open-vault/builtin/audit/syslog/backend.go

136 lines
2.6 KiB
Go
Raw Normal View History

2015-04-24 18:06:19 +00:00
package file
import (
"bytes"
"strconv"
2015-04-24 18:06:19 +00:00
"github.com/hashicorp/go-syslog"
"github.com/hashicorp/vault/audit"
"github.com/hashicorp/vault/logical"
"github.com/mitchellh/copystructure"
2015-04-24 18:06:19 +00:00
)
func Factory(conf map[string]string) (audit.Backend, error) {
// Get facility or default to AUTH
facility, ok := conf["facility"]
if !ok {
facility = "AUTH"
}
// Get tag or default to 'vault'
tag, ok := conf["tag"]
if !ok {
tag = "vault"
}
// Check if raw logging is enabled
2015-04-26 01:26:08 +00:00
logRaw := false
if raw, ok := conf["log_raw"]; ok {
b, err := strconv.ParseBool(raw)
if err != nil {
return nil, err
}
logRaw = b
}
2015-04-24 18:06:19 +00:00
// Get the logger
logger, err := gsyslog.NewLogger(gsyslog.LOG_INFO, facility, tag)
if err != nil {
return nil, err
}
b := &Backend{
logger: logger,
logRaw: logRaw,
2015-04-24 18:06:19 +00:00
}
return b, nil
}
// Backend is the audit backend for the syslog-based audit store.
type Backend struct {
logger gsyslog.Syslogger
logRaw bool
2015-04-24 18:06:19 +00:00
}
func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request) error {
if !b.logRaw {
// Copy the structures
cp, err := copystructure.Copy(auth)
if err != nil {
return err
}
auth = cp.(*logical.Auth)
cp, err = copystructure.Copy(req)
if err != nil {
return err
}
req = cp.(*logical.Request)
// Hash any sensitive information
if err := audit.Hash(auth); err != nil {
return err
}
if err := audit.Hash(req); err != nil {
return err
}
}
// Encode the entry as JSON
2015-04-24 18:06:19 +00:00
var buf bytes.Buffer
var format audit.FormatJSON
if err := format.FormatRequest(&buf, auth, req); err != nil {
return err
}
// Write out to syslog
2015-04-24 18:06:19 +00:00
_, err := b.logger.Write(buf.Bytes())
return err
}
func (b *Backend) LogResponse(auth *logical.Auth, req *logical.Request,
resp *logical.Response, err error) error {
if !b.logRaw {
// Copy the structure
cp, err := copystructure.Copy(auth)
if err != nil {
return err
}
auth = cp.(*logical.Auth)
cp, err = copystructure.Copy(req)
if err != nil {
return err
}
req = cp.(*logical.Request)
cp, err = copystructure.Copy(resp)
if err != nil {
return err
}
resp = cp.(*logical.Response)
// Hash any sensitive information
if err := audit.Hash(auth); err != nil {
return err
}
if err := audit.Hash(req); err != nil {
return err
}
if err := audit.Hash(resp); err != nil {
return err
}
}
// Encode the entry as JSON
2015-04-24 18:06:19 +00:00
var buf bytes.Buffer
var format audit.FormatJSON
if err := format.FormatResponse(&buf, auth, req, resp, err); err != nil {
return err
}
// Write otu to syslog
2015-04-24 18:06:19 +00:00
_, err = b.logger.Write(buf.Bytes())
return err
}