def get_incident_catalog_entry_for(session, msg): parsed = parse_H_detail_message(msg) if 'msg' in parsed.keys(): return get_or_create(session, IncidentCatalogEntry, message=parsed['msg'], config_file=parsed['file'], catalog_id=int(parsed['id']), config_line=int(parsed['line'])) else: print("WARN: could not parse message: %s" % (msg))
def parse_incident(session, fragment_id, parts, include_parts=False): """ takes (string) parts of an incident and converts those into a coherent python/sqlite (thus the session) object """ # create the incident and fill it with data from the 'A' part assert 'A' in parts result_A = parse_part_A(parts['A'][0]) incident = Incident(fragment_id=fragment_id, timestamp=result_A[0], unique_id=result_A[1], destination=get_or_create(session, Destination,\ ip=result_A[4],\ port=result_A[5]), source=get_or_create(session, Source,\ ip=result_A[2],\ port=result_A[3]) ) # import parts if include_parts: for (cat, body) in parts.items(): merged_part = "\n".join(body) incident.parts.append(Part(category=cat, body=merged_part)) # import details from 'B' part (if exists) if 'B' in parts: incident.host, incident.method, incident.path = parse_part_B(parts['B']) # import details from 'H' part (if exists) if 'H' in parts: incident.details = parse_part_H(session, parts['H']) if 'F' in parts: incident.http_code = parts['F'][0].strip() return incident