Example #1
def send_cmd_on_threshold_limit(namespace_dict):
	master_iplist = []
	total_ips = 0
	result = None
	cmdstr =""
	#Loop through the dictionary and log it in mfc_accesslog_analyzer.log
	for items in sorted(namespace_dict):
		iplist = namespace_dict[items]
		#put this list in a unique aggregated list for generating the command that is going to be dumped to a file
		master_iplist.extend(x for x in iplist if x not in master_iplist)
		if result != None:
			result += "Namespace: %s  No of server ips: %d"%(items, len(iplist))
			result = "Namespace: %s  No of server ips: %d"%(items, len(iplist))
		total_ips += len(iplist)
		ipstr = "\n".join(sorted(iplist, reverse=True))
		if result != None:
			result += "\n"+ipstr + "\n"
	if result !=  None:
		result += "\n" + "TOTAL NO OF IP'S: %d"% total_ips + "\n"
		fp_log =  open(mfc_result_file, 'w')
	#Go through the sorted aggreaged list of dest ip's to generate the MX router command
	for item in sorted(master_iplist, reverse=True):
		cmdstr += "set policy-options prefix-list redirect-to-proxy %s\n"% item
	#Send the cmd to be dumped in a file
	if len(master_iplist) > 0:
		del master_iplist[:]
		mfcloganalyzer_log.info("Firing/Saving PBR rules to router/file")
		#print cmdstr
		gen_utils.sendCmd(cmdstr, "no", mfc_pbr_file, 'w')
		mfcloganalyzer_log.info("No PBR rules available in the processed log files")
def sendPbrs(cmds_list):
    err = 0
    if len(cmds_list) > 0:
        # Get the commands to be fired to the router
        cmdstr = "\n".join(cmds_list)
        # print cmdstr
        # dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr)
        if fire_to_router.lower() == "yes":
            dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n")
            dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n")
            # Fire the transaction to the router or to a file
        err = gen_utils.sendCmd(cmdstr, fire_to_router, header.DPI_ANALYZER_RESULT_FILE, "a+", dpiloganalyzer_log)
        if err == 0:
            # Persist with the dictionary of destination-ip's
            with open(header.DEST_IP_PICKLE, "wb") as f:
                if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE):
                    pickle.dump(dest_ips, f)
            del cmds_list[:]
            # Clear the dictionary if it has more than 25000 entries
            if len(dest_ips) > header.MAX_DICT_SIZE:
            dpiloganalyzer_log.error("The 'commit' of the filter-rules failed in the device")
        dpiloganalyzer_log.info("No unique pbr's available to be fired to the router")
Example #3
def sendPbrs(cmds_list):
    err = 0
    if len(cmds_list) > 0:
        #Get the commands to be fired to the router
        cmdstr = "\n".join(cmds_list)
        #print cmdstr
        #dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr)
        if fire_to_router.lower() == 'yes':
            dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n")
            dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n")
        #Fire the transaction to the router or to a file
        err = gen_utils.sendCmd(cmdstr, fire_to_router,
                                header.DPI_ANALYZER_RESULT_FILE, 'a+',
        if err == 0:
            #Persist with the dictionary of destination-ip's
            with open(header.DEST_IP_PICKLE, 'wb') as f:
                if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE):
                    pickle.dump(dest_ips, f)
            del cmds_list[:]
            #Clear the dictionary if it has more than 25000 entries
            if len(dest_ips) > header.MAX_DICT_SIZE:
                "The 'commit' of the filter-rules failed in the device")
            "No unique pbr's available to be fired to the router")
def fireOneTimeCommands(analyzer_conf_dict):
        mfc_interface_ip = analyzer_conf_dict["mfc_interface_ip"]
        mx_client_interface = analyzer_conf_dict["mx_client_interface"]
        mx_server_interface = analyzer_conf_dict["mx_server_interface"]
        mx_mfc_interface = analyzer_conf_dict["mx_mfc_interface"]
        mx_mfc_interface_ip_mask = analyzer_conf_dict["mx_mfc_interface_ip_mask"]
    except KeyError as e:
