Example #1
0
 def __init__(self, token=""):
     if not token:
         token = os.getenv("SYSDIG_TOKEN")
     self._Token = token
     if not self._Token:
         raise ValueError((f"Invalid Sysdig configuration. "
                           f"Token not set (SYSDIG_TOKEN) or passes"))
     self._Severity = 7
     self._Client = SdcClient(self._Token)
Example #2
0
def init():
    if len(sys.argv) != 3:
        print 'usage: %s <sysdig-token> <slack-token>' % sys.argv[0]
        sys.exit(1)
    else:
        sdc_token = sys.argv[1]
        slack_token = sys.argv[2]

    #
    # Instantiate the SDC client and Retrieve the SDC user information to make sure we have a valid connection
    #
    sdclient = SdcClient(sdc_token)

    #
    # Make a connection to the slack API
    #
    sc = SlackClient(slack_token)
    sc.rtm_connect()

    slack_id = json.loads(sc.api_call('auth.test'))['user_id']

    #
    # Start talking!
    #
    dude = SlackBuddy(sdclient, sc, slack_id)
    dude.run()
def evaluate(scope, expected):
    parsed_scope = SdcClient.convert_scope_string_to_expression(scope)
    print('{} is valid: {}'.format(scope, parsed_scope[0] is True))

    if parsed_scope[0] != expected:
        print('Unexpected parsing result!')
        sys.exit(1)
Example #4
0
def get_pod_cpu_memory_usage(pod_name):
    """Get cpus and memory usage in a pod. 

    :return: (float, float)
                 the cores used.
                 the mem used, the unit is M.
    """
    sdclient = SdcClient("5e7d3f61-e1fe-4467-928e-15cec005b79c")
    pod_filter = "kubernetes.pod.name = '%s'" % pod_name
    start = -60
    end = 0
    sampling = 60
    cpus_metrics = [{ "id": "cpu.cores.used", "aggregations": { "time": "max", "group": "max" } }]
    cpus_metric_data = sdclient.get_data(cpus_metrics, start, end, sampling, filter=pod_filter)
    cpus = float(cpus_metric_data[1].get('data')[0].get('d')[0])
    mem_metrics = [{ "id": "memory.bytes.used", "aggregations": { "time": "max", "group": "max" } }]
    mem_metrics_data = sdclient.get_data(mem_metrics, start, end, sampling, filter=pod_filter)
    mem = float(mem_metrics_data[1].get('data')[0].get('d')[0])/1024/1024
    return (cpus, mem)
Example #5
0
def get_pod_cpu_memory_limits(pod_name):
    """Get cpus and memory limits of a pod. 

    :return: (float, float)
                 the cores used.
                 the mem used, the unit is M.
    """
    sdclient = SdcClient("5e7d3f61-e1fe-4467-928e-15cec005b79c")
    pod_filter = "kubernetes.pod.name = '%s'" % pod_name
    start = -60
    end = 0
    sampling = 60
    cpus_limit_metrics = [{"id": "kubernetes.pod.resourceLimits.cpuCores", "aggregations": { "time": "timeAvg", "group": "max" }}]
    cpus_limit_data = sdclient.get_data(cpus_limit_metrics, start, end, sampling, filter=pod_filter)
    cpus_limit = float(cpus_limit_data[1].get('data')[0].get('d')[0])
    mem_limit_metrics = [{"id": "kubernetes.pod.resourceLimits.memBytes", "aggregations": { "time": "timeAvg", "group": "max" }}]
    mem_limit_data = sdclient.get_data(mem_limit_metrics, start, end, sampling, filter=pod_filter)
    mem_limit = float(mem_limit_data[1].get('data')[0].get('d')[0])/1024/1024
    return (cpus_limit, mem_limit)
Example #6
0
def init():
    sdc_token = None
    try:
        sdc_token = os.environ["SYSDIG_API_TOKEN"]
    except KeyError:
        pass
    slack_token = None
    try:
        slack_token = os.environ["SLACK_TOKEN"]
    except KeyError:
        pass
    parser = argparse.ArgumentParser(description='Sysdigbot: the Sysdig Cloud Slack bot.')
    parser.add_argument('--sysdig-api-token', dest='sdc_token', required=(sdc_token is None), default=sdc_token, type=str, help='Sysdig API Token, you can use also SYSDIG_API_TOKEN environment variable to set it')
    parser.add_argument('--slack-token', dest='slack_token', required=(slack_token is None), default=slack_token, type=str, help='Slack Token, you can use also SLACK_TOKEN environment variable to set it')
    parser.add_argument('--quiet', dest='quiet', action='store_true', help='Prevents the bot from printing output on channels, which is useful to avoid any kind of channel pollution')
    parser.add_argument('--no-auto-events', dest='auto_events', action='store_false', help='By default Sysdigbot converts every message in a channel in a Sysdig Cloud event, this flag disables it')
    parser.add_argument('--log-level', dest='log_level', type=LogLevelFromString, help='Logging level, available values: debug, info, warning, error')
    args = parser.parse_args()

