Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jwall
Class Collector

java.lang.Object
  extended by org.jwall.Collector

public class Collector
extends Object

This is a small collector-tool that listens for events from the ModSecurity audit-engine and sends them back to a running ModSecurity Console. The tool is given a property-file on startup. This property-file needs to be setup with the host, port and auth-data of the console that you want to feed events to. A typical property-file for reading events from a concurrent audit-source looks like this: 

   org.modsecurity.console.host=webserver.example.com
   org.modsecurity.console.port=8886
   org.modsecurity.console.user=test
   org.modsecurity.console.pass=sensor
   org.modsecurity.collector.concurrent-log=/var/log/apache2/audit
   org.modsecurity.collector.concurrent-index=/var/log/apache2/audit/index
This will create a collector that expects all events to be written to unique-files below the directory /var/log/apache2/audit and an index written to /var/log/apache2/audit/index. The events that are read from this place will be sent to a console running on webserver.example.com at port 8886. It will authenticate to the console using the login test and password sensor. These properties can also be given to the collector tool on the commandline: 
    java -Dorg.modsecurity.console.host=webserver.example.com
         -Dorg.modsecurity.console.port=8886
         -Dorg.modsecurity.console.user=test
         ...

Author:
Christian Bockermann <chris@jwall.org>

Field Summary
static String COLLECTOR_CONCURRENT_INDEX
           
static String COLLECTOR_CONCURRENT_LOG
           
static String COLLECTOR_CONSOLE_PASSWORD
           
static String COLLECTOR_CONSOLE_URL
           
static String COLLECTOR_CONSOLE_USER
           
static String COLLECTOR_SEND_COMPLETE_LOG
           
static String COLLECTOR_SERIAL_LOG
           
static boolean DEBUG
          This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline
static Properties p
           
static String VERSION
           
 
Constructor Summary
Collector()
           
 
Method Summary
static boolean checkProperties(File pf)
          This method checks all the properties, found in the given file pf.
static AuditEventReader createAuditEventReader()
          This method is used to create an AuditEventReader that is Bsed as the event-source.
static String getProperty(String key)
           
static void main(String[] args)
          This is the entrypoint for the Collector-tool.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

COLLECTOR_SERIAL_LOG

public static final String COLLECTOR_SERIAL_LOG
See Also:
Constant Field Values

COLLECTOR_CONCURRENT_LOG

public static final String COLLECTOR_CONCURRENT_LOG
See Also:
Constant Field Values

COLLECTOR_CONCURRENT_INDEX

public static final String COLLECTOR_CONCURRENT_INDEX
See Also:
Constant Field Values

COLLECTOR_SEND_COMPLETE_LOG

public static final String COLLECTOR_SEND_COMPLETE_LOG
See Also:
Constant Field Values

COLLECTOR_CONSOLE_URL

public static final String COLLECTOR_CONSOLE_URL
See Also:
Constant Field Values

COLLECTOR_CONSOLE_USER

public static final String COLLECTOR_CONSOLE_USER
See Also:
Constant Field Values

COLLECTOR_CONSOLE_PASSWORD

public static final String COLLECTOR_CONSOLE_PASSWORD
See Also:
Constant Field Values

VERSION

public static final String VERSION
See Also:
Constant Field Values

p

public static Properties p

DEBUG

public static final boolean DEBUG
This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline

Constructor Detail

Collector

public Collector()
Method Detail

createAuditEventReader

public static AuditEventReader createAuditEventReader()
                                               throws Exception
This method is used to create an AuditEventReader that is Bsed as the event-source. Based on the properties set, it will return an instance that implements the AuditEventReader-interface, like ConcurrentAuditReader or ModSecurity2AuditReader.

Returns:
An instance that implements the AuditEventReader-interface.
Throws:
Exception - In case an error occurs or no properties have been set.

checkProperties

public static boolean checkProperties(File pf)
                               throws Exception
This method checks all the properties, found in the given file pf. If the file does not conform to a java-property file or does not contain the required properties, then false is returned. If the file is null, cannot be read or any other error occurs while reading the file, an exception will be thrown. The method returns true, iff all required properties are set within the file.

Parameters:
pf - The file to read properties from.
Returns:
true if all required properties are contained in the file.
Throws:
Exception - In case any error occurs while accessing the file.

getProperty

public static String getProperty(String key)

main

public static void main(String[] args)
This is the entrypoint for the Collector-tool. It expects args[0] to be the name or path of a property-file containing information about the remote-console and the source to read audit-events from. If the file does not contains the desired information, the Collector will exit.

Parameters:
args - The commandline arguments.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 jwall.org. All Rights Reserved.