Example #1
0
        public async Task <IActionResult> Create([Bind("FilePath", "Name", "Filter", "LogType", "LogInputCategory")] LogInput input)
        {
            ViewBag.LogPath  = input.FilePath;
            ViewBag.LogName  = input.Name;
            ViewBag.Filter   = input.Filter;
            ViewBag.LogType  = input.LogType;
            ViewBag.LogInput = input.LogInputCategory;
            string            lowcap            = input.Name.ToLower();
            string            pattern           = @"[^A-Za-z0-9]+";
            string            replacement       = "-";
            string            replace           = Regex.Replace(lowcap, pattern, replacement);
            var               BucketName2       = "smartinsights-" + replace;
            var               data              = "{ \r\n   \"Sources\":[ \r\n      { \r\n         \"Id\":\"" + input.Name + "\",\r\n         \"SourceType\":\"WindowsEventLogSource\",\r\n  \"LogName\":\"" + input.LogType + "\",\r\n         \"IncludeEventData\" : true\r\n            }\r\n   ],\r\n   \"Sinks\":[ \r\n      { \r\n         \"Id\":\"" + input.Name + "Firehose\",\r\n         \"SinkType\":\"KinesisFirehose\",\r\n         \"AccessKey\":\"" + Environment.GetEnvironmentVariable("FIREHOSE_ACCESS_KEY_ID") + "\",\r\n         \"SecretKey\":\"" + Environment.GetEnvironmentVariable("FIREHOSE_SECRET_ACCESS_KEY") + "\",\r\n         \"Region\":\"ap-southeast-1\",\r\n         \"StreamName\":\"" + BucketName2 + "\"\r\n         \"Format\": \"json\"\r\n      }\r\n   ],\r\n   \"Pipes\":[ \r\n      { \r\n         \"Id\":\"WinSecurityPipe\",\r\n         \"SourceRef\":\"" + input.Name + "\",\r\n         \"SinkRef\":\"" + input.Name + "KinesisFirehose\"\r\n      }\r\n   ],\r\n   \"SelfUpdate\":0\r\n}";
            var               data2             = "{\r\n  \"cloudwatch.emitMetrics\": false,\r\n  \"awsSecretAccessKey\": \"" + Environment.GetEnvironmentVariable("FIREHOSE_SECRET_ACCESS_KEY") + "\",\r\n  \"firehose.endpoint\": \"firehose.ap-southeast-1.amazonaws.com\",\r\n  \"awsAccessKeyId\": \"" + Environment.GetEnvironmentVariable("FIREHOSE_ACCESS_KEY_ID") + "\",\r\n  \"flows\": [\r\n    {\r\n      \"filePattern\": \"/opt/generators/CLF/*.log\",\r\n      \"deliveryStream\": \"SmartInsights-Apache-Web-Logs\",\r\n      \"dataProcessingOptions\": [\r\n                {\r\n                    \"optionName\": \"LOGTOJSON\",\r\n                    \"logFormat\": \"COMMONAPACHELOG\"\r\n                }\r\n            ]\r\n    },\r\n    {\r\n      \"filePattern\": \"/opt/generators/ELF/*.log\",\r\n      \"deliveryStream\": \"\",\r\n      \"dataProcessingOptions\": [\r\n                {\r\n                    \"optionName\": \"LOGTOJSON\",\r\n                    \"logFormat\": \"COMBINEDAPACHELOG\"\r\n                }\r\n            ]      \r\n    },\r\n    {\r\n      \"filePattern\": \"/opt/log/www1/secure.log\",\r\n      \"deliveryStream\": \"SmartInsights-SSH-Login-Logs\",\r\n      \"dataProcessingOptions\": [\r\n                {\r\n                    \"optionName\": \"LOGTOJSON\",\r\n                    \"logFormat\": \"SYSLOG\",\r\n                    \"matchPattern\": \"^([\\\\w]+) ([\\\\w]+) ([\\\\d]+) ([\\\\d]+) ([\\\\w:]+) ([\\\\w]+) ([\\\\w]+)\\\\[([\\\\d]+)\\\\]\\\\: ([\\\\w\\\\s.\\\\:=]+)$\",\r\n                    \"customFieldNames\": [\"weekday\", \"month\", \"day\", \"year\", \"time\", \"host\", \"process\", \"identifer\",\"message\"]\r\n                }\r\n            ]\r\n    },\r\n    {\r\n      \"filePattern\": \"/opt/log/cisco_router1/cisco_ironport_web.log\",\r\n      \"deliveryStream\": \"SmartInsights-Cisco-Squid-Proxy-Logs\",\r\n      \"dataProcessingOptions\": [\r\n                {\r\n                    \"optionName\": \"LOGTOJSON\",\r\n                    \"logFormat\": \"SYSLOG\",\r\n                    \"matchPattern\": \"^([\\\\w.]+) (?:[\\\\d]+) ([\\\\d.]+) ([\\\\w]+)\\\\/([\\\\d]+) ([\\\\d]+) ([\\\\w.]+) ([\\\\S]+) ([\\\\S]+) (?:[\\\\w]+)\\\\/([\\\\S]+) ([\\\\S]+) (?:[\\\\S\\\\s]+)$\",\r\n                    \"customFieldNames\": [\"timestamp\",\"destination_ip_address\",\"action\",\"http_status_code\",\"bytes_in\",\"http_method\",\"requested_url\",\"user\",\"requested_url_domain\",\"content_type\"]\r\n                }\r\n            ]\r\n    }\r\n  ]\r\n}";
            string            data3             = "";
            PutBucketResponse putBucketResponse = await _S3Client.PutBucketAsync(new PutBucketRequest
            {
                BucketName      = "smartinsights-" + replace,
                UseClientRegion = true,
                CannedACL       = S3CannedACL.Private
            });