    logging.basicConfig(format="%(asctime)s - %(levelname)s - %(message)s", level=args.log_level)
    # requests generates too noise on information level
    logging.getLogger("requests").setLevel(logging.WARNING)
    logging.getLogger("urllib3").setLevel(logging.WARNING)
    logging.debug("Starting Sysdigbot, config=%s", repr(args))

    #
    # Instantiate the SDC client and Retrieve the SDC user information to make sure we have a valid connection
    #
    sdclient = SdcClient(args.sdc_token)

    #
    # Make a connection to the slack API
    #
    sc = SlackClient(args.slack_token)
    sc.rtm_connect()

    sinfo = sc.api_call('auth.test')
    slack_id = sinfo['user_id']

    #
    # Start talking!
    #
    dude = SlackBuddy(sdclient, sc, slack_id, args.quiet)
    dude.auto_events = args.auto_events
    dude.run()
Example #7
0
class SysdigClient(object):

    def __init__(self, token=""):
        if not token:
            token = os.getenv("SYSDIG_TOKEN")
        self._Token = token
        if not self._Token:
            raise ValueError((f"Invalid Sysdig configuration. "
                              f"Token not set (SYSDIG_TOKEN) or passes"))
        self._Severity = 7
        self._Client = SdcClient(self._Token)

    def write(self, **kwargs):
        msg = kwargs.get("description", "")
        if msg:
            self.post_alert({'name': msg,
                             'description': kwargs.get("data", ""),
                             'severity': kwargs.get('severity', self._Severity)})

    def post_alert(self, info):
        return self._Client.post_event(name=info['name'], description=info['description'],
                                       severity=info['severity'])
Example #8
0
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]
hostname = sys.argv[2]
capture_name = sys.argv[3]
duration = sys.argv[4]
capture_filter = ''

if len(sys.argv) == 6:
    capture_filter = sys.argv[5]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

res = sdclient.create_sysdig_capture(hostname, capture_name, int(duration),
                                     capture_filter)

#
# Show the list of metrics
#
if res[0]:
    capture = res[1]['dump']
else:
    print res[1]
    sys.exit(1)

while True:
    res = sdclient.poll_sysdig_capture(capture)
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

cpu_metric = [
    {"id": "cpu.used.percent",
     "aggregations": {
         "time": "avg",
         "group": "avg"
     }
    }]

#
# First example: CPU by host name
# datasource_type is not necessary since it's infered from the grouping key host.hostName
#
req = [{"id": "host.hostName"}]
req.extend(cpu_metric)
Example #10
0
sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

res = sdclient.get_alerts()
if not res[0]:
    print res[1]
    sys.exit(1)

for alert in res[1]['alerts']:
    if alert['name'] == "tomcat cpu > 80% on any host":
        print "Deleting alert"
        res = sdclient.delete_alert(alert)
        if not res[0]:
            print res[1]
            sys.exit(1)
Example #11
0
# Parse arguments
#
json_dumpfilename = None
if len(sys.argv) < 2 or len(sys.argv) > 3:
    print(('usage: %s <sysdig-token> [json-dumpfile]' % sys.argv[0]))
    print('You can find your token at https://app.sysdigcloud.com/#/settings/user')
    sys.exit(1)
elif len(sys.argv) == 3:
    json_dumpfilename = sys.argv[2]

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
ok, res = sdclient.get_alerts()

