Skip to content

Commit

Permalink
v1.7.4 (#62)
Browse files Browse the repository at this point in the history
  • Loading branch information
MikeSchiessl authored Jun 17, 2024
1 parent 919a05e commit 4bf1d2a
Show file tree
Hide file tree
Showing 14 changed files with 168 additions and 33 deletions.
10 changes: 8 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.12.2-slim-bookworm
FROM python:3.12.4-slim-bookworm
LABEL MAINTAINER="Mike Schiessl - [email protected]"
LABEL APP_LONG="Akamai Universal Log Streamer"
LABEL APP_SHORT="ULS"
Expand All @@ -11,10 +11,11 @@ ARG ULS_DIR="$HOMEDIR/uls"
ARG EXT_DIR="$ULS_DIR/ext"

ARG ETP_CLI_VERSION="0.4.7"
ARG EAA_CLI_VERSION="0.6.3"
ARG EAA_CLI_VERSION="0.6.9"
ARG MFA_CLI_VERSION="0.1.1"
ARG GC_CLI_VERSION="v0.0.4(beta)"
ARG LINODE_CLI_VERSION="dev"
ARG ACC_CLI_VERSION="v0.0.1-alpha"

# ENV VARS
ENV ULS_DIR=$ULS_DIR
Expand Down Expand Up @@ -77,6 +78,11 @@ ENV LINODE_CLI_VERSION=$LINODE_CLI_VERSION
RUN git clone --depth 1 -b "${LINODE_CLI_VERSION}" --single-branch https://github.com/MikeSchiessl/ln-logs.git ${EXT_DIR}/cli-linode && \
pip3 install --no-cache-dir -r ${EXT_DIR}/cli-linode/bin/requirements.txt

## ACC CLI
ENV ACC_CLI_VERSION=$ACC_CLI_VERSION
RUN git clone --depth 1 -b "${ACC_CLI_VERSION}" --single-branch https://github.com/MikeSchiessl/acc-logs.git ${EXT_DIR}/acc-logs && \
pip3 install --no-cache-dir -r ${EXT_DIR}/acc-logs/bin/requirements.txt

# ENTRYPOINTS / CMD
VOLUME ["${ULS_DIR}/var"]
ENTRYPOINT ["/usr/local/bin/python3","-u","bin/uls.py"]
Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ It can be run directly as Python code, as a provided Docker container, through
- AUDIT
- [Linode](https://www.linode.com/) (experimental)
- [AUDIT](docs/LOG_OVERVIEW.md#audit-logs)
- Akamai Control Center (experimental)
- [EVENTS](docs/LOG_OVERVIEW.md#events)


- Supported data outputs
Expand Down
32 changes: 32 additions & 0 deletions bin/modules/UlsInputCli.py
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,38 @@ def proc_create(self):
cli_command = [self.bin_python, product_path] +\
self._uls_useragent(self.product, "rawcmd") +\
shlex.split(self.rawcmd)

# Akamai Control Center config
elif self.product == "ACC":
product_path = self.root_path + "/" + uls_config.bin_acc_logs
product_feeds = uls_config.acc_logs_feeds
if not self.cliformat == "JSON":
aka_log.log.warning(f"{self.name} - Selected LOG Format ({self.cliformat}) "
f"not available for {product_path}, continuing with JSON.")
if not self.rawcmd:
self.edgerc_hostname = UlsTools.uls_check_edgerc(self.credentials_file,
self.credentials_file_section,
uls_config.edgerc_openapi)
my_feed = self._feed_selector(self.feed, product_feeds)
if my_feed == "EVENTS":
my_feed = "getevents"
cli_command = [self.bin_python, '-u', product_path, 'events', my_feed.lower(), '-f']
cli_command[3:3] = self._uls_useragent(self.product, my_feed)
cli_command[3:3] = edgegrid_auth
cli_command[3:3] = self._prep_proxy(self.inproxy)

# Append End and Starttime
if self.endtime:
# We need to remove "-f" from the end of the cli cmd if we work with endtime
cli_command = cli_command[:-1]
cli_command.extend(self._prep_start_endtime('--end', self.endtime))
if self.starttime:
cli_command.extend(self._prep_start_endtime('--start', self.starttime))
else:
cli_command = [self.bin_python, product_path] +\
self._uls_useragent(self.product, "rawcmd") +\
shlex.split(self.rawcmd)

