#!/bin/sh
##############################
##############################
# Do not edit this file, edit /etc/elsa_vars.sh if you need to make any changes.
##############################
##############################
export PATH=$PATH:/usr/local/bin
# CONFIG VARIABLES
BRANCH_NAME="master"
ELSA_GIT_REPO="https://github.com/mcholste/elsa.git"
BASE_DIR="/usr/local"
DATA_DIR="/data"
TMP_DIR="/tmp"
# Include any local syslog-ng.conf statements in this file
LOCAL_SYSLOG_CONF="/etc/elsa_syslog-ng.conf"
# Set this in /etc/elsa_vars.sh to be "1" if you want to skip updating the syslog-ng.conf file entirely
USE_LOCAL_SYSLOG_CONF="0"
# Enable to leave custom Apache config in place
USE_LOCAL_APACHE_CONF="0"
# Override this in /etc/elsa_vars.sh to be able to edit this file and not have a version from svn overwrite it
USE_LOCAL_INSTALL="0"
# Set this to 1 if you want to use custom MySQL packages
USE_LOCAL_MYSQL_PACKAGES=0
# Do we allow unparsed logs? Yes by default.
FILTER_UNPARSED=0
# Version to download
VERSION=HEAD
MYSQL_NODE_DB="syslog"
# Web DB settings
MYSQL_HOST="localhost"
MYSQL_PORT="3306"
MYSQL_DB="elsa_web"
MYSQL_USER="elsa"
MYSQL_PASS="biglog"
MYSQL_ROOT_USER="root"
MYSQL_ROOT_PASS=""
# These should be fine
#SPHINX_VER="2.0.5-release"
#SPHINX_VER="2.1.1-beta"
SPHINX_VER="2.1.9-release"
EVENTLOG_VER="0.2.13"
SYSLOG_VER="3.4.7"
GEOIP_DIR="/usr/share/GeoIP/"
APACHE="apache2"
if [ -f "/sbin/md5" ]; then
MD5SUM="/sbin/md5";
else
MD5SUM="md5sum"
fi
if [ "x$SHELL"=="x" ]; then
SHELL="/bin/bash"
fi
if [ ! -f $SHELL ]; then
SHELL="/bin/dash"
if [ ! -f $SHELL ]; then
SHELL="/bin/csh"
if [ ! -f $SHELL ]; then
echo "Unable to determine our shell (not /bin/bash, /bin/dash, or /bin/csh), please set in /etc/elsa_vars.sh"
exit;
fi
fi
fi
########################################
# Determine type of install
INSTALL=""
if [ "$1" = "node" ]; then
INSTALL="node";
elif [ "$1" = "web" ]; then
INSTALL="web";
else
echo "Invoke with either $0 web or $0 node"
exit;
fi
OP="ALL"
if [ "a$2" != "a" ]; then
OP=$2
fi
THIS_FILE=$(basename "$0")
SELF=$(cd `dirname "$0"` && pwd)/$THIS_FILE
DISTRO="ubuntu"
MYSQL_SERVICE_NAME="mysql"
CRONTAB_DIR="/var/spool/cron/crontabs"
WEB_USER="www-data"
MYSQL_OS_USER="mysql"
CRON_SERVICE="cron"
INIT_DIR=/etc/init.d/
if [ -f /etc/redhat-release ] || [ -f /etc/fedora-release ] || [ -f /etc/system-release ]; then
DISTRO="centos"
MYSQL_SERVICE_NAME="mysqld"
CRONTAB_DIR="/var/spool/cron"
WEB_USER="apache"
CRON_SERVICE="crond"
GEOIP_DIR="/usr/local/share/GeoIP/"
APACHE="httpd"
elif [ -f /etc/SuSE-release ]; then
DISTRO="suse"
CRONTAB_DIR="/var/spool/cron/tabs"
WEB_USER="wwwrun"
elif [ -f /etc/freebsd-update.conf ]; then
DISTRO="freebsd"
CRONTAB_DIR="/var/cron/tabs"
INIT_DIR=/usr/local/etc/rc.d/
WEB_USER="www"
GEOIP_DIR="/usr/local/share/GeoIP/"
# FreeBSD does better over HTTP than FTP
export PACKAGEROOT="http://ftp.freebsd.org"
if [ ! -d "/usr/local/etc/$APACHE" ]; then
APACHE="apache22";
fi
fi
# Include local config
if [ -f /etc/elsa_vars.sh ]; then
. /etc/elsa_vars.sh
fi
echo "Assuming distro to be $DISTRO"
MYSQL_PASS_SWITCH=""
if [ "$MYSQL_ROOT_PASS" != "" ]; then
MYSQL_PASS_SWITCH="-p$MYSQL_ROOT_PASS"
fi
check_node_installed(){
if [ -f /etc/elsa_node.conf ]; then
echo "Found /etc/elsa_node.conf, which means ELSA is already installed. Won't install over an existing installation, use update instead. To force a re-installation, move or delete /etc/elsa_node.conf"
exit;
fi
}
centos_get_node_packages(){
# Install required packages
yum -y update
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
yum -yq install mysql-server mysql-libs mysql-devel
fi
yum -yq install git flex bison ntpdate perl perl-devel curl make subversion gcc gcc-c++ pkg-config pkgconfig pcre-devel libcap-devel libnet-devel openssl-devel libopenssl-devel glib2-devel perl-Module-Build perl-Module-Install perl-CPAN perl-Test-Simple perl-ExtUtils-MakeMaker
return $?
}
suse_get_node_packages(){
# Install required packages
LIBNET_PKG="libnet-devel";
if [ -f /usr/local/lib/libnet.so ]; then
echo "Using locally installed libnet"
LIBNET_PKG=""
fi
zypper -n update
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
zypper -qn install mysql-community-server libmysqlclient-devel
fi
zypper -qn install git ntp perl curl make subversion gcc gcc-c++ pkg-config pcre-devel libcap-devel $LIBNET_PKG libopenssl-devel glib2-devel pam-devel perl-Module-Build
return $?
}
ubuntu_get_node_packages(){
apt-get update
# Don't ask for mysql password
echo "debconf debconf/frontend select noninteractive" | debconf-set-selections
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
apt-get -qy install mysql-server libmysqlclient-dev
fi
# Install required packages
apt-get -qy install git curl subversion gcc g++ pkg-config libglib2.0-dev libpcre3-dev libcap-dev libnet1-dev libssl-dev make libmodule-build-perl &&
# Make debconf interactive again
echo "debconf debconf/frontend select readline" | debconf-set-selections
return $?
}
freebsd_get_node_packages(){
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
pkg_add -Fr mysql55-server
fi
pkg_add -Fr subversion wget curl perl syslog-ng p5-App-cpanminus &&
enable_service "mysql" &&
service mysql-server start &&
disable_service "syslogd" &&
# This could fail if it's already disabled
service syslogd stop
# Check to see if we got syslog-ng v3 from pkg_add
pkg_info -E -x syslog-ng | cut -d\- -f3 | egrep "^3\."
if [ $? -eq 1 ]; then
echo "Added old syslog-ng, correcting with syslog-ng3"
pkg_delete $(pkg_info -E -x syslog-ng) &&
pkg_add -r syslog-ng3
fi
if [ \! -f /usr/local/etc/syslog-ng.conf ]; then
cp /usr/local/etc/syslog-ng.conf.dist /usr/local/etc/syslog-ng.conf
fi
if [ \! -f /usr/local/etc/elsa_syslog-ng.conf ]; then
# Copy the syslog-ng.conf
echo "Creating elsa_syslog-ng.conf"
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "/usr/local/etc/elsa_syslog-ng.conf" &&
echo "@include \"elsa_syslog-ng.conf\"" >> /usr/local/etc/syslog-ng.conf
else
grep "elsa_syslog-ng.conf" /usr/local/etc/elsa_syslog-ng.conf
if [ $? -ne 0 ]; then
# Copy the syslog-ng.conf
echo "Creating elsa_syslog-ng.conf"
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "/usr/local/etc/elsa_syslog-ng.conf" &&
echo "@include \"elsa_syslog-ng.conf\"" >> /usr/local/etc/syslog-ng.conf
else
echo "/usr/local/etc/syslog-ng.conf already configured"
fi
fi
enable_service "syslog-ng" &&
service syslog-ng start
pgrep syslog-ng
return $?
