def setup(self): if not self._file_paths: raise ValueError('No file_paths configured to monitor') self._tail = Tail(filenames=self._file_paths) self._tail.handler = self._handle_line self._tail.should_run = True
def setup(self): if not self._file_paths: raise ValueError('No file_paths configured to monitor') if not self._triggers: raise ValueError('No triggers to evaluate for matches') self._tail = Tail(filenames=self._file_paths) self._tail.handler = self._handle_line self._tail.should_run = True
class Syslog_Sensor(Sensor): def __init__(self, sensor_service, config=None): super(Syslog_Sensor, self).__init__(sensor_service=sensor_service, config=config) self._config = self._config['syslog_watch_sensor'] self._file_paths = self._config.get('syslog_paths', []) self._triggers = self._config.get('triggers', []) self._tail = None self._logger = self.sensor_service.get_logger( name=self.__class__.__name__) def setup(self): if not self._file_paths: raise ValueError('No file_paths configured to monitor') if not self._triggers: raise ValueError('No triggers to evaluate for matches') self._tail = Tail(filenames=self._file_paths) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): pass def update_trigger(self, trigger): pass def remove_trigger(self, trigger): pass def _handle_line(self, file_path, line): for trigger in self._triggers: regex = re.compile(trigger['regex']) match = regex.match(line) if match: payload = {} for k, v in trigger['groups'].items(): payload.update({v: match.group(k)}) self.sensor_service.dispatch(trigger=trigger['trigger'], payload=payload)
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._config = self._config['file_watch_sensor'] self._file_paths = self._config.get('file_paths', []) self._trigger_ref = 'linux.file_watch.line' self._tail = None def setup(self): if not self._file_paths: raise ValueError('No file_paths configured to monitor') self._tail = Tail(filenames=self._file_paths) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): pass def update_trigger(self, trigger): pass def remove_trigger(self, trigger): pass def _handle_line(self, file_path, line): trigger = self._trigger_ref payload = { 'file_path': file_path, 'file_name': os.path.basename(file_path), 'line': line } self.sensor_service.dispatch(trigger=trigger, payload=payload)
def setup(self): self.tail = Tail(filenames=[]) self.tail.handler = self._handle_line self.tail.should_run = True
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._trigger = None self._logger = self._sensor_service.get_logger(__name__) self._tail = None def setup(self): self._tail = Tail(filenames=[]) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error('Received trigger type without "file_path" field.') return self._trigger = trigger.get('ref', None) if not self._trigger: raise Exception('Trigger %s did not contain a ref.' % trigger) self._tail.add_file(filename=file_path) self._logger.info('Added file "%s"' % (file_path)) def update_trigger(self, trigger): pass def remove_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error('Received trigger type without "file_path" field.') return self._tail.remove_file(filename=file_path) self._trigger = None self._logger.info('Removed file "%s"' % (file_path)) def _handle_line(self, file_path, line): trigger = self._trigger payload = { 'file_path': file_path, 'file_name': os.path.basename(file_path), 'line': line } self._logger.debug('Sending payload %s for trigger %s to sensor_service.', payload, trigger) self.sensor_service.dispatch(trigger=trigger, payload=payload)
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__( sensor_service=sensor_service, config=config ) self.log = self._sensor_service.get_logger(__name__) self.tail = None self.file_ref = {} def setup(self): self.tail = Tail(filenames=[]) self.tail.handler = self._handle_line self.tail.should_run = True def run(self): self.tail.run() def cleanup(self): if self.tail: self.tail.should_run = False try: self.tail.notifier.stop() except Exception: self.log.exception("Unable to stop the tail notifier") def add_trigger(self, trigger): file_path = trigger["parameters"].get("file_path", None) if not file_path: self.log.error('Received trigger type without "file_path" field.') return trigger = trigger.get("ref", None) if not trigger: raise Exception(f"Trigger {trigger} did not contain a ref.") # Wait a bit to avoid initialization race in logshipper library eventlet.sleep(1.0) self.tail.add_file(filename=file_path) self.file_ref[file_path] = trigger self.log.info(f"Added file '{file_path}' ({trigger}) to watch list.") def update_trigger(self, trigger): pass def remove_trigger(self, trigger): file_path = trigger["parameters"].get("file_path", None) if not file_path: self.log.error("Received trigger type without 'file_path' field.") return self.tail.remove_file(filename=file_path) self.file_ref.pop(file_path) self.log.info(f"Removed file '{file_path}' ({trigger}) from watch list.") def _handle_line(self, file_path, line): if file_path not in self.file_ref: self.log.error( f"No reference found for {file_path}, unable to emit trigger!" ) return trigger = self.file_ref[file_path] payload = { "file_path": file_path, "file_name": os.path.basename(file_path), "line": line, } self.log.debug( f"Sending payload {payload} for trigger {trigger} to sensor_service." ) self.sensor_service.dispatch(trigger=trigger, payload=payload)
def setup(self): self._tail = Tail(filenames=[]) self._tail.handler = self._handle_line self._tail.should_run = True
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._trigger = None self._logger = self._sensor_service.get_logger(__name__) self._tail = None def setup(self): self._tail = Tail(filenames=[]) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._trigger = trigger.get('ref', None) if not self._trigger: raise Exception('Trigger %s did not contain a ref.' % trigger) self._tail.add_file(filename=file_path) self._logger.info('Added file "%s"' % (file_path)) def update_trigger(self, trigger): pass def remove_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._tail.remove_file(filename=file_path) self._trigger = None self._logger.info('Removed file "%s"' % (file_path)) def _handle_line(self, file_path, line): trigger = self._trigger payload = { 'file_path': file_path, 'file_name': os.path.basename(file_path), 'line': line } self._logger.debug( 'Sending payload %s for trigger %s to sensor_service.', payload, trigger) self.sensor_service.dispatch(trigger=trigger, payload=payload)
class LoggingWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(LoggingWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._config = self._config['logging_watch_sensor'] self._file_paths = self._config.get('logging_paths', []) self._trigger_ref = 'campus_ztp.logging_watch.line' self._tail = None def setup(self): if not self._file_paths: raise ValueError('No file_paths configured to monitor') self._tail = Tail(filenames=self._file_paths) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): pass def update_trigger(self, trigger): pass def remove_trigger(self, trigger): pass def _handle_line(self, file_path, line): #Dec 19 17:10:17 RSOC-TEST-STACK 172.20.40.243 System: Interface ethernet 2/1/29, state down regex = re.compile( '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( System: Interface ethernet )(\d+\/\d+\/\d+)(, state down)' ) match = regex.match(line) if match: payload = {'device': match.group(3), 'port': match.group(5)} # check to see if this port is being used connection = pymysql.connect(host="127.0.0.1", user="******", passwd="brocade", db='users') cursor = connection.cursor() # Check to make sure this port was previously authorized sql = "select count(*) from authorized where port='%s'" % ( payload["port"]) cursor.execute(sql) count = cursor.fetchone()[0] if count != 0: print "port should be reverted" trigger = 'campus_ztp.rpvlan_port_down' self.sensor_service.dispatch(trigger=trigger, payload=payload) cursor.close() connection.close() return #Jan 4 14:00:49 ING-135-01 172.20.41.44 MAC Authentication failed for [f8e7.1e0f.9083 ] on port 8/1/36 (Invalid User) regex = re.compile( '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MAC Authentication failed for \[)([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( \] on port )(\d+\/\d+\/\d+)( \(Invalid User\).