def process_message_pattern(self, data, data_len):
"""Processes the pattern message.
"""
logger.info("processing message: pattern")
total = data_len
readed = 0
pkg = data
logid = 0
t_uuid = ""
filename = ""
json_str = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
logger.info("pattern_fieldid")
t_uuid = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
logger.info("pattern_field_filename")
filename = base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
logger.info("pattern_field_json")
json_str = base64.b64decode(s_value).rstrip('\n')
else:
logger.error("unknown type: %s" % s_type)
if self.__asecmodel.get_suggestion(t_uuid) is None:
suggestion = AsecDb_Suggestion(suggestion_group_id=UUID(t_uuid).bytes, filename=filename,location="")
self.__asecmodel.set_suggestion(suggestion)
suggestion_pattern = AsecDb_Suggestion_pattern(suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def process_message_active_plugin(self, data, data_len):
"""Processes the active plugin message.
"""
logger.info("processing active plugin message")
total = data_len
readed = 0
pkg = data
plugin_id = ""
plugin_name = ""
sensor_id = ""
log_file =""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
plugin_id = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_pluginid: %s" % plugin_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
plugin_name = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_field_pluginname :%s" % plugin_name)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
sensor_id = base64.b64decode(s_value)
logger.info("pattern_field_sensorid :%s" % sensor_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
log_file = base64.b64decode(s_value)
else:
logger.error("unknown type: %s" % s_type)
try:
pid = int(plugin_id)
except:
logger.error("invalid plugin %s" % plugin_id)
pid = 0
notification = AsecDb_Notification(plugin_id=pid, sensor_id=UUID(sensor_id).bytes, rule_name=plugin_name,log_file = log_file)
self.__asecmodel.set_notification(notification)
def process_message_mlog4fwk(self, data, data_len):
"""Processes the mlog4fwk message.
"""
logger.info("processing message: mlog4fwk")
total = data_len
readed = 0
pkg = data
logstr = ""
sensor = ""
regex = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
logstr = s_value #base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
regex = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
sensor = base64.b64decode(s_value)
logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
else:
logger.error("unknown type: %s" % s_type)
obj = AsecDb_AlarmCoincidence(data=regex, sample_log=logstr, sensor_id=UUID(sensor).bytes)
self.__asecmodel.set_alarm_coincidence(obj)
def process_message_pattern(self, data, data_len):
"""Processes the pattern message.
"""
logger.info("processing message: pattern")
total = data_len
readed = 0
pkg = data
logid = 0
t_uuid = ""
filename = ""
json_str = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
logger.info("pattern_fieldid")
t_uuid = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
logger.info("pattern_field_filename")
filename = base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
logger.info("pattern_field_json")
json_str = base64.b64decode(s_value).rstrip('\n')
else:
logger.error("unknown type: %s" % s_type)
if self.__asecmodel.get_suggestion(t_uuid) is None:
suggestion = AsecDb_Suggestion(
suggestion_group_id=UUID(t_uuid).bytes,
filename=filename,
location="")
self.__asecmodel.set_suggestion(suggestion)
suggestion_pattern = AsecDb_Suggestion_pattern(
suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
def process_message_mlog4fwk(self, data, data_len):
"""Processes the mlog4fwk message.
"""
logger.info("processing message: mlog4fwk")
total = data_len
readed = 0
pkg = data
logstr = ""
sensor = ""
regex = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
logstr = s_value #base64.b64decode(s_value).rstrip('\n')
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
regex = base64.b64decode(s_value)
elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
sensor = base64.b64decode(s_value)
logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
else:
logger.error("unknown type: %s" % s_type)
obj = AsecDb_AlarmCoincidence(data=regex,
sample_log=logstr,
sensor_id=UUID(sensor).bytes)
self.__asecmodel.set_alarm_coincidence(obj)
def process_message_active_plugin(self, data, data_len):
"""Processes the active plugin message.
"""
logger.info("processing active plugin message")
total = data_len
readed = 0
pkg = data
plugin_id = ""
plugin_name = ""
sensor_id = ""
log_file = ""
while readed < total:
s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
readed += s_len + 8
if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
plugin_id = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_pluginid: %s" % plugin_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
plugin_name = base64.b64decode(s_value).rstrip('\n')
logger.info("pattern_field_pluginname :%s" % plugin_name)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
sensor_id = base64.b64decode(s_value)
logger.info("pattern_field_sensorid :%s" % sensor_id)
elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
log_file = base64.b64decode(s_value)
else:
logger.error("unknown type: %s" % s_type)
try:
pid = int(plugin_id)
except:
logger.error("invalid plugin %s" % plugin_id)
pid = 0
notification = AsecDb_Notification(plugin_id=pid,
sensor_id=UUID(sensor_id).bytes,
rule_name=plugin_name,
log_file=log_file)
self.__asecmodel.set_notification(notification)
def process(self, requestor, line):
"""Processes an ASEC requests
requestor: Source Socket
line: command to process
"""
msg = Util.get_var("msg=\"([^\"]+)\"", line)
line = base64.b64decode(msg)
# TODO ACK tlv
response = ""
try:
tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
self.process_message_pattern(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
self.process_message_mlog4fwk(tlv_value, tlv_len);
elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
self.process_message_active_plugin(tlv_value, tlv_len)
else:
logger.error("unknown tlv")
except Exception, e:
import traceback
logger.error(traceback.print_exc())
logger.error("ERROR: %s" % str(e))
def process(self, requestor, line):
"""Processes an ASEC requests
requestor: Source Socket
line: command to process
"""
msg = Util.get_var("msg=\"([^\"]+)\"", line)
line = base64.b64decode(msg)
# TODO ACK tlv
response = ""
try:
tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
self.process_message_pattern(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
self.process_message_mlog4fwk(tlv_value, tlv_len)
elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
self.process_message_active_plugin(tlv_value, tlv_len)
else:
logger.error("unknown tlv")
except Exception, e:
import traceback
logger.error(traceback.print_exc())
logger.error("ERROR: %s" % str(e))
