From 4bf1d2a78597c1205f4ae8a84be4dbc2ab82777d Mon Sep 17 00:00:00 2001
From: Mike Schiessl <77062930+MikeSchiessl@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:44:57 +0200
Subject: [PATCH] v1.7.4 (#62)
---
Dockerfile | 10 ++++--
README.md | 2 ++
bin/modules/UlsInputCli.py | 32 +++++++++++++++++++
bin/modules/UlsTools.py | 17 ++++++----
bin/uls_config/global_config.py | 14 ++++----
docs/ARGUMENTS_ENV_VARS.md | 24 +++++++-------
docs/CHANGELOG.md | 18 +++++++++++
docs/LOG_OVERVIEW.md | 15 +++++++++
docs/SIEM/HYDROLIX/README.md | 26 +++++++++++++++
docs/SIEM/SIEM_OVERVIEW.md | 1 +
.../kubernetes/helm/akamai-uls/Chart.yaml | 2 +-
scripts/get-uls.sh | 18 ++++++++---
scripts/update-uls.sh | 10 ++++++
test/positive_test.bats | 12 +++++++
14 files changed, 168 insertions(+), 33 deletions(-)
create mode 100644 docs/SIEM/HYDROLIX/README.md
diff --git a/Dockerfile b/Dockerfile
index f37924a..ad2213d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.2-slim-bookworm
+FROM python:3.12.4-slim-bookworm
LABEL MAINTAINER="Mike Schiessl - mike.schiessl@akamai.com"
LABEL APP_LONG="Akamai Universal Log Streamer"
LABEL APP_SHORT="ULS"
@@ -11,10 +11,11 @@ ARG ULS_DIR="$HOMEDIR/uls"
ARG EXT_DIR="$ULS_DIR/ext"
ARG ETP_CLI_VERSION="0.4.7"
-ARG EAA_CLI_VERSION="0.6.3"
+ARG EAA_CLI_VERSION="0.6.9"
ARG MFA_CLI_VERSION="0.1.1"
ARG GC_CLI_VERSION="v0.0.4(beta)"
ARG LINODE_CLI_VERSION="dev"
+ARG ACC_CLI_VERSION="v0.0.1-alpha"
# ENV VARS
ENV ULS_DIR=$ULS_DIR
@@ -77,6 +78,11 @@ ENV LINODE_CLI_VERSION=$LINODE_CLI_VERSION
RUN git clone --depth 1 -b "${LINODE_CLI_VERSION}" --single-branch https://github.com/MikeSchiessl/ln-logs.git ${EXT_DIR}/cli-linode && \
pip3 install --no-cache-dir -r ${EXT_DIR}/cli-linode/bin/requirements.txt
+## ACC CLI
+ENV ACC_CLI_VERSION=$ACC_CLI_VERSION
+RUN git clone --depth 1 -b "${ACC_CLI_VERSION}" --single-branch https://github.com/MikeSchiessl/acc-logs.git ${EXT_DIR}/acc-logs && \
+ pip3 install --no-cache-dir -r ${EXT_DIR}/acc-logs/bin/requirements.txt
+
# ENTRYPOINTS / CMD
VOLUME ["${ULS_DIR}/var"]
ENTRYPOINT ["/usr/local/bin/python3","-u","bin/uls.py"]
diff --git a/README.md b/README.md
index 4254867..b663906 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,8 @@ It can be run directly as Python code, as a provided Docker container, through
- AUDIT
- [Linode](https://www.linode.com/) (experimental)
- [AUDIT](docs/LOG_OVERVIEW.md#audit-logs)
+ - Akamai Control Center (experimental)
+ - [EVENTS](docs/LOG_OVERVIEW.md#events)
- Supported data outputs
diff --git a/bin/modules/UlsInputCli.py b/bin/modules/UlsInputCli.py
index 5faf067..a18c72a 100644
--- a/bin/modules/UlsInputCli.py
+++ b/bin/modules/UlsInputCli.py
@@ -333,6 +333,38 @@ def proc_create(self):
cli_command = [self.bin_python, product_path] +\
self._uls_useragent(self.product, "rawcmd") +\
shlex.split(self.rawcmd)
+
+ # Akamai Control Center config
+ elif self.product == "ACC":
+ product_path = self.root_path + "/" + uls_config.bin_acc_logs
+ product_feeds = uls_config.acc_logs_feeds
+ if not self.cliformat == "JSON":
+ aka_log.log.warning(f"{self.name} - Selected LOG Format ({self.cliformat}) "
+ f"not available for {product_path}, continuing with JSON.")