            "Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router",
    # Validate if all the MX router mirror configuration entries are entered in the router.
    # If not given a message will be logged and the one time configuration will not be configured in the router
    if (
        mfc_interface_ip == ""
        or mx_client_interface == ""
        or mx_server_interface == ""
        or mx_mfc_interface == ""
        or mx_mfc_interface_ip_mask == ""
            "Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now"
    cmd_list = [
        "set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy",
        "set firewall family inet filter media_flow term to_mfc then routing-instance media_flow",
        "set policy-options prefix-list redirect-to-proxy",
        "set routing-instances media_flow instance-type forwarding",
        "set routing-options interface-routes rib-group inet dpi",
        "set routing-options rib-groups dpi import-rib inet.0",
        "set routing-options rib-groups dpi import-rib media_flow.inet.0",
        "set routing-instances media_flow routing-options static route next-hop %s" % mfc_interface_ip,
        "set interfaces %s description client-interface unit 0 family inet filter input-list media_flow"
        % mx_client_interface,
        "set interfaces %s description server-interface unit 0 family inet filter input-list media_flow"
        % mx_server_interface,
        "set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s"
        % (mx_mfc_interface, mx_mfc_interface_ip_mask),
    cmdstr = "\n".join(cmd_list)
    # Fire the transaction to the router
    gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireMirrorConfiguration(analyzer_conf_dict):
        fpc_slot = analyzer_conf_dict["fpc_slot"]
        output_interface_name = analyzer_conf_dict["output_interface_name"]
        next_hop_ip = analyzer_conf_dict["next_hop_ip"]
        output_interface_name = analyzer_conf_dict["output_interface_name"]
        output_interface_ip_mask = analyzer_conf_dict["output_interface_ip_mask"]
        mfc_mirror_interface_ip = analyzer_conf_dict["mfc_mirror_interface_ip"]
        mac_address = analyzer_conf_dict["mac_address"]
    except KeyError as e:
            "Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired",
    # Validate if all the MX router mirror configuration entries are entered in the router.
    # If not given a message will be logged and the mirror configuration will not be configured in the router
    if (
        fpc_slot == ""
        or output_interface_name == ""
        or next_hop_ip == ""
        or output_interface_name == ""
        or output_interface_ip_mask == ""
        or mfc_mirror_interface_ip == ""
        or mac_address == ""
            "Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router"
    # MX router mirror configuration commands
    cmd_list = [
        "set firewall family inet filter media_flow term HTTP_mirror from port http",
        "set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one",
        "set firewall family inet filter media_flow term media_flow_default then accept",
        "set chassis fpc %s port-mirror-instance one" % fpc_slot,
        "set forwarding-options port-mirroring instance one input rate 1",
        "set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s"
        % (output_interface_name, next_hop_ip),
        "set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s"
        % (output_interface_name, output_interface_ip_mask, mfc_mirror_interface_ip, mac_address),
    cmdstr = "\n".join(cmd_list)
    # Fire the transaction to the router
    gen_utils.sendCmd(cmdstr, "yes", "", "")
Example #6
def fireOneTimeCommands(analyzer_conf_dict):
        mfc_interface_ip = analyzer_conf_dict['mfc_interface_ip']
        mx_client_interface = analyzer_conf_dict['mx_client_interface']
        mx_server_interface = analyzer_conf_dict['mx_server_interface']
        mx_mfc_interface = analyzer_conf_dict['mx_mfc_interface']
        mx_mfc_interface_ip_mask = analyzer_conf_dict[
    except KeyError as e:
            "Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router",
    #Validate if all the MX router mirror configuration entries are entered in the router.
