2015-04-24 18:06:19 +00:00
|
|
|
package file
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
2015-04-24 18:16:28 +00:00
|
|
|
"strconv"
|
2015-04-24 18:06:19 +00:00
|
|
|
|
|
|
|
|
"github.com/hashicorp/go-syslog"
|
|
|
|
|
"github.com/hashicorp/vault/audit"
|
|
|
|
|
"github.com/hashicorp/vault/logical"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func Factory(conf map[string]string) (audit.Backend, error) {
|
|
|
|
|
// Get facility or default to AUTH
|
|
|
|
|
facility, ok := conf["facility"]
|
|
|
|
|
if !ok {
|
|
|
|
|
facility = "AUTH"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get tag or default to 'vault'
|
|
|
|
|
tag, ok := conf["tag"]
|
|
|
|
|
if !ok {
|
|
|
|
|
tag = "vault"
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-24 18:16:28 +00:00
|
|
|
// Check if raw logging is enabled
|
|
|
|
|
logRaw := false
|
|
|
|
|
if raw, ok := conf["log_raw"]; ok {
|
|
|
|
|
b, err := strconv.ParseBool(raw)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
logRaw = b
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-24 18:06:19 +00:00
|
|
|
// Get the logger
|
|
|
|
|
logger, err := gsyslog.NewLogger(gsyslog.LOG_INFO, facility, tag)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b := &Backend{
|
|
|
|
|
logger: logger,
|
2015-04-24 18:16:28 +00:00
|
|
|
logRaw: logRaw,
|
2015-04-24 18:06:19 +00:00
|
|
|
}
|
|
|
|
|
return b, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Backend is the audit backend for the syslog-based audit store.
|
|
|
|
|
type Backend struct {
|
|
|
|
|
logger gsyslog.Syslogger
|
2015-04-24 18:16:28 +00:00
|
|
|
logRaw bool
|
2015-04-24 18:06:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request) error {
|
2015-04-24 18:16:28 +00:00
|
|
|
if !b.logRaw {
|
|
|
|
|
if err := audit.Hash(auth); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := audit.Hash(req); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-24 18:06:19 +00:00
|
|
|
var buf bytes.Buffer
|
|
|
|
|
var format audit.FormatJSON
|
|
|
|
|
if err := format.FormatRequest(&buf, auth, req); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
_, err := b.logger.Write(buf.Bytes())
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (b *Backend) LogResponse(auth *logical.Auth, req *logical.Request,
|
|
|
|
|
resp *logical.Response, err error) error {
|
2015-04-24 18:16:28 +00:00
|
|
|
if !b.logRaw {
|
|
|
|
|
if err := audit.Hash(auth); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := audit.Hash(req); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := audit.Hash(resp); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-24 18:06:19 +00:00
|
|
|
var buf bytes.Buffer
|
|
|
|
|
var format audit.FormatJSON
|
|
|
|
|
if err := format.FormatResponse(&buf, auth, req, resp, err); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
_, err = b.logger.Write(buf.Bytes())
|
|
|
|
|
return err
|
|
|
|
|
}
|
