def fetch_as_element(self, **kw):
"""
Fetch the blacklist and return as an instance of Element.
:return: generator returning element instances
:rtype: BlacklistEntry
"""
clone = self.copy()
# Replace all filters with a combined filter
bldata = TextFormat(field_format='name')
# Preserve resolving fields for new filter
if 'resolving' in self.format.data:
bldata.set_resolving(**self.format.data['resolving'])
# Resolve the entry ID to match SMC
blid = TextFormat(field_format='pretty')
blid.field_ids([LogField.BLACKLISTENTRYID])
combined = CombinedFormat(bldata=bldata, blid=blid)
clone.update_format(combined)
for list_of_results in clone.fetch_raw(**kw):
for entry in list_of_results:
data = entry.get('bldata')
data.update(**entry.get('blid'))
yield BlacklistEntry(**data)
def __init__(self,
definition=None,
target=None,
format=None,
**sockopt): # @ReservedAssignment
"""
Create a query.
:param str definition: used by all monitors with exception of
LogQuery. This defines the type of session.
:param str target: used by all monitors with exception of LogQuery.
This identifies the engine/cluster to run the query against.
:param format: optional format from :py:mod:`smc_monitoring.monitors`
"""
self.request = {
'query': {},
'fetch': {},
'format': {
'type': 'texts',
"field_format": "pretty"
}
}
self.format = format if format is not None else TextFormat()
self.request.update(format=self.format.data)
if target is not None:
self.update_query(target=target)
if definition is not None:
self.update_query(definition=definition)
self.sockopt = sockopt if sockopt else {} # Optional socket options
def __init__(self, target, timezone=None, **kw):
bldata = TextFormat(field_format='name')
if timezone is not None:
bldata.set_resolving(timezone=timezone)
blid = TextFormat(field_format='pretty')
blid.field_ids([LogField.BLACKLISTENTRYID])
combined = CombinedFormat(bldata=bldata, blid=blid)
super(BlacklistQuery, self).__init__('BLACKLIST',
target,
format=combined,
**kw)
def test_custom_formats_for_query(self):
dt = DetailedFormat(timezone='CST',
time_show_zone=True,
ip_elements=True,
ip_locations=True)
# Add detailed format to a query
query = LogQuery(format=dt)
d = {
'fetch': {
'backwards': True
},
'format': {
'field_format': 'pretty',
'resolving': {
'ip_elements': True,
'ip_locations': True,
'senders': True,
'time_show_zone': True,
'timezone': 'CST'
},
'type': 'detailed'
},
'query': {
'end_ms': 0,
'start_ms': 0,
'type': 'stored'
}
}
self.assertDictEqual(d, query.request)
# Change the format for a query
rf = RawFormat(field_format='name')
rf.field_ids([LogField.SRC, LogField.DST])
query.update_format(rf)
request = {
'fetch': {
'backwards': True
},
'format': {
'field_format': 'name',
'field_ids': [7, 8],
'type': 'raw'
},
'query': {
'end_ms': 0,
'start_ms': 0,
'type': 'stored'
}
}
self.assertDictEqual(request, query.request)
# Start with fresh Query and add a combined filter. A combined filter
# mixes individual formats together and when data is returned it's
# dict key will be the mapping to the format
text = TextFormat()
text.field_ids([LogField.TIMESTAMP])
detailed = DetailedFormat()
detailed.field_ids([LogField.SRC, LogField.DST])
combined = CombinedFormat(tformat=text, dformat=detailed)
query = LogQuery(fetch_size=1)
query.update_format(combined)
d = {
'fetch': {
'backwards': True,
'quantity': 1
},
'format': {
'formats': {
'dformat': {
'field_format': 'pretty',
'field_ids': [7, 8],
'resolving': {
'senders': True
},
'type': 'detailed'
},
'tformat': {
'field_format': 'pretty',
'field_ids': [1],
'resolving': {
'senders': True
},
