Merge pull request #399 from gyptazy/feature/387-add-syslog-scoping

feature: Add syslog scoping

Author: MrMasterbay

pegaprox/api/helpers.py

@@ -80,6 +80,9 @@ def load_server_settings():
         # MK Apr 2026 — when true, /api/metrics needs no auth. Useful for setups
         # where a reverse proxy/mutual-TLS already gates scrapes. Default off.
         'metrics_public': False,
+        # When enabled, the Syslog viewer only shows hostnames belonging to
+        # the currently selected cluster instead of all collected syslog rows.
+        'syslog_filter_by_selected_cluster': False,
         # Webhook alert channels (Slack, Discord, Teams, ntfy, generic)
         # Each: {id, name, type, url, enabled, ...type-specific fields}
         'alert_webhooks': [],

pegaprox/api/reports.py

@@ -7,6 +7,7 @@
 import re
 import sqlite3
 import threading
+from urllib.parse import urlparse
 from datetime import datetime, timedelta
 from flask import Blueprint, jsonify, request
 
@@ -16,7 +17,7 @@
 
 from pegaprox.utils.auth import require_auth, load_users
 from pegaprox.utils.rbac import get_user_clusters
-from pegaprox.api.helpers import check_cluster_access
+from pegaprox.api.helpers import check_cluster_access, load_server_settings
 from pegaprox.background.metrics import load_metrics_history, start_metrics_collector
 from pegaprox.background.syslog_server import DB_FILE, SEVERITY_MAP
 from pegaprox.api.schedules import start_scheduler
@@ -57,6 +58,53 @@ def _syslog_like_clause(search_text):
         [like, like, like, like, like, like],
     )
 
+
+def _syslog_hostname_tokens(value):
+    value = str(value or '').strip().lower()
+    if not value:
+        return set()
+    if '://' in value:
+        parsed = urlparse(value)
+        value = parsed.hostname or value
+    value = value.split('/')[0].split('@')[-1]
+    if value.startswith('[') and ']' in value:
+        value = value[1:value.index(']')]
+    elif ':' in value and value.count(':') == 1:
+        value = value.rsplit(':', 1)[0]
+    value = value.strip('.')
+    if not value:
+        return set()
+    tokens = {value}
+    if '.' in value:
+        tokens.add(value.split('.', 1)[0])
+    return tokens
+
+
+def _syslog_cluster_hostnames(cluster_id):
+    manager = cluster_managers.get(cluster_id)
+    if not manager:
+        return set()
+
+    hostnames = set()
+    config = getattr(manager, 'config', None)
+    for value in (
+        getattr(manager, 'host', ''),
+        getattr(config, 'host', '') if config else '',
+        getattr(config, 'name', '') if config else '',
+    ):
+        hostnames.update(_syslog_hostname_tokens(value))
+
+    try:
+        node_status = manager.get_node_status() or {}
+        for node_name in node_status.keys():
+            hostnames.update(_syslog_hostname_tokens(node_name))
+    except Exception as exc:
+        logging.debug(f"[Syslog] Could not load nodes for cluster filter {cluster_id}: {exc}")
+        for node_name in getattr(manager, 'ha_node_status', {}).keys():
+            hostnames.update(_syslog_hostname_tokens(node_name))
+
+    return hostnames
+
 @bp.route('/api/reports/summary', methods=['GET'])
 @require_auth()
 def get_reports_summary():
@@ -180,6 +228,7 @@ def get_integrated_syslog_events():
     hostname = (request.args.get('hostname') or '').strip()
     source_ip = (request.args.get('source_ip') or '').strip()
     facility = (request.args.get('facility') or '').strip()
+    cluster_id = (request.args.get('cluster_id') or '').strip()
 
     sort_map = {
         'id': 'logs.id',
@@ -267,6 +316,22 @@ def get_integrated_syslog_events():
         except ValueError:
             pass
 
+    if cluster_id and load_server_settings().get('syslog_filter_by_selected_cluster', False):
+        ok, err = check_cluster_access(cluster_id)
+        if not ok:
+            return err
+        cluster_hostnames = sorted(_syslog_cluster_hostnames(cluster_id))
+        if cluster_hostnames:
+            cluster_hostname_where = []
+            for value in cluster_hostnames:
+                cluster_hostname_where.append("LOWER(logs.hostname) = ?")
+                params.append(value)
+                cluster_hostname_where.append("LOWER(logs.hostname) LIKE ?")
+                params.append(f"{value}.%")
+            where.append(f"({' OR '.join(cluster_hostname_where)})")
+        else:
+            where.append("1 = 0")
+
     where_sql = f"WHERE {' AND '.join(where)}" if where else ''
     joins_sql = f"{' '.join(joins)}" if joins else ''
     offset = (page - 1) * per_page

pegaprox/api/settings.py

@@ -1152,6 +1152,12 @@ def update_server_settings():
                 settings['alert_update_available'] = bool(data['alert_update_available'])
             if 'metrics_public' in data:
                 settings['metrics_public'] = bool(data['metrics_public'])
+            if 'syslog_filter_by_selected_cluster' in data:
+                old_val = settings.get('syslog_filter_by_selected_cluster', False)
+                settings['syslog_filter_by_selected_cluster'] = bool(data['syslog_filter_by_selected_cluster'])
+                if old_val != settings['syslog_filter_by_selected_cluster']:
+                    log_audit(request.session.get('user', 'admin'), 'settings.syslog',
+                              f"Syslog cluster hostname filter {'enabled' if settings['syslog_filter_by_selected_cluster'] else 'disabled'}")
             if 'strict_session_ip' in data:
                 settings['strict_session_ip'] = bool(data['strict_session_ip'])
 
@@ -1381,6 +1387,12 @@ def update_server_settings():
                 settings['alert_cooldown'] = max(60, min(86400, int(request.form['alert_cooldown'])))
             if 'alert_update_available' in request.form:
                 settings['alert_update_available'] = request.form['alert_update_available'] in ('true', '1', 'on')
+            if 'syslog_filter_by_selected_cluster' in request.form:
+                old_syslog_filter = settings.get('syslog_filter_by_selected_cluster', False)
+                settings['syslog_filter_by_selected_cluster'] = request.form['syslog_filter_by_selected_cluster'] in ('true', '1', 'on')
+                if old_syslog_filter != settings['syslog_filter_by_selected_cluster']:
+                    log_audit(request.session.get('user', 'admin'), 'settings.syslog',
+                              f"Syslog cluster hostname filter {'enabled' if settings['syslog_filter_by_selected_cluster'] else 'disabled'}")
 
             # Handle certificate upload
             if 'ssl_cert' in request.files:
@@ -4574,4 +4586,3 @@ def test_ldap():
     return jsonify(results)
 
 
-