# Mocked output
elif self.product == "MOCK":
print ("Not yet there")
Expand Down
17 changes: 11 additions & 6 deletions bin/modules/UlsTools.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ def _check_cli_installed(cli_bin):
_check_cli_installed(root_path + "/" + uls_config.bin_gc_cli)
elif uls_input == "LINODE":
_check_cli_installed(root_path + "/" + uls_config.bin_linode_cli)
elif uls_input == "ACC":
_check_cli_installed(root_path + "/" + uls_config.bin_acc_logs)
else:
aka_log.log.critical(f"No input specified: {uls_input} - exiting")
sys.exit(1)
Expand Down Expand Up @@ -100,7 +102,8 @@ def _get_cli_version(cli_bin, edgerc_mock_file):
f"SIA/ETP Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_etp_cli, my_edgerc_mock_file)}\n"
f"MFA Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_mfa_cli, my_edgerc_mock_file)}\n"
f"GC Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_gc_cli, my_edgerc_mock_file)}\n"
f"LINODE Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n\n"
f"LINODE Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n"
f"ACC-LOGS Version\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n\n"
f"OS Plattform\t\t{platform.platform()}\n"
f"OS Version\t\t{platform.release()}\n"
f"Python Version\t\t{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}\n"
Expand Down Expand Up @@ -224,11 +227,11 @@ def check_autoresume(input, feed, checkpoint_dir=uls_config.autoresume_checkpoin
aka_log.log.debug(f"Autoresume Checkpoint successfully loaded. Checkpoint Time: {data['checkpoint']}, Creation_time: {data['creation_time']}")
creation_time = data['creation_time']
# Convert the Checkpoint to "epoch Timestamp", depending on the input
if data['input'] == "ETP":
if data['input'] == "ETP" or data['input'] == "SIA":
mytime = data['checkpoint'].split("Z")[0]
elif data['input'] == "EAA":
mytime = data['checkpoint'].split("+")[0]
elif data['input'] == "GC":
elif data['input'] == "GC" or data['input'] == "ACC":
mytime = data['checkpoint'].split(".")[0]
else:
aka_log.log.critical(
Expand Down Expand Up @@ -270,20 +273,22 @@ def write_autoresume_ckpt(input, feed, autoresume_file, logline, current_count):

# Adopt the field to the stream / feed
checkpoint_line = logline.decode()
if input == "ETP" and (feed == "THREAT" or feed =="PROXY" or feed == "AUP"):
if (input == "ETP" or input == "SIA") and (feed == "THREAT" or feed =="PROXY" or feed == "AUP"):
checkpoint_timestamp = json.loads(checkpoint_line)['event']['detectionTime']
elif input == "ETP" and feed == "DNS":
elif (input == "ETP" or input == "SIA") and feed == "DNS":
checkpoint_timestamp = json.loads(checkpoint_line)['query']['time']
elif input == "EAA" and feed == "ACCESS":
checkpoint_timestamp = json.loads(checkpoint_line)['datetime']
elif input == "ETP" and feed == "NETCON":
elif (input == "ETP" or input == "SIA") and feed == "NETCON":
checkpoint_timestamp = json.loads(checkpoint_line)['connStartTime']
elif input == "GC" and feed == "AUDIT":
checkpoint_timestamp = json.loads(checkpoint_line)['time']
elif input == "GC" and feed == "INCIDENT":
checkpoint_timestamp = json.loads(checkpoint_line)['closed_time']
elif input == "GC" and feed == "NETLOG":
checkpoint_timestamp = json.loads(checkpoint_line)['db_insert_time']
elif input == "ACC" and feed == "EVENTS":
checkpoint_timestamp = json.loads(checkpoint_line)['eventTime']
else:
aka_log.log.critical(
f"AUTORESUME - Unhandled Input / Feed detected: '{input} / {feed}' (this should never happen !!)- Exiting")
Expand Down
14 changes: 7 additions & 7 deletions bin/uls_config/global_config.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env python3

# Common global variables / constants
__version__ = "1.7.3"
__version__ = "1.7.4"
__tool_name_long__ = "Akamai Unified Log Streamer"
__tool_name_short__ = "ULS"

Expand All @@ -16,15 +16,11 @@


# EAA
# Path to the EAA CLI Executable
bin_eaa_cli = "ext/cli-eaa/bin/akamai-eaa"
# Available EAA CLI feeds
eaa_cli_feeds = ['ACCESS', 'ADMIN', 'CONHEALTH', 'DEVINV', 'DIRHEALTH']

# ETP
# Path to the ETP CLI Executable
bin_etp_cli = "ext/cli-etp/bin/akamai-etp"
# Available ETP CLI feeds
etp_cli_feeds = ['THREAT', 'AUP', 'DNS', 'PROXY', 'NETCON']

# MFA
Expand All @@ -39,8 +35,12 @@
bin_linode_cli = "ext/cli-linode/bin/akamai-linode" # Path to the LINODE CLI Executable
linode_cli_feeds = ['AUDIT'] # Available LINODE CLI feeds

# ACC-LOGS
bin_acc_logs = "ext/acc-logs/bin/akamai-acc"
acc_logs_feeds = ['EVENTS']

# INPUT Choices
input_choices = ['EAA', 'ETP', 'SIA', 'MFA', 'GC', 'LINODE'] # Available input types
input_choices = ['EAA', 'ETP', 'SIA', 'MFA', 'GC', 'LINODE', 'ACC'] # Available input types
input_format_choices = ['JSON', 'TEXT'] # Available input format choices (need to be supported by cli)

# OUTPUT Choices
Expand Down Expand Up @@ -107,6 +107,6 @@

# Autoresume Configuration
autoresume_checkpoint_path = "var/" # (Default) Path, where the checkpointfiles should be stored to
autoresume_supported_inputs = ['ETP', 'EAA', 'GC'] # Internal Var only, to adjust supported inputs
autoresume_supported_inputs = ['ETP', 'EAA', 'GC', 'SIA', 'ACC'] # Internal Var only, to adjust supported inputs
autoresume_write_after = 1000 # Write checkpoint only every ${autoresume_write_every} loglines

Loading

0 comments on commit 4bf1d2a

Please sign in to comment.