}
freebsd_get_node_packages_ports(){
portsnap update
if [ $? -ne 0 ]; then
portsnap extract
fi
# Install subversion
if [ \! -f /usr/local/bin/svn ]; then
cd /usr/ports/devel/subversion && make install clean
fi
# Install curl
if [ \! -f /usr/local/bin/curl ]; then
cd /usr/ports/ftp/curl && make install clean
fi
# Install MySQL client and server
if [ \! -f /usr/local/bin/mysql ] || [ \! -f /usr/local/bin/mysqld_safe ]; then
cd /usr/ports/databases/mysql55-server &&
make install clean;
# Enable MySQL
echo 'mysql_enable="YES"' >> /etc/rc.conf
service mysql-server start
# Turn on ARCHIVE engine
mysql -e "install plugin archive soname 'ha_archive.so'"
fi
# Install Perl
if [ \! -f /usr/local/bin/perl ]; then
cd /usr/ports/lang/perl5.10 && make install clean
fi
# These should happen automatically because of the syslog-ng install
## Install libnet
#if [ \! -f /usr/local/include/libnet115/libnet.h ]; then
# cd /usr/ports/net/libnet-devel && make install clean
#fi
## Install glib-2.0
#if [ \! -f /usr/local/include/glib-2.0/glib.h ]; then
# cd /usr/ports/devel/glib20 && make install clean
#fi
## Install OpenSSL
#if [ \! -d /usr/local/include/openssl ]; then
# cd /usr/ports/security/openssl && make install clean
#fi
# Install Syslog-NG
if [ \! -f /usr/local/sbin/syslog-ng ]; then
cd /usr/ports/sysutils/syslog-ng && make install clean
fi
if [ \! -f /usr/local/etc/elsa_syslog-ng.conf ]; then
# Copy the syslog-ng.conf
echo "Creating elsa_syslog-ng.conf"
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "/usr/local/etc/elsa_syslog-ng.conf" &&
echo "@include \"elsa_syslog-ng.conf\"" >> /usr/local/etc/syslog-ng.conf
fi
disable_service "syslogd" &&
# This could fail if it's already disabled
service syslogd stop
enable_service "syslog-ng" &&
service syslog-ng restart
return $?
}
set_date(){
ntpdate time.nist.gov
# we don't care about the error code, and sometimes ntpd blocks this
return 0
}
get_elsa_from_github(){
# Find our current md5
BEFORE_MD5=$($MD5SUM $SELF | cut -f1 -d\ )
echo "Current MD5: $BEFORE_MD5"
# Get the latest code from Github
cd $BASE_DIR
if [ \! -d elsa ]; then
git clone $ELSA_GIT_REPO
fi
cd elsa && git fetch && git checkout $BRANCH_NAME &&
mkdir -p "$BASE_DIR/elsa/node/tmp/locks" &&
touch "$BASE_DIR/elsa/node/tmp/locks/directory"
touch "$BASE_DIR/elsa/node/tmp/locks/query"
UPDATE_OK=$?
DOWNLOADED="$BASE_DIR/elsa/contrib/$THIS_FILE"
AFTER_MD5=$($MD5SUM $DOWNLOADED | cut -f1 -d\ )
echo "Latest MD5: $AFTER_MD5"
if [ "$BEFORE_MD5" != "$AFTER_MD5" ] && [ "$USE_LOCAL_INSTALL" != "1" ]; then
echo "Restarting with updated install.sh..."
echo "$SHELL $DOWNLOADED $INSTALL $OP"
$SHELL $DOWNLOADED $INSTALL $OP;
exit;
else
return $UPDATE_OK
fi
}
get_elsa(){
# Find our current md5
BEFORE_MD5=$($MD5SUM $SELF | cut -f1 -d\ )
echo "Current MD5: $BEFORE_MD5"
# Get the latest code from Google Code
cd $BASE_DIR
# Check to see if svn accepts --trust-server-cert
SVN_TRUST_SERVER_CERT=" --trust-server-cert"
svn help export | grep trust
if [ $? -ne 0 ]; then
SVN_TRUST_SERVER_CERT=""
fi
svn -r $VERSION --non-interactive $SVN_TRUST_SERVER_CERT --force export "https://enterprise-log-search-and-archive.googlecode.com/svn/branches/elsa/1.5" elsa &&
mkdir -p "$BASE_DIR/elsa/node/tmp/locks" &&
touch "$BASE_DIR/elsa/node/tmp/locks/directory"
touch "$BASE_DIR/elsa/node/tmp/locks/query"
UPDATE_OK=$?
DOWNLOADED="$BASE_DIR/elsa/contrib/$THIS_FILE"
AFTER_MD5=$($MD5SUM $DOWNLOADED | cut -f1 -d\ )
echo "Latest MD5: $AFTER_MD5"
if [ "$BEFORE_MD5" != "$AFTER_MD5" ] && [ "$USE_LOCAL_INSTALL" != "1" ]; then
echo "Restarting with updated install.sh..."
echo "$SHELL $DOWNLOADED $INSTALL $OP"
$SHELL $DOWNLOADED $INSTALL $OP;
exit;
else
return $UPDATE_OK
fi
}
get_cpanm(){
if [ \! -f /usr/local/bin/cpanm ]; then
cd $TMP_DIR && curl --insecure -L http://cpanmin.us | perl - App::cpanminus
if [ \! -f /usr/local/bin/cpanm ]; then
echo "Downloading from cpanmin.us failed, downloading from xrl.us"
curl -LO http://xrl.us/cpanm &&
chmod +x cpanm &&
mv cpanm /usr/local/bin/cpanm
fi
fi
CPANM=$(which cpanm);
if [ \! -f "$CPANM" ]; then
echo "ERROR: Unable to find cpanm"
return 1;
fi
return 0
}
build_node_perl(){
# FreeBSD has trouble testing with the current version of ExtUtils
if [ "$DISTRO" = "freebsd" ]; then
cpanm -n ExtUtils::MakeMaker
# This can fail when installing via cpanm, so we'll have ports build it
cd /usr/ports/devel/p5-Sys-MemInfo && make install clean
else
cpanm Sys::MemInfo
fi
if [ "$DISTRO" = "centos" ]; then
# No test because of a bug in the CentOS-specific distro detection
cpanm -n Sys::Info
fi
RETVAL=0
# Now cpanm is available to install the rest
for RETRY in 1 2 3; do
# Installing specific version of Test::Simple@0.98 until this is resolved: https://rt.cpan.org/Public/Bug/Display.html?id=89473
cpanm Test::Simple@0.98
# Broken test in DBD::mysql
cpanm -n DBD::mysql
cpanm Time::HiRes CGI Moose JSON::XS Config::JSON String::CRC32 Log::Log4perl DBD::mysql Date::Manip Sys::Info MooseX::Traits DateTime::Format::Strptime Storable JSON Net::OpenSSH Module::Pluggable File::Copy LWP::UserAgent Plack Digest::MD5 Archive::Zip Apache::Admin::Config Digest::SHA MooseX::Log::Log4perl Log::Log4perl::Appender::Socket::UNIX
RETVAL=$?
if [ "$RETVAL" = 0 ]; then
break;
fi
echo "Retry $RETRY"
done
# OpenSSH wants user input to test
cpanm -n Net::OpenSSH
# Log::Syslog::Fast often fails for no good reason and is optional
cpanm -n Log::Syslog::Fast
return $RETVAL
}
enable_service(){
if [ "$DISTRO" = "centos" ] || [ "$DISTRO" = "suse" ]; then
chkconfig $1 on
return $?
elif [ "$DISTRO" = "ubuntu" ]; then
update-rc.d $1 defaults
elif [ "$DISTRO" = "freebsd" ]; then
SVC_NAME=$(echo $1 | sed -e "s|\-|\_|g")
grep $SVC_NAME"_enable=\"YES\"" /etc/rc.conf
if [ $? -ne 0 ]; then
echo "Editing /etc/rc.conf to enable $1"
echo $SVC_NAME"_enable=\"YES\"" >> /etc/rc.conf
fi
fi
return $?
