Exemple #1
0
    def setup(self):
        if not self._file_paths:
            raise ValueError('No file_paths configured to monitor')

        self._tail = Tail(filenames=self._file_paths)
        self._tail.handler = self._handle_line
        self._tail.should_run = True
Exemple #2
0
    def setup(self):
        if not self._file_paths:
            raise ValueError('No file_paths configured to monitor')
        if not self._triggers:
            raise ValueError('No triggers to evaluate for matches')

        self._tail = Tail(filenames=self._file_paths)
        self._tail.handler = self._handle_line
        self._tail.should_run = True
Exemple #3
0
class Syslog_Sensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(Syslog_Sensor, self).__init__(sensor_service=sensor_service,
                                            config=config)
        self._config = self._config['syslog_watch_sensor']
        self._file_paths = self._config.get('syslog_paths', [])
        self._triggers = self._config.get('triggers', [])

        self._tail = None

        self._logger = self.sensor_service.get_logger(
            name=self.__class__.__name__)

    def setup(self):
        if not self._file_paths:
            raise ValueError('No file_paths configured to monitor')
        if not self._triggers:
            raise ValueError('No triggers to evaluate for matches')

        self._tail = Tail(filenames=self._file_paths)
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        pass

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        pass

    def _handle_line(self, file_path, line):
        for trigger in self._triggers:
            regex = re.compile(trigger['regex'])
            match = regex.match(line)
            if match:
                payload = {}
                for k, v in trigger['groups'].items():
                    payload.update({v: match.group(k)})
                self.sensor_service.dispatch(trigger=trigger['trigger'],
                                             payload=payload)
Exemple #4
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
                                              config=config)
        self._config = self._config['file_watch_sensor']

        self._file_paths = self._config.get('file_paths', [])
        self._trigger_ref = 'linux.file_watch.line'
        self._tail = None

    def setup(self):
        if not self._file_paths:
            raise ValueError('No file_paths configured to monitor')

        self._tail = Tail(filenames=self._file_paths)
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        pass

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        pass

    def _handle_line(self, file_path, line):
        trigger = self._trigger_ref
        payload = {
            'file_path': file_path,
            'file_name': os.path.basename(file_path),
            'line': line
        }
        self.sensor_service.dispatch(trigger=trigger, payload=payload)
Exemple #5
0
 def setup(self):
     self.tail = Tail(filenames=[])
     self.tail.handler = self._handle_line
     self.tail.should_run = True
Exemple #6
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
                                              config=config)
        self._trigger = None
        self._logger = self._sensor_service.get_logger(__name__)
        self._tail = None

    def setup(self):
        self._tail = Tail(filenames=[])
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error('Received trigger type without "file_path" field.')
            return

        self._trigger = trigger.get('ref', None)

        if not self._trigger:
            raise Exception('Trigger %s did not contain a ref.' % trigger)

        self._tail.add_file(filename=file_path)
        self._logger.info('Added file "%s"' % (file_path))

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error('Received trigger type without "file_path" field.')
            return

        self._tail.remove_file(filename=file_path)
        self._trigger = None

        self._logger.info('Removed file "%s"' % (file_path))

    def _handle_line(self, file_path, line):
        trigger = self._trigger
        payload = {
            'file_path': file_path,
            'file_name': os.path.basename(file_path),
            'line': line
        }
        self._logger.debug('Sending payload %s for trigger %s to sensor_service.',
                           payload, trigger)
        self.sensor_service.dispatch(trigger=trigger, payload=payload)
Exemple #7
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(
            sensor_service=sensor_service, config=config
        )
        self.log = self._sensor_service.get_logger(__name__)
        self.tail = None
        self.file_ref = {}

    def setup(self):
        self.tail = Tail(filenames=[])
        self.tail.handler = self._handle_line
        self.tail.should_run = True

    def run(self):
        self.tail.run()

    def cleanup(self):
        if self.tail:
            self.tail.should_run = False

            try:
                self.tail.notifier.stop()
            except Exception:
                self.log.exception("Unable to stop the tail notifier")

    def add_trigger(self, trigger):
        file_path = trigger["parameters"].get("file_path", None)

        if not file_path:
            self.log.error('Received trigger type without "file_path" field.')
            return

        trigger = trigger.get("ref", None)

        if not trigger:
            raise Exception(f"Trigger {trigger} did not contain a ref.")

