From b0da384e5383a725d7a44b7a24cbb0c690b76f04 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 14 Mar 2014 20:41:31 +0000
Subject: [PATCH] log to syslog (with --syslog flag)

---
 cmd/auditd/auditd.go           | 16 +++++++++++-----
 cmd/localauditd/localauditd.go | 17 +++++++++++------
 debian/ai-auditd.init          |  2 +-
 debian/localauditd.init        |  2 +-
 logging.go                     | 14 ++++++++++++++
 5 files changed, 38 insertions(+), 13 deletions(-)
 create mode 100644 logging.go

diff --git a/cmd/auditd/auditd.go b/cmd/auditd/auditd.go
index dbb262d..07bdd9a 100644
--- a/cmd/auditd/auditd.go
+++ b/cmd/auditd/auditd.go
@@ -5,20 +5,26 @@ import (
 	"fmt"
 	"log"
 
+	"git.autistici.org/ai/audit"
 	"git.autistici.org/ai/audit/server"
 )
 
 var (
-	sslCa   = flag.String("ssl-ca", "/etc/ai/internal_ca.pem", "SSL CA file")
-	sslCert = flag.String("ssl-cert", "/etc/ai/localhost_internal.pem", "SSL certificate file")
-	sslKey  = flag.String("ssl-key", "/etc/ai/localhost_internal.key", "SSL private key file")
-	dbDir   = flag.String("data-dir", "/var/lib/auditd", "Path to the database directory")
-	port    = flag.Int("port", 1717, "TCP port to listen on")
+	sslCa        = flag.String("ssl-ca", "/etc/ai/internal_ca.pem", "SSL CA file")
+	sslCert      = flag.String("ssl-cert", "/etc/ai/localhost_internal.pem", "SSL certificate file")
+	sslKey       = flag.String("ssl-key", "/etc/ai/localhost_internal.key", "SSL private key file")
+	dbDir        = flag.String("data-dir", "/var/lib/auditd", "Path to the database directory")
+	port         = flag.Int("port", 1717, "TCP port to listen on")
+	enableSyslog = flag.Bool("syslog", false, "Log to syslog")
 )
 
 func main() {
 	flag.Parse()
 
+	if *enableSyslog {
+		audit.SetupSyslog()
+	}
+
 	db := server.NewDB(*dbDir, nil)
 	server := server.NewHttpServer(db)
 	log.Fatal(server.ListenAndServeTLS(fmt.Sprintf(":%d", *port), *sslCa, *sslCert, *sslKey))
diff --git a/cmd/localauditd/localauditd.go b/cmd/localauditd/localauditd.go
index 02af240..b0a9a5c 100644
--- a/cmd/localauditd/localauditd.go
+++ b/cmd/localauditd/localauditd.go
@@ -21,12 +21,13 @@ import (
 )
 
 var (
-	sslCa      = flag.String("ssl-ca", "/etc/ai/internal_ca.pem", "SSL CA file")
-	sslCert    = flag.String("ssl-cert", "/etc/ai/localhost_internal.pem", "SSL certificate file")
-	sslKey     = flag.String("ssl-key", "/etc/ai/localhost_internal.key", "SSL private key file")
-	spoolDir   = flag.String("spool-dir", "/var/spool/audit/incoming", "Path to the spool directory")
-	serverUrl  = flag.String("server", "https://logs.m.investici.org:1717", "URL for the main audit server")
-	socketPath = flag.String("socket", "/var/run/audit/local", "Path to the local socket to listen on")
+	sslCa        = flag.String("ssl-ca", "/etc/ai/internal_ca.pem", "SSL CA file")
+	sslCert      = flag.String("ssl-cert", "/etc/ai/localhost_internal.pem", "SSL certificate file")
+	sslKey       = flag.String("ssl-key", "/etc/ai/localhost_internal.key", "SSL private key file")
+	spoolDir     = flag.String("spool-dir", "/var/spool/audit/incoming", "Path to the spool directory")
+	serverUrl    = flag.String("server", "https://logs.m.investici.org:1717", "URL for the main audit server")
+	socketPath   = flag.String("socket", "/var/run/audit/local", "Path to the local socket to listen on")
+	enableSyslog = flag.Bool("syslog", false, "Log to syslog")
 )
 
 // Local store-and-forward audit message server.
@@ -239,6 +240,10 @@ func (s *Spool) Flush(fn func([]byte) error) error {
 func main() {
 	flag.Parse()
 
+	if *enableSyslog {
+		audit.SetupSyslog()
+	}
+
 	tlsConf := audit.TLSClientAuthConfigWithCerts(*sslCa, *sslCert, *sslKey)
 	locald := newLocalServer(*spoolDir, *serverUrl+"/api/1/write", tlsConf)
 	log.Fatal(locald.Serve(*socketPath))
diff --git a/debian/ai-auditd.init b/debian/ai-auditd.init
index b67d6b5..cf52e38 100644
--- a/debian/ai-auditd.init
+++ b/debian/ai-auditd.init
@@ -46,7 +46,7 @@ do_start()
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER --exec $DAEMON --test > /dev/null \
 		|| return 1
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER --exec $DAEMON -- \
-		$DAEMON_ARGS \
+	        --syslog $DAEMON_ARGS \
 		|| return 2
 	# Add code here, if necessary, that waits for the process to be ready
 	# to handle requests from services started subsequently which depend
diff --git a/debian/localauditd.init b/debian/localauditd.init
index a4c4eb3..3e1dc5b 100644
--- a/debian/localauditd.init
+++ b/debian/localauditd.init
@@ -65,7 +65,7 @@ do_start()
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --umask 007 --exec $DAEMON --test > /dev/null \
 		|| return 1
 	start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --umask 007 --exec $DAEMON -- \
-		$DAEMON_ARGS \
+		--syslog $DAEMON_ARGS \
 		|| return 2
 	# Add code here, if necessary, that waits for the process to be ready
 	# to handle requests from services started subsequently which depend
diff --git a/logging.go b/logging.go
new file mode 100644
index 0000000..187b70b
--- /dev/null
+++ b/logging.go
@@ -0,0 +1,14 @@
+package audit
+
+import (
+	"log"
+	"log/syslog"
+)
+
+// A very simple way of logging to syslog (with a single priority).
+func SetupSyslog() {
+	if l, err := syslog.New(syslog.LOG_ERR, ""); err == nil {
+		log.SetOutput(l)
+		log.SetFlags(log.Lshortfile)
+	}
+}
-- 
GitLab