}
disable_service(){
if [ "$DISTRO" = "centos" ] || [ "$DISTRO" = "suse" ]; then
chkconfig $1 off
return $?
elif [ "$DISTRO" = "ubuntu" ]; then
update-rc.d $1 disable
elif [ "$DISTRO" = "freebsd" ]; then
SVC_NAME=$(echo $1 | sed -e "s|\-|\_|g")
grep $SVC_NAME"_enable=\"NO\"" /etc/rc.conf
if [ $? -ne 0 ]; then
echo "Editing /etc/rc.conf to disable $1"
echo $SVC_NAME"_enable=\"NO\"" >> /etc/rc.conf
fi
fi
return $?
}
build_sphinx(){
# Get and build sphinx on nodes
cd $TMP_DIR &&
curl http://sphinxsearch.com/files/sphinx-$SPHINX_VER.tar.gz > sphinx-$SPHINX_VER.tar.gz &&
tar xzvf sphinx-$SPHINX_VER.tar.gz &&
cd sphinx-$SPHINX_VER &&
./configure --enable-id64 "--prefix=$BASE_DIR/sphinx" && make && make install &&
mkdir -p $BASE_DIR/etc &&
touch "$BASE_DIR/etc/sphinx_stopwords.txt"
if [ "$DISTRO" = "freebsd" ]; then
cp $BASE_DIR/elsa/contrib/searchd.freebsd $INIT_DIR/searchd
else
cp $BASE_DIR/elsa/contrib/searchd $INIT_DIR
fi
enable_service "searchd"
return $?
}
build_syslogng(){
# we already installed on FreeBSD
if [ "$DISTRO" = "freebsd" ]; then
grep "elsa_syslog-ng.conf" /usr/local/etc/syslog-ng.conf
if [ $? -eq 1 ]; then
# Copy the syslog-ng.conf
echo "Creating elsa_syslog-ng.conf"
if [ \! -f /etc/elsa_local_patterndb.xml ]; then
echo "" > /etc/elsa_local_patterndb.xml
fi
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "/usr/local/etc/elsa_syslog-ng.conf" &&
echo "@include \"elsa_syslog-ng.conf\"" >> /usr/local/etc/syslog-ng.conf &&
service syslog-ng restart
fi
return $?
fi
# Get and build syslog-ng
cd $TMP_DIR &&
curl -L "http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/$SYSLOG_VER/source/eventlog_$EVENTLOG_VER.tar.gz" > "eventlog_$EVENTLOG_VER.tar.gz" &&
tar xzvf "eventlog_$EVENTLOG_VER.tar.gz" &&
cd "eventlog-$EVENTLOG_VER" &&
./configure && make && make install &&
echo "/usr/local/lib" >> /etc/ld.so.conf
if [ -d /usr/lib64/pkgconfig ]; then
ln -fs "$BASE_DIR/lib/pkgconfig/eventlog.pc" /usr/lib64/pkgconfig/
fi
if [ -d /usr/lib/pkgconfig ]; then
ln -fs "$BASE_DIR/lib/pkgconfig/eventlog.pc" /usr/lib/pkgconfig/
fi
ldconfig &&
cd $TMP_DIR &&
curl -L "http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/$SYSLOG_VER/source/syslog-ng_$SYSLOG_VER.tar.gz" > "syslog-ng_$SYSLOG_VER.tar.gz" &&
tar xzvf "syslog-ng_$SYSLOG_VER.tar.gz" &&
cd "syslog-ng-$SYSLOG_VER" &&
./configure "--prefix=$BASE_DIR/syslog-ng-$SYSLOG_VER" --enable-ipv6 &&
make && make install &&
ln -fs "$BASE_DIR/syslog-ng-$SYSLOG_VER" "$BASE_DIR/syslog-ng" &&
# Copy the syslog-ng.conf
#cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "$BASE_DIR/syslog-ng/etc/syslog-ng.conf" &&
set_syslogng_conf
mkdir -p "$BASE_DIR/syslog-ng/var" &&
cp $BASE_DIR/elsa/contrib/syslog-ng $INIT_DIR &&
enable_service "syslog-ng"
return $?
}
mk_node_dirs(){
# Make data directories on node
mkdir -p "$DATA_DIR/elsa/log" && mkdir -p "$DATA_DIR/elsa/tmp/buffers" &&
mkdir -p "$DATA_DIR/sphinx/log" && mkdir -p "$DATA_DIR/elsa/mysql" &&
chown -R $MYSQL_OS_USER "$DATA_DIR/elsa/mysql"
UPDATE_OK=$?
# Set apparmor settings if necessary
if [ -d /etc/apparmor.d/local ]; then
echo "Updating local apparmor config for MySQL dir $DATA_DIR/elsa/mysql/";
grep "$DATA_DIR/elsa/mysql/" /etc/apparmor.d/local/usr.sbin.mysqld;
if [ $? -ne 0 ]; then
echo "$DATA_DIR/elsa/mysql/ r," >> /etc/apparmor.d/local/usr.sbin.mysqld;
echo "$DATA_DIR/elsa/mysql/** rwk," >> /etc/apparmor.d/local/usr.sbin.mysqld;
sh /etc/init.d/apparmor reload
fi
elif [ -f /etc/apparmor.d/usr.sbin.mysqld ]; then
grep "$DATA_DIR/elsa/mysql/" /etc/apparmor.d/usr.sbin.mysqld;
if [ $? -ne 0 ]; then
echo "Updating apparmor config for MySQL dir $DATA_DIR/elsa/mysql/";
echo "/usr/sbin/mysqld {" >> /etc/apparmor.d/usr.sbin.mysqld;
echo " $DATA_DIR/elsa/mysql/ r," >> /etc/apparmor.d/usr.sbin.mysqld;
echo " $DATA_DIR/elsa/mysql/** rwk," >> /etc/apparmor.d/usr.sbin.mysqld;
echo "}" >> /etc/apparmor.d/usr.sbin.mysqld;
sh /etc/init.d/apparmor reload
else
echo "Apparmor already configured for MySQL";
fi
fi
if [ ! -p $DATA_DIR/elsa/tmp/realtime ]; then
mkfifo $DATA_DIR/elsa/tmp/realtime;
UPDATE_OK=$?
fi
# Anyone can send logs to this
chmod 666 $DATA_DIR/elsa/tmp/realtime;
if [ ! -p $DATA_DIR/elsa/tmp/import ]; then
mkfifo $DATA_DIR/elsa/tmp/import;
UPDATE_OK=$?
fi
# Anyone can send logs to this
chmod 666 $DATA_DIR/elsa/tmp/import;
# Set SELinux settings for the auxilliary MySQL dir if necessary
if [ -f /usr/sbin/selinuxenabled ]; then
if [ -f /usr/bin/chcon ]; then
chcon -R -t httpd_tmpfs_t $DATA_DIR/elsa/tmp
else
echo "WARNING: chcon SELinux utility not found!"
fi
fi
return $UPDATE_OK
}
allow_mysql_symbolic_links(){
# Check if we need to enable symbolic-link
MYCNF="/etc/my.cnf"
if [ $DISTRO = "ubuntu" ]; then
MYCNF="/etc/mysql/my.cnf"
fi
echo "Checking $MYCNF for symbolic-links=0"
grep -P "^symbolic-links=0" $MYCNF
if [ $? -eq 0 ]; then
echo "Removing symbolic-links=0 from $MYCNF"
cp $MYCNF $MYCNF.elsabak &&
cat $MYCNF.elsabak | grep -vP "^symbolic-links=0" > $MYCNF
if [ $DISTRO = "centos" ]; then
service mysqld restart
return $?
else
service mysql restart
return $?
fi
fi
return 0
}
set_node_mysql(){
# Test to see if schema is already installed
mysql -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_NODE_DB -e "select count(*) from programs" > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "MySQL and schema already installed."