+ if not self.rawcmd:
+ self.edgerc_hostname = UlsTools.uls_check_edgerc(self.credentials_file,
+ self.credentials_file_section,
+ uls_config.edgerc_openapi)
+ my_feed = self._feed_selector(self.feed, product_feeds)
+ if my_feed == "EVENTS":
+ my_feed = "getevents"
+ cli_command = [self.bin_python, '-u', product_path, 'events', my_feed.lower(), '-f']
+ cli_command[3:3] = self._uls_useragent(self.product, my_feed)
+ cli_command[3:3] = edgegrid_auth
+ cli_command[3:3] = self._prep_proxy(self.inproxy)
+
+ # Append End and Starttime
+ if self.endtime:
+ # We need to remove "-f" from the end of the cli cmd if we work with endtime
+ cli_command = cli_command[:-1]
+ cli_command.extend(self._prep_start_endtime('--end', self.endtime))
+ if self.starttime:
+ cli_command.extend(self._prep_start_endtime('--start', self.starttime))
+ else:
+ cli_command = [self.bin_python, product_path] +\
+ self._uls_useragent(self.product, "rawcmd") +\
+ shlex.split(self.rawcmd)
+
# Mocked output
elif self.product == "MOCK":
print ("Not yet there")
diff --git a/bin/modules/UlsTools.py b/bin/modules/UlsTools.py
index 92d190d..53afa6c 100644
--- a/bin/modules/UlsTools.py
+++ b/bin/modules/UlsTools.py
@@ -56,6 +56,8 @@ def _check_cli_installed(cli_bin):
_check_cli_installed(root_path + "/" + uls_config.bin_gc_cli)
elif uls_input == "LINODE":
_check_cli_installed(root_path + "/" + uls_config.bin_linode_cli)
+ elif uls_input == "ACC":
+ _check_cli_installed(root_path + "/" + uls_config.bin_acc_logs)
else:
aka_log.log.critical(f"No input specified: {uls_input} - exiting")
sys.exit(1)
@@ -100,7 +102,8 @@ def _get_cli_version(cli_bin, edgerc_mock_file):
f"SIA/ETP Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_etp_cli, my_edgerc_mock_file)}\n"
f"MFA Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_mfa_cli, my_edgerc_mock_file)}\n"
f"GC Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_gc_cli, my_edgerc_mock_file)}\n"
- f"LINODE Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n\n"
+ f"LINODE Version\t\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n"
+ f"ACC-LOGS Version\t{_get_cli_version(root_path + '/' + uls_config.bin_linode_cli, my_edgerc_mock_file)}\n\n"
f"OS Plattform\t\t{platform.platform()}\n"
f"OS Version\t\t{platform.release()}\n"
f"Python Version\t\t{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}\n"
@@ -224,11 +227,11 @@ def check_autoresume(input, feed, checkpoint_dir=uls_config.autoresume_checkpoin
aka_log.log.debug(f"Autoresume Checkpoint successfully loaded. Checkpoint Time: {data['checkpoint']}, Creation_time: {data['creation_time']}")
creation_time = data['creation_time']
# Convert the Checkpoint to "epoch Timestamp", depending on the input
- if data['input'] == "ETP":
