def test_mysqllogger(self):
"""
Objective: Test if events can be stored to and retrieved from mysql properly.
"""
# instanciate our mysql logging infrastructure
host = '127.0.0.1'
port = 3306
username = '******'
passphrase = ''
db = 'conpot_unittest'
logdevice = ''
logsocket = 'tcp'
sensorid = 'default'
mysqllogger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
# create a test event
test_event = {}
test_event['id'] = 1337
test_event['remote'] = "127.0.0.2"
test_event['data_type'] = "unittest"
test_event['data'] = {'request': 'foo', 'response': 'bar'}
# lets do it, but do not retry in case of failure
success = mysqllogger.log(test_event, 0)
self.assertTrue(success, 'Could not log to mysql database')
# now that we logged something, lets try to retrieve the event again..
retrieved_event = mysqllogger.select_session_data(test_event['id'])
self.assertEqual(len(retrieved_event), 1, 'Retrieved wrong number of events (or no event at all)')
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('mysql', 'enabled'):
host = config.get('mysql', 'host')
port = config.getint('mysql', 'port')
db = config.get('mysql', 'db')
username = config.get('mysql', 'username')
passphrase = config.get('mysql', 'passphrase')
logdevice = config.get('mysql', 'device')
logsocket = config.get('mysql', 'socket')
sensorid = config.get('common', 'sensorid')
self.mysql_logger = MySQLlogger(host, port, db, username,
passphrase, logdevice, logsocket,
sensorid)
if config.getboolean('json', 'enabled'):
filename = config.get('json', 'filename')
sensorid = config.get('common', 'sensorid')
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def test_mysqllogger(self):
"""
Objective: Test if events can be stored to and retrieved from mysql properly.
"""
# instanciate our mysql logging infrastructure
host = '127.0.0.1'
port = 3306
username = '******'
passphrase = ''
db = 'conpot_unittest'
logdevice = ''
logsocket = 'tcp'
sensorid = 'default'
mysqllogger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
# create a test event
test_event = {}
test_event['id'] = 1337
test_event['remote'] = "127.0.0.2"
test_event['data_type'] = "unittest"
test_event['data'] = {'request': 'foo', 'response': 'bar'}
# lets do it, but do not retry in case of failure
success = mysqllogger.log(test_event, 0)
self.assertTrue(success, 'Could not log to mysql database')
# now that we logged something, lets try to retrieve the event again..
retrieved_event = mysqllogger.select_session_data(test_event['id'])
self.assertEqual(len(retrieved_event), 1, 'Retrieved wrong number of events (or no event at all)')
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('mysql', 'enabled'):
host = config.get('mysql', 'host')
port = config.getint('mysql', 'port')
db = config.get('mysql', 'db')
username = config.get('mysql', 'username')
passphrase = config.get('mysql', 'passphrase')
logdevice = config.get('mysql', 'device')
logsocket = config.get('mysql', 'socket')
sensorid = config.get('common', 'sensorid')
self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
if config.getboolean('json', 'enabled'):
filename = config.get('json', 'filename')
sensorid = config.get('common', 'sensorid')
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def test_mysqllogger(self):
"""
Objective: Test if events can be stored to and retrieved from mysql properly.
"""
# instanciate our mysql logging infrastructure
host = "127.0.0.1"
port = 3306
username = "******"
passphrase = ""
db = "conpot_unittest"
logdevice = ""
logsocket = "tcp"
sensorid = "default"
mysqllogger = MySQLlogger(
host, port, db, username, passphrase, logdevice, logsocket, sensorid
)
# create a test event
test_event = dict()
test_event["id"] = 1337
test_event["remote"] = "127.0.0.2"
test_event["data_type"] = "unittest"
test_event["data"] = {"request": "foo", "response": "bar"}
# lets do it, but do not retry in case of failure
success = mysqllogger.log(test_event, 0)
self.assertTrue(success, "Could not log to mysql database")
