def api_from_event(self, request, event_id):
"""
Create classification rule from event
:param request:
:param event_id:
:return:
"""
event = get_event(event_id)
if not event:
self.response_not_found()
event_name = " | ".join(
event.managed_object.profile.name.split(".")) + " | <name> "
if event.source == "syslog":
event_name += "(SYSLOG)"
elif event.source == "SNMP Trap":
event_name += "(SNMP)"
data = {"name": event_name, "preference": 1000}
if event.source == "syslog":
data["description"] = event.raw_vars["message"]
elif event.source == "SNMP Trap" and "SNMPv2-MIB::snmpTrapOID.0" in event.resolved_vars:
data["description"] = event.resolved_vars[
"SNMPv2-MIB::snmpTrapOID.0"]
patterns = {"source": event.source}
for k in event.raw_vars:
if k not in ("collector", "facility", "severity"):
patterns[k] = event.raw_vars[k]
if hasattr(event, "resolved_vars"):
for k in event.resolved_vars:
if k not in self.IGNORED_OIDS and not is_oid(k):
patterns[k] = event.resolved_vars[k]
data["patterns"] = [{
"key_re": "^%s$" % k,
"value_re": "^%s$" % patterns[k]
} for k in patterns]
return data
def get_events(self, options):
"""
Generator returning active events
"""
c = ActiveEvent.objects.all()
trap_oid = None
syslog_re = None
profile = options["profile"]
if options["event"]:
c = c.filter(id=ObjectId(options["event"]))
if options["object"]:
try:
o = ManagedObject.objects.get(name=options["object"])
except ManagedObject.DoesNotExist:
self.die("Object not found: %s" % options["object"])
c = c.filter(managed_object=o.id)
if options["selector"]:
try:
s = ManagedObjectSelector.objects.get(name=options["selector"])
except ManagedObjectSelector.DoesNotExist:
self.die("Selector not found: %s" % options["selector"])
c = c.filter(
managed_object__in=[mo.id for mo in s.managed_objects])
if options["class"]:
o = EventClass.objects.filter(name=options["class"]).first()
if not o:
self.die("Event class not found: %s" % options["class"])
c = c.filter(event_class=o.id)
if options["trap"]:
if is_oid(options["trap"]):
trap_oid = options["trap"]
else:
trap_oid = MIB.get_oid(options["trap"])
if trap_oid is None:
self.die("Cannot find OID for %s" % options["trap"])
c = c.filter(raw_vars__source="SNMP Trap")
if options["syslog"]:
try:
syslog_re = re.compile(options["syslog"], re.IGNORECASE)
except Exception as e:
self.die("Invalid RE: %s" % str(e))
c = c.filter(raw_vars__source="syslog")
for e in c:
if profile:
if not e.managed_object.profile == Profile[profile]:
continue
if trap_oid:
if ("source" in e.raw_vars
and e.raw_vars["source"] == "SNMP Trap"
and "1.3.6.1.6.3.1.1.4.1.0" in e.raw_vars
and e.raw_vars["1.3.6.1.6.3.1.1.4.1.0"] == trap_oid):
yield e
elif syslog_re:
if ("source" in e.raw_vars and e.raw_vars["source"] == "syslog"
and "message" in e.raw_vars
and syslog_re.search(e.raw_vars["message"])):
yield e
else:
yield e
def check_oid(oid):
if oid == "0.0":
# For ISKRATEL VDSL-2 sysObjectID ProfileCheckRule
return True
if is_oid(oid):
return True
if "::" not in oid:
return False
return rx_mib.match(oid) is not None
def find_ignore_rule(self, event, vars):
"""
Find first matching ignore pattern
:param event: Event
:param vars: raw and resolved variables
:type vars: dict
:returns: True if matching pattern
"""
ignore_mask = self.find_ignore_masks(event.source)
if ignore_mask:
if event.source == E_SRC_SYSLOG:
msg = vars.get("message", "")
if any(r for r in ignore_mask if r.search(msg)):
logging.debug("Ignored")
return True
elif event.source == E_SRC_SNMP_TRAP:
oid = vars.get("1.3.6.1.6.3.1.1.4.1.0", "")
if not oid or not is_oid(oid):
return False
if any(r for r in ignore_mask if r.search(oid)):
logging.debug("Ignored")
return True
def resolve_vars(cls, vars):
"""
Resolve FM key -> value dict according to MIBs
:param cls:
:param vars:
:return:
"""
r = {}
for k in vars:
if not is_oid(k):
# Nothing to resolve
continue
v = fm_unescape(vars[k])
rk, syntax = cls.get_name_and_syntax(k)
rv = v
if syntax:
# Format value according to syntax
if syntax["base_type"] == "Enumeration":
# Expand enumerated type
try:
rv = syntax["enum_map"][str(v)]
except KeyError:
pass
elif syntax["base_type"] == "Bits":
# @todo: Fix ugly hack
if v.startswith("="):
xv = int(v[1:], 16)
else:
xv = 0
for c in v:
xv = (xv << 8) + ord(c)
# Decode
b_map = syntax.get("enum_map", {})
b = []
n = 0
while xv:
if xv & 1:
x = str(n)
if x in b_map:
b = [b_map[x]] + b
else:
b = ["%X" % (1 << n)]
n += 1
xv >>= 1
rv = "(%s)" % ",".join(b)
else:
# Render according to TC
rv = render_tc(v, syntax["base_type"],
syntax.get("display_hint", None))
try:
unicode(rv, "utf8")
except ValueError:
# Escape invalid UTF8
rv = fm_escape(rv)
else:
try:
unicode(rv, "utf8")
except ValueError:
# escape invalid UTF8
rv = fm_escape(rv)
if is_oid(v):
# Resolve OID in value
rv = MIB.get_name(v)
if rk != k or rv != v:
r[rk] = rv
return r
def test_is_oid(raw, expected):
assert is_oid(raw) is expected
