Comments (12)
elico
commented on July 3, 2024
@hvhaugwitz Are there any missing parameters in the current format?
from aide.
hvhaugwitz
commented on July 3, 2024
What do you mean by missing parameters in the current format?
from aide.
elico
commented on July 3, 2024
@hvhaugwitz as a transition phase a simple report conversion to json can help.
As far as I can tell from what I see in my reports is that every section of the report has it's own format ie:
command
Start time
AIDE found differences between database and filesystem!!
<\n>
<title:>Summary:
<\s\s> section
<\n>
<--....>
<title:>Added entries:
<--....>
<\n>
<list of new files and directories>
<\n>
<--....>
<title:>Changed entries:
<--....>
<\n>
<list of changed enteries>
<\n>
<--....>
<title:>Detailed information about changes:
<--....>
<\n>
<list of file changes with a leading space to each section/file and separated by a \n>
<\n>
<--....>
<title:>The attributes of the (uncompressed) database(s):
<--....>
<\n>
<DB Attributes>
<\n>
<\n>
<End timestamp>
<\n>
I believe it's pretty easy to script the basic transformation to json.
from aide.
hvhaugwitz
commented on July 3, 2024
Sure, it should be possible to write a wrapper script to transform the current (human) report format to JSON format. The native support for JSON report format is planned for the upcoming release.
from aide.
elico
commented on July 3, 2024
@hvhaugwitz Is there any specific date for this release?
from aide.
elico
commented on July 3, 2024
@hvhaugwitz I wrote this tiny tool that converts a specific example log file into an experimental json format.
https://github.com/elico/aide-tools
Of-course it's basic parser so it would be possible to do better job later.
It will probably be useful for older systems which doesn't have the option to re-compile and install aide.
With enough work on this script it would be possible to also export to external DBs if not supported or to report an external URL on a change in the system.
I wanted to know if the format I am using is similar to what you have planned for aide.
Also any specific improvements to my script are more then welcome.
The license is not there yet but it's MIT 3 Clause BSD.
from aide.
hvhaugwitz
commented on July 3, 2024
@hvhaugwitz Is there any specific date for this release?
No, not yet.
I wanted to know if the format I am using is similar to what you have planned for aide.
Can you provide an example json output along with your example log file?
The license is not there yet but it's MIT 3 Clause BSD.
Please add a license so others can use your script without knowing this issue.
from aide.
elico
commented on July 3, 2024
@hvhaugwitz
https://github.com/elico/aide-tools/blob/master/example-report-1.json
from aide.
elico
commented on July 3, 2024
@hvhaugwitz I'm looking for other logs to verify what I might be able to improve in the parser.
from aide.
arafatx
commented on July 3, 2024
Using wrapper for json output would be slow. Love to see this feature would be added as a native option.
from aide.
konstantin-921
commented on July 3, 2024
We plan to send AIDE reports to the ELK and process them like normal logs. It would be ideal for us if the reports supported JSON format because it would make it much easier to process reports at Logstash level.
from aide.
hvhaugwitz
commented on July 3, 2024
Native json support for reports is now available in master branch.
Please give it a try and report back any issues.
from aide.
Related Issues (20)
- Feature Request: Worker ratio
- Escape sequences in JSON output
- please consider relaxing file owner restrictions HOT 1
- Documented configuration parameter "syslog_format = true" not working. HOT 3
- Aide on Mobian Pinephone pro HOT 8
- Aide processes did not terminate in Redhat Entreprise 7.9 HOT 1
- Suggestion: Make a specific file comparison from a previous database HOT 2
- debian 10 - runtime error HOT 1
- undefined macro AC_MSG_ERROR & AC_DEFINE HOT 1
- handle interruptions
- AIDE rpm not located in RHEL UBI 8 AppStream repo HOT 1
- Remove old and obsolete algorithms in favor of modern HOT 7
- Connecting the application to the payment gateway
- Errors on database initialization with AIDE 0.18.1 on macOS HOT 2
- equals rule processing change with 0.18? HOT 4
- Please add password protection when updating the database HOT 6
- Use lgetxattr and not getxattr in do_md.c
- free(): double free detected in tcache 2 HOT 1
- Please update your gpg key HOT 1
- Unexpected character '@' error when rules start with a macro variable whose value begins with a slash HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aide.