felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): add the --since option.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-21 14:12:02 +01:00
parent 2bace01783
commit 7e09351f8f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 16 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

17
pkg/logs/loggers.go
View file

@ -63,9 +63,10 @@ func GetAuditLogs(path string) (io.Reader, error) {
}
// GetJournalctlLogs return a reader with the logs entries from Systemd
func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) {
func GetJournalctlLogs(path string, since string, useFile bool) (io.Reader, error) {
var logs []systemdLog
var stdout bytes.Buffer
var stderr bytes.Buffer
var scanner *bufio.Scanner
if useFile {
@ -77,14 +78,20 @@ func GetJournalctlLogs(path string, useFile bool) (io.Reader, error) {
} else {
// journalctl -b -o json -g apparmor -t kernel -t audit -t dbus-daemon --output-fields=MESSAGE > systemd.log
args := []string{
"--boot", "--grep=apparmor",
"--identifier=kernel", "--identifier=audit", "--identifier=dbus-daemon",
"--grep=apparmor", "--identifier=kernel",
"--identifier=audit", "--identifier=dbus-daemon",
"--output=json", "--output-fields=MESSAGE",
}
if since == "" {
args = append(args, "--boot")
} else {
args = append(args, "--since="+since)
}
cmd := exec.Command("journalctl", args...)
cmd.Stdout = &stdout
if err := cmd.Run(); err != nil {
return nil, err
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil && stderr.Len() != 0 {
return nil, fmt.Errorf("journalctl: %s", stderr.String())
}
scanner = bufio.NewScanner(&stdout)
}