1. 06 Aug, 2020 2 commits
    • Martin Prudek's avatar
      Release 3.2.1 · 60755da7
      Martin Prudek authored
      Fixed
      * Crash caused by wrong default logrotate config file location
      60755da7
    • Martin Prudek's avatar
      argparser: Fix default location of logrotate conf · f01b161e
      Martin Prudek authored
      The wrong default location cause error producing error log:
      ```
      root@turris-test:~# sentinel-nikola
      error: cannot stat /etc/logrotate.d/iptables: No such file or directory
      Exception thrown: Command '('/usr/sbin/logrotate', '-f',
      '/etc/logrotate.d/iptables')' returned non-zero exit status 1.
      Exception traceback: [<FrameSummary file
      /usr/lib/python3.7/site-packages/sentinel_nikola/__main__.py, line 65 in main>,
      <FrameSummary file /usr/lib/python3.7/site-packages/sentinel_nikola/__main__.py,
      line 94 in rotate_syslog_file>, <FrameSummary file
      /usr/lib/python3.7/subprocess.py, line 411 in check_output>, <FrameSummary file
      /usr/lib/python3.7/subprocess.py, line 512 in run>]
      ```
      It was possible to avoid the error - by using `-r` option:
      ```
      root@turris-test:~# sentinel-nikola -r /etc/logrotate.d/sentinel-nikola-iptables
      .conf
      ```
      f01b161e
  2. 04 Aug, 2020 4 commits
    • Karel Koci's avatar
      Sentinel Nikola release version 3.2.0 · a8cd5442
      Karel Koci authored
      Fixed
      * Crash when syslog-ng was restarted by Nikola and log was send to it by
        Nikola
      
      Changed
      * Executable renamed from `nikola` to `sentinel-nikola`
      * Python package renamed from `nikola` to `sentinel_nikola`
      * Cron now runs shell script that checks if EULA was approved as well as
        if Nikola is enabled before running it.
      * Syslog-ng now filters packets with DROP fate as well as REJECT
      a8cd5442
    • Karel Koci's avatar
      Fix crash because of unavailable /var/log because of syslog-ng restart · 7d9f4a4a
      Karel Koci authored
      Nikola restarts syslog as part of its execution. It runs logrotate that
      restarts syslog-ng service. It turns out that sometimes it takes
      syslog-ng some time to start again back up. Nikola immediatelly after
      this tries to send log to it (about time it took to rotate log). That
      fails if syslog-ng is not yet running.
      
      Solution here is to not even restart syslog and instead just reload it.
      Syslog-ng clearly can catch up on moved files and create new one. This
      is also suggested approach from syslog-ng's documentation about
      logrotate integration. It states that reload should be invoked but at
      the same time not saying that restart should not be used.
      
      Example crash log:
          Logrotate took 0.044638 seconds
          --- Logging error ---
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 934, in emit
          ConnectionRefusedError: [Errno 111] Connection refused
      
          During handling of the above exception, another exception occurred:
      
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 937, in emit
            File "/usr/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
          ConnectionRefusedError: [Errno 111] Connection refused
          Call stack:
            File "/usr/bin/nikola", line 11, in <module>
      	load_entry_point('nikola==3.1.0', 'console_scripts', 'nikola')()
            File "/usr/lib/python3.7/site-packages/nikola/__main__.py", line 69, in main
          Message: 'Syslog parsing took 0.092330 seconds'
          Arguments: ()
          Syslog parsing took 0.092330 seconds
          --- Logging error ---
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 934, in emit
          OSError: [Errno 9] Bad file descriptor
      
          During handling of the above exception, another exception occurred:
      
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 937, in emit
            File "/usr/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
          ConnectionRefusedError: [Errno 111] Connection refused
          Call stack:
            File "/usr/bin/nikola", line 11, in <module>
      	load_entry_point('nikola==3.1.0', 'console_scripts', 'nikola')()
            File "/usr/lib/python3.7/site-packages/nikola/__main__.py", line 74, in main
          Message: 'Records parsed: 120'
          Arguments: ()
          Records parsed: 120
          --- Logging error ---
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 934, in emit
          OSError: [Errno 9] Bad file descriptor
      
          During handling of the above exception, another exception occurred:
      
