def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
if self.config.getboolean("logstash", "enabled"):
self.host = self.config.get("logstash", "host")
self.port = int(self.config.getint("logstash", "port"))
self.options = {
"enabled": self.config.getboolean("logstash", "enabled"),
}
self.handler = self.config.get("logstash", "handler")
if self.handler == "AMQP":
self.username = self.config.get("logstash", "username")
self.password = self.config.get("logstash", "password")
self.exchange = self.config.get("logstash", "exchange")
self.durable = self.config.getboolean("logstash", "durable")
elif self.handler != "TCP" and self.handler != "UDP":
raise Exception(
"Incorrect logstash handler defined, please use AMQP, UDP or TCP"
)
self._setup_handler()
else:
self.options = {"enabled": False}
def __init__(self, data_dir, config="glastopf.cfg"):
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("surfcertids", "enabled"),
"host": self.config.get("surfcertids", "host"),
"port": self.config.getint("surfcertids", "port"),
"user": self.config.get("surfcertids", "user"),
"password": self.config.get("surfcertids", "password"),
"database": self.config.get("surfcertids", "database"),
"atype": 3,
"ptype_request": 60,
"ptype_referer": 61,
"ptype_useragent": 62,
"ptype_host": 63,
"ptype_pattern": 64,
}
if self.options['enabled']:
try:
import psycopg2
self.connection = psycopg2.connect(
"host=%s port=%s user=%s password=%s dbname=%s" % (
self.options['host'],
self.options['port'],
self.options['user'],
self.options['password'],
self.options['database'],
))
logger.info("Connected to the SURFcert IDS logserver.")
except Exception as e:
logger.exception(
"Unable to connect to the SURFcert IDS logserver: {0}".
format(e))
self.options['enabled'] = False
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("syslog", "enabled"),
"socket": self.config.get("syslog", "socket"),
}
if self.options['enabled']:
#Make sure we only have one logger
try:
LogSyslog.logger
except AttributeError:
LogSyslog.logger = logging.getLogger('glastopf_attack')
LogSyslog.logger.propagate = False
if ":" in self.options['socket']:
host, port = self.options['socket'].split(":")
address = (host, int(port))
else:
address = (self.options['socket'], 514)
logging.info(
'Using syslog logger on remote {0}.'.format(address))
LogSyslog.log_handler = logging.handlers.SysLogHandler(
address=address)
LogSyslog.logger.addHandler(self.log_handler)
LogSyslog.logger.setLevel(logging.INFO)
def __init__(self,
data_dir,
work_dir,
config="glastopf.cfg",
reconnect=True):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.files_dir = os.path.join(data_dir, 'files/')
self.enabled = False
self._initial_connection_happend = False
self.options = {'enabled': self.enabled}
if self.config.getboolean("s3storage", "enabled"):
self.endpoint = self.config.get("s3storage", "endpoint")
self.accesskey = self.config.get("s3storage", "aws_access_key_id")
self.secretkey = self.config.get("s3storage",
"aws_secret_access_key")
self.version = self.config.get("s3storage", "signature_version")
self.region = self.config.get("s3storage", "region")
self.bucket = self.config.get("s3storage", "bucket")
self.enabled = True
self.options = {'enabled': self.enabled}
self.s3client = None
self.s3session = None
gevent.spawn(self._start_connection, self.endpoint, self.accesskey,
self.secretkey, self.version, self.region,
self.bucket)
def __init__(self, data_dir, work_dir, config='glastopf.cfg'):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {'enabled': self.config.getboolean('taxii', 'enabled')}
self.host = self.config.get('taxii', 'host')
self.port = self.config.getint('taxii', 'port')
self.inbox_path = self.config.get('taxii', 'inbox_path')
self.use_https = self.config.getboolean('taxii', 'use_https')
self.client = HttpClient()
self.client.setProxy('noproxy')
auth_credentials = {
'username': self.config.get('taxii', 'auth_basic_username'),
'password': self.config.get('taxii', 'auth_basic_password'),
'key_file': self.config.get('taxii', 'auth_certificate_keyfile'),
'cert_file': self.config.get('taxii', 'auth_certificate_certfile')
}
self.client.setAuthCredentials(auth_credentials)
if self.config.getboolean('taxii', 'use_auth_basic'):
self.client.setAuthType(tc.HttpClient.AUTH_BASIC)
elif self.config.getboolean('taxii', 'use_auth_certificate'):
self.client.setAuthType(tc.HttpClient.AUTH_CERT)
elif self.config.getboolean(
'taxii', 'use_auth_basic') and self.config.getboolean(
'taxii', 'use_auth_certificate'):
self.client.setAuthType(tc.HttpClient.AUTH_CERT_BASIC)
else:
self.client.setAuthType(tc.HttpClient.AUTH_NONE)
self.stix_transformer = StixTransformer(self.config, data_dir)
def __init__(self, data_dir, config='glastopf.cfg'):
BaseLogger.__init__(self, config)
self.options = {'enabled': self.config.getboolean('taxii', 'enabled')}
self.host = self.config.get('taxii', 'host')
self.port = self.config.getint('taxii', 'port')
self.inbox_path = self.config.get('taxii', 'inbox_path')
self.use_https = self.config.getboolean('taxii', 'use_https')
self.client = HttpClient()
self.client.setProxy('noproxy')
auth_credentials = {'username': self.config.get('taxii', 'auth_basic_username'),
'password': self.config.get('taxii', 'auth_basic_password'),
'key_file': self.config.get('taxii', 'auth_certificate_keyfile'),
'cert_file': self.config.get('taxii', 'auth_certificate_certfile')}
self.client.setAuthCredentials(auth_credentials)
if self.config.getboolean('taxii', 'use_auth_basic'):
self.client.setAuthType(tc.HttpClient.AUTH_BASIC)
elif self.config.getboolean('taxii', 'use_auth_certificate'):
self.client.setAuthType(tc.HttpClient.AUTH_CERT)
elif self.config.getboolean('taxii', 'use_auth_basic') and self.config.getboolean('taxii', 'use_auth_certificate'):
self.client.setAuthType(tc.HttpClient.AUTH_CERT_BASIC)
else:
self.client.setAuthType(tc.HttpClient.AUTH_NONE)
self.stix_transformer = StixTransformer(self.config, data_dir)
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("surfcertids", "enabled"),
"host": self.config.get("surfcertids", "host"),
"port": self.config.getint("surfcertids", "port"),
"user": self.config.get("surfcertids", "user"),
"password": self.config.get("surfcertids", "password"),
"database": self.config.get("surfcertids", "database"),
"atype": 3,
"ptype_request": 60,
"ptype_referer": 61,
"ptype_useragent": 62,
"ptype_host": 63,
"ptype_pattern": 64,
}
if self.options['enabled']:
try:
import psycopg2
self.connection = psycopg2.connect(
"host=%s port=%s user=%s password=%s dbname=%s" % (
self.options['host'],
self.options['port'],
self.options['user'],
self.options['password'],
self.options['database'],
)
)
logger.info("Connected to the SURFcert IDS logserver.")
except Exception as e:
logger.exception("Unable to connect to the SURFcert IDS logserver: {0}".format(e))
self.options['enabled'] = False
def __init__(self,
data_dir,
work_dir,
config="glastopf.cfg",
reconnect=True):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.files_dir = os.path.join(data_dir, 'files/')
self.enabled = False
self._initial_connection_happend = False
#legacy
self.options = {'enabled': self.enabled}
if self.config.getboolean("hpfeed", "enabled"):
host = self.config.get("hpfeed", "host")
port = int(self.config.getint("hpfeed", "port"))
ident = self.config.get("hpfeed", "ident")
secret = self.config.get("hpfeed", "secret")
self.enabled = True
#legacy
self.options = {'enabled': self.enabled}
self.chan_files = self.config.get("hpfeed", "chan_files")
self.chan_events = self.config.get("hpfeed", "chan_events")
self.hpc = None
gevent.spawn(self._start_connection, host, port, ident, secret,
reconnect)
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("profiler", "enabled"),
"database": self.config.get("main-database", "connection_string")
}
self.logger = logging.getLogger('glastopf.modules.reporting.auxiliary.log_profiler')
def __init__(self, data_dir, config="glastopf.cfg"):
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("mail", "enabled"),
"user": self.config.get("mail", "user"),
"pwd": self.config.get("mail", "pwd"),
"mail_from": self.config.get("mail", "mail_from"),
"mail_to": self.config.get("mail", "mail_to"),
"smtp_host": self.config.get("mail", "smtp_host"),
"smtp_port": self.config.get("mail", "smtp_port"),
"patterns": self.config.get("mail", "patterns"),
}
def __init__(self, data_dir, config="glastopf.cfg"):
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("mail", "enabled"),
"user": self.config.get("mail", "user"),
"pwd": self.config.get("mail", "pwd"),
"mail_from": self.config.get("mail", "mail_from"),
"mail_to": self.config.get("mail", "mail_to"),
"smtp_host": self.config.get("mail", "smtp_host"),
"smtp_port": self.config.get("mail", "smtp_port"),
"patterns": self.config.get("mail", "patterns"),
}
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {'enabled': False}
try:
self.options = {
"enabled": self.config.getboolean("profiler", "enabled"),
"database": self.config.get("main-database", "connection_string")
}
except (NoSectionError, NoOptionError):
return
self.logger = logging.getLogger(__name__)
def get_aux_loggers(data_dir, work_dir, create_tables=True):
loggers = []
try:
BaseLogger()
for name in _get_logger_names():
module_name = "glastopf.modules.reporting.auxiliary." + name.split('.', 1)[0]
__import__(module_name, globals(), locals(), [], -1)
logger_classes = BaseLogger.__subclasses__()
except ImportError as e:
logger.exception("Error while importing logger: {0}".format(e))
return None
else:
for logger_class in logger_classes:
logger_instance = logger_class(data_dir, work_dir)
if logger_instance.options['enabled']:
loggers.append(logger_instance)
return loggers
def __init__(self, data_dir, work_dir, config="glastopf.cfg", reconnect=True):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.files_dir = os.path.join(data_dir, 'files/')