'type': 'texts'
}
},
'type': 'combined'
},
'query': {
'end_ms': 0,
'start_ms': 0,
'type': 'stored'
}
}
self.assertDictEqual(d, query.request)
def test_custom_formats_for_query(self):
dt = DetailedFormat(timezone='CST',
time_show_zone=True,
ip_elements=True,
ip_locations=True)
# Add detailed format to a query
query = LogQuery(format=dt)
d = {'fetch': {'backwards': True},
'format': {'field_format': 'pretty',
'resolving': {'ip_elements': True,
'ip_locations': True,
'senders': True,
'time_show_zone': True,
'timezone': 'CST'},
'type': 'detailed'},
'query': {'end_ms': 0, 'start_ms': 0, 'type': 'stored'}}
self.assertDictEqual(d, query.request)
# Change the format for a query
rf = RawFormat(field_format='name')
rf.field_ids([LogField.SRC, LogField.DST])
query.update_format(rf)
request = {'fetch': {'backwards': True},
'format': {
'field_format': 'name',
'field_ids': [7, 8],
'type': 'raw'},
'query': {'end_ms': 0, 'start_ms': 0, 'type': 'stored'}}
self.assertDictEqual(request, query.request)
# Start with fresh Query and add a combined filter. A combined filter
# mixes individual formats together and when data is returned it's
# dict key will be the mapping to the format
text = TextFormat()
text.field_ids([LogField.TIMESTAMP])
detailed = DetailedFormat()
detailed.field_ids([LogField.SRC, LogField.DST])
combined = CombinedFormat(tformat=text, dformat=detailed)
query = LogQuery(fetch_size=1)
query.update_format(combined)
d = {'fetch': {'backwards': True, 'quantity': 1},
'format': {'formats': {'dformat': {'field_format': 'pretty',
'field_ids': [7, 8],
'resolving': {'senders': True},
'type': 'detailed'},
'tformat': {'field_format': 'pretty',
'field_ids': [1],
'resolving': {'senders': True},
'type': 'texts'}},
'type': 'combined'},
'query': {'end_ms': 0, 'start_ms': 0, 'type': 'stored'}}
self.assertDictEqual(d, query.request)
def test_custom_formats_for_query(self):
dt = DetailedFormat(timezone="CST",
time_show_zone=True,
ip_elements=True,
ip_locations=True)
# Add detailed format to a query
query = LogQuery(format=dt)
d = {
"fetch": {
"backwards": True
},
"format": {
"field_format": "pretty",
"resolving": {
"ip_elements": True,
"ip_locations": True,
"senders": True,
"time_show_zone": True,
"timezone": "CST",
},
"type": "detailed",
},
"query": {
"end_ms": 0,
"start_ms": 0,
"type": "stored"
},
}
self.assertDictEqual(d, query.request)
# Change the format for a query
rf = RawFormat(field_format="name")
rf.field_ids([LogField.SRC, LogField.DST])
query.update_format(rf)
request = {
"fetch": {
"backwards": True
},
"format": {
"field_format": "name",
"field_ids": [7, 8],
"type": "raw"
},
"query": {
"end_ms": 0,
"start_ms": 0,
"type": "stored"
},
}
self.assertDictEqual(request, query.request)
# Start with fresh Query and add a combined filter. A combined filter
# mixes individual formats together and when data is returned it's
# dict key will be the mapping to the format
text = TextFormat()
text.field_ids([LogField.TIMESTAMP])
detailed = DetailedFormat()
detailed.field_ids([LogField.SRC, LogField.DST])
combined = CombinedFormat(tformat=text, dformat=detailed)
query = LogQuery(fetch_size=1)
query.update_format(combined)
d = {
"fetch": {
"backwards": True,
"quantity": 1
},
"format": {
"formats": {
"dformat": {
"field_format": "pretty",
"field_ids": [7, 8],
"resolving": {
"senders": True
},
"type": "detailed",
},
"tformat": {
"field_format": "pretty",
"field_ids": [1],
"resolving": {
"senders": True
},
"type": "texts",
},
},
"type": "combined",
},
"query": {
"end_ms": 0,
"start_ms": 0,
"type": "stored"
},
}
self.assertDictEqual(d, query.request)