Initial commit

Author: plasticuproject

.github/workflows/rust.yml

@@ -0,0 +1,76 @@
+name: Lint Build Release
+
+on:
+  push:
+    branches:
+      - '**'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Run tests
+      run: cargo test --verbose
+
+    - name: Run Clippy
+      run: cargo clippy --all-targets --all-features -- -D warnings
+
+  build:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Build the project
+      run: cargo build --release
+
+    - name: Package build
+      run: |
+        mkdir -p release
+        cp target/release/dashboard_datatable_builder release/
+        cd release
+        tar -czf dashboard_datatable_builder-${{ github.sha }}-${{ github.ref_name }}.tar.gz dashboard_datatable_builder
+
+    - name: List Release Directory
+      run: ls -la release/
+
+    - name: Upload Release Artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: dashboard_datatable_builder-${{ github.sha }}-${{ github.ref_name }}
+        path: release/dashboard_datatable_builder-${{ github.sha }}-${{ github.ref_name }}.tar.gz
+
+  release:
+    runs-on: ubuntu-latest
+    needs: build
+    if: startsWith(github.ref, 'refs/tags/')
+
+    permissions:
+      contents: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Download artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: dashboard_datatable_builder-${{ github.sha }}-${{ github.ref_name }}
+
+    - name: Create GitHub Release
+      uses: softprops/action-gh-release@v2
+      with:
+        files: dashboard_datatable_builder-${{ github.sha }}-${{ github.ref_name }}.tar.gz
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,14 @@
+/# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdbtarget

Cargo.toml

@@ -0,0 +1,37 @@
+[package]
+name = "dashboard_datatable_builder"
+version = "0.1.0"
+edition = "2021"
+rust-version = "1.80"
+authors = ["plasticuproject <[email protected]>"]
+description = "CC/B1 Minimial dashboard datatable builder."
+readme = "README.md"
+repository = "https://github.com/plasticuproject/dashboard_datatable_builder"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+regex = "1"
+chrono = "0.4"
+csv = "1.1"
+serde_json = "1.0"
+serde = { version = "1.0", features = ["derive"] }
+
+[badges.maintenance]
+status = "actively-developed"
+
+[lints.rust]
+unsafe_code = "forbid"
+
+[lints.clippy]
+enum_glob_use = "deny"
+pedantic = { level = "deny", priority = -1 }
+nursery = { level = "deny", priority = -1 }
+unwrap_used = "deny"
+
+[profile.release]
+opt-level = 'z'   # Optimize for size.
+lto = true        # Enable Link Time Optimisation
+codegen-units = 1 # Reduced to increase optimisations.
+panic = 'abort'   # Abort on panic
+strip = "symbols" # Strip symbols from binary

README.md

@@ -0,0 +1,74 @@
+[![Rust 1.80](https://img.shields.io/badge/rust-1.80+-red.svg)](https://www.rust-lang.org/tools/install)
+[![Lint Build Release](https://github.com/plasticuproject/dashboard_datatable_builder/actions/workflows/rust.yml/badge.svg)](https://github.com/plasticuproject/dashboard_datatable_builder/actions/workflows/rust.yml)
+![Maintenance](https://img.shields.io/badge/maintenance-actively--developed-brightgreen.svg)
+
+# Dashboard DataTable Builder
+
+The `dashboard_datatable_builder` is a Rust-based tool designed to process large volumes of CSV log data, specifically targeting structured log files with threat indicators, priorities, and other critical information. It extracts, cleans, consolidates, and sorts data into a succinct CSV format, facilitating the generation of data tables for dashboard integrations or further analysis.
+
+## Features
+
+- **Pattern-based File Selection**: Chooses log files for processing based on their names and modification dates, focusing on recent data.
+- **Data Cleaning and Deduplication**: Utilizes regular expressions to clean 'Event Description' fields and ensures that only unique data entries are included in the output.
+- **Date Filtering**: Filters log entries to include only those within a specified range of recent days, allowing for targeted analysis. Entries are first filtered by user-specified days and then by a default retention period of 15 days.
+- **Condition-based Filtering**: Further filters entries to include only those that are flagged as 'Blocked' in the dataset.
+- **Efficient Data Handling**: Processes files in a memory-efficient manner, suitable for handling large datasets without overwhelming system resources.
+- **Sorted CSV Output**: Produces an `events.csv` file that combines filtered, cleaned, and sorted (by date) entries for easy use in data tables or dashboards.
+
+## Getting Started
+
+### Prerequisites
+
+- Rust 1.8.0 or later
+- Cargo for managing Rust packages
+
+### Installation
+
+1. Clone the repository:
+
+   ```sh
+   git clone https://github.com/plasticuproject/dashboard_datatable_builder.git
+   ```
+
+2. Navigate to the project directory:
+
+   ```sh
+   cd dashboard_datatable_builder
+   ```
+
+3. Build the project:
+
+   ```sh
+   cargo build --release
+   ```
+
+### Usage
+
+Ensure your designated directory (e.g., `/var/log/fwd/db/`) is populated with compatible log files.
+To run the aggregator, provide the path to your log files directory and the number of days back to filter the files based on their modification date as arguments:
+
+   ```sh
+   cargo run --release <path_to_log_files> <days_back>
+   ```
+
+For example, to process logs from the last 15 days in the `/var/log/fwd/db` directory:
+
+   ```sh
+   cargo run --release /var/log/fwd/db 15
+   ```
+
+You can also execute the pre-built binary in the directory where you want your output files to reside:
+
+   ```sh
+   ./dashboard_datatable_builder /var/log/fwd/db 15
+   ```
+
+The program will generate an `events.csv` file in the current working directory, containing the processed, aggregated, and sorted data.
+
+### Post-Execution
+
+After running the program, check the `events.csv` file for your aggregated data. This file is overwritten each time the program is run to ensure it contains only the most recent and relevant entries.
+
+### Note
+
+The default retention period for the final filtering step is set to 15 days. This means after initial processing based on the `days_back` parameter, entries older than 7 days from the current date are further filtered out before the final write operation.