def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
from eventgenconfig import Config
globals()['c'] = Config()
self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample) # noqa
self._splunkUser = self._sample.splunkUser
self._splunkPass = self._sample.splunkPass
if not self._sample.sessionKey:
try:
myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
self.logger.debug("Getting session key from '%s' with user '%s' and pass '%s'" %
(self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
response = myhttp.request(
self._splunkUrl + '/services/auth/login', 'POST', headers={}, body=urllib.urlencode({
'username':
self._splunkUser, 'password':
self._splunkPass}))[1]
self._sample.sessionKey = minidom.parseString(response).getElementsByTagName(
'sessionKey')[0].childNodes[0].nodeValue
self.logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
except:
self.logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'." %
self._sample.name + " Credentials are missing or wrong")
raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'." % self._sample.name +
"Credentials are missing or wrong")
self.logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey,
self._sample.name))
def __init__(self, sample, output_counter=None):
# Override maxQueueLength to EventPerKey so that each flush
# will generate one aws key
if sample.awsS3EventPerKey:
sample.maxQueueLength = sample.awsS3EventPerKey
OutputPlugin.__init__(self, sample, output_counter)
if not boto_imported:
self.logger.error(
"There is no boto3 or botocore library available")
return
# disable any "requests" warnings
requests.packages.urllib3.disable_warnings()
# Bind passed in samples to the outputter.
self.awsS3compressiontype = sample.awsS3CompressionType if hasattr(
sample,
'awsS3CompressionType') and sample.awsS3CompressionType else None
self.awsS3eventtype = sample.awsS3EventType if hasattr(
sample, 'awsS3EventType') and sample.awsS3EventType else 'syslog'
self.awsS3objectprefix = sample.awsS3ObjectPrefix if hasattr(
sample, 'awsS3ObjectPrefix') and sample.awsS3ObjectPrefix else ""
self.awsS3objectsuffix = sample.awsS3ObjectSuffix if hasattr(
sample, 'awsS3ObjectSuffix') and sample.awsS3ObjectSuffix else ""
self.awsS3bucketname = sample.awsS3BucketName
self.logger.debug("Setting up the connection pool for %s in %s" %
(self._sample.name, self._app))
self._client = None
self._createConnections(sample)
self.logger.debug("Finished init of awsS3 plugin.")
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
#disable any "requests" warnings
requests.packages.urllib3.disable_warnings()
#Setup loggers from the root eventgen
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {
'module': 'BattlecatOutputPlugin',
'sample': sample.name
})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
#Bind passed in samples to the outputter.
if hasattr(sample, 'battlecatServers') == False:
logger.error(
'outputMode battlecat but battlecatServers not specified for sample %s'
% self._sample.name)
raise ValueError(
'outputMode battlecat but battlecatServers not specified for sample %s'
% self._sample.name)
self.battlecatServers = sample.battlecatServers
logger.debug("Setting up the connection pool for %s in %s" %
(self._sample.name, self._app))
self.createConnections()
logger.debug("Pool created.")
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'SplunkStreamOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample)
self._splunkUser = self._sample.splunkUser
self._splunkPass = self._sample.splunkPass
if self._sample.sessionKey == None:
try:
myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
logger.debugv("Getting session key from '%s' with user '%s' and pass '%s'" % (self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
response = myhttp.request(self._splunkUrl + '/services/auth/login', 'POST',
headers = {}, body=urllib.urlencode({'username': self._splunkUser,
'password': self._splunkPass}))[1]
self._sample.sessionKey = minidom.parseString(response).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
except:
logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'. Credentials are missing or wrong" % self._sample.name)
raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'. Credentials are missing or wrong" % self._sample.name)
logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey, self._sample.name))
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
#disable any "requests" warnings
requests.packages.urllib3.disable_warnings()
# set default output mode to round robin
#Setup loggers from the root eventgen
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'HTTPEventOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
#Bind passed in samples to the outputter.
