lib_tabular.AddData(log_strm, grph, node_process, "CIM_Process", pidstr,
["cpu", "virt"], tpl[1:3])
################################################################################
# Runs in the subprocess of the HTTP server and parses the output of "tcpdump".
# The entity id should be the default value and is not relevant.
def TopEngine(sharedTupleQueue, entityId):
while 1:
# Should be a parameter.
sys.stderr.write("Top pid=%d entity=%s sz=%d" %
(os.getpid(), entityId, sharedTupleQueue.qsize()))
for proc in psutil.process_iter():
pid = proc.pid
cpu_percent = proc.get_cpu_percent(interval=0)
rss, vms = proc.get_memory_info()
sharedTupleQueue.put((pid, cpu_percent, vms))
time.sleep(20)
# Should never happen.
return "top execution end"
################################################################################
# This is the CGI script started by Apache.
if __name__ == '__main__':
lib_webserv.DoTheJob(TopEngine, TopDeserialize, __file__,
"top processes statistics")
def TcpDumpEngine(sharedTupleQueue, entityId):
tmpFil = lib_common.TmpFile("TcpDump", "log")
filNam = tmpFil.Name
fil = open(filNam, "w")
tcpdump_cmd = GetTcmpDumpCommand()
fil.write("TCPcommand=%s\n" % (tcpdump_cmd))
fil.flush()
cnt = 0
for lin in os.popen(tcpdump_cmd):
sys.stderr.write("cnt=%d:%s\n" % (cnt, lin))
if lin:
TcpDumpEnqueue(sharedTupleQueue, lin)
if cnt % 100 == 0:
fil.write("cnt=%d:%s" % (cnt, lin))
fil.flush()
cnt += 1
fil.write("Leaving after %d iterations\n" % (cnt))
fil.close()
return "Tcpdump execution end"
################################################################################
if __name__ == '__main__':
img = "http://sectools.org/logos/tcpdump-80x70.png"
lib_webserv.DoTheJob(TcpDumpEngine, TcpDumpDeserialize, __file__,
"Tcpdump display", img)
if not funcName in func_parsers:
LogMsg( "Unknown function=" + lin )
continue
# Example: "66, {sa_family=AF_NETLINK, pid=7593, groups=00000000}, [12]"
args = matchCall.group(3)
vecArgs = ParseArgs( args )
# The entity is the process id.
lstResult = [ entityId, funcName ] + vecArgs
# This builds a tuple from a list.
sharedTupleQueue.put( tuple( lstResult ) )
# TODO: IL FAUDRAIT LAISSER UN MESSAGE POUR LE PROCESS LECTEUR.
# PEUT ETRE QIE CONVENTIONNELLEMENT, SI ON LAISSE DANS LA QUEUE
# AUTRE CHSOE QU UN TUPLE, C EST UN MESSAGE ???
LogMsg( "Leaving." )
return "THIS IS AN ERROR AND LEAVING MESSAGE"
################################################################################
# Pour tester, utiliser le process qui execute firefox-bin
# car il nous appartient et de plus est tres actif.
if __name__ == '__main__':
lib_webserv.DoTheJob(STraceEngine,STraceDeserialize,__file__,"strace stack trace","LAYOUT_RECT")
fil = open(filNam,"w")
# TODO: The delay could be a parameter.
iostat_cmd = "iostat -d 1"
fil.write( "iostat_cmd=%s\n" % ( iostat_cmd ) )
fil.flush()
cnt = 0
for lin in os.popen(iostat_cmd):
sys.stderr.write("cnt=%d:%s\n" % ( cnt, lin ) )
if lin:
# We transfer also the header.
spl = re.split(' +',lin)
sharedTupleQueue.put( tuple( spl ) )
if cnt % 100 == 0:
fil.write("cnt=%d:%s" % ( cnt, lin ) )
fil.flush()
cnt += 1
fil.write( "Leaving after %d iterations\n" % ( cnt ) )
fil.close()
return "Iostat execution end"
################################################################################
if __name__ == '__main__':
img = "http://sectools.org/logos/tcpdump-80x70.png"
lib_webserv.DoTheJob(IOStatEngine,IOStatDeserialize,__file__,"Disks iostat",img)
| win32con.FILE_SHARE_WRITE | win32con.FILE_SHARE_DELETE, None,
win32con.OPEN_EXISTING, win32con.FILE_FLAG_BACKUP_SEMANTICS, None)
while True:
#
# ReadDirectoryChangesW takes a previously-created
# handle to a directory, a buffer size for results,
# a flag to indicate whether to watch subtrees and
# a filter of what changes to notify.
#
# NB Tim Juchcinski reports that he needed to up
# the buffer size to be sure of picking up all
# events when a large number of files were
# deleted at once.
#
results = win32file.ReadDirectoryChangesW(
hDir, 1024, True, win32con.FILE_NOTIFY_CHANGE_FILE_NAME
| win32con.FILE_NOTIFY_CHANGE_DIR_NAME
| win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES
| win32con.FILE_NOTIFY_CHANGE_SIZE
| win32con.FILE_NOTIFY_CHANGE_LAST_WRITE
| win32con.FILE_NOTIFY_CHANGE_SECURITY, None, None)
for action, updated_file in results:
sharedTupleQueue.put(
[path_to_watch, updated_file,
ACTIONS.get(action, "Unknown")])
if __name__ == '__main__':
lib_webserv.DoTheJob(WindDirChangeEngine, WindDirChangeDeserialize,
__file__, "Directory updates events")
tcpHeader = receivedPacket[34:54]
tcpHdr = struct.unpack("!2s2s16s", tcpHeader)
try:
sourcePort = DecodePort(tcpHdr[0], 0)
destinationPort = DecodePort(tcpHdr[1], 0)
except Exception:
exc = sys.exc_info()[1]
print("Caught:%s" % str(exc))
time.sleep(0.2)
sharedTupleQueue.put(
(protoc, sourceIP, sourcePort, destinationIP, destinationPort))
################################################################################
def PromiscuousEngine(sharedTupleQueue, entityId):
if lib_util.isPlatformWindows:
PromiscuousEngineWin(sharedTupleQueue, entityId)
else:
PromiscuousEngineLinux(sharedTupleQueue, entityId)
################################################################################
if __name__ == '__main__':
lib_webserv.DoTheJob(PromiscuousEngine, PromiscuousDeserialize, __file__,
"Sockets in promiscuous mode")