+ if data['input'] == "ETP" or data['input'] == "SIA":
mytime = data['checkpoint'].split("Z")[0]
elif data['input'] == "EAA":
mytime = data['checkpoint'].split("+")[0]
- elif data['input'] == "GC":
+ elif data['input'] == "GC" or data['input'] == "ACC":
mytime = data['checkpoint'].split(".")[0]
else:
aka_log.log.critical(
@@ -270,13 +273,13 @@ def write_autoresume_ckpt(input, feed, autoresume_file, logline, current_count):
# Adopt the field to the stream / feed
checkpoint_line = logline.decode()
- if input == "ETP" and (feed == "THREAT" or feed =="PROXY" or feed == "AUP"):
+ if (input == "ETP" or input == "SIA") and (feed == "THREAT" or feed =="PROXY" or feed == "AUP"):
checkpoint_timestamp = json.loads(checkpoint_line)['event']['detectionTime']
- elif input == "ETP" and feed == "DNS":
+ elif (input == "ETP" or input == "SIA") and feed == "DNS":
checkpoint_timestamp = json.loads(checkpoint_line)['query']['time']
elif input == "EAA" and feed == "ACCESS":
checkpoint_timestamp = json.loads(checkpoint_line)['datetime']
- elif input == "ETP" and feed == "NETCON":
+ elif (input == "ETP" or input == "SIA") and feed == "NETCON":
checkpoint_timestamp = json.loads(checkpoint_line)['connStartTime']
elif input == "GC" and feed == "AUDIT":
checkpoint_timestamp = json.loads(checkpoint_line)['time']
@@ -284,6 +287,8 @@ def write_autoresume_ckpt(input, feed, autoresume_file, logline, current_count):
checkpoint_timestamp = json.loads(checkpoint_line)['closed_time']
elif input == "GC" and feed == "NETLOG":
checkpoint_timestamp = json.loads(checkpoint_line)['db_insert_time']
+ elif input == "ACC" and feed == "EVENTS":
+ checkpoint_timestamp = json.loads(checkpoint_line)['eventTime']
else:
aka_log.log.critical(
f"AUTORESUME - Unhandled Input / Feed detected: '{input} / {feed}' (this should never happen !!)- Exiting")
diff --git a/bin/uls_config/global_config.py b/bin/uls_config/global_config.py
index e1f0360..8557531 100644
--- a/bin/uls_config/global_config.py
+++ b/bin/uls_config/global_config.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python3
# Common global variables / constants
-__version__ = "1.7.3"
+__version__ = "1.7.4"
__tool_name_long__ = "Akamai Unified Log Streamer"
__tool_name_short__ = "ULS"
@@ -16,15 +16,11 @@
# EAA
- # Path to the EAA CLI Executable
bin_eaa_cli = "ext/cli-eaa/bin/akamai-eaa"
- # Available EAA CLI feeds
eaa_cli_feeds = ['ACCESS', 'ADMIN', 'CONHEALTH', 'DEVINV', 'DIRHEALTH']
# ETP
- # Path to the ETP CLI Executable
bin_etp_cli = "ext/cli-etp/bin/akamai-etp"
- # Available ETP CLI feeds
etp_cli_feeds = ['THREAT', 'AUP', 'DNS', 'PROXY', 'NETCON']
# MFA
@@ -39,8 +35,12 @@
bin_linode_cli = "ext/cli-linode/bin/akamai-linode" # Path to the LINODE CLI Executable
linode_cli_feeds = ['AUDIT'] # Available LINODE CLI feeds