        # Wait a bit to avoid initialization race in logshipper library
        eventlet.sleep(1.0)

        self.tail.add_file(filename=file_path)
        self.file_ref[file_path] = trigger

        self.log.info(f"Added file '{file_path}' ({trigger}) to watch list.")

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        file_path = trigger["parameters"].get("file_path", None)

        if not file_path:
            self.log.error("Received trigger type without 'file_path' field.")
            return

        self.tail.remove_file(filename=file_path)
        self.file_ref.pop(file_path)

        self.log.info(f"Removed file '{file_path}' ({trigger}) from watch list.")

    def _handle_line(self, file_path, line):
        if file_path not in self.file_ref:
            self.log.error(
                f"No reference found for {file_path}, unable to emit trigger!"
            )
            return

        trigger = self.file_ref[file_path]
        payload = {
            "file_path": file_path,
            "file_name": os.path.basename(file_path),
            "line": line,
        }
        self.log.debug(
            f"Sending payload {payload} for trigger {trigger} to sensor_service."
        )
        self.sensor_service.dispatch(trigger=trigger, payload=payload)
Exemple #8
0
 def setup(self):
     self._tail = Tail(filenames=[])
     self._tail.handler = self._handle_line
     self._tail.should_run = True
Exemple #9
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
                                              config=config)
        self._trigger = None
        self._logger = self._sensor_service.get_logger(__name__)
        self._tail = None

    def setup(self):
        self._tail = Tail(filenames=[])
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._trigger = trigger.get('ref', None)

        if not self._trigger:
            raise Exception('Trigger %s did not contain a ref.' % trigger)

        self._tail.add_file(filename=file_path)
        self._logger.info('Added file "%s"' % (file_path))

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._tail.remove_file(filename=file_path)
        self._trigger = None

        self._logger.info('Removed file "%s"' % (file_path))

    def _handle_line(self, file_path, line):
        trigger = self._trigger
        payload = {
            'file_path': file_path,
            'file_name': os.path.basename(file_path),
            'line': line
        }
        self._logger.debug(
            'Sending payload %s for trigger %s to sensor_service.', payload,
            trigger)
        self.sensor_service.dispatch(trigger=trigger, payload=payload)
Exemple #10
0
class LoggingWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(LoggingWatchSensor, self).__init__(sensor_service=sensor_service,
                                                 config=config)
        self._config = self._config['logging_watch_sensor']

        self._file_paths = self._config.get('logging_paths', [])
        self._trigger_ref = 'campus_ztp.logging_watch.line'
        self._tail = None

    def setup(self):
        if not self._file_paths:
            raise ValueError('No file_paths configured to monitor')

        self._tail = Tail(filenames=self._file_paths)
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        pass

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        pass

    def _handle_line(self, file_path, line):
        #Dec 19 17:10:17 RSOC-TEST-STACK 172.20.40.243 System: Interface ethernet 2/1/29, state down
        regex = re.compile(
            '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( System: Interface ethernet )(\d+\/\d+\/\d+)(, state down)'
        )
        match = regex.match(line)
        if match:
            payload = {'device': match.group(3), 'port': match.group(5)}
            # check to see if this port is being used
            connection = pymysql.connect(host="127.0.0.1",
                                         user="******",
                                         passwd="brocade",
                                         db='users')
            cursor = connection.cursor()

            # Check to make sure this port was previously authorized
            sql = "select count(*) from authorized where port='%s'" % (
                payload["port"])

            cursor.execute(sql)
            count = cursor.fetchone()[0]
            if count != 0:
                print "port should be reverted"
                trigger = 'campus_ztp.rpvlan_port_down'
                self.sensor_service.dispatch(trigger=trigger, payload=payload)
            cursor.close()
            connection.close()
            return

        #Jan  4 14:00:49 ING-135-01 172.20.41.44 MAC Authentication failed for [f8e7.1e0f.9083 ] on port 8/1/36 (Invalid User)
        regex = re.compile(
            '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MAC Authentication failed for \[)([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( \] on port )(\d+\/\d+\/\d+)( \(Invalid User\).*)'
        )
        match = regex.match(line)
        if match:
            payload = {
                'device': match.group(3),
                'mac': match.group(5),
                'port': match.group(7)
            }
            # check to see if this exists in DB
            connection = pymysql.connect(host="127.0.0.1",
                                         user="******",
                                         passwd="brocade",
                                         db='users')
            cursor = connection.cursor()

