def get_incident_catalog_entry_for(session, msg):
parsed = parse_H_detail_message(msg)
if 'msg' in parsed.keys():
return get_or_create(session, IncidentCatalogEntry, message=parsed['msg'],
config_file=parsed['file'],
catalog_id=int(parsed['id']),
config_line=int(parsed['line']))
else:
print("WARN: could not parse message: %s" % (msg))
def parse_incident(session, fragment_id, parts, include_parts=False):
""" takes (string) parts of an incident and converts those into
a coherent python/sqlite (thus the session) object """
# create the incident and fill it with data from the 'A' part
assert 'A' in parts
result_A = parse_part_A(parts['A'][0])
incident = Incident(fragment_id=fragment_id,
timestamp=result_A[0],
unique_id=result_A[1],
destination=get_or_create(session, Destination,\
ip=result_A[4],\
port=result_A[5]),
source=get_or_create(session, Source,\
ip=result_A[2],\
port=result_A[3])
)
# import parts
if include_parts:
for (cat, body) in parts.items():
merged_part = "\n".join(body)
incident.parts.append(Part(category=cat, body=merged_part))
# import details from 'B' part (if exists)
if 'B' in parts:
incident.host, incident.method, incident.path = parse_part_B(parts['B'])
# import details from 'H' part (if exists)
if 'H' in parts:
incident.details = parse_part_H(session, parts['H'])
if 'F' in parts:
incident.http_code = parts['F'][0].strip()
return incident
