def test_mysqllogger(self): """ Objective: Test if events can be stored to and retrieved from mysql properly. """ # instanciate our mysql logging infrastructure host = '127.0.0.1' port = 3306 username = '******' passphrase = '' db = 'conpot_unittest' logdevice = '' logsocket = 'tcp' sensorid = 'default' mysqllogger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) # create a test event test_event = {} test_event['id'] = 1337 test_event['remote'] = "127.0.0.2" test_event['data_type'] = "unittest" test_event['data'] = {'request': 'foo', 'response': 'bar'} # lets do it, but do not retry in case of failure success = mysqllogger.log(test_event, 0) self.assertTrue(success, 'Could not log to mysql database') # now that we logged something, lets try to retrieve the event again.. retrieved_event = mysqllogger.select_session_data(test_event['id']) self.assertEqual(len(retrieved_event), 1, 'Retrieved wrong number of events (or no event at all)')
def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None self.mysql_logger = None self.json_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('mysql', 'enabled'): host = config.get('mysql', 'host') port = config.getint('mysql', 'port') db = config.get('mysql', 'db') username = config.get('mysql', 'username') passphrase = config.get('mysql', 'passphrase') logdevice = config.get('mysql', 'device') logsocket = config.get('mysql', 'socket') sensorid = config.get('common', 'sensorid') self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) if config.getboolean('json', 'enabled'): filename = config.get('json', 'filename') sensorid = config.get('common', 'sensorid') self.json_logger = JsonLogger(filename, sensorid, public_ip) if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True
def test_mysqllogger(self): """ Objective: Test if events can be stored to and retrieved from mysql properly. """ # instanciate our mysql logging infrastructure host = "127.0.0.1" port = 3306 username = "******" passphrase = "" db = "conpot_unittest" logdevice = "" logsocket = "tcp" sensorid = "default" mysqllogger = MySQLlogger( host, port, db, username, passphrase, logdevice, logsocket, sensorid ) # create a test event test_event = dict() test_event["id"] = 1337 test_event["remote"] = "127.0.0.2" test_event["data_type"] = "unittest" test_event["data"] = {"request": "foo", "response": "bar"} # lets do it, but do not retry in case of failure success = mysqllogger.log(test_event, 0) self.assertTrue(success, "Could not log to mysql database") # now that we logged something, lets try to retrieve the event again.. retrieved_event = mysqllogger.select_session_data(test_event["id"]) self.assertEqual( len(retrieved_event), 1, "Retrieved wrong number of events (or no event at all)", )
class LogWorker(object): def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None self.mysql_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('mysql', 'enabled'): host = config.get('mysql', 'host') port = config.getint('mysql', 'port') db = config.get('mysql', 'db') username = config.get('mysql', 'username') passphrase = config.get('mysql', 'passphrase') logdevice = config.get('mysql', 'device') logsocket = config.get('mysql', 'socket') sensorid = config.get('common', 'sensorid') self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True def _json_default(self, obj): if isinstance(obj, datetime): return obj.isoformat() elif isinstance(obj, uuid.UUID): return str(obj) else: return None def _process_sessions(self): sessions = self.session_manager._sessions try: session_timeout = self.config.get("session", "timeout") except (ConfigParser.NoSectionError, ConfigParser.NoOptionError): session_timeout = 5 for session in sessions: if len(session.data) > 0: sec_last_event = max(session.data) / 1000 else: sec_last_event = 0 sec_session_start = time.mktime(session.timestamp.timetuple()) sec_now = time.mktime(datetime.utcnow().timetuple()) if (sec_now - (sec_session_start + sec_last_event)) >= session_timeout: # TODO: We need to close sockets in this case logger.info('Session timed out: %s', session.id) session.set_ended() sessions.remove(session) def start(self): self.enabled = True while self.enabled: try: event = self.log_queue.get(timeout=2) except Empty: self._process_sessions() else: if self.public_ip: event["public_ip"] = self.public_ip if self.friends_feeder: self.friends_feeder.log(json.dumps( event, ensure_ascii=False, default=self._json_default)) if self.sqlite_logger: self.sqlite_logger.log(event) if self.mysql_logger: self.mysql_logger.log(event) if self.syslog_client: self.syslog_client.log(event) if self.taxii_logger: self.taxii_logger.log(event) def stop(self): self.enabled = False
class LogWorker(object): def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None self.mysql_logger = None self.json_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('mysql', 'enabled'): host = config.get('mysql', 'host') port = config.getint('mysql', 'port') db = config.get('mysql', 'db') username = config.get('mysql', 'username') passphrase = config.get('mysql', 'passphrase') logdevice = config.get('mysql', 'device') logsocket = config.get('mysql', 'socket') sensorid = config.get('common', 'sensorid') self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) if config.getboolean('json', 'enabled'): filename = config.get('json', 'filename') sensorid = config.get('common', 'sensorid') self.json_logger = JsonLogger(filename, sensorid, public_ip) if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True def _process_sessions(self): sessions = self.session_manager._sessions try: session_timeout = self.config.get("session", "timeout") except (ConfigParser.NoSectionError, ConfigParser.NoOptionError): session_timeout = 5 for session in sessions: if len(session.data) > 0: sec_last_event = max(session.data) / 1000 else: sec_last_event = 0 sec_session_start = time.mktime(session.timestamp.timetuple()) sec_now = time.mktime(datetime.utcnow().timetuple()) if (sec_now - (sec_session_start + sec_last_event)) >= session_timeout: # TODO: We need to close sockets in this case logger.info('Session timed out: %s', session.id) session.set_ended() sessions.remove(session) def start(self): self.enabled = True while self.enabled: try: event = self.log_queue.get(timeout=2) except Empty: self._process_sessions() else: if self.public_ip: event["public_ip"] = self.public_ip if self.friends_feeder: self.friends_feeder.log( json.dumps(event, default=json_default)) if self.sqlite_logger: self.sqlite_logger.log(event) if self.mysql_logger: self.mysql_logger.log(event) if self.syslog_client: self.syslog_client.log(event) if self.taxii_logger: self.taxii_logger.log(event) if self.json_logger: self.json_logger.log(event) def stop(self): self.enabled = False