#IP second check for C&C
flg_C2 = parser_config.get_ip_secondcheck()
if (flg_C2 == 1):
# 从info中IP检查,提升为warn
mylog.info('all_IP size:{}'.format(len(all_IP)))
ip_check_C2.main(startTime, all_IP, serverNum, dport, indx)
startTime = startTime + delta
flgnum += 1
# runtime=time.clock()-st# get the time of whole process
except Exception, e:
# print e
mylog.error(e)
if __name__ == "__main__":
#delta = 5mins
delta, discard, offset = parser_config.getCheckDeltatime()
# entertime =
if (discard.lower() == 'now'):
startTime = time.strftime("%Y-%m-%d %H:%M:%S")
else:
startTime = datetime.datetime.strptime(discard, '%Y-%m-%d %H:%M:%S')
entertime = time.strftime("%Y-%m-%d %H:%M:%S")
serverNum, dport, indx, aggs_name, querys = parser_config.get_ES_info()
#serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip
#set global dic for storm suppression
blacklist_tools.global_init()
blacklist_tools.set_global_value('warn', [])
new_run(startTime, delta, serverNum, dport, offset, querys, indx,
aggs_name)
# store_run()
os.mkdir(dirpath)
while datetime.datetime.now() < startTime:
#print('time sleep...')
mylog.info("time sleep...")
time.sleep((startTime-datetime.datetime.now()).total_seconds())
try:
# st=time.clock()
#update source dataset
if(datetime.datetime.now()>updatetime):
update_blacklist.main(tday,flgnum)
updatetime=updatetime+delta
# check interval time is 5mins
checkES(startTime,indx,aggs_name,serverNum,dport,tday)
startTime = startTime + delta
flgnum+=1
# runtime=time.clock()-st# get the time of whole process
except Exception, e:
# print e
mylog.error(e)
if __name__=="__main__":
#delta = 5mins
delta,discard=parser_config.getCheckDeltatime()
# entertime =
entertime = time.strftime("%Y-%m-%d %H:%M:%S")
startTime = datetime.datetime.strptime(discard, '%Y-%m-%d %H:%M:%S')
serverNum,dport,indx,aggs_name=parser_config.get_ES_info()
#serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip
new_run(startTime,delta,serverNum,dport,indx,aggs_name)
# store_run()
tday = datetime.datetime.now().date()
runtime = 0 # elapsed time of whole process,included check and merge
while True:
if (tday != datetime.datetime.now().date()):
flgnum = 0 # reset flgnum per day
tday = datetime.datetime.now().date()
while datetime.datetime.now() < startTime:
print('time sleep...')
time.sleep(delta.seconds - runtime)
try:
st = time.clock()
#update source dataset
update_blacklist.main(tday, flgnum)
# check interval time is 15mins
checkES(startTime, indx, aggs_name, serverNum, dport, tday)
startTime = startTime + delta
flgnum += 1
runtime = time.clock() - st # get the time of whole process
except Exception, e:
print e
if __name__ == "__main__":
entertime = datetime.datetime.now()
# entertime=datetime.datetime.strptime("2018-04-20 15:30:00",'%Y-%m-%d %H:%M:%S')
#delta = 5mins
delta = parser_config.getCheckDeltatime()
serverNum, dport, indx, aggs_name = parser_config.get_ES_info()
#serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip
new_run(entertime, delta, serverNum, dport, indx, aggs_name)
# store_run()