org.jwall

Class Collector

java.lang.Object

org.jwall.Collector

public class Collector
extends Object

This is a small collector-tool that listens for events from the ModSecurity audit-engine and sends them back to a running ModSecurity Console. The tool is given a property-file on startup. This property-file needs to be setup with the host, port and auth-data of the console that you want to feed events to. A typical property-file for reading events from a concurrent audit-source looks like this:

   org.modsecurity.console.host=webserver.example.com
   org.modsecurity.console.port=8886
   org.modsecurity.console.user=test
   org.modsecurity.console.pass=sensor
   org.modsecurity.collector.concurrent-log=/var/log/apache2/audit
   org.modsecurity.collector.concurrent-index=/var/log/apache2/audit/index
 

This will create a collector that expects all events to be written to unique-files below the directory /var/log/apache2/audit and an index written to /var/log/apache2/audit/index. The events that are read from this place will be sent to a console running on webserver.example.com at port 8886. It will authenticate to the console using the login test and password sensor. These properties can also be given to the collector tool on the commandline:

    java -Dorg.modsecurity.console.host=webserver.example.com
         -Dorg.modsecurity.console.port=8886
         -Dorg.modsecurity.console.user=test
         ...
 

Author:

Christian Bockermann <chris@jwall.org>

Field Summary

Fields

Modifier and Type	Field and Description
static String	COLLECTOR_CONCURRENT_INDEX
static String	COLLECTOR_CONCURRENT_LOG
static String	COLLECTOR_CONSOLE_PASSWORD
static String	COLLECTOR_CONSOLE_URL
static String	COLLECTOR_CONSOLE_USER
static String	COLLECTOR_SEND_COMPLETE_LOG
static String	COLLECTOR_SERIAL_LOG
static boolean	DEBUG This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline
static Properties	p
static String	VERSION

Constructor Summary

Constructors

Constructor and Description
Collector()

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	checkProperties(File pf) This method checks all the properties, found in the given file pf.
static AuditEventReader	createAuditEventReader() This method is used to create an AuditEventReader that is Bsed as the event-source.
static String	getProperty(String key)
static void	main(String[] args) This is the entrypoint for the Collector-tool.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

COLLECTOR_SERIAL_LOG

public static final String COLLECTOR_SERIAL_LOG

See Also:

Constant Field Values

COLLECTOR_CONCURRENT_LOG

public static final String COLLECTOR_CONCURRENT_LOG

See Also:

Constant Field Values

COLLECTOR_CONCURRENT_INDEX

public static final String COLLECTOR_CONCURRENT_INDEX

See Also:

Constant Field Values

COLLECTOR_SEND_COMPLETE_LOG

public static final String COLLECTOR_SEND_COMPLETE_LOG

See Also:

Constant Field Values

COLLECTOR_CONSOLE_URL

public static final String COLLECTOR_CONSOLE_URL

See Also:

Constant Field Values

COLLECTOR_CONSOLE_USER

public static final String COLLECTOR_CONSOLE_USER

See Also:

Constant Field Values

COLLECTOR_CONSOLE_PASSWORD

public static final String COLLECTOR_CONSOLE_PASSWORD

See Also:

Constant Field Values

VERSION

public static final String VERSION

See Also:

Constant Field Values

p

public static Properties p

DEBUG

public static final boolean DEBUG

This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline

Constructor Detail

Collector

public Collector()

Method Detail

createAuditEventReader

public static AuditEventReader createAuditEventReader()
                                               throws Exception

This method is used to create an AuditEventReader that is Bsed as the event-source. Based on the properties set, it will return an instance that implements the AuditEventReader-interface, like ConcurrentAuditReader or ModSecurity2AuditReader.

Returns:

An instance that implements the AuditEventReader-interface.

Throws:

Exception - In case an error occurs or no properties have been set.

checkProperties

public static boolean checkProperties(File pf)
                               throws Exception

This method checks all the properties, found in the given file pf. If the file does not conform to a java-property file or does not contain the required properties, then false is returned. If the file is null, cannot be read or any other error occurs while reading the file, an exception will be thrown. The method returns true, iff all required properties are set within the file.

Parameters:

pf - The file to read properties from.

Returns:

true if all required properties are contained in the file.

Throws:

Exception - In case any error occurs while accessing the file.

getProperty

public static String getProperty(String key)

main

public static void main(String[] args)

This is the entrypoint for the Collector-tool. It expects args[0] to be the name or path of a property-file containing information about the remote-console and the source to read audit-events from. If the file does not contains the desired information, the Collector will exit.

Parameters:

args - The commandline arguments.