Repository for log forwarder service?

[KlavsKlavsen]

Is your feature request related to a problem? Please describe. I am always frustrated when someone says to install software by "just doing wget of a script and feed to parser".. Its VERY INSECURE.. especially when I want to automate.. so I have to DL script and distribute that in some manual way, to avoid DNS attacks (which would get server to dl script from wrong source) - and also I have ZERO clue about exactly WHICH files were changed - if I want to uninstall.

Using this install method also means I can't use the time-tested solution of repository sync (we mirror all repositories and snapshot for security updates at regular intervals) - and apt/yum also has GPG signing built in - so I am well protected against supply chain attacks - which are on the rise currently.. (ie. you gpg sign your package on some well protected server - before you ship package to public repo on your end then if someone compromises your public repository server and changes packages - the clients will identify the gpg signature as no longer matching - stopping the attack).

So WHEN there already IS a well supported and well designed security solution on Linux (which both Apt and Yum/Dnf supports - which should tell you something) - then why are you not using it? Why must we degrade security to such a degree?

You could also built a snap package of it - that would work everywhere too - and solve the same needs of easy installation/uninstallation/update and KNOWING what gets run on your system as a system owner.

I need to learn how to mirror and snapshot snap repositores (snap store) anyways :)

Describe the solution you'd like I would love to have packages built of this software - and we'll gladly deliver a spec file (yum) and a debian package recipe if you like.

Describe alternatives you've considered a snap package could also work - it delivers the same benefits - the mirroring and snapshot parts aren't "as well supported" yet..

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[KlavsKlavsen]

I will gladly assist with packaging setup.. Me and my colleagues have a lot of experience with doing this.

[KlavsKlavsen]

The easiest is often to use fpm https://fpm.readthedocs.io/en/latest/index.html - it works a treat and build both deb and rpm packages without a hitch (its merely a 1-command thing - no config files needed).

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-amolpatil]

Hi @KlavsKlavsen , thank you for flagging this. Apologies for the delayed response. If you still need assistance, please reply here within 5 business days.

[v-amolpatil]

Gentle Reminder: We are awaiting for your response on this issue. If you still need to keep this issue active please respond within next 2 days. If we don't receive response by 16 Feb 2023, we will close this issue.

[KlavsKlavsen]

I will find a colleague who has time to do a PR for this

[v-amolpatil]

Hi @KlavsKlavsen, Is there any PR raised by your colleague ? Thanks.

[v-amolpatil]

Gentle Reminder: We are awaiting for your response on this issue. If you still need to keep this issue active please respond on it in the next 2 days 31st March.. If we don't receive response by given date we will be close this issue.

[KlavsKlavsen]

@v-amolpatil he is trying to figure out a way to do install from this repo onto a /tmp/tmproot folder - currently trying to use fakeroot.. Do you know of a command that works for your codebase, to do this?

[v-amolpatil]

I am not aware but will discuss my teammates and let you know.

[KlavsKlavsen]

alternatively build process becomes setting up a chroot and running wget in there, and then subtracting the chroot "dependency files" - to find the result of the install - to package up (pretty nasty :)

[v-amolpatil]

We are still looking into this and will get back to you.

[v-vdixit]

Hi @KlavsKlavsen This is a known feature request which is tracked by the Data collection team and the respective team is already working on it. So we are closing this issue #3608 based on our standard procedure.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.