#
# Show the list of alerts
#
if not ok:
    print(res)
    sys.exit(1)

for alert in res['alerts']:
    print(('enabled: %s, name: %s' % (str(alert['enabled']), alert['name'])))
Example #12
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# List the dashboards
#
res = sdclient.get_dashboards()
if not res[0]:
    print res[1]
    sys.exit(1)

#
# Delete all the dashboards containing "API test"
#
for dashboard in res[1]['dashboards']:
    if 'API test' in dashboard['name']:
        print "Deleting " + dashboard['name']
#
# Parse arguments
#
if len(sys.argv) != 2:
    print('usage: %s <sysdig-token>' % sys.argv[0])
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
ok, res = sdclient.get_dashboards()

#
# Show the list of dashboards
#
if not ok:
    print(res)
    sys.exit(1)

for db in res['dashboards']:
    print("Name: %s, # Charts: %d" %
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# List the dashboards
#
res = sdclient.get_dashboards()
if not res[0]:
    print res[1]
    sys.exit(1)

#
# Delete all the dashboards containing "API test"
#
for dashboard in res[1]['dashboards']:
    if 'API test' in dashboard['name']:
        print "Deleting " + dashboard['name']
#
# Parse arguments
#
if len(sys.argv) != 3:
    print 'usage: %s <sysdig-token> email' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]
email = sys.argv[2]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Post the event
#
res = sdclient.add_email_notification_recipient(email)

#
# Return the result
#
if res[0]:
    print 'Recipient added successfully'
else:
    print res[1]
    sys.exit(1)
Example #16
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the events that match a name
#
res = sdclient.get_events(name='test event')

if not res[0]:
	print res[1]
	sys.exit(1)

#
# Delete the first event among the returned ones
#
for event in res[1]['events']:
	print "Deleting event " + event['name']
sdc_token = sys.argv[1]
name = sys.argv[2]
description = sys.argv[3]

scope='host.hostName = "foo" and container.name = "bar"'
tags={"tag1" : "value1"}

severity = 6
if len(sys.argv) < 4:
    severity = int(sys.argv[4])

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Post the event
#
res = sdclient.post_event(name, description, severity, scope, tags)

#
# Return the result
#
if res[0]:
    print 'Event Posted Successfully'
else:
    print res[1]
    sys.exit(1)
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the required info
#
res = sdclient.get_user_info()

if res[0]:
    uinfo = res[1]
else:
    print res[1]
    sys.exit(1)

res = sdclient.get_n_connected_agents()

#
#

import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request
#
res = sdclient.get_explore_grouping_hierarchy()

#
# Show the result
#
print res[1]
    print "You can find your token at https://app.sysdigcloud.com/#/settings/user"
    sys.exit(1)

sdc_token = sys.argv[1]
hostname = sys.argv[2]
capture_name = sys.argv[3]
duration = sys.argv[4]
capture_filter = ""

if len(sys.argv) == 6:
    capture_filter = sys.argv[5]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

res = sdclient.create_sysdig_capture(hostname, capture_name, int(duration), capture_filter)

#
# Show the list of metrics
#
if res[0]:
    capture = res[1]["dump"]
else:
    print res[1]
    sys.exit(1)

while True:
    res = sdclient.poll_sysdig_capture(capture)
    if res[0]:
    usage()

alert_name = "tomcat cpu > 80% on any host"
for opt, arg in opts:
    if opt in ("-a", "--alert"):
        alert_name = arg

if len(args) != 1:
    usage()

sdc_token = args[0]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Find notification channels (you need IDs to create an alert).
#
notify_channels = [{
    'type': 'SLACK',
    'channel': '#python-sdc-test-alert'
}, {
    'type':
    'EMAIL',
    'emailRecipients': ['*****@*****.**', '*****@*****.**']
}, {
    'type':
    'SNS',
    'snsTopicARNs': ['arn:aws:sns:us-east-1:273107874544:alarms-stg']
Example #22
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)


#
# Create an empty dashboard
#
dashboard_name = 'My Dashboard'
dashboard_configuration = None
res = sdclient.create_dashboard(dashboard_name)

