def queue_event_update_config(self, p_hostname, p_config):
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_UPDATE_CONFIG,
p_hostname=p_hostname,
p_payload=p_config)
self.queue_event(p_event=event, p_is_action=True)
def queue_event_speak(self, p_hostname, p_username, p_text):
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_SPEAK,
p_hostname=p_hostname,
p_username=p_username,
p_text=p_text)
self.queue_event(p_event=event, p_is_action=True)
def queue_event_historic_process_start(self, p_pinfo):
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_PROCESS_START,
p_hostname=p_pinfo.hostname,
p_pid=p_pinfo.pid,
p_username=p_pinfo.username,
p_process_start_time=p_pinfo.start_time)
self.queue_event(p_event=event, p_is_action=True)
def create_admin_event_process_downtime_from_pinfo(p_pinfo):
return admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_PROCESS_DOWNTIME,
p_hostname=p_pinfo.hostname,
p_username=p_pinfo.username,
p_processhandler=p_pinfo.processhandler,
p_process_start_time=p_pinfo.start_time,
p_downtime=p_pinfo.downtime,
p_pid=p_pinfo.pid)
def queue_event_kill_process(self, p_hostname, p_username,
p_processhandler, p_pid,
p_process_start_time):
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_KILL_PROCESS,
p_hostname=p_hostname,
p_username=p_username,
p_processhandler=p_processhandler,
p_pid=p_pid,
p_process_start_time=p_process_start_time)
self.queue_event(p_event=event, p_is_action=True)
def create_admin_event_process_end_from_pinfo(p_pinfo,
p_reference_time=None):
if p_reference_time is None:
p_reference_time = datetime.datetime.now()
return admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_PROCESS_END,
p_hostname=p_pinfo.hostname,
p_username=p_pinfo.username,
p_processhandler=p_pinfo.processhandler,
p_process_start_time=p_pinfo.start_time,
p_event_time=p_reference_time,
p_pid=p_pinfo.pid)
def scan_processes(self, p_reference_time, p_uid_map, p_host_name,
p_process_regex_map):
current_device_infos = {}
events = []
for device_config in self._client_device_configs.values():
device_is_up = self.ping_device(
p_client_device_config=device_config)
if device_is_up:
current_device_infos[device_config.hostname] = device_config
else:
if device_config.hostname in self._process_info_candidates:
del (self._process_info_candidates[device_config.hostname])
for hostname, device_config in current_device_infos.items():
current_pinfo = self.get_current_active_pinfo(hostname)
if current_pinfo is None:
if hostname in self._process_info_candidates:
event = self._process_info_candidates[hostname]
uptime = (p_reference_time -
event.process_start_time).total_seconds()
if uptime > device_config.min_activity_duration:
events.append(event)
del (self._process_info_candidates[hostname])
else:
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_PROCESS_START,
p_hostname=hostname,
p_processhandler=self.id,
p_username=device_config.username,
p_process_start_time=p_reference_time)
self._process_info_candidates[hostname] = event
for pinfo in self._process_infos.values():