logger.debug("Outputmode: %s" % sample.httpeventOutputMode)
self.lastsourcetype = None
try:
if hasattr(sample, 'httpeventServers') == False:
logger.error('outputMode httpevent but httpeventServers not specified for sample %s' % self._sample.name)
raise NoServers('outputMode httpevent but httpeventServers not specified for sample %s' % self._sample.name)
self.httpeventoutputmode = sample.httpeventOutputMode if hasattr(sample, 'httpeventOutputMode') and sample.httpeventOutputMode else 'roundrobin'
self.httpeventmaxsize = sample.httpeventMaxPayloadSize if hasattr(sample, 'httpeventMaxPayloadSize') and sample.httpeventMaxPayloadSize else 10000
logger.debug("Currentmax size: %s " % self.httpeventmaxsize)
self.httpeventServers = sample.httpeventServers
logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
self.createConnections()
logger.debug("Pool created.")
logger.debug("Finished init of httpevent plugin.")
except Exception as e:
logger.exception(e)
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger("eventgen")
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {"module": "FileOutputPlugin", "sample": sample.name})
globals()["logger"] = adapter
from eventgenconfig import Config
globals()["c"] = Config()
if sample.fileName == None:
logger.error("outputMode file but file not specified for sample %s" % self._sample.name)
raise ValueError("outputMode file but file not specified for sample %s" % self._sample.name)
self._file = sample.pathParser(sample.fileName)
self._fileMaxBytes = sample.fileMaxBytes
self._fileBackupFiles = sample.fileBackupFiles
self._fileHandle = open(self._file, "a")
self._fileLength = os.stat(self._file).st_size
logger.debug(
"Configured to log to '%s' with maxBytes '%s' with backupCount '%s'"
% (self._file, self._fileMaxBytes, self._fileBackupFiles)
)
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'SplunkStreamOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(self._sample)
self._splunkUser = self._sample.splunkUser
self._splunkPass = self._sample.splunkPass
if self._sample.sessionKey == None:
try:
myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
logger.debugv("Getting session key from '%s' with user '%s' and pass '%s'" % (self._splunkUrl + '/services/auth/login', self._splunkUser, self._splunkPass))
response = myhttp.request(self._splunkUrl + '/services/auth/login', 'POST',
headers = {}, body=urllib.urlencode({'username': self._splunkUser,
'password': self._splunkPass}))[1]
self._sample.sessionKey = minidom.parseString(response).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
logger.debug("Got new session for splunkstream, sessionKey '%s'" % self._sample.sessionKey)
except:
logger.error("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'. Credentials are missing or wrong" % self._sample.name)
raise IOError("Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'. Credentials are missing or wrong" % self._sample.name)
logger.debug("Retrieved session key '%s' for Splunk session for sample %s'" % (self._sample.sessionKey, self._sample.name))
def __init__(self, sample, output_counter=None):
# Override maxQueueLength to EventPerKey so that each flush
# will generate one aws key
if sample.awsS3EventPerKey:
sample.maxQueueLength = sample.awsS3EventPerKey
OutputPlugin.__init__(self, sample, output_counter)
if not boto_imported:
self.logger.error("There is no boto3 or botocore library available")
return
# disable any "requests" warnings
requests.packages.urllib3.disable_warnings()
# Bind passed in samples to the outputter.
self.awsS3compressiontype = sample.awsS3CompressionType if hasattr(
sample, 'awsS3CompressionType') and sample.awsS3CompressionType else None
self.awsS3eventtype = sample.awsS3EventType if hasattr(sample,
'awsS3EventType') and sample.awsS3EventType else 'syslog'
self.awsS3objectprefix = sample.awsS3ObjectPrefix if hasattr(
sample, 'awsS3ObjectPrefix') and sample.awsS3ObjectPrefix else ""
self.awsS3objectsuffix = sample.awsS3ObjectSuffix if hasattr(
sample, 'awsS3ObjectSuffix') and sample.awsS3ObjectSuffix else ""
self.awsS3bucketname = sample.awsS3BucketName
self.logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
self._client = None
self._createConnections(sample)
self.logger.debug("Finished init of awsS3 plugin.")
