From 324b0042f8b7e462e71d0b3bbdd15e6a57d21f6d Mon Sep 17 00:00:00 2001 From: Jacquin Antoine Date: Mon, 2 Mar 2026 22:07:50 +0100 Subject: [PATCH] fix(rpm): example config in /etc/logcorrelator + socket permissions 0666 - Install logcorrelator.yml.example to /etc/logcorrelator/ instead of /usr/share/logcorrelator/ - Change default socket permissions from 0660 to 0666 (world read/write) - Bump version to 1.1.2 - Remove CHANGELOG.md Co-authored-by: Qwen-Coder --- CHANGELOG.md | 176 ------------------ Dockerfile.package | 18 +- Makefile | 2 +- config.example.yml | 4 +- .../adapters/inbound/unixsocket/source.go | 2 +- internal/config/config.go | 6 +- internal/config/config_test.go | 4 +- packaging/rpm/logcorrelator.spec | 6 +- 8 files changed, 23 insertions(+), 195 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index c5b2923..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,176 +0,0 @@ -# Changelog - -All notable changes to logcorrelator are documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## [1.1.0] - 2026-03-02 - -### Added - -- **Keep-Alive support**: One-to-many correlation mode allows a single network event (B) to correlate with multiple HTTP events (A) -- **Dynamic TTL**: Network events (source B) now have configurable TTL that resets on each successful correlation -- **Separate buffer sizes**: Configurable `max_http_items` and `max_network_items` for independent buffer control -- **SIGHUP handling**: Service now handles SIGHUP signal for log rotation without restart -- **logrotate configuration**: RPM includes `/etc/logrotate.d/logcorrelator` for automatic log rotation -- **ExecReload**: Systemd service now supports `systemctl reload logcorrelator` - -### Changed - -- **Configuration structure**: New YAML structure with nested sections: - - `time_window` (object with `value` and `unit`) - - `orphan_policy` (object with `apache_always_emit` and `network_emit`) - - `matching.mode` (string: `one_to_one` or `one_to_many`) - - `buffers` (object with `max_http_items` and `max_network_items`) - - `ttl` (object with `network_ttl_s`) -- Backward compatibility maintained for old config fields (`time_window_s`, `emit_orphans`) - -### Technical Details - -- `CorrelationService` now supports `MatchingMode` configuration -- Network events tracked with individual TTL expiration times -- `FileSink.Reopen()` method for log file rotation -- All sinks implement `Reopen()` interface method - ---- - -## [1.0.7] - 2026-03-01 - -### Added - -- Log levels: DEBUG, INFO, WARN, ERROR configurable via `log.level` -- `Warn` and `Warnf` methods for warning messages -- Debug logs for events received from sockets and correlations -- Warning logs for orphan events and buffer overflow - -### Changed - -- Configuration: `debug.enabled` replaced by `log.level` (DEBUG/INFO/WARN/ERROR) -- Orphan events and buffer overflow now logged as WARN instead of DEBUG -- Parse errors logged as WARN - ---- - -## [1.0.6] - 2026-03-01 - -### Changed - -- Configuration YAML simplified: removed `service.name`, `service.language`, `enabled` flags -- Correlation config simplified: `time_window_s` (integer) instead of nested `time_window` object -- Orphan policy simplified: `emit_orphans` boolean instead of `orphan_policy` object -- Apache socket renamed to `http.socket` - -### Added - -- `socket_permissions` option on unix sockets to configure file permissions (default: `0660`) - ---- - -## [1.0.4] - 2026-03-01 - -### Added - -- Systemd service auto-start after RPM installation -- Systemd service hardening (TimeoutStartSec, TimeoutStopSec, ReadWritePaths) - -### Fixed - -- Systemd service unit: correct config path (.yml instead of .conf) -- CI workflow: branch name main → master -- Go module dependencies cleanup (go mod tidy) - -### Changed - -- RPM packaging: generic el8/el9/el10 directory naming (instead of rocky/almalinux) -- Code cleanup: removed unused CorrelationKeyFull() alias -- Code cleanup: removed duplicate TimeProvider interface from ports package - ---- - -## [1.0.3] - 2026-02-28 - -### Changed - -- **Breaking**: Flattened JSON output structure - removed `apache` and `network` subdivisions -- All log fields are now merged into a single-level JSON structure for easier parsing -- ClickHouse schema updated: replaced `apache JSON` and `network JSON` columns with single `fields JSON` column - -### Technical Details - -- Custom `MarshalJSON()` implementation flattens all fields at the root level -- Backward compatibility: existing ClickHouse tables need schema migration to use `fields JSON` column - ---- - -## [1.0.2] - 2026-02-28 - -### Fixed - -- **Critical**: Added missing ClickHouse driver dependency (`github.com/ClickHouse/clickhouse-go/v2`) -- **Critical**: Fixed race condition in orchestrator - reduced from two goroutines to one per source -- **Security**: Added explicit `source_type` configuration for Unix socket sources to prevent source detection spoofing - -### Changed - -- Unix socket sources now support explicit `source_type` field in configuration: - - `"A"` or `"apache"` or `"http"` for Apache/HTTP logs - - `"B"` or `"network"` or `"net"` for network logs - - Empty string `""` for automatic detection (backward compatible) -- Updated example configuration (`config.example.yml`) with `source_type` documentation - -### Added - -- Comprehensive test suite improvements: - - Added tests for source type detection (explicit + auto-detect fallback) - - Added tests for config validation (duplicate names/paths, empty fields, ClickHouse settings) - - Added tests for helper functions (`getString`, `getInt`, `getInt64`) - - Added tests for port validation in JSON parsing - - Added tests for MultiSink Flush/Close operations - - Added tests for FileSink path validation and file operations - - Added tests for CorrelationService buffer management and flush behavior -- Test coverage improved from 50.6% to 62.0% -- All tests now pass with race detector enabled - -### Technical Debt - -- Fixed unused variable in `TestCorrelationService_FlushWithEvents` -- Added proper error handling for buffer overflow scenarios -- Improved code documentation in configuration examples - ---- - -## [1.0.1] - 2026-02-28 - -### Added - -- Initial RPM packaging support for Rocky Linux 8/9 and AlmaLinux 10 -- Docker multi-stage build pipeline -- Hexagonal architecture implementation -- Unix socket input sources (JSON line protocol) -- File output sink (JSON lines) -- ClickHouse output sink with batching and retry logic -- MultiSink for fan-out to multiple destinations -- Time-window based correlation on `src_ip + src_port` -- Graceful shutdown with signal handling (SIGINT, SIGTERM) -- Configuration validation with sensible defaults -- Basic observability (structured logging to stderr) - -### Configuration - -- YAML-based configuration file -- Support for multiple Unix socket inputs -- Configurable time window for correlation -- Orphan event policy (Apache always emit, Network drop) -- ClickHouse batch size, flush interval, and buffer configuration - ---- - -## [1.0.0] - 2026-02-27 - -### Added - -- Initial release -- Core correlation engine -- Basic HTTP and network log parsing -- File-based output diff --git a/Dockerfile.package b/Dockerfile.package index 05cc9fd..81b0585 100644 --- a/Dockerfile.package +++ b/Dockerfile.package @@ -46,7 +46,7 @@ RUN dnf install -y epel-release && \ # Copy binary from builder COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml -COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md COPY packaging/rpm/post /tmp/scripts/post @@ -61,7 +61,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \ mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \ chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \ chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \ - chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \ + chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \ chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \ chmod 755 /tmp/scripts/* && \ chmod 755 /tmp/pkgroot/var/log/logcorrelator && \ @@ -88,7 +88,7 @@ RUN mkdir -p /packages/rpm/el8 && \ -p /packages/rpm/el8/logcorrelator-${VERSION}-1.el8.x86_64.rpm \ usr/bin/logcorrelator \ etc/logcorrelator/logcorrelator.yml \ - usr/share/logcorrelator/logcorrelator.yml.example \ + etc/logcorrelator/logcorrelator.yml.example \ usr/share/doc/logcorrelator/CHANGELOG.md \ var/log/logcorrelator \ var/run/logcorrelator \ @@ -111,7 +111,7 @@ RUN dnf install -y epel-release && \ # Copy binary from builder COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml -COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md COPY packaging/rpm/post /tmp/scripts/post @@ -126,7 +126,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \ mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \ chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \ chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \ - chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \ + chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \ chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \ chmod 755 /tmp/scripts/* && \ chmod 755 /tmp/pkgroot/var/log/logcorrelator && \ @@ -153,7 +153,7 @@ RUN mkdir -p /packages/rpm/el9 && \ -p /packages/rpm/el9/logcorrelator-${VERSION}-1.el9.x86_64.rpm \ usr/bin/logcorrelator \ etc/logcorrelator/logcorrelator.yml \ - usr/share/logcorrelator/logcorrelator.yml.example \ + etc/logcorrelator/logcorrelator.yml.example \ usr/share/doc/logcorrelator/CHANGELOG.md \ var/log/logcorrelator \ var/run/logcorrelator \ @@ -176,7 +176,7 @@ RUN dnf install -y epel-release && \ # Copy binary from builder COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml -COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md COPY packaging/rpm/post /tmp/scripts/post @@ -191,7 +191,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \ mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \ chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \ chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \ - chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \ + chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \ chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \ chmod 755 /tmp/scripts/* && \ chmod 755 /tmp/pkgroot/var/log/logcorrelator && \ @@ -218,7 +218,7 @@ RUN mkdir -p /packages/rpm/el10 && \ -p /packages/rpm/el10/logcorrelator-${VERSION}-1.el10.x86_64.rpm \ usr/bin/logcorrelator \ etc/logcorrelator/logcorrelator.yml \ - usr/share/logcorrelator/logcorrelator.yml.example \ + etc/logcorrelator/logcorrelator.yml.example \ usr/share/doc/logcorrelator/CHANGELOG.md \ var/log/logcorrelator \ var/run/logcorrelator \ diff --git a/Makefile b/Makefile index b8e77a3..557d47a 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ BINARY_NAME=logcorrelator DIST_DIR=dist # Package version -PKG_VERSION ?= 1.1.1 +PKG_VERSION ?= 1.1.2 ## build: Build the logcorrelator binary locally build: diff --git a/config.example.yml b/config.example.yml index 93f80cb..f56999c 100644 --- a/config.example.yml +++ b/config.example.yml @@ -11,12 +11,12 @@ inputs: source_type: A path: /var/run/logcorrelator/http.socket format: json - socket_permissions: "0660" # owner + group read/write + socket_permissions: "0666" # world read/write - name: network source_type: B path: /var/run/logcorrelator/network.socket format: json - socket_permissions: "0660" + socket_permissions: "0666" outputs: file: diff --git a/internal/adapters/inbound/unixsocket/source.go b/internal/adapters/inbound/unixsocket/source.go index 90aae41..7b134a8 100644 --- a/internal/adapters/inbound/unixsocket/source.go +++ b/internal/adapters/inbound/unixsocket/source.go @@ -93,7 +93,7 @@ func (s *UnixSocketSource) Start(ctx context.Context, eventChan chan<- *domain.N // Set permissions - fail if we can't permissions := s.config.SocketPermissions if permissions == 0 { - permissions = 0660 // default + permissions = 0666 // default } if err := os.Chmod(s.config.Path, permissions); err != nil { _ = listener.Close() diff --git a/internal/config/config.go b/internal/config/config.go index 28a2b3b..30fa924 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -316,17 +316,17 @@ func (c *CorrelationConfig) GetNetworkTTLS() int { } // GetSocketPermissions returns the socket permissions as os.FileMode. -// Default is 0660 (owner + group read/write). +// Default is 0666 (world read/write). func (c *UnixSocketConfig) GetSocketPermissions() os.FileMode { trimmed := strings.TrimSpace(c.SocketPermissions) if trimmed == "" { - return 0660 + return 0666 } // Parse octal string (e.g., "0660", "660", "0666") perms, err := strconv.ParseUint(trimmed, 8, 32) if err != nil { - return 0660 + return 0666 } return os.FileMode(perms) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index ffaab1e..5220548 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -433,7 +433,7 @@ func TestGetSocketPermissions(t *testing.T) { config: UnixSocketConfig{ SocketPermissions: "", }, - expected: 0660, + expected: 0666, }, { name: "explicit 0660", @@ -461,7 +461,7 @@ func TestGetSocketPermissions(t *testing.T) { config: UnixSocketConfig{ SocketPermissions: "invalid", }, - expected: 0660, + expected: 0666, }, } diff --git a/packaging/rpm/logcorrelator.spec b/packaging/rpm/logcorrelator.spec index f9ae0ec..a0e7ac8 100644 --- a/packaging/rpm/logcorrelator.spec +++ b/packaging/rpm/logcorrelator.spec @@ -2,7 +2,7 @@ # Compatible with CentOS 7, Rocky Linux 8, 9, 10 # Define version before Version: field for RPM macro support -%global spec_version 1.1.1 +%global spec_version 1.1.2 Name: logcorrelator Version: %{spec_version} @@ -120,6 +120,10 @@ fi /etc/logrotate.d/logcorrelator %changelog +* Mon Mar 02 2026 logcorrelator - 1.1.2-1 +- Fix: Example config file installed to /etc/logcorrelator/logcorrelator.yml.example +- Change: Default socket permissions from 0660 to 0666 (world read/write) + * Mon Mar 02 2026 logcorrelator - 1.1.1-1 - Fix: Move logcorrelator.yml.example from /usr/share/logcorrelator/ to /etc/logcorrelator/