grab launcher windows events in flare (#1588)

kolide · Feb 9, 2024 · d5f4fb4 · d5f4fb4
1 parent d647dfb
commit d5f4fb4
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 6 deletions.
diff --git a/ee/debug/checkups/checkups.go b/ee/debug/checkups/checkups.go
@@ -99,6 +99,7 @@ func checkupsFor(k types.Knapsack, target targetBits) []checkupInt {
 		{&RootDirectory{k: k}, doctorSupported | flareSupported},
 		{&Connectivity{k: k}, doctorSupported | flareSupported | logSupported},
 		{&Logs{k: k}, doctorSupported | flareSupported},
+		{&InitLogs{}, flareSupported},
 		{&BinaryDirectory{}, doctorSupported | flareSupported},
 		{&launchdCheckup{}, doctorSupported | flareSupported},
 		{&runtimeCheckup{}, flareSupported},

diff --git a/ee/debug/checkups/init_logs.go b/ee/debug/checkups/init_logs.go
@@ -0,0 +1,46 @@
+package checkups
+
+import (
+	"archive/zip"
+	"context"
+	"io"
+)
+
+type InitLogs struct {
+	status  Status
+	summary string
+}
+
+func (c *InitLogs) Name() string {
+	return "Init Logs"
+}
+
+func (c *InitLogs) Run(ctx context.Context, fullFH io.Writer) error {
+	c.status = Passing
+
+	// if were discarding, just return
+	if fullFH == io.Discard {
+		return nil
+	}
+
+	logZip := zip.NewWriter(fullFH)
+	defer logZip.Close()
+
+	return writeInitLogs(ctx, logZip)
+}
+
+func (c *InitLogs) Status() Status {
+	return c.status
+}
+
+func (c *InitLogs) Summary() string {
+	return c.summary
+}
+
+func (c *InitLogs) ExtraFileName() string {
+	return "init_logs.zip"
+}
+
+func (c *InitLogs) Data() any {
+	return nil
+}
diff --git a/ee/debug/checkups/init_logs_darwin.go b/ee/debug/checkups/init_logs_darwin.go
@@ -0,0 +1,37 @@
+package checkups
+
+import (
+	"archive/zip"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+)
+
+func writeInitLogs(_ context.Context, logZip *zip.Writer) error {
+	stdMatches, err := filepath.Glob("/var/log/kolide-k2/*")
+	if err != nil {
+		return fmt.Errorf("globbing /var/log/kolide-k2/*: %w", err)
+	}
+
+	var lastErr error
+	for _, f := range stdMatches {
+		out, err := logZip.Create(filepath.Base(f))
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		in, err := os.Open(f)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+		defer in.Close()
+
+		io.Copy(out, in)
+	}
+
+	return lastErr
+}
diff --git a/ee/debug/checkups/init_logs_linux.go b/ee/debug/checkups/init_logs_linux.go
@@ -0,0 +1,10 @@
+package checkups
+
+import (
+	"archive/zip"
+	"context"
+)
+
+func writeInitLogs(_ context.Context, _ *zip.Writer) error {
+	return nil
+}
diff --git a/ee/debug/checkups/init_logs_windows.go b/ee/debug/checkups/init_logs_windows.go
@@ -0,0 +1,27 @@
+package checkups
+
+import (
+	"archive/zip"
+	"context"
+	"fmt"
+
+	"github.com/kolide/launcher/ee/allowedcmd"
+)
+
+func writeInitLogs(ctx context.Context, logZip *zip.Writer) error {
+	cmdStr := `Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='launcher'} | ConvertTo-Json`
+	cmd, err := allowedcmd.Powershell(ctx, cmdStr)
+	if err != nil {
+		return fmt.Errorf("creating powershell command: %w", err)
+	}
+
+	outFile, err := logZip.Create("windows_launcher_events.json")
+	if err != nil {
+		return fmt.Errorf("creating windows_launcher_events.json: %w", err)
+	}
+
+	cmd.Stderr = outFile
+	cmd.Stdout = outFile
+
+	return cmd.Run()
+}
diff --git a/ee/debug/checkups/logs.go b/ee/debug/checkups/logs.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"runtime"
 
 	"github.com/kolide/launcher/ee/agent/types"
 )
@@ -48,11 +47,6 @@ func (c *Logs) Run(_ context.Context, fullFH io.Writer) error {
 
 	matches, _ := filepath.Glob(filepath.Join(c.k.RootDirectory(), "debug*"))
 
-	if runtime.GOOS == "darwin" {
-		stdMatches, _ := filepath.Glob("/var/log/kolide-k2/*")
-		matches = append(matches, stdMatches...)
-	}
-
 	for _, f := range matches {
 		out, err := logZip.Create(filepath.Base(f))
 		if err != nil {