Skip to content
GitLab
Verified Commit cff8bd81 authored by dockx thibault's avatar dockx thibault
Browse files

:art: feat(audit) - enhance syslog audit processing by implementing state... 

:art: feat(audit) - enhance syslog audit processing by implementing state tracking for last processed entries and ensuring directory existence
parent 1e027117
dev
1 merge request!88Resolve "[Orchestrator] - Update audit tasks to allows generation of syslog export data"
Pipeline #32685 failed with stages
in 34 seconds
Hide whitespace changes
Inline Side-by-side
Showing
with 42 additions and 6 deletions
+42 -6
plugins/tasks/Audit.php
+ 42
6
View file @ cff8bd81
...@@ -103,6 +103,9 @@ class Audit implements EndpointInterface ...@@ -103,6 +103,9 @@ class Audit implements EndpointInterface
public function processSyslogAuditTransformation (array $syslogAuditSubTasks): array public function processSyslogAuditTransformation (array $syslogAuditSubTasks): array
{ {
$result = []; $result = [];
// Define path at the beginning of the method
$path = '/var/log/fusiondirectory/';
$this->ensureDirectoryExists($path);
foreach ($syslogAuditSubTasks as $task) { foreach ($syslogAuditSubTasks as $task) {
try { try {
...@@ -111,8 +114,26 @@ class Audit implements EndpointInterface ...@@ -111,8 +114,26 @@ class Audit implements EndpointInterface
// Retrieve data from the main task // Retrieve data from the main task
$auditMainTask = $this->getAuditMainTask($task['fdtasksgranularmaster'][0]); $auditMainTask = $this->getAuditMainTask($task['fdtasksgranularmaster'][0]);
// Get all audit entries with all attributes // Get the most recent audit timestamp that was already processed
$auditEntries = $this->gateway->getLdapTasks('(objectClass=fdAuditEvent)', ['*'], '', ''); $lastProcessedTime = null;
// Check if we have a state file recording last processed time
$stateFile = $path . 'fd-audit-last-processed.txt';
if (file_exists($stateFile)) {
$fileContent = trim(file_get_contents($stateFile));
if (!empty($fileContent)) {
$lastProcessedTime = $fileContent;
}
}
// Only process entries newer than last processed
$filter = '(objectClass=fdAuditEvent)';
if ($lastProcessedTime !== null) {
$filter = "(&(objectClass=fdAuditEvent)(fdauditdatetime>=$lastProcessedTime))";
}
// Get only new audit entries
$auditEntries = $this->gateway->getLdapTasks($filter, ['*'], '', '');
$this->gateway->unsetCountKeys($auditEntries); $this->gateway->unsetCountKeys($auditEntries);
if (empty($auditEntries)) { if (empty($auditEntries)) {
...@@ -121,10 +142,7 @@ class Audit implements EndpointInterface ...@@ -121,10 +142,7 @@ class Audit implements EndpointInterface
continue; continue;
} }
// Create syslog file // Create syslog file (path already defined at the beginning)
$path = '/var/log/fusiondirectory/';
$this->ensureDirectoryExists($path);
$date = date('Y-m-d'); $date = date('Y-m-d');
$filename = $path . 'fd-audit-' . $date . '.log'; $filename = $path . 'fd-audit-' . $date . '.log';
...@@ -236,6 +254,24 @@ class Audit implements EndpointInterface ...@@ -236,6 +254,24 @@ class Audit implements EndpointInterface
fclose($handle); fclose($handle);
// After processing all entries, save the latest timestamp
if (!empty($auditEntries)) {
// Find the most recent timestamp
$latestTime = null;
foreach ($auditEntries as $entry) {
if (isset($entry['fdauditdatetime'][0])) {
if ($latestTime === null || $entry['fdauditdatetime'][0] > $latestTime) {
$latestTime = $entry['fdauditdatetime'][0];
}
}
}
// Save it to the state file
if ($latestTime !== null) {
file_put_contents($stateFile, $latestTime);
}
}
// Update task status // Update task status
$this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], '2'); $this->gateway->updateTaskStatus($task['dn'], $task['cn'][0], '2');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment