def getresult(path):
rs=[]
f=lib_rule.searchtidrules(path)
if not f:
return None
print f
grs=lib_rule.getinfo4rule(f,1)
for tid,value in grs.items():
try:
tids.index(tid)
if os.path.isfile(path+'/tid/'+tid+'.pcap'):
rs.append(tid+'\t'+'\t'.join(value)+'\t'+path+'/tid/'+tid+'.pcap')
else:
print tid,value[0]
rs.append(tid+'\t'+'\t'.join(value))
tids.remove(tid)
except Exception:
pass
return rs
if len(sys.argv)<3:
print "rn4tid.py grule ips"
print "grule,path of grule file"
print "ips,path of ips rule file"
exit(1)
p1=sys.argv[1] #grule
p2=sys.argv[2] #ips rule
path,f=os.path.split(p1)
os.chdir(path)
try:
os.mkdir('tid')
os.mkdir('msg')
except Exception:
pass
grules=lib_rule.getinfo4grule(p1)
ipsrules=lib_rule.getinfo4rule(p2)
for grule in grules:
msg=grule['msg']
#if msg[-1].isdigit():
# msg=msg+"\xe6\x94\xbb\xe5\x87\xbb"
ename=wincorrect(grule['ename'])
tid=gettid(msg)
if not tid:
print ename
continue
msg=msg.decode('utf8')
shutil.copy(ename+"/5.pcap","tid/"+tid+".pcap")
shutil.copy(ename+"/5.pcap","msg/"+msg+".pcap")
exit()
if args['-p']=='':
args['-p']=os.getcwd()
if not os.path.exists(args['-p']):
print "the path is not exists"
exit(1)
if not os.path.isdir(args['-p']):
print "the path must be a dir"
exit(1)
os.chdir(args['-p'])
if args['-r']!='':
if not os.path.isfile(args['-r']):
print "%s is not exist,please input real path for rule file" %args['-r']
exit(1)
grs=lib_rule.getinfo4rule(args['-r'],2)
print "load numbers of rule:",len(grs)
if len(grs):
lib_pickle.dump2file(args['-p']+"/rule.pkl",grs)
if args['-rpk']!='':
if os.path.isfile("rule.pkl"):
grs=lib_pickle.get4file("rule.pkl")
print "load numbers of rule:",len(grs)
else:
print "rule.pkl is not exist,please input real path for rule file"
exit(1)
if not len(grs):
print "load rules error,again"
exit(1)
import os
import sys
import lib_rule
if len(sys.argv)<3:
print "USE: rule tid"
print "tid: tid file or tid dir"
exit(1)
if os.path.isdir(sys.argv[2]):
tids=lib_rule.gettid4dir(sys.argv[2])
elif os.path.isfile(sys.argv[2]):
tids=lib_rule.gettid4file(sys.argv[2])
grs=lib_rule.getinfo4rule(sys.argv[1],1)
print "load tid: %d" %len(tids)
print "load rule: %d" %len(grs)
print "====================================================="
for tid in tids:
try:
print grs[tid][1]
except Exception:
print "#have no rules for tid %s" %tid
try:
if len(grs[sid]) < 2:
grs[sid].append(set([cwdpcap]))
else:
grs[sid][1].add(cwdpcap)
except Exception:
grs[sid] = [msg, set([cwdpcap])]
if len(sys.argv) < 4:
print "use: logfile rulesfile outfile"
exit(1)
log = sys.argv[1]
rule = sys.argv[2]
out = sys.argv[3]
grs = lib_rule.getinfo4rule(rule)
cwdpcap = None
print "load numbers of rule:", len(grs)
analysis(log)
outf = open(out, "w")
for sid, info in grs.items():
if len(info) < 2:
print sid + "\t" + info[0]
continue
outf.write(sid + "\t" + info[0] + "\t")
for pcap in list(info[1]):
outf.write(pcap + "\t")
outf.write("\n")
outf.close()
