From 741c619513e5d2d06c26e4fda99b6760fec94515 Mon Sep 17 00:00:00 2001
From: banditopazzo <banditopazzo@gmail.com>
Date: Thu, 19 Sep 2024 17:45:49 +0200
Subject: [PATCH 1/2] fix: threat logger rename

---
 Cargo.lock                                    | 26 ++++++++---------
 Cargo.toml                                    |  8 +++---
 .../{logger => threat-logger}/Cargo.toml      |  2 +-
 .../{logger => threat-logger}/README.md       |  4 +--
 .../{logger => threat-logger}/src/lib.rs      | 28 +++++++++----------
 src/pulsard/mod.rs                            |  4 +--
 6 files changed, 36 insertions(+), 36 deletions(-)
 rename crates/modules/{logger => threat-logger}/Cargo.toml (93%)
 rename crates/modules/{logger => threat-logger}/README.md (93%)
 rename crates/modules/{logger => threat-logger}/src/lib.rs (89%)

diff --git a/Cargo.lock b/Cargo.lock
index 1fe92872..9cd47233 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1667,18 +1667,6 @@ version = "0.4.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"
 
-[[package]]
-name = "logger"
-version = "0.8.1"
-dependencies = [
- "bpf-common",
- "log",
- "pulsar-core",
- "serde_json",
- "thiserror",
- "tokio",
-]
-
 [[package]]
 name = "lru-cache"
 version = "0.1.2"
@@ -2187,7 +2175,6 @@ dependencies = [
  "file-system-monitor",
  "futures-util",
  "log",
- "logger",
  "network-monitor",
  "nix 0.27.1",
  "process-monitor",
@@ -2197,6 +2184,7 @@ dependencies = [
  "semver",
  "serde",
  "smtp-notifier",
+ "threat-logger",
  "tokio",
 ]
 
@@ -2937,6 +2925,18 @@ dependencies = [
  "num_cpus",
 ]
 
+[[package]]
+name = "threat-logger"
+version = "0.8.1"
+dependencies = [
+ "bpf-common",
+ "log",
+ "pulsar-core",
+ "serde_json",
+ "thiserror",
+ "tokio",
+]
+
 [[package]]
 name = "time"
 version = "0.3.34"
diff --git a/Cargo.toml b/Cargo.toml
index ab6875a7..35981473 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,7 +21,7 @@ pulsar-core = { workspace = true }
 # Modules
 desktop-notifier = { workspace = true, optional = true }
 file-system-monitor = { workspace = true, optional = true }
-logger = { workspace = true, optional = true }
+threat-logger = { workspace = true, optional = true }
 network-monitor = { workspace = true, optional = true }
 process-monitor = { workspace = true, optional = true }
 rules-engine = { workspace = true, optional = true }
@@ -42,7 +42,7 @@ tokio = { workspace = true, features = ["full"] }
 [features]
 default = ["full", "tls-openssl"]
 full = ["core", "extra"]
-core = ["logger", "process-monitor", "network-monitor", "file-system-monitor"]
+core = ["threat-logger", "process-monitor", "network-monitor", "file-system-monitor"]
 extra = ["rules-engine", "desktop-notifier", "smtp-notifier"]
 tls-openssl = ["smtp-notifier/tls-openssl"]
 tls-rustls = ["smtp-notifier/tls-rustls"]
@@ -56,7 +56,7 @@ members = [
     "crates/modules/process-monitor",
     "crates/modules/network-monitor",
     "crates/modules/rules-engine",
-    "crates/modules/logger",
+    "crates/modules/threat-logger",
     "crates/modules/desktop-notifier",
     "crates/modules/smtp-notifier",
     "crates/pulsar-core",
@@ -98,7 +98,7 @@ desktop-notifier = { path = "crates/modules/desktop-notifier" }
 file-system-monitor = { path = "crates/modules/file-system-monitor", features = [
     "test-suite",
 ] }
-logger = { path = "crates/modules/logger" }
+threat-logger = { path = "crates/modules/threat-logger" }
 network-monitor = { path = "crates/modules/network-monitor", features = [
     "test-suite",
 ] }
diff --git a/crates/modules/logger/Cargo.toml b/crates/modules/threat-logger/Cargo.toml
similarity index 93%
rename from crates/modules/logger/Cargo.toml
rename to crates/modules/threat-logger/Cargo.toml
index b270b4f8..5069c623 100644
--- a/crates/modules/logger/Cargo.toml
+++ b/crates/modules/threat-logger/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "logger"
+name = "threat-logger"
 version.workspace = true
 license.workspace = true
 edition.workspace = true
diff --git a/crates/modules/logger/README.md b/crates/modules/threat-logger/README.md
similarity index 93%
rename from crates/modules/logger/README.md
rename to crates/modules/threat-logger/README.md
index 98585931..57138b0c 100644
--- a/crates/modules/logger/README.md
+++ b/crates/modules/threat-logger/README.md
@@ -1,4 +1,4 @@
-# Logger
+# Threat logger
 
 This module will log Pulsar threat events to stdout.
 
