/src/osquery/plugins/numeric_monitoring/filesystem.cpp

Source (jump to first uncovered line)
/**
 * Copyright (c) 2014-present, The osquery authors
 *
 * This source code is licensed as defined by the LICENSE file found in the
 * root directory of this source tree.
 *
 * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
 */

#include <boost/format.hpp>

#include <osquery/core/flags.h>
#include <osquery/registry/registry_factory.h>
#include <osquery/utils/config/default_paths.h>
#include <plugins/numeric_monitoring/filesystem.h>

namespace fs = boost::filesystem;

namespace osquery {

FLAG(string,
     numeric_monitoring_filesystem_path,
     OSQUERY_LOG_HOME "numeric_monitoring.log",
     "File to dump numeric monitoring records one per line. "
     "The format of the line is <PATH><TAB><VALUE><TAB><TIMESTAMP>.");

REGISTER(NumericMonitoringFilesystemPlugin,
         monitoring::registryName(),
         "filesystem");

NumericMonitoringFilesystemPlugin::NumericMonitoringFilesystemPlugin()
    : NumericMonitoringFilesystemPlugin(
          FLAGS_numeric_monitoring_filesystem_path) {}

NumericMonitoringFilesystemPlugin::NumericMonitoringFilesystemPlugin(
    fs::path log_file_path
)
  : line_format_{
      monitoring::recordKeys().path,
      monitoring::recordKeys().value,
      monitoring::recordKeys().timestamp,
      monitoring::recordKeys().sync,
  }
  , separator_{'\t'}
  , log_file_path_(
      std::move(log_file_path)
  )
{
}

Status NumericMonitoringFilesystemPlugin::formTheLine(
    std::string& line, const PluginRequest& request) const {
  for (const auto& key : line_format_) {
    auto it = request.find(key);
    if (it == request.end()) {
      return Status(1, "Missing mandatory request field " + key);
    }
    line.append(it->second).push_back(separator_);
  }
  // remove last separator
  line.pop_back();
  return Status();
}

Status NumericMonitoringFilesystemPlugin::call(const PluginRequest& request,
                                               PluginResponse& response) {
  if (!isSetUp()) {
    return Status(1, "NumericMonitoringFilesystemPlugin is not set up");
  }
  auto line = std::string{};
  auto status = formTheLine(line, request);
  if (status.ok()) {
    std::unique_lock<std::mutex> lock(output_file_mutex_);
    output_file_stream_ << line << std::endl;
  }
  return status;
}

Status NumericMonitoringFilesystemPlugin::setUp() {
  output_file_stream_.open(log_file_path_.native(),
                           std::ios::out | std::ios::app | std::ios::binary);
  if (!output_file_stream_.is_open()) {
    return Status(
        1,
        boost::str(boost::format(
                       "Could not open file %s for numeric monitoring logs") %
                   log_file_path_));
  }
  return Status();
}

bool NumericMonitoringFilesystemPlugin::isSetUp() const {
  return output_file_stream_.is_open();
}

} // namespace osquery

Line	Count	Source (jump to first uncovered line)
1		/**
2		* Copyright (c) 2014-present, The osquery authors
3		*
4		* This source code is licensed as defined by the LICENSE file found in the
5		* root directory of this source tree.
6		*
7		* SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
8		*/
9
10		#include <boost/format.hpp>
11
12		#include <osquery/core/flags.h>
13		#include <osquery/registry/registry_factory.h>
14		#include <osquery/utils/config/default_paths.h>
15		#include <plugins/numeric_monitoring/filesystem.h>
16
17		namespace fs = boost::filesystem;
18
19		namespace osquery {
20
21		FLAG(string,
22		numeric_monitoring_filesystem_path,
23		OSQUERY_LOG_HOME "numeric_monitoring.log",
24		"File to dump numeric monitoring records one per line. "
25		"The format of the line is <PATH><TAB><VALUE><TAB><TIMESTAMP>.");
26
27		REGISTER(NumericMonitoringFilesystemPlugin,
28		monitoring::registryName(),
29		"filesystem");
30
31		NumericMonitoringFilesystemPlugin::NumericMonitoringFilesystemPlugin()
32	2	: NumericMonitoringFilesystemPlugin(
33	2	FLAGS_numeric_monitoring_filesystem_path) {}
34
35		NumericMonitoringFilesystemPlugin::NumericMonitoringFilesystemPlugin(
36		fs::path log_file_path
37		)
38	2	: line_format_{
39	2	monitoring::recordKeys().path,
40	2	monitoring::recordKeys().value,
41	2	monitoring::recordKeys().timestamp,
42	2	monitoring::recordKeys().sync,
43	2	}
44	2	, separator_{'\t'}
45	2	, log_file_path_(
46	2	std::move(log_file_path)
47	2	)
48	2	{
49	2	}
50
51		Status NumericMonitoringFilesystemPlugin::formTheLine(
52	0	std::string& line, const PluginRequest& request) const {
53	0	for (const auto& key : line_format_) {
54	0	auto it = request.find(key);
55	0	if (it == request.end()) {
56	0	return Status(1, "Missing mandatory request field " + key);
57	0	}
58	0	line.append(it->second).push_back(separator_);
59	0	}
60		// remove last separator
61	0	line.pop_back();
62	0	return Status();
63	0	}
64
65		Status NumericMonitoringFilesystemPlugin::call(const PluginRequest& request,
66	0	PluginResponse& response) {
67	0	if (!isSetUp()) {
68	0	return Status(1, "NumericMonitoringFilesystemPlugin is not set up");
69	0	}
70	0	auto line = std::string{};
71	0	auto status = formTheLine(line, request);
72	0	if (status.ok()) {
73	0	std::unique_lock<std::mutex> lock(output_file_mutex_);
74	0	output_file_stream_ << line << std::endl;
75	0	}
76	0	return status;
77	0	}
78
79	0	Status NumericMonitoringFilesystemPlugin::setUp() {
80	0	output_file_stream_.open(log_file_path_.native(),
81	0	std::ios::out \| std::ios::app \| std::ios::binary);
82	0	if (!output_file_stream_.is_open()) {
83	0	return Status(
84	0	1,
85	0	boost::str(boost::format(
86	0	"Could not open file %s for numeric monitoring logs") %
87	0	log_file_path_));
88	0	}
89	0	return Status();
90	0	}
91
92	0	bool NumericMonitoringFilesystemPlugin::isSetUp() const {
93	0	return output_file_stream_.is_open();
94	0	}
95
96		} // namespace osquery

Coverage Report

Created: 2025-08-05 08:11