# Check the result
if res[0]:
    print 'Dashboard %d created successfully' % res[1]['dashboard']['id']
    dashboard_configuration = res[1]['dashboard']
else:
    print res[1]
sdc_token = sys.argv[1]
sdc_tokens = []
if not '.json' in sdc_token:
    sdc_tokens.append(sdc_token)
else:
    with open(sdc_token) as f:
        data = json.load(f)
        for apikey in data['apikeys']:
            sdc_tokens.append(apikey)

for token in sdc_tokens:
    #
    # Instantiate the SDC client
    # For on-pmreises, add ssl_verify=False
    #
    sdclient = SdcClient(token, sdc_url='https://app.sysdigcloud.com')
    dashboard_state_file = 'dashboards' + token + '.zip'
    zipf = zipfile.ZipFile(dashboard_state_file, 'r')

    dashboard_conf_items = [
        'showAsType', 'filterRoot', 'linkMetrics', 'singleTimeNavigation',
        'gridConfiguration', 'responsive', 'nodesNoiseFilter', 'compareWith',
        'format', 'linksNoiseFilter', 'filterProcesses', 'isLegendExpanded',
        'inhertitTimeNavigation', 'schema', 'sortAscending', 'mapDataLimit',
        'metrics', 'filterExtNodes', 'sorting', 'name', 'sourceExploreView',
        'items', 'showAs', 'eventsFilter', 'timeMode', 'isShared',
        'sourceDrilldownView', 'filterExpression'
    ]

    for info in zipf.infolist():
        data = zipf.read(info.filename)
Example #24
0
        print 'time: %d, name: %s, description: %s, severity: %s' % (event['timestamp'], event['name'], event['description'], severity)

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the entire list of events
#
res = sdclient.get_events()

if res[0]:
    print_events(res[1])
else:
    print res[1]
    sys.exit(1)

#
# Get the events that match a period in time
#
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print "usage: %s <sysdig-token>" % sys.argv[0]
    print "You can find your token at https://app.sysdigcloud.com/#/settings/user"
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
res = sdclient.get_sysdig_captures()

#
# Show the list of metrics
#
if res[0]:
    captures = res[1]["dumps"]
else:
    print res[1]
    sys.exit(1)
            (notification['id'], notification['state'], notification['severity'], notification['filter'], notification['condition'], ','.join(values), notification['resolved'])

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the notifications in the last day
#
res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()))

print_notifications(res[1]['notifications'])
if not res[0]:
    sys.exit(1)

#
# Get the notifications in the last day and active state
#
res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()), state='ACTIVE')
Example #27
0
 def __init__(self, token):
     #
     # Connect to the backend
     #
     self.sdclient = SdcClient(token)
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Serialize the first user dashboard to disk
#
res = sdclient.get_dashboards()

if not res[0]:
    print res[1]
    sys.exit(1)

if len(res[1][u'dashboards']) > 0:
    with open('dashboard.json', 'w') as outf:
        json.dump(res[1][u'dashboards'][0], outf)
else:
    print 'the user has no dashboards. Exiting.'
Example #29
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Prepare the query's metrics list. In this case, we have just one metric:
# host.hostName. This is a 'key' metric, and we don't include any number metric.
# Essentially, we create an 'enumeration' of hostnames.
#
metrics = [{"id": "host.hostName"}]

#
# Fire the query.
# Note: there's no sampling time. This means that we're requesting the result to
#       come as a single sample.
#
res = sdclient.get_data(metrics, # metrics list
                        -600,   # cover the last 600 seconds...
import os
import sys
sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

sdclient = SdcClient(sdc_token)

#
# List of metrics to export. Imagine a SQL data table, with key columns and value columns
# You just need to specify the ID for keys, and ID with aggregation for values.
#
metrics =   [
                # { "id": "agent.tag.team" },
                # { "id": "kubernetes.pod.label.name" },
                # { "id": "agent.tag.env", "aggregations": { "time": "concat", "group": "concat" } },
                { "id": "cpu.used.percent", "aggregations": { "time": "timeAvg", "group": "avg" } }
            ]

#
# Data filter or None if you want to see "everything"
#
Example #31
0
    usage()

duration = 3600
count = 100
print_json = False
for opt, arg in opts:
    if opt in ("-d", "--duration"):
        duration = int(arg)
    elif opt in ("-c", "--count"):
        count = int(arg)
    elif opt in ("-j", "--json"):
        print_json = True
sdc_token = args[0]

