Graylog2
cloudtrail: Added errorCode
Hi, I've run into issues trying this with graylog 3.1.2.
I get the SNAPSHOT.jar to build but when I load it into graylog the input is disabled. I might be building it wrong, I had to hack around with webpack due to vendor manifests missing in graylog-web-interface.
mvn package worked but I couldn't do a release without having to do a release of the server one.
If you have suggestions on how to debug what the issue is I can confirm this works as expected.
Thanks
@hamstah Can you please provide more information about how the input is appearing disabled (eg. greyed out, or not showing up).
To build Graylog, you will need a full checkout of the Graylog server sources including the following two directories:
/graylog-project
/graylog-project-repos <- All server and plugin sources will be within these two directories.
You will need the graylog-project cli binary installed (https://github.com/Graylog2/graylog-project). You can follow the bootstrap instructions to check out and initialize all sources (including the AWS plugin). Once this is done, you can run mvn clean package -Dmaven.javadoc.skip=true -DskipTests in the graylog-project directory to build all project jars.
Please let me know if you hit any issues.
Thanks for the change you made in this PR. We appreciate the contribution. It definitely fixes the missing errorCode issue.
Could you please also add a unit test for this PR? I would like the test to verify that a CloudTrail message with and without the errorCode field is parsed correctly (based on some samples).
Something like this would work (with some added assertions):
package org.graylog.aws.inputs.cloudtrail;
import org.graylog2.plugin.Message;
import org.graylog2.plugin.configuration.Configuration;
import org.graylog2.plugin.journal.RawMessage;
import org.graylog2.shared.bindings.providers.ObjectMapperProvider;
import org.junit.Assert;
import org.junit.Test;
public class CloudTrailCodecTest {
@Test
public void testCodec() {
final CloudTrailCodec codec = new CloudTrailCodec(Configuration.EMPTY_CONFIGURATION,
new ObjectMapperProvider().get());
// Decode message with error code
final RawMessage rawMessage = new RawMessage(("{\n" +
" \"eventVersion\": \"1.0\",\n" +
" \"userIdentity\": {\n" +
" \"type\": \"IAMUser\",\n" +
" \"principalId\": \"EX_PRINCIPAL_ID\",\n" +
" \"arn\": \"arn:aws:iam::123456789012:user/Alice\",\n" +
" \"accountId\": \"123456789012\",\n" +
" \"accessKeyId\": \"EXAMPLE_KEY_ID\",\n" +
" \"userName\": \"Alice\"\n" +
" },\n" +
" \"eventTime\": \"2014-03-24T21:11:59Z\",\n" +
" \"eventSource\": \"iam.amazonaws.com\",\n" +
" \"eventName\": \"CreateUser\",\n" +
" \"awsRegion\": \"us-east-2\",\n" +
" \"sourceIPAddress\": \"127.0.0.1\",\n" +
" \"userAgent\": \"aws-cli/1.3.2 Python/2.7.5 Windows/7\",\n" +
" \"requestParameters\": {\"userName\": \"Bob\"},\n" +
" \"responseElements\": {\"user\": {\n" +
" \"createDate\": \"Mar 24, 2014 9:11:59 PM\",\n" +
" \"userName\": \"Bob\",\n" +
" \"arn\": \"arn:aws:iam::123456789012:user/Bob\",\n" +
" \"path\": \"/\",\n" +
" \"userId\": \"EXAMPLEUSERID\"\n" +
" }}\n" +
"}").getBytes());
final Message message = codec.decode(rawMessage);
// TODO: Some assertions to verify message contents (and error code)
final RawMessage noErrorRawMessage = new RawMessage(("{\n" +
" \"eventVersion\": \"1.04\",\n" +
" \"userIdentity\": {\n" +
" \"type\": \"IAMUser\",\n" +
" \"principalId\": \"EX_PRINCIPAL_ID\",\n" +
" \"arn\": \"arn:aws:iam::123456789012:user/Alice\",\n" +
" \"accountId\": \"123456789012\",\n" +
" \"accessKeyId\": \"EXAMPLE_KEY_ID\",\n" +
" \"userName\": \"Alice\"\n" +
" },\n" +
" \"eventTime\": \"2016-07-14T19:15:45Z\",\n" +
" \"eventSource\": \"cloudtrail.amazonaws.com\",\n" +
" \"eventName\": \"UpdateTrail\",\n" +
" \"awsRegion\": \"us-east-2\",\n" +
" \"sourceIPAddress\": \"205.251.233.182\",\n" +
" \"userAgent\": \"aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22\",\n" +
" \"requestParameters\": {\n" +
" \"name\": \"myTrail2\"\n" +
" },\n" +
" \"responseElements\": null,\n" +
" \"requestID\": \"5d40662a-49f7-11e6-97e4-d9cb6ff7d6a3\",\n" +
" \"eventID\": \"b7d4398e-b2f0-4faa-9c76-e2d316a8d67f\",\n" +
" \"eventType\": \"AwsApiCall\",\n" +
" \"recipientAccountId\": \"123456789012\"\n" +
"}").getBytes());
final Message noErrorMessage = codec.decode(noErrorRawMessage);
// TODO: Some assertions to verify message contents
}
}