*)' ) match = regex.match(line) if match: payload = { 'device': match.group(3), 'mac': match.group(5), 'port': match.group(7) } # check to see if this exists in DB connection = pymysql.connect(host="127.0.0.1", user="******", passwd="brocade", db='users') cursor = connection.cursor() # Check to make sure this isn't already logged for tracking sql = "select count(*) from authorized where mac='%s'" % ( payload["mac"]) cursor.execute(sql) count = cursor.fetchone()[0] if count == 0: print "should not allow" trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow' self.sensor_service.dispatch(trigger=trigger, payload=payload) else: print "should allow" trigger = 'campus_ztp.rpvlan_new_mac_auth_failure' self.sensor_service.dispatch(trigger=trigger, payload=payload) cursor.close() connection.close() return # Jan 1 07:26:35 ZTP_Campus_ICX7750 172.20.40.243 MACAUTH: Port 1/1/48 Mac 406c.8f38.4fb7 - authentication failed since RADIUS server rejected regex = re.compile( '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MACAUTH: Port )(\d+\/\d+\/\d+)( Mac )([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( - authentication failed.*)' ) match = regex.match(line) if match: payload = { 'device': match.group(3), 'mac': match.group(7), 'port': match.group(5) } # check to see if this exists in DB connection = pymysql.connect(host="127.0.0.1", user="******", passwd="brocade", db='users') cursor = connection.cursor() # Check to make sure this isn't already logged for tracking sql = "select count(*) from authorized where mac='%s'" % ( payload["mac"]) cursor.execute(sql) count = cursor.fetchone()[0] if count == 0: print "should not allow" trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow' self.sensor_service.dispatch(trigger=trigger, payload=payload) else: print "should allow" trigger = 'campus_ztp.rpvlan_new_mac_auth_failure' self.sensor_service.dispatch(trigger=trigger, payload=payload) cursor.close() connection.close() return
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._trigger = None self._logger = self._sensor_service.get_logger(__name__) self._tail = None def setup(self): self._tail = Tail(filenames=[]) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: self._logger.exception("Unable to stop the tail notifier") def add_trigger(self, trigger): file_path = trigger["parameters"].get("file_path", None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._trigger = trigger.get("ref", None) if not self._trigger: raise Exception("Trigger %s did not contain a ref." % trigger) # Wait a bit to avoid initialization race in logshipper library eventlet.sleep(1.0) self._tail.add_file(filename=file_path) self._logger.info('Added file "%s"' % (file_path)) def update_trigger(self, trigger): pass def remove_trigger(self, trigger): file_path = trigger["parameters"].get("file_path", None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._tail.remove_file(filename=file_path) self._trigger = None self._logger.info('Removed file "%s"' % (file_path)) def _handle_line(self, file_path, line): trigger = self._trigger payload = { "file_path": file_path, "file_name": os.path.basename(file_path), "line": line, } self._logger.debug( "Sending payload %s for trigger %s to sensor_service.", payload, trigger) self.sensor_service.dispatch(trigger=trigger, payload=payload)
class FileWatchSensor(Sensor): def __init__(self, sensor_service, config=None): super(FileWatchSensor, self).__init__(sensor_service=sensor_service, config=config) self._trigger_ref = 'linux.file_watch.line' self._logger = self._sensor_service.get_logger(__name__) self._file_paths = [] # stores a list of file paths we are monitoring self._tail = None def setup(self): self._tail = Tail(filenames=[]) self._tail.handler = self._handle_line self._tail.should_run = True def run(self): self._tail.run() def cleanup(self): if self._tail: self._tail.should_run = False try: self._tail.notifier.stop() except Exception: pass def add_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._tail.add_file(filename=file_path) self._logger.info('Added file "%s"' % (file_path)) def update_trigger(self, trigger): pass def remove_trigger(self, trigger): file_path = trigger['parameters'].get('file_path', None) if not file_path: self._logger.error( 'Received trigger type without "file_path" field.') return self._tail.remove_file(filename=file_path) self._logger.info('Removed file "%s"' % (file_path)) def _handle_line(self, file_path, line): trigger = self._trigger_ref payload = { 'file_path': file_path, 'file_name': os.path.basename(file_path), 'line': line } self.sensor_service.dispatch(trigger=trigger, payload=payload)