# Instantiate the SDC client
sdclient = SdcClient(sdc_token)

#
# Prepare the query's metrics list.
# In this case, we have one tag (used for segmentation) and one metric:
# - host.hostName. This is a tag, to identify each item of the output
# - container.count: This is the metric
#
metrics = [{
    "id": "host.hostName"
}, {
    "id": "container.count",
    "aggregations": {
        "time": "avg",
        "group": "avg"
    }
Example #32
0
if len(sys.argv) != 2:
    print(('usage: %s <sysdig-token>' % sys.argv[0]))
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    print(
        'For this script to work, the user for the token must have Admin rights'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token, 'https://app.sysdigcloud.com')

#
# Get the configuration
#
ok, res = sdclient.get_users()
if ok:
    admins = []
    superadmins = []
    for user in res:
        if 'ROLE_CUSTOMER' in user['roles']:
            admins.append(user['username'])
        if 'ROLE_ADMIN' in user['roles']:
            superadmins.append(user['username'])
    print('Admin users')
    print('-----------')
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Create the new dashboard, applying to cassandra in production
#

# Name for the dashboard to create
dashboardName = "API test - cassandra in prod"
# Name of the view to copy
viewName = "Overview by Process"
# Filter to apply to the new dashboard.
# Remember that you can use combinations of any segmentation criteria you find
# in Sysdig Cloud Explore page.
# You can also refer to AWS tags by using "cloudProvider.tag.*" metadata or
# agent tags by using "agent.tag.*" metadata
dashboardFilter = "kubernetes.namespace.name = prod and proc.name = cassandra"
Example #34
0
# Name for the dashboard to create
channel_name = "Api Channel"
for opt, arg in opts:
    if opt in ("-c", "--channel"):
        channel_name = arg

if len(args) != 1:
    usage()

sdc_token = args[0]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Create an email notification channel
#
ok, res = sdclient.create_email_notification_channel(
    channel_name,
    ['*****@*****.**', '*****@*****.**', '*****@*****.**'])
if not ok:
    print(res)
    sys.exit(1)

#
# The notification channel will contain the id, that can be used when creating alerts
#
channel = res['notificationChannel']
sys.path.insert(
    0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request, set the group configuration you need in the example below
#
groupConfig = ['agent.tag.role', 'host.mac']
res = sdclient.set_explore_grouping_hierarchy(groupConfig)

#
# Show the error if there was one
#
if res[0] == False:
    print res[1]
Example #36
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
res = sdclient.get_metrics()

#
# Show the list of metrics
#
if res[0]:
    data = res[1]
else:
    print res[1]
    sys.exit(1)
Example #37
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the events that match a name
#
res = sdclient.get_events(name='test event')

if not res[0]:
    print res[1]
    sys.exit(1)

#
# Delete the first event among the returned ones
#
for event in res[1]['events']:
    print "Deleting event " + event['name']
Example #38
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Find notification channels (you need IDs to create an alert).
#
notify_channels = [ {'type': 'SLACK', 'channel': 'sysdig-demo2-alerts'},
                    {'type': 'EMAIL', 'emailRecipients': ['*****@*****.**']},
                    {'type': 'SNS', 'snsTopicARNs': ['arn:aws:sns:us-east-1:273107874544:alarms-stg']}
                    ]

res = sdclient.get_notification_ids(notify_channels)
if not res[0]:
    print "Could not get IDs and hence not creating the alert: " + res[1]
    sys.exit(-1)

notification_channel_ids = res[1]
Example #39
0
    usage()

dashboard_name = "My Dashboard"
for opt, arg in opts:
    if opt in ("-d", "--dashboard"):
        dashboard_name = arg

if len(args) != 1:
    usage()

sdc_token = args[0]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Create an empty dashboard
#
dashboard_configuration = None
ok, res = sdclient.create_dashboard(dashboard_name)

