diff --git a/Source/common/SNTCommonEnums.h b/Source/common/SNTCommonEnums.h index b7af4df8a..51e69bc74 100644 --- a/Source/common/SNTCommonEnums.h +++ b/Source/common/SNTCommonEnums.h @@ -93,6 +93,7 @@ typedef NS_ENUM(NSInteger, SNTEventLogType) { SNTEventLogTypeSyslog, SNTEventLogTypeFilelog, SNTEventLogTypeProtobuf, + SNTEventLogTypeNull, }; // The return status of a sync. diff --git a/Source/common/SNTConfigurator.h b/Source/common/SNTConfigurator.h index d463493dd..eb69a8825 100644 --- a/Source/common/SNTConfigurator.h +++ b/Source/common/SNTConfigurator.h @@ -151,9 +151,10 @@ /// /// Defines how event logs are stored. Options are: -/// SNTEventLogTypeSyslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). -/// SNTEventLogTypeFilelog: Sent to a file on disk. Use eventLogPath to specify a path. -/// SNTEventLogTypeProtobuf: (BETA) Sent to a file on disk, using maildir format. Use +/// SNTEventLogTypeSyslog "syslog": Sent to ASL or ULS (if built with the 10.12 SDK or later). +/// SNTEventLogTypeFilelog "file": Sent to a file on disk. Use eventLogPath to specify a path. +/// SNTEventLogTypeNull "null": Logs nothing +/// SNTEventLogTypeProtobuf "protobuf": (BETA) Sent to a file on disk, using maildir format. Use /// mailDirectory to specify a path. Use mailDirectoryFileSizeThresholdKB, /// mailDirectorySizeThresholdMB and mailDirectoryEventMaxFlushTimeSec to configure /// additional maildir format settings. @@ -420,7 +421,7 @@ /// If true, events will be uploaded for all executions, even those that are allowed. /// Use with caution, this generates a lot of events. Defaults to false. /// -@property(readonly, nonatomic) BOOL enableAllEventUpload; +@property(nonatomic) BOOL enableAllEventUpload; /// /// If true, forks and exits will be logged. Defaults to false. diff --git a/Source/common/SNTConfigurator.m b/Source/common/SNTConfigurator.m index 0cc18d146..c8b8c9738 100644 --- a/Source/common/SNTConfigurator.m +++ b/Source/common/SNTConfigurator.m @@ -701,6 +701,10 @@ - (SNTEventLogType)eventLogType { return SNTEventLogTypeProtobuf; } else if ([logType isEqualToString:@"syslog"]) { return SNTEventLogTypeSyslog; + } else if ([logType isEqualToString:@"null"]) { + return SNTEventLogTypeNull; + } else if ([logType isEqualToString:@"file"]) { + return SNTEventLogTypeFilelog; } else { return SNTEventLogTypeFilelog; } @@ -751,7 +755,7 @@ - (BOOL)enableAllEventUpload { NSNumber *n = self.syncState[kEnableAllEventUploadKey]; if (n) return [n boolValue]; - return [self.configState[kEnableAllEventUploadKey]; + return [self.configState[kEnableAllEventUploadKey] boolValue]; } - (void)setEnableAllEventUpload:(BOOL)enabled { diff --git a/Source/santad/Logs/SNTEventLog.m b/Source/santad/Logs/SNTEventLog.m index 55759a0cd..6e68508e8 100644 --- a/Source/santad/Logs/SNTEventLog.m +++ b/Source/santad/Logs/SNTEventLog.m @@ -447,7 +447,11 @@ + (instancetype)logger { logger = [[SNTProtobufEventLog alloc] init]; break; } - default: logger = nil; + case SNTEventLogTypeNull: { + // Messages sent to nil objects do nothing, which is perfect for a null logger. + logger = nil; + break; + } } }); return logger; diff --git a/Source/santad/SNTExecutionController.m b/Source/santad/SNTExecutionController.m index 0d27514b9..4e703a1c2 100644 --- a/Source/santad/SNTExecutionController.m +++ b/Source/santad/SNTExecutionController.m @@ -191,7 +191,7 @@ - (void)validateBinaryWithMessage:(santa_message_t)message { [self incrementEventCounters:cd.decision]; // Log to database if necessary. - if ([[SNTCnfigurator configurator].enableAllEventUpload] || + if ([SNTConfigurator configurator].enableAllEventUpload || (cd.decision != SNTEventStateAllowBinary && cd.decision != SNTEventStateAllowCompiler && cd.decision != SNTEventStateAllowTransitive && cd.decision != SNTEventStateAllowCertificate && cd.decision != SNTEventStateAllowTeamID && diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index 92108f044..ce60482be 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -52,7 +52,7 @@ also known as mobileconfig files, which are in an Apple-specific XML format. | MachineOwnerKey | String | The key to use on MachineOwnerPlist. | | MachineIDPlist | String | The path to a plist that contains the MachineOwnerKey / value pair. | | MachineIDKey | String | The key to use on MachineIDPlist. | -| EventLogType | String | Defines how event logs are stored. Options are 1) syslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). 2) filelog: Sent to a file on disk. Use EventLogPath to specify a path. 3) protobuf (BETA): Sent to file on disk using maildir format. Defaults to filelog. | +| EventLogType | String | Defines how event logs are stored. Options are 1) syslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). 2) filelog: Sent to a file on disk. Use EventLogPath to specify a path. 3) protobuf (BETA): Sent to file on disk using maildir format. 4) null: Don't output any event logs. Defaults to filelog. | | EventLogPath | String | If EventLogType is set to filelog, EventLogPath will provide the path to save logs. Defaults to /var/db/santa/santa.log. If you change this value ensure you also update com.google.santa.newsyslog.conf with the new path. | | MailDirectory | String | If EventLogType is set to protobuf, MailDirectory will provide the the base directory used to save files according to the maildir format. Defaults to /var/db/santa/mail. | | MailDirectoryFileSizeThresholdKB | Integer | If EventLogType is set to protobuf, MailDirectoryFileSizeThresholdKB defines the per-file size limit for files stored in the mail directory. Events are buffered in memory until this threshold would be exceeded (or MailDirectoryEventMaxFlushTimeSec is exceeded). Defaults to 100. |