCHECK, ROOTCHECK_MQ) < 0) { - mterror(ARGV0, QUEUE_SEND); + LogError(ARGV0, QUEUE_SEND); if ((rootcheck.queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - mterror_exit(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); } if (SendMSG(rootcheck.queue, msg, ROOTCHECK, ROOTCHECK_MQ) < 0) { - mterror_exit(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(ARGV0, QUEUE_FATAL, DEFAULTQUEUE); } } @@ -99,7 +99,7 @@ void run_rk_check() /* Send scan start message */ notify_rk(ALERT_POLICY_VIOLATION, "Starting rootcheck scan."); if (rootcheck.notify == QUEUE) { - mtinfo(ARGV0, "Starting rootcheck scan."); + LogInfo(ARGV0, "Starting rootcheck scan."); } /* Check for Rootkits */ @@ -107,12 +107,12 @@ void run_rk_check() if (rootcheck.checks.rc_files) { if (!rootcheck.rootkit_files) { #ifndef WIN32 - mterror(ARGV0, "No rootcheck_files file configured."); + LogError(ARGV0, "No rootcheck_files file configured."); #endif } else { fp = wfopen(rootcheck.rootkit_files, "r"); if (!fp) { - mterror(ARGV0, "No rootcheck_files file: '%s'", rootcheck.rootkit_files); + LogError(ARGV0, "No rootcheck_files file: '%s'", rootcheck.rootkit_files); } else { @@ -126,12 +126,12 @@ void run_rk_check() if (rootcheck.checks.rc_trojans) { if (!rootcheck.rootkit_trojans) { #ifndef WIN32 - mterror(ARGV0, "No rootcheck_trojans file configured."); + LogError(ARGV0, "No rootcheck_trojans file configured."); #endif } else { fp = wfopen(rootcheck.rootkit_trojans, "r"); if (!fp) { - mterror(ARGV0, "No rootcheck_trojans file: '%s'", rootcheck.rootkit_trojans); + LogError(ARGV0, "No rootcheck_trojans file: '%s'", rootcheck.rootkit_trojans); } else { #ifndef HPUX check_rc_trojans(rootcheck.basedir, fp); @@ -148,11 +148,11 @@ void run_rk_check() /* Windows audit check */ if (rootcheck.checks.rc_winaudit) { if (!rootcheck.winaudit) { - mtinfo(ARGV0, "No winaudit file configured."); + LogInfo(ARGV0, "No winaudit file configured."); } else { fp = wfopen(rootcheck.winaudit, "r"); if (!fp) { - mterror(ARGV0, "No winaudit file: '%s'", rootcheck.winaudit); + LogError(ARGV0, "No winaudit file: '%s'", rootcheck.winaudit); } else { check_rc_winaudit(fp, plist); fclose(fp); @@ -163,11 +163,11 @@ void run_rk_check() /* Windows malware */ if (rootcheck.checks.rc_winmalware) { if (!rootcheck.winmalware) { - mtinfo(ARGV0, "No winmalware file configured."); + LogInfo(ARGV0, "No winmalware file configured."); } else { fp = wfopen(rootcheck.winmalware, "r"); if (!fp) { - mterror(ARGV0, "No winmalware file: '%s'", rootcheck.winmalware); + LogError(ARGV0, "No winmalware file: '%s'", rootcheck.winmalware); } else { check_rc_winmalware(fp, plist); fclose(fp); @@ -178,11 +178,11 @@ void run_rk_check() /* Windows Apps */ if (rootcheck.checks.rc_winapps) { if (!rootcheck.winapps) { - mtinfo(ARGV0, "No winapps file configured."); + LogInfo(ARGV0, "No winapps file configured."); } else { fp = wfopen(rootcheck.winapps, "r"); if (!fp) { - mterror(ARGV0, "No winapps file: '%s'", rootcheck.winapps); + LogError(ARGV0, "No winapps file: '%s'", rootcheck.winapps); } else { check_rc_winapps(fp, plist); fclose(fp); @@ -207,7 +207,7 @@ void run_rk_check() while (rootcheck.unixaudit[i]) { fp = wfopen(rootcheck.unixaudit[i], "r"); if (!fp) { - mterror(ARGV0, "No unixaudit file: '%s'", rootcheck.unixaudit[i]); + LogError(ARGV0, "No unixaudit file: '%s'", rootcheck.unixaudit[i]); } else { /* Run unix audit */ check_rc_unixaudit(fp, plist); @@ -226,35 +226,35 @@ void run_rk_check() /* Check for files in the /dev filesystem */ if (rootcheck.checks.rc_dev) { - mtdebug1(ARGV0, "Going into check_rc_dev"); + LogDebug(ARGV0, "Going into check_rc_dev"); check_rc_dev(rootcheck.basedir); } /* Scan the whole system for additional issues */ if (rootcheck.checks.rc_sys) { - mtdebug1(ARGV0, "Going into check_rc_sys"); + LogDebug(ARGV0, "Going into check_rc_sys"); check_rc_sys(rootcheck.basedir); } /* Check processes */ if (rootcheck.checks.rc_pids) { - mtdebug1(ARGV0, "Going into check_rc_pids"); + LogDebug(ARGV0, "Going into check_rc_pids"); check_rc_pids(); } /* Check all ports */ if (rootcheck.checks.rc_ports) { - mtdebug1(ARGV0, "Going into check_rc_ports"); + LogDebug(ARGV0, "Going into check_rc_ports"); check_rc_ports(); } /* Check interfaces */ if (rootcheck.checks.rc_if) { - mtdebug1(ARGV0, "Going into check_rc_if"); + LogDebug(ARGV0, "Going into check_rc_if"); check_rc_if(); } - mtdebug1(ARGV0, "Completed with all checks."); + LogDebug(ARGV0, "Completed with all checks."); /* Clean the global memory */ { @@ -283,10 +283,10 @@ void run_rk_check() /* Send scan ending message */ notify_rk(ALERT_POLICY_VIOLATION, "Ending rootcheck scan."); if (rootcheck.notify == QUEUE) { - mtinfo(ARGV0, "Ending rootcheck scan."); + LogInfo(ARGV0, "Ending rootcheck scan."); } - mtdebug1(ARGV0, "Leaving run_rk_check"); + LogDebug(ARGV0, "Leaving run_rk_check"); return; } @@ -334,19 +334,19 @@ void log_realtime_status_rk(int next) { switch (status) { case 0: if (next == 1) { - minfo("Starting rootcheck real-time monitoring."); + LogInfo("Starting rootcheck real-time monitoring."); status = next; } break; case 1: if (next == 2) { - minfo("Pausing rootcheck real-time monitoring."); + LogInfo("Pausing rootcheck real-time monitoring."); status = next; } break; case 2: if (next == 1) { - minfo("Resuming rootcheck real-time monitoring."); + LogInfo("Resuming rootcheck real-time monitoring."); status = next; } } diff --git a/src/modules/rootcheck/src/unix_process.c b/src/modules/rootcheck/src/unix_process.c index 233952a1df..a2a0fb3dee 100644 --- a/src/modules/rootcheck/src/unix_process.c +++ b/src/modules/rootcheck/src/unix_process.c @@ -84,7 +84,7 @@ OSList *os_get_process_list() if (!is_file(ps)) { strncpy(ps, "/usr/bin/ps", OS_SIZE_1024); if (!is_file(ps)) { - mterror(ARGV0, "'ps' not found."); + LogError(ARGV0, "'ps' not found."); return (NULL); } } @@ -92,7 +92,7 @@ OSList *os_get_process_list() /* Create process list */ p_list = OSList_Create(); if (!p_list) { - mterror(ARGV0, LIST_ERROR); + LogError(ARGV0, LIST_ERROR); return (NULL); } diff --git a/src/modules/rootcheck/src/win_common.c b/src/modules/rootcheck/src/win_common.c index 9d3dcbca2e..2bac80aecd 100644 --- a/src/modules/rootcheck/src/win_common.c +++ b/src/modules/rootcheck/src/win_common.c @@ -332,7 +332,7 @@ int is_registry(char *entry_name, char *reg_option, char *reg_value) rk = __os_winreg_getkey(entry_name); if (rk_sub_tree == NULL || rk == NULL) { - mterror(ARGV0, SK_INV_REG, entry_name); + LogError(ARGV0, SK_INV_REG, entry_name); return (0); } diff --git a/src/modules/rootcheck/src/win_process.c b/src/modules/rootcheck/src/win_process.c index 39e7c6231a..e0757f7fdd 100644 --- a/src/modules/rootcheck/src/win_process.c +++ b/src/modules/rootcheck/src/win_process.c @@ -75,28 +75,28 @@ OSList *os_get_process_list() TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) { if (GetLastError() == ERROR_NO_TOKEN) { if (!ImpersonateSelf(SecurityImpersonation)) { - mterror(ARGV0, "os_get_win32_process_list -> ImpersonateSelf"); + LogError(ARGV0, "os_get_win32_process_list -> ImpersonateSelf"); return (NULL); } if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &hpriv)) { - mterror(ARGV0, "os_get_win32_process_list -> OpenThread"); + LogError(ARGV0, "os_get_win32_process_list -> OpenThread"); return (NULL) ; } } else { - mterror(ARGV0, "os_get_win32_process_list -> OpenThread"); + LogError(ARGV0, "os_get_win32_process_list -> OpenThread"); return (NULL); } } /* Enable debug privilege */ if (!os_win32_setdebugpriv(hpriv, 1)) { - mterror(ARGV0, "os_win32_setdebugpriv"); + LogError(ARGV0, "os_win32_setdebugpriv"); if(CloseHandle(hpriv) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } return (NULL); @@ -105,10 +105,10 @@ OSList *os_get_process_list() /* Make a snapshot of every process */ hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hsnap == INVALID_HANDLE_VALUE) { - mterror(ARGV0, "CreateToolhelp32Snapshot"); + LogError(ARGV0, "CreateToolhelp32Snapshot"); if (CloseHandle(hpriv) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } return (NULL); @@ -116,14 +116,14 @@ OSList *os_get_process_list() /* Get first and second processes -- system entries */ if (!Process32First(hsnap, &p_entry) && !Process32Next(hsnap, &p_entry )) { - mterror(ARGV0, "Process32First"); + LogError(ARGV0, "Process32First"); if (CloseHandle(hsnap) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } if (CloseHandle(hpriv) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } return (NULL); @@ -134,14 +134,14 @@ OSList *os_get_process_list() if (!p_list) { if (CloseHandle(hsnap) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } if (CloseHandle(hpriv) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } - mterror(ARGV0, LIST_ERROR); + LogError(ARGV0, LIST_ERROR); return (0); } @@ -168,7 +168,7 @@ OSList *os_get_process_list() /* Get executable path (first entry in the module list) */ if (CloseHandle(hmod) == 0){ - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } os_strdup(p_name, p_path); @@ -177,7 +177,7 @@ OSList *os_get_process_list() os_strdup(m_entry.szExePath, p_path); if (CloseHandle(hmod) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } } @@ -191,11 +191,11 @@ OSList *os_get_process_list() os_win32_setdebugpriv(hpriv, 0); if (CloseHandle(hsnap) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } if (CloseHandle(hpriv) == 0) { - mdebug2("Can't close handle"); + LogDebug("Can't close handle"); } return (p_list); diff --git a/src/modules/sca/src/wm_sca.c b/src/modules/sca/src/wm_sca.c index f81c5dcf18..7dc178624b 100644 --- a/src/modules/sca/src/wm_sca.c +++ b/src/modules/sca/src/wm_sca.c @@ -13,7 +13,6 @@ #include #include #include "os_crypto/sha256/sha256_op.h" -#include "expression.h" #include "shared.h" #undef minfo @@ -22,11 +21,11 @@ #undef mdebug1 #undef mdebug2 -#define minfo(msg, ...) _mtinfo(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mwarn(msg, ...) _mtwarn(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define merror(msg, ...) _mterror(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mdebug1(msg, ...) _mtdebug1(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) -#define mdebug2(msg, ...) _mtdebug2(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define minfo(msg, ...) LogInfo(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mwarn(msg, ...) LogWarn(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define merror(msg, ...) LogError(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mdebug1(msg, ...) LogDebug(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) +#define mdebug2(msg, ...) LogDebug(WM_SCA_LOGTAG, __FILE__, __LINE__, __func__, msg, ##__VA_ARGS__) #ifdef WAZUH_UNIT_TESTING /* Remove static qualifier when testing */ @@ -149,14 +148,14 @@ void * wm_sca_main(wm_sca_t * data) { #endif // If module is disabled, exit if (data->enabled) { - minfo("Module started."); + LogInfo("Module started."); } else { - minfo("Module disabled. Exiting."); + LogInfo("Module disabled. Exiting."); pthread_exit(NULL); } if (!data->policies || data->policies[0] == NULL) { - minfo("No policies defined. Exiting."); + LogInfo("No policies defined. Exiting."); pthread_exit(NULL); } @@ -178,15 +177,15 @@ void * wm_sca_main(wm_sca_t * data) { /* Maximum request interval is the scan interval */ if(data->request_db_interval > data->scan_config.interval) { data->request_db_interval = data->scan_config.interval; - minfo("The request_db_interval option cannot be higher than the scan interval. It will be redefined to that value."); + LogInfo("The request_db_interval option cannot be higher than the scan interval. It will be redefined to that value."); } int i; for(i = 0; data->policies[i]; i++) { if(data->policies[i]->enabled){ - minfo("Loaded policy '%s'", data->policies[i]->policy_path); + LogInfo("Loaded policy '%s'", data->policies[i]->policy_path); } else { - minfo("Policy '%s' disabled by configuration.", data->policies[i]->policy_path); + LogInfo("Policy '%s' disabled by configuration.", data->policies[i]->policy_path); } } @@ -195,7 +194,7 @@ void * wm_sca_main(wm_sca_t * data) { os_realloc(cis_db, (i + 2) * sizeof(OSHash *), cis_db); cis_db[i] = OSHash_Create(); if (!cis_db[i]) { - merror(LIST_ERROR); + LogError(LIST_ERROR); pthread_exit(NULL); } OSHash_SetFreeDataPointer(cis_db[i], (void (*)(void *))wm_sca_free_hash_data); @@ -224,7 +223,7 @@ void * wm_sca_main(wm_sca_t * data) { data->queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (data->queue < 0) { - merror("Can't connect to queue."); + LogError("Can't connect to queue."); } #endif @@ -264,16 +263,16 @@ static int wm_sca_send_alert(wm_sca_t * data,cJSON *json_alert) #endif char *msg = cJSON_PrintUnformatted(json_alert); - mdebug2("Sending event: %s",msg); + LogDebug("Sending event: %s",msg); if (wm_sendmsg(data->msg_delay, queue_fd, msg,WM_SCA_STAMP, SCA_MQ) < 0) { - merror(QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); if ((data->queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) { - mwarn("Can't connect to queue."); + LogWarn("Can't connect to queue."); } else { if(wm_sendmsg(data->msg_delay, data->queue, msg,WM_SCA_STAMP, SCA_MQ) < 0) { - merror(QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); } } } @@ -302,7 +301,7 @@ static void wm_sca_send_policies_scanned(wm_sca_t * data) { cJSON_AddStringToObject(policies_obj, "type", "policies"); cJSON_AddItemToObject(policies_obj,"policies",policies); - mdebug2("Sending scanned policies."); + LogDebug("Sending scanned policies."); wm_sca_send_alert(data,policies_obj); cJSON_Delete(policies_obj); } @@ -318,11 +317,11 @@ static int wm_sca_start(wm_sca_t * data) { if (time_sleep) { const int next_scan_time = sched_get_next_scan_time(data->scan_config); timestamp = w_get_timestamp(next_scan_time); - mtdebug2(WM_SCA_LOGTAG, "Sleeping until: %s", timestamp); + LogDebug(WM_SCA_LOGTAG, "Sleeping until: %s", timestamp); os_free(timestamp); w_sleep_until(next_scan_time); } - mtinfo(WM_SCA_LOGTAG,"Starting Security Configuration Assessment scan."); + LogInfo(WM_SCA_LOGTAG,"Starting Security Configuration Assessment scan."); time_start = time(NULL); /* Do scan for every policy file */ @@ -332,7 +331,7 @@ static int wm_sca_start(wm_sca_t * data) { wm_sca_send_policies_scanned(data); duration = time(NULL) - time_start; - mtinfo(WM_SCA_LOGTAG, "Security Configuration Assessment scan finished. Duration: %d seconds.", (int)duration); + LogInfo(WM_SCA_LOGTAG, "Security Configuration Assessment scan finished. Duration: %d seconds.", (int)duration); } while(FOREVER()); @@ -361,7 +360,7 @@ static void wm_sca_read_files(wm_sca_t * data) { FILE *fp = wfopen(data->policies[i]->policy_path, "r"); if(!fp) { - mwarn("Policy file not found: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Policy file not found: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } w_file_cloexec(fp); @@ -370,12 +369,12 @@ static void wm_sca_read_files(wm_sca_t * data) { yaml_document_t document; if (yaml_parse_file(data->policies[i]->policy_path, &document)) { - mwarn("Error found while parsing file: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while parsing file: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } if (object = yaml2json(&document,1), !object) { - mwarn("Error found while transforming yaml to json: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while transforming yaml to json: '%s'. Skipping it.", data->policies[i]->policy_path); yaml_document_delete(&document); goto next; } @@ -390,7 +389,7 @@ static void wm_sca_read_files(wm_sca_t * data) { cJSON_AddItemReferenceToArray(requirements_array, requirements); if (wm_sca_check_policy(policy, checks, check_list)) { - mwarn("Error found while validating policy file: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while validating policy file: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } @@ -403,7 +402,7 @@ static void wm_sca_read_files(wm_sca_t * data) { } if (requirements && wm_sca_check_requirements(requirements)) { - mwarn("Error found while reading 'requirements' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while reading 'requirements' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } @@ -413,14 +412,14 @@ static void wm_sca_read_files(wm_sca_t * data) { } if (!checks) { - mwarn("Error found while reading 'checks' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while reading 'checks' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } vars = OSStore_Create(); sorted_variables = wm_sort_variables(variables_policy); if (wm_sca_get_vars(variables_policy,vars) != 0) { - mwarn("Error found while reading the 'variables' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); + LogWarn("Error found while reading the 'variables' section of file: '%s'. Skipping it.", data->policies[i]->policy_path); goto next; } @@ -445,7 +444,7 @@ static void wm_sca_read_files(wm_sca_t * data) { requirements_satisfied = 1; } - mdebug1("Calculating hash for policy file '%s'", data->policies[i]->policy_path); + LogDebug("Calculating hash for policy file '%s'", data->policies[i]->policy_path); char * integrity_hash_file = wm_sca_hash_integrity_file(data->policies[i]->policy_path); /* Check if the file integrity has changed */ @@ -459,7 +458,7 @@ static void wm_sca_read_files(wm_sca_t * data) { cis_db[cis_db_index] = OSHash_Create(); if (!cis_db[cis_db_index]) { - merror(LIST_ERROR); + LogError(LIST_ERROR); w_rwlock_unlock(&dump_rwlock); pthread_exit(NULL); } @@ -490,12 +489,12 @@ static void wm_sca_read_files(wm_sca_t * data) { time_t time_end = 0; time_start = time(NULL); - minfo("Starting evaluation of policy: '%s'", data->policies[i]->policy_path); + LogInfo("Starting evaluation of policy: '%s'", data->policies[i]->policy_path); if (wm_sca_do_scan(checks, vars, data, id, policy, 0, cis_db_index, data->policies[i]->remote, first_scan, &checks_number, sorted_variables, data->policies[i]->policy_regex_type) != 0) { - merror("Error while evaluating the policy '%s'", data->policies[i]->policy_path); + LogError("Error while evaluating the policy '%s'", data->policies[i]->policy_path); } - mdebug1("Calculating hash for scanned results."); + LogDebug("Calculating hash for scanned results."); char * integrity_hash = wm_sca_hash_integrity(cis_db_index); time_end = time(NULL); @@ -509,13 +508,13 @@ static void wm_sca_read_files(wm_sca_t * data) { os_free(integrity_hash); - minfo("Evaluation finished for policy '%s'", data->policies[i]->policy_path); + LogInfo("Evaluation finished for policy '%s'", data->policies[i]->policy_path); wm_sca_reset_summary(); w_rwlock_unlock(&dump_rwlock); } else { cJSON *title = cJSON_GetObjectItem(requirements,"title"); - minfo("Skipping policy '%s': '%s'", data->policies[i]->policy_path, title->valuestring); + LogInfo("Skipping policy '%s': '%s'", data->policies[i]->policy_path, title->valuestring); } os_free(integrity_hash_file); @@ -552,62 +551,62 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c const cJSON * const id = cJSON_GetObjectItem(policy, "id"); if(!id) { - mwarn("Field 'id' not found in policy header."); + LogWarn("Field 'id' not found in policy header."); return 1; } if(!id->valuestring){ - mwarn("Invalid format for field 'id'"); + LogWarn("Invalid format for field 'id'"); return 1; } char *coincident_policy_file; if((coincident_policy_file = OSHash_Get(global_check_list,id->valuestring)), coincident_policy_file) { - mwarn("Found duplicated policy ID: %s. File '%s' contains the same ID.", id->valuestring, coincident_policy_file); + LogWarn("Found duplicated policy ID: %s. File '%s' contains the same ID.", id->valuestring, coincident_policy_file); return 1; } const cJSON * const name = cJSON_GetObjectItem(policy, "name"); if(!name) { - mwarn("Field 'name' not found in policy header."); + LogWarn("Field 'name' not found in policy header."); return 1; } if(!name->valuestring){ - mwarn("Invalid format for field 'name'"); + LogWarn("Invalid format for field 'name'"); return 1; } const cJSON * const file = cJSON_GetObjectItem(policy, "file"); if(!file) { - mwarn("Field 'file' not found in policy header."); + LogWarn("Field 'file' not found in policy header."); return 1; } if(!file->valuestring){ - mwarn("Invalid format for field 'file'"); + LogWarn("Invalid format for field 'file'"); return 1; } const cJSON * const description = cJSON_GetObjectItem(policy, "description"); if(!description) { - mwarn("Field 'description' not found in policy header."); + LogWarn("Field 'description' not found in policy header."); return 1; } const cJSON * const regex_type = cJSON_GetObjectItem(policy, "regex_type"); if(!regex_type) { - mdebug1("Field 'regex_type' not found in policy header. The OS_REGEX engine shall be used."); + LogDebug("Field 'regex_type' not found in policy header. The OS_REGEX engine shall be used."); } if(!description->valuestring) { - mwarn("Invalid format for field 'description'"); + LogWarn("Invalid format for field 'description'"); return 1; } // Check for policy rules with duplicated IDs */ if (!checks) { - mwarn("Section 'checks' not found."); + LogWarn("Section 'checks' not found."); return 1; } @@ -619,14 +618,14 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c cJSON_ArrayForEach(check, checks) { const cJSON * const check_id = cJSON_GetObjectItem(check, "id"); if (check_id == NULL) { - mwarn("Check ID not found."); + LogWarn("Check ID not found."); free(read_id); return 1; } if (check_id->valueint <= 0) { // Invalid ID - mwarn("Invalid check ID: %d", check_id->valueint); + LogWarn("Invalid check ID: %d", check_id->valueint); free(read_id); return 1; } @@ -639,7 +638,7 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c if((coincident_policy = (char *)OSHash_Get(global_check_list, key_id)), coincident_policy){ // Invalid ID - mwarn("Found duplicated check ID: %d. First appearance at policy '%s'", check_id->valueint, coincident_policy); + LogWarn("Found duplicated check ID: %d. First appearance at policy '%s'", check_id->valueint, coincident_policy); os_free(key_id); os_free(read_id); return 1; @@ -650,7 +649,7 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c for (i = 0; read_id[i] != 0; i++) { if (check_id->valueint == read_id[i]) { // Duplicated ID - mwarn("Found duplicated check ID: %d", check_id->valueint); + LogWarn("Found duplicated check ID: %d", check_id->valueint); free(read_id); return 1; } @@ -663,7 +662,7 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c const cJSON * const rules = cJSON_GetObjectItem(check, "rules"); if (rules == NULL) { - mwarn("Invalid check %d: no rules found.", check_id->valueint); + LogWarn("Invalid check %d: no rules found.", check_id->valueint); free(read_id); return 1; } @@ -672,7 +671,7 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c const cJSON *rule; cJSON_ArrayForEach(rule, rules) { if (!rule->valuestring) { - mwarn("Invalid check %d: Empty rule.", check_id->valueint); + LogWarn("Invalid check %d: Empty rule.", check_id->valueint); free(read_id); return 1; } @@ -690,11 +689,11 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c case 'c': break; case '\0': - mwarn("Invalid check %d: Empty rule.", check_id->valueint); + LogWarn("Invalid check %d: Empty rule.", check_id->valueint); free(read_id); return 1; default: - mwarn("Invalid check %d: Invalid rule format.", check_id->valueint); + LogWarn("Invalid check %d: Invalid rule format.", check_id->valueint); free(read_id); return 1; } @@ -702,13 +701,13 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c rules_n++; if (rules_n > 255) { free(read_id); - mwarn("Invalid check %d: Maximum number of rules is 255.", check_id->valueint); + LogWarn("Invalid check %d: Maximum number of rules is 255.", check_id->valueint); return 1; } } if (rules_n == 0) { - mwarn("Invalid check %d: no rules found.", check_id->valueint); + LogWarn("Invalid check %d: no rules found.", check_id->valueint); free(read_id); return 1; } @@ -721,11 +720,11 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c if (id_add_retval == 0){ os_free(policy_file); os_free(read_id); - merror_exit("(1102): Could not acquire memory"); + LogCritical("(1102): Could not acquire memory"); } if (id_add_retval == 1){ - merror("Error validating duplicated ID. Policy %s in file %s is duplicated", id->valuestring, policy_file); + LogError("Error validating duplicated ID. Policy %s in file %s is duplicated", id->valuestring, policy_file); os_free(policy_file); os_free(read_id); return 1; @@ -739,11 +738,11 @@ static int wm_sca_check_policy(const cJSON * const policy, const cJSON * const c if (check_add_retval == 0){ os_free(policy_id); os_free(read_id); - merror_exit("(1102): Could not acquire memory"); + LogCritical("(1102): Could not acquire memory"); } if (check_add_retval == 1){ - merror("Error validating duplicated ID. Check %s in policy %s is duplicated", id->valuestring, policy_id); + LogError("Error validating duplicated ID. Check %s in policy %s is duplicated", id->valuestring, policy_id); os_free(policy_id); os_free(read_id); return 1; @@ -762,45 +761,45 @@ static int wm_sca_check_requirements(const cJSON * const requirements) const cJSON * const title = cJSON_GetObjectItem(requirements, "title"); if(!title) { - merror("Field 'title' not found on requirements."); + LogError("Field 'title' not found on requirements."); return 1; } if(!title->valuestring){ - merror("Field 'title' must be a string."); + LogError("Field 'title' must be a string."); return 1; } const cJSON * const description = cJSON_GetObjectItem(requirements, "description"); if(!description) { - merror("Field 'description' not found on policy."); + LogError("Field 'description' not found on policy."); return 1; } if(!description->valuestring){ - merror("Field 'description' must be a string."); + LogError("Field 'description' must be a string."); return 1; } const cJSON * const condition = cJSON_GetObjectItem(requirements, "condition"); if(!condition) { - merror("Field 'condition' not found on policy."); + LogError("Field 'condition' not found on policy."); return 1; } if(!condition->valuestring){ - merror("Field 'condition' must be a string."); + LogError("Field 'condition' must be a string."); return 1; } const cJSON * const rules = cJSON_GetObjectItem(requirements, "rules"); if (!rules) { - merror("Field 'rules' must be present."); + LogError("Field 'rules' must be present."); return 1; } if (!cJSON_IsArray(rules)) { - merror("Field 'rules' must be an array."); + LogError("Field 'rules' must be an array."); return 1; } @@ -810,18 +809,18 @@ static int wm_sca_check_requirements(const cJSON * const requirements) #ifndef WIN32 static int wm_sca_resolve_symlink(const char * const file, char * realpath_buffer, char **reason) { - mdebug2("Resolving real path of '%s'", file); + LogDebug("Resolving real path of '%s'", file); const char * const realpath_buffer_ref = realpath(file, realpath_buffer); if (realpath_buffer_ref == NULL) { const int realpath_errno = errno; if (realpath_errno == ENOENT) { - mdebug2("Path '%s' does not exists, or points to an unexistent path -> RETURN_NOT_FOUND: %s", file, strerror(realpath_errno)); + LogDebug("Path '%s' does not exists, or points to an unexistent path -> RETURN_NOT_FOUND: %s", file, strerror(realpath_errno)); return RETURN_NOT_FOUND; } - mdebug2("Could not resolve the real path of '%s': %s", file, strerror(realpath_errno)); + LogDebug("Could not resolve the real path of '%s': %s", file, strerror(realpath_errno)); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Could not resolve the real path of '%s': %s", file, strerror(realpath_errno)) + 1, *reason); sprintf(*reason, "Could not resolve the real path of '%s': %s", file, strerror(realpath_errno)); @@ -830,7 +829,7 @@ static int wm_sca_resolve_symlink(const char * const file, char * realpath_buffe return RETURN_INVALID; } - mdebug2("Real path of '%s' is '%s'", file, realpath_buffer); + LogDebug("Real path of '%s' is '%s'", file, realpath_buffer); return RETURN_FOUND; } #endif @@ -847,12 +846,12 @@ static int wm_sca_check_dir_list(wm_sca_t * const data, char *f_value_copy_ref = f_value_copy; int found = RETURN_NOT_FOUND; char *dir = NULL; - mdebug2("Exploring directories [%s]", f_value_copy); + LogDebug("Exploring directories [%s]", f_value_copy); while ((dir = w_strtok_r_str_delim(",", &f_value_copy_ref))) { short is_nfs = IsNFS(dir); - mdebug2("Checking directory '%s' => is_nfs=%d, skip_nfs=%d", dir, is_nfs, data->skip_nfs); + LogDebug("Checking directory '%s' => is_nfs=%d, skip_nfs=%d", dir, is_nfs, data->skip_nfs); if(data->skip_nfs && is_nfs == 1) { - mdebug2("Directory '%s' flagged as NFS and skip_nfs is enabled.", dir); + LogDebug("Directory '%s' flagged as NFS and skip_nfs is enabled.", dir); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Directory '%s' flagged as NFS and skip_nfs is enabled", dir) + 1, *reason); sprintf(*reason, "Directory '%s' flagged as NFS and skip_nfs is enabled", dir); @@ -868,10 +867,10 @@ static int wm_sca_check_dir_list(wm_sca_t * const data, if (check_result == RETURN_FOUND) { found = RETURN_FOUND; - mdebug2("Found match in directory '%s'", dir); + LogDebug("Found match in directory '%s'", dir); } else if (check_result == RETURN_INVALID) { found = RETURN_INVALID; - mdebug2("Check returned not applicable for directory '%s'", dir); + LogDebug("Check returned not applicable for directory '%s'", dir); } } @@ -973,7 +972,7 @@ static int wm_sca_do_scan(cJSON * checks, } else { const cJSON * const c_id = cJSON_GetObjectItem(check, "id"); if (!c_id || !c_id->valueint) { - merror("Skipping check. Check ID is invalid. Offending check number: %d", check_count); + LogError("Skipping check. Check ID is invalid. Offending check number: %d", check_count); ret_val = 1; continue; } @@ -982,7 +981,7 @@ static int wm_sca_do_scan(cJSON * checks, const cJSON * const c_title = cJSON_GetObjectItem(check, "title"); if (!c_title || !c_title->valuestring) { - merror("Skipping check with %s: Check name is invalid.", _check_id_str); + LogError("Skipping check with %s: Check name is invalid.", _check_id_str); if (requirements_scan) { ret_val = 1; goto clean_return; @@ -992,7 +991,7 @@ static int wm_sca_do_scan(cJSON * checks, const cJSON * const c_condition = cJSON_GetObjectItem(check, "condition"); if (!c_condition || !c_condition->valuestring) { - merror("Skipping check '%s: %s': Check condition not found.", _check_id_str, c_title->valuestring); + LogError("Skipping check '%s: %s': Check condition not found.", _check_id_str, c_title->valuestring); if (requirements_scan) { ret_val = 1; goto clean_return; @@ -1004,7 +1003,7 @@ static int wm_sca_do_scan(cJSON * checks, wm_sca_set_condition(c_condition->valuestring, &condition); if (condition == WM_SCA_COND_INV) { - merror("Skipping check '%s: %s': Check condition (%s) is invalid.",_check_id_str, c_title->valuestring, c_condition->valuestring); + LogError("Skipping check '%s: %s': Check condition (%s) is invalid.",_check_id_str, c_title->valuestring, c_condition->valuestring); if (requirements_scan) { ret_val = 1; goto clean_return; @@ -1021,14 +1020,14 @@ static int wm_sca_do_scan(cJSON * checks, g_found = RETURN_FOUND; } - mdebug1("Beginning evaluation of check %s '%s'", _check_id_str, c_title->valuestring); - mdebug1("Rule aggregation strategy for this check is '%s'", c_condition->valuestring); - mdebug2("Initial rule-aggregator value por this type of rule is '%d'", g_found); - mdebug1("Beginning rules evaluation."); + LogDebug("Beginning evaluation of check %s '%s'", _check_id_str, c_title->valuestring); + LogDebug("Rule aggregation strategy for this check is '%s'", c_condition->valuestring); + LogDebug("Initial rule-aggregator value por this type of rule is '%d'", g_found); + LogDebug("Beginning rules evaluation."); const cJSON *const rules = cJSON_GetObjectItem(check, "rules"); if (!rules) { - merror("Skipping check %s '%s': No rules found.", _check_id_str, c_title->valuestring); + LogError("Skipping check %s '%s': No rules found.", _check_id_str, c_title->valuestring); if (requirements_scan) { ret_val = 1; goto clean_return; @@ -1051,7 +1050,7 @@ static int wm_sca_do_scan(cJSON * checks, w_calloc_expression_t(®ex_engine, EXP_TYPE_OSREGEX); } } - mdebug1("SCA will use '%s' engine to check the rules.", w_expression_get_regex_type(regex_engine)); + LogDebug("SCA will use '%s' engine to check the rules.", w_expression_get_regex_type(regex_engine)); char *rule_cp = NULL; const cJSON *rule_ref; @@ -1061,13 +1060,13 @@ static int wm_sca_do_scan(cJSON * checks, os_free(rule_cp); if(!rule_ref->valuestring) { - mdebug1("Field 'rule' must be a string."); + LogDebug("Field 'rule' must be a string."); ret_val = 1; os_free(regex_engine); goto clean_return; } - mdebug1("Considering rule: '%s'", rule_ref->valuestring); + LogDebug("Considering rule: '%s'", rule_ref->valuestring); os_strdup(rule_ref->valuestring, rule_cp); char *rule_cp_ref = NULL; @@ -1076,7 +1075,7 @@ static int wm_sca_do_scan(cJSON * checks, char expanded_rule[2048] = {0}; ExpandEnvironmentStrings(rule_cp, expanded_rule, 2048); rule_cp_ref = expanded_rule; - mdebug2("Rule after variable expansion: '%s'", rule_cp_ref); + LogDebug("Rule after variable expansion: '%s'", rule_cp_ref); #else rule_cp_ref = rule_cp; #endif @@ -1086,7 +1085,7 @@ static int wm_sca_do_scan(cJSON * checks, (strncmp(rule_cp_ref, "NOT ", 4) == 0 || strncmp(rule_cp_ref, "not ", 4) == 0)) { - mdebug2("Rule is negated."); + LogDebug("Rule is negated."); rule_is_negated = 1; rule_cp_ref += 4; } @@ -1096,7 +1095,7 @@ static int wm_sca_do_scan(cJSON * checks, char *value = wm_sca_get_value(rule_cp_ref, &type); if (value == NULL) { - merror("Invalid rule: '%s'. Skipping policy.", rule_ref->valuestring); + LogError("Invalid rule: '%s'. Skipping policy.", rule_ref->valuestring); os_free(rule_cp); ret_val = 1; os_free(regex_engine); @@ -1116,15 +1115,15 @@ static int wm_sca_do_scan(cJSON * checks, if (sorted_variables) { for (int i = 0; sorted_variables[i]; i++) { if (strstr(rule_location, sorted_variables[i])) { - mdebug2("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); + LogDebug("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); aux = wstr_replace(rule_location, sorted_variables[i], OSStore_Get(vars, sorted_variables[i])); os_free(rule_location); rule_location = aux; if (!rule_location) { - merror("Invalid variable replacement: '%s'. Skipping check.", sorted_variables[i]); + LogError("Invalid variable replacement: '%s'. Skipping check.", sorted_variables[i]); break; } - mdebug2("Variable replaced: '%s'", rule_location); + LogDebug("Variable replaced: '%s'", rule_location); } } } @@ -1152,7 +1151,7 @@ static int wm_sca_do_scan(cJSON * checks, os_strdup(value, rule_location); if (!data->remote_commands && remote_policy) { - mwarn("Ignoring check for policy '%s'. The internal option 'sca.remote_commands' is disabled.", cJSON_GetObjectItem(policy, "name")->valuestring); + LogWarn("Ignoring check for policy '%s'. The internal option 'sca.remote_commands' is disabled.", cJSON_GetObjectItem(policy, "name")->valuestring); if (reason == NULL) { os_malloc(snprintf(NULL, 0, "Ignoring check for running command '%s'. The internal option 'sca.remote_commands' is disabled", rule_location) + 1, reason); sprintf(reason, "Ignoring check for running command '%s'. The internal option 'sca.remote_commands' is disabled", rule_location); @@ -1164,15 +1163,15 @@ static int wm_sca_do_scan(cJSON * checks, if (sorted_variables) { for (int i = 0; sorted_variables[i]; i++) { if (strstr(rule_location, sorted_variables[i])) { - mdebug2("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); + LogDebug("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); aux = wstr_replace(rule_location, sorted_variables[i], OSStore_Get(vars, sorted_variables[i])); os_free(rule_location); rule_location = aux; if (!rule_location) { - merror("Invalid variable: '%s'. Skipping check.", sorted_variables[i]); + LogError("Invalid variable: '%s'. Skipping check.", sorted_variables[i]); break; } - mdebug2("Variable replaced: '%s'", rule_location); + LogDebug("Variable replaced: '%s'", rule_location); } } } @@ -1181,13 +1180,13 @@ static int wm_sca_do_scan(cJSON * checks, continue; } - mdebug2("Running command: '%s'", rule_location); + LogDebug("Running command: '%s'", rule_location); const int val = wm_sca_read_command(rule_location, pattern, data, &reason, regex_engine); if (val == RETURN_FOUND) { - mdebug2("Command output matched."); + LogDebug("Command output matched."); found = RETURN_FOUND; } else if (val == RETURN_INVALID){ - mdebug2("Command output did not match."); + LogDebug("Command output did not match."); found = RETURN_INVALID; } } @@ -1200,7 +1199,7 @@ static int wm_sca_do_scan(cJSON * checks, } else if (type == WM_SCA_TYPE_DIR) { /* Check directory */ - mdebug2("Processing directory rule '%s'", value); + LogDebug("Processing directory rule '%s'", value); char * const file = wm_sca_get_pattern(value); char *rule_location = NULL; char *aux = NULL; @@ -1211,15 +1210,15 @@ static int wm_sca_do_scan(cJSON * checks, if (sorted_variables) { for (int i = 0; sorted_variables[i]; i++) { if (strstr(rule_location, sorted_variables[i])) { - mdebug2("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); + LogDebug("Variable '%s' found at rule '%s'. Replacing it.", sorted_variables[i], rule_location); aux = wstr_replace(rule_location, sorted_variables[i], OSStore_Get(vars, sorted_variables[i])); os_free(rule_location); rule_location = aux; if (!rule_location) { - merror("Invalid variable: '%s'. Skipping check.", sorted_variables[i]); + LogError("Invalid variable: '%s'. Skipping check.", sorted_variables[i]); break; } - mdebug2("Variable replaced: '%s'", rule_location); + LogDebug("Variable replaced: '%s'", rule_location); } } } @@ -1230,7 +1229,7 @@ static int wm_sca_do_scan(cJSON * checks, char * const pattern = wm_sca_get_pattern(file); found = wm_sca_check_dir_list(data, rule_location, file, pattern, &reason, regex_engine); - mdebug2("Check directory rule result: %d", found); + LogDebug("Check directory rule result: %d", found); os_free(rule_location); } else if (type == WM_SCA_TYPE_PROCESS) { @@ -1240,12 +1239,12 @@ static int wm_sca_do_scan(cJSON * checks, p_list = w_os_get_process_list(); } - mdebug2("Checking process: '%s'", value); + LogDebug("Checking process: '%s'", value); if (wm_sca_check_process_is_running(p_list, value, &reason, regex_engine)) { - mdebug2("Process found."); + LogDebug("Process found."); found = RETURN_FOUND; } else { - mdebug2("Process not found."); + LogDebug("Process not found."); } char _b_msg[OS_SIZE_1024 + 1]; @@ -1273,14 +1272,14 @@ static int wm_sca_do_scan(cJSON * checks, found = rule_is_negated ^ found; } - mdebug1("Result for rule '%s': %d", rule_ref->valuestring, found); + LogDebug("Result for rule '%s': %d", rule_ref->valuestring, found); if (((condition & WM_SCA_COND_ALL) && found == RETURN_NOT_FOUND) || ((condition & WM_SCA_COND_ANY) && found == RETURN_FOUND) || ((condition & WM_SCA_COND_NON) && found == RETURN_FOUND)) { g_found = found; - mdebug1("Breaking from rule aggregator '%s' with found = %d", c_condition->valuestring, g_found); + LogDebug("Breaking from rule aggregator '%s' with found = %d", c_condition->valuestring, g_found); break; } @@ -1288,7 +1287,7 @@ static int wm_sca_do_scan(cJSON * checks, /* Rules that agreggate by ANY are the only that can success after an INVALID On the other hand ALL and NONE agregators can fail after an INVALID. */ g_found = found; - mdebug1("Rule evaluation returned INVALID. Continuing."); + LogDebug("Rule evaluation returned INVALID. Continuing."); } } @@ -1296,7 +1295,7 @@ static int wm_sca_do_scan(cJSON * checks, g_found = !g_found; } - mdebug1("Result for check %s '%s' -> %d", _check_id_str, c_title->valuestring, g_found); + LogDebug("Result for check %s '%s' -> %d", _check_id_str, c_title->valuestring, g_found); if (g_found != RETURN_INVALID) { os_free(reason); @@ -1339,7 +1338,7 @@ static int wm_sca_do_scan(cJSON * checks, if (reason == NULL) { os_malloc(snprintf(NULL, 0, "Unknown reason") + 1, reason); sprintf(reason, "Unknown reason"); - mdebug1("A check returned INVALID for an unknown reason."); + LogDebug("A check returned INVALID for an unknown reason."); } } @@ -1360,7 +1359,7 @@ static int wm_sca_do_scan(cJSON * checks, cJSON_Delete(event); } else { - merror("Error constructing event for check: %s. Set debug mode for more information.", c_title->valuestring); + LogError("Error constructing event for check: %s. Set debug mode for more information.", c_title->valuestring); ret_val = 1; } @@ -1394,10 +1393,10 @@ static void wm_sca_set_condition(const char * const c_cond, int *condition) *condition |= WM_SCA_COND_NON; } else if (strcmp(c_cond, "any required") == 0) { *condition |= WM_SCA_COND_ANY; - minfo("Modifier 'required' is deprecated. Defaults to 'any'"); + LogInfo("Modifier 'required' is deprecated. Defaults to 'any'"); } else if (strcmp(c_cond, "all required") == 0) { *condition |= WM_SCA_COND_ALL; - minfo("Modifier 'required' is deprecated. Defaults to 'all'"); + LogInfo("Modifier 'required' is deprecated. Defaults to 'all'"); } else { *condition = WM_SCA_COND_INV; } @@ -1408,7 +1407,7 @@ static int wm_sca_get_vars(const cJSON * const variables, OSStore * const vars) const cJSON *variable; cJSON_ArrayForEach (variable, variables) { if (*variable->string != '$') { - merror("Invalid variable: '%s'", variable->string); + LogError("Invalid variable: '%s'", variable->string); return -1; } @@ -1496,19 +1495,19 @@ static int wm_sca_check_file_existence(const char * const file, char **reason) if (lstat_ret == -1) { if (lstat_errno == ENOENT) { - mdebug2("FILE_EXISTS(%s) -> RETURN_NOT_FOUND: %s", file, strerror(lstat_errno)); + LogDebug("FILE_EXISTS(%s) -> RETURN_NOT_FOUND: %s", file, strerror(lstat_errno)); return RETURN_NOT_FOUND; } if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Could not open '%s': %s", file, strerror(lstat_errno)) + 1, *reason); sprintf(*reason, "Could not open '%s': %s", file, strerror(lstat_errno)); } - mdebug2("FILE_EXISTS(%s) -> RETURN_INVALID: %s", file, strerror(lstat_errno)); + LogDebug("FILE_EXISTS(%s) -> RETURN_INVALID: %s", file, strerror(lstat_errno)); return RETURN_INVALID; } if (S_ISREG(statbuf.st_mode)) { - mdebug2("FILE_EXISTS(%s) -> RETURN_FOUND", file); + LogDebug("FILE_EXISTS(%s) -> RETURN_FOUND", file); return RETURN_FOUND; } @@ -1517,7 +1516,7 @@ static int wm_sca_check_file_existence(const char * const file, char **reason) sprintf(*reason, "FILE_EXISTS(%s) -> RETURN_INVALID: Not a regular file.", file); } - mdebug2("FILE_EXISTS(%s) -> RETURN_INVALID: Not a regular file.", file); + LogDebug("FILE_EXISTS(%s) -> RETURN_INVALID: Not a regular file.", file); return RETURN_INVALID; } @@ -1526,7 +1525,7 @@ static int wm_sca_check_file_contents(const char * const file, char ** reason, w_expression_t * regex_engine) { - mdebug2("Checking contents of file '%s' against pattern '%s'", file, pattern); + LogDebug("Checking contents of file '%s' against pattern '%s'", file, pattern); #ifdef WIN32 const char *realpath_buffer = file; @@ -1539,7 +1538,7 @@ static int wm_sca_check_file_contents(const char * const file, sprintf(*reason, "Could not open file '%s'", file); } - mdebug2("Could not open file '%s'", file); + LogDebug("Could not open file '%s'", file); return RETURN_INVALID; } @@ -1552,7 +1551,7 @@ static int wm_sca_check_file_contents(const char * const file, os_malloc(snprintf(NULL, 0, "Could not open file '%s': %s", file, strerror(fopen_errno)) + 1, *reason); sprintf(*reason, "Could not open file '%s': %s", file, strerror(fopen_errno)); } - mdebug2("Could