fb712c3c11
logmonitor: docs: add security advisory for config file ( #196 )
...
As a recommendation from the previous security review,
add an advisory for users on how to restrict write
access for the confg file.
This reduces the possibility of the config file being
used as an attack vector, especially for a low
privilege user.
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
2024-10-14 20:40:15 +03:00
d36c31481f
revert: explicitly write wide string characters to console ( #193 )
...
* revert: explicitly write wide string characters to console
* update version number
2024-09-25 18:12:52 +03:00
6c3034004e
Remove redundant 'git checkout' ( #191 )
2024-09-13 17:17:12 +03:00
0d8a293581
Fix codeql issues (Main.cpp and Utility.cpp) ( #190 )
...
* main codeql issues fix
* utility fixes
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2024-09-12 16:45:55 +03:00
cd976af103
fixed ETW CodeQL warnings ( #188 )
2024-09-11 12:27:32 +01:00
7177c26a38
[Chore] Update SDL Compliance pipeline ( #186 )
...
- Use CodeQL analysis to scan the codebase for security vulnerabilities
- Semmle@1 is deprecated.
- Move pipeline to GitHub workflows from Azure DevOps
2024-09-07 10:37:40 +03:00
1af6920814
Rename Process Monitor Configuration Fields for Consistency ( #185 )
...
* change tagging
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
---------
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2024-08-23 12:22:02 +03:00
808b133681
fix file watcher hanging and console write performance ( #183 )
...
* fix: handle out of range error
* fix: explicitly write wide string characters to console
* hack: detect console and use redirectable console output for tests
* lint: fix linting error
2024-08-23 12:15:00 +03:00
142b5a1f71
Event Source Name entry in EventLog ( #182 )
2024-08-14 09:51:20 +01:00
d1d39d6a31
Customizable logs feature ( #177 )
...
* feat: adding support for legacy XML log output (#119 )
* Custom Log Format (#124 )
* Make JSON the default log format
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
* Custom JSON Log Sanitization (#128 )
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
* Formatting for scalar integer property values using TdhFormatProperty (#129 )
---------
Co-authored-by: Bob Sira <bosira@microsoft.com>
* docs: configurable / custom log format (#136 )
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
* fix process monitor formatting (#175 )
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
* Process Monitor Custom Logging (#176 )
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
---------
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
* Resolve build error and lint issues, and add process monitor details into the docs
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
---------
Signed-off-by: Charity Kathure <ckathure@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
Co-authored-by: Bob Sira <sbobfitz2@gmail.com>
Co-authored-by: Bob Sira <bosira@microsoft.com>
Co-authored-by: Ian King'ori <kingorim.ian@gmail.com>
2024-07-24 14:45:42 +03:00
c52490550b
[Fix] Log stream delay when dir does not exist ( #174 )
...
Co-authored-by: TinaMor <mor.tina@outlook.com>
2024-05-23 20:12:02 +03:00
aa6ea069f3
Signal Handling: Set up a signal handler for common catastrophic failure signals ( #165 )
...
* signal handling
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2024-01-16 15:56:26 +03:00
04885c694b
update to v2.0.2
2023-10-11 13:57:18 +03:00
82015addf5
Fix to unblock Event Log failure in runtime:4.8-windowsservercore-ltsc2019 alt ( #159 )
...
Fix to unblock Event Log monitoring failure in ltcs2019 image
2023-09-28 12:40:14 +01:00
8735dc0b55
update to v2.0.1
2023-09-07 10:34:33 +03:00
1632af038f
Fix 30 seconds delay issue ( #156 )
...
* reduce file monitor wait time
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2023-09-04 10:48:39 +03:00
33b1a277e1
Only prepend if not root folder and validate directory source ( #154 )
2023-08-22 15:22:57 +01:00
a47d40e76f
Onboard repo to Secure Development Tools Azure DevOps ( #152 )
2023-08-01 13:55:33 +03:00
09824043eb
fix: add waitInSeconds field to retry if folder/file does not exist ( #149 )
...
fixes #126
2023-07-26 11:44:08 +03:00
56f8f0cec1
Identify the ProviderGuid failing with 1168 ( #148 )
...
* identify the ProviderGuid failing with 1168
* added informative error messages
* lint fixes
* reverted the check for all failing providers
* another lint fix
2023-07-13 11:44:58 +01:00
51a4d3aed3
Resolve versioning issue ( #146 )
...
* resolve versioning issue to follow semantic versioning
* indentation
---------
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2023-07-11 22:10:32 +03:00
30d5b9dd2c
fix: move versioning to SemVer format
2023-05-29 09:48:35 +03:00
c48c8b38de
increase version to 2.0.0
2023-05-29 09:48:35 +03:00
0ac4083f4f
fix: work-around for multi-byte characters ( #122 )
2023-05-29 09:48:35 +03:00
a7d6465cb9
feat: refactor ETWMonitor code to easily support multiple output formats ( #120 )
2023-05-29 09:48:35 +03:00
13342ba4cd
feat: json output as default for all the 4 log sources ( #110 )
...
