def sendPatternSuggestion(self, suggestion, patterns):
"""@brief Builds a composite TLV to send a the pattern
to the ASEC system.
@param suggestion: the suggestion
"""
logger.info("Sending results...")
tlv_list = []
suggestion_id = UUID(bytes=suggestion.suggestion_group_id)
b64_suggestion_id = base64.b64encode(str(suggestion_id))
tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \
str(b64_suggestion_id), len(str(b64_suggestion_id)))
suggestion_filename = ""
if suggestion.location is None or suggestion.location == "":
suggestion_filename = suggestion.filename
else:
suggestion_filename = suggestion.location
suggestion_filename = base64.b64encode(suggestion_filename)
tlv_suggestion_filename = ASECTLV.tlv_simple(
ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename,
len(suggestion_filename))
suggestion_json = '{"patterns":['
pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns])
suggestion_json = suggestion_json + pattern_list + "]}"
suggestion_json = base64.b64encode(suggestion_json)
tlv_suggestion_json = ASECTLV.tlv_simple(
ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json,
len(suggestion_json))
tlv_list.append(tlv_suggestion_id)
tlv_list.append(tlv_suggestion_filename)
tlv_list.append(tlv_suggestion_json)
tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN,
tlv_list)
attempts = 3
while attempts > 0:
if not self.__send(tlvcomposite):
attempts = attempts - 1
time.sleep(1)
else:
try:
self.__asecmodel.delete_suggestion(str(suggestion_id))
except Exception, e:
logger.error("Can't remove the suggestionid: %s" % str(e))
return False
return True
def process_message_active_plugin(self, data, data_len):
"""Processes the active plugin message.
"""
logger.info("processing active plugin message")
total = data_len
readed = 0
pkg = data
plugin_id = ""
plugin_name = ""
sensor_id = ""
log_file =""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
plugin_id = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_pluginid: %s" % plugin_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
plugin_name = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_field_pluginname :%s" % plugin_name)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
sensor_id = base64.b64decode(s_value)
logger.info("pattern_field_sensorid :%s" % sensor_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
log_file = base64.b64decode(s_value)
else:
logger.error("unknown type: %s" % s_type)
try:
pid = int(plugin_id)
except:
logger.error("invalid plugin %s" % plugin_id)
pid = 0
notification = AsecDb_Notification(plugin_id=pid, sensor_id=UUID(sensor_id).bytes, rule_name=plugin_name,log_file = log_file)
self.__asecmodel.set_notification(notification)
def process_message_pattern(self, data, data_len):
"""Processes the pattern message.
"""
logger.info("processing message: pattern")
total = data_len
readed = 0
pkg = data
logid = 0
t_uuid = ""
filename = ""
json_str = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
logger.info("pattern_fieldid")
t_uuid = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
logger.info("pattern_field_filename")
filename = base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
logger.info("pattern_field_json")
json_str = base64.b64decode(s_value).rstrip('\n')
else:
logger.error("unknown type: %s" % s_type)
if self.__asecmodel.get_suggestion(t_uuid) is None:
suggestion = AsecDb_Suggestion(suggestion_group_id=UUID(t_uuid).bytes, filename=filename,location="")
self.__asecmodel.set_suggestion(suggestion)
suggestion_pattern = AsecDb_Suggestion_pattern(suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def process_message_mlog4fwk(self, data, data_len):
"""Processes the mlog4fwk message.
"""
logger.info("processing message: mlog4fwk")
total = data_len
readed = 0
pkg = data
logstr = ""
sensor = ""
regex = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
logstr = s_value #base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
regex = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
sensor = base64.b64decode(s_value)
logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
else:
logger.error("unknown type: %s" % s_type)
obj = AsecDb_AlarmCoincidence(data=regex, sample_log=logstr, sensor_id=UUID(sensor).bytes)
self.__asecmodel.set_alarm_coincidence(obj)
def process_message_pattern(self, data, data_len):
"""Processes the pattern message.
"""
logger.info("processing message: pattern")
total = data_len
readed = 0
pkg = data
logid = 0
t_uuid = ""
filename = ""
json_str = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
logger.info("pattern_fieldid")
t_uuid = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
logger.info("pattern_field_filename")
filename = base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
logger.info("pattern_field_json")
json_str = base64.b64decode(s_value).rstrip('\n')
else:
logger.error("unknown type: %s" % s_type)
if self.__asecmodel.get_suggestion(t_uuid) is None:
suggestion = AsecDb_Suggestion(
suggestion_group_id=UUID(t_uuid).bytes,
filename=filename,
location="")
self.__asecmodel.set_suggestion(suggestion)
suggestion_pattern = AsecDb_Suggestion_pattern(
suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def process_message_mlog4fwk(self, data, data_len):
"""Processes the mlog4fwk message.