not open file '%s': %s", file, strerror(fopen_errno)); + LogDebug("Could not open file '%s': %s", file, strerror(fopen_errno)); return RETURN_INVALID; } @@ -1561,16 +1560,16 @@ static int wm_sca_check_file_contents(const char * const file, while (fgets(buf, OS_SIZE_2048, fp) != NULL) { os_trimcrlf(buf); result = wm_sca_pattern_matches(buf, pattern, reason, regex_engine); - mdebug2("(%s)(%s) -> %d", pattern, *buf != '\0' ? buf : "EMPTY_LINE" , result); + LogDebug("(%s)(%s) -> %d", pattern, *buf != '\0' ? buf : "EMPTY_LINE" , result); if (result) { - mdebug2("Match found. Skipping the rest."); + LogDebug("Match found. Skipping the rest."); break; } } fclose(fp); - mdebug2("Result for (%s)(%s) -> %d", pattern, file, result); + LogDebug("Result for (%s)(%s) -> %d", pattern, file, result); return result; } @@ -1588,7 +1587,7 @@ static int wm_sca_check_file_list(const char * const file_list, static int wm_sca_check_file_list_for_existence(const char * const file_list, char **reason) { - mdebug1("Checking file list '%s' for existence.", file_list); + LogDebug("Checking file list '%s' for existence.", file_list); if (!file_list) { return RETURN_NOT_FOUND; @@ -1606,19 +1605,19 @@ static int wm_sca_check_file_list_for_existence(const char * const file_list, ch const int file_check_result = wm_sca_check_file_existence(file, reason); if (file_check_result == RETURN_FOUND) { result_accumulator = RETURN_FOUND; - mdebug2("File '%s' found. Skipping the rest.", file); + LogDebug("File '%s' found. Skipping the rest.", file); break; } if (file_check_result == RETURN_INVALID) { result_accumulator = RETURN_INVALID; - mdebug2("Could not open file '%s'. Continuing.", file); + LogDebug("Could not open file '%s'. Continuing.", file); } else { - mdebug2("File '%s' does not exists. Continuing.", file); + LogDebug("File '%s' does not exists. Continuing.", file); } } - mdebug1("Result for FILES_EXIST(%s) -> %d", file_list, result_accumulator); + LogDebug("Result for FILES_EXIST(%s) -> %d", file_list, result_accumulator); os_free(file_list_copy); return result_accumulator; @@ -1629,7 +1628,7 @@ static int wm_sca_check_file_list_for_contents(const char * const file_list, char ** reason, w_expression_t * regex_engine) { - mdebug1("Checking file list '%s' with '%s'", file_list, pattern); + LogDebug("Checking file list '%s' with '%s'", file_list, pattern); if (!file_list) { return RETURN_NOT_FOUND; @@ -1652,26 +1651,26 @@ static int wm_sca_check_file_list_for_contents(const char * const file_list, os_malloc(snprintf(NULL, 0, "Could not open file '%s'", file) + 1, *reason); sprintf(*reason, "Could not open file '%s'", file); } - mdebug2("Could not open file '%s'. Skipping.", file); + LogDebug("Could not open file '%s'. Skipping.", file); continue; } const int contents_check_result = wm_sca_check_file_contents(file, pattern, reason, regex_engine); if (contents_check_result == RETURN_FOUND) { result_accumulator = RETURN_FOUND; - mdebug2("Match found in '%s'. Skipping the rest.", file); + LogDebug("Match found in '%s'. Skipping the rest.", file); break; } if (contents_check_result == RETURN_INVALID) { - mdebug2("Check was invalid in file '%s'. Continuing.", file); + LogDebug("Check was invalid in file '%s'. Continuing.", file); result_accumulator = RETURN_INVALID; } else { - mdebug2("Match not found in file '%s'. Continuing.", file); + LogDebug("Match not found in file '%s'. Continuing.", file); } } - mdebug1("Result for (%s)(%s) -> %d", pattern, file_list, result_accumulator); + LogDebug("Result for (%s)(%s) -> %d", pattern, file_list, result_accumulator); os_free(file_list_copy); return result_accumulator; @@ -1684,26 +1683,26 @@ static int wm_sca_read_command(char * command, w_expression_t * regex_engine) { if (command == NULL) { - mdebug1("No Command specified Returning."); + LogDebug("No Command specified Returning."); return RETURN_NOT_FOUND; } if (!pattern) { - mdebug1("No pattern given. Returning FOUND."); + LogDebug("No pattern given. Returning FOUND."); return RETURN_FOUND; } - mdebug1("Executing command '%s', and testing output with pattern '%s'", command, pattern); + LogDebug("Executing command '%s', and testing output with pattern '%s'", command, pattern); char *cmd_output = NULL; int result_code; switch (wm_exec(command, &cmd_output, &result_code, data->commands_timeout, NULL)) { case 0: - mdebug1("Command '%s' returned code %d", command, result_code); + LogDebug("Command '%s' returned code %d", command, result_code); break; case WM_ERROR_TIMEOUT: os_free(cmd_output); - mdebug1("Timeout overtaken running command '%s'", command); + LogDebug("Timeout overtaken running command '%s'", command); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Timeout overtaken running command '%s'", command) + 1, *reason); sprintf(*reason, "Timeout overtaken running command '%s'", command); @@ -1712,13 +1711,13 @@ static int wm_sca_read_command(char * command, return RETURN_INVALID; default: if (result_code == EXECVE_ERROR) { - mdebug1("Invalid path or wrong permissions to run command '%s'", command); + LogDebug("Invalid path or wrong permissions to run command '%s'", command); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Invalid path or wrong permissions to run command '%s'", command) + 1, *reason); sprintf(*reason, "Invalid path or wrong permissions to run command '%s'", command); } } else { - mdebug1("Failed to run command '%s'. Returned code %d", command, result_code); + LogDebug("Failed to run command '%s'. Returned code %d", command, result_code); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Failed to run command '%s'. Returned code %d", command, result_code) + 1, *reason); sprintf(*reason, "Failed to run command '%s'. Returned code %d", command, result_code); @@ -1728,7 +1727,7 @@ static int wm_sca_read_command(char * command, } if(!cmd_output) { - mdebug2("Command yielded no output. Returning."); + LogDebug("Command yielded no output. Returning."); return RETURN_NOT_FOUND; } @@ -1736,7 +1735,7 @@ static int wm_sca_read_command(char * command, output_line = OS_StrBreak('\n', cmd_output, 256); if(!output_line) { - mdebug1("Command output could not be processed. Output dump:\n%s", cmd_output); + LogDebug("Command output could not be processed. Output dump:\n%s", cmd_output); os_free(cmd_output); return RETURN_NOT_FOUND; } @@ -1755,7 +1754,7 @@ static int wm_sca_read_command(char * command, } free_strarray(output_line); - mdebug2("Result for (%s)(%s) -> %d", pattern, command, result); + LogDebug("Result for (%s)(%s) -> %d", pattern, command, result); return result; } @@ -1769,11 +1768,11 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co os_malloc(snprintf(NULL, 0, "No comparison provided.") + 1, *reason); sprintf(*reason, "No comparison provided."); } - mwarn("No comparison provided."); + LogWarn("No comparison provided."); return RETURN_INVALID; } - mdebug2("Partial comparison '%s'", partial_comparison); + LogDebug("Partial comparison '%s'", partial_comparison); w_expression_t * regex = NULL; if (strcmp(w_expression_get_regex_type(regex_engine), OSREGEX_STR) == 0) { @@ -1795,7 +1794,7 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co os_malloc(snprintf(NULL, 0, "Cannot compile regex.") + 1, *reason); sprintf(*reason, "Cannot compile regex."); } - mwarn("Cannot compile regex"); + LogWarn("Cannot compile regex"); w_free_expression_t(®ex); return RETURN_INVALID; } @@ -1807,7 +1806,7 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co os_malloc(snprintf(NULL, 0, "No integer was found within the comparison '%s' ", partial_comparison) + 1, *reason); sprintf(*reason, "No integer was found within the comparison '%s' ", partial_comparison); } - mwarn("No integer was found within the comparison '%s' ", partial_comparison); + LogWarn("No integer was found within the comparison '%s' ", partial_comparison); w_free_expression_match(regex, ®ex_match); w_free_expression_t(®ex); return RETURN_INVALID; @@ -1818,13 +1817,13 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co os_malloc(snprintf(NULL, 0, "No number was captured.") + 1, *reason); sprintf(*reason, "No number was captured."); } - mwarn("No number was captured."); + LogWarn("No number was captured."); w_free_expression_match(regex, ®ex_match); w_free_expression_t(®ex); return RETURN_INVALID; } - mdebug2("Value given for comparison: '%s'", regex_match->sub_strings[0]); + LogDebug("Value given for comparison: '%s'", regex_match->sub_strings[0]); errno = 0; char *strtol_end_ptr = NULL; @@ -1835,7 +1834,7 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co os_malloc(snprintf(NULL, 0, "Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]) + 1, *reason); sprintf(*reason, "Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); } - mwarn("Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); + LogWarn("Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); w_free_expression_match(regex, ®ex_match); w_free_expression_t(®ex); return RETURN_INVALID; @@ -1854,32 +1853,32 @@ static int wm_sca_apply_numeric_partial_comparison(const char * const partial_co w_free_expression_t(®ex); - mdebug2("Value converted: '%ld'", value_given); + LogDebug("Value converted: '%ld'", value_given); if ('=' == *partial_comparison) { - mdebug2("Operation is '%ld == %ld'", number, value_given); + LogDebug("Operation is '%ld == %ld'", number, value_given); return number == value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } else if (strstr(partial_comparison, "!=")) { - mdebug2("Operation is '%ld != %ld'", number, value_given); + LogDebug("Operation is '%ld != %ld'", number, value_given); return number != value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } else if (strstr(partial_comparison, "<=")) { - mdebug2("Operation is '%ld <= %ld'", number, value_given); + LogDebug("Operation is '%ld <= %ld'", number, value_given); return number <= value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } else if (strstr(partial_comparison, ">=")) { - mdebug2("Operation is '%ld >= %ld'", number, value_given); + LogDebug("Operation is '%ld >= %ld'", number, value_given); return number >= value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } else if (strstr(partial_comparison, "<")) { - mdebug2("Operation is '%ld < %ld'", number, value_given); + LogDebug("Operation is '%ld < %ld'", number, value_given); return number < value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } else if (strstr(partial_comparison, ">")) { - mdebug2("Operation is '%ld > %ld'", number, value_given); + LogDebug("Operation is '%ld > %ld'", number, value_given); return number > value_given ? RETURN_FOUND : RETURN_NOT_FOUND; } if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Unrecognized operation: '%s'", partial_comparison) + 1, *reason); sprintf(*reason, "Unrecognized operation: '%s'", partial_comparison); } - mdebug2("Unrecognized operation: '%s'", partial_comparison); + LogDebug("Unrecognized operation: '%s'", partial_comparison); return RETURN_INVALID; } @@ -1894,7 +1893,7 @@ static int wm_sca_regex_numeric_comparison (const char * const pattern, char *partial_comparison_ref = strstr(pattern_copy_ref, " compare "); if (!partial_comparison_ref) { - mdebug2("Keyword 'compare' not found. Did you forget adding 'compare COMPARATOR VALUE' to your rule?' %s'", pattern_copy_ref); + LogDebug("Keyword 'compare' not found. Did you forget adding 'compare COMPARATOR VALUE' to your rule?' %s'", pattern_copy_ref); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Keyword 'compare' not found. Did you forget adding 'compare COMPARATOR VALUE' to your rule?' %s'", pattern_copy_ref) + 1, *reason); sprintf(*reason, "Keyword 'compare' not found. Did you forget adding 'compare COMPARATOR VALUE' to your rule?' %s'", pattern_copy_ref); @@ -1905,10 +1904,10 @@ static int wm_sca_regex_numeric_comparison (const char * const pattern, *partial_comparison_ref = '\0'; partial_comparison_ref += 9; - mdebug2("REGEX: '%s'. Partial comparison: '%s'", pattern_copy_ref, partial_comparison_ref); + LogDebug("REGEX: '%s'. Partial comparison: '%s'", pattern_copy_ref, partial_comparison_ref); if (!w_expression_compile(regex_engine, pattern_copy_ref, OS_RETURN_SUBSTRING)) { - mdebug2("Cannot compile regex '%s'", pattern_copy_ref); + LogDebug("Cannot compile regex '%s'", pattern_copy_ref); if (!*reason) { os_malloc(snprintf(NULL, 0, "Cannot compile regex '%s'", pattern_copy_ref) + 1, *reason); sprintf(*reason, "Cannot compile regex '%s'", pattern_copy_ref); @@ -1920,14 +1919,14 @@ static int wm_sca_regex_numeric_comparison (const char * const pattern, os_calloc(1, sizeof(regex_matching), regex_match); if (!w_expression_match(regex_engine, str, NULL, regex_match)) { - mdebug2("No match found for regex '%s'", pattern_copy_ref); + LogDebug("No match found for regex '%s'", pattern_copy_ref); os_free(pattern_copy); w_free_expression_match(regex_engine, ®ex_match); return RETURN_NOT_FOUND; } if (!regex_match->sub_strings || !regex_match->sub_strings[0]) { - mdebug2("Regex '%s' matched, but no string was captured by it. Did you forget specifying a capture group?", pattern_copy_ref); + LogDebug("Regex '%s' matched, but no string was captured by it. Did you forget specifying a capture group?", pattern_copy_ref); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Regex '%s' matched, but no string was captured by it. Did you forget specifying a capture group?", pattern_copy_ref) + 1, *reason); sprintf(*reason, "Regex '%s' matched, but no string was captured by it. Did you forget specifying a capture group?", pattern_copy_ref); @@ -1937,14 +1936,14 @@ static int wm_sca_regex_numeric_comparison (const char * const pattern, return RETURN_INVALID; } - mdebug2("Captured value: '%s'", regex_match->sub_strings[0]); + LogDebug("Captured value: '%s'", regex_match->sub_strings[0]); errno = 0; char *strtol_end_ptr = NULL; const long int value_captured = strtol(regex_match->sub_strings[0], &strtol_end_ptr, 10); if (errno != 0 || strtol_end_ptr == regex_match->sub_strings[0]) { - mdebug2("Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); + LogDebug("Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); if (*reason == NULL) { os_malloc(snprintf(NULL, 0, "Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]) + 1, *reason); sprintf(*reason, "Conversion error. Cannot convert '%s' to integer.", regex_match->sub_strings[0]); @@ -1954,10 +1953,10 @@ static int wm_sca_regex_numeric_comparison (const char * const pattern, return RETURN_INVALID; } - mdebug2("Converted value: '%ld'", value_captured); + LogDebug("Converted value: '%ld'", value_captured); const int result = wm_sca_apply_numeric_partial_comparison(partial_comparison_ref, value_captured, reason, regex_engine); - mdebug2("Comparison result '%ld %s' -> %d", value_captured, partial_comparison_ref, result); + LogDebug("Comparison result '%ld %s' -> %d", value_captured, partial_comparison_ref, result); os_free(pattern_copy); if (regex_match) { @@ -1982,7 +1981,7 @@ int wm_sca_test_positive_minterm(char * const minterm, if (strncasecmp(pattern_ref, "r:", 2) == 0) { pattern_ref += 2; if (!w_expression_compile(regex_engine, pattern_ref, OS_RETURN_SUBSTRING)) { - mdebug2("Failed to compile regex '%s'", pattern_ref); + LogDebug("Failed to compile regex '%s'", pattern_ref); return RETURN_NOT_FOUND; } if (w_expression_match(regex_engine, str, NULL, NULL)) { @@ -2034,10 +2033,10 @@ int wm_sca_pattern_matches(const char * const str, w_free_expression_t(®ex); test_result *= minterm_result; - mdebug2("Testing minterm (%s%s)(%s) -> %d", negated ? "!" : "", minterm, *str != '\0' ? str : "EMPTY_LINE", minterm_result); + LogDebug("Testing minterm (%s%s)(%s) -> %d", negated ? "!" : "", minterm, *str != '\0' ? str : "EMPTY_LINE", minterm_result); } - mdebug2("Pattern test result: (%s)(%s) -> %d", pattern, *str != '\0' ? str : "EMPTY_LINE", test_result); + LogDebug("Pattern test result: (%s)(%s) -> %d", pattern, *str != '\0' ? str : "EMPTY_LINE", test_result); os_free(pattern_copy); return test_result; @@ -2058,13 +2057,13 @@ static int wm_sca_check_dir_existence(const char * const dir, char **reason) DIR *dp = opendir(realpath_buffer); const int open_dir_errno = errno; if (dp) { - mdebug2("DIR_EXISTS(%s) -> RETURN_FOUND", dir); + LogDebug("DIR_EXISTS(%s) -> RETURN_FOUND", dir); closedir(dp); return RETURN_FOUND; } if (open_dir_errno == ENOENT) { - mdebug2("DIR_EXISTS(%s) -> RETURN_NOT_FOUND. Reason: %s", dir, strerror(open_dir_errno)); + LogDebug("DIR_EXISTS(%s) -> RETURN_NOT_FOUND. Reason: %s", dir, strerror(open_dir_errno)); return RETURN_NOT_FOUND; } @@ -2073,7 +2072,7 @@ static int wm_sca_check_dir_existence(const char * const dir, char **reason) sprintf(*reason, "Could not check directory existence for '%s': %s", dir, strerror(open_dir_errno)); } - mdebug2("Could not check directory existence for '%s': %s", dir, strerror(open_dir_errno)); + LogDebug("Could not check directory existence for '%s': %s", dir, strerror(open_dir_errno)); return RETURN_INVALID; } @@ -2083,7 +2082,7 @@ static int wm_sca_check_dir(const char * const dir, char **reason, w_expression_t * regex_engine) { - mdebug2("Checking directory '%s'%s%s%s%s", dir, + LogDebug("Checking directory '%s'%s%s%s%s", dir, file ? " -> " : "", file ? file : "", pattern ? " -> " : "", pattern ? pattern: ""); @@ -2098,7 +2097,7 @@ static int wm_sca_check_dir(const char * const dir, sprintf(*reason, "Could not open dir '%s'", dir); } - mdebug2("Could not open dir '%s'", dir); + LogDebug("Could not open dir '%s'", dir); return RETURN_INVALID; } @@ -2111,7 +2110,7 @@ static int wm_sca_check_dir(const char * const dir, os_malloc(snprintf(NULL, 0, "Could not open '%s': %s", dir, strerror(open_dir_errno)) + 1, *reason); sprintf(*reason, "Could not open '%s': %s", dir, strerror(open_dir_errno)); } - mdebug2("Could not open '%s': %s", dir, strerror(open_dir_errno)); + LogDebug("Could not open '%s': %s", dir, strerror(open_dir_errno)); return RETURN_INVALID; } @@ -2129,12 +2128,12 @@ static int wm_sca_check_dir(const char * const dir, f_name[PATH_MAX + 1] = '\0'; snprintf(f_name, PATH_MAX + 1, "%s/%s", dir, entry->d_name); - mdebug2("Considering directory entry '%s'", f_name); + LogDebug("Considering directory entry '%s'", f_name); int result; struct stat statbuf_local; if (lstat(f_name, &statbuf_local) != 0) { - mdebug2("Cannot check directory entry '%s'", f_name); + LogDebug("Cannot check directory entry '%s'", f_name); if (*reason == NULL){ os_malloc(snprintf(NULL, 0, "Cannot check directory entry '%s", f_name) + 1, *reason); sprintf(*reason, "Cannot check directory entry '%s", f_name); @@ -2150,14 +2149,14 @@ static int wm_sca_check_dir(const char * const dir, { result = wm_sca_check_file_list(f_name, pattern, reason, regex_engine); } else { - mdebug2("Skipping directory entry '%s'", f_name); + LogDebug("Skipping directory entry '%s'", f_name); continue; } - mdebug2("Result for entry '%s': %d", f_name, result); + LogDebug("Result for entry '%s': %d", f_name, result); if (result == RETURN_FOUND) { - mdebug2("Match found in '%s', skipping the rest.", f_name); + LogDebug("Match found in '%s', skipping the rest.", f_name); result_accumulator = RETURN_FOUND; break; } else if (result == RETURN_INVALID) { @@ -2166,7 +2165,7 @@ static int wm_sca_check_dir(const char * const dir, } closedir(dp); - mdebug2("Check result for dir '%s': %d", dir, result_accumulator); + LogDebug("Check result for dir '%s': %d", dir, result_accumulator); return result_accumulator; } @@ -2222,7 +2221,7 @@ static int wm_sca_is_registry(char * entry_name, sprintf(*reason, "Invalid registry entry: '%s'", entry_name); } - merror("Invalid registry entry: '%s'", entry_name); + LogError("Invalid registry entry: '%s'", entry_name); return RETURN_INVALID; } @@ -2300,7 +2299,7 @@ static int wm_sca_test_key(char * subkey, char ** reason, w_expression_t * regex_engine) { - mdebug2("Checking '%s' in the %dBIT subsystem.", full_key_name, arch == KEY_WOW64_64KEY ? 64 : 32); + LogDebug("Checking '%s' in the %dBIT subsystem.", full_key_name, arch == KEY_WOW64_64KEY ? 64 : 32); HKEY oshkey; LSTATUS err = RegOpenKeyEx(wm_sca_sub_tree, subkey, 0, KEY_READ | arch, &oshkey); @@ -2309,7 +2308,7 @@ static int wm_sca_test_key(char * subkey, os_malloc(snprintf(NULL, 0, "Access denied for registry '%s'", full_key_name) + 1, *reason); sprintf(*reason, "Access denied for registry '%s'", full_key_name); } - merror("Access denied for registry '%s'", full_key_name); + LogError("Access denied for registry '%s'", full_key_name); return RETURN_INVALID; } else if (err != ERROR_SUCCESS) { char error_msg[OS_SIZE_1024 + 1]; @@ -2319,11 +2318,11 @@ static int wm_sca_test_key(char * subkey, NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &error_msg, OS_SIZE_1024, NULL); - mdebug2("Unable to read registry '%s': %s", full_key_name, error_msg); + LogDebug("Unable to read registry '%s': %s", full_key_name, error_msg); /* If registry not found and no key is requested -> return RETURN_NOT_FOUND */ if (!reg_option) { - mdebug2("Registry '%s' not found.", full_key_name); + LogDebug("Registry '%s' not found.", full_key_name); return RETURN_NOT_FOUND; } @@ -2401,7 +2400,7 @@ static int wm_sca_winreg_querykey(HKEY hKey, sprintf(*reason, "Unable to read registry '%s' (%s)", full_key_name, error_msg); } - mdebug2("Unable to read registry '%s': %s", full_key_name, error_msg); + LogDebug("Unable to read registry '%s': %s", full_key_name, error_msg); return RETURN_INVALID; } @@ -2440,7 +2439,7 @@ static int wm_sca_winreg_querykey(HKEY hKey, sprintf(*reason, "Unable to enumerate values of registry '%s' (%s)", full_key_name, error_msg); } - mdebug2("Unable to enumerate values of registry '%s' -> RETURN_INVALID", full_key_name); + LogDebug("Unable to enumerate values of registry '%s' -> RETURN_INVALID", full_key_name); return RETURN_INVALID; } @@ -2452,15 +2451,15 @@ static int wm_sca_winreg_querykey(HKEY hKey, /* Check if the entry name matches the reg_option */ if (strcasecmp(value_buffer, reg_option) != 0) { - mdebug2("Considering value '%s' -> '%s' != '%s': Skipping value.", full_key_name, value_buffer, reg_option); + LogDebug("Considering value '%s' -> '%s' != '%s': Skipping value.", full_key_name, value_buffer, reg_option); continue; } - mdebug2("Considering value '%s' -> '%s' == '%s': Value found.", full_key_name, value_buffer, reg_option); + LogDebug("Considering value '%s' -> '%s' == '%s': Value found.", full_key_name, value_buffer, reg_option); /* If a value is not present and the option matches return found */ if (!reg_value) { - mdebug2("No value data especified. Existence check for '%s': 1", full_key_name); + LogDebug("No value data especified. Existence check for '%s': 1", full_key_name); return RETURN_FOUND; } @@ -2510,7 +2509,7 @@ static int wm_sca_winreg_querykey(HKEY hKey, break; } - mdebug2("Checking value data '%s' with rule '%s'", var_storage, reg_value); + LogDebug("Checking value data '%s' with rule '%s'", var_storage, reg_value); int result = wm_sca_pattern_matches(var_storage, reg_value, reason, regex_engine); return result; @@ -2591,7 +2590,7 @@ static int wm_sca_send_summary(wm_sca_t * data, int scan_id,unsigned int passed, cJSON_AddNumberToObject(json_summary, "first_scan", first_scan); } - mdebug1("Sending summary event for file: '%s'", file->valuestring); + LogDebug("Sending summary event for file: '%s'", file->valuestring); if (last_summary_json[id]) { cJSON_Delete(last_summary_json[id]); @@ -2630,12 +2629,12 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const cJSON *rules = cJSON_GetObjectItem(check, "rules"); if(!pm_id) { - mdebug1("No 'id' field found on check."); + LogDebug("No 'id' field found on check."); goto error; } if(!pm_id->valueint) { - mdebug1("Field 'id' must be a number."); + LogDebug("Field 'id' must be a number."); goto error; } @@ -2643,23 +2642,23 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const if(title){ if(!title->valuestring) { - mdebug1("Field 'title' must be a string."); + LogDebug("Field 'title' must be a string."); goto error; } cJSON_AddStringToObject(check_information, "title", title->valuestring); } else { - mdebug1("No 'title' field found on check '%d'", pm_id->valueint); + LogDebug("No 'title' field found on check '%d'", pm_id->valueint); goto error; } if(!policy_id){ - mdebug1("No 'id' field found on policy."); + LogDebug("No 'id' field found on policy."); goto error; } if(description){ if(!description->valuestring) { - mdebug1("Field 'description' must be a string."); + LogDebug("Field 'description' must be a string."); goto error; } cJSON_AddStringToObject(check_information, "description", description->valuestring); @@ -2667,7 +2666,7 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const if(rationale){ if(!rationale->valuestring) { - mdebug1("Field 'rationale' must be a string."); + LogDebug("Field 'rationale' must be a string."); goto error; } cJSON_AddStringToObject(check_information, "rationale", rationale->valuestring); @@ -2675,7 +2674,7 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const if(remediation){ if(!remediation->valuestring) { - mdebug1("Field 'remediation' must be a string."); + LogDebug("Field 'remediation' must be a string."); goto error; } cJSON_AddStringToObject(check_information, "remediation", remediation->valuestring); @@ -2698,7 +2697,7 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const char *compliance_value = NULL; cJSON_ArrayForEach(version, policy){ if(!version->valuestring){ - mwarn("Invalid compliance format in policy: %s (check %d)", policy_id->valuestring, pm_id->valueint); + LogWarn("Invalid compliance format in policy: %s (check %d)", policy_id->valuestring, pm_id->valueint); continue; } wm_strcat(&compliance_value, version->valuestring, ','); @@ -2714,12 +2713,12 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const cJSON_AddItemToObject(check_information, "rules", cJSON_Duplicate(rules, 1)); if(!condition) { - mdebug1("No 'condition' field found on check."); + LogDebug("No 'condition' field found on check."); goto error; } if(!condition->valuestring) { - mdebug1("Field 'condition' must be a string."); + LogDebug("Field 'condition' must be a string."); goto error; } @@ -2834,7 +2833,7 @@ static cJSON *wm_sca_build_event(const cJSON * const check, const cJSON * const } if(!policy_id->valuestring) { - mdebug1("Field 'id' must be a string."); + LogDebug("Field 'id' must be a string."); goto error; } @@ -2892,7 +2891,7 @@ static int wm_sca_check_hash(OSHash * const cis_db_hash, const char * const resu if (!hashed_result) { if (ret_add = OSHash_Add(cis_db_hash,id_hashed,elem), ret_add != 2) { - merror("Unable to update hash table for check: %d", pm_id->valueint); + LogError("Unable to update hash table for check: %d", pm_id->valueint); os_free(elem->result); cJSON_Delete(elem->event); os_free(elem); @@ -2904,7 +2903,7 @@ static int wm_sca_check_hash(OSHash * const cis_db_hash, const char * const resu } if (ret_add = OSHash_Update(cis_db_hash,id_hashed,elem), ret_add != 1) { - merror("Unable to update hash table for check: %d", pm_id->valueint); + LogError("Unable to update hash table for check: %d", pm_id->valueint); os_free(elem->result); cJSON_Delete(elem->event); os_free(elem); @@ -2958,10 +2957,10 @@ static char *wm_sca_hash_integrity(int policy_index) { qsort(cis_db_for_hash[policy_index].elem, check_count, sizeof(struct cis_db_info_t *), compare_cis_db_info_t_entry); } - mdebug2("Concatenating check results:"); + LogDebug("Concatenating check results:"); for(i = 0; cis_db_for_hash[policy_index].elem[i]; i++) { const cis_db_info_t * const event = cis_db_for_hash[policy_index].elem[i]; - mdebug2("ID: %d; Result: '%s'", event->id, event->result); + LogDebug("ID: %d; Result: '%s'", event->id, event->result); if(event->result){ wm_strcat(&str,event->result,':'); } @@ -2983,7 +2982,7 @@ char *wm_sca_hash_integrity_file(const char *file) { os_malloc(65*sizeof(char), hash_file); if(OS_SHA256_File(file, hash_file, OS_TEXT) != 0){ - merror("Unable to calculate SHA256 for file '%s'", file); + LogError("Unable to calculate SHA256 for file '%s'", file); os_free(hash_file); return NULL; } @@ -3030,14 +3029,14 @@ static void *wm_sca_dump_db_thread(wm_sca_t * data) { if (request->first_scan) { w_time_delay(2000); - mdebug1("Sending first scan results for policy '%s'", data->policies[request->policy_index]->policy_path); + LogDebug("Sending first scan results for policy '%s'", data->policies[request->policy_index]->policy_path); } else { - minfo("Integration checksum failed for policy '%s'. Resending scan results in %d seconds.", + LogInfo("Integration checksum failed for policy '%s'. Resending scan results in %d seconds.", data->policies[request->policy_index]->policy_path, random); w_time_delay(1000 * time); } - mdebug1("Dumping results to SCA DB for policy '%s' (Policy index: %u)", + LogDebug("Dumping results to SCA DB for policy '%s' (Policy index: %u)", data->policies[request->policy_index]->policy_path, request->policy_index); int scan_id = -1; @@ -3067,7 +3066,7 @@ static void *wm_sca_dump_db_thread(wm_sca_t * data) { w_time_delay(5000); int elements_sent = i; - mdebug1("Sending end of dump control event."); + LogDebug("Sending end of dump control event."); wm_sca_send_dump_end(data,elements_sent,data->policies[request->policy_index]->policy_id,scan_id); @@ -3083,7 +3082,7 @@ static void *wm_sca_dump_db_thread(wm_sca_t * data) { wm_sca_send_alert(data,last_summary_json[request->policy_index]); } - mdebug1("Finished dumping scan results to SCA DB for policy '%s' (%u) (%d)", + LogDebug("Finished dumping scan results to SCA DB for policy '%s' (%u) (%d)", data->policies[request->policy_index]->policy_id, request->policy_index, request->first_scan); @@ -3126,7 +3125,7 @@ void wm_sca_push_request_win(char * msg){ char *first_scan = strchr(db,':'); if (!first_scan) { - mdebug1("First scan flag missing."); + LogDebug("First scan flag missing."); return; } @@ -3159,7 +3158,7 @@ void wm_sca_push_request_win(char * msg){ if(queue_push_ex(request_queue,request) < 0) { os_free(request); - mdebug1("Could not push policy index to queue."); + LogDebug("Could not push policy index to queue."); } break; } @@ -3177,7 +3176,7 @@ static void * wm_sca_request_thread(wm_sca_t * data) { /* Create request socket */ int cfga_queue; if ((cfga_queue = StartMQWithSpecificOwnerAndPerms(CFGAQUEUE, READ, 0, getuid(), wm_getGroupID(), 0660)) < 0) { - merror(QUEUE_ERROR, CFGAQUEUE, strerror(errno)); + LogError(QUEUE_ERROR, CFGAQUEUE, strerror(errno)); pthread_exit(NULL); } @@ -3207,7 +3206,7 @@ static void * wm_sca_request_thread(wm_sca_t * data) { char *first_scan = strchr(db,':'); if (!first_scan) { - mdebug1("First scan flag missing."); + LogDebug("First scan flag missing."); continue; } @@ -3238,7 +3237,7 @@ static void * wm_sca_request_thread(wm_sca_t * data) { if(queue_push_ex(request_queue,request) < 0) { os_free(request); - mdebug1("Could not push policy index to queue."); + LogDebug("Could not push policy index to queue."); } break; } diff --git a/src/modules/src/moduleManager.cpp b/src/modules/src/moduleManager.cpp new file mode 100644 index 0000000000..71696bd659 --- /dev/null +++ b/src/modules/src/moduleManager.cpp @@ -0,0 +1,53 @@ +#include + +#ifdef ENABLE_INVENTORY +#include +#endif + +#ifdef ENABLE_LOGCOLLECTOR +#include +using logcollector::Logcollector; +#endif + +#include + +void ModuleManager::AddModules() { + +#ifdef ENABLE_INVENTORY + Inventory& inventory = Inventory::Instance(); + inventory.SetAgentUUID(m_agentUUID); + AddModule(inventory); +#endif + +#ifdef ENABLE_LOGCOLLECTOR + AddModule(Logcollector::Instance()); +#endif + + Setup(); +} + +std::shared_ptr ModuleManager::GetModule(const std::string & name) { + auto it = m_modules.find(name); + if (it != m_modules.end()) { + return it->second; + } + return nullptr; +} + +void ModuleManager::Start() { + for (const auto &[_, module] : m_modules) { + m_createTask([module]() { module->Start(); }); + } +} + +void ModuleManager::Setup() { + for (const auto &[_, module] : m_modules) { + module->Setup(m_configurationParser); + } +} + +void ModuleManager::Stop() { + for (const auto &[_, module] : m_modules) { + module->Stop(); + } +} diff --git a/src/modules/tests/CMakeLists.txt b/src/modules/tests/CMakeLists.txt new file mode 100644 index 0000000000..bba2b3af53 --- /dev/null +++ b/src/modules/tests/CMakeLists.txt @@ -0,0 +1,13 @@ +find_package(GTest CONFIG REQUIRED) + +add_executable(module_manager_test moduleManager_test.cpp) +configure_target(module_manager_test) +target_include_directories(module_manager_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include) +target_link_libraries(module_manager_test PRIVATE + ModuleCommand + ModuleManager + GTest::gtest + GTest::gtest_main + GTest::gmock + GTest::gmock_main) +add_test(NAME ModuleManagerTest COMMAND module_manager_test) diff --git a/src/modules/tests/moduleManager_test.cpp b/src/modules/tests/moduleManager_test.cpp new file mode 100644 index 0000000000..5a7041b5ab --- /dev/null +++ b/src/modules/tests/moduleManager_test.cpp @@ -0,0 +1,171 @@ +#include +#include +#include + +// Mock classes to simulate modules +class MockModule { +public: + MOCK_METHOD(void, Start, (), ()); + MOCK_METHOD(void, Setup, (std::shared_ptr), ()); + MOCK_METHOD(void, Stop, (), ()); + MOCK_METHOD(boost::asio::awaitable, ExecuteCommand, (const std::string&, const nlohmann::json&), ()); + MOCK_METHOD(std::string, Name, (), (const)); + MOCK_METHOD(void, SetPushMessageFunction, (const std::function)); +}; + +class ModuleManagerTest : public ::testing::Test { +protected: + std::function pushMessage; + std::shared_ptr configurationParser; + std::function)> createTask; + ModuleManager manager; + MockModule mockModule; + + ModuleManagerTest() + : pushMessage([](const Message&) { return 0; }), + configurationParser(std::make_shared()), + createTask([](const std::function& task) { task(); }), + manager(pushMessage, configurationParser, createTask, "uuid1234") + {} + + void SetUp() override { + // Set up default expectations for mock methods + ON_CALL(mockModule, Name()).WillByDefault(testing::Return("MockModule")); + } +}; + +TEST_F(ModuleManagerTest, Constructor) { + EXPECT_NO_THROW(ModuleManager(pushMessage, configurationParser, createTask, "uuid1234")); +} + +TEST_F(ModuleManagerTest, AddModule) { + EXPECT_CALL(mockModule, Name()).Times(1); + + manager.AddModule(mockModule); + + auto moduleWrapper = manager.GetModule("MockModule"); + EXPECT_NE(moduleWrapper, nullptr); +} + +TEST_F(ModuleManagerTest, AddMultipleModules) { + MockModule mockModule1, mockModule2; + + EXPECT_CALL(mockModule1, Name()).WillOnce(testing::Return("MockModule1")); + EXPECT_CALL(mockModule2, Name()).WillOnce(testing::Return("MockModule2")); + + manager.AddModule(mockModule1); + manager.AddModule(mockModule2); + + auto moduleWrapper1 = manager.GetModule("MockModule1"); + auto moduleWrapper2 = manager.GetModule("MockModule2"); + + EXPECT_NE(moduleWrapper1, nullptr); + EXPECT_NE(moduleWrapper2, nullptr); +} + +TEST_F(ModuleManagerTest, AddModuleDuplicateName) { + MockModule mockModule1, mockModule2; + + EXPECT_CALL(mockModule1, Name()).WillOnce(testing::Return("MockModule")); + EXPECT_CALL(mockModule2, Name()).WillOnce(testing::Return("MockModule")); + + manager.AddModule(mockModule1); + + EXPECT_THROW(manager.AddModule(mockModule2), std::runtime_error); +} + +TEST_F(ModuleManagerTest, GetModuleNotFound) { + auto moduleWrapper = manager.GetModule("NonExistentModule"); + EXPECT_EQ(moduleWrapper, nullptr); +} + +TEST_F(ModuleManagerTest, SetupModules) { + EXPECT_CALL(mockModule, Name()).Times(1); + EXPECT_CALL(mockModule, Setup(testing::_)).Times(1); + + manager.AddModule(mockModule); + manager.Setup(); +} + +TEST_F(ModuleManagerTest, SetupMultipleModules) { + MockModule mockModule1, mockModule2; + + EXPECT_CALL(mockModule1, Name()).WillOnce(testing::Return("MockModule1")); + EXPECT_CALL(mockModule2, Name()).WillOnce(testing::Return("MockModule2")); + + EXPECT_CALL(mockModule1, Setup(testing::_)).Times(1); + EXPECT_CALL(mockModule2, Setup(testing::_)).Times(1); + + manager.AddModule(mockModule1); + manager.AddModule(mockModule2); + manager.Setup(); +} + +TEST_F(ModuleManagerTest, StartModules) { + EXPECT_CALL(mockModule, Name()).Times(2); + EXPECT_CALL(mockModule, Start()).Times(1); + + manager.AddModule(mockModule); + manager.Start(); + + auto moduleWrapper = manager.GetModule("MockModule"); + EXPECT_EQ(moduleWrapper->Name(), "MockModule"); + + manager.Stop(); +} + +TEST_F(ModuleManagerTest, StartMultipleModules) { + MockModule mockModule1, mockModule2; + + EXPECT_CALL(mockModule1, Name()).Times(2).WillRepeatedly(testing::Return("MockModule1")); + EXPECT_CALL(mockModule2, Name()).Times(2).WillRepeatedly(testing::Return("MockModule2")); + + EXPECT_CALL(mockModule1, Start()).Times(1); + EXPECT_CALL(mockModule2, Start()).Times(1); + EXPECT_CALL(mockModule1, Stop()).Times(1); + EXPECT_CALL(mockModule2, Stop()).Times(1); + + manager.AddModule(mockModule1); + manager.AddModule(mockModule2); + + manager.Start(); + + auto moduleWrapper1 = manager.GetModule("MockModule1"); + auto moduleWrapper2 = manager.GetModule("MockModule2"); + + EXPECT_NE(moduleWrapper1, nullptr); + EXPECT_NE(moduleWrapper2, nullptr); + + EXPECT_EQ(moduleWrapper1->Name(), "MockModule1"); + EXPECT_EQ(moduleWrapper2->Name(), "MockModule2"); + + manager.Stop(); +} + +TEST_F(ModuleManagerTest, StopModules) { + EXPECT_CALL(mockModule, Name()).Times(1); + EXPECT_CALL(mockModule, Stop()).Times(1); + + manager.AddModule(mockModule); + manager.Stop(); +} + +TEST_F(ModuleManagerTest, StopMultipleModules) { + MockModule mockModule1, mockModule2; + + EXPECT_CALL(mockModule1, Name()).WillOnce(testing::Return("MockModule1")); + EXPECT_CALL(mockModule2, Name()).WillOnce(testing::Return("MockModule2")); + + EXPECT_CALL(mockModule1, Stop()).Times(1); + EXPECT_CALL(mockModule2, Stop()).Times(1); + + manager.AddModule(mockModule1); + manager.AddModule(mockModule2); + manager.Stop(); +} + +int main(int argc, char** argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/modules/upgrade/src/wm_agent_upgrade.c b/src/modules/upgrade/src/wm_agent_upgrade.c index e298d6e982..28989efe7b 100644 --- a/src/modules/upgrade/src/wm_agent_upgrade.c +++ b/src/modules/upgrade/src/wm_agent_upgrade.c @@ -60,7 +60,7 @@ wm_agent_upgrade_start_agent_module(&upgrade_config->agent_config, upgrade_confi } STATIC void wm_agent_upgrade_destroy(wm_agent_upgrade* upgrade_config) { - mtinfo(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_MODULE_FINISHED); + LogInfo(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_MODULE_FINISHED); os_free(upgrade_config); } diff --git a/src/modules/upgrade/src/wm_agent_upgrade_agent.c b/src/modules/upgrade/src/wm_agent_upgrade_agent.c index 0a3598678f..3e38cebc6e 100644 --- a/src/modules/upgrade/src/wm_agent_upgrade_agent.c +++ b/src/modules/upgrade/src/wm_agent_upgrade_agent.c @@ -96,7 +96,7 @@ void wm_agent_upgrade_start_agent_module(const wm_agent_configs* agent_config, c if (!enabled) { allow_upgrades = false; } else { - mtinfo(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_MODULE_STARTED); + LogInfo(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_MODULE_STARTED); } #ifndef WIN32 @@ -118,7 +118,7 @@ STATIC void* wm_agent_upgrade_listen_messages(__attribute__((unused)) void *arg) int sock = OS_BindUnixDomainWithPerms(sockname, SOCK_STREAM, OS_MAXSTR, getuid(), wm_getGroupID(), 0660); if (sock < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_BIND_SOCK_ERROR, AGENT_UPGRADE_SOCK, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_BIND_SOCK_ERROR, AGENT_UPGRADE_SOCK, strerror(errno)); return NULL; } @@ -131,7 +131,7 @@ STATIC void* wm_agent_upgrade_listen_messages(__attribute__((unused)) void *arg) switch (select(sock + 1, &fdset, NULL, NULL, NULL)) { case -1: if (errno != EINTR) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_SELECT_ERROR, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_SELECT_ERROR, strerror(errno)); close(sock); return NULL; } @@ -144,7 +144,7 @@ STATIC void* wm_agent_upgrade_listen_messages(__attribute__((unused)) void *arg) int peer; if (peer = accept(sock, NULL, NULL), peer < 0) { if (errno != EINTR) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ACCEPT_ERROR, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ACCEPT_ERROR, strerror(errno)); } continue; } @@ -156,20 +156,20 @@ STATIC void* wm_agent_upgrade_listen_messages(__attribute__((unused)) void *arg) int length; switch (length = OS_RecvSecureTCP(peer, buffer, OS_MAXSTR), length) { case OS_SOCKTERR: - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_SOCKTERR_ERROR); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_SOCKTERR_ERROR); break; case -1: - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_RECV_ERROR, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_RECV_ERROR, strerror(errno)); break; case 0: - mtdebug1(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_EMPTY_MESSAGE); + LogDebug(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_EMPTY_MESSAGE); break; default: - mtdebug1(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INCOMMING_MESSAGE, buffer); + LogDebug(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INCOMMING_MESSAGE, buffer); char* message = NULL; size_t length = wm_agent_upgrade_process_command(buffer, &message); - mtdebug1(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_RESPONSE_MESSAGE, message); + LogDebug(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_RESPONSE_MESSAGE, message); OS_SendSecureTCP(peer, length, message); os_free(message); break; @@ -201,7 +201,7 @@ STATIC void wm_agent_upgrade_check_status(const wm_agent_configs* agent_config) sleep(WM_AGENT_UPGRADE_RESULT_WAIT_TIME); if (queue_fd < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_QUEUE_FD); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_QUEUE_FD); } else { bool result_available = true; unsigned int wait_time = agent_config->upgrade_wait_start; @@ -270,17 +270,17 @@ STATIC void wm_upgrade_agent_send_ack_message(int *queue_fd, wm_upgrade_agent_st char *msg_string = cJSON_PrintUnformatted(root); if (wm_sendmsg(msg_delay, *queue_fd, msg_string, task_manager_modules_list[WM_TASK_UPGRADE_MODULE], UPGRADE_MQ) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno)); if(*queue_fd >= 0){ close(*queue_fd); } *queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS); if (*queue_fd < 0) { - mterror_exit(WM_AGENT_UPGRADE_LOGTAG, QUEUE_FATAL, DEFAULTQUEUE); + LogCritical(WM_AGENT_UPGRADE_LOGTAG, QUEUE_FATAL, DEFAULTQUEUE); } } - mtdebug1(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ACK_MESSAGE, msg_string); + LogDebug(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ACK_MESSAGE, msg_string); os_free(msg_string); cJSON_Delete(root); } diff --git a/src/modules/upgrade/src/wm_agent_upgrade_com.c b/src/modules/upgrade/src/wm_agent_upgrade_com.c index f22d60f46e..244b5616fe 100644 --- a/src/modules/upgrade/src/wm_agent_upgrade_com.c +++ b/src/modules/upgrade/src/wm_agent_upgrade_com.c @@ -214,18 +214,18 @@ STATIC char * wm_agent_upgrade_com_open(const cJSON* json_object) { const cJSON *file_path_obj = cJSON_GetObjectItem(json_object, "file"); if (*file.path) { - mtwarn(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPENED, "open", file.path); + LogWarn(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPENED, "open", file.path); fclose(file.fp); *file.path = '\0'; } if (!mode_obj || (mode_obj->type != cJSON_String) || (strcmp(mode_obj->valuestring, "w") && strcmp(mode_obj->valuestring, "wb"))) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNSUPPORTED_MODE, "open"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNSUPPORTED_MODE, "open"); return wm_agent_upgrade_command_ack(ERROR_UNSOPPORTED_MODE, error_messages[ERROR_UNSOPPORTED_MODE]); } if (!file_path_obj || (file_path_obj->type != cJSON_String) || _jailfile(final_path, INCOMING_DIR, file_path_obj->valuestring) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "open"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "open"); return wm_agent_upgrade_command_ack(ERROR_INVALID_FILE_NAME, error_messages[ERROR_INVALID_FILE_NAME]); } @@ -233,7 +233,7 @@ STATIC char * wm_agent_upgrade_com_open(const cJSON* json_object) { snprintf(file.path, sizeof(file.path), "%s", final_path); return wm_agent_upgrade_command_ack(ERROR_OK, error_messages[ERROR_OK]); } else { - mterror(WM_AGENT_UPGRADE_LOGTAG, FOPEN_ERROR, file_path_obj->valuestring, errno, strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, FOPEN_ERROR, file_path_obj->valuestring, errno, strerror(errno)); char *output; os_malloc(OS_MAXSTR + 1, output); snprintf(output, OS_MAXSTR + 1, error_messages[ERROR_FILE_OPEN], strerror(errno)); @@ -250,17 +250,17 @@ STATIC char * wm_agent_upgrade_com_write(const cJSON* json_object) { char final_path[PATH_MAX + 1]; if (!