def setUp(self):
self.ld_ng = logs_load.LogsLoadNG()
self.ld_ng.sql_server = sql_server.SqlServer()
self.server = '.\\Express'
self.database = 'NetIncident2'
self.dos_log = "[DoS attack: FIN Scan] attack packets in last 20 sec from ip [63.251.98.12], Thursday, May 03,2018 05:46:58"
self.adm_log = "[Admin login] from source 192.168.8.27, Thursday, May 03,2018 07:58:47"
self.ok_log = "[DHCP IP: (192.168.8.22)] to MAC address 74:E5:0B:69:9A:D6, Wednesday, May 02,2018 10:42:39"
def setUp(self):
self.ld_ngr = logs_load.LogsLoadNGR()
self.ld_ngr.sql_server = sql_server.SqlServer()
self.server = '.\\Express'
self.database = 'NetIncident2'
self.dos_log = "[DoS attack: RST Scan] from source: 54.203.85.98:8883, Tuesday, February 02,2021 05:37:39 "
self.dos2_log = "[DoS attack: TCP Port Scan] from source: 194.165.16.16:65533, Tuesday, February 02,2021 11:50:59 "
self.adm_log = "[admin login] from source 192.168.1.22, Wednesday, February 03,2021 15:01:09 "
self.ok_log = "[DHCP IP: (192.168.1.22)] to MAC address 34:F6:4B:6C:31:D0, Wednesday, February 03,2021 14:43:57 "
def setUp(self):
self.ld_iis = logs_load.LogsLoadIIS()
self.ld_iis.sql_server = sql_server.SqlServer()
self.server = '.\\Express'
self.database = 'NetIncident2'
self.php_log = '2018-05-29 00:11:44 10.10.1.10 GET / -dallow_url_include=on+-dauto_prepend_file=php://input 80 - 10.10.1.10 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 - 200 0 0 1'
self.sql_log = "2018-05-28 23:59:48 10.10.1.10 GET / Category=Files&Id=62'A=0 80 - 10.10.1.10 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 - 200 0 0 1"
self.xss_log = '2018-05-29 00:13:44 10.10.1.10 GET / ReturnUrl=%3Cscript%3Ealert(%22xssvuln%22)%3C/script%3E 80 - 10.10.1.10 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 - 200 0 0 1'
self.ok_log = '2018-05-28 22:16:15 10.10.1.10 GET /images/favicon.ico - 80 - 10.10.1.10 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.181+Safari/537.36 http://localhost/ 200 0 0 53'
def test_log_process_load_iis_incident_types(self):
""" test of: log_process_load_iis_incident_types, loads in a static amount of incidentType
that go to the short description.
"""
self.ld_iis.sql_server = sql_server.SqlServer()
self.ld_iis.sql_server.sql_connection(
self.ld_iis.sql_server.sql_connection_trusted_string(
self.server, self.database))
self.ld_iis.log_process_load_iis_incident_types()
self.assertNotEqual(-1, self.ld_iis.php_inc_type)
self.assertNotEqual(-1, self.ld_iis.sql_inc_type)
self.assertNotEqual(-1, self.ld_iis.vs_inc_type)
self.assertNotEqual(-1, self.ld_iis.xss_inc_type)
def log_process_main(self, server, db_name, file_path, server_id):
""" function: application main """
print("NetGear arguments are: ", server, db_name, file_path, server_id)
#
input_file = Path(file_path)
if input_file.exists():
# NetGear logs path/file exists
self.sql_server = sql_server.SqlServer()
self.sql_server.sql_connection(
self.sql_server.sql_connection_trusted_string(server, db_name))
self.log_process_load_iis_incident_types()
self.server_id = int(server_id)
log_file = open(file_path, "r")
for line in log_file:
self.log_process_iis_line(line.rstrip())
log_file.close()
else:
print(file_path, ' not found')
def log_process_main(self, server, db_name, file_path, server_id):
""" function: application main """
print("The arguments are: ", server, db_name, file_path, server_id)
#
input_file = Path(file_path)
if input_file.exists():
# path/file exists
self.sql_server = sql_server.SqlServer()
self.sql_server.sql_connection(
self.sql_server.sql_connection_trusted_string(server, db_name))
self.log_process_load_ngr_incident_types()
self.server_id = int(server_id)
compiled_pattern = re.compile(
"^\[DHCP IP: |^\[Service blocked: ICMP_echo_req|^\[Time synchronized|^\[Internet connected|^\[Internet disconnected|^\[Log Cleared|^\[UPnP set event|^\[WLAN access rejected|^\[email sent to"
)
log_file = open(file_path, "r")
for line in log_file:
# Ignore the following logs:
# * [DHCP IP: (192.168
# * [Service blocked: ICMP_echo_req
# * [Time synchronized
# * [Internet connected
# * [Internet disconnected
# * [Log Cleared
# * [UPnP set event
# * [WLAN access rejected
# * [email sent to
# Passed through:
# * [Admin login]
# * [Initialized, firmware
# * [DoS attack:
match = compiled_pattern.match(line)
if not match:
self.log_process_ngr_line(line.rstrip())
log_file.close()
if self.warning_logs:
print('==== Warnings ====')
for _, log in enumerate(self.warning_logs):
print(log)
else:
print(file_path, ' not found')
def setUp(self):
self.sql_server = sql_server.SqlServer()
self.server = '.\\Express'
self.database = 'NetIncident2'