sw-collector¶
Synopsis¶
sw-collector [--debug level] [--quiet] [--count event-count] sw-collector [--debug level] [--quiet] [--installed|--removed] --list|--unregistered sw-collector [--debug level] [--quiet] [--installed|--removed] [--full] --generate sw-collector [--debug level] [--quiet] --migrate sw-collector -h | --help
Description¶
sw-collector extracts information about software package installation, update or removal events from the apt history log and stores the software events in an SQLite database. The retrieved history information is then merged and made consistent with the actual list of installed software packages obtained with dpkg-query.
Options¶
-h, --help
Prints usage information and a short summary of the available commands.
-v, --debug level
Set debug level, default: 2.
-q, --quiet
Disable debug output to stderr.
-i, --installed
Apply command to installed software packages, only.
-r, --removed
Apply command to removed software packages, only.
-f, --full
Generate ISO 19770-2:2015 SWID tags with full file information (possible for installed software packages, only).
-l, --list
Lists all software packages stored in the collector database showing their installation status.
-u, --unregistered
Lists all software packages residing in the local collector database but for which no SWID tags
exist yet in a central collector database reachable via a REST interface.
-g, --generate
Generates ISO 19770-2:2015 SWID tags for all software packages residing in the local collector database but for
which no SWID tags exist in a central collector database reachable via a REST interface.
-m, --migrate
Can be used to migrate collector database versions. Currently all architecture suffixes are removed
from dpkg package names.
Configuration¶
The following parameters can be configured in the sw-collector section of strongswan.conf:
sw-collector {
database = sqlite:///etc/pts/collector.db
history = /var/log/apt/history.log
first_file = /var/log/bootstrap.log
first_time = 2016-04-22T20:55:14Z
rest_api {
uri = https://admin-user:ietf99hackathon@tnc.strongswan.org/api/
timeout = 120
}
}
- The database URI is mandatory because otherwise the collector database is not found. You can create an empty collector database with the command
sudo -s; cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db
- If the logrotate command has split the /var/log/apt/history.log file into multiple chunks then you have to manually unzip, concatenate and store the multiple chunks in the correct order in a reconstructed history.log file and point the history parameter to this file for the initial run of sw-collector. For all subsequent runs you must set back the history setting to the default value.
- The default value /var/log/bootstrap.log of the first_file parameter points to a file which is usually present on Debian and Ubuntu systems and which gives a good estimate of the date when the OS was initially installed. You can point first_file to another file of your choice or use first_time to explicitly define the system creation date.
- The rest_api.uri parameter is needed for the --unregistered and --generate commands where sw-collector contacts an on-line strongTNC server and queries already registered SWID tags via a REST API.
The parameters of the swid_generator used with the --generate command can be changed in the libimcv section of strongswan.conf:
libimcv {
swid_gen {
command = /usr/local/bin/swid_generator
tag_creator {
name = strongSwan Project
regid = strongswan.org
}
}
}
Files¶
/usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql