Example #1
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        from eventgenconfig import Config
        globals()['c'] = Config()

        self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample)  # noqa
        self._splunkUser = self._sample.splunkUser
        self._splunkPass = self._sample.splunkPass

        if not self._sample.sessionKey:
            try:
                myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
                self.logger.debug("Getting session key from '%s' with user '%s' and pass '%s'" %
                                  (self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
                response = myhttp.request(
                    self._splunkUrl + '/services/auth/login', 'POST', headers={}, body=urllib.urlencode({
                        'username':
                        self._splunkUser, 'password':
                        self._splunkPass}))[1]
                self._sample.sessionKey = minidom.parseString(response).getElementsByTagName(
                    'sessionKey')[0].childNodes[0].nodeValue
                self.logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
            except:
                self.logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'." %
                                  self._sample.name + " Credentials are missing or wrong")
                raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'." % self._sample.name +
                              "Credentials are missing or wrong")

        self.logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey,
                                                                                            self._sample.name))
Example #2
0
    def __init__(self, sample, output_counter=None):

        # Override maxQueueLength to EventPerKey so that each flush
        # will generate one aws key
        if sample.awsS3EventPerKey:
            sample.maxQueueLength = sample.awsS3EventPerKey

        OutputPlugin.__init__(self, sample, output_counter)

        if not boto_imported:
            self.logger.error(
                "There is no boto3 or botocore library available")
            return

        # disable any "requests" warnings
        requests.packages.urllib3.disable_warnings()

        # Bind passed in samples to the outputter.
        self.awsS3compressiontype = sample.awsS3CompressionType if hasattr(
            sample,
            'awsS3CompressionType') and sample.awsS3CompressionType else None
        self.awsS3eventtype = sample.awsS3EventType if hasattr(
            sample, 'awsS3EventType') and sample.awsS3EventType else 'syslog'
        self.awsS3objectprefix = sample.awsS3ObjectPrefix if hasattr(
            sample, 'awsS3ObjectPrefix') and sample.awsS3ObjectPrefix else ""
        self.awsS3objectsuffix = sample.awsS3ObjectSuffix if hasattr(
            sample, 'awsS3ObjectSuffix') and sample.awsS3ObjectSuffix else ""
        self.awsS3bucketname = sample.awsS3BucketName
        self.logger.debug("Setting up the connection pool for %s in %s" %
                          (self._sample.name, self._app))
        self._client = None
        self._createConnections(sample)
        self.logger.debug("Finished init of awsS3 plugin.")
Example #3
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        #disable any "requests" warnings
        requests.packages.urllib3.disable_warnings()
        #Setup loggers from the root eventgen
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {
            'module': 'BattlecatOutputPlugin',
            'sample': sample.name
        })
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        #Bind passed in samples to the outputter.
        if hasattr(sample, 'battlecatServers') == False:
            logger.error(
                'outputMode battlecat but battlecatServers not specified for sample %s'
                % self._sample.name)
            raise ValueError(
                'outputMode battlecat but battlecatServers not specified for sample %s'
                % self._sample.name)
        self.battlecatServers = sample.battlecatServers
        logger.debug("Setting up the connection pool for %s in %s" %
                     (self._sample.name, self._app))
        self.createConnections()
        logger.debug("Pool created.")
Example #4
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'SplunkStreamOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample)
        self._splunkUser = self._sample.splunkUser
        self._splunkPass = self._sample.splunkPass
            
        if self._sample.sessionKey == None:
            try:
                myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
                logger.debugv("Getting session key from '%s' with user '%s' and pass '%s'" % (self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
                response = myhttp.request(self._splunkUrl + '/services/auth/login', 'POST',
                                            headers = {}, body=urllib.urlencode({'username': self._splunkUser, 
                                                                                'password': self._splunkPass}))[1]
                self._sample.sessionKey = minidom.parseString(response).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
                logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
            except:
                logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'.  Credentials are missing or wrong" % self._sample.name)
                raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'.  Credentials are missing or wrong" % self._sample.name)
                
        logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey, self._sample.name))   
Example #5
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        #disable any "requests" warnings
        requests.packages.urllib3.disable_warnings()
        # set default output mode to round robin
        #Setup loggers from the root eventgen
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'HTTPEventOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        #Bind passed in samples to the outputter.
        logger.debug("Outputmode: %s" % sample.httpeventOutputMode)
        self.lastsourcetype = None
        try:
            if hasattr(sample, 'httpeventServers') == False:
                logger.error('outputMode httpevent but httpeventServers not specified for sample %s' % self._sample.name)
                raise NoServers('outputMode httpevent but httpeventServers not specified for sample %s' % self._sample.name)
            self.httpeventoutputmode = sample.httpeventOutputMode if hasattr(sample, 'httpeventOutputMode') and sample.httpeventOutputMode else 'roundrobin'
            self.httpeventmaxsize = sample.httpeventMaxPayloadSize if hasattr(sample, 'httpeventMaxPayloadSize') and sample.httpeventMaxPayloadSize else 10000
            logger.debug("Currentmax size: %s " % self.httpeventmaxsize)
            self.httpeventServers = sample.httpeventServers
            logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
            self.createConnections()
            logger.debug("Pool created.")
            logger.debug("Finished init of httpevent plugin.")
        except Exception as e:
            logger.exception(e)
Example #6
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger("eventgen")
        from eventgenconfig import EventgenAdapter

        adapter = EventgenAdapter(logger, {"module": "FileOutputPlugin", "sample": sample.name})
        globals()["logger"] = adapter

        from eventgenconfig import Config

        globals()["c"] = Config()

        if sample.fileName == None:
            logger.error("outputMode file but file not specified for sample %s" % self._sample.name)
            raise ValueError("outputMode file but file not specified for sample %s" % self._sample.name)

        self._file = sample.pathParser(sample.fileName)
        self._fileMaxBytes = sample.fileMaxBytes
        self._fileBackupFiles = sample.fileBackupFiles

        self._fileHandle = open(self._file, "a")
        self._fileLength = os.stat(self._file).st_size
        logger.debug(
            "Configured to log to '%s' with maxBytes '%s' with backupCount '%s'"
            % (self._file, self._fileMaxBytes, self._fileBackupFiles)
        )
Example #7
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'SplunkStreamOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample)
        self._splunkUser = self._sample.splunkUser
        self._splunkPass = self._sample.splunkPass
            
        if self._sample.sessionKey == None:
            try:
                myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
                logger.debugv("Getting session key from '%s' with user '%s' and pass '%s'" % (self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
                response = myhttp.request(self._splunkUrl + '/services/auth/login', 'POST',
                                            headers = {}, body=urllib.urlencode({'username': self._splunkUser, 
                                                                                'password': self._splunkPass}))[1]
                self._sample.sessionKey = minidom.parseString(response).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
                logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
            except:
                logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'.  Credentials are missing or wrong" % self._sample.name)
                raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'.  Credentials are missing or wrong" % self._sample.name)
                
        logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey, self._sample.name))   
Example #8
0
    def __init__(self, sample, output_counter=None):

        # Override maxQueueLength to EventPerKey so that each flush
        # will generate one aws key
        if sample.awsS3EventPerKey:
            sample.maxQueueLength = sample.awsS3EventPerKey

        OutputPlugin.__init__(self, sample, output_counter)

        if not boto_imported:
            self.logger.error("There is no boto3 or botocore library available")
            return

        # disable any "requests" warnings
        requests.packages.urllib3.disable_warnings()

        # Bind passed in samples to the outputter.
        self.awsS3compressiontype = sample.awsS3CompressionType if hasattr(
            sample, 'awsS3CompressionType') and sample.awsS3CompressionType else None
        self.awsS3eventtype = sample.awsS3EventType if hasattr(sample,
                                                               'awsS3EventType') and sample.awsS3EventType else 'syslog'
        self.awsS3objectprefix = sample.awsS3ObjectPrefix if hasattr(
            sample, 'awsS3ObjectPrefix') and sample.awsS3ObjectPrefix else ""
        self.awsS3objectsuffix = sample.awsS3ObjectSuffix if hasattr(
            sample, 'awsS3ObjectSuffix') and sample.awsS3ObjectSuffix else ""
        self.awsS3bucketname = sample.awsS3BucketName
        self.logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
        self._client = None
        self._createConnections(sample)
        self.logger.debug("Finished init of awsS3 plugin.")
Example #9
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {
            'module': 'FileOutputPlugin',
            'sample': sample.name
        })
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        if sample.fileName == None:
            logger.error(
                'outputMode file but file not specified for sample %s' %
                self._sample.name)
            raise ValueError(
                'outputMode file but file not specified for sample %s' %
                self._sample.name)