"""
logger.info("processing message: mlog4fwk")
total = data_len
readed = 0
pkg = data
logstr = ""
sensor = ""
regex = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
logstr = s_value #base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
regex = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
sensor = base64.b64decode(s_value)
logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
else:
logger.error("unknown type: %s" % s_type)
obj = AsecDb_AlarmCoincidence(data=regex,
sample_log=logstr,
sensor_id=UUID(sensor).bytes)
self.__asecmodel.set_alarm_coincidence(obj)
def sendPatternSuggestion(self, suggestion, patterns):
"""@brief Builds a composite TLV to send a the pattern
to the ASEC system.
@param suggestion: the suggestion
"""
logger.info("Sending results...")
tlv_list = []
suggestion_id = UUID(bytes=suggestion.suggestion_group_id)
b64_suggestion_id = base64.b64encode(str(suggestion_id))
tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \
str(b64_suggestion_id), len(str(b64_suggestion_id)))
suggestion_filename = ""
if suggestion.location is None or suggestion.location == "":
suggestion_filename = suggestion.filename
else:
suggestion_filename = suggestion.location
suggestion_filename = base64.b64encode(suggestion_filename)
tlv_suggestion_filename = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename, len(suggestion_filename))
suggestion_json = '{"patterns":['
pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns])
suggestion_json = suggestion_json+pattern_list+"]}"
suggestion_json = base64.b64encode(suggestion_json)
tlv_suggestion_json = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json, len(suggestion_json))
tlv_list.append(tlv_suggestion_id)
tlv_list.append(tlv_suggestion_filename)
tlv_list.append(tlv_suggestion_json)
tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN, tlv_list)
attempts = 3
while attempts>0:
if not self.__send(tlvcomposite):
attempts = attempts - 1
time.sleep(1)
else:
try:
self.__asecmodel.delete_suggestion(str(suggestion_id))
except Exception,e:
logger.error("Can't remove the suggestionid: %s" % str(e))
return False
return True
def process_message_active_plugin(self, data, data_len):
"""Processes the active plugin message.
"""
logger.info("processing active plugin message")
total = data_len
readed = 0
pkg = data
plugin_id = ""
plugin_name = ""
sensor_id = ""
log_file = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
plugin_id = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_pluginid: %s" % plugin_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
plugin_name = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_field_pluginname :%s" % plugin_name)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
sensor_id = base64.b64decode(s_value)
logger.info("pattern_field_sensorid :%s" % sensor_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
log_file = base64.b64decode(s_value)
else:
logger.error("unknown type: %s" % s_type)
try:
pid = int(plugin_id)
except:
logger.error("invalid plugin %s" % plugin_id)
pid = 0
notification = AsecDb_Notification(plugin_id=pid,
sensor_id=UUID(sensor_id).bytes,
rule_name=plugin_name,
log_file=log_file)
self.__asecmodel.set_notification(notification)
def process(self, requestor, line):
"""Processes an ASEC requests
requestor: Source Socket
line: command to process
"""
msg = Util.get_var("msg=\"([^\"]+)\"", line)
line = base64.b64decode(msg)
# TODO ACK tlv
response = ""
try:
tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
self.process_message_pattern(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
self.process_message_mlog4fwk(tlv_value, tlv_len);
elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
self.process_message_active_plugin(tlv_value, tlv_len)
else:
logger.error("unknown tlv")
except Exception, e:
import traceback
logger.error(traceback.print_exc())
logger.error("ERROR: %s" % str(e))
def process(self, requestor, line):
"""Processes an ASEC requests
requestor: Source Socket
line: command to process
"""
msg = Util.get_var("msg=\"([^\"]+)\"", line)
line = base64.b64decode(msg)
# TODO ACK tlv
response = ""
try:
tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
self.process_message_pattern(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
self.process_message_mlog4fwk(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
self.process_message_active_plugin(tlv_value, tlv_len)
else:
logger.error("unknown tlv")
except Exception, e:
import traceback
logger.error(traceback.print_exc())
logger.error("ERROR: %s" % str(e))