diff --git a/cmd/dsiem/main.go b/cmd/dsiem/main.go index 35ab149c..23d24019 100644 --- a/cmd/dsiem/main.go +++ b/cmd/dsiem/main.go @@ -11,7 +11,6 @@ import ( "time" log "github.com/defenxor/dsiem/internal/pkg/shared/logger" - "github.com/defenxor/dsiem/internal/pkg/shared/pprof" "github.com/defenxor/dsiem/internal/pkg/dsiem/alarm" "github.com/defenxor/dsiem/internal/pkg/dsiem/asset" @@ -53,7 +52,8 @@ func init() { serverCmd.Flags().IntP("minEPS", "i", 100, "Min. events/second rate allowed when throttling incoming events") serverCmd.Flags().IntP("holdDuration", "n", 10, "Duration in seconds before resetting overload condition state") serverCmd.Flags().Bool("apm", false, "Enable elastic APM instrumentation") - serverCmd.Flags().String("pprof", "", "Generate performance profiling information for either cpu, mutex, memory, or block.") + serverCmd.Flags().Bool("writeableConfig", false, "Whether to allow configuration file update through HTTP") + serverCmd.Flags().Bool("pprof", false, "Enable go pprof on the web interface") serverCmd.Flags().Bool("trace", false, "Generate 10 seconds trace file for debugging.") serverCmd.Flags().StringP("mode", "m", "standalone", "Deployment mode, can be set to standalone, cluster-frontend, or cluster-backend") serverCmd.Flags().IntP("cacheDuration", "c", 10, "Cache expiration time in minutes for intel and vuln query results") @@ -90,6 +90,7 @@ func init() { viper.BindPFlag("medRiskMin", serverCmd.Flags().Lookup("medRiskMin")) viper.BindPFlag("medRiskMax", serverCmd.Flags().Lookup("medRiskMax")) viper.BindPFlag("filePattern", validateCmd.Flags().Lookup("filePattern")) + viper.BindPFlag("writeableConfig", validateCmd.Flags().Lookup("writeableConfig")) } func initConfig() { @@ -172,7 +173,7 @@ external message queue.`, webDir := path.Join(d, "web", "dist") addr := viper.GetString("address") port := viper.GetInt("port") - pp := viper.GetString("pprof") + pprof := viper.GetBool("pprof") mode := viper.GetString("mode") msq := viper.GetString("msq") node := viper.GetString("node") @@ -183,6 +184,7 @@ external message queue.`, holdDuration := viper.GetInt("holdDuration") cacheDuration := viper.GetInt("cacheDuration") esapm := viper.GetBool("apm") + writeableConfig := viper.GetBool("writeableConfig") if err := checkMode(mode, msq, node, frontend); err != nil { exit("Incorrect mode configuration", err) @@ -192,6 +194,7 @@ external message queue.`, exit("Incorrect EPS setting", errors.New("minEPS must be <= than maxEPS")) } + /* disable this in favor of pprof web interfae if pp != "" { f, err := pprof.GetProfiler(pp) if err != nil { @@ -199,6 +202,7 @@ external message queue.`, } defer f.Stop() } + */ if traceFlag { fo, err := ioutil.TempFile(os.TempDir(), progName+"*.trace") @@ -274,7 +278,7 @@ external message queue.`, expcounter.Init(mode) err = server.Start( - eventChan, bpChan, confDir, webDir, + eventChan, bpChan, confDir, webDir, writeableConfig, pprof, mode, maxEPS, minEPS, msq, progName, node, addr, port) if err != nil { exit("Cannot start server", err) diff --git a/internal/pkg/dsiem/server/server.go b/internal/pkg/dsiem/server/server.go index 1adffed9..9bbedeb6 100644 --- a/internal/pkg/dsiem/server/server.go +++ b/internal/pkg/dsiem/server/server.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "net" + "runtime" "strconv" "sync" "sync/atomic" @@ -47,18 +48,19 @@ var rateCounter = rc.NewRateCounter(1 * time.Second) // Start starts the server func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd string, - serverMode string, maxEPS int, minEPS int, msqCluster string, - msqPrefix string, nodeName string, addr string, port int) error { + writeableConfig bool, pprof bool, serverMode string, maxEPS int, minEPS int, msqCluster string, + msqPrefix string, nodeName string, addr string, port int) (err error) { if a := net.ParseIP(addr); a == nil { - return errors.New(addr + " is not a valid IP address") + err = errors.New(addr + " is not a valid IP address") + return } if port < 1 || port > 65535 { - return errors.New("Invalid TCP port number") + err = errors.New("Invalid TCP port number") + return } mode = serverMode - // msq = msqCluster if mode == "cluster-frontend" { initMsgQueue(msqCluster, msqPrefix, nodeName) @@ -80,10 +82,14 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd router.GET("/config/:filename", handleConfFileDownload) router.GET("/config/", handleConfFileList) router.GET("/debug/vars/", expVarHandler) - router.GET("/debug/pprof/:name", pprofHandler) - router.GET("/debug/pprof/", pprofHandler) - router.POST("/config/:filename", handleConfFileUpload) - router.DELETE("/config/:filename", handleConfFileDelete) + if pprof { + router.GET("/debug/pprof/:name", pprofHandler) + router.GET("/debug/pprof/", pprofHandler) + } + if writeableConfig { + router.POST("/config/:filename", handleConfFileUpload) + router.DELETE("/config/:filename", handleConfFileDelete) + } if mode != "cluster-backend" { @@ -92,10 +98,9 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd if maxEPS == 0 || minEPS == 0 { router.POST("/events", handleEvents) } else { - var err error epsLimiter, err = limiter.New(maxEPS, minEPS) if err != nil { - return err + return } router.POST("/events", rateLimit(epsLimiter.Limit(), 3*time.Second, handleEvents)) } @@ -104,13 +109,16 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd overloadManager() } - ln, err := reuseport.Listen("tcp4", addr+":"+p) - if err != nil { - return err + if runtime.GOOS == "windows" { + err = fasthttp.ListenAndServe(addr+":"+p, router.Handler) + } else { + ln, err := reuseport.Listen("tcp4", addr+":"+p) + if err != nil { + return err + } + err = fasthttp.Serve(ln, router.Handler) } - - err = fasthttp.Serve(ln, router.Handler) - return err + return } // CounterRate return the rate of EPS