Source code of the program
klog_storage/src/klog_storage_entity.c
#include <klog_storage/server.h>
#include <klog_storage/file_storage.h>
#include <ping/KlogStorageEntity.edl.h>
int main(int argc, char *argv[])
{
/* This function call starts the IPC request processing loop.
* The audit data will be written to the file /etc/klog_storage.log, which can
* hold no more than 100 entries. When the file is completely full, the previous
* entries will be replaced by new entries starting at the beginning of the file. If the last parameter
* of the function has a value other than 1, the KlogStorage program at startup
* opens the existing file and begins to write audit data at the specific position
* that was set in the file after the previous write operation. If the last
* parameter of the function has a value of 1, a new empty file will be created.
* (The constants ping_KlogStorageEntity_klogStorage_iidOffset and
* ping_KlogStorageEntity_klogStorage_storage_iid are defined in the header
* file KlogStorageEntity.edl.h, which contains the automatically generated
* transport code.) */
return klog_storage_file_storage_run(KLOG_STORAGE_SERVER_CONNECTION_ID,
"/etc/klog_storage.log",
ping_KlogStorageEntity_klogStorage_iidOffset,
ping_KlogStorageEntity_klogStorage_storage_iid,
100,
0);
}
Building a program
The difference between the CMake commands for building the KlogStorage program that writes audit data to a file and the CMake commands for building the version of this program that sends audit data to standard error comprises the following modification:
klog_storage/CMakeLists.txt
...
# When creating the executable file of the KlogStorage program, you must
# link it to the klog_storage_file_storage library.
target_link_libraries (KlogStorageEntity ${klog_storage_FILE_STORAGE_LIB})
...
Program process dictionary in the init description template
einit/src/init.yaml.in
...
- name: ping.KlogStorageEntity
connections:
- target: file_vfs.FileVfs
id: {var: _VFS_CONNECTION_ID, include: vfs/defs.h}
...
Security policy description for the program
The difference between a policy description for a KlogStorage program that writes audit data to a file and a policy description for a version of this program that sends audit data to standard error comprises the following addition:
einit/src/security.psl.in
...
use EDL file_vfs.FileVfs
...
use vfs._
...
einit/src/vfs.psl
...
/* Interaction with the VFS program */
request dst=file_vfs.FileVfs {
match src=ping.KlogStorageEntity { grant () }
}
response src=file_vfs.FileVfs {
match dst=ping.KlogStorageEntity { grant () }
}
error src=file_vfs.FileVfs {
match dst=ping.KlogStorageEntity { grant () }
}
...
Forwarding audit data to other programs
To forward file-written audit data via IPC, the KlogStorage program provides the read and readRange interface methods defined in the file sysroot-*-kos/include/kl/KlogStorage.idl from the KasperskyOS SDK.
The executable file of the program that needs to receive the audit data must be linked to the client library of the KlogStorage program:
klog_reader/CMakeLists.txt
# Import KlogStorage libraries from the
# KasperskyOS SDK
find_package (klog_storage REQUIRED)
include_directories (${klog_storage_INCLUDE})
...
# Create the executable file of the program that needs to
# receive audit data from the KlogStorage program.
add_executable (KlogReader "src/klog_reader.c")
target_link_libraries (KlogReader ${klog_storage_CLIENT_LIB})
...
Source code for receiving audit data from the KlogStorage program:
klog_reader/src/klog_reader.c
#include <klog_storage/client.h>
...
int main(int argc, char *argv[])
{
...
struct Klog_storage_ctx *storage =
klog_storage_init(KLOG_STORAGE_SERVER_CONNECTION_ID);
struct kl_KlogStorage_Entry first_entries[10], latest_entries [10];
/* Read the first ten entries */
int f_count = klog_storage_read_range(klog_storage_IKlog_storage(storage),
1,
10,
first_entries);
/* Read the last ten entries */
int l_count = klog_storage_read(klog_storage_IKlog_storage(storage),
10,
latest_entries);
...
}
Page top