return 0;
fi
allow_mysql_symbolic_links
# Install mysql schema
service $MYSQL_SERVICE_NAME start
# Set SELinux settings for the auxilliary MySQL dir if necessary
if [ -f /usr/sbin/selinuxenabled ]; then
if [ -f /usr/bin/chcon ]; then
chcon --reference=/var/lib/mysql -R "$DATA_DIR/elsa/mysql"
else
echo "WARNING: chcon SELinux utility not found!"
fi
fi
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e "INSTALL PLUGIN archive SONAME 'ha_archive.so'";
mysqladmin -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH create $MYSQL_NODE_DB && mysqladmin -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH create syslog_data &&
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e 'GRANT ALL ON syslog.* TO "'$MYSQL_USER'"@"localhost" IDENTIFIED BY "'$MYSQL_PASS'"' &&
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e 'GRANT ALL ON syslog.* TO "'$MYSQL_USER'"@"%" IDENTIFIED BY "'$MYSQL_PASS'"' &&
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e 'GRANT ALL ON syslog_data.* TO "'$MYSQL_USER'"@"localhost" IDENTIFIED BY "'$MYSQL_PASS'"' &&
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e 'GRANT ALL ON syslog_data.* TO "'$MYSQL_USER'"@"%" IDENTIFIED BY "'$MYSQL_PASS'"'
# Above could fail with db already exists, but this is the true test for success
mysql -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_NODE_DB -e "source $BASE_DIR/elsa/node/conf/schema.sql" &&
enable_service "$MYSQL_SERVICE_NAME"
return $?
}
update_node_mysql(){
allow_mysql_symbolic_links
# Set SELinux settings for the auxilliary MySQL dir if necessary
if [ -f /usr/sbin/selinuxenabled ]; then
if [ -f /usr/bin/chcon ]; then
chcon --reference=/var/lib/mysql -R "$DATA_DIR/elsa/mysql"
else
echo "WARNING: chcon SELinux utility not found!"
fi
fi
echo "Updating MySQL..."
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE buffers ADD COLUMN start INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE buffers ADD COLUMN end INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE buffers ADD COLUMN import_id INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE buffers CHANGE COLUMN pid pid INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE tables CHANGE COLUMN table_locked_by table_locked_by INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE indexes CHANGE COLUMN locked_by locked_by INT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE fields ADD UNIQUE KEY `field` (field, field_type)' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE indexes ADD COLUMN index_schema TEXT' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE indexes ADD COLUMN updated TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE indexes ADD INDEX `updated` (updated) `updated`' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("domain", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("share_name", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("share_path", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("share_target", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="eventid"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="srcip"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="source"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="user"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="domain"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="share_name"), 14)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="share_path"), 15)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="WINDOWS"), (SELECT id FROM fields WHERE field="share_target"), 15)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE IF NOT EXISTS host_stats (host_id INT UNSIGNED NOT NULL, class_id SMALLINT UNSIGNED NOT NULL, count MEDIUMINT UNSIGNED NOT NULL DEFAULT 0, timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (timestamp, host_id, class_id)) ENGINE=MyISAM;'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE IF NOT EXISTS livetail ( qid INT UNSIGNED NOT NULL PRIMARY KEY, query BLOB) ENGINE=InnoDB'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'DELETE FROM livetail';
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE IF NOT EXISTS livetail_results (qid INT UNSIGNED NOT NULL, `id` bigint unsigned NOT NULL PRIMARY KEY AUTO_INCREMENT, `timestamp` INT UNSIGNED NOT NULL DEFAULT 0, `host_id` INT UNSIGNED NOT NULL DEFAULT '1', `program_id` INT UNSIGNED NOT NULL DEFAULT '1', `class_id` SMALLINT unsigned NOT NULL DEFAULT '1', msg TEXT, i0 INT UNSIGNED, i1 INT UNSIGNED, i2 INT UNSIGNED, i3 INT UNSIGNED, i4 INT UNSIGNED, i5 INT UNSIGNED, s0 VARCHAR(255), s1 VARCHAR(255), s2 VARCHAR(255), s3 VARCHAR(255), s4 VARCHAR(255), s5 VARCHAR(255), FOREIGN KEY (qid) REFERENCES livetail (qid) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO table_types (id, table_type) VALUES (3, "import")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("pkts_in", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("pkts_out", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("bytes_in", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields (field, field_type, pattern_type) VALUES ("bytes_out", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="bytes_in"), 10)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="service"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="conn_duration"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="bytes_out"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="pkts_out"), 14)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_CONN"), (SELECT id FROM fields WHERE field="pkts_in"), 15)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE IF NOT EXISTS imports ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, name VARCHAR(255) NOT NULL, description VARCHAR(255) NOT NULL, datatype VARCHAR(255) NOT NULL, imported TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP) ENGINE=InnoDB'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'UPDATE fields SET field_type="INT", pattern_type="NUMBER" WHERE field="sig_priority"'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE IF NOT EXISTS uploads (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, client_ip INT UNSIGNED NOT NULL, count INT UNSIGNED NOT NULL, size BIGINT UNSIGNED NOT NULL, batch_time SMALLINT UNSIGNED NOT NULL, errors SMALLINT UNSIGNED NOT NULL, start INT UNSIGNED NOT NULL, end INT UNSIGNED NOT NULL, buffers_id INT UNSIGNED NOT NULL) ENGINE=InnoDB'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE imports ADD COLUMN first_id BIGINT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE imports ADD COLUMN last_id BIGINT UNSIGNED' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE imports ADD KEY `first_id` (first_id)' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE imports ADD KEY `last_id` (last_id)' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'DROP TABLE failed_buffers' > /dev/null 2>&1
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'CREATE TABLE failed_buffers (hash CHAR(32) NOT NULL PRIMARY KEY, dest VARCHAR(8000) NOT NULL, timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, args TEXT, pid INT UNSIGNED) ENGINE=InnoDB'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class, parent_id) VALUES(36, "VPN", 0)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="VPN"), (SELECT id FROM fields WHERE field="srcip"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="VPN"), (SELECT id FROM fields WHERE field="group"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="VPN"), (SELECT id FROM fields WHERE field="user"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class) VALUES(99, "ELSA_OPS")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("line_number", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("pid", "int", "NUMBER")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("priority", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("file", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="line_number"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="pid"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="priority"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="file"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="method"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ELSA_OPS"), (SELECT id FROM fields WHERE field="hostname"), 14)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class, parent_id) VALUES(37, "NAT", 0)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type, input_validation) VALUES ("srcip_nat", "int", "IPv4", "IPv4")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="proto"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="o_int"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="srcip"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="srcport"), 7)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="i_int"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="dstip"), 8)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="dstport"), 9)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="NAT"), (SELECT id FROM fields WHERE field="srcip_nat"), 10)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class, parent_id) VALUES(38, "FTP", 0)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="srcip"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="srcport"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="dstip"), 7)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="dstport"), 8)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="i_int"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="o_int"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="user"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="action"), 14)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="FTP"), (SELECT id FROM fields WHERE field="filename"), 15)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class, parent_id) VALUES(39, "CISCO_WARN", 0)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="proto"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="srcip"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="srcport"), 7)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="dstip"), 8)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="dstport"), 9)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="i_int"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="CISCO_WARN"), (SELECT id FROM fields WHERE field="o_int"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class) VALUES(98, "ELSA_UNPARSED")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class, parent_id) VALUES(40, "DHCP", 0)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("mac_address", "string", "QSTRING")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="DHCP"), (SELECT id FROM fields WHERE field="srcip"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="DHCP"), (SELECT id FROM fields WHERE field="mac_address"), 1)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="DHCP"), (SELECT id FROM fields WHERE field="domain"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="DHCP"), (SELECT id FROM fields WHERE field="hostname"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class) VALUES(41, "BRO_FILE")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="srcip"), 5)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="srcport"), 6)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="dstip"), 7)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="dstport"), 8)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="md5"), 11)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="site"), 12)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="BRO_FILE"), (SELECT id FROM fields WHERE field="uri"), 13)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("class", "int", "number")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("program", "int", "number")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'UPDATE fields_classes_map SET field_order=2 WHERE field_id=(SELECT id FROM fields WHERE field="program") AND class_id=(SELECT id FROM classes WHERE class="ANY")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ANY"), (SELECT id FROM fields WHERE field="program"), 2)'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map (class_id, field_id, field_order) VALUES ((SELECT id FROM classes WHERE class="ANY"), (SELECT id FROM fields WHERE field="class"), 3)'
# Fix earlier typo
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'UPDATE fields_classes_map SET field_order=11 WHERE field_order=1 AND field_id=(SELECT id FROM fields WHERE field="mac_address") AND class_id=(SELECT id FROM classes WHERE class="DHCP")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("protocol", "string", "QSTRING");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("sub_msg", "string", "QSTRING");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="notice_type"), 14);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'REPLACE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="notice_msg"), 15);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="mime_type"), 11);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="desc"), 12);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="protocol"), 13);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_NOTICE"), (SELECT id FROM fields WHERE field="sub_msg"), 16);'
# Bro files
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO classes (id, class) VALUES(54, "BRO_FILES")'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type, input_validation) VALUES ("txhosts", "int", "IPv4", "IPv4");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type, input_validation) VALUES ("rxhosts", "int", "IPv4", "IPv4");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("seen_bytes", "int", "NUMBER");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("missing_bytes", "int", "NUMBER");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields (field, field_type, pattern_type) VALUES ("sha1", "string", "QSTRING");'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="txhosts"), 5);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="rxhosts"), 6);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="seen_bytes"), 7);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="missing_bytes"), 8);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="source"), 11);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="mime_type"), 12);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="filename"), 13);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="conn_duration"), 14);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="md5"), 15);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'INSERT IGNORE INTO fields_classes_map(class_id, field_id, field_order) VALUES( (SELECT id FROM classes WHERE class="BRO_FILES"), (SELECT id FROM fields WHERE field="sha1"), 16);'
mysql -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH $MYSQL_NODE_DB -e 'ALTER TABLE uploads CHANGE COLUMN client_ip client_ip VARCHAR(255) NOT NULL'
return $?
}
set_syslogng_conf(){
echo "Updating syslog-ng.conf..."
mkdir -p /etc/elsa/patterns.d
cp $BASE_DIR/elsa/node/conf/patterndb.xml /etc/elsa/patterns.d/
if [ \! -f /etc/elsa/patterns.d/local_patterndb.xml ]; then
echo "" > /etc/elsa/patterns.d/local_patterndb.xml
fi
# Copy any individual patterns
if [ -d $BASE_DIR/elsa/node/conf/patterns ]; then
cp $BASE_DIR/elsa/node/conf/patterns/* /etc/elsa/patterns.d/
fi
# Merge stock patterndb.xml with elsa_local_patterndb.xml
$BASE_DIR/syslog-ng/bin/pdbtool merge -p $BASE_DIR/elsa/node/conf/merged.xml -r -D /etc/elsa/patterns.d
# Test
$BASE_DIR/syslog-ng/bin/pdbtool test $BASE_DIR/elsa/node/conf/merged.xml
if [ $? -eq 1 ]; then
echo "Error in merged patterndb"
return 1
fi
# Copy the syslog-ng.conf
if [ -f $LOCAL_SYSLOG_CONF ]; then
echo "Including syslog-ng.conf include file located at $LOCAL_SYSLOG_CONF"
# Set unparsed logging destination if we're not using local
if [ "$FILTER_UNPARSED" = "1" ]; then
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" | sed -e "s|###FILTER_UNPARSED###||" | sed -e "s|###INCLUDE_PLACEHOLDER###|include $LOCAL_SYSLOG_CONF\;|" > "$BASE_DIR/syslog-ng/etc/syslog-ng.conf"
else
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" | sed -e "s|###INCLUDE_PLACEHOLDER###|include $LOCAL_SYSLOG_CONF\;|" > "$BASE_DIR/syslog-ng/etc/syslog-ng.conf"
fi
elif [ "$USE_LOCAL_SYSLOG_CONF" = "1" ]; then
echo "Not overwriting local syslog-ng.conf, all changes must be manually applied."
else
if [ "$FILTER_UNPARSED" = "1" ]; then
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" | sed -e "s|###FILTER_UNPARSED###||" > "$BASE_DIR/syslog-ng/etc/syslog-ng.conf"
else
cat "$BASE_DIR/elsa/node/conf/syslog-ng.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > "$BASE_DIR/syslog-ng/etc/syslog-ng.conf"
fi
fi
return $?
}
init_elsa(){
# Copy elsa.conf to /etc/
cat "$BASE_DIR/elsa/node/conf/elsa.conf" | sed -e "s/biglog/$MYSQL_PASS/g" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/elsa_node.conf &&
# Run elsa.pl for initial creation of sphinx config
echo "" | perl "$BASE_DIR/elsa/node/elsa.pl" -on -c /etc/elsa_node.conf &&
# Initialize empty sphinx indexes
"$BASE_DIR/sphinx/bin/indexer" --config "$BASE_DIR/etc/sphinx.conf" --rotate --all &&
# Start sphinx
service searchd restart &&
# Start syslog-ng using the ELSA config
service syslog-ng restart &&
pgrep -f "elsa.pl" &&
# Sleep to allow ELSA to initialize and validate its directory
echo "Sleeping for 60 seconds to allow ELSA to init..."
sleep 60
return $?
}
restart_elsa(){
service syslog-ng restart
service searchd restart
pgrep -f "elsa.pl" && pgrep searchd
return $?
}
test_elsa(){
# Test
echo "Sending test log messages..."
if [ "$DISTRO" = "freebsd" ]; then
loggen -Di -I 1 127.0.0.1 514
else
"$BASE_DIR/syslog-ng/bin/loggen" -Di -I 1 127.0.0.1 514
fi
# Sleep to allow ELSA to initialize and validate its directory
echo "Sleeping for 60 seconds to allow ELSA to load batch..."
sleep 60
perl -le 'use lib $ARGV[0]; use Log::Log4perl; use Indexer; my $indexer = new Indexer(config_file => "/etc/elsa_node.conf"); $indexer->load_buffers();' "$BASE_DIR/elsa/node"
# Watch the log file to make sure it's working (after wiping indexes you should see batches processed and rows indexed)
grep "Indexed temp_" "$DATA_DIR/elsa/log/node.log" | tail -1 | perl -e '$l = <>; $l =~ /Indexed temp_\d+ with (\d+)/; if ($1 > 1){ exit 0; } exit 1;'
return $?
}
set_logrotate(){
if [ -d /etc/logrotate.d ]; then
echo "$DATA_DIR/elsa/log/*log {
size 100M
create 640 $WEB_USER root
rotate 4
missingok
notifempty
compress
maxage 60
}" > /etc/logrotate.d/elsa
else
echo "WARNING: No /etc/logrotate.d directory not found, not installing ELSA utility log rotation"
fi
}
suse_get_web_packages(){
# Install required packages
zypper -n update
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
zypper -qn install git mysql-community-server-client libmysqlclient-devel
fi
zypper -qn install curl subversion make gcc gcc-c++ apache2-prefork apache2-mod_perl apache2-mod_perl-devel libexpat-devel perl-Module-Build krb5-devel
return $?
}
ubuntu_get_web_packages(){
apt-get update
# Make debconf noninteractive
echo "debconf debconf/frontend select noninteractive" | debconf-set-selections
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
apt-get -qy install mysql-client libmysqlclient-dev
fi
# Install required packages
apt-get -qy install git curl subversion gcc g++ apache2-mpm-prefork libapache2-mod-perl2 libpam0g-dev make libgeoip-dev libgeo-ip-perl libexpat1-dev libmodule-build-perl libauthen-pam-perl libkrb5-dev &&
# Make debconf interactive again
echo "debconf debconf/frontend select readline" | debconf-set-selections
return $?
}
centos_get_web_packages(){
yum -y update
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
yum -yq install mysql mysql-libs mysql-devel
fi
yum -yq install git curl subversion make gcc gcc-c++ httpd mod_perl pam-devel setools-console expat-devel perl-Module-Build policycoreutils-python krb5-devel perl-Module-Install perl-libwww-perl perl-CPAN perl-Test-Simple perl-ExtUtils-MakeMaker
return $?
}
freebsd_get_web_packages(){
cd /usr/ports/www/mod_perl2 && make install clean
if [ "$USE_LOCAL_MYSQL_PACKAGES" = 0 ]; then
pkg_add -vFr mysql55-client
fi
pkg_add -vFr subversion curl perl p5-App-cpanminus expat p5-Module-Build ap22-mod_perl2
RET=$?
# pkg_add will return 6 when packages were already present
if [ "$RET" -ne 0 ] && [ "$RET" -ne 6 ]; then
echo "retval was $RET"
return 1
fi
if [ ! -d "/usr/local/etc/$APACHE" ]; then
echo "Cannot find Apache conf dir in apache2 or apache22!"
return 0
fi
# Edit the load modules file to disable unique_id, as it causes problems when host does not have FQDN
cp /usr/local/etc/$APACHE/httpd.conf /usr/local/etc/$APACHE/httpd.conf.bak &&
cat /usr/local/etc/$APACHE/httpd.conf.bak | sed -e "s|LoadModule unique_id_module|#LoadModule unique_id_module|" > /usr/local/etc/$APACHE/httpd.conf &&
enable_service "$APACHE" &&
service $APACHE start
pgrep httpd
return $?
}
build_web_perl(){
# FreeBSD has trouble testing with the current version of ExtUtils
if [ "$DISTRO" = "freebsd" ]; then
cpanm -n ExtUtils::MakeMaker
fi
if [ "$DISTRO" = "centos" ]; then
# No test because of a bug in the CentOS-specific distro detection
cpanm -n Sys::Info
fi
# Now cpanm is available to install the rest
RETVAL=0
# Now cpanm is available to install the rest
for RETRY in 1 2 3; do
# Broken test in DBD::mysql
cpanm -n DBD::mysql
# Need a specific version of Ouch to not require Perl 5.12
cpanm Ouch@0.0403
# Installing specific version of Test::Simple@0.98 until this is resolved: https://rt.cpan.org/Public/Bug/Display.html?id=89473
cpanm Test::Simple@0.98
cpanm Time::Local Time::HiRes Moose JSON::XS Config::JSON Plack::Builder Plack::Util Plack::App::File Date::Manip Digest::SHA1 MIME::Base64 URI::Escape Socket Net::DNS Sys::Hostname::FQDN String::CRC32 CHI CHI::Driver::RawMemory Search::QueryParser AnyEvent::DBI DBD::mysql EV Sys::Info Sys::MemInfo MooseX::Traits Authen::Simple Authen::Simple::DBI Authen::Simple::LDAP Net::LDAP::Express Net::LDAP::FilterBuilder Plack::Middleware::CrossOrigin URI::Escape Module::Pluggable Module::Install PDF::API2::Simple XML::Writer Parse::Snort Spreadsheet::WriteExcel IO::String Mail::Internet Plack::Middleware::Static Log::Log4perl Email::LocalDelivery Plack::Session Sys::Info CHI::Driver::DBI Plack::Builder::Conditionals AnyEvent::HTTP URL::Encode MooseX::ClassAttribute MooseX::Log::Log4perl Authen::Simple::DBI Plack::Middleware::NoMultipleSlashes MooseX::Storage MooseX::Clone Data::Google::Visualization::DataSource Data::Google::Visualization::DataTable DateTime File::Slurp URI::Encode Search::QueryParser::SQL Module::Load::Conditional Authen::Simple::Kerberos Digest::MD5 Hash::Merge::Simple Digest::SHA Archive::Extract Apache::Admin::Config Text::CSV Log::Log4perl::Appender::Socket::UNIX Plack::Middleware::XForwardedFor Try::Tiny Data::Serializable
RETVAL=$?
if [ "$RETVAL" = 0 ]; then
break;
fi
echo "Retry $RETRY"
done
echo "Retrieving GeoIP databases..."
if [ ! -f "$GEOIP_DIR/GeoIPCity.dat" ]; then
if [ ! -f "$TMP_DIR/GeoLiteCity.dat.gz" ]; then
curl -L "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz" > $TMP_DIR/GeoLiteCity.dat.gz
fi
mkdir -p $GEOIP_DIR &&
gunzip -f $TMP_DIR/GeoLiteCity.dat.gz &&
cp $TMP_DIR/GeoLiteCity.dat $GEOIP_DIR/GeoIPCity.dat
fi
if [ ! -f "$GEOIP_DIR/GeoIP.dat" ]; then
if [ ! -f "$TMP_DIR/GeoIP.dat.gz" ]; then
curl -L "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" > $TMP_DIR/GeoIP.dat.gz
fi
gunzip -f $TMP_DIR/GeoIP.dat.gz &&
cp $TMP_DIR/GeoIP.dat $GEOIP_DIR/
fi
echo "...done."
if [ "$DISTRO" = "ubuntu" ]; then
# C API was installed already, proceed normally
#cpanm Geo::IP
echo "C API installed already via apt-get"
else
echo "Using slower pure-Perl GeoIP library, install GeoIP C library for faster version"
curl -L "http://search.cpan.org/CPAN/authors/id/B/BO/BORISZ/Geo-IP-1.40.tar.gz" > $TMP_DIR/Geo-IP-1.40.tar.gz &&
cd $TMP_DIR && tar xzvf Geo-IP-1.40.tar.gz && cd Geo-IP-1.40 &&
perl Makefile.PL PP=1 && make && make test && make install
fi
return $RETVAL
}
set_web_mysql(){
# Test to see if schema is already installed
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "select count(*) from users"
if [ $? -eq 0 ]; then
echo "MySQL and schema already installed."
return 0;
fi
# Install mysql schema
mysqladmin "-h$MYSQL_HOST" "-P$MYSQL_PORT" -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH create $MYSQL_DB &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e "GRANT ALL ON $MYSQL_DB.* TO \"$MYSQL_USER\"@\"localhost\" IDENTIFIED BY \"$MYSQL_PASS\"" &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" -u$MYSQL_ROOT_USER $MYSQL_PASS_SWITCH -e "GRANT ALL ON $MYSQL_DB.* TO \"$MYSQL_USER\"@\"%\" IDENTIFIED BY \"$MYSQL_PASS\"" &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "source $BASE_DIR/elsa/web/conf/meta_db_schema.mysql"
return $?
}
update_web_mysql(){
echo "Updating web MySQL, please ignore any errors for this section..."
