diff --git a/dist.ini b/dist.ini new file mode 100644 index 0000000..d3db805 --- /dev/null +++ b/dist.ini @@ -0,0 +1,27 @@ +name = OSSEC +author = Domink Meyer +license = GPL_3 +copyright_holder = Dominik Meyer +copyright_year = 2019 + +main_module = lib/OSSEC.pm + +[@Basic] + +[MetaResources] +repository.url = https://gitcloud.federationhq.de/OSSEC.git +repository.type = git +bugtracker.mailto = dmeyer@federationhq.de + +[@Git] +[Git::NextVersion] +first_version = 0.1 ; this is the default +version_by_branch = 1 ; this is the default +[PkgVersion] +use_package = 1 + +[AutoPrereqs] +[PodWeaver] +[ChangelogFromGit] +[@TestingMania] +disable = Test::CPAN::Changes diff --git a/lib/OSSEC.pm b/lib/OSSEC.pm new file mode 100644 index 0000000..e7fe41b --- /dev/null +++ b/lib/OSSEC.pm @@ -0,0 +1,23 @@ +package OSSEC; + +# ABSTRACT: OSSEC - +use strict; +use warnings; +use Moose; +use OSSEC::Log; + +has 'ossecPath' => (is => 'rw', isa => 'Str' , default => "/var/ossec" ); + +=method arLog + + returns object to a ossec log object for loggin active response activity + +=cut +sub arLog +{ + my $self = shift; + + return OSSEC::Log->new(ossecPath => $self->ossecPath(), file => "logs/active-responses.log"); +} + +1; diff --git a/lib/OSSEC/Log.pm b/lib/OSSEC/Log.pm new file mode 100644 index 0000000..a0234f7 --- /dev/null +++ b/lib/OSSEC/Log.pm @@ -0,0 +1,172 @@ +package OSSEC::Log; + +# ABSTRACT: OSSEC::Log - Module for logging OSSEC log messages +use strict; +use warnings; +use Moose; +use DateTime; + +=attr ossecPath + + base path to the ossec installation B /var/ossec + +=cut +has 'ossecPath' => (is => 'rw', isa => 'Str' , default => "/var/ossec" ); + +=attr file + + in which file to log the messages + +=cut +has 'file' => (is => 'rw', isa => 'Str'); + + +=method error + +log error message + +=over + +=item B=I + +=item B=I + +=back + + log->error("OSSEC-Jabber","alert not found"); + +=cut +sub error +{ + my $self = shift; + my $programm = shift; + my $message = shift; + + $self->log("ERROR",$programm, $message); +} + +=method fatal + +log fatal message and die + +=over + +=item B=I + +=item B=I + +=back + + log->fatal("OSSEC-Jabber","could not connect to mysql server"); + +=cut +sub fatal +{ + my $self = shift; + my $programm = shift; + my $message = shift; + + $self->log("FATAL",$programm, $message); + die; +} + +=method info + +log info message + +=over + +=item B=I + +=item B=I + +=back + + log->info("OSSEC-Jabber","alert send"); + +=cut +sub info +{ + my $self = shift; + my $programm = shift; + my $message = shift; + + $self->log("INFO",$programm, $message); +} + +=method debug + +log debug message + +=over + +=item B=I + +=item B=I + +=back + + log->error("OSSEC-Jabber","found alert in database"); + +=cut +sub debug +{ + my $self = shift; + my $programm = shift; + my $message = shift; + + $self->log("DEBUG",$programm, $message); +} + + +=method log + +log messages to the logfile + +=over + +=item B=I + +=item B=I + +=item B=I + +=back + +=cut +sub log +{ + my $self = shift; + my $type = shift; + my $programm = shift; + my $message = shift; + + # a logfile is required + die("no logfile selected") unless $self->file(); + + # create the full path to the file + my $file = $self->ossecPath() . "/" . $self->file(); + + # open the logfile + open(my $fh1, ">>", "/tmp/log"); + + print $fh1 $file . "\n"; + + close $fh1; + + my $dt = DateTime->now; + + # create the full log message + my $msg = sprintf("%10s %8s - %5s - %20s - %s\n",$dt->ymd(), $dt->hms(), $type, $programm, $message); + + + # open the logfile + open(my $fh, ">>", $file); + + print $fh $msg; + + close $fh; + +} + +1; diff --git a/t/90-logging.t b/t/90-logging.t new file mode 100644 index 0000000..7a627ec --- /dev/null +++ b/t/90-logging.t @@ -0,0 +1,43 @@ +use 5.006; +use strict; +use warnings; +use Test::More; +use Test::Exception; +use OSSEC; +use File::Temp qw/ tempfile tempdir /; + + +#first create a tempdirectory where we put the logs +my $tempDir = tempdir( CLEANUP => 0); + +#create basic directory hierarchy +readpipe("mkdir $tempDir" . "/logs"); + +my $ossec; +lives_ok( sub { + $ossec = OSSEC->new(ossecPath=>$tempDir); +}); + +my $log; +lives_ok( sub { + $log = $ossec->arLog(); +}); + +lives_ok( sub { + $log->error("test app" , "this is a test"); +}); + +dies_ok( sub { + $log->fatal("test app" , "this is a test"); +}); + +lives_ok( sub { + $log->info("test app" , "this is a test"); +}); + +lives_ok( sub { + $log->debug("test app" , "this is a test"); +}); + + +done_testing();