1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00

Add syslog suport for sending application logs to a Syslog server (#742)

* Add syslog suport for sending application logs to a Syslog server

* Rename SyslogSettings.Certificate to SyslogSettings.CertificatePath
This commit is contained in:
Roman V 2020-05-23 13:19:59 +12:00 committed by GitHub
parent 4b776f9413
commit a421be731c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 94 additions and 0 deletions

View File

@ -49,6 +49,7 @@
<PackageReference Include="IdentityServer4" Version="3.1.2" />
<PackageReference Include="Dapper" Version="2.0.30" />
<PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
<PackageReference Include="Serilog.Sinks.SyslogMessages" Version="1.0.5" />
<PackageReference Include="System.Text.Json" Version="4.7.1" />
<PackageReference Include="AspNetCoreRateLimit" Version="2.1.0" />
<PackageReference Include="Braintree" Version="4.17.0" />

View File

@ -32,6 +32,7 @@ namespace Bit.Core
public virtual DataProtectionSettings DataProtection { get; set; } = new DataProtectionSettings();
public virtual DocumentDbSettings DocumentDb { get; set; } = new DocumentDbSettings();
public virtual SentrySettings Sentry { get; set; } = new SentrySettings();
public virtual SyslogSettings Syslog { get; set; } = new SyslogSettings();
public virtual NotificationHubSettings NotificationHub { get; set; } = new NotificationHubSettings();
public virtual YubicoSettings Yubico { get; set; } = new YubicoSettings();
public virtual DuoSettings Duo { get; set; } = new DuoSettings();
@ -159,6 +160,49 @@ namespace Bit.Core
public string RedisConnectionString { get; set; }
}
public class SyslogSettings
{
/// <summary>
/// The connection string used to connect to a remote syslog server over TCP or UDP, or to connect locally.
/// </summary>
/// <remarks>
/// <para>The connection string will be parsed using <see cref="System.Uri" /> to extract the protocol, host name and port number.
/// </para>
/// <para>
/// Supported protocols are:
/// <list type="bullet">
/// <item>UDP (use <code>udp://</code>)</item>
/// <item>TCP (use <code>tcp://</code>)</item>
/// <item>TLS over TCP (use <code>tls://</code>)</item>
/// </list>
/// </para>
/// </remarks>
/// <example>
/// A remote server (logging.dev.example.com) is listening on UDP (port 514):
/// <code>
/// udp://logging.dev.example.com:514</code>.
/// </example>
public string Destination { get; set; }
/// <summary>
/// The absolute path to a Certificate (DER or Base64 encoded with private key).
/// </summary>
/// <remarks>
/// The certificate path and <see cref="CertificatePassword"/> are passed into the <see cref="System.Security.Cryptography.X509Certificates.X509Certificate2.X509Certificate2(string, string)" />.
/// The file format of the certificate may be binary encded (DER) or base64. If the private key is encrypted, provide the password in <see cref="CertificatePassword"/>,
/// </remarks>
public string CertificatePath { get; set; }
/// <summary>
/// The password for the encrypted private key in the certificate supplied in <see cref="CertificatePath" />.
/// </summary>
/// <value></value>
public string CertificatePassword { get; set; }
/// <summary>
/// The thumbprint of the certificate in the X.509 certificate store for personal certificates for the user account running Bitwarden.
/// </summary>
/// <value></value>
public string CertificateThumbprint { get; set; }
}
public class NotificationHubSettings
{
private string _connectionString;

View File

@ -5,7 +5,10 @@ using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Serilog;
using Serilog.Events;
using Serilog.Sinks.Syslog;
using System;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace Bit.Core.Utilities
{
@ -70,6 +73,52 @@ namespace Bit.Core.Utilities
.Enrich.FromLogContext()
.Enrich.WithProperty("Project", globalSettings.ProjectName);
}
else if (CoreHelpers.SettingHasValue(globalSettings?.Syslog.Destination))
{
// appending sitename to project name to allow eaiser identification in syslog.
var appName = $"{globalSettings.SiteName}-{globalSettings.ProjectName}";
if (globalSettings.Syslog.Destination.Equals("local", StringComparison.OrdinalIgnoreCase))
{
config.WriteTo.LocalSyslog(appName);
}
else if (Uri.TryCreate(globalSettings.Syslog.Destination,UriKind.Absolute, out var syslogAddress))
{
// Syslog's standard port is 514 (both UDP and TCP). TLS does not have a standard port, so assume 514.
int port = syslogAddress.Port >= 0
? syslogAddress.Port
: 514;
if (syslogAddress.Scheme.Equals("udp"))
{
config.WriteTo.UdpSyslog(syslogAddress.Host, port, appName);
}
else if (syslogAddress.Scheme.Equals("tcp"))
{
config.WriteTo.TcpSyslog(syslogAddress.Host, port, appName);
}
else if (syslogAddress.Scheme.Equals("tls"))
{
// TLS v1.1, v1.2 and v1.3 are explicitly selected (leaving out TLS v1.0)
const SslProtocols protocols = SslProtocols.Tls11 | SslProtocols.Tls12 | SslProtocols.Tls13;
if (CoreHelpers.SettingHasValue(globalSettings.Syslog.CertificateThumbprint))
{
config.WriteTo.TcpSyslog(syslogAddress.Host, port, appName,
secureProtocols: protocols,
certProvider: new CertificateStoreProvider(StoreName.My, StoreLocation.CurrentUser,
globalSettings.Syslog.CertificateThumbprint));
}
else
{
config.WriteTo.TcpSyslog(syslogAddress.Host, port, appName,
secureProtocols: protocols,
certProvider: new CertificateFileProvider(globalSettings.Syslog.CertificatePath,
globalSettings.Syslog?.CertificatePassword ?? string.Empty));
}
}
}
}
else if (CoreHelpers.SettingHasValue(globalSettings.LogDirectory))
{
if (globalSettings.LogRollBySizeLimit.HasValue)