def beacon(config):
"""
The journald beacon allows for the systemd journal to be parsed and linked
objects to be turned into events.
This beacons config will return all sshd jornal entries
.. code-block:: yaml
beacons:
journald:
sshd:
SYSLOG_IDENTIFIER: sshd
PRIORITY: 6
"""
ret = []
journal = _get_journal()
while True:
cur = journal.get_next()
if not cur:
break
for name in config:
n_flag = 0
for key in config[name]:
if isinstance(key, salt.ext.six.string_types):
key = salt.utils.locales.sdecode(key)
if key in cur:
if config[name][key] == cur[key]:
n_flag += 1
if n_flag == len(config[name]):
# Match!
ret.append(salt.utils.cloud.simple_types_filter(cur))
return ret
def beacon(config):
'''
The journald beacon allows for the systemd journal to be parsed and linked
objects to be turned into events.
This beacons config will return all sshd jornal entries
.. code-block:: yaml
beacons:
journald:
sshd:
SYSLOG_IDENTIFIER: sshd
PRIORITY: 6
'''
ret = []
journal = _get_journal()
while True:
cur = journal.get_next()
if not cur:
break
for name in config:
n_flag = 0
for key in config[name]:
if isinstance(key, salt.ext.six.string_types):
key = salt.utils.locales.sdecode(key)
if key in cur:
if config[name][key] == cur[key]:
n_flag += 1
if n_flag == len(config[name]):
# Match!
ret.append(salt.utils.cloud.simple_types_filter(cur))
return ret
def _run_systemd(self):
import select
import systemd.journal
journal = systemd.journal.Reader()
journal.seek_tail()
journal.get_previous() # See https://bugs.freedesktop.org/show_bug.cgi?id=64614
poll = select.poll()
poll.register(journal.fileno(), journal.get_events())
while True:
try:
poll.poll()
except select.error as e:
if e.errno != errno.EINTR: # check for legitimate signal
raise
entry = journal.get_next()
if not entry:
journal.process() # This is necessary to reset fd readable state
continue
try:
syslog_id = entry['SYSLOG_IDENTIFIER'].encode('ascii', 'ignore') if 'SYSLOG_IDENTIFIER' in entry else 'systemd'
message = entry['MESSAGE'].encode('ascii', 'ignore') if 'MESSAGE' in entry else 'none'
severity, msg = self._filter(syslog_id, message, entry)
self._print(severity, msg)
except Exception as e:
print(e)
print(traceback.print_exc())
def beacon(config):
"""
The journald beacon allows for the systemd journal to be parsed and linked
objects to be turned into events.
This beacons config will return all sshd jornal entries
.. code-block:: yaml
beacons:
journald:
- services:
sshd:
SYSLOG_IDENTIFIER: sshd
PRIORITY: 6
"""
ret = []
journal = _get_journal()
_config = {}
list(map(_config.update, config))
while True:
cur = journal.get_next()
if not cur:
break
for name in _config.get("services", {}):
n_flag = 0
for key in _config["services"][name]:
if isinstance(key, salt.ext.six.string_types):
key = salt.utils.data.decode(key)
if key in cur:
if _config["services"][name][key] == cur[key]:
n_flag += 1
if n_flag == len(_config["services"][name]):
# Match!
sub = salt.utils.data.simple_types_filter(cur)
sub.update({"tag": name})
ret.append(sub)
return ret