# now that we logged something, lets try to retrieve the event again..
retrieved_event = mysqllogger.select_session_data(test_event["id"])
self.assertEqual(
len(retrieved_event),
1,
"Retrieved wrong number of events (or no event at all)",
)
class LogWorker(object):
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
self.mysql_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('mysql', 'enabled'):
host = config.get('mysql', 'host')
port = config.getint('mysql', 'port')
db = config.get('mysql', 'db')
username = config.get('mysql', 'username')
passphrase = config.get('mysql', 'passphrase')
logdevice = config.get('mysql', 'device')
logsocket = config.get('mysql', 'socket')
sensorid = config.get('common', 'sensorid')
self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def _json_default(self, obj):
if isinstance(obj, datetime):
return obj.isoformat()
elif isinstance(obj, uuid.UUID):
return str(obj)
else:
return None
def _process_sessions(self):
sessions = self.session_manager._sessions
try:
session_timeout = self.config.get("session", "timeout")
except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
session_timeout = 5
for session in sessions:
if len(session.data) > 0:
sec_last_event = max(session.data) / 1000
else:
sec_last_event = 0
sec_session_start = time.mktime(session.timestamp.timetuple())
sec_now = time.mktime(datetime.utcnow().timetuple())
if (sec_now - (sec_session_start + sec_last_event)) >= session_timeout:
# TODO: We need to close sockets in this case
logger.info('Session timed out: %s', session.id)
session.set_ended()
sessions.remove(session)
def start(self):
self.enabled = True
while self.enabled:
try:
event = self.log_queue.get(timeout=2)
except Empty:
self._process_sessions()
else:
if self.public_ip:
event["public_ip"] = self.public_ip
if self.friends_feeder:
self.friends_feeder.log(json.dumps(
event, ensure_ascii=False, default=self._json_default))
if self.sqlite_logger:
self.sqlite_logger.log(event)
if self.mysql_logger:
self.mysql_logger.log(event)
if self.syslog_client:
self.syslog_client.log(event)
if self.taxii_logger:
self.taxii_logger.log(event)
def stop(self):
self.enabled = False
class LogWorker(object):
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('mysql', 'enabled'):
host = config.get('mysql', 'host')
port = config.getint('mysql', 'port')
db = config.get('mysql', 'db')
username = config.get('mysql', 'username')
passphrase = config.get('mysql', 'passphrase')
logdevice = config.get('mysql', 'device')
logsocket = config.get('mysql', 'socket')
sensorid = config.get('common', 'sensorid')
self.mysql_logger = MySQLlogger(host, port, db, username,
passphrase, logdevice, logsocket,
sensorid)
if config.getboolean('json', 'enabled'):
filename = config.get('json', 'filename')
sensorid = config.get('common', 'sensorid')
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def _process_sessions(self):
sessions = self.session_manager._sessions
try:
session_timeout = self.config.get("session", "timeout")
except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
session_timeout = 5
for session in sessions:
if len(session.data) > 0:
sec_last_event = max(session.data) / 1000
else:
sec_last_event = 0
sec_session_start = time.mktime(session.timestamp.timetuple())
sec_now = time.mktime(datetime.utcnow().timetuple())
if (sec_now -
(sec_session_start + sec_last_event)) >= session_timeout:
# TODO: We need to close sockets in this case
logger.info('Session timed out: %s', session.id)
session.set_ended()
sessions.remove(session)
def start(self):
self.enabled = True
while self.enabled:
try:
event = self.log_queue.get(timeout=2)
except Empty:
self._process_sessions()
else:
if self.public_ip:
event["public_ip"] = self.public_ip
if self.friends_feeder:
self.friends_feeder.log(
json.dumps(event, default=json_default))
if self.sqlite_logger:
self.sqlite_logger.log(event)
if self.mysql_logger:
self.mysql_logger.log(event)
if self.syslog_client:
self.syslog_client.log(event)
if self.taxii_logger:
self.taxii_logger.log(event)
if self.json_logger:
self.json_logger.log(event)
def stop(self):
self.enabled = False
