update Influxdb output to use API Token and api/v2

Signed-off-by: Thomas Labarussias <[email protected]>

README.md

@@ -242,9 +242,13 @@ elasticsearch:
 
 influxdb:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Influxdb output is enabled
-  # database: "falco" # Influxdb database (default: falco)
+  # database: "falco" # Influxdb database (api v1 only) (default: falco)
+  # organization: "" # Influxdb organization
+  # bucket: "falco" # Metrics bucket (default: falco)
+  # precision: "ns" # Write precision
   # user: "" # user to use if auth is enabled in Influxdb
   # password: "" # pasword to use if auth is enabled in Influxdb
+  # token: "" # API token to use if auth in enabled in Influxdb (disables user and password)
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
@@ -634,8 +638,12 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **INFLUXDB_HOSTPORT** : Influxdb http://host:port, if not `empty`, Influxdb is
   _enabled_
 - **INFLUXDB_DATABASE** : Influxdb database (default: falco)
-- **INFLUXDB_USER** : user to use if auth is enabled in Influxdb
+- **INFLUXDB_ORGANIZATION** : Influxdb database (api v1 only) (default: falco)
+- **INFLUXDB_BUCKET** : Influxdb organization
+- **INFLUXDB_USER** : bucket (default: falco)
 - **INFLUXDB_PASSWORD** : user to use if auth is enabled in Influxdb
+- **INFLUXDB_TOKEN** : API token to use if auth in enabled in Influxdb (disables user and password)
+- **INFLUXDB_PRECISION** : write precision
 - **INFLUXDB_MINIMUMPRIORITY** : minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`

config.go

@@ -109,8 +109,12 @@ func getConfig() *types.Configuration {
 
 	v.SetDefault("Influxdb.HostPort", "")
 	v.SetDefault("Influxdb.Database", "falco")
+	v.SetDefault("Influxdb.Organization", "")
+	v.SetDefault("Influxdb.Bucket", "falco")
+	v.SetDefault("Influxdb.Precision", "ns")
 	v.SetDefault("Influxdb.User", "")
 	v.SetDefault("Influxdb.Password", "")
+	v.SetDefault("Influxdb.Token", "")
 	v.SetDefault("Influxdb.MinimumPriority", "")
 	v.SetDefault("Influxdb.MutualTls", false)
 	v.SetDefault("Influxdb.CheckCert", true)

config_example.yaml

@@ -73,9 +73,13 @@ elasticsearch:
 
 influxdb:
   # hostport: "" # http://{domain or ip}:{port}, if not empty, Influxdb output is enabled
-  # database: "falco" # Influxdb database (default: falco)
+  # database: "falco" # Influxdb database (api v1 only) (default: falco)
+  # organization: "" # Influxdb organization
+  # bucket: "falco" # bucket (default: falco)
+  # precision: "ns" # write precision
   # user: "" # user to use if auth is enabled in Influxdb
   # password: "" # pasword to use if auth is enabled in Influxdb
+  # token: "" # API token to use if auth in enabled in Influxdb (disables user and password)
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)

main.go

@@ -234,13 +234,21 @@ func init() {
 	}
 
 	if config.Influxdb.HostPort != "" {
-		var credentials string
-		if config.Influxdb.User != "" && config.Influxdb.Password != "" {
-			credentials = "&u=" + config.Influxdb.User + "&p=" + config.Influxdb.Password
+		var url string = config.Influxdb.HostPort
+		if config.Influxdb.Organization != "" && config.Influxdb.Bucket != "" {
+			url += "/api/v2/write?org=" + config.Influxdb.Organization + "&bucket=" + config.Influxdb.Bucket
+		} else if config.Influxdb.Database != "" {
+			url += "/write?db=" + config.Influxdb.Database
+		}
+		if config.Influxdb.User != "" && config.Influxdb.Password != "" && config.Influxdb.Token == "" {
+			url += "&u=" + config.Influxdb.User + "&p=" + config.Influxdb.Password
+		}
+		if config.Influxdb.Precision != "" {
+			url += "&precision=" + config.Influxdb.Precision
 		}
 
 		var err error
-		influxdbClient, err = outputs.NewClient("Influxdb", config.Influxdb.HostPort+"/write?db="+config.Influxdb.Database+credentials, config.Influxdb.MutualTLS, config.Influxdb.CheckCert, config, stats, promStats, statsdClient, dogstatsdClient)
+		influxdbClient, err = outputs.NewClient("Influxdb", url, config.Influxdb.MutualTLS, config.Influxdb.CheckCert, config, stats, promStats, statsdClient, dogstatsdClient)
 		if err != nil {
 			config.Influxdb.HostPort = ""
 		} else {

outputs/influxdb.go

@@ -34,6 +34,12 @@ func newInfluxdbPayload(falcopayload types.FalcoPayload, config *types.Configura
 func (c *Client) InfluxdbPost(falcopayload types.FalcoPayload) {
 	c.Stats.Influxdb.Add(Total, 1)
 
+	c.AddHeader("Accept", "application/json")
+
+	if c.Config.Influxdb.Token != "" {
+		c.AddHeader("Authorization", "Token "+c.Config.Influxdb.Token)
+	}
+
 	err := c.Post(newInfluxdbPayload(falcopayload, c.Config))
 	if err != nil {
 		go c.CountMetric(Outputs, 1, []string{"output:influxdb", "status:error"})

types/types.go

@@ -193,8 +193,12 @@ type elasticsearchOutputConfig struct {
 type influxdbOutputConfig struct {
 	HostPort        string
 	Database        string
+	Organization    string
+	Bucket          string
+	Precision       string
 	User            string
 	Password        string
+	Token           string
 	MinimumPriority string
 	CheckCert       bool
 	MutualTLS       bool