# Check the result
if ok:
    print('Dashboard %d created successfully' % res['dashboard']['id'])
    dashboard_configuration = res['dashboard']
else:
    print(res)
    sys.exit(1)
Example #40
0
if not '.json' in sdc_token:
    sdc_tokens.append(sdc_token)
else:
    with open(sdc_token) as f:
        data = json.load(f)
        for apikey in data['apikeys']:
            sdc_tokens.append(apikey)

for sdc_token in sdc_tokens:
    sysdig_dashboard_dir_base = 'sysdig-dashboard-dir'
    token_dir = 'sysdig-dashboard-dir/' + sdc_token
    #
    # Instantiate the SDC client
    # For on-pmreises, add ssl_verify=False
    #
    sdclient = SdcClient(sdc_token, sdc_url='https://app.sysdigcloud.com')

    #
    # Fire the request.
    #
    res = sdclient.get_dashboards()

    #
    # Show the list of dashboards
    #
    if res[0]:
        data = res[1]
    else:
        print res[1]
        sys.exit(1)
Example #41
0
#
# Parse arguments
#
if len(sys.argv) != 2:
    print('usage: %s <sysdig-token>' % sys.argv[0])
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the entire list of events
#
ok, res = sdclient.get_events()

if ok:
    print_events(res)
else:
    print(res)
    sys.exit(1)

#
# Get the events before other event
#
# Parse arguments
#
if len(sys.argv) != 3:
    print(('usage: %s <sysdig-token> <file-name>' % sys.argv[0]))
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]
alerts_dump_file = sys.argv[2]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# If the dump we're restoring from has an Alert with the same name
# as one that's already configured, we'll update the existing Alert
# so it will have the config from the dump. When we do this, however,
# we need to give the ID and Version # of the existing Alert as a
# basis. We save them off here so we can refer to them later.
#
existing_alerts = {}
ok, res = sdclient.get_alerts()
if ok:
    for alert in res['alerts']:
        existing_alerts[alert['name']] = {
            'id': alert['id'],
            'version': alert['version']
except getopt.GetoptError:
    usage()

alert_name = "tomcat cpu > 80% on any host"
for opt, arg in opts:
    if opt in ("-a", "--alert"):
        alert_name = arg

if len(args) != 1:
    usage()

sdc_token = args[0]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

ok, res = sdclient.get_alerts()
if not ok:
    print(res)
    sys.exit(1)

for alert in res['alerts']:
    if alert['name'] == alert_name:
        print("Deleting alert")
        ok, res = sdclient.delete_alert(alert)
        if not ok:
            print(res)
            sys.exit(1)
Example #44
0
#
# Parse arguments
#
if len(sys.argv) < 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

# This is bad arg parsing - just use a flag + argparse in the future
metric_name = "stupid_counter"
metric_name = sys.argv[2]

sdclient = SdcClient(sdc_token)

#
# List of metrics to export. Imagine a SQL data table, with key columns and value columns
# You just need to specify the ID for keys, and ID with aggregation for values.
#
metrics =   [
                # { "id": "container.id" },
                # { "id": "agent.tag.env", "aggregations": { "time": "concat", "group": "concat" } },
                # { "id": "stupid_counter", "aggregations": { "time": "timeAvg", "group": "avg" } }
                { "id": metric_name, "aggregations": { "time": "sum", "group": "sum" } }
            ]

#
# Data filter or None if you want to see "everything"
#
#
# Parse arguments
#
if len(sys.argv) != 3:
    print 'usage: %s <sysdig-token> <hostname>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]
hostname = sys.argv[2]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Prepare the metrics list.
#
metrics = [
    # The first metric we request is the container name. This is a segmentation
    # metric, and you can tell by the fact that we don't specify any aggregation
    # criteria. This entry tells Sysdig Cloud that we want to see the CPU
    # utilization for each container separately.
    {"id": "container.name"},
    # The second metric we reuest is the CPU. We aggregate it as an average.
    {"id": "cpu.used.percent",
     "aggregations": {
         "time": "avg",
         "group": "avg"
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
res = sdclient.get_dashboards()

#
# Show the list of dashboards
#
if res[0]:
    data = res[1]
else:
    print res[1]
    sys.exit(1)
#
# Parse arguments
#
if len(sys.argv) != 2:
    print('usage: %s <sysdig-token>' % sys.argv[0])
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token, 'https://app.sysdigcloud.com')