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_schedule DROP COLUMN action_params' > /dev/null 2>&1 &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_schedule DROP FOREIGN KEY `query_schedule_ibfk_2`' > /dev/null 2>&1 &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_schedule DROP COLUMN action_id' > /dev/null 2>&1 &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_schedule ADD COLUMN connector VARCHAR(255)' > /dev/null 2>&1 &&
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_schedule ADD COLUMN params VARCHAR(8000)' > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_log ADD KEY `archive` (archive)' > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e 'ALTER TABLE query_log ADD COLUMN pid SMALLINT UNSIGNED' > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "
CREATE TABLE IF NOT EXISTS dashboards (
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
uid INT UNSIGNED NOT NULL,
title VARCHAR(255),
alias VARCHAR(255),
auth_required TINYINT UNSIGNED NOT NULL DEFAULT 1,
FOREIGN KEY (uid) REFERENCES users (uid),
UNIQUE KEY (uid, alias)
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS dashboard_auth (
dashboard_id INT UNSIGNED NOT NULL,
gid INT UNSIGNED NOT NULL,
PRIMARY KEY (dashboard_id, gid),
FOREIGN KEY (dashboard_id) REFERENCES dashboards (id) ON DELETE CASCADE ON UPDATE CASCADE,
FOREIGN KEY (gid) REFERENCES groups (gid) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS charts (
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
uid INT UNSIGNED NOT NULL,
type VARCHAR(255),
options TEXT,
FOREIGN KEY (uid) REFERENCES users (uid) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS chart_queries (
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
chart_id INT UNSIGNED NOT NULL,
label VARCHAR(255),
query VARCHAR(8000) NOT NULL,
FOREIGN KEY (chart_id) REFERENCES charts (id) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB;
CREATE TABLE IF NOT EXISTS dashboards_charts_map (
dashboard_id INT UNSIGNED NOT NULL,
chart_id INT UNSIGNED NOT NULL,
x TINYINT UNSIGNED NOT NULL DEFAULT 0,
y TINYINT UNSIGNED NOT NULL DEFAULT 0,
PRIMARY KEY (dashboard_id, chart_id),
FOREIGN KEY (dashboard_id) REFERENCES dashboards (id) ON DELETE CASCADE ON UPDATE CASCADE,
FOREIGN KEY (chart_id) REFERENCES charts (id) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB;
CREATE OR REPLACE VIEW v_dashboards AS
SELECT dashboards.id AS dashboard_id, dashboards.uid AS uid, dashboards.alias, username, dashboards.title AS dashboard_title,
charts.id AS chart_id, charts.type AS chart_type, chart_queries.id AS query_id, charts.options AS chart_options,
chart_queries.label AS label, chart_queries.query AS query, dashboards_charts_map.x AS x, dashboards_charts_map.y AS y,
dashboards.auth_required, dashboard_auth.gid, groups.groupname
FROM dashboards
LEFT JOIN dashboards_charts_map ON (dashboards.id=dashboards_charts_map.dashboard_id)
LEFT JOIN charts ON (charts.id=dashboards_charts_map.chart_id)
LEFT JOIN chart_queries ON (charts.id=chart_queries.chart_id)
JOIN users ON (dashboards.uid=users.uid)
LEFT JOIN dashboard_auth ON (dashboards.id=dashboard_auth.dashboard_id)
LEFT JOIN groups ON (dashboard_auth.gid=groups.gid);
CREATE TABLE IF NOT EXISTS foreign_queries (
qid INT UNSIGNED NOT NULL,
peer VARCHAR(255) NOT NULL,
foreign_qid INT UNSIGNED NOT NULL,
completed INT UNSIGNED,
PRIMARY KEY (qid, peer, foreign_qid),
FOREIGN KEY (qid) REFERENCES query_log (qid) ON DELETE CASCADE ON UPDATE CASCADE,
KEY (foreign_qid),
KEY(completed)
) ENGINE=InnoDB;
" > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "
CREATE TABLE IF NOT EXISTS preferences (
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
uid INT UNSIGNED NOT NULL,
type VARCHAR(255),
name VARCHAR(255),
value TEXT,
UNIQUE KEY (uid, type, name),
FOREIGN KEY (uid) REFERENCES users (uid) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB
" > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "ALTER TABLE users ADD COLUMN email VARCHAR(255)" > /dev/null 2>&1
mysql "-h$MYSQL_HOST" "-P$MYSQL_PORT" "-u$MYSQL_USER" "-p$MYSQL_PASS" $MYSQL_DB -e "ALTER TABLE users_groups_map DROP PRIMARY KEY, ADD PRIMARY KEY (uid, gid)" > /dev/null 2>&1
# The above can all fail for perfectly fine reasons
echo "Finished updating MySQL"
return 0
}
mk_web_dirs(){
# Copy elsa.conf to /etc/
cat "$BASE_DIR/elsa/web/conf/elsa.conf" | sed -e "s/biglog/$MYSQL_PASS/g" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/elsa_web.conf
# Make data directories on node
mkdir -p "$DATA_DIR/elsa/log" &&
touch "$DATA_DIR/elsa/log/web.log" &&
chown -R $WEB_USER "$DATA_DIR/elsa/log" &&
chown -R $WEB_USER "$DATA_DIR/elsa/tmp/buffers"
return $?
}
set_version(){
# set ELSA version
if [ "$VERSION" = "HEAD" ]; then
svn info http://enterprise-log-search-and-archive.googlecode.com/svn/ | grep "Last Changed" | sed -e "s/Last Changed //g" | perl -e 'use Config::JSON; my $c = new Config::JSON("/etc/elsa_web.conf") or die($!); while(<>){ chomp; my ($k,$v) = split(/:/, $_, 2); next unless $k and $v; $c->set("version/$k", $v); } $c->write;'
else
echo "revision:$VERSION" | perl -e 'use Config::JSON; my $c = new Config::JSON("/etc/elsa_web.conf") or die($!); while(<>){ chomp; my ($k,$v) = split(/:/, $_, 2); next unless $k and $v; $c->set("version/$k", $v); } $c->write;'
fi
$BASE_DIR/sphinx/bin/searchd --help | head -1 | perl -e 'use Config::JSON; my $c = new Config::JSON("/etc/elsa_web.conf") or die($!); while(<>){ chomp; exit unless $_; $c->set("version/Sphinx", $_); } $c->write;'
}
suse_set_apache(){
# For Apache, locations vary, but this is the gist:
cpanm Plack::Handler::Apache2
if [ "$USE_LOCAL_APACHE_CONF" = "1" ]; then
echo "Not changing apache.conf, using local version"
else
cat "$BASE_DIR/elsa/web/conf/apache_site.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/apache2/vhosts.d/elsa.conf
fi
# Allow firewall port for apache web server
#echo "opening firewall port 80" &&
#cp /etc/sysconfig/SuSEfirewall2 /etc/sysconfig/SuSEfirewall2.bak_by_elsa &&
#cat /etc/sysconfig/SuSEfirewall2.bak_by_elsa | sed -e "s|FW_CONFIGURATIONS_EXT=\"|FW_CONFIGURATIONS_EXT=\"apache2 |" > /etc/sysconfig/SuSEfirewall2 &&
#SuSEfirewall2 &&
# Enable the site
a2enmod rewrite &&
a2enmod perl &&
echo "LoadModule perl_module /usr/lib/apache2/mod_perl.so" >> /etc/apache2/sysconfig.d/loadmodule.conf &&
# Verify that we can write to logs
chown -R $WEB_USER "$DATA_DIR/elsa/log" &&
# Ensure that Apache has the right prefork settings
APACHE_CONF="/etc/apache2/server-tuning.conf"
cp $APACHE_CONF "$APACHE_CONF.elsabak"
set_apache_tuning $APACHE_CONF "mpm_prefork_module";
service apache2 restart
enable_service "apache2"
return $?
}
ubuntu_set_apache(){
# For Apache, locations vary, but this is the gist:
cat "$BASE_DIR/elsa/web/conf/startup.pl" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/apache2/elsa_startup.pl
if [ ! -f /etc/apache2/mods-available/perl.conf ]; then
echo "PerlPostConfigRequire /etc/apache2/elsa_startup.pl" > /etc/apache2/mods-available/perl.conf;
else
grep elsa_startup.pl /etc/apache2/mods-available/perl.conf
if [ $? -ne 0 ]; then
echo "PerlPostConfigRequire /etc/apache2/elsa_startup.pl" >> /etc/apache2/mods-available/perl.conf;
fi
fi
cpanm Plack::Handler::Apache2
if [ "$USE_LOCAL_APACHE_CONF" = "1" ]; then
echo "Not changing apache.conf, using local version"
else
cat "$BASE_DIR/elsa/web/conf/apache_site.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/apache2/sites-available/elsa.conf
fi
# Enable the site
a2enmod perl &&
a2enmod rewrite &&
a2ensite elsa
# Try to disable default sites, if applicable.
a2dissite default
a2dissite 000-default
chown -R $WEB_USER "$DATA_DIR/elsa/log"
# Ensure that Apache has the right prefork settings
APACHE_CONF="/etc/apache2/apache2.conf"
cp $APACHE_CONF "$APACHE_CONF.elsabak"
set_apache_tuning $APACHE_CONF "mpm_prefork_module";
service apache2 restart
enable_service "apache2"
return $?
}
set_apache_tuning(){
FILE=$1
MODULE=$2
perl -le 'use Apache::Admin::Config; my $ap = new Apache::Admin::Config("$ARGV[0]"); my @ar = $ap->select(-name => "IfModule", -value => "$MODULE"); use Data::Dumper; $ar[0]->directive("MaxRequestsPerChild")->set_value(2); $ap->save();' $FILE
}
centos_set_apache(){
# For Apache, locations vary, but this is the gist:
cat "$BASE_DIR/elsa/web/conf/startup.pl" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/httpd/conf/elsa_startup.pl
grep elsa_startup.pl /etc/httpd/conf.d/perl.conf
if [ $? -ne 0 ]; then
echo "PerlPostConfigRequire /etc/httpd/conf/elsa_startup.pl" >> /etc/httpd/conf.d/perl.conf;
fi
cpanm Plack::Handler::Apache2
if [ "$USE_LOCAL_APACHE_CONF" = "1" ]; then
echo "Not changing apache.conf, using local version"
else
cat "$BASE_DIR/elsa/web/conf/apache_site.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /etc/httpd/conf.d/ZZelsa.conf
fi
# Verify that we can write to logs
chown -R $WEB_USER "$DATA_DIR/elsa/log"
if [ -f /usr/sbin/selinuxenabled ]; then
echo "Enabling SELINUX policies for Apache..."
chcon --reference=/var/log/httpd -R "$DATA_DIR/elsa/log"
chcon --reference=/tmp -R "$DATA_DIR/elsa/tmp"
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_network_connect_db on
semanage fcontext -a -t httpd_log_t "$DATA_DIR(/.*)?" &&
semanage fcontext -a -t httpd_tmpfs_t "$DATA_DIR/elsa/tmp(/.*)?" &&
restorecon -r -v $DATA_DIR &&
echo "type=AVC msg=audit(1367598968.391:231376): avc: denied { sendto } for pid=20032 comm="httpd" path="/data/elsa/tmp/ops" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_dgram_socket" | audit2allow -M write_to_socket && semodule -i write_to_socket.pp
chcon --reference=/var/lib/mysql -R "$DATA_DIR/elsa/mysql"
fi
# Ensure that Apache has the right prefork settings
APACHE_CONF="/etc/httpd/conf/httpd.conf"
cp $APACHE_CONF "$APACHE_CONF.elsabak"
set_apache_tuning $APACHE_CONF "prefork.c";
service httpd restart
enable_service "httpd"
# Set firewall
#echo "opening firewall port 80" &&
#cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak.elsa &&
#cat /etc/sysconfig/iptables.bak.elsa | sed -e "s|-A INPUT -i lo -j ACCEPT|-A INPUT -i lo -j ACCEPT\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT|" > /etc/sysconfig/iptables &&
#service iptables restart
return $?
}
freebsd_set_apache(){
# For Apache, locations vary, but this is the gist:
APACHE="apache2"
if [ ! -d "/usr/local/etc/$APACHE" ]; then
APACHE="apache22";
fi
if [ ! -d "/usr/local/etc/$APACHE" ]; then
echo "Cannot find Apache conf dir in apache2 or apache22!"
return 0
fi
egrep "^LoadModule perl_module" /usr/local/etc/$APACHE/httpd.conf
if [ $? -ne 0 ]; then
echo "Enabling mod_perl"
echo "LoadModule perl_module libexec/$APACHE/mod_perl.so" >> /usr/local/etc/$APACHE/httpd.conf
fi
cpanm Plack::Handler::Apache2
if [ "$USE_LOCAL_APACHE_CONF" = "1" ]; then
echo "Not changing apache.conf, using local version"
else
cat "$BASE_DIR/elsa/web/conf/apache_site.conf" | sed -e "s|\/usr\/local|$BASE_DIR|g" | sed -e "s|\/data|$DATA_DIR|g" > /usr/local/etc/$APACHE/Includes/elsa.conf
fi
chown -R $WEB_USER "$DATA_DIR/elsa/log"
# Ensure that Apache has the right prefork settings
APACHE_CONF="/usr/local/etc/apache22/httpd.conf"
cp $APACHE_CONF "$APACHE_CONF.elsabak"
set_apache_tuning $APACHE_CONF "mpm_prefork_module";
service $APACHE restart
return $?
}
set_cron(){
# Setup alerts (optional)
echo "Adding cron entry for alerts..."
# Edit /etc/elsa_web.conf and set the "smtp_server" and "to" fields under "email"
grep "elsa/web/cron.pl" $CRONTAB_DIR/root
if [ $? -eq 0 ]; then
echo "Cron already installed"
return 0;
fi
echo "* * * * * perl $BASE_DIR/elsa/web/cron.pl -c /etc/elsa_web.conf > /dev/null 2>&1" >> $CRONTAB_DIR/root &&
chmod 600 $CRONTAB_DIR/root &&
service $CRON_SERVICE restart
return $?
}
check_svn_proxy(){
if [ "$http_proxy" != "" ] || [ "$https_proxy" != "" ]; then
echo "http_proxy set, verifying subversion is setup accordingly..."
grep "http-proxy-host" /etc/subversion/servers | grep -v "#"
if [ $? -eq 1 ]; then
echo "ERROR: Please set the proxy settings in /etc/subversion/servers before continuing"
return 1
fi
if [ "$https_proxy" == "" ]; then
echo "ERROR: Please set the $https_proxy environment variable"
return 1
fi
fi
return 0
}
exec_func(){
RETVAL=1
FUNCTION=$1
echo "Executing $FUNCTION"
$FUNCTION
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo "$FUNCTION success"
else
echo "$FUNCTION FAIL" && exit
fi
}
restart_apache(){
service $APACHE restart
}
check_web_installed(){
if [ -f /etc/elsa_web.conf ]; then
echo "Found /etc/elsa_web.conf, which means ELSA is already installed. Won't install over an existing installation, use update instead. To force a re-installation, move or delete /etc/elsa_web.conf"
exit;
fi
}
validate_config(){
perl $BASE_DIR/elsa/contrib/validate_config.pl
return $?
}
if [ "$INSTALL" = "node" ]; then
if [ "$OP" = "ALL" ]; then
for FUNCTION in "check_node_installed" $DISTRO"_get_node_packages" "set_date" "check_svn_proxy" "get_elsa_from_github" "get_cpanm" "build_node_perl" "mk_node_dirs" "build_sphinx" "build_syslogng" "set_syslogng_conf" "set_node_mysql" "init_elsa" "test_elsa" "set_logrotate" "validate_config" ; do
exec_func $FUNCTION
done
elif [ "$OP" = "update" ]; then
for FUNCTION in $DISTRO"_get_node_packages" "set_date" "check_svn_proxy" "get_elsa_from_github" "build_node_perl" "mk_node_dirs" "update_node_mysql" "set_syslogng_conf" "validate_config" "restart_elsa"; do
exec_func $FUNCTION
done
else
exec_func $OP
fi
elif [ "$INSTALL" = "web" ]; then
if [ "$OP" = "ALL" ]; then
for FUNCTION in "check_web_installed" $DISTRO"_get_web_packages" "set_date" "check_svn_proxy" "get_elsa_from_github" "get_cpanm" "build_web_perl" "set_web_mysql" "mk_web_dirs" $DISTRO"_set_apache" "set_cron" "set_logrotate" "set_version" "validate_config" ; do
exec_func $FUNCTION
done
elif [ "$OP" = "update" ]; then
for FUNCTION in $DISTRO"_get_web_packages" "set_date" "check_svn_proxy" "get_elsa_from_github" "build_web_perl" "update_web_mysql" "set_version" "validate_config" $DISTRO"_set_apache"; do
exec_func $FUNCTION
done
else
exec_func $OP
fi
fi
echo "!!!!!! IMPORTANT !!!!!!!!!"
echo "Do not edit this file, edit /etc/elsa_vars.sh if you need to make any changes."
echo "If you have a host-based firewall like IPTables running, remember to allow ports 80 (and/or 443) for the web server and ports 514 (syslog), 3306 (MySQL), and 9306 (Sphinx) for log nodes"