    #If not given a message will be logged and the one time configuration will not be configured in the router
    if mfc_interface_ip == "" or mx_client_interface == "" or mx_server_interface == "" or mx_mfc_interface == "" or mx_mfc_interface_ip_mask == "":
            "Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now"
    cmd_list = [
        'set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy',
        'set firewall family inet filter media_flow term to_mfc then routing-instance media_flow',
        'set policy-options prefix-list redirect-to-proxy',
        'set routing-instances media_flow instance-type forwarding',
        'set routing-options interface-routes rib-group inet dpi',
        'set routing-options rib-groups dpi import-rib inet.0',
        'set routing-options rib-groups dpi import-rib media_flow.inet.0',
        'set routing-instances media_flow routing-options static route next-hop %s'
        % mfc_interface_ip,
        'set interfaces %s description client-interface unit 0 family inet filter input-list media_flow'
        % mx_client_interface,
        'set interfaces %s description server-interface unit 0 family inet filter input-list media_flow'
        % mx_server_interface,
        'set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s'
        % (mx_mfc_interface, mx_mfc_interface_ip_mask)
    cmdstr = "\n".join(cmd_list)
    #Fire the transaction to the router
    gen_utils.sendCmd(cmdstr, "yes", "", "")
Example #7
def fireMirrorConfiguration(analyzer_conf_dict):
        fpc_slot = analyzer_conf_dict['fpc_slot']
        output_interface_name = analyzer_conf_dict['output_interface_name']
        next_hop_ip = analyzer_conf_dict['next_hop_ip']
        output_interface_name = analyzer_conf_dict['output_interface_name']
        output_interface_ip_mask = analyzer_conf_dict[
        mfc_mirror_interface_ip = analyzer_conf_dict['mfc_mirror_interface_ip']
        mac_address = analyzer_conf_dict['mac_address']
    except KeyError as e:
            "Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired",
    #Validate if all the MX router mirror configuration entries are entered in the router.
    #If not given a message will be logged and the mirror configuration will not be configured in the router
    if fpc_slot == "" or output_interface_name == "" or next_hop_ip == "" or output_interface_name == "" or output_interface_ip_mask == "" or mfc_mirror_interface_ip == "" or mac_address == "":
            "Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router"
    #MX router mirror configuration commands
    cmd_list = [
        'set firewall family inet filter media_flow term HTTP_mirror from port http',
        'set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one',
        'set firewall family inet filter media_flow term media_flow_default then accept',
        'set chassis fpc %s port-mirror-instance one' % fpc_slot,
        'set forwarding-options port-mirroring instance one input rate 1',
        'set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s'
        % (output_interface_name, next_hop_ip),
        'set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s'
        % (output_interface_name, output_interface_ip_mask,
           mfc_mirror_interface_ip, mac_address)
    cmdstr = "\n".join(cmd_list)
    #Fire the transaction to the router
    gen_utils.sendCmd(cmdstr, "yes", "", "")
def main():
	err = 0
	#Logger settings
	logging.basicConfig(filename=header.MFC_LOG_FILE, format='%(asctime)s %(message)s',level=logging.DEBUG)
	mdreq = MdReq()
	#Get the device map name
	device_map_name = str(sys.argv[1])
	NODE_DEVICE_MAP_FQDN = '/nkn/device_map/config/' + device_map_name + '/device_info/fqdn'
	NODE_DEVICE_MAP_USERNAME = '******' + device_map_name + '/device_info/username'
	NODE_DEVICE_MAP_PASSWORD = '******' + device_map_name + '/device_info/password'
	#Get the fqdn, username and password
	fqdn = mdreq.query(NODE_DEVICE_MAP_FQDN)
	username = mdreq.query(NODE_DEVICE_MAP_USERNAME)
	password = mdreq.queryCleartext(NODE_DEVICE_MAP_PASSWORD)
	#First connect to the MX router
	err = gen_utils.Connect_Router(fqdn,username, password, logging);
	#Check if the connection to the router succeeded
	if  err == 1:
		logging.error("The command 'clear log-analyzer filter-rules %s' failed. Cannot connect to the device %s", device_map_name,fqdn);
		#Construct the command to delete the pbr from the router
		set_commands = """
		delete policy-options prefix-list redirect-to-proxy
		set policy-options prefix-list redirect-to-proxy
		#Fire the command to the router
		err = gen_utils.sendCmd(set_commands, "yes", "","", logging)
		#Check if the commit succeeded
		if err == 0:
			#Create a empty file so that the log-analyzer tool knows the 'clear' command has been fired
			open(header.CLEAR_FILTER_RULES_FILE, 'w').close()
			#If the commit is successful remove the persisted file rules file as well
			pickle_file = '/var/log/'+header.DEST_IP_PICKLE
			tmp_pickle_file = '/var/log/'+header.TMP_DEST_IP_PICKLE
			if os.path.isfile(pickle_file):
				shutil.copyfile(pickle_file, tmp_pickle_file)
			logging.error("The command 'clear log-analyzer filter-rules %s' succeeded", device_map_name);
			logging.error("The command 'clear log-analyzer filter-rules %s' failed. Commit failed in the device %s", device_map_name, fqdn);
	return err