def sendPatternSuggestion(self, suggestion, patterns): """@brief Builds a composite TLV to send a the pattern to the ASEC system. @param suggestion: the suggestion """ logger.info("Sending results...") tlv_list = [] suggestion_id = UUID(bytes=suggestion.suggestion_group_id) b64_suggestion_id = base64.b64encode(str(suggestion_id)) tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \ str(b64_suggestion_id), len(str(b64_suggestion_id))) suggestion_filename = "" if suggestion.location is None or suggestion.location == "": suggestion_filename = suggestion.filename else: suggestion_filename = suggestion.location suggestion_filename = base64.b64encode(suggestion_filename) tlv_suggestion_filename = ASECTLV.tlv_simple( ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename, len(suggestion_filename)) suggestion_json = '{"patterns":[' pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns]) suggestion_json = suggestion_json + pattern_list + "]}" suggestion_json = base64.b64encode(suggestion_json) tlv_suggestion_json = ASECTLV.tlv_simple( ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json, len(suggestion_json)) tlv_list.append(tlv_suggestion_id) tlv_list.append(tlv_suggestion_filename) tlv_list.append(tlv_suggestion_json) tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN, tlv_list) attempts = 3 while attempts > 0: if not self.__send(tlvcomposite): attempts = attempts - 1 time.sleep(1) else: try: self.__asecmodel.delete_suggestion(str(suggestion_id)) except Exception, e: logger.error("Can't remove the suggestionid: %s" % str(e)) return False return True
def process_message_active_plugin(self, data, data_len): """Processes the active plugin message. """ logger.info("processing active plugin message") total = data_len readed = 0 pkg = data plugin_id = "" plugin_name = "" sensor_id = "" log_file ="" while readed < total: s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:]) readed += s_len + 8 if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID: plugin_id = base64.b64decode(s_value).rstrip('\n') logger.info("pattern_pluginid: %s" % plugin_id) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME: plugin_name = base64.b64decode(s_value).rstrip('\n') logger.info("pattern_field_pluginname :%s" % plugin_name) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID: sensor_id = base64.b64decode(s_value) logger.info("pattern_field_sensorid :%s" % sensor_id) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE: log_file = base64.b64decode(s_value) else: logger.error("unknown type: %s" % s_type) try: pid = int(plugin_id) except: logger.error("invalid plugin %s" % plugin_id) pid = 0 notification = AsecDb_Notification(plugin_id=pid, sensor_id=UUID(sensor_id).bytes, rule_name=plugin_name,log_file = log_file) self.__asecmodel.set_notification(notification)
def process_message_pattern(self, data, data_len): """Processes the pattern message. """ logger.info("processing message: pattern") total = data_len readed = 0 pkg = data logid = 0 t_uuid = "" filename = "" json_str = "" while readed < total: s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:]) readed += s_len + 8 if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID: logger.info("pattern_fieldid") t_uuid = base64.b64decode(s_value) elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME: logger.info("pattern_field_filename") filename = base64.b64decode(s_value).rstrip('\n') elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR: logger.info("pattern_field_json") json_str = base64.b64decode(s_value).rstrip('\n') else: logger.error("unknown type: %s" % s_type) if self.__asecmodel.get_suggestion(t_uuid) is None: suggestion = AsecDb_Suggestion(suggestion_group_id=UUID(t_uuid).bytes, filename=filename,location="") self.__asecmodel.set_suggestion(suggestion) suggestion_pattern = AsecDb_Suggestion_pattern(suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str) self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def process_message_mlog4fwk(self, data, data_len): """Processes the mlog4fwk message. """ logger.info("processing message: mlog4fwk") total = data_len readed = 0 pkg = data logstr = "" sensor = "" regex = "" while readed < total: s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:]) readed += s_len + 8 if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE: logstr = s_value #base64.b64decode(s_value).rstrip('\n') elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP: regex = base64.b64decode(s_value) elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID: sensor = base64.b64decode(s_value) logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor))) else: logger.error("unknown type: %s" % s_type) obj = AsecDb_AlarmCoincidence(data=regex, sample_log=logstr, sensor_id=UUID(sensor).bytes) self.__asecmodel.set_alarm_coincidence(obj)