        self._file = sample.pathParser(sample.fileName)
        self._fileMaxBytes = sample.fileMaxBytes
        self._fileBackupFiles = sample.fileBackupFiles

        self._fileHandle = open(self._file, 'a')
        self._fileLength = os.stat(self._file).st_size
        logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
                        (self._file, self._fileMaxBytes, self._fileBackupFiles))
Example #10
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        self._tcpDestinationHost = sample.tcpDestinationHost if hasattr(sample,'tcpDestinationHost') and sample.tcpDestinationHost else '127.0.0.1'
        self._tcpDestinationPort = sample.tcpDestinationPort if hasattr(sample,'tcpDestinationPort') and sample.tcpDestinationPort else '3333'

        import socket  # Import socket module
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
Example #11
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        self._udpDestinationHost = sample.udpDestinationHost if hasattr(
            sample, 'udpDestinationHost') and sample.udpDestinationHost else '127.0.0.1'
        self._udpDestinationPort = sample.udpDestinationPort if hasattr(
            sample, 'udpDestinationPort') and sample.udpDestinationPort else '3333'

        import socket  # Import socket module
        self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Example #12
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        self._udpDestinationHost = sample.udpDestinationHost if hasattr(
            sample, 'udpDestinationHost'
        ) and sample.udpDestinationHost else '127.0.0.1'
        self._udpDestinationPort = sample.udpDestinationPort if hasattr(
            sample,
            'udpDestinationPort') and sample.udpDestinationPort else '3333'

        import socket  # Import socket module
        self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Example #13
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'SpoolOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        self._spoolDir = sample.pathParser(sample.spoolDir)
        self._spoolFile = sample.spoolFile
Example #14
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        if sample.fileName is None:
            self.logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
            raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)

        self._file = sample.pathParser(sample.fileName)
        self._fileMaxBytes = sample.fileMaxBytes
        self._fileBackupFiles = sample.fileBackupFiles

        self._fileHandle = open(self._file, 'a')
        self._fileLength = os.stat(self._file).st_size
        self.logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" %
                          (self._file, self._fileMaxBytes, self._fileBackupFiles))
Example #15
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        if sample.fileName == None:
            self.logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
            raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)
            
        self._file = sample.pathParser(sample.fileName)
        self._fileMaxBytes = sample.fileMaxBytes
        self._fileBackupFiles = sample.fileBackupFiles

        self._fileHandle = open(self._file, 'a')
        self._fileLength = os.stat(self._file).st_size
        self.logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
                        (self._file, self._fileMaxBytes, self._fileBackupFiles))
Example #16
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)

        from eventgenconfig import Config
        globals()['c'] = Config()

        self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(
            self._sample)  # noqa
        self._splunkUser = self._sample.splunkUser
        self._splunkPass = self._sample.splunkPass

        if not self._sample.sessionKey:
            try:
                myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
                self.logger.debug(
                    "Getting session key from '%s' with user '%s' and pass '%s'"
                    % (self._splunkUrl + '/services/auth/login',
                       self._splunkUser, self._splunkPass))
                response = myhttp.request(self._splunkUrl +
                                          '/services/auth/login',
                                          'POST',
                                          headers={},
                                          body=urllib.urlencode({
                                              'username':
                                              self._splunkUser,
                                              'password':
                                              self._splunkPass
                                          }))[1]
                self._sample.sessionKey = minidom.parseString(
                    response).getElementsByTagName(
                        'sessionKey')[0].childNodes[0].nodeValue
                self.logger.debug(
                    "Got new session for splunkstream, sessionKey '%s'" %
                    self._sample.sessionKey)
            except:
                self.logger.error(
                    "Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'."
                    % self._sample.name + " Credentials are missing or wrong")
                raise IOError(
                    "Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'."
                    % self._sample.name + "Credentials are missing or wrong")

        self.logger.debug(
            "Retrieved session key '%s' for Splunk session for sample %s'" %
            (self._sample.sessionKey, self._sample.name))
Example #17
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Verify we were passed in a kvstore setting.
        if not hasattr(sample, 'kvstore'):
            raise ValueError('kvstore not defined for {0}'.format(
                sample.filePath))