+ # ACC-LOGS
+bin_acc_logs = "ext/acc-logs/bin/akamai-acc"
+acc_logs_feeds = ['EVENTS']
+
# INPUT Choices
-input_choices = ['EAA', 'ETP', 'SIA', 'MFA', 'GC', 'LINODE'] # Available input types
+input_choices = ['EAA', 'ETP', 'SIA', 'MFA', 'GC', 'LINODE', 'ACC'] # Available input types
input_format_choices = ['JSON', 'TEXT'] # Available input format choices (need to be supported by cli)
# OUTPUT Choices
@@ -107,6 +107,6 @@
# Autoresume Configuration
autoresume_checkpoint_path = "var/" # (Default) Path, where the checkpointfiles should be stored to
-autoresume_supported_inputs = ['ETP', 'EAA', 'GC'] # Internal Var only, to adjust supported inputs
+autoresume_supported_inputs = ['ETP', 'EAA', 'GC', 'SIA', 'ACC'] # Internal Var only, to adjust supported inputs
autoresume_write_after = 1000 # Write checkpoint only every ${autoresume_write_every} loglines
diff --git a/docs/ARGUMENTS_ENV_VARS.md b/docs/ARGUMENTS_ENV_VARS.md
index c55b5ce..f793646 100644
--- a/docs/ARGUMENTS_ENV_VARS.md
+++ b/docs/ARGUMENTS_ENV_VARS.md
@@ -21,18 +21,18 @@ The following tables list all available command line parameters and their corres
## INPUT
-| Parameter | Env - Var | Options | Default | Description |
-|---------------------------|-----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| -i
--input | ULS_INPUT | 'EAA', 'ETP', 'MFA', 'GC', 'LINODE' | None | Specify the desired INPUT source |
-| --feed | ULS_FEED | EAA: 'ACCESS', 'ADMIN', 'CONHEALTH', 'DEVINV'
ETP: 'THREAT', 'AUP', 'DNS', 'PROXY'
MFA: 'EVENT'
GC: 'NETLOG', 'INCIDENT', 'AGENT', 'SYSTEM', 'AUDIT'
LINODE: 'AUDIT' | None | Specify the desired INPUT feed |
-| --format | ULS_FORMAT | 'JSON', 'TEXT' | JSON | Specify the desired INPUT (=OUTPUT) format |
-| --inproxy
--inputproxy | ULS_INPUT_PROXY | HOST:PORT | None | Adjust proxy usage for INPUT data collection (cli)
If this parameter does not work as expected, [please read more about it here](./FAQ.md#--inputproxy-proxy-does-not-work-as-expected) |
-| --rawcmd | ULS_RAWCMD | \ | None | USE with caution /!\
This is meant only to be used when told by AKAMAI [Click here for more information](ADDITIONAL_FEATURES.md#rawcmd---rawcmd-feature) |
-| --edgerc | ULS_EDGERC | /path/to/your/.edgerc | '~/.edgerc' | Specify the location of the .edgerc EDGE GRID AUTH file |
-| --section | ULS_SECTION | edgerc_config_section | 'default' | Specify the desired section within the .edgerc file |
-| --starttime | ULS_STARTTIME | EPOCH timestamp (in seconds) | `cli_default` | Specify an EPOCH timestamp from where to start the log collection. |
-| --endtime | ULS_ENDTIME | EPOCH timestamp (in seconds) | None | Specify an EPOCH timestamp up until where to fetch logs. ULS will exit after reaching this point.