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {
'module': 'FileOutputPlugin',
'sample': sample.name
})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
if sample.fileName == None:
logger.error(
'outputMode file but file not specified for sample %s' %
self._sample.name)
raise ValueError(
'outputMode file but file not specified for sample %s' %
self._sample.name)
self._file = sample.pathParser(sample.fileName)
self._fileMaxBytes = sample.fileMaxBytes
self._fileBackupFiles = sample.fileBackupFiles
self._fileHandle = open(self._file, 'a')
self._fileLength = os.stat(self._file).st_size
logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
(self._file, self._fileMaxBytes, self._fileBackupFiles))
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._tcpDestinationHost = sample.tcpDestinationHost if hasattr(sample,'tcpDestinationHost') and sample.tcpDestinationHost else '127.0.0.1'
self._tcpDestinationPort = sample.tcpDestinationPort if hasattr(sample,'tcpDestinationPort') and sample.tcpDestinationPort else '3333'
import socket # Import socket module
self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._udpDestinationHost = sample.udpDestinationHost if hasattr(
sample, 'udpDestinationHost') and sample.udpDestinationHost else '127.0.0.1'
self._udpDestinationPort = sample.udpDestinationPort if hasattr(
sample, 'udpDestinationPort') and sample.udpDestinationPort else '3333'
import socket # Import socket module
self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
self._udpDestinationHost = sample.udpDestinationHost if hasattr(
sample, 'udpDestinationHost'
) and sample.udpDestinationHost else '127.0.0.1'
self._udpDestinationPort = sample.udpDestinationPort if hasattr(
sample,
'udpDestinationPort') and sample.udpDestinationPort else '3333'
import socket # Import socket module
self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'SpoolOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
self._spoolDir = sample.pathParser(sample.spoolDir)
self._spoolFile = sample.spoolFile
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
if sample.fileName is None:
self.logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)
self._file = sample.pathParser(sample.fileName)
self._fileMaxBytes = sample.fileMaxBytes
self._fileBackupFiles = sample.fileBackupFiles
self._fileHandle = open(self._file, 'a')
self._fileLength = os.stat(self._file).st_size
self.logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" %
(self._file, self._fileMaxBytes, self._fileBackupFiles))
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
if sample.fileName == None:
self.logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)
self._file = sample.pathParser(sample.fileName)
self._fileMaxBytes = sample.fileMaxBytes
self._fileBackupFiles = sample.fileBackupFiles
self._fileHandle = open(self._file, 'a')
self._fileLength = os.stat(self._file).st_size
self.logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
(self._file, self._fileMaxBytes, self._fileBackupFiles))
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
from eventgenconfig import Config
globals()['c'] = Config()
self._splunkUrl, self._splunkMethod, self._splunkHost, self._splunkPort = c.getSplunkUrl(
self._sample) # noqa
self._splunkUser = self._sample.splunkUser
self._splunkPass = self._sample.splunkPass
if not self._sample.sessionKey:
try:
myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
self.logger.debug(
"Getting session key from '%s' with user '%s' and pass '%s'"
% (self._splunkUrl + '/services/auth/login',
self._splunkUser, self._splunkPass))
response = myhttp.request(self._splunkUrl +
'/services/auth/login',
'POST',
headers={},
body=urllib.urlencode({
'username':
self._splunkUser,
'password':
self._splunkPass
}))[1]
self._sample.sessionKey = minidom.parseString(
response).getElementsByTagName(
'sessionKey')[0].childNodes[0].nodeValue
self.logger.debug(
"Got new session for splunkstream, sessionKey '%s'" %
self._sample.sessionKey)
except:
self.logger.error(
"Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'."
% self._sample.name + " Credentials are missing or wrong")
raise IOError(
"Error getting session key for non-SPLUNK_EMBEEDED for sample '%s'."