self.enabled = self.config.getboolean("s3storage", "enabled")
self._initial_connection_happend = False
self.options = {'enabled': self.enabled}
if self.enabled:
self.endpoint = self.config.get("s3storage", "endpoint")
self.accesskey = self.config.get("s3storage", "aws_access_key_id")
self.secretkey = self.config.get("s3storage", "aws_secret_access_key")
self.version = self.config.get("s3storage", "signature_version")
self.region = self.config.get("s3storage", "region")
self.bucket = self.config.get("s3storage", "bucket")
self.enabled = True
self.s3client = None
self.s3session = None
gevent.spawn(self._start_connection)
def __init__(self, data_dir, config="glastopf.cfg", reconnect=True):
BaseLogger.__init__(self, config)
self.files_dir = os.path.join(data_dir, 'files/')
self.enabled = False
#legacy
self.options = {'enabled': self.enabled}
if self.config.getboolean("hpfeed", "enabled"):
host = self.config.get("hpfeed", "host")
port = int(self.config.getint("hpfeed", "port"))
ident = self.config.get("hpfeed", "ident")
secret = self.config.get("hpfeed", "secret")
self.enabled = True
#legacy
self.options = {'enabled': self.enabled}
self.chan_files = self.config.get("hpfeed", "chan_files")
self.chan_events = self.config.get("hpfeed", "chan_events")
self.hpc = hpfeeds.new(host, port, ident, secret, reconnect=reconnect)
def __init__(self, data_dir, work_dir, config="glastopf.cfg", reconnect=True):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.files_dir = os.path.join(data_dir, 'files/')
self.enabled = False
self._initial_connection_happend = False
#legacy
self.options = {'enabled': self.enabled}
if self.config.getboolean("hpfeed", "enabled"):
host = self.config.get("hpfeed", "host")
port = int(self.config.getint("hpfeed", "port"))
ident = self.config.get("hpfeed", "ident")
secret = self.config.get("hpfeed", "secret")
self.enabled = True
#legacy
self.options = {'enabled': self.enabled}
self.chan_files = self.config.get("hpfeed", "chan_files")
self.chan_events = self.config.get("hpfeed", "chan_events")
self.hpc = None
gevent.spawn(self._start_connection, host, port, ident, secret, reconnect)
def __init__(self, data_dir, config="glastopf.cfg"):
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("syslog", "enabled"),
"socket": self.config.get("syslog", "socket"),
}
if self.options['enabled']:
#Make sure we only have one logger
try:
LogSyslog.logger
except AttributeError:
LogSyslog.logger = logging.getLogger('glaspot_attack')
LogSyslog.logger.propagate = False
if ":" in self.options['socket']:
address = self.options['socket'].split(":")
else:
address = self.options['socket']
LogSyslog.log_handler = logging.handlers.SysLogHandler(address=address)
LogSyslog.logger.addHandler(self.log_handler)
LogSyslog.logger.setLevel(logging.INFO)
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
if self.config.getboolean("logstash", "enabled"):
self.host = self.config.get("logstash", "host")
self.port = int(self.config.getint("logstash", "port"))
self.options = {
"enabled": self.config.getboolean("logstash", "enabled"),
}
self.handler = self.config.get("logstash", "handler")
if self.handler == "AMQP":
self.username = self.config.get("logstash", "username")
self.password = self.config.get("logstash", "password")
self.exchange = self.config.get("logstash", "exchange")
self.durable = self.config.getboolean("logstash", "durable")
elif self.handler != "TCP" and self.handler != "UDP":
raise Exception("Incorrect logstash handler defined, please use AMQP, UDP or TCP")
self._setup_handler()
else:
self.options = {"enabled": False}
def __init__(self, data_dir, work_dir, config="glastopf.cfg"):
config = os.path.join(work_dir, config)
BaseLogger.__init__(self, config)
self.options = {
"enabled": self.config.getboolean("syslog", "enabled"),
"socket": self.config.get("syslog", "socket"),
}
if self.options['enabled']:
#Make sure we only have one logger
try:
LogSyslog.logger
except AttributeError:
LogSyslog.logger = logging.getLogger('glaspot_attack')
LogSyslog.logger.propagate = False
if ":" in self.options['socket']:
host, port = self.options['socket'].split(":")
address = (host, int(port))
else:
address = (self.options['socket'], 514)
logging.info('Using syslog logger on remote {0}.'.format(address))
LogSyslog.log_handler = logging.handlers.SysLogHandler(address=address)
LogSyslog.logger.addHandler(self.log_handler)
LogSyslog.logger.setLevel(logging.INFO)
def get_aux_loggers(create_tables=True):
loggers = []
try:
BaseLogger()
for name in _get_logger_names():
module_name = "glastopf.modules.reporting.auxiliary." + name.split('.', 1)[0]
__import__(module_name, globals(), locals(), [], -1)
logger_classes = BaseLogger.__subclasses__()
except ImportError as e:
logger.exception("Error while importing logger: {0}".format(e))
return None
else:
for logger_class in logger_classes:
logger_instance = logger_class()
if logger_instance.options['enabled'] == 'True':
loggers.append(logger_instance)
return loggers