        # Wait for the Rest service to come online.
        wait_for_services(sample.sessionKey, sample.kvstore)

        # Get the kvstore data.
        data = get_data(sample.filePath)

        # Delete the old entries.
        delete_from_kvstore(sample.sessionKey, sample.kvstore)

        # Save the new entries to the kvstore.
        save_to_kvstore(data, sample.sessionKey, sample.kvstore)
Example #18
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)
        self._syslogDestinationHost = sample.syslogDestinationHost if hasattr(
            sample, 'syslogDestinationHost') and sample.syslogDestinationHost else '127.0.0.1'
        self._syslogDestinationPort = sample.syslogDestinationPort if hasattr(
            sample, 'syslogDestinationPort') and sample.syslogDestinationPort else 1514

        loggerName = 'syslog' + sample.name
        self._l = logging.getLogger(loggerName)
        self._l.setLevel(logging.INFO)

        global loggerInitialized
        # This class is instantiated at least once each interval. Since each logger with a given name is a singleton,
        # only add the syslog handler once instead of every interval.
        if loggerName not in loggerInitialized:
            syslogHandler = logging.handlers.SysLogHandler(
                address=(self._syslogDestinationHost, int(self._syslogDestinationPort)))
            self._l.addHandler(syslogHandler)
            loggerInitialized[loggerName] = True
Example #19
0
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        #disable any "requests" warnings
        requests.packages.urllib3.disable_warnings()
        #Setup loggers from the root eventgen
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'BattlecatOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        #Bind passed in samples to the outputter.
        if hasattr(sample, 'battlecatServers') == False:
            logger.error('outputMode battlecat but battlecatServers not specified for sample %s' % self._sample.name)
            raise ValueError('outputMode battlecat but battlecatServers not specified for sample %s' % self._sample.name)
        self.battlecatServers = sample.battlecatServers
        logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
        self.createConnections()
        logger.debug("Pool created.")
Example #20
0
    def __init__(self, sample, output_counter=None):
        OutputPlugin.__init__(self, sample, output_counter)
        self._syslogDestinationHost = sample.syslogDestinationHost if hasattr(
            sample, 'syslogDestinationHost'
        ) and sample.syslogDestinationHost else '127.0.0.1'
        self._syslogDestinationPort = sample.syslogDestinationPort if hasattr(
            sample,
            'syslogDestinationPort') and sample.syslogDestinationPort else 1514

        loggerName = 'syslog' + sample.name
        self._l = logging.getLogger(loggerName)
        self._l.setLevel(logging.INFO)

        global loggerInitialized
        # This class is instantiated at least once each interval. Since each logger with a given name is a singleton,
        # only add the syslog handler once instead of every interval.
        if loggerName not in loggerInitialized:
            syslogHandler = logging.handlers.SysLogHandler(
                address=(self._syslogDestinationHost,
                         int(self._syslogDestinationPort)))
            self._l.addHandler(syslogHandler)
            loggerInitialized[loggerName] = True
    def __init__(self, sample):
        OutputPlugin.__init__(self, sample)

        # Logger already setup by config, just get an instance
        logger = logging.getLogger('eventgen')
        from eventgenconfig import EventgenAdapter
        adapter = EventgenAdapter(logger, {'module': 'FileOutputPlugin', 'sample': sample.name})
        globals()['logger'] = adapter

        from eventgenconfig import Config
        globals()['c'] = Config()

        if sample.fileName == None:
            logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
            raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)
            
        self._file = sample.fileName
        self._fileMaxBytes = sample.fileMaxBytes
        self._fileBackupFiles = sample.fileBackupFiles

        self._fileHandle = open(self._file, 'a')
        self._fileLength = os.stat(self._file).st_size
        logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
                        (self._file, self._fileMaxBytes, self._fileBackupFiles))
Example #22
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)
Example #23
0
 def __init__(self, sample):
     OutputPlugin.__init__(self, sample)
Example #24
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)
     self.firsttime = True
Example #25
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)
     self._spoolDir = sample.pathParser(sample.spoolDir)
     self._spoolFile = sample.spoolFile
     self.spoolPath = self._spoolDir + os.sep + self._spoolFile
Example #26
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)
     self._spoolDir = sample.pathParser(sample.spoolDir)
     self._spoolFile = sample.spoolFile
     self.spoolPath = self._spoolDir + os.sep + self._spoolFile
Example #27
0
 def __init__(self, sample):
     OutputPlugin.__init__(self, sample)
     self.firsttime = True
Example #28
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)
     self.firsttime = True
Example #29
0
	def __init__(self, sample):
		OutputPlugin.__init__(self, sample)
Example #30
0
 def __init__(self, sample, output_counter=None):
     OutputPlugin.__init__(self, sample, output_counter)