diff --git a/api/graylog.go b/api/graylog.go index a9826c8..0f7f014 100644 --- a/api/graylog.go +++ b/api/graylog.go @@ -168,7 +168,7 @@ func UpdateRegistration(httpClient *http.Client, checksum string, ctx *context.C if ctx.UserConfig.SendStatus { metrics := &graylog.MetricsRequest{ - Disks75: common.GetFileSystemList75(), + Disks75: common.GetFileSystemList75(ctx.UserConfig.WindowsDriveRange), CpuIdle: common.GetCpuIdle(), Load1: common.GetLoad1(), } diff --git a/cfgfile/schema.go b/cfgfile/schema.go index ad59cc4..ef70b62 100644 --- a/cfgfile/schema.go +++ b/cfgfile/schema.go @@ -37,6 +37,7 @@ type SidecarConfig struct { CollectorBinariesWhitelist []string `config:"collector_binaries_whitelist"` CollectorBinariesAccesslist []string `config:"collector_binaries_accesslist"` Tags []string `config:"tags"` + WindowsDriveRange string `config:"windows_drive_range"` } // Default Sidecar configuration @@ -70,6 +71,7 @@ collector_binaries_accesslist: - "/usr/bin/nxlog" - "/opt/nxlog/bin/nxlog" tags: [] +windows_drive_range: "" ` // Windows specific options. Gets merged over `CommonDefaults` @@ -87,4 +89,5 @@ collector_binaries_accesslist: - "C:\\Program Files\\Heartbeat\\heartbeat.exe" - "C:\\Program Files\\Auditbeat\\auditbeat.exe" - "C:\\Program Files (x86)\\nxlog\\nxlog.exe" +windows_drive_range: "CDEFGHIJKLMNOPQRSTUVWXYZ" ` diff --git a/common/sigar.go b/common/sigar.go index e5ab23f..ba44a58 100644 --- a/common/sigar.go +++ b/common/sigar.go @@ -100,12 +100,12 @@ func GetCpuIdle() float64 { return cpu.LastCpuTimes.IdlePercent * 100 } -func GetFileSystemList75() []string { +func GetFileSystemList75(windowsDriveRange string) []string { result := []string{} volumes := []sigar.FileSystem{} if runtime.GOOS == "windows" { - volumes = getWindowsDrives() + volumes = getWindowsDrives(windowsDriveRange) } else { fslist := sigar.FileSystemList{} fslist.Get() @@ -138,8 +138,8 @@ func GetLoad1() float64 { return avg.One } -func getWindowsDrives() (drives []sigar.FileSystem) { - for _, drive := range "CDEFGHIJKLMNOPQRSTUVWXYZ" { +func getWindowsDrives(windowsDriveRange string) (drives []sigar.FileSystem) { + for _, drive := range windowsDriveRange { dirName := string(drive) + ":\\" dirHandle, err := os.Open(dirName) defer dirHandle.Close() diff --git a/common/sigar_darwin.go b/common/sigar_darwin.go index 9a572fe..4197db0 100644 --- a/common/sigar_darwin.go +++ b/common/sigar_darwin.go @@ -19,7 +19,7 @@ func GetCpuIdle() float64 { return -1 } -func GetFileSystemList75() []string { +func GetFileSystemList75(string) []string { return []string{} } diff --git a/common/sigar_freebsd.go b/common/sigar_freebsd.go index 9a572fe..4197db0 100644 --- a/common/sigar_freebsd.go +++ b/common/sigar_freebsd.go @@ -19,7 +19,7 @@ func GetCpuIdle() float64 { return -1 } -func GetFileSystemList75() []string { +func GetFileSystemList75(string) []string { return []string{} } diff --git a/context/context.go b/context/context.go index 44926e0..c1bb693 100644 --- a/context/context.go +++ b/context/context.go @@ -20,6 +20,7 @@ import ( "net/url" "os" "path/filepath" + "regexp" "runtime" "time" @@ -166,5 +167,11 @@ func (ctx *Ctx) LoadConfig(path *string) error { ctx.UserConfig.CollectorBinariesAccesslist = ctx.UserConfig.CollectorBinariesWhitelist } + // windows_drive_range + driveRangeValid, _ := regexp.MatchString("^[A-Z]*$", ctx.UserConfig.WindowsDriveRange) + if !driveRangeValid { + log.Fatal("`windows_drive_range` must only contain valid windows drive letters in the range A-Z or left empty.") + } + return nil } diff --git a/sidecar-windows-example.yml b/sidecar-windows-example.yml index 263520f..234c05f 100644 --- a/sidecar-windows-example.yml +++ b/sidecar-windows-example.yml @@ -67,6 +67,11 @@ send_status: # Directory where the sidecar generates configurations for collectors. #collector_configuration_directory: "C:\\Program Files\\Graylog\\sidecar\\generated" +# Range of windows drives which are checked for disk usage. If their usage extends 75% they will be reported +# in the sidecar's status report to the Graylog server. Set to "" to disable disk scanning. +# Default: +# windows_drive_range: "CDEFGHIJKLMNOPQRSTUVWXYZ" + # A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the access list feature. # Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match # Example: