static async Task <Func <Task> > AddExecutionFromSnsPermission(IAmazonLambda lambda,
string functionArn,
string topicArn,
CancellationToken cancellationToken)
{
await lambda.AddPermissionAsync(new AddPermissionRequest
{
Action = "lambda:InvokeFunction",
StatementId = "AllowExecutionFromSNS",
FunctionName = functionArn,
Principal = "sns.amazonaws.com",
SourceArn = topicArn
}, cancellationToken);
return(async() => await lambda.RemovePermissionAsync(
new RemovePermissionRequest
{
FunctionName = functionArn,
StatementId = "AllowExecutionFromSNS"
}));
}
private Amazon.Lambda.Model.AddPermissionResponse CallAWSServiceOperation(IAmazonLambda client, Amazon.Lambda.Model.AddPermissionRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Lambda", "AddPermission");
try
{
#if DESKTOP
return(client.AddPermission(request));
#elif CORECLR
return(client.AddPermissionAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
public async Task <IActionResult> Create([Bind("FilePath", "Name", "Filter", "LogType", "LogInputCategory")] LogInput input)
{
ViewBag.LogPath = input.FilePath;
ViewBag.LogName = input.Name;
ViewBag.Filter = input.Filter;
ViewBag.LogType = input.LogType;
ViewBag.LogInput = input.LogInputCategory;
string lowcap = input.Name.ToLower();
string pattern = @"[^A-Za-z0-9]+";
string replacement = "-";
string replace = Regex.Replace(lowcap, pattern, replacement);
var BucketName2 = "smartinsights-" + replace;
var data = "{ \r\n \"Sources\":[ \r\n { \r\n \"Id\":\"" + input.Name + "\",\r\n \"SourceType\":\"WindowsEventLogSource\",\r\n \"LogName\":\"" + input.LogType + "\",\r\n \"IncludeEventData\" : true\r\n }\r\n ],\r\n \"Sinks\":[ \r\n { \r\n \"Id\":\"" + input.Name + "Firehose\",\r\n \"SinkType\":\"KinesisFirehose\",\r\n \"AccessKey\":\"" + Environment.GetEnvironmentVariable("FIREHOSE_ACCESS_KEY_ID") + "\",\r\n \"SecretKey\":\"" + Environment.GetEnvironmentVariable("FIREHOSE_SECRET_ACCESS_KEY") + "\",\r\n \"Region\":\"ap-southeast-1\",\r\n \"StreamName\":\"" + BucketName2 + "\"\r\n \"Format\": \"json\"\r\n }\r\n ],\r\n \"Pipes\":[ \r\n { \r\n \"Id\":\"WinSecurityPipe\",\r\n \"SourceRef\":\"" + input.Name + "\",\r\n \"SinkRef\":\"" + input.Name + "KinesisFirehose\"\r\n }\r\n ],\r\n \"SelfUpdate\":0\r\n}";
var data2 = "{\r\n \"cloudwatch.emitMetrics\": false,\r\n \"awsSecretAccessKey\": \"" + Environment.GetEnvironmentVariable("FIREHOSE_SECRET_ACCESS_KEY") + "\",\r\n \"firehose.endpoint\": \"firehose.ap-southeast-1.amazonaws.com\",\r\n \"awsAccessKeyId\": \"" + Environment.GetEnvironmentVariable("FIREHOSE_ACCESS_KEY_ID") + "\",\r\n \"flows\": [\r\n {\r\n \"filePattern\": \"/opt/generators/CLF/*.log\",\r\n \"deliveryStream\": \"SmartInsights-Apache-Web-Logs\",\r\n \"dataProcessingOptions\": [\r\n {\r\n \"optionName\": \"LOGTOJSON\",\r\n \"logFormat\": \"COMMONAPACHELOG\"\r\n }\r\n ]\r\n },\r\n {\r\n \"filePattern\": \"/opt/generators/ELF/*.log\",\r\n \"deliveryStream\": \"\",\r\n \"dataProcessingOptions\": [\r\n {\r\n \"optionName\": \"LOGTOJSON\",\r\n \"logFormat\": \"COMBINEDAPACHELOG\"\r\n }\r\n ] \r\n },\r\n {\r\n \"filePattern\": \"/opt/log/www1/secure.log\",\r\n \"deliveryStream\": \"SmartInsights-SSH-Login-Logs\",\r\n \"dataProcessingOptions\": [\r\n {\r\n \"optionName\": \"LOGTOJSON\",\r\n \"logFormat\": \"SYSLOG\",\r\n \"matchPattern\": \"^([\\\\w]+) ([\\\\w]+) ([\\\\d]+) ([\\\\d]+) ([\\\\w:]+) ([\\\\w]+) ([\\\\w]+)\\\\[([\\\\d]+)\\\\]\\\\: ([\\\\w\\\\s.\\\\:=]+)$\",\r\n \"customFieldNames\": [\"weekday\", \"month\", \"day\", \"year\", \"time\", \"host\", \"process\", \"identifer\",\"message\"]\r\n }\r\n ]\r\n },\r\n {\r\n \"filePattern\": \"/opt/log/cisco_router1/cisco_ironport_web.log\",\r\n \"deliveryStream\": \"SmartInsights-Cisco-Squid-Proxy-Logs\",\r\n \"dataProcessingOptions\": [\r\n {\r\n \"optionName\": \"LOGTOJSON\",\r\n \"logFormat\": \"SYSLOG\",\r\n \"matchPattern\": \"^([\\\\w.]+) (?:[\\\\d]+) ([\\\\d.]+) ([\\\\w]+)\\\\/([\\\\d]+) ([\\\\d]+) ([\\\\w.]+) ([\\\\S]+) ([\\\\S]+) (?:[\\\\w]+)\\\\/([\\\\S]+) ([\\\\S]+) (?:[\\\\S\\\\s]+)$\",\r\n \"customFieldNames\": [\"timestamp\",\"destination_ip_address\",\"action\",\"http_status_code\",\"bytes_in\",\"http_method\",\"requested_url\",\"user\",\"requested_url_domain\",\"content_type\"]\r\n }\r\n ]\r\n }\r\n ]\r\n}";
