Examples with AuditEvent org.graylog2.audit.jersey.AuditEvent used on opensource projects

Example 16 with AuditEvent

use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.

the class PipelineResource method createFromParser.

@ApiOperation(value = "Create a processing pipeline from source")
@POST
@RequiresPermissions(PipelineRestPermissions.PIPELINE_CREATE)
@AuditEvent(type = PipelineProcessorAuditEventTypes.PIPELINE_CREATE)
public PipelineSource createFromParser(@ApiParam(name = "pipeline", required = true) @NotNull PipelineSource pipelineSource) throws ParseException {
    final Pipeline pipeline;
    try {
        pipeline = pipelineRuleParser.parsePipeline(pipelineSource.id(), pipelineSource.source());
    } catch (ParseException e) {
        throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(e.getErrors()).build());
    }
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final PipelineDao pipelineDao = PipelineDao.builder().title(pipeline.name()).description(pipelineSource.description()).source(pipelineSource.source()).createdAt(now).modifiedAt(now).build();
    final PipelineDao save = pipelineService.save(pipelineDao);
    log.debug("Created new pipeline {}", save);
    return PipelineSource.fromDao(pipelineRuleParser, save);
}

Example 17 with AuditEvent

use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.

the class RuleResource method update.

@ApiOperation(value = "Modify a processing rule", notes = "It can take up to a second until the change is applied")
@Path("/{id}")
@PUT
@AuditEvent(type = PipelineProcessorAuditEventTypes.RULE_UPDATE)
public RuleSource update(@ApiParam(name = "id") @PathParam("id") String id, @ApiParam(name = "rule", required = true) @NotNull RuleSource update) throws NotFoundException {
    checkPermission(PipelineRestPermissions.PIPELINE_RULE_EDIT, id);
    final RuleDao ruleDao = ruleService.load(id);
    final Rule rule;
    try {
        rule = pipelineRuleParser.parseRule(id, update.source(), false);
    } catch (ParseException e) {
        throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(e.getErrors()).build());
    }
    final RuleDao toSave = ruleDao.toBuilder().title(rule.name()).description(update.description()).source(update.source()).modifiedAt(DateTime.now(DateTimeZone.UTC)).build();
    final RuleDao savedRule = ruleService.save(toSave);
    return RuleSource.fromDao(pipelineRuleParser, savedRule);
}

Example 18 with AuditEvent

use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.

the class RuleResource method createFromParser.

@ApiOperation(value = "Create a processing rule from source", notes = "")
@POST
@RequiresPermissions(PipelineRestPermissions.PIPELINE_RULE_CREATE)
@AuditEvent(type = PipelineProcessorAuditEventTypes.RULE_CREATE)
public RuleSource createFromParser(@ApiParam(name = "rule", required = true) @NotNull RuleSource ruleSource) throws ParseException {
    final Rule rule;
    try {
        rule = pipelineRuleParser.parseRule(ruleSource.id(), ruleSource.source(), false);
    } catch (ParseException e) {
        throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(e.getErrors()).build());
    }
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final RuleDao newRuleSource = RuleDao.builder().title(// use the name from the parsed rule source.
    rule.name()).description(ruleSource.description()).source(ruleSource.source()).createdAt(now).modifiedAt(now).build();
    final RuleDao save = ruleService.save(newRuleSource);
    log.debug("Created new rule {}", save);
    return RuleSource.fromDao(pipelineRuleParser, save);
}

Example 19 with AuditEvent

use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.

the class AuthServiceBackendsResource method delete.

@DELETE
@Path("{backendId}")
@ApiOperation("Delete authentication service backend")
@AuditEvent(type = SecurityAuditEventTypes.AUTH_SERVICE_BACKEND_DELETE)
public void delete(@ApiParam(name = "backendId", required = true) @PathParam("backendId") @NotBlank String backendId) {
    checkPermission(RestPermissions.AUTH_SERVICE_BACKEND_DELETE, backendId);
    final AuthServiceBackendDTO config = loadConfig(backendId);
    if (usageCheck.isAuthServiceInUse(backendId)) {
        throw new BadRequestException("Authentication service backend <" + backendId + "> is still in use");
    }
    dbService.delete(config.id());
}

Example 20 with AuditEvent

use of org.graylog2.audit.jersey.AuditEvent in project graylog2-server by Graylog2.

the class ExtractorsResource method order.

@POST
@Timed
@Consumes(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Update extractor order of an input")
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such input on this node.") })
@Path("order")
@AuditEvent(type = AuditEventTypes.EXTRACTOR_ORDER_UPDATE)
public void order(@ApiParam(name = "inputId", value = "Persist ID (!) of input.", required = true) @PathParam("inputId") String inputPersistId, @ApiParam(name = "JSON body", required = true) OrderExtractorsRequest oer) throws NotFoundException {
    checkPermission(RestPermissions.INPUTS_EDIT, inputPersistId);
    final Input mongoInput = inputService.find(inputPersistId);
    for (Extractor extractor : inputService.getExtractors(mongoInput)) {
        if (oer.order().containsValue(extractor.getId())) {
            extractor.setOrder(Tools.getKeyByValue(oer.order(), extractor.getId()));
        }
        // Docs embedded in MongoDB array cannot be updated atomically... :/
        inputService.removeExtractor(mongoInput, extractor.getId());
        try {
            inputService.addExtractor(mongoInput, extractor);
        } catch (ValidationException e) {
            LOG.warn("Validation error for extractor update.", e);
        }
    }
    LOG.info("Updated extractor ordering of input <persist:{}>.", inputPersistId);
}