% self._sample.name + "Credentials are missing or wrong")
self.logger.debug(
"Retrieved session key '%s' for Splunk session for sample %s'" %
(self._sample.sessionKey, self._sample.name))
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Verify we were passed in a kvstore setting.
if not hasattr(sample, 'kvstore'):
raise ValueError('kvstore not defined for {0}'.format(
sample.filePath))
# Wait for the Rest service to come online.
wait_for_services(sample.sessionKey, sample.kvstore)
# Get the kvstore data.
data = get_data(sample.filePath)
# Delete the old entries.
delete_from_kvstore(sample.sessionKey, sample.kvstore)
# Save the new entries to the kvstore.
save_to_kvstore(data, sample.sessionKey, sample.kvstore)
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._syslogDestinationHost = sample.syslogDestinationHost if hasattr(
sample, 'syslogDestinationHost') and sample.syslogDestinationHost else '127.0.0.1'
self._syslogDestinationPort = sample.syslogDestinationPort if hasattr(
sample, 'syslogDestinationPort') and sample.syslogDestinationPort else 1514
loggerName = 'syslog' + sample.name
self._l = logging.getLogger(loggerName)
self._l.setLevel(logging.INFO)
global loggerInitialized
# This class is instantiated at least once each interval. Since each logger with a given name is a singleton,
# only add the syslog handler once instead of every interval.
if loggerName not in loggerInitialized:
syslogHandler = logging.handlers.SysLogHandler(
address=(self._syslogDestinationHost, int(self._syslogDestinationPort)))
self._l.addHandler(syslogHandler)
loggerInitialized[loggerName] = True
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
#disable any "requests" warnings
requests.packages.urllib3.disable_warnings()
#Setup loggers from the root eventgen
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'BattlecatOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
#Bind passed in samples to the outputter.
if hasattr(sample, 'battlecatServers') == False:
logger.error('outputMode battlecat but battlecatServers not specified for sample %s' % self._sample.name)
raise ValueError('outputMode battlecat but battlecatServers not specified for sample %s' % self._sample.name)
self.battlecatServers = sample.battlecatServers
logger.debug("Setting up the connection pool for %s in %s" % (self._sample.name, self._app))
self.createConnections()
logger.debug("Pool created.")
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._syslogDestinationHost = sample.syslogDestinationHost if hasattr(
sample, 'syslogDestinationHost'
) and sample.syslogDestinationHost else '127.0.0.1'
self._syslogDestinationPort = sample.syslogDestinationPort if hasattr(
sample,
'syslogDestinationPort') and sample.syslogDestinationPort else 1514
loggerName = 'syslog' + sample.name
self._l = logging.getLogger(loggerName)
self._l.setLevel(logging.INFO)
global loggerInitialized
# This class is instantiated at least once each interval. Since each logger with a given name is a singleton,
# only add the syslog handler once instead of every interval.
if loggerName not in loggerInitialized:
syslogHandler = logging.handlers.SysLogHandler(
address=(self._syslogDestinationHost,
int(self._syslogDestinationPort)))
self._l.addHandler(syslogHandler)
loggerInitialized[loggerName] = True
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
# Logger already setup by config, just get an instance
logger = logging.getLogger('eventgen')
from eventgenconfig import EventgenAdapter
adapter = EventgenAdapter(logger, {'module': 'FileOutputPlugin', 'sample': sample.name})
globals()['logger'] = adapter
from eventgenconfig import Config
globals()['c'] = Config()
if sample.fileName == None:
logger.error('outputMode file but file not specified for sample %s' % self._sample.name)
raise ValueError('outputMode file but file not specified for sample %s' % self._sample.name)
self._file = sample.fileName
self._fileMaxBytes = sample.fileMaxBytes
self._fileBackupFiles = sample.fileBackupFiles
self._fileHandle = open(self._file, 'a')
self._fileLength = os.stat(self._file).st_size
logger.debug("Configured to log to '%s' with maxBytes '%s' with backupCount '%s'" % \
(self._file, self._fileMaxBytes, self._fileBackupFiles))
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self.firsttime = True
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._spoolDir = sample.pathParser(sample.spoolDir)
self._spoolFile = sample.spoolFile
self.spoolPath = self._spoolDir + os.sep + self._spoolFile
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self._spoolDir = sample.pathParser(sample.spoolDir)
self._spoolFile = sample.spoolFile
self.spoolPath = self._spoolDir + os.sep + self._spoolFile
def __init__(self, sample):
OutputPlugin.__init__(self, sample)
self.firsttime = True
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)
self.firsttime = True
def __init__(self, sample): OutputPlugin.__init__(self, sample)
def __init__(self, sample, output_counter=None):
OutputPlugin.__init__(self, sample, output_counter)