string data3 = "";
PutBucketResponse putBucketResponse = await _S3Client.PutBucketAsync(new PutBucketRequest
{
BucketName = "smartinsights-" + replace,
UseClientRegion = true,
CannedACL = S3CannedACL.Private
});
PutBucketTaggingResponse putBucketTaggingResponse = await _S3Client.PutBucketTaggingAsync(new PutBucketTaggingRequest
{
BucketName = "smartinsights-" + replace,
TagSet = new List <Amazon.S3.Model.Tag>
{
new Amazon.S3.Model.Tag
{
Key = "Project",
Value = "OSPJ"
}
}
});
PutPublicAccessBlockResponse putPublicAccessBlockResponse = await _S3Client.PutPublicAccessBlockAsync(new PutPublicAccessBlockRequest
{
BucketName = "smartinsights-" + replace,
PublicAccessBlockConfiguration = new PublicAccessBlockConfiguration
{
BlockPublicAcls = true,
BlockPublicPolicy = true,
IgnorePublicAcls = true,
RestrictPublicBuckets = true
}
});
CreateDeliveryStreamResponse createDeliveryStreamResponse = await _FirehoseClient.CreateDeliveryStreamAsync(new CreateDeliveryStreamRequest
{
DeliveryStreamName = "smartinsights-" + replace,
DeliveryStreamType = DeliveryStreamType.DirectPut,
ExtendedS3DestinationConfiguration = new ExtendedS3DestinationConfiguration
{
BucketARN = "arn:aws:s3:::" + BucketName2,
BufferingHints = new BufferingHints
{
IntervalInSeconds = 60,
SizeInMBs = 5
},
RoleARN = Environment.GetEnvironmentVariable("FIREHOSE_EXECUTION_ROLE")
},
Tags = new List <Amazon.KinesisFirehose.Model.Tag>
{
new Amazon.KinesisFirehose.Model.Tag
{
Key = "Project",
Value = "OSPJ"
}
}
});
_logContext.S3Buckets.Add(new Models.S3Bucket
{
Name = BucketName2
});
await _logContext.SaveChangesAsync();
ClaimsIdentity claimsIdentity = HttpContext.User.Identity as ClaimsIdentity;
string currentIdentity = claimsIdentity.FindFirst("preferred_username").Value;
User user = await _accountContext.Users.Where(u => u.Username == currentIdentity).FirstOrDefaultAsync();
Models.S3Bucket bucket = await _logContext.S3Buckets.Where(b => b.Name.Equals(BucketName2)).FirstOrDefaultAsync();
await _logContext.SaveChangesAsync();
await _LambdaClient.AddPermissionAsync(new AddPermissionRequest
{
Action = "lambda:InvokeFunction",
FunctionName = Environment.GetEnvironmentVariable("LAMBDA_FUNCTION_NAME"),
Principal = "s3.amazonaws.com",
SourceAccount = Environment.GetEnvironmentVariable("AWS_ACCOUNT_NUMBER"),
SourceArn = "arn:aws:s3:::" + bucket.Name,
StatementId = "ID-" + bucket.ID
});
await _S3Client.PutBucketNotificationAsync(new PutBucketNotificationRequest
{
BucketName = BucketName2,
LambdaFunctionConfigurations = new List <LambdaFunctionConfiguration>
{
new LambdaFunctionConfiguration
{
FunctionArn = Environment.GetEnvironmentVariable("LAMBDA_FUNCTION_ARN"),
Events = new List <EventType>
{
EventType.ObjectCreatedPut
}
}
}
});
if (!input.LogInputCategory.Equals(LogInputCategory.WindowsEventLogs))
{
data3 = data2;
}
else
{
data3 = data;
}
_logContext.LogInputs.Add(new Models.LogInput
{
Name = input.Name,
FirehoseStreamName = BucketName2,
ConfigurationJSON = data3,
LogInputCategory = input.LogInputCategory,
LinkedUserID = user.ID,
LinkedS3BucketID = bucket.ID,
FilePath = input.FilePath,
Filter = input.Filter,
LogType = input.LogType,
});
try
{
await _logContext.SaveChangesAsync();
TempData["Alert"] = "Success";
TempData["Message"] = "Log Input " + input.Name + " created successfully!";
return(RedirectToAction("Manage", new { InputID = _logContext.LogInputs.Where(LI => LI.Name.Equals(input.Name)).FirstOrDefault().ID }));
} catch (DbUpdateException)
{
TempData["Alert"] = "Danger";
TempData["Message"] = "Error Creating log input " + input.Name + "!";
return(View(input));
}
}