log to syslog (with --syslog flag)

b0da384e · ale · 685988f9 · b0da384e · b0da384e · b0da384e
Commit b0da384e authored 11 years ago by ale
--- a/cmd/auditd/auditd.go
+++ b/cmd/auditd/auditd.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"

+	"git.autistici.org/ai/audit"
 	"git.autistici.org/ai/audit/server"
 )

@@ -14,11 +15,16 @@ var (
 	sslKey       = flag.String("ssl-key", "/etc/ai/localhost_internal.key", "SSL private key file")
 	dbDir        = flag.String("data-dir", "/var/lib/auditd", "Path to the database directory")
 	port         = flag.Int("port", 1717, "TCP port to listen on")
+	enableSyslog = flag.Bool("syslog", false, "Log to syslog")
 )

 func main() {
 	flag.Parse()

+	if *enableSyslog {
+		audit.SetupSyslog()
+	}
+
 	db := server.NewDB(*dbDir, nil)
 	server := server.NewHttpServer(db)
 	log.Fatal(server.ListenAndServeTLS(fmt.Sprintf(":%d", *port), *sslCa, *sslCert, *sslKey))

--- a/cmd/localauditd/localauditd.go
+++ b/cmd/localauditd/localauditd.go
@@ -27,6 +27,7 @@ var (
 	spoolDir     = flag.String("spool-dir", "/var/spool/audit/incoming", "Path to the spool directory")
 	serverUrl    = flag.String("server", "https://logs.m.investici.org:1717", "URL for the main audit server")
 	socketPath   = flag.String("socket", "/var/run/audit/local", "Path to the local socket to listen on")
+	enableSyslog = flag.Bool("syslog", false, "Log to syslog")
 )

 // Local store-and-forward audit message server.
@@ -239,6 +240,10 @@ func (s *Spool) Flush(fn func([]byte) error) error {
 func main() {
 	flag.Parse()

+	if *enableSyslog {
+		audit.SetupSyslog()
+	}
+
 	tlsConf := audit.TLSClientAuthConfigWithCerts(*sslCa, *sslCert, *sslKey)
 	locald := newLocalServer(*spoolDir, *serverUrl+"/api/1/write", tlsConf)
 	log.Fatal(locald.Serve(*socketPath))

--- a/debian/ai-auditd.init
+++ b/debian/ai-auditd.init
@@ -46,7 +46,7 @@ do_start()
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER --exec $DAEMON --test > /dev/null \
 		|| return 1
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER --exec $DAEMON -- \
-		$DAEMON_ARGS \
+	        --syslog $DAEMON_ARGS \
 		|| return 2
 	# Add code here, if necessary, that waits for the process to be ready
 	# to handle requests from services started subsequently which depend

--- a/debian/localauditd.init
+++ b/debian/localauditd.init
@@ -65,7 +65,7 @@ do_start()
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --umask 007 --exec $DAEMON --test > /dev/null \
 		|| return 1
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --umask 007 --exec $DAEMON -- \
-		$DAEMON_ARGS \
+		--syslog $DAEMON_ARGS \
 		|| return 2
 	# Add code here, if necessary, that waits for the process to be ready
 	# to handle requests from services started subsequently which depend

--- a/logging.go
+++ b/logging.go
+package audit
+
+import (
+	"log"
+	"log/syslog"
+)
+
+// A very simple way of logging to syslog (with a single priority).
+func SetupSyslog() {
+	if l, err := syslog.New(syslog.LOG_ERR, ""); err == nil {
+		log.SetOutput(l)
+		log.SetFlags(log.Lshortfile)
+	}
+}