          Traceback (most recent call last):
            File "/usr/lib/python3.7/logging/handlers.py", line 937, in emit
            File "/usr/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
          ConnectionRefusedError: [Errno 111] Connection refused
          Call stack:
            File "/usr/bin/nikola", line 11, in <module>
      	load_entry_point('nikola==3.1.0', 'console_scripts', 'nikola')()
            File "/usr/lib/python3.7/site-packages/nikola/__main__.py", line 83, in main
            File "/usr/lib/python3.7/site-packages/nikola/__main__.py", line 111, in send_parsed
          Message: 'Sending records took 0.002729 seconds'
          Arguments: ()
          Sending records took 0.002729 seconds
      7d9f4a4a
    • Karel Koci's avatar
      conf/syslog-ng: record DROP packets as well as REJECT · e5002356
      Karel Koci authored
      We log and can process both terminal fates of packets so we should
      filter them to iptable log for nikola to read.
      e5002356
    • Karel Koci's avatar
      Rename to sentinel-nikola · 264ca5e7
      Karel Koci authored
      This Sentinel specific Nikola so we should name is as such.
      264ca5e7
  3. 26 Jun, 2020 1 commit
  4. 24 Jun, 2020 3 commits
  5. 10 Jun, 2020 5 commits
  6. 05 May, 2020 1 commit
  7. 28 Apr, 2020 8 commits
    • Karel Koci's avatar
      e6ea4ea2
    • Karel Koci's avatar
      Release 3.0.0 · 674e0e02
      Karel Koci authored
      674e0e02
    • Karel Koci's avatar
      syslog_parser: drop directions and send only input connection · 92198e67
      Karel Koci authored
      This was heavily discussed but we did not found out any usecase of
      logging blocked traffice leaving router. In most cases there are going
      to be no blocking rules for outgoing traffic so there are going to be no
      logs for it as well. It is also questionable what exactly we would see
      from such data.
      92198e67
    • Karel Koci's avatar
      Drop filtering of local addresses · 98f3fb70
      Karel Koci authored
      This can be done on server if required but it potentially throws away
      traffic in ISP's private ranges. It might be interesting to look in
      those private ranges as well.
      98f3fb70
    • Karel Koci's avatar
      Apply suggestion to conf/logrotate.d/iptables · 84181de0
      Karel Koci authored and Karel Koci's avatar Karel Koci committed
      84181de0
    • Karel Koci's avatar
      conf/logrotate: change to rotate hourly and restart syslog-ng · 4eff63bb
      Karel Koci authored and Karel Koci's avatar Karel Koci committed
      This now rotates log hourly. Cron calls nikola to rotate log every 15
      minutes. Hour is enough buffer and much better prevents problems if
      nikola fails to rotate log.
      
      It also restarts syslog-ng instead of truncating log.
      4eff63bb
    • Karel Koci's avatar
      Drop shell script to run nikola · 669d309a
      Karel Koci authored and Karel Koci's avatar Karel Koci committed
      This instead now runs python directly.
      
      All arguments set in script are default values in argument parser. This
      means that script was just duplicating them.
      
      This also changes default behavior to not use random sleep. The option
      -n and --now are preserved but effectivelly only --random-sleep has some
      effect and that is enablement of random sleep. This means that cron now
      uses that argument.
      669d309a
    • Karel Koci's avatar
      Remove unnecessary info and fix syslog-ng config · 0ee8022e
      Karel Koci authored and Karel Koci's avatar Karel Koci committed
      syslog-ng config now filters new messages with new prefix that is
      default logging prefix for OpenWrt's firewall3. This means that now
      logging is just question of enabling logging on given zone.
      
      Example of uci configuration:
          config zone
      	option name 'wan'
      	list network 'wan'
      	option input 'REJECT'
      	option output 'ACCEPT'
      	option forward 'REJECT'
      	option log_limit '500/sec'
      	option log '1'
      
      The same change has to be done in syslog parser. New message format is:
      REJECT wan in: IN=eth2 OUT= SRC=172.20.6.10 DST=172.20.6.255
      
      This also removes some of the fields we do not use on server.
      It is questionable if we need exact time of event so we do not send it.
      Rule ID is no longer relevant as we do not match rules anymore.
      Packet count was removed as well with simple package merging.
      Flags are removed as they are not used on server at all.
      0ee8022e
  8. 09 Mar, 2020 1 commit
    • Karel Koci's avatar
      Remove interface filter · 517be69c
      Karel Koci authored
      This was hacky way to detect traffic source. We instead should use
      Firewall rules to not log anything we do not want here.
      517be69c
  9. 09 Dec, 2019 2 commits
  10. 07 Mar, 2019 6 commits
  11. 13 Dec, 2018 1 commit
  12. 12 Dec, 2018 1 commit
  13. 06 Dec, 2018 3 commits
  14. 01 Nov, 2018 1 commit
  15. 13 Dec, 2016 1 commit