/* * auditd-plugin-clickhouse is an auditd plugin for sending auditd data * to clickhouse DB. * Copyright (C) 2019 Aleksei Nikiforov * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * */ #include "auditd-datatypes.hpp" #include #include #include #include #include #include #include static std::map s_datatypes_map; static std::list > s_datatype_regexps_map; static std::map(const std::string &name)> > s_type_creation_map; void read_datatypes_map(const std::string &config_filename) { s_datatypes_map.clear(); s_datatype_regexps_map.clear(); s_type_creation_map.clear(); s_type_creation_map["integer"] = &IntegerRecordField::createRecord; s_type_creation_map["string"] = &InterpretedStringRecordField::createRecord; s_type_creation_map["string_array"] = &InterpretedStringArrayRecordField::createRecord; boost::property_tree::ptree clickhouse_config_tree; { std::ifstream stream(config_filename); boost::property_tree::read_json(stream, clickhouse_config_tree); } auto datatypes_child = clickhouse_config_tree.get_child_optional("datatypes"); if (datatypes_child) { for (auto iter = datatypes_child->begin(); iter != datatypes_child->end(); ++iter) { s_datatypes_map[iter->first] = iter->second.get_value(); } } auto datatypes_arrays_child = clickhouse_config_tree.get_child_optional("datatypes_arrays"); if (datatypes_arrays_child) { for (auto iter = datatypes_arrays_child->begin(); iter != datatypes_arrays_child->end(); ++iter) { auto data_type = iter->second.get_child_optional("type"); auto data_dbname = iter->second.get_child_optional("dbname"); if (data_type && data_dbname) { s_datatype_regexps_map.push_back(std::make_tuple(iter->first, data_type->get_value(), data_dbname->get_value())); } } } } std::map get_datatypes_map() { return s_datatypes_map; } std::list > get_datatype_regexps_map() { return s_datatype_regexps_map; } std::map(const std::string &name)> > get_type_creation_map() { return s_type_creation_map; }