#
# Get the configuration
#
ok, res = sdclient.get_agents_config()

#
# Return the result
#
if ok:
    if not ("files" in res) or len(res["files"]) == 0:
        print("No current auto configuration")
    else:
        print("Current contents of config file:")
        print("--------------------------------")
#
# Parse arguments
#
if len(sys.argv) != 3:
    print 'usage: %s <sysdig-token> <num-days-to-resolve>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]
num_days_to_resolve = sys.argv[2]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the unresolved notifications in the last day
#
res = sdclient.get_notifications(from_ts=int(time.time() - int(num_days_to_resolve) * 86400),
                                 to_ts=int(time.time()), resolved=False)

if not res[0]:
    print res[1]
    sys.exit(1)

#
# Resolve them
#
notifications = res[1]['notifications']
    usage()

event_name = "test_event_name"
for opt, arg in opts:
    if opt in ("-e", "--event"):
        event_name = arg

if len(args) != 1:
    usage()

sdc_token = args[0]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the events that match a name
#
ok, res = sdclient.get_events(name=event_name)

if not ok:
    print(res)
    sys.exit(1)

#
# Delete the first event among the returned ones
#
for event in res['events']:
    print("Deleting event " + event['name'])
Example #50
0
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
res = sdclient.get_alerts()

#
# Show the list of alerts
#
if res[0]:
    data = res[1]
else:
    print res[1]
    sys.exit(1)
Example #51
0
#
# Parse arguments
#
if len(sys.argv) != 2:
    print('usage: %s <sysdig-token>' % sys.argv[0])
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Get the entire list of events
#
ok, res = sdclient.get_events()

if ok:
    print_events(res)
else:
    print(res)
    sys.exit(1)

#
# Get the events that match a period in time
#
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Fire the request.
#
res = sdclient.get_data_retention_info()

#
# Show the list of retention intervals
#
if res[0]:
    data = res[1]
else:
    print res[1]
    sys.exit(1)
Example #53
0
class Fetcher(object):
    def __init__(self, token):
        #
        # Connect to the backend
        #
        self.sdclient = SdcClient(token)

    def fetch(self, info, query, paging, start_ts, end_ts, nchunks):
        res = {'start': 0, 'end': 0, 'data': []}

        time_range = info['time_range']
        source_type = info['source_type']
        if 'filter' in info:
            filter = info['filter']
        else:
            filter = ''

        try:
            start = start_ts
            chunk_len = TIME_RANGES[time_range]['window'] / nchunks
            end = start + chunk_len
            delta = TIME_RANGES[time_range]['step']
        except:
            raise Exception('fetch',
                            'unsupported time window %s.' % (str(time_range)))

        #
        # get the data
        #
        while start < end_ts:
            sys.stdout.write('.')
            sys.stdout.flush()

            gdres = self.sdclient.get_data(query, start, end, delta, filter,
                                           source_type, paging)

            if gdres[0] is False:
                if gdres[1].find('code 504') != -1:
                    print 'got a 504 from server.'
                    return None
                elif gdres[1].find(
                        'something really bad happened with your reques'
                ) != -1:
                    return None
                raise Exception('get_data', gdres[1])
            if res['start'] == 0:
                res['start'] = gdres[1]['start']
            res['end'] = gdres[1]['end']
            res['data'].append(gdres[1]['data'])

            start += chunk_len
            end += chunk_len

        res['query'] = query
        res['delta'] = delta
        return res

    def fetch_as_datatable(self, info, query):
        page_size = PAGE_SIZE
        fetch_limit = FETCH_LIMIT
        cur = 0
        dl_size = 0
        self.start_ts = 0
        self.end_ts = 0

        #
        # Determine the exact time interval to fetch
        #
        time_range = info['time_range']

        if not time_range in TIME_RANGES:
            raise Exception('fetch',
                            'unsupported time window %s.' % (str(time_range)))

        sampling = TIME_RANGES[time_range]['step'] * 1000000
        rires = self.sdclient.get_data_retention_info()
        if rires[0] == False:
            raise Exception('get_data_retention_info', rires[1])
        ri = rires[1]

        fa = False
        for tl in ri['agents']:
            if tl['sampling'] == sampling or (tl['sampling'] == 1000000
                                              and sampling == 10000000):
                self.end_ts = tl['to'] / 1000000
                self.start_ts = self.end_ts - TIME_RANGES[time_range]['window']
                fa = True
                break

        if fa == False:
            raise Exception(
                'fetch_as_datatable',
                'sampling %u not supported by the backend' % sampling)