ULS will not continue reading logs on CLI errors !!! |
-| --inputqueuesize | ULS_INPUT_QUEUESIZE | INPUT_QUEUE_SIZE(int) | 15000 | Maximum threshold of the input queue. When threshold is reached, ULS will stop operations and exit "Capacity exceeded, too many incoming data vs. slow output" |
+| Parameter | Env - Var | Options | Default | Description |
+|---------------------------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| -i
--input | ULS_INPUT | 'EAA', 'ETP', 'MFA', 'GC', 'LINODE', 'ACC' | None | Specify the desired INPUT source |
+| --feed | ULS_FEED | EAA: 'ACCESS', 'ADMIN', 'CONHEALTH', 'DEVINV'
ETP: 'THREAT', 'AUP', 'DNS', 'PROXY'
MFA: 'EVENT'
GC: 'NETLOG', 'INCIDENT', 'AGENT', 'SYSTEM', 'AUDIT'
LINODE: 'AUDIT'
ACC: 'EVENTS' | None | Specify the desired INPUT feed |
+| --format | ULS_FORMAT | 'JSON', 'TEXT' | JSON | Specify the desired INPUT (=OUTPUT) format |
+| --inproxy
--inputproxy | ULS_INPUT_PROXY | HOST:PORT | None | Adjust proxy usage for INPUT data collection (cli)
If this parameter does not work as expected, [please read more about it here](./FAQ.md#--inputproxy-proxy-does-not-work-as-expected) |
+| --rawcmd | ULS_RAWCMD | \ | None | USE with caution /!\
This is meant only to be used when told by AKAMAI [Click here for more information](ADDITIONAL_FEATURES.md#rawcmd---rawcmd-feature) |
+| --edgerc | ULS_EDGERC | /path/to/your/.edgerc | '~/.edgerc' | Specify the location of the .edgerc EDGE GRID AUTH file |
+| --section | ULS_SECTION | edgerc_config_section | 'default' | Specify the desired section within the .edgerc file |
+| --starttime | ULS_STARTTIME | EPOCH timestamp (in seconds) | `cli_default` | Specify an EPOCH timestamp from where to start the log collection. |
+| --endtime | ULS_ENDTIME | EPOCH timestamp (in seconds) | None | Specify an EPOCH timestamp up until where to fetch logs. ULS will exit after reaching this point.
ULS will not continue reading logs on CLI errors !!! |
+| --inputqueuesize | ULS_INPUT_QUEUESIZE | INPUT_QUEUE_SIZE(int) | 15000 | Maximum threshold of the input queue. When threshold is reached, ULS will stop operations and exit "Capacity exceeded, too many incoming data vs. slow output" |
## OUTPUT
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 9489c04..c6a4c3a 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,4 +1,22 @@
# Version History
+## v1.7.4
+|||
+|---|---|
+|Date|2024-06-17
+|Kind| MINOR release
+|Author|mschiess@akamai.com, androcho@akamai.com
+- **Features**
+ - New Input & Feed available - Akamai Control Center Events
+
+- **Minor improvements**
+ - [docker] Bumped Python version to 3.12.4
+ - [docker] bumped CLI-EAA to "0.6.9"
+ - [HYDROLIX documentation](SIEM/HYDROLIX/README.md) added to the SIEM integrations
+
+- **BUGFIX**
+ - Fixed a bug in the autoresume function where SIA does not equal it's alias ETP properly
+
+
## v1.7.3
|||
|---|---|
diff --git a/docs/LOG_OVERVIEW.md b/docs/LOG_OVERVIEW.md
index 456eecf..7191c27 100644
--- a/docs/LOG_OVERVIEW.md
+++ b/docs/LOG_OVERVIEW.md
@@ -28,6 +28,8 @@ Here are some examples (per product) and links to additional information.
- [INCIDENT](#incident)
- [Linode](#linode)
- [AUDIT Logs](#audit-logs)
+ - [AKAMAI ACC](#akamai-acc)
+ - [Events](#events)
---
## Enterprise Application Access (EAA)
@@ -2694,3 +2696,16 @@ Additional information regarding the log fields can be found on [here](https://w
}
```
+
+
+---
+## Akamai ACC
+### EVENTS
+Additional information regarding the log fields can be found on [here](https://techdocs.akamai.com/event-viewer/reference/get-events)
+
+EVENT logs example (json)
+
+```json
+{"eventId": "1234567890-abcd-efab-badc-1234567890abcdef", "eventTime": "2024-06-17T09:23:17.976Z", "eventData": [{"key": "userIdAttributeName", "value": "uid"}, {"key": "method", "value": "sp_init"}, {"key": "authenticationMethod", "value": "https://sso.akamai.com/saml2/idp"}, {"key": "requestId", "value": "_12345667890-abcd-efab-cdef-1234567890abcd"}, {"key": "domain", "value": "control.akamai.com"}, {"key": "notOnOrAfter", "value": "2024-06-17T09:28:17.669Z"}, {"key": "entityId", "value": "https://sso.akamai.com/saml2/idp"}, {"key": "details", "value": "User testuser has been successfully logged in using https://sso.akamai.com/saml2/idp IDP"}, {"key": "notBefore", "value": "2024-06-17T09:18:17.669Z"}, {"key": "pulsar_host", "value": "10.10.10.10"}, {"key": "arrivalDate", "value": "2024-06-17T09:23:17.901497Z"}], "eventType": {"eventTypeId": "16", "eventTypeName": "All Logins", "eventDefinition": {"eventDefinitionId": "1234567", "eventName": "Successful SSO Login", "eventDescription": "A user successfully authenticated using Single Sign-on (SSO)"}}, "impersonator": true, "username": "testuser"}
+```
+
\ No newline at end of file
diff --git a/docs/SIEM/HYDROLIX/README.md b/docs/SIEM/HYDROLIX/README.md
new file mode 100644
index 0000000..bb85a36
--- /dev/null
+++ b/docs/SIEM/HYDROLIX/README.md
@@ -0,0 +1,26 @@
+# Hydrolix integration
+
+ULS is able to send any [supported feeds](../../LOG_OVERVIEW.md) to Hydrolix with HTTP Output.