* See the spec and schema details in the discussion here - #103
* This commit introduces outputting JSON log format as default for all the 4 source
to improve the tools experience, interoperability and among the initial steps of making
the tool fit well with other log analysis tools and platforms like Azure Monitor, ELK, etc.
2023-05-29 09:48:35 +03:00
49f79eddd9
fix(docs): include missing fields for EventLog examples ( #131 )
2023-04-25 07:21:42 +03:00
ba91cbf76e
fix: update component governance step in build pipeline ( #133 )
2023-04-25 07:18:26 +03:00
9502ea4e40
fix(docs): specify default level as Error for EventLog ( #116 )
...
Correct the event monitor documentation
2023-01-26 12:20:29 +03:00
d76755c1f6
add unit test ( #118 )
...
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2023-01-26 10:47:56 +03:00
f35cfe0814
fix(docs): specify default level as Error for EventLog ( #112 )
2023-01-17 14:19:46 +03:00
b728c8f8a9
chore: add link to Windows Containers repo ( #114 )
2023-01-17 09:18:22 +03:00
43eae6eef6
feat: include provider name to xml output etw log ( #105 )
2022-12-19 11:33:50 +03:00
478ba98325
fix: file monitor source tagging skips some log lines ( #102 )
...
* fix: file monitor source tagging skips some log lines
* lint: remove blank line
2022-12-06 16:55:10 +03:00
2c2cf0ba2a
chore: added in a sample config file ( #100 )
2022-11-17 16:37:12 +03:00
01cd46f042
(chore)update version to 1.2.1 ( #99 )
2022-11-15 13:44:32 +03:00
877e0141ab
docs: beef up documentation for the log sources ( #95 ) ( #96 )
...
* docs: beef up documentation for the log sources (#95 )
Co-authored-by: Bob Sira <Bob.Sira@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
Co-authored-by: Ian King'ori <iakingor@microsoft.com>
2022-11-08 16:16:06 +03:00
35b256eb6c
Fix for missing file name Prefix ( #94 )
...
Co-authored-by: Bob Sira <bosira@microsoft.com>
2022-10-31 18:19:35 +00:00
a03e292334
chore: update issue templates ( #93 )
2022-10-27 19:05:06 +03:00
65b5de533f
chore: add contributing guidelines ( #90 )
...
closes #46
closes #50
2022-10-27 07:58:19 +03:00
0be58eb8db
fix: stderr and stdout mixup from child process ( #91 )
2022-10-26 15:15:03 +03:00
3d1f74eb40
Refactor Log File Monitor ( #92 )
...
* Refactor Log File Monitor
- moved log directory handle to utilities file
- moved create event lgoic and error handling to utilities file
- created an enqueue events function to centralize lock acquisition and releases plus filter out events by file name before adding them to the queue
- (fix) only read sub directory changes when include subfolders is true
- (fix) handle file monitor initialization logic bugs
2022-10-26 15:08:34 +03:00
90a525b877
feat: include log file name to every line streamed out ( #88 )
...
Co-authored-by: Bob Sira <Bob.Sira@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2022-10-14 11:04:44 +03:00
56adb7c838
Fix typo in comment: includeFileNames configuration property name ( #79 )
2022-09-22 15:31:51 +03:00
06c7452272
increase version to 1.2.0 ( #78 )
2022-09-12 12:50:18 +03:00
37fc094e8e
refactored stoptrace to controltrace ( #77 )
...
Co-authored-by: Bob Sira <Bob.Sira@microsoft.com>
2022-09-08 00:12:48 +01:00
d1c19b45ae
Refactored from using obsolete EnableTrace to EnableTraceEx2 function ( #76 )
...
* Refactored from using obsolete EnableTrace to EnableTraceEx2 function for ETW events
2022-08-30 11:36:32 +03:00
0a9c06f9b9
Pass through exit code from monitored process to callers of LogMonitor ( #37 )
2022-08-30 11:34:27 +03:00
138c7b1eb1
Refactor StartMonitors ( #73 )
...
* first commit
* resolve linter warnings
* move function to another class and create a unit test for OpenConfigFile function
* add unit test and move open config file to configfileparser class
* amend unit test
* amend unit test
* add unit test and centralize logger settings
* shorten line
* un-do linter issue
* Change SAL Annotation
* amend unit test
* fix annotation
* add utility file
* remove un-necessary line of code
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2022-08-19 16:29:12 +03:00
a606ff534b
config file parser typo fixes ( #72 )
...
* config file parser typo fixes
* fixed test typo
* addded an extra quoatation
* reverting back because of tests breaks
* remove unnecessary escape
Co-authored-by: Bob Sira <Bob.Sira@microsoft.com>
Co-authored-by: Charity Kathure <ckathure@microsoft.com>
2022-08-18 10:03:52 +01:00
Anthony Nandaa
Ian King'ori
Tina Murimi
Charity Kathure
Bob Sira
Tina Murimi
Ian King'ori
Tina Murimi
Ian King'ori
Tom Plant
kimpanatopimizely
Lucille Xiong
Mateusz Łoskot
Ulf Axelsson