Example #1
0
def insert_data(rows, count):
    """
    Attempt to insert the first 'count' items in 'rows' into the database table `samapper`.`Syslog`.
    Exits script on critical failure.
    Args:
        rows: The iterable containing dictionaries to insert
            (dictionaries must all have the same keys, matching column names)
        count: The number of items from rows to insert

    Returns:
        None
    """
    try:
        truncated_rows = rows[:count]
        # >>> values = [{"name": "foo", "email": "*****@*****.**"}, {"name": "bar", "email": "*****@*****.**"}]
        # >>> db.multiple_insert('person', values=values, _test=True)
        common.db.multiple_insert('Syslog', values=truncated_rows)
    except Exception as e:
        # see http://dev.mysql.com/doc/refman/5.7/en/error-messages-server.html for codes
        if e[0] == 1049:  # Unknown database 'samapper'
            dbaccess.create_database()
            insert_data(rows, count)
        elif e[0] == 1045:  # Access Denied for '%s'@'%s' (using password: (YES|NO))
            print(e[1])
            print("Check your username / password? (dbconfig_local.py)")
            sys.exit(1)
        else:
            print("Critical failure.")
            print(e.message)
            sys.exit(2)
Example #2
0
    def collect_stats(self):
        self.stats = []
        dbworks = dbaccess.test_database()
        if dbworks == 1049:  # database not found
            dbaccess.create_database()
        elif dbworks == 1045:  # invalid username/password
            self.stats.append(("Access Denied. Check username/password?", "Error 1045"))
            return

        rows = common.db.query("SELECT COUNT(*) AS 'cnt' FROM Syslog;")
        self.stats.append(("Number of rows imported from the Syslog:", str(rows[0]['cnt'])))

        rows = common.db.query(
            "SELECT DestinationIP AS 'Address', COUNT(*) AS 'Connections' FROM Syslog GROUP BY Address;")
        destIPs = len(rows)
        self.stats.append(("Unique destination IP addresses:", str(destIPs)))

        rows = common.db.query("SELECT SourceIP AS 'Address', COUNT(*) AS 'Connections' FROM Syslog GROUP BY Address;")
        self.stats.append(("Unique source IP addresses:", str(len(rows))))

        rows = common.db.query("SELECT DestinationPort AS 'Port', COUNT(*) AS 'Connections' FROM Syslog GROUP BY Port;")
        lrows = rows.list()
        self.stats.append(("Unique destination ports:", str(len(lrows))))
        sys_lrows = [i for i in lrows if i['Port'] < 1024]
        self.stats.append(("Unique system ports (0..1023):", str(len(sys_lrows))))
        usr_lrows = [i for i in lrows if 1024 <= i['Port'] < 49152]
        self.stats.append(("Unique user ports (1024..49151):", str(len(usr_lrows))))
        prv_lrows = [i for i in lrows if 49152 <= i['Port'] < 65536]
        self.stats.append(("Unique private ports (49152..65535):", str(len(prv_lrows))))

        rows = common.db.query(
            "SELECT DestinationIP AS 'Address', \
            COUNT(DISTINCT DestinationPort) AS 'Ports', COUNT(*) AS 'Connections' \
            FROM Syslog GROUP BY Address ORDER BY Ports DESC, Connections DESC LIMIT 100;")
        if len(rows) > 0:
            lrows = rows.list()
            self.stats.append(("Max ports for one destination: ", str(lrows[0]['Ports'])))
            count = 0
            while count < len(lrows) and lrows[count]['Ports'] > 10:
                count += 1
            if count != len(lrows):
                self.stats.append(("Percent of destinations with fewer than 10 ports: ", "{0:0.3f}%"
                                   .format((destIPs - count) * 100 / float(destIPs))))

        rows = common.db.query("SELECT COUNT(*) FROM Syslog GROUP BY SourceIP, DestinationIP, DestinationPort;")
        self.stats.append(("Total Number of distinct connections (node -> node:port) stored:", str(len(rows))))
        rows = common.db.query(
            "SELECT COUNT(*) FROM Syslog GROUP BY SourceIP, DestinationIP, DestinationPort HAVING COUNT(*) > 100;")
        self.stats.append(("Number of distinct connections occurring more than 100 times:", str(len(rows))))
Example #3
0
    # common.db.query(query)
    # query = "DELETE FROM Links16 WHERE source8=dest8 && source16=dest16;"
    # common.db.query(query)


def preprocess_log():
    clean_tables()
    import_nodes()
    # grid-based positioning is being handled within import_nodes() now.
    # related functions are retained in case of non-grid layouts in the future.
    # position_nodes()
    import_links()
    print("Pre-processing completed successfully.")


# If running as a script, begin by executing main.
if __name__ == "__main__":
    access = dbaccess.test_database()
    if access == 1049:
        dbaccess.create_database()
    elif access == 1045:
        print(
            "Database access denied. Check you username / password? (dbconfig_local.py)"
        )
    else:
        preprocess_log()

# time python preprocess.py >/dev/null 2>/dev/null
# is about half of
# time python preprocess.py