            PutBucketTaggingResponse putBucketTaggingResponse = await _S3Client.PutBucketTaggingAsync(new PutBucketTaggingRequest
            {
                BucketName = "smartinsights-" + replace,
                TagSet     = new List <Amazon.S3.Model.Tag>
                {
                    new Amazon.S3.Model.Tag
                    {
                        Key   = "Project",
                        Value = "OSPJ"
                    }
                }
            });

            PutPublicAccessBlockResponse putPublicAccessBlockResponse = await _S3Client.PutPublicAccessBlockAsync(new PutPublicAccessBlockRequest
            {
                BucketName = "smartinsights-" + replace,
                PublicAccessBlockConfiguration = new PublicAccessBlockConfiguration
                {
                    BlockPublicAcls       = true,
                    BlockPublicPolicy     = true,
                    IgnorePublicAcls      = true,
                    RestrictPublicBuckets = true
                }
            });

            CreateDeliveryStreamResponse createDeliveryStreamResponse = await _FirehoseClient.CreateDeliveryStreamAsync(new CreateDeliveryStreamRequest
            {
                DeliveryStreamName = "smartinsights-" + replace,
                DeliveryStreamType = DeliveryStreamType.DirectPut,
                ExtendedS3DestinationConfiguration = new ExtendedS3DestinationConfiguration
                {
                    BucketARN      = "arn:aws:s3:::" + BucketName2,
                    BufferingHints = new BufferingHints
                    {
                        IntervalInSeconds = 60,
                        SizeInMBs         = 5
                    },
                    RoleARN = Environment.GetEnvironmentVariable("FIREHOSE_EXECUTION_ROLE")
                },
                Tags = new List <Amazon.KinesisFirehose.Model.Tag>
                {
                    new Amazon.KinesisFirehose.Model.Tag
                    {
                        Key   = "Project",
                        Value = "OSPJ"
                    }
                }
            });

            _logContext.S3Buckets.Add(new Models.S3Bucket
            {
                Name = BucketName2
            });
            await _logContext.SaveChangesAsync();

            ClaimsIdentity claimsIdentity  = HttpContext.User.Identity as ClaimsIdentity;
            string         currentIdentity = claimsIdentity.FindFirst("preferred_username").Value;
            User           user            = await _accountContext.Users.Where(u => u.Username == currentIdentity).FirstOrDefaultAsync();

            Models.S3Bucket bucket = await _logContext.S3Buckets.Where(b => b.Name.Equals(BucketName2)).FirstOrDefaultAsync();

            await _logContext.SaveChangesAsync();

            await _LambdaClient.AddPermissionAsync(new AddPermissionRequest
            {
                Action        = "lambda:InvokeFunction",
                FunctionName  = Environment.GetEnvironmentVariable("LAMBDA_FUNCTION_NAME"),
                Principal     = "s3.amazonaws.com",
                SourceAccount = Environment.GetEnvironmentVariable("AWS_ACCOUNT_NUMBER"),
                SourceArn     = "arn:aws:s3:::" + bucket.Name,
                StatementId   = "ID-" + bucket.ID
            });

            await _S3Client.PutBucketNotificationAsync(new PutBucketNotificationRequest
            {
                BucketName = BucketName2,
                LambdaFunctionConfigurations = new List <LambdaFunctionConfiguration>
                {
                    new LambdaFunctionConfiguration
                    {
                        FunctionArn = Environment.GetEnvironmentVariable("LAMBDA_FUNCTION_ARN"),
                        Events      = new List <EventType>
                        {
                            EventType.ObjectCreatedPut
                        }
                    }
                }
            });

            if (!input.LogInputCategory.Equals(LogInputCategory.WindowsEventLogs))
            {
                data3 = data2;
            }
            else
            {
                data3 = data;
            }
            _logContext.LogInputs.Add(new Models.LogInput
            {
                Name = input.Name,
                FirehoseStreamName = BucketName2,
                ConfigurationJSON  = data3,
                LogInputCategory   = input.LogInputCategory,
                LinkedUserID       = user.ID,
                LinkedS3BucketID   = bucket.ID,
                FilePath           = input.FilePath,
                Filter             = input.Filter,
                LogType            = input.LogType,
            });
            try
            {
                await _logContext.SaveChangesAsync();

                TempData["Alert"]   = "Success";
                TempData["Message"] = "Log Input " + input.Name + " created successfully!";
                return(RedirectToAction("Manage", new { InputID = _logContext.LogInputs.Where(LI => LI.Name.Equals(input.Name)).FirstOrDefault().ID }));
            } catch (DbUpdateException)
            {
                TempData["Alert"]   = "Danger";
                TempData["Message"] = "Error Creating log input " + input.Name + "!";
                return(View(input));
            }
        }