Wazuh Handler: Parallel host log monitor

[Rebits]

Related Issue
https://github.com/wazuh/qa-system-framework/issues/35

Description

As specified in https://github.com/wazuh/qa-system-framework/issues/35 is required to include in the WazuhHandler class, methods to monitor efficiently logs.

[Rebits]

07/06/2023

We have decided to delegate the task of log searching to the remote hosts, eliminating the complexity associated with previous log monitoring tools. This approach will significantly reduce the delay in searching through all the host logs.

• Research current FileRegexMonitor
• Create class FileRegexMonitorManager to handle multiple host log search.

[Rebits]

09/06/2023

• Researched how to install new framework in the remote nodes
• Implemented FileRegex method into HostManager class
• PoC with basic regex

[Rebits]

12/06/2023

• Issue marked as On Hold in favor of https://github.com/wazuh/qa-system-framework/issues/39
• Development will continue tomorrow 13/06/2023

[Rebits]

13/06/2023

• On hold due to https://github.com/wazuh/wazuh/issues/17527
• Refactor file regex monitoring manager
  • Include only future events parameter
  • Include file for results reporting

[Rebits]

14/06/2023

• Implemented script for remote log search in the endpoint
• Implemented debugging for FileRegexMonitor
• Fix minor errors in case of different path monitoring objects

This issue is marked as blocked due to the following developments:

• https://github.com/wazuh/qa-system-framework/issues/51
• https://github.com/wazuh/qa-system-framework/issues/18

To ensure a robust implementation, it is essential to include a dedicated method for launching Python scripts within the endpoint. Furthermore, I strongly recommend that the development process does not proceed with merging until a generic monitoring object has been created. This object will enable comprehensive monitoring and enhance the overall quality of the system.