+Make sure you turn off the HTTP Liveness check since Hydrolix Ingestion endpoints do not accept HTTP HEAD requests.
+
+## Example ULS pushing to Hydrolix
+
+Docker example with Guardicore netlog feed:
+
+```bash
+docker run -d --name uls_gc_netlog -ti \
+ --mount type=bind,source="/path/to/your/.edgerc",target="/opt/akamai-uls/.edgerc",readonly \
+ --env ULS_INPUT=GC \
+ --env ULS_FEED=NETLOG \
+ --env ULS_OUTPUT=HTTP \
+ --env GC_SKIP_TLS_VALIDATION=True \
+ --env ULS_HTTP_URL='https://iad.trafficpeak.live/ingest/event?table=xxxxx' \
+ --env ULS_HTTP_AUTH_HEADER='{"Authorization": "Basic xxxx=="}' \
+ --env ULS_HTTP_LIVNESS_CHECK=false \
+ --env ULS_HTTP_FORMAT="%s" \
+ akamai/uls
+```
+
+## More information
+
+See Hydrolix website [https://www.hydrolix.io](https://hydrolix.io/)
\ No newline at end of file
diff --git a/docs/SIEM/SIEM_OVERVIEW.md b/docs/SIEM/SIEM_OVERVIEW.md
index b70e3bb..a46f8ee 100644
--- a/docs/SIEM/SIEM_OVERVIEW.md
+++ b/docs/SIEM/SIEM_OVERVIEW.md
@@ -6,6 +6,7 @@ All contributions in terms of documentation a welcome.
## SIEM Integration guides (alphabetical)
- [GRAYLOG](./GRAYLOG/README.md)
+- [HYDROLIX](HYDROLIX/README.md)
- [MICROSOFT SENTINEL](./SENTINEL/Readme.md)
- [QRADAR](./QRADAR/README.md)
- [SPLUNK](./SPLUNK/README.md)
diff --git a/docs/examples/kubernetes/helm/akamai-uls/Chart.yaml b/docs/examples/kubernetes/helm/akamai-uls/Chart.yaml
index 577d52e..23a775f 100644
--- a/docs/examples/kubernetes/helm/akamai-uls/Chart.yaml
+++ b/docs/examples/kubernetes/helm/akamai-uls/Chart.yaml
@@ -4,4 +4,4 @@ description: Akamai Universal Log Streamer Helm installation
type: application
version: 2.0.0
-appVersion: "1.7.3"
+appVersion: "1.7.4"
diff --git a/scripts/get-uls.sh b/scripts/get-uls.sh
index 93da53c..6f6c6c5 100755
--- a/scripts/get-uls.sh
+++ b/scripts/get-uls.sh
@@ -2,7 +2,7 @@
# This file will install the latest ULS including all of its modules (latest version) into the current directory/uls
# curl -O https://raw.githubusercontent.com/akamai/uls/main/scripts/get-uls.sh && bash get-uls.sh
-default_modules="eaa,etp,mfa,gc,ln"
+default_modules="eaa,etp,mfa,gc,ln,acc"
default_install_dir="$(pwd)/uls"
function min_version() {
@@ -201,15 +201,23 @@ echo "Installing GC-CLI"
pip3 install -q -r ${install_dir}/ext/cli-gc/bin/requirements.txt
fi
-
## GRAB LINODE-CLI
-if [[ "$install_modules" == *"ln"* ]] ; then
-echo "Installing LINODE-CLI"
- git clone -q --depth 1 -b dev --single-branch https://github.com/MikeSchiessl/ln-logs.git ${install_dir}/ext/cli-linode
