sw-collector¶
Synopsis¶
sw-collector [--debug level] [--quiet] [--count event-count] sw-collector [--debug level] [--quiet] [--installed|--removed] --list|--unregistered sw-collector [--debug level] [--quiet] [--installed|--removed] [--full] --generate sw-collector [--debug level] [--quiet] --migrate sw-collector -h | --help
Description¶
sw-collector extracts information about software package installation, update or removal events from the apt history log and stores the software events in an SQLite database. The retrieved history information is then merged and made consistent with the actual list of installed software packages obtained with dpkg-query.
Options¶
-h, --help Prints usage information and a short summary of the available commands. -v, --debug level Set debug level, default: 2. -q, --quiet Disable debug output to stderr. -i, --installed Apply command to installed software packages, only. -r, --removed Apply command to removed software packages, only. -f, --full Generate ISO 19770-2:2015 SWID tags with full file information (possible for installed software packages, only). -l, --list Lists all software packages stored in the collector database showing their installation status. -u, --unregistered Lists all software packages residing in the local collector database but for which no SWID tags exist yet in a central collector database reachable via a REST interface. -g, --generate Generates ISO 19770-2:2015 SWID tags for all software packages residing in the local collector database but for which no SWID tags exist in a central collector database reachable via a REST interface. -m, --migrate Can be used to migrate collector database versions. Currently all architecture suffixes are removed from dpkg package names.
Configuration¶
The following parameters can be configured in the sw-collector section of strongswan.conf:
sw-collector { database = sqlite:///etc/pts/collector.db history = /var/log/apt/history.log first_file = /var/log/bootstrap.log first_time = 2016-04-22T20:55:14Z rest_api { uri = https://admin-user:ietf99hackathon@tnc.strongswan.org/api/ timeout = 120 } }
- The database URI is mandatory because otherwise the collector database is not found. You can create an empty collector database with the command
sudo -s; cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db
- If the logrotate command has split the /var/log/apt/history.log file into multiple chunks then you have to manually unzip, concatenate and store the multiple chunks in the correct order in a reconstructed history.log file and point the history parameter to this file for the initial run of sw-collector. For all subsequent runs you must set back the history setting to the default value.
- The default value /var/log/bootstrap.log of the first_file parameter points to a file which is usually present on Debian and Ubuntu systems and which gives a good estimate of the date when the OS was initially installed. You can point first_file to another file of your choice or use first_time to explicitly define the system creation date.
- The rest_api.uri parameter is needed for the --unregistered and --generate commands where sw-collector contacts an on-line strongTNC server and queries already registered SWID tags via a REST API.
The parameters of the swid_generator used with the --generate command can be changed in the libimcv section of strongswan.conf:
libimcv { swid_gen { command = /usr/local/bin/swid_generator tag_creator { name = strongSwan Project regid = strongswan.org } } }
Files¶
/usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql