provide an option for one-line-logs in a file

[doctore74]

It would be good to have an option to log into a logfile in i.e. syslog style.

Because...
Here's something else I've been thinking about.
If a host was potentially attackable, it would be useful to know later which one it was. If an attacker was fast and infected the host, maybe he could place a trojan or something to activate it later.

A single line logfile is easy to parse and/or logrotated or shipped to checkmk logwatch or Elastic Stack (with or without machine learning), Graylog, ...

Hey... and DO NOT USE LOG4J :-D

[xeraph]

Great idea. Merged into #183. :D

[xeraph]

@doctore74 Would you test v2.5.0?

[doctore74]

@xeraph

syslog via udp is working -> that's great

Would it also be possible to add a flag to write this log to a local file?
I.e. Elastic can use its beat-agents. These are able to buffer the data. UDP just drops the data if it cannot be sent.

[xeraph]

@doctore74 I'm considering syslog over tcp or HTTPS post logging. I will inform you if this feature is released.

[doctore74]

@xeraph
I think a locally stored log file is really necessary to find out what the scan is doing and where it gets stuck when run unattended (e.g. monitoring tool).

btw. Keep going! Awsome work!

[thl-cmk]

@xeraph

Added --log-path option for appendable json logging, See #178

Will this also work with CSV format?

THX

[xeraph]

@thl-cmk @doctore74 Would you test v2.7.0 release? You can use --csv-log-path or --json-log-path option for file logging.

[thl-cmk]

@xeraph
Added --csv-log-path option

looks good /json also ok), except for the missing the headline in the csv file, should be put there on creation of the file.

[doctore74]

@xeraph

Looks good so far.

"unifi","/usr/lib/unifi/lib/log4j-core-2.13.3.jar","","Log4j 2","2.13.3","CVE-2021-44228","VULNERABLE","","2022-01-02 14:02:34" "unifi","/usr/lib/unifi/lib/log4j-core-2.13.3.jar","","Log4j 2","2.13.3","CVE-2021-44228","VULNERABLE","","2022-01-02 15:04:05" "unifi","/usr/lib/unifi/lib/log4j-core-2.13.3.jar","","Log4j 2","2.13.3","CVE-2021-44228","VULNERABLE","","2022-01-02 15:04:09" "unifi","/usr/lib/unifi/lib/log4j-core-2.13.3.jar","","Log4j 2","2.13.3","CVE-2021-44228","VULNERABLE","","2022-01-02 15:04:26" "unifi","/usr/lib/unifi/lib/log4j-core-2.13.3.jar","","Log4j 2","2.13.3","CVE-2021-44228","VULNERABLE","","2022-01-02 15:04:30"

Would it be possible to add an additional format like this?

2019-12-25T19:48:12.669+0000 I CONTROL [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends 2019-12-25T19:48:12.669+0000 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets... 2019-12-25T19:48:12.669+0000 I NETWORK [signalProcessingThread] removing socket file: /run/mongodb/mongodb-27017.sock 2019-12-25T19:48:12.669+0000 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture 2019-12-25T19:48:12.672+0000 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down 2019-12-25T19:48:12.763+0000 I STORAGE [signalProcessingThread] shutdown: removing fs lock... 2019-12-25T19:48:12.763+0000 I CONTROL [signalProcessingThread] now exiting 2019-12-25T19:48:12.763+0000 I CONTROL [signalProcessingThread] shutting down with code:0

[xeraph]

@thl-cmk Added csv file header in v2.7.1.
@doctore74 I can't get the point of your suggestion.

[thl-cmk]

@xeraph

Added csv file header in v2.7.1.

will check ;-), done. Looks good to me. THX

[thl-cmk]

can't get the point of your suggestion.

I guess what @doctore74 means is to have the format of the log file more like a "standard" linux logfile. So first he wants to remove the " except the are neccesary, and a different order of the fields. So more like this i guess:

Detected_at,Hostname,Product,Version,CVE,Status,Fixed,Path,Entry
2019-12-25T19:48:12.669+0000,unifi,Log4j_2,2.13.3,CVE-2021-44228,VULNERABLE,,/usr/lib/unifi/lib/log4j-core-2.13.3.jar,,

[doctore74]

@xeraph Have you seen @thl-cmk explanation?

[xeraph]

@doctore74 Yes. I don't considering change of format for now..