+if [[ "$install_modules" == *"acc"* ]] ; then
+echo "Installing ACC-CLI"
+ git clone -q --depth 1 -b dev --single-branch https://github.com/MikeSchiessl/acc-logs.git ${install_dir}/ext/cli-linode
py_reqs ${install_dir}/ext/cli-linode/bin/requirements.txt
pip3 install -q -r ${install_dir}/ext/cli-linode/bin/requirements.txt
fi
+## GRAB GC-CLI
+if [[ "$install_modules" == *"gc"* ]] ; then
+echo "Installing ACC-CLI"
+ git clone -q --depth 1 -b dev --single-branch https://github.com/MikeSchiessl/gc-logs.git ${install_dir}/ext/acc-logs
+ py_reqs ${install_dir}/ext/acc-logs/bin/requirements.txt
+ pip3 install -q -r ${install_dir}/ext/acc-logs/bin/requirements.txt
+fi
+
+
# Finishing off
echo -e "\n\n\n"
echo "ULS has been successfully installed"
diff --git a/scripts/update-uls.sh b/scripts/update-uls.sh
index c12415c..7d359e4 100755
--- a/scripts/update-uls.sh
+++ b/scripts/update-uls.sh
@@ -105,6 +105,16 @@ else
fi
+## ACC
+if [[ -d "${uls_dir}/ext/acc-logs" ]] ; then
+ echo "ACC-CLI detected, updating"
+ git -C ${uls_dir}/ext/acc-logs pull -q
+ pip3 install -q -r ${uls_dir}/ext/acc-logs/bin/requirements.txt
+else
+ echo "NO ACC-CLI detected - skipping"
+fi
+
+
echo -e "\n\n\nUpdate is complete."
echo "Updated versions (post update)"
${uls_dir}/bin/uls.py --version
diff --git a/test/positive_test.bats b/test/positive_test.bats
index 7e0b45c..89912d4 100644
--- a/test/positive_test.bats
+++ b/test/positive_test.bats
@@ -205,6 +205,18 @@ load 'bats/bats-assert/load.bash'
[ "$status" -eq 100 ] || [ "$status" -eq 130 ] || [ "$status" -eq 137 ] #return value from uls when interrupted --> with --preserve status on timeout
}
+## ACC-LOGS
+@test "ACC - EVENTS" {
+ run timeout ${uls_timeout_params} ${uls_bin} --input acc --feed events --output raw --edgerc $uls_edgerc --loglevel info
+ #assert_output --partial $gc_assert
+ assert_line --partial "UlsInputCli - started PID"
+ refute_line --partial "was found stale -"
+ #assert_output --partial "The specified directory tmp does not exist or privileges are missing - exiting"
+ #[ "$status" -eq 124 ] #return value from timeout without --preserve status
+ [ "$status" -eq 100 ] || [ "$status" -eq 130 ] || [ "$status" -eq 137 ] #return value from uls when interrupted --> with --preserve status on timeout
+}
+
+
## FILE OUTPUT
@test "FILE: ETP - THREAT" {
run timeout ${uls_timeout_params} ${uls_bin} --input etp --feed threat --output file --filename "/tmp/uls_tmplogfile1.log" --edgerc $uls_edgerc --section $uls_section --loglevel info