        #
        # Fetch the data, subdividing it in pages of page_size entries
        #
        while cur < fetch_limit:
            nchunks = 1
            paging = {'from': cur, 'to': cur + page_size}

            while nchunks <= 64:
                data = self.fetch(info, query, paging, self.start_ts,
                                  self.end_ts, nchunks)

                if data == None:
                    nchunks = nchunks * 4 if nchunks < 4 else nchunks * 2
                    print 'request too big, trying to split into %d chuncks' % nchunks
                    time.sleep(3)
                else:
                    break

            if data == None:
                raise Exception(
                    'request still failing with %d chunks, skipping' % nchunks)

            if len(data['data']) == 0 or len(data['data'][0]) == 0:
                if 'df' in locals():
                    return df
                else:
                    return None

            #
            # Create the pandas table using the information in the dataset
            #
            cols = []
            template_row = {}
            for ci in data['query']:
                cols.append(ci['id'])
                template_row[ci['id']] = 0

            #
            # Fill the table
            #
            rows = []
            dl_size = 0

            for chunk in data['data']:
                dl_size += sys.getsizeof(chunk)
                for r in chunk:
                    newrow = dict(template_row)
                    newrow['t'] = r['t']
                    j = 0
                    for c in cols:
                        newrow[c] = r['d'][j]
                        j = j + 1
                    rows.append(newrow)

            if cur == 0:
                df = pd.DataFrame(rows)
            else:
                df = df.append(rows)

            cur += (page_size + 1)
            print 'records: %d, bytes: %d' % (cur - 1, dl_size)

        return df
Example #54
0
parser.add_argument('-d','--description')
parser.add_argument('-s','--severity', help='syslog style from 0 (high) to 7 (low)')
parser.add_argument('-c','--scope', help='metadata, in Sysdig Cloud format, of nodes to associate with the event, eg: \'host.hostName = "ip-10-1-1-1" and container.name = "foo"\'')
parser.add_argument('-t','--tags', help='dictionary of arbitrary key-value pairs, eg: \'{"app":"my_app", "file":"text.py"}\'')
parser.add_argument('sysdig_token', help='You can find your token at https://app.sysdigcloud.com/#/settings/user')
parser.add_argument('name')
args = parser.parse_args()

tags=None
if args.tags:
    tags=json.loads(args.tags)
    
#
# Instantiate the SDC client
#
sdclient = SdcClient(args.sysdig_token)

#
# Post the event using post_event(self, name, description=None, severity=None, event_filter=None, tags=None)
#
res = sdclient.post_event(args.name, args.description, args.severity, args.scope, tags)

#
# Return the result
#
if res[0]:
    print 'Event Posted Successfully'
else:
    print res[1]
    sys.exit(1)
    print(
        'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    )
    sys.exit(1)

sdc_token = sys.argv[1]

if len(sys.argv) == 3:
    hostname = sys.argv[2]
else:
    hostname = None

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Prepare the metrics list.
#
metrics = [{
    "id": "net.local.endpoint"
}, {
    "id": "net.local.service"
}, {
    "id": "net.remote.endpoint"
}, {
    "id": "net.remote.service"
}, {
    "id": "net.connection.count.total",
    "aggregations": {
from sdcclient import SdcClient

#
# Parse arguments
#
if len(sys.argv) != 2:
    print 'usage: %s <sysdig-token>' % sys.argv[0]
    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
    sys.exit(1)

sdc_token = sys.argv[1]

#
# Instantiate the SDC client
#
sdclient = SdcClient(sdc_token)

#
# Create an email notification channel
#
res = sdclient.create_email_notification_channel('Api Channel', ['*****@*****.**', '*****@*****.**', '*****@*****.**'])
if not res[0]:
    print res[1]
    sys.exit(1)

#
# The notification channel will contain the id, that can be used when creating alerts
#
channel = res[1]['notificationChannel']
print channel