Just playing around. I have no idea what I’m doing, but feel free (or compelled) to correct me. Pointing and laughing is also welcome. This is not a [serious] thread because I’m not a real developer.
Anyway, just messing around and might as well ask dumb questions until the real developers arrive (sorry if answering me is often painful)… Anyway, lets say I clone the Unchained repo and setup a little test lab dev environment… And then imagine I’m pretending to understand the unchained source code… larping as a leet programmer, but actually i’m lost and confused… But I temporarily delude myself into thinking I can get my SIEM solution to send logs to unchained
I end up here:
```/Users/richard/Downloads/unchained-develop/cmd/handler
bash-3.2$ ls -la
total 24
drwxr-xr-x@ 5 richard staff 160 14 Apr 12:33 .
drwxr-xr-x@ 4 richard staff 128 14 Apr 12:33 ..
-rw-r--r--@ 1 richard staff 880 14 Apr 12:33 broker.go
-rw-r--r--@ 1 richard staff 1214 14 Apr 12:33 consumer.go
-rw-r--r--@ 1 richard staff 1011 14 Apr 12:33 worker.go```
Because I’m messing around and using heavy assistance from AI to make me a leet Go programmer, rather than the mediocre bash wizard I am… I decide I’ll create a new file in this dir called api.go…
And it contains something like this to import a bunch of packages I think I’ll need, and adds a cool new api command, and sorta sets up a HTTP server and some endpoints I’ll need for receiving logs from SIEM… (maybe)
```package handler
import (
"net/http"
"github.com/TimeleapLabs/unchained/internal/app"
"github.com/TimeleapLabs/unchained/internal/config"
"github.com/TimeleapLabs/unchained/internal/utils"
"github.com/spf13/cobra"
)
var api = &cobra.Command{
Use: "api",
Short: "Run the Unchained client in API mode",
Long: `Run the Unchained client in API mode`,
Run: func(_ *cobra.Command, _ []string) {
err := config.Load(config.App.System.ConfigPath, config.App.System.SecretsPath)
if err != nil {
panic(err)
}
utils.SetupLogger(config.App.System.Log)
http.HandleFunc("/api/v1/logs", app.StoreLog)
http.HandleFunc("/api/v1/logs/retrieve", app.RetrieveLog)
http.ListenAndServe(":8080", nil)
},
}
func WithAPICmd(cmd *cobra.Command) {
cmd.AddCommand(api)
}
Then in the main.go I add a couple lines to import my api.go and make the api command (maybe, sorta) work:
import (
"github.com/TimeleapLabs/unchained/cmd/handler"
func main() {
handler.WithAPICmd(root)
Then somehow I end up in /internal/app and think maybe it could be like another type of node… Whatever, just want to try get it to work and can figure it out later if this is a bad idea and if it is why its a bad idea to do it this way…
bash-3.2$ pwd
/Users/richard/Downloads/unchained-develop/internal/app
bash-3.2$ ls
broker.go consumer.go worker.go
bash-3.2$ touch app.go
bash-3.2$ ls
app.go broker.go consumer.go worker.go
bash-3.2$ vi app.go
bash-3.2$ vi app.go
bash-3.2$ cat app.go
package app
import (
"encoding/json"
"net/http"
"github.com/TimeleapLabs/unchained/internal/storage"
)
func StoreLog(w http.ResponseWriter, r *http.Request) { //placeholder function btw
var logEntry storage.LogEntry
err := json.NewDecoder(r.Body).Decode(&logEntry)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
w.WriteHeader(http.StatusOK)
}
func RetrieveLog(w http.ResponseWriter, r *http.Request) {
}
It imports some stuff so that it can handle HTTP requests and a couple other things I think it might need… When it does work (it does not work), I should be able to modify Wazuh config to send logs to my broken unchained API endpoint, in theory, maybe… I dunno.
Anyway, let’s just say it didn’t work and actually nothing is working now. Any tips for attempt 2?
Edit: Maaaay have messed up formatting of the code blocks… Dunno how… test