file_store: handle watching artifacts with named sources #2204
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When watch_monitoring() is called to monitor an artifact with a named source, it returns immediately with zero results and nothing in the log. It turns out that file_store/directory/queue QueuePool.NewListener was failing silently due to the path containing a slash in it. This commit replaces the slash with three dots and reports an error when it happens in NewListener.
scudette
pushed a commit
that referenced
this pull request
Nov 4, 2022
When watch_monitoring() is called to monitor an artifact with a named source, it returns immediately with zero results and nothing in the log. It turns out that file_store/directory/queue QueuePool.NewListener was failing silently due to the path containing a slash in it. This commit replaces the slash with three dots and reports an error when it happens in NewListener.
mgreen27
pushed a commit
that referenced
this pull request
Nov 4, 2022
* file_store: handle watching artifacts with named sources (#2204) When watch_monitoring() is called to monitor an artifact with a named source, it returns immediately with zero results and nothing in the log. It turns out that file_store/directory/queue QueuePool.NewListener was failing silently due to the path containing a slash in it. This commit replaces the slash with three dots and reports an error when it happens in NewListener. * Bugfix: Flush server artifact logs into storage frequently (#2207) The UI needs to track progress. Also reuse log table component for cell logs for filtering on levels. * Linux quarantine (#2211) * quarantine: actually call the OS-specific artifact Commit 5231b0f (host-info: make quarantine UI more robust with non-Windows client hosts) was incomplete and would only check to see if the platform-specific quarantine artifact existed. It would still attempt to invoke the Windows quarantine artifact. This PR fixes it. * Add Linux.Remediation.Quarantine artifact Add Linux.Remediation.Quarantine artifact to enable quarantining Linux systems via nftables. Co-authored-by: guangyee <gyee@suse.com> * Update protobuf generation script (#2213) Remove version strings from generated files as these create un necessary churn in repo. * tests: fix binary copying in CollectorSetupTest (#2210) The binary copying section of CollectorSetupTest uses permissions 0644, which don't allow the binary to be executed: Found binary .../output/velociraptor-v0.6.6-linux-amd64 deaddisk_test.go:35: Error Trace: .../bin/deaddisk_test.go:35 Error: Received unexpected error: fork/exec /tmp/tmp2961160367/velociraptor-v0.6.6-linux-amd64: permission denied Test: TestDeaddisk This commit fixes it to use 0755. Do not use hard links for CopyFile Co-authored-by: Mike Cohen <mike@velocidex.com> * Fix HTTP Params/Add HTTP Method Validation (#2203) When sending a GET with http_client params need to be encoded into the query string. * Add timestamp_field, hostname_field, and hostname param to splunk_upload (#2187) * Add Provider and ProviderRegex (#2198) * Add Provider and ProviderRegex * Add Provider to output * Enforce an allow list on plugins, functions and accessors (#2214) This allows users to harden servers so it is impossible to run undesirable VQL on the server's notebooks. * Bugfix: Sync NTFS (#2206) * USN path checks sequence number * Windows.Forensics.MFT has a new option to report all short filenames in links. * Prepare a 0.6.7-rc3 Co-authored-by: Jeff Mahoney <jeffm@suse.com> Co-authored-by: guangyee <gyee@suse.com> Co-authored-by: clayscode <clay@clayscode.com> Co-authored-by: weslambert <wlambertts@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When watch_monitoring() is called to monitor an artifact with a named source, it returns immediately with zero results and nothing in the log.
It turns out that file_store/directory/queue QueuePool.NewListener was failing silently due to the path containing a slash in it. This commit replaces the slash with three dots and reports an error when it happens in NewListener.