def process_message_pattern(self, data, data_len): """Processes the pattern message. """ logger.info("processing message: pattern") total = data_len readed = 0 pkg = data logid = 0 t_uuid = "" filename = "" json_str = "" while readed < total: s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:]) readed += s_len + 8 if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID: logger.info("pattern_fieldid") t_uuid = base64.b64decode(s_value) elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME: logger.info("pattern_field_filename") filename = base64.b64decode(s_value).rstrip('\n') elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR: logger.info("pattern_field_json") json_str = base64.b64decode(s_value).rstrip('\n') else: logger.error("unknown type: %s" % s_type) if self.__asecmodel.get_suggestion(t_uuid) is None: suggestion = AsecDb_Suggestion( suggestion_group_id=UUID(t_uuid).bytes, filename=filename, location="") self.__asecmodel.set_suggestion(suggestion) suggestion_pattern = AsecDb_Suggestion_pattern( suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str) self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def sendPatternSuggestion(self, suggestion, patterns): """@brief Builds a composite TLV to send a the pattern to the ASEC system. @param suggestion: the suggestion """ logger.info("Sending results...") tlv_list = [] suggestion_id = UUID(bytes=suggestion.suggestion_group_id) b64_suggestion_id = base64.b64encode(str(suggestion_id)) tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \ str(b64_suggestion_id), len(str(b64_suggestion_id))) suggestion_filename = "" if suggestion.location is None or suggestion.location == "": suggestion_filename = suggestion.filename else: suggestion_filename = suggestion.location suggestion_filename = base64.b64encode(suggestion_filename) tlv_suggestion_filename = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename, len(suggestion_filename)) suggestion_json = '{"patterns":[' pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns]) suggestion_json = suggestion_json+pattern_list+"]}" suggestion_json = base64.b64encode(suggestion_json) tlv_suggestion_json = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json, len(suggestion_json)) tlv_list.append(tlv_suggestion_id) tlv_list.append(tlv_suggestion_filename) tlv_list.append(tlv_suggestion_json) tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN, tlv_list) attempts = 3 while attempts>0: if not self.__send(tlvcomposite): attempts = attempts - 1 time.sleep(1) else: try: self.__asecmodel.delete_suggestion(str(suggestion_id)) except Exception,e: logger.error("Can't remove the suggestionid: %s" % str(e)) return False return True
def process_message_active_plugin(self, data, data_len): """Processes the active plugin message. """ logger.info("processing active plugin message") total = data_len readed = 0 pkg = data plugin_id = "" plugin_name = "" sensor_id = "" log_file = "" while readed < total: s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:]) readed += s_len + 8 if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID: plugin_id = base64.b64decode(s_value).rstrip('\n') logger.info("pattern_pluginid: %s" % plugin_id) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME: plugin_name = base64.b64decode(s_value).rstrip('\n') logger.info("pattern_field_pluginname :%s" % plugin_name) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID: sensor_id = base64.b64decode(s_value) logger.info("pattern_field_sensorid :%s" % sensor_id) elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE: log_file = base64.b64decode(s_value) else: logger.error("unknown type: %s" % s_type) try: pid = int(plugin_id) except: logger.error("invalid plugin %s" % plugin_id) pid = 0 notification = AsecDb_Notification(plugin_id=pid, sensor_id=UUID(sensor_id).bytes, rule_name=plugin_name, log_file=log_file) self.__asecmodel.set_notification(notification)
def process(self, requestor, line): """Processes an ASEC requests requestor: Source Socket line: command to process """ msg = Util.get_var("msg=\"([^\"]+)\"", line) line = base64.b64decode(msg) # TODO ACK tlv response = "" try: tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line) if tlv_type == ASECTLV.TLV_TYPE_PATTERN: self.process_message_pattern(tlv_value, tlv_len) elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK: self.process_message_mlog4fwk(tlv_value, tlv_len); elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN: self.process_message_active_plugin(tlv_value, tlv_len) else: logger.error("unknown tlv") except Exception, e: import traceback logger.error(traceback.print_exc()) logger.error("ERROR: %s" % str(e))
def process(self, requestor, line): """Processes an ASEC requests requestor: Source Socket line: command to process """ msg = Util.get_var("msg=\"([^\"]+)\"", line) line = base64.b64decode(msg) # TODO ACK tlv response = "" try: tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line) if tlv_type == ASECTLV.TLV_TYPE_PATTERN: self.process_message_pattern(tlv_value, tlv_len) elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK: self.process_message_mlog4fwk(tlv_value, tlv_len) elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN: self.process_message_active_plugin(tlv_value, tlv_len) else: logger.error("unknown tlv") except Exception, e: import traceback logger.error(traceback.print_exc()) logger.error("ERROR: %s" % str(e))