agent: add hostname to event

Adds the hostname of the machine the event was read from to the "evebox" object of the event.
jasonish · Aug 7, 2023 · c603d27 · c603d27
1 parent 1721f1c
commit c603d27
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log
 
+## unreleased
+
+- [agent] Add hostname of machine the alert was read from. This
+  includes the server when instructed to input events. The hostname of
+  the machine generating the alert is added to "evebox" field.
+
 ## 0.17.2 - 2023-05-27
 
 - [elastic] Fixing negation queries using '-':

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -66,6 +66,7 @@ libc = { version = "0.2.140", default_features = false }
 
 rcgen = { git = "https://github.com/jasonish/rcgen", branch = "0.11.0-disable-botan" }
 directories = "5.0.1"
+gethostname = "0.4.3"
 
 [patch.crates-io]
 # Patch Rusqlite for now. 0.28.0 uses SQLite 3.39, but 3.40 is much

diff --git a/src/eve/filters.rs b/src/eve/filters.rs
@@ -67,6 +67,11 @@ impl EveBoxMetadataFilter {
             }
         }
 
+        // Add the hostname.
+        if let Ok(hostname) = gethostname::gethostname().into_string() {
+            event["evebox"]["hostname"] = hostname.into();
+        }
+
         // Add a tags object.
         if event.get("tags").is_none() {
             event["tags"] = serde_json::Value::Array(vec![]);