created error log output feature #301
This commit is contained in:
DustInDark
@@ -37,9 +37,8 @@ pub struct DisplayFormat<'a> {
|
||||
pub fn after_fact() {
|
||||
let fn_emit_csv_err = |err: Box<dyn Error>| {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("Failed to write CSV. {}", err),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
process::exit(1);
|
||||
@@ -56,9 +55,8 @@ pub fn after_fact() {
|
||||
Ok(file) => Box::new(BufWriter::new(file)),
|
||||
Err(err) => {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("Failed to open file. {}", err),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
process::exit(1);
|
||||
|
||||
@@ -13,7 +13,7 @@ use crate::yaml::ParseYaml;
|
||||
use hashbrown;
|
||||
use serde_json::Value;
|
||||
use std::collections::HashMap;
|
||||
use std::fs::File;
|
||||
use std::fs::OpenOptions;
|
||||
use std::io::BufWriter;
|
||||
use tokio::{runtime::Runtime, spawn, task::JoinHandle};
|
||||
|
||||
@@ -62,9 +62,13 @@ impl Detection {
|
||||
rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids);
|
||||
if result_readdir.is_err() {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("{}", result_readdir.unwrap_err()),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
return vec![];
|
||||
|
||||
@@ -14,9 +14,8 @@ use std::fs::create_dir;
|
||||
use std::fs::remove_file;
|
||||
use std::fs::File;
|
||||
use std::io::BufWriter;
|
||||
use std::path::Path;
|
||||
|
||||
use std::io::{self, Write};
|
||||
use std::path::Path;
|
||||
use std::sync::Mutex;
|
||||
|
||||
#[derive(Debug)]
|
||||
@@ -235,10 +234,7 @@ impl AlertMessage {
|
||||
}
|
||||
|
||||
/// ERRORメッセージを表示する関数。error_log_flagでfalseの場合は外部へのエラーログの書き込みは行わずに指定されたwを用いた出力のみ行う。trueの場合はwを用いた出力を行わずにエラーログへの出力を行う
|
||||
pub fn alert<W: Write>(w: &mut W, contents: String, error_log_flag: bool) -> io::Result<()> {
|
||||
if error_log_flag {
|
||||
ALERT_COUNT_IN_ERROR_LOG.lock().unwrap().countup();
|
||||
}
|
||||
pub fn alert<W: Write>(w: &mut W, contents: String) -> io::Result<()> {
|
||||
writeln!(w, "[ERROR] {}", contents)
|
||||
}
|
||||
|
||||
@@ -386,7 +382,7 @@ mod tests {
|
||||
let input = "TEST!";
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[ERROR] TEST!");
|
||||
AlertMessage::alert(&mut stdout, input.to_string()).expect("[ERROR] TEST!");
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -394,7 +390,7 @@ mod tests {
|
||||
let input = "TESTWarn!";
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[WARN] TESTWarn!");
|
||||
AlertMessage::alert(&mut stdout, input.to_string()).expect("[WARN] TESTWarn!");
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
||||
@@ -7,7 +7,7 @@ use crate::detections::rule::RuleNode;
|
||||
use chrono::{DateTime, TimeZone, Utc};
|
||||
use serde_json::Value;
|
||||
use std::collections::HashMap;
|
||||
use std::fs::File;
|
||||
use std::fs::OpenOptions;
|
||||
use std::io::BufWriter;
|
||||
use std::num::ParseIntError;
|
||||
|
||||
@@ -60,9 +60,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
|
||||
}
|
||||
None => {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("field_value alias not found.value:{}", field_value),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
}
|
||||
@@ -77,9 +81,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
|
||||
}
|
||||
None => {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("by_field_value alias not found.value:{}", by_field_value),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
}
|
||||
@@ -160,9 +168,13 @@ impl TimeFrameInfo {
|
||||
tnum.retain(|c| c != 'd');
|
||||
} else {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("Timeframe is invalid. Input value:{}", value),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
}
|
||||
@@ -193,9 +205,13 @@ pub fn get_sec_timeframe(timeframe: &Option<TimeFrameInfo>) -> Option<i64> {
|
||||
}
|
||||
Err(err) => {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
format!("Timeframe number is invalid. timeframe.{}", err),
|
||||
true,
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("Timeframe number is invalid. timeframe: {}", err),
|
||||
)
|
||||
.ok();
|
||||
return Option::None;
|
||||
|
||||
21
src/main.rs
21
src/main.rs
@@ -17,6 +17,7 @@ use pbr::ProgressBar;
|
||||
use serde_json::Value;
|
||||
use std::collections::{HashMap, HashSet};
|
||||
use std::fmt::Display;
|
||||
use std::fs::OpenOptions;
|
||||
use std::io::BufWriter;
|
||||
use std::sync::Arc;
|
||||
use std::{
|
||||
@@ -74,7 +75,6 @@ impl App {
|
||||
AlertMessage::alert(
|
||||
&mut std::io::stderr().lock(),
|
||||
"--filepath only accepts .evtx files.".to_owned(),
|
||||
false,
|
||||
)
|
||||
.ok();
|
||||
return;
|
||||
@@ -105,15 +105,20 @@ impl App {
|
||||
let analysis_duration = analysis_end_time.signed_duration_since(analysis_start_time);
|
||||
println!("Elapsed Time: {}", &analysis_duration.hhmmssxxx());
|
||||
println!("");
|
||||
AlertMessage::output_error_log_exist();
|
||||
}
|
||||
|
||||
fn collect_evtxfiles(&self, dirpath: &str) -> Vec<PathBuf> {
|
||||
let entries = fs::read_dir(dirpath);
|
||||
if entries.is_err() {
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
format!("{}", entries.unwrap_err()),
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
return vec![];
|
||||
@@ -147,7 +152,7 @@ impl App {
|
||||
match fs::read_to_string("./contributors.txt") {
|
||||
Ok(contents) => println!("{}", contents),
|
||||
Err(err) => {
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err), false).ok();
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err)).ok();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -217,9 +222,13 @@ impl App {
|
||||
record_result.unwrap_err()
|
||||
);
|
||||
AlertMessage::alert(
|
||||
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()),
|
||||
&mut BufWriter::new(
|
||||
OpenOptions::new()
|
||||
.append(true)
|
||||
.open(ERROR_LOG_PATH.to_string())
|
||||
.unwrap(),
|
||||
),
|
||||
errmsg,
|
||||
true,
|
||||
)
|
||||
.ok();
|
||||
continue;
|
||||
|
||||
Reference in New Issue
Block a user