# If the end time of a current entry is None AND the process was started on the local host AND
# the process is no longer running THEN send an EVENT_TYPE_PROCESS_END event!
if pinfo.end_time is None and pinfo.hostname not in current_device_infos:
event = self.create_admin_event_process_end_from_pinfo(
p_pinfo=pinfo, p_reference_time=p_reference_time)
events.append(event)
return events
def test_log_admin_event(self):
a_persistence = self.create_dummy_persistence(self._logger)
self.assertIsNotNone(a_persistence)
an_admin_event = admin_event.AdminEvent(
p_hostname=test_data.HOSTNAME_1,
p_username=test_data.USER_1,
p_pid=test_data.PID_1,
p_processhandler=None,
p_processname=None,
p_event_type=None,
p_event_time=None,
p_process_start_time=test_data.START_TIME_NOW,
p_text=None,
p_payload=None)
a_persistence.log_admin_event(p_admin_event=an_admin_event)
a_persistence = None
def scan_processes(self, p_session_context, p_reference_time, p_server_group, p_login_mapping, p_host_name,
p_process_regex_map):
events = []
with persistence.SessionContext(p_persistence=self._persistence) as session_context:
for device in self._persistence.devices(p_session_context):
self.ping_device(p_reference_time=p_reference_time, p_device=device)
for device_info in self._device_infos.values():
if device_info.device_name not in self._persistence.device_map(session_context):
# Clear statistics for old device names so that they are correctly reported in Prometheus
device_info.clear_moving_average()
for device in self._persistence.devices(session_context):
device_info = self.get_device_info(p_device_name=device.device_name)
if device_info.requires_process_start_event(p_reference_time=p_reference_time):
# Send process start event for monitored users (if required)
for user2device in device.users:
current_pinfo = self.get_current_active_pinfo(device.hostname, p_username=user2device.user.username)
if user2device.active:
if current_pinfo is None:
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_PROCESS_START,
p_hostname=device_info.hostname,
p_hostlabel=device_info.device_name,
p_processhandler=self.id,
p_username=user2device.user.username,
p_percent=user2device.percent,
p_process_start_time=p_reference_time)
events.append(event)
else:
if current_pinfo is not None:
event = self.create_admin_event_process_end_from_pinfo(
p_pinfo=current_pinfo,
p_reference_time=p_reference_time)
events.append(event)
else:
# Send process stop event for non monitored users (if required)
for user2device in device.users:
current_pinfo = self.get_current_active_pinfo(device.hostname, p_username=user2device.user.username)
if current_pinfo is not None:
event = self.create_admin_event_process_end_from_pinfo(
p_pinfo=current_pinfo,
p_reference_time=p_reference_time)
events.append(event)
active_hostnames = [device_info.hostname for device_info in self._device_infos.values() if device_info.is_up]
for pinfo in self._process_infos.values():
# If the end time of a current entry is None AND the process was started on the local host AND
# the process is no longer running THEN send an EVENT_TYPE_PROCESS_END event!
if pinfo.end_time is None and pinfo.hostname not in active_hostnames:
event = self.create_admin_event_process_end_from_pinfo(
p_pinfo=pinfo,
p_reference_time=p_reference_time)
events.append(event)
return events
def scan_processes(self, p_reference_time, p_uid_map, p_host_name,
p_process_regex_map):
current_processes = {}
events = []
fmt = "Scanning processes..."
self._logger.debug(fmt)
for proc in self._process_iterator_factory.process_iter(
): # attrs=['pid', 'name', 'username', 'create_time']
try:
uids = proc.uids()
if uids.real in p_uid_map:
username = p_uid_map[uids.real]
proc_name = proc.name()
if p_process_regex_map[username].match(proc_name):
start_time = datetime.datetime.fromtimestamp(
proc.create_time(),
datetime.timezone.utc).astimezone().replace(
tzinfo=None)
key = process_info.get_key(p_hostname=p_host_name,
p_pid=proc.pid,
p_start_time=start_time)
current_processes[key] = 1
if key in self._process_infos:
pinfo = self._process_infos[key]
if pinfo.end_time is not None:
event = self.create_admin_event_process_start_from_pinfo(
p_pinfo=pinfo)
events.append(event)
else:
event = admin_event.AdminEvent(
p_event_type=admin_event.
EVENT_TYPE_PROCESS_START,
p_hostname=p_host_name,
p_processhandler=self.id,
p_username=p_uid_map[uids.real],
p_processname=proc.name(),
p_process_start_time=start_time,
p_pid=proc.pid)
events.append(event)
except psutil.NoSuchProcess as e:
fmt = "Ignoring exception '{estr}' because process has disappeared"
self._logger.debug(fmt.format(estr=str(e)))
for (key, pinfo) in self._process_infos.items():
# If the end time of a current entry is None AND the process was started on the local host AND
# the process is no longer running THEN send an EVENT_TYPE_PROCESS_END event!
if pinfo.end_time is None and pinfo.hostname == p_host_name and key not in current_processes:
event = self.create_admin_event_process_end_from_pinfo(
p_pinfo=pinfo, p_reference_time=p_reference_time)
events.append(event)
return events
def queue_event_start_client(self):
event = admin_event.AdminEvent(
p_event_type=admin_event.EVENT_TYPE_START_CLIENT,
p_hostname=self._host_name)
self.queue_event(p_event=event, p_to_master=True)
