org.jwall
Class Collector

java.lang.Object
  extended by org.jwall.Collector

public class Collector
extends java.lang.Object

This is a small collector-tool that listens for events from the ModSecurity audit-engine and sends them back to a running ModSecurity Console. The tool is given a property-file on startup. This property-file needs to be setup with the host, port and auth-data of the console that you want to feed events to. A typical property-file for reading events from a concurrent audit-source looks like this:

   org.modsecurity.console.host=webserver.example.com
   org.modsecurity.console.port=8886
   org.modsecurity.console.user=test
   org.modsecurity.console.pass=sensor
   org.modsecurity.collector.concurrent-log=/var/log/apache2/audit
   org.modsecurity.collector.concurrent-index=/var/log/apache2/audit/index
 
This will create a collector that expects all events to be written to unique-files below the directory /var/log/apache2/audit and an index written to /var/log/apache2/audit/index. The events that are read from this place will be sent to a console running on webserver.example.com at port 8886. It will authenticate to the console using the login test and password sensor. These properties can also be given to the collector tool on the commandline:
    java -Dorg.modsecurity.console.host=webserver.example.com
         -Dorg.modsecurity.console.port=8886
         -Dorg.modsecurity.console.user=test
         ...
 

Author:
Christian Bockermann <chris@jwall.org>

Field Summary
static boolean DEBUG
          This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline
 
Constructor Summary
Collector()
           
 
Method Summary
static boolean checkProperties(java.io.File pf)
          This method checks all the properties, found in the given file pf.
static AuditEventReader createAuditEventReader()
          This method is used to create an AuditEventReader that is Bsed as the event-source.
static void main(java.lang.String[] args)
          This is the entrypoint for the Collector-tool.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEBUG

public static final boolean DEBUG
This field enables debug-mode by specifying -Dorg.modsecurity.Collector.DEBUG=1 on the commandline

Constructor Detail

Collector

public Collector()
Method Detail

createAuditEventReader

public static AuditEventReader createAuditEventReader()
                                               throws java.lang.Exception
This method is used to create an AuditEventReader that is Bsed as the event-source. Based on the properties set, it will return an instance that implements the AuditEventReader-interface, like ConcurrentAuditReader or ModSecurity2AuditReader.

Returns:
An instance that implements the AuditEventReader-interface.
Throws:
java.lang.Exception - In case an error occurs or no properties have been set.

checkProperties

public static boolean checkProperties(java.io.File pf)
                               throws java.lang.Exception
This method checks all the properties, found in the given file pf. If the file does not conform to a java-property file or does not contain the required properties, then false is returned. If the file is null, cannot be read or any other error occurs while reading the file, an exception will be thrown. The method returns true, iff all required properties are set within the file.

Parameters:
pf - The file to read properties from.
Returns:
true if all required properties are contained in the file.
Throws:
java.lang.Exception - In case any error occurs while accessing the file.

main

public static void main(java.lang.String[] args)
This is the entrypoint for the Collector-tool. It expects args[0] to be the name or path of a property-file containing information about the remote-console and the source to read audit-events from. If the file does not contains the desired information, the Collector will exit.

Parameters:
args - The commandline arguments.