@@ -13,7 +13,7 @@ This module will log Pulsar threat events to stdout.
 Default configuration:
 
 ```ini
-[logger]
+[threat-logger]
 enabled=true
 console=true
 syslog=true
diff --git a/crates/modules/logger/src/lib.rs b/crates/modules/threat-logger/src/lib.rs
similarity index 89%
rename from crates/modules/logger/src/lib.rs
rename to crates/modules/threat-logger/src/lib.rs
index 8a836005..cacbd580 100644
--- a/crates/modules/logger/src/lib.rs
+++ b/crates/modules/threat-logger/src/lib.rs
@@ -19,11 +19,11 @@ use thiserror::Error;
 const UNIX_SOCK_PATHS: [&str; 3] = ["/dev/log", "/var/run/syslog", "/var/run/log"];
 const PRIORITY: u8 = 25; // facility * 8 + severity. facility: daemon (3); severity: alert (1)
 
-pub struct LoggerModule;
+pub struct ThreatLoggerModule;
 
-impl SimplePulsarModule for LoggerModule {
+impl SimplePulsarModule for ThreatLoggerModule {
     type Config = Config;
-    type State = LoggerState;
+    type State = ThreatLoggerState;
 
     const MODULE_NAME: &'static str = "threat-logger";
     const DEFAULT_ENABLED: bool = true;
@@ -33,7 +33,7 @@ impl SimplePulsarModule for LoggerModule {
         config: &Self::Config,
         ctx: &ModuleContext,
     ) -> Result<Self::State, ModuleError> {
-        let logger = match Logger::from_config(config) {
+        let logger = match ThreatLogger::from_config(config) {
             Ok(logr) => logr,
             Err(logr) => {
                 ctx.raise_warning("Failed to connect to syslog".into())
@@ -42,7 +42,7 @@ impl SimplePulsarModule for LoggerModule {
             }
         };
 
-        Ok(LoggerState { logger })
+        Ok(ThreatLoggerState { logger })
     }
 
     async fn on_config_change(
@@ -50,7 +50,7 @@ impl SimplePulsarModule for LoggerModule {
         state: &mut Self::State,
         ctx: &ModuleContext,
     ) -> Result<(), ModuleError> {
-        state.logger = match Logger::from_config(new_config) {
+        state.logger = match ThreatLogger::from_config(new_config) {
             Ok(logr) => logr,
             Err(logr) => {
                 ctx.raise_warning("Failed to connect to syslog".into())
@@ -76,8 +76,8 @@ impl SimplePulsarModule for LoggerModule {
     }
 }
 
-pub struct LoggerState {
-    logger: Logger,
+pub struct ThreatLoggerState {
+    logger: ThreatLogger,
 }
 
 #[derive(Clone, Debug)]
@@ -123,21 +123,21 @@ impl TryFrom<&ModuleConfig> for Config {
 }
 
 #[derive(Debug)]
-struct Logger {
+struct ThreatLogger {
     console: bool,
     syslog: Option<UnixDatagram>,
     output_format: OutputFormat,
 }
 
 #[derive(Debug, Error)]
-enum LoggerError {
+enum ThreatLoggerError {
     #[error("error serializing event: {0}")]
     Json(String),
     #[error("io error")]
     IO(#[from] io::Error),
 }
 
-impl Logger {
+impl ThreatLogger {
     fn from_config(config: &Config) -> Result<Self, Self> {
         let Config {
             console,
@@ -181,14 +181,14 @@ impl Logger {
         }
     }
 
-    fn process(&mut self, event: &Event) -> Result<(), LoggerError> {
+    fn process(&mut self, event: &Event) -> Result<(), ThreatLoggerError> {
         if event.header().threat.is_some() {
             let json_event = OnceCell::new();
-            let json_event = || -> Result<&String, LoggerError> {
+            let json_event = || -> Result<&String, ThreatLoggerError> {
                 json_event
                     .get_or_init(|| serde_json::to_string(event))
                     .as_ref()
-                    .map_err(|err| LoggerError::Json(err.to_string()))
+                    .map_err(|err| ThreatLoggerError::Json(err.to_string()))
             };
 
             if self.console {
diff --git a/src/pulsard/mod.rs b/src/pulsard/mod.rs
index 9f8bd247..a4460fbb 100644
--- a/src/pulsard/mod.rs
+++ b/src/pulsard/mod.rs
@@ -47,8 +47,8 @@ pub async fn pulsar_daemon_run(
     starter.add_module(file_system_monitor::pulsar::FileSystemMonitorModule)?;
     #[cfg(feature = "network-monitor")]
     starter.add_module(network_monitor::pulsar::NetworkMonitorModule)?;
-    #[cfg(feature = "logger")]
-    starter.add_module(logger::LoggerModule)?;
+    #[cfg(feature = "threat-logger")]
+    starter.add_module(threat_logger::ThreatLoggerModule)?;
     #[cfg(feature = "rules-engine")]
     starter.add_module(rules_engine::RuleEngineModule)?;
     #[cfg(feature = "desktop-notifier")]

From 1a52272b5df486c37c0b108d28cce95a371043f7 Mon Sep 17 00:00:00 2001
From: banditopazzo <banditopazzo@gmail.com>
Date: Tue, 24 Sep 2024 12:13:18 +0200
Subject: [PATCH 2/2] chore(threat-logger): fix renaming in docs

---
 crates/modules/README.md               | 2 +-
 crates/modules/threat-logger/README.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/modules/README.md b/crates/modules/README.md
index a1d8d981..cf2014be 100644
--- a/crates/modules/README.md
+++ b/crates/modules/README.md
@@ -5,4 +5,4 @@
 | `process-monitor` | Producer | Watch processes (fork/exec/exit)
 | `file-system-monitor` | Producer | Watch file system events
 | `network-monitor` | Producer | Watch network events
-| `logger` | Consumer | Log events to stdout. Used for development and toubleshooting
+| `threat-logger` | Consumer | Log events to stdout. Used for development and toubleshooting
diff --git a/crates/modules/threat-logger/README.md b/crates/modules/threat-logger/README.md
index 57138b0c..f123add0 100644
--- a/crates/modules/threat-logger/README.md
+++ b/crates/modules/threat-logger/README.md
@@ -23,5 +23,5 @@ output_format=plaintext
 You disable this module with:
 
 ```sh
-pulsar config --set logger.enabled=false
+pulsar config --set threat-logger.enabled=false
 ```