*file.path) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_NOT_OPENED_AUTO, "write"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_NOT_OPENED_AUTO, "write"); return wm_agent_upgrade_command_ack(ERROR_FILE_NOT_OPENED, error_messages[ERROR_FILE_NOT_OPENED]); } if (!file_path_obj || (file_path_obj->type != cJSON_String) || _jailfile(final_path, INCOMING_DIR, file_path_obj->valuestring) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "write"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "write"); return wm_agent_upgrade_command_ack(ERROR_INVALID_FILE_NAME, error_messages[ERROR_INVALID_FILE_NAME]); } if (strcmp(file.path, final_path) != 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_DIFFERENT_FILE, "write", file.path); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_DIFFERENT_FILE, "write", file.path); return wm_agent_upgrade_command_ack(ERROR_TARGET_FILE_NOT_MATCH, error_messages[ERROR_TARGET_FILE_NOT_MATCH]); } @@ -270,7 +270,7 @@ STATIC char * wm_agent_upgrade_com_write(const cJSON* json_object) { return wm_agent_upgrade_command_ack(ERROR_OK, error_messages[ERROR_OK]); } else { os_free(base64_string); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_WRITE, "write", final_path); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_WRITE, "write", final_path); return wm_agent_upgrade_command_ack(ERROR_WRITE_FILE, error_messages[ERROR_WRITE_FILE]); } } @@ -280,24 +280,24 @@ STATIC char * wm_agent_upgrade_com_close(const cJSON* json_object) { char final_path[PATH_MAX + 1]; if (!*file.path) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_NOT_OPENED, "close"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_NOT_OPENED, "close"); return wm_agent_upgrade_command_ack(ERROR_FILE_NOT_OPENED2, error_messages[ERROR_FILE_NOT_OPENED2]); } if (!file_path_obj || (file_path_obj->type != cJSON_String) || _jailfile(final_path, INCOMING_DIR, file_path_obj->valuestring) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "close"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "close"); return wm_agent_upgrade_command_ack(ERROR_INVALID_FILE_NAME, error_messages[ERROR_INVALID_FILE_NAME]); } if (strcmp(file.path, final_path) != 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_DIFFERENT_FILE, "close", file.path); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_DIFFERENT_FILE, "close", file.path); return wm_agent_upgrade_command_ack(ERROR_TARGET_FILE_NOT_MATCH, error_messages[ERROR_TARGET_FILE_NOT_MATCH]); } *file.path = '\0'; if (fclose(file.fp)) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "close", strerror(errno)); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "close", strerror(errno)); return wm_agent_upgrade_command_ack(ERROR_CLOSE, error_messages[ERROR_CLOSE]); } @@ -310,12 +310,12 @@ STATIC char * wm_agent_upgrade_com_sha1(const cJSON* json_object) { os_sha1 sha1; if (!file_path_obj || (file_path_obj->type != cJSON_String) || _jailfile(final_path, INCOMING_DIR, file_path_obj->valuestring) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "sha1"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "sha1"); return wm_agent_upgrade_command_ack(ERROR_INVALID_FILE_NAME, error_messages[ERROR_INVALID_FILE_NAME]); } if (OS_SHA1_File(final_path, sha1, OS_BINARY) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GENERATING_SHA1_ERROR, "sha1"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GENERATING_SHA1_ERROR, "sha1"); return wm_agent_upgrade_command_ack(ERROR_GEN_SHA1, error_messages[ERROR_GEN_SHA1]); } @@ -335,27 +335,27 @@ STATIC char * wm_agent_upgrade_com_upgrade(const cJSON* json_object) { // Unsign if (!package_obj || (package_obj->type != cJSON_String) || _unsign(package_obj->valuestring, compressed) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_SIGNATURE]); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_SIGNATURE]); return wm_agent_upgrade_command_ack(ERROR_SIGNATURE, error_messages[ERROR_SIGNATURE]); } // Uncompress if (_uncompress(compressed, package_obj->valuestring, merged) < 0) { unlink(compressed); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_COMPRESS]); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_COMPRESS]); return wm_agent_upgrade_command_ack(ERROR_COMPRESS, error_messages[ERROR_COMPRESS]); } // Clean up upgrade folder if (cldir_ex(UPGRADE_DIR)) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_CLEAN_DIRECTORY]); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_GERENIC_ERROR, "upgrade", error_messages[ERROR_CLEAN_DIRECTORY]); return wm_agent_upgrade_command_ack(ERROR_CLEAN_DIRECTORY, error_messages[ERROR_CLEAN_DIRECTORY]); } //Unmerge if (UnmergeFiles(merged, UPGRADE_DIR, OS_BINARY, NULL) == 0) { unlink(merged); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNMERGING_FILE_ERROR, "upgrade", merged); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNMERGING_FILE_ERROR, "upgrade", merged); return wm_agent_upgrade_command_ack(ERROR_UNMERGE, error_messages[ERROR_UNMERGE]); } @@ -363,20 +363,20 @@ STATIC char * wm_agent_upgrade_com_upgrade(const cJSON* json_object) { // Installer executable file if (!installer_obj || (installer_obj->type != cJSON_String) || _jailfile(installer_j, UPGRADE_DIR, installer_obj->valuestring) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "upgrade"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "upgrade"); return wm_agent_upgrade_command_ack(ERROR_INVALID_FILE_NAME, error_messages[ERROR_INVALID_FILE_NAME]); } // Execute #ifndef WIN32 if (chmod(installer_j, 0750) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CHMOD_ERROR, "upgrade", installer_j); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CHMOD_ERROR, "upgrade", installer_j); return wm_agent_upgrade_command_ack(ERROR_CHMOD, error_messages[ERROR_CHMOD]); } #endif if (wm_exec(installer_j, &out, &status, req_timeout, NULL) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_COMMAND_ERROR, "upgrade", installer_j); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_COMMAND_ERROR, "upgrade", installer_j); os_free(out); return wm_agent_upgrade_command_ack(ERROR_EXEC, error_messages[ERROR_EXEC]); } else { @@ -393,7 +393,7 @@ STATIC char * wm_agent_upgrade_com_clear_result() { allow_upgrades = true; return wm_agent_upgrade_command_ack(ERROR_OK, error_messages[ERROR_OK]); } else { - mtdebug1(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ERASE_FILE_ERROR, "clear_upgrade_result", PATH); + LogDebug(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_ERASE_FILE_ERROR, "clear_upgrade_result", PATH); return wm_agent_upgrade_command_ack(ERROR_CLEAR_UPGRADE_FILE, error_messages[ERROR_CLEAR_UPGRADE_FILE]); } } @@ -418,12 +418,12 @@ STATIC int _unsign(const char * source, char dest[PATH_MAX + 1]) { int output = 0; if (_jailfile(source_j, INCOMING_DIR, source) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "unsign()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "unsign()"); return -1; } if (_jailfile(dest, TMP_DIR, source) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "unsign()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "unsign()"); return -1; } @@ -431,7 +431,7 @@ STATIC int _unsign(const char * source, char dest[PATH_MAX + 1]) { // which causes an error in the _jailfile instead of here // LCOV_EXCL_START if (length = strlen(dest), length + 10 > PATH_MAX) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_TOO_LONG_TEMP_FILE, "unsign()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_TOO_LONG_TEMP_FILE, "unsign()"); return -1; } // LCOV_EXCL_STOP @@ -446,20 +446,20 @@ STATIC int _unsign(const char * source, char dest[PATH_MAX + 1]) { if (chmod(dest, 0640) < 0) { unlink(dest); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CHMOD_ERROR, "unsign()", dest); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CHMOD_ERROR, "unsign()", dest); output = -1; } } else { #else if (_mktemp_s(dest, strlen(dest) + 1)) { #endif - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_COMPRESSED_FILE_ERROR, "unsign()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_COMPRESSED_FILE_ERROR, "unsign()"); output = -1; } if ((output == 0) && w_wpk_unsign(source_j, dest, (const char **)wcom_ca_store) < 0) { unlink(dest); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNSIGN_FILE_ERROR, "unsign()", source_j); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_UNSIGN_FILE_ERROR, "unsign()", source_j); output = -1; } umask(old_mask); @@ -474,7 +474,7 @@ STATIC int _uncompress(const char * source, const char *package, char dest[PATH_ FILE *ftarget; if (_jailfile(dest, TMP_DIR, package) < 0) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "uncompress()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_INVALID_FILE_NAME, "uncompress()"); return -1; } @@ -482,7 +482,7 @@ STATIC int _uncompress(const char * source, const char *package, char dest[PATH_ size_t length; if (length = strlen(dest), length + 10 > PATH_MAX) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_TOO_LONG_TEMP_FILE, "uncompress()"); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_TOO_LONG_TEMP_FILE, "uncompress()"); return -1; } @@ -490,13 +490,13 @@ STATIC int _uncompress(const char * source, const char *package, char dest[PATH_ } if (fsource = gzopen(source, "rb"), !fsource) { - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPEN_ERROR, "uncompress()", source); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPEN_ERROR, "uncompress()", source); return -1; } if (ftarget = wfopen(dest, "wb"), !ftarget) { gzclose(fsource); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPEN_ERROR, "uncompress()", dest); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_FILE_OPEN_ERROR, "uncompress()", dest); return -1; } @@ -508,7 +508,7 @@ STATIC int _uncompress(const char * source, const char *package, char dest[PATH_ unlink(dest); gzclose(fsource); fclose(ftarget); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_WRITE, "uncompress()", source); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_WRITE, "uncompress()", source); return -1; } } @@ -518,7 +518,7 @@ STATIC int _uncompress(const char * source, const char *package, char dest[PATH_ if (length < 0) { unlink(dest); - mterror(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_READ, "uncompress()", source); + LogError(WM_AGENT_UPGRADE_LOGTAG, WM_UPGRADE_CANNOT_READ, "uncompress()", source); return -1; } } diff --git a/src/ports-overlay/jwt-cpp/portfile.cmake b/src/ports-overlay/jwt-cpp/portfile.cmake new file mode 100644 index 0000000000..4feafe7666 --- /dev/null +++ b/src/ports-overlay/jwt-cpp/portfile.cmake @@ -0,0 +1,18 @@ +vcpkg_from_github( + OUT_SOURCE_PATH SOURCE_PATH + REPO Thalhammer/jwt-cpp + REF "v${VERSION}" + SHA512 b6fdb93e3f2f065a2eb45fe16cb076a932b8d4bfad2251bd66d2be40d8afaf5c27a9cf17aaea61d8bfa3f5ff9ed3b45f90962dc14d72704ac5b9d717c12cc79f + HEAD_REF master +) + +vcpkg_configure_cmake( + SOURCE_PATH "${SOURCE_PATH}" + OPTIONS + -DJWT_DISABLE_PICOJSON=ON + -DJWT_BUILD_EXAMPLES=OFF +) + +# Copy the header files +file(GLOB HEADER_FILES ${SOURCE_PATH}/include/jwt-cpp/*) +file(COPY ${HEADER_FILES} DESTINATION ${CURRENT_PACKAGES_DIR}/include/jwt-cpp) diff --git a/src/ports-overlay/jwt-cpp/vcpkg.json b/src/ports-overlay/jwt-cpp/vcpkg.json new file mode 100644 index 0000000000..396bd6c95c --- /dev/null +++ b/src/ports-overlay/jwt-cpp/vcpkg.json @@ -0,0 +1,7 @@ +{ + "name": "jwt-cpp", + "version-semver": "0.7.0", + "description": "A header only library for creating and validating json web tokens in c++", + "homepage": "https://github.com/Thalhammer/jwt-cpp", + "license": "MIT" +} diff --git a/src/ports-overlay/libdb/portfile.cmake b/src/ports-overlay/libdb/portfile.cmake index d98118972b..3c870b9def 100644 --- a/src/ports-overlay/libdb/portfile.cmake +++ b/src/ports-overlay/libdb/portfile.cmake @@ -11,13 +11,13 @@ vcpkg_configure_make( OPTIONS ${OPTIONS} --with-cryptography=no - --disable-queue - --disable-heap - --disable-partition - --disable-mutexsupport - --disable-replication - --disable-verify - --disable-statistics + --disable-queue + --disable-heap + --disable-partition + --disable-mutexsupport + --disable-replication + --disable-verify + --disable-statistics ac_cv_func_pthread_yield=no ) diff --git a/src/ports-overlay/librpm/portfile.cmake b/src/ports-overlay/librpm/portfile.cmake index aacbbe1927..73f2723a95 100644 --- a/src/ports-overlay/librpm/portfile.cmake +++ b/src/ports-overlay/librpm/portfile.cmake @@ -9,8 +9,12 @@ vcpkg_from_github( vcpkg_configure_make( SOURCE_PATH "${SOURCE_PATH}" OPTIONS + "--with-crypto=openssl" + "--enable-sqlite=yes" "--disable-openmp" "--disable-plugins" + "--enable-ndb" + "--enable-bdb-ro" ) vcpkg_install_make() @@ -19,14 +23,14 @@ vcpkg_copy_pdbs() file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share" "${CURRENT_PACKAGES_DIR}/debug/lib/rpm-plugins" - "${CURRENT_PACKAGES_DIR}/debug/lib/rpm/lua" - "${CURRENT_PACKAGES_DIR}/debug/lib/rpm/macros.d" - "${CURRENT_PACKAGES_DIR}/debug/var/tmp" - "${CURRENT_PACKAGES_DIR}/lib/rpm-plugins" - "${CURRENT_PACKAGES_DIR}/lib/rpm/lua" - "${CURRENT_PACKAGES_DIR}/lib/rpm/macros.d" + "${CURRENT_PACKAGES_DIR}/debug/lib/rpm/lua" + "${CURRENT_PACKAGES_DIR}/debug/lib/rpm/macros.d" + "${CURRENT_PACKAGES_DIR}/debug/var/tmp" + "${CURRENT_PACKAGES_DIR}/lib/rpm-plugins" + "${CURRENT_PACKAGES_DIR}/lib/rpm/lua" + "${CURRENT_PACKAGES_DIR}/lib/rpm/macros.d" "${CURRENT_PACKAGES_DIR}/var/tmp" - "${CURRENT_PACKAGES_DIR}/debug/var" + "${CURRENT_PACKAGES_DIR}/debug/var" "${CURRENT_PACKAGES_DIR}/var") set(VCPKG_POLICY_SKIP_COPYRIGHT_CHECK enabled) diff --git a/src/ports-overlay/procps/fix_glibc_collision.patch b/src/ports-overlay/procps/fix_glibc_collision.patch new file mode 100644 index 0000000000..d47ea0088f --- /dev/null +++ b/src/ports-overlay/procps/fix_glibc_collision.patch @@ -0,0 +1,82 @@ +diff --git a/top.c b/top.c +index c22d4f00..0aba1b15 100644 +--- a/top.c ++++ b/top.c +@@ -1713,8 +1713,8 @@ static void zap_fieldstab (void) { + + if (once) goto always; + +- Fieldstab[P_PID].head = " PID "; +- Fieldstab[P_PID].fmts = "%5d "; ++ Fieldstab[Px_PID].head = " PID "; ++ Fieldstab[Px_PID].fmts = "%5d "; + Fieldstab[P_PPD].head = " PPID "; + Fieldstab[P_PPD].fmts = "%5d "; + Fieldstab[P_PGD].head = " PGRP "; +@@ -1728,8 +1728,8 @@ static void zap_fieldstab (void) { + if (5 < (digits = get_pid_digits())) { + if (10 < digits) error_exit("failed pid size test"); + snprintf(fmts_pid, sizeof(fmts_pid), "%%%uu ", digits); +- Fieldstab[P_PID].head = " PID " + 10 - digits; +- Fieldstab[P_PID].fmts = fmts_pid; ++ Fieldstab[Px_PID].head = " PID " + 10 - digits; ++ Fieldstab[Px_PID].fmts = fmts_pid; + Fieldstab[P_PPD].head = " PPID " + 10 - digits; + Fieldstab[P_PPD].fmts = fmts_pid; + Fieldstab[P_PGD].head = " PGRP " + 10 - digits; +@@ -3075,7 +3075,7 @@ static void keys_xtra (int ch) { + // xmsg = "Memory"; + break; + case 'N': +- w->rc.sortindx = P_PID; ++ w->rc.sortindx = Px_PID; + // xmsg = "Numerical"; + break; + case 'P': +@@ -3446,7 +3446,7 @@ static void task_show (const WIN_t *q, const proc_t *p) { + case P_PGD: + makeCOL(p->pgrp); + break; +- case P_PID: ++ case Px_PID: + makeCOL(p->tid); + break; + case P_PPD: +diff --git a/top.h b/top.h +index a409c61a..c2e8a0a6 100644 +--- a/top.h ++++ b/top.h +@@ -124,7 +124,7 @@ + /* Flags for each possible field (and then some) -- + these MUST be kept in sync with the FLD_t Fieldstab[] array !! */ + enum pflag { +- P_PID = 0, P_PPD, ++ Px_PID = 0, P_PPD, + P_UED, P_UEN, P_URD, P_URN, P_USD, P_USN, + P_GID, P_GRP, P_PGD, P_TTY, P_TPG, P_SID, + P_PRI, P_NCE, P_THD, +@@ -448,11 +448,11 @@ typedef struct WIN_t { + ( with values chosen to avoid the need to escape ) */ + #define FLD_OFFSET '%' + // seq_fields "%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[" +-#define DEF_FIELDS "¥¨³´»½ÀÄ·º¹Å&')*+,-./012568<>?ABCFGHIJKLMNOPQRSTUVWXYZ[" ++#define DEF_FIELDS "�������ķ���&')*+,-./012568<>?ABCFGHIJKLMNOPQRSTUVWXYZ[" + /* Pre-configured windows/field groups */ +-#define JOB_FIELDS "¥¦¹·º³´Ä»¼½§Å()*+,-./012568>?@ABCFGHIJKLMNOPQRSTUVWXYZ[" +-#define MEM_FIELDS "¥º»¼½¾¿ÀÁÃij´·Å&'()*+,-./0125689BFGHIJKLMNOPQRSTUVWXYZ[" +-#define USR_FIELDS "¥¦§¨ª°¹·ºÄÅ)+,-./1234568;<=>?@ABCFGHIJKLMNOPQRSTUVWXYZ[" ++#define JOB_FIELDS "�������Ļ����()*+,-./012568>?@ABCFGHIJKLMNOPQRSTUVWXYZ[" ++#define MEM_FIELDS "����������ij���&'()*+,-./0125689BFGHIJKLMNOPQRSTUVWXYZ[" ++#define USR_FIELDS "�����������)+,-./1234568;<=>?@ABCFGHIJKLMNOPQRSTUVWXYZ[" + + /* The default values for the local config file */ + #define DEF_RCFILE { \ +@@ -460,7 +460,7 @@ typedef struct WIN_t { + { P_CPU, DEF_WINFLGS, 0, \ + COLOR_RED, COLOR_RED, COLOR_YELLOW, COLOR_RED, \ + "Def", DEF_FIELDS }, \ +- { P_PID, DEF_WINFLGS, 0, \ ++ { Px_PID, DEF_WINFLGS, 0, \ + COLOR_CYAN, COLOR_CYAN, COLOR_WHITE, COLOR_CYAN, \ + "Job", JOB_FIELDS }, \ + { P_MEM, DEF_WINFLGS, 0, \ diff --git a/src/ports-overlay/procps/portfile.cmake b/src/ports-overlay/procps/portfile.cmake index 8f075b0522..4c7f2a361e 100644 --- a/src/ports-overlay/procps/portfile.cmake +++ b/src/ports-overlay/procps/portfile.cmake @@ -4,6 +4,8 @@ vcpkg_from_github( REF fadce3f1b25b55d5f22be0d26db1ae2a53018255 SHA512 c4efb9583be0e2272316b57ab9e574698d78a0bb6b2a84d4e5857e1fde9418e6fb1354892a1fba799a456e03eeb4b995487673d88d2d0b5b19087c6a812cd500 HEAD_REF v3.3.0 + PATCHES + fix_glibc_collision.patch ) vcpkg_configure_make( diff --git a/src/tests/mock-server/.gitignore b/src/tests/mock-server/.gitignore new file mode 100644 index 0000000000..e702403446 --- /dev/null +++ b/src/tests/mock-server/.gitignore @@ -0,0 +1 @@ +config/ssl.jks diff --git a/src/tests/mock-server/config/authenticate-config.yaml b/src/tests/mock-server/config/authenticate-config.yaml new file mode 100644 index 0000000000..c00f1353c7 --- /dev/null +++ b/src/tests/mock-server/config/authenticate-config.yaml @@ -0,0 +1,39 @@ +# authenticate-config.yaml +--- +plugin: rest +resources: + +# Allow user=wazuh and password=topsecret +- path: "/security/user/authenticate" + method: POST + requestHeaders: + Authorization: 'Basic d2F6dWg6dG9wc2VjcmV0' + response: + statusCode: 200 + content: '{ "data": { "token": "a1b2c3d4e5f6g7h8i9j0" } }' + +# Deny other authentications +- path: "/security/user/authenticate" + method: POST + response: + statusCode: 403 + +# Valid body: uuid and key +- path: "/api/v1/authentication" + method: POST + requestBody: + allOf: + - jsonPath: $.uuid + operator: NotEqualTo + value: null + - jsonPath: $.key + operator: NotEqualTo + value: null + response: + scriptFile: authenticate.groovy + +# Deny other requests +- path: "/api/v1/authentication" + method: POST + response: + statusCode: 403 diff --git a/src/tests/mock-server/config/authenticate.groovy b/src/tests/mock-server/config/authenticate.groovy new file mode 100644 index 0000000000..93fbacfbf4 --- /dev/null +++ b/src/tests/mock-server/config/authenticate.groovy @@ -0,0 +1,27 @@ +import groovy.json.JsonOutput +import groovy.json.JsonSlurper + +final JWT_EXPIRATION_SECS = 900 + +def jwt = loadDynamic('/opt/imposter/config/lib/jwt.groovy') + +def jsonSlurper = new JsonSlurper() +def body = jsonSlurper.parseText(context.request.body) +long timestamp = System.currentTimeMillis() / 1000L + +def payload = [ + iss: "Wazuh", + aud: "Wazuh Communications API", + iat: timestamp, + exp: timestamp + JWT_EXPIRATION_SECS, + uuid: body.uuid +] + +def keyPair = jwt.generateKeyPair() +def token = jwt.generateToken(payload, keyPair) +def output = [token: token] +def jsonOutput = JsonOutput.toJson(output) + +respond { + withContent(jsonOutput) +} diff --git a/src/tests/mock-server/config/commands-config.yaml b/src/tests/mock-server/config/commands-config.yaml new file mode 100644 index 0000000000..6bc96ad2cf --- /dev/null +++ b/src/tests/mock-server/config/commands-config.yaml @@ -0,0 +1,8 @@ +# commands-config.yaml +--- +plugin: rest +resources: +- path: "/api/v1/commands" + method: GET + response: + statusCode: 401 diff --git a/src/tests/mock-server/config/lib/jwt.groovy b/src/tests/mock-server/config/lib/jwt.groovy new file mode 100644 index 0000000000..5bde806b5b --- /dev/null +++ b/src/tests/mock-server/config/lib/jwt.groovy @@ -0,0 +1,38 @@ +import java.security.KeyPair +import java.security.KeyPairGenerator +import java.security.Signature +import java.util.Base64 +import groovy.json.JsonOutput + +String base64Encode(input) { + switch (input) { + case byte[]: return Base64.encoder.encodeToString(input) + .replace('=', '') + .replace('+', '-') + .replace('/', '_') + case String: return base64Encode(input.bytes) + } +} + +KeyPair generateKeyPair() { + def keyPairGenerator = KeyPairGenerator.getInstance("EC") + keyPairGenerator.initialize(256) + return keyPairGenerator.generateKeyPair() +} + +String generateToken(Map payload, KeyPair keyPair) { + def header = [alg: "ES256", typ: "JWT"] + def encodedHeader = base64Encode(JsonOutput.toJson(header)) + def encodedPayload = base64Encode(JsonOutput.toJson(payload)) + + def signatureInput = "${encodedHeader}.${encodedPayload}".bytes + def signature = Signature.getInstance("SHA256withECDSA") + + signature.initSign(keyPair.private) + signature.update(signatureInput) + + def signatureBytes = signature.sign() + def encodedSignature = base64Encode(signatureBytes) + + return "${encodedHeader}.${encodedPayload}.${encodedSignature}" +} diff --git a/src/tests/mock-server/config/register-config.yaml b/src/tests/mock-server/config/register-config.yaml new file mode 100644 index 0000000000..726ea457cb --- /dev/null +++ b/src/tests/mock-server/config/register-config.yaml @@ -0,0 +1,43 @@ +# register-config.yaml +--- +plugin: rest +resources: + +# Allow registration with name=dummy +- path: "/agents" + method: POST + requestBody: + allOf: + - jsonPath: $.name + value: dummy + - jsonPath: $.id + operator: NotEqualTo + value: null + - jsonPath: $.key + operator: NotEqualTo + value: null + response: + scriptFile: register.groovy + +# Deny registration with name != dummy +- path: "/agents" + method: POST + requestBody: + allOf: + - jsonPath: $.name + operator: NotEqualTo + value: null + - jsonPath: $.id + operator: NotEqualTo + value: null + - jsonPath: $.key + operator: NotEqualTo + value: null + response: + statusCode: 403 + +# Deny other conditions +- path: "/agents" + method: POST + response: + statusCode: 400 diff --git a/src/tests/mock-server/config/register.groovy b/src/tests/mock-server/config/register.groovy new file mode 100644 index 0000000000..cd23436882 --- /dev/null +++ b/src/tests/mock-server/config/register.groovy @@ -0,0 +1,5 @@ +logger.info("\n${context.request}\nBody: ${context.request.body}\n") + +respond { + withStatusCode(201) +} diff --git a/src/tests/mock-server/config/stateful-config.yaml b/src/tests/mock-server/config/stateful-config.yaml new file mode 100644 index 0000000000..117393bddc --- /dev/null +++ b/src/tests/mock-server/config/stateful-config.yaml @@ -0,0 +1,8 @@ +# stateful-config.yaml +--- +plugin: rest +resources: +- path: "/api/v1/events/stateful" + method: POST + response: + scriptFile: stateful.groovy diff --git a/src/tests/mock-server/config/stateful.groovy b/src/tests/mock-server/config/stateful.groovy new file mode 100644 index 0000000000..bff580aa82 --- /dev/null +++ b/src/tests/mock-server/config/stateful.groovy @@ -0,0 +1,7 @@ +if (System.env.LOG_STATEFUL == '1') { + logger.info("\n${context.request.body}\n") +} + +respond { + withStatusCode(200) +} diff --git a/src/tests/mock-server/config/stateless-config.yaml b/src/tests/mock-server/config/stateless-config.yaml new file mode 100644 index 0000000000..99c83c5a67 --- /dev/null +++ b/src/tests/mock-server/config/stateless-config.yaml @@ -0,0 +1,8 @@ +# stateless-config.yaml +--- +plugin: rest +resources: +- path: "/api/v1/events/stateless" + method: POST + response: + scriptFile: stateless.groovy diff --git a/src/tests/mock-server/config/stateless.groovy b/src/tests/mock-server/config/stateless.groovy new file mode 100644 index 0000000000..bd6f136df0 --- /dev/null +++ b/src/tests/mock-server/config/stateless.groovy @@ -0,0 +1,7 @@ +if (System.env.LOG_STATELESS == '1') { + logger.info("\n${context.request.body}\n") +} + +respond { + withStatusCode(200) +} diff --git a/src/tests/mock-server/mock-server b/src/tests/mock-server/mock-server new file mode 100755 index 0000000000..17c600a1ec --- /dev/null +++ b/src/tests/mock-server/mock-server @@ -0,0 +1,80 @@ +#! /bin/bash + +set -e + +VERSION=4.2.1 +HTTPS=1 +COMMS_PORT=27000 +MGMT_PORT=55000 + +while [[ $# -gt 0 ]]; do + case "$1" in + --comms-port) + COMMS_PORT=$2 + shift + ;; + --http) + HTTPS='' + ;; + --https) + HTTPS=1 + ;; + --log-stateful) + LOG_STATEFUL=1 + ;; + --log-stateless) + LOG_STATELESS=1 + ;; + --mgmt-port) + MGMT_PORT=$2 + shift + ;; + *) + echo "Usage: $0 [--comms-port ] [--http] [--https] [--mgmt-port ]" + echo " --comms-port Comms API port (default: 27000)" + echo " --http Use HTTP" + echo " --https Use HTTPS (default)" + echo " --log-stateful Log stateful requests" + echo " --log-stateless Log stateless requests" + echo " --mgmt-port Management API port (default: 55000)" + exit 0 + ;; + esac + + shift +done + +args=("--configDir=/opt/imposter/config") + +if [ -n "$HTTPS" ]; then + port=8443 + args+=("--tlsEnabled") + args+=("--keystorePath=/opt/imposter/config/ssl.jks") + args+=("--keystorePassword=password") +else + port=8080 +fi + +env=(-e "IMPOSTER_LOG_LEVEL=INFO") + +if [ -n "$LOG_STATEFUL" ]; then + env+=(-e "LOG_STATEFUL=1") +fi + +if [ -n "$LOG_STATELESS" ]; then + env+=(-e "LOG_STATELESS=1") +fi + +if [ ! -f config/ssl.jks ]; then + docker run --rm -v ./config:/mnt openjdk:11-jdk keytool -genkeypair \ + -alias imposter \ + -keyalg RSA \ + -keysize 2048 \ + -keystore /mnt/ssl.jks \ + -validity 365 \ + -storepass password \ + -keypass password \ + -dname "CN=localhost, OU=Imposter, O=Imposter, L=City, ST=State, C=US" +fi + +docker run --rm -v ./config:/opt/imposter/config -p $COMMS_PORT:$port -p $MGMT_PORT:$port ${env[@]} outofcoffee/imposter:${VERSION} ${args[@]} diff --git a/src/vcpkg.json b/src/vcpkg.json index 307ea3107a..934eb714ec 100644 --- a/src/vcpkg.json +++ b/src/vcpkg.json @@ -10,10 +10,26 @@ "name": "boost-beast", "version>=": "1.85.0" }, + { + "name": "boost-program-options", + "version>=": "1.85.0" + }, { "name": "boost-uuid", "version>=": "1.85.0" }, + { + "name": "boost-url", + "version>=": "1.85.0" + }, + { + "name": "cjson", + "version>=": "1.7.17" + }, + { + "name": "curl", + "version>=": "8.5.0" + }, { "name": "fmt", "version>=": "10.2.1" @@ -26,16 +42,32 @@ "name": "jwt-cpp", "version>=": "0.7.0" }, + { + "name": "libarchive", + "version>=": "3.7.5" + }, { "name": "libdb", "version>=": "18.1.40", "platform": "linux" }, + { + "name": "libplist", + "version>=": "2023-06-15#1", + "platform": "osx" + }, + { + "name": "libpopt", + "version>=": "1.16#17" + }, { "name": "librpm", "version>=": "4.18.2", "platform": "linux" }, + { + "name": "lua" + }, { "name": "nlohmann-json", "version>=": "3.11.3" @@ -53,13 +85,27 @@ "name": "spdlog", "version>=": "1.14.0" }, + { + "name": "sqlite3", + "version>=": "3.45.0#0" + }, { "name": "sqlitecpp", "version>=": "3.3.2" }, { - "name": "toml11", - "version>=": "4.0.0" + "name": "yaml-cpp", + "version>=": "0.8.0" + }, + { + "name": "zlib", + "version>=": "1.3.1" + } + ], + "overrides": [ + { + "name": "lua", + "version": "5.4.1" } ], "vcpkg-configuration": { @@ -68,15 +114,8 @@ "repository": "https://github.com/Microsoft/vcpkg", "baseline": "f7423ee180c4b7f40d43402c2feb3859161ef625" }, - "registries": [ - { - "kind": "git", - "repository": "https://github.com/Microsoft/vcpkg", - "baseline": "42d8e7b4109142b079de1ab7b64e4455c8d02bcc", - "packages": [ "toml11"] - } - ], - "overlay-ports": [ + "overlay-ports": [ + "./ports-overlay/jwt-cpp", "./ports-overlay/procps", "./ports-overlay/libdb", "./ports-overlay/librpm"