            # Check to make sure this isn't already logged for tracking
            sql = "select count(*) from authorized where mac='%s'" % (
                payload["mac"])

            cursor.execute(sql)
            count = cursor.fetchone()[0]
            if count == 0:
                print "should not allow"
                trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow'
                self.sensor_service.dispatch(trigger=trigger, payload=payload)
            else:
                print "should allow"
                trigger = 'campus_ztp.rpvlan_new_mac_auth_failure'
                self.sensor_service.dispatch(trigger=trigger, payload=payload)
            cursor.close()
            connection.close()
            return

        # Jan 1 07:26:35 ZTP_Campus_ICX7750 172.20.40.243 MACAUTH: Port 1/1/48 Mac 406c.8f38.4fb7 - authentication failed since RADIUS server rejected
        regex = re.compile(
            '(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MACAUTH: Port )(\d+\/\d+\/\d+)( Mac )([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( - authentication failed.*)'
        )
        match = regex.match(line)
        if match:
            payload = {
                'device': match.group(3),
                'mac': match.group(7),
                'port': match.group(5)
            }
            # check to see if this exists in DB
            connection = pymysql.connect(host="127.0.0.1",
                                         user="******",
                                         passwd="brocade",
                                         db='users')
            cursor = connection.cursor()

            # Check to make sure this isn't already logged for tracking
            sql = "select count(*) from authorized where mac='%s'" % (
                payload["mac"])

            cursor.execute(sql)
            count = cursor.fetchone()[0]
            if count == 0:
                print "should not allow"
                trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow'
                self.sensor_service.dispatch(trigger=trigger, payload=payload)
            else:
                print "should allow"
                trigger = 'campus_ztp.rpvlan_new_mac_auth_failure'
                self.sensor_service.dispatch(trigger=trigger, payload=payload)
            cursor.close()
            connection.close()
            return
Exemple #11
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
                                              config=config)
        self._trigger = None
        self._logger = self._sensor_service.get_logger(__name__)
        self._tail = None

    def setup(self):
        self._tail = Tail(filenames=[])
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                self._logger.exception("Unable to stop the tail notifier")

    def add_trigger(self, trigger):
        file_path = trigger["parameters"].get("file_path", None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._trigger = trigger.get("ref", None)

        if not self._trigger:
            raise Exception("Trigger %s did not contain a ref." % trigger)

        # Wait a bit to avoid initialization race in logshipper library
        eventlet.sleep(1.0)

        self._tail.add_file(filename=file_path)
        self._logger.info('Added file "%s"' % (file_path))

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        file_path = trigger["parameters"].get("file_path", None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._tail.remove_file(filename=file_path)
        self._trigger = None

        self._logger.info('Removed file "%s"' % (file_path))

    def _handle_line(self, file_path, line):
        trigger = self._trigger
        payload = {
            "file_path": file_path,
            "file_name": os.path.basename(file_path),
            "line": line,
        }
        self._logger.debug(
            "Sending payload %s for trigger %s to sensor_service.", payload,
            trigger)
        self.sensor_service.dispatch(trigger=trigger, payload=payload)
Exemple #12
0
class FileWatchSensor(Sensor):
    def __init__(self, sensor_service, config=None):
        super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
                                              config=config)
        self._trigger_ref = 'linux.file_watch.line'
        self._logger = self._sensor_service.get_logger(__name__)

        self._file_paths = []  # stores a list of file paths we are monitoring
        self._tail = None

    def setup(self):
        self._tail = Tail(filenames=[])
        self._tail.handler = self._handle_line
        self._tail.should_run = True

    def run(self):
        self._tail.run()

    def cleanup(self):
        if self._tail:
            self._tail.should_run = False

            try:
                self._tail.notifier.stop()
            except Exception:
                pass

    def add_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._tail.add_file(filename=file_path)

        self._logger.info('Added file "%s"' % (file_path))

    def update_trigger(self, trigger):
        pass

    def remove_trigger(self, trigger):
        file_path = trigger['parameters'].get('file_path', None)

        if not file_path:
            self._logger.error(
                'Received trigger type without "file_path" field.')
            return

        self._tail.remove_file(filename=file_path)

        self._logger.info('Removed file "%s"' % (file_path))

    def _handle_line(self, file_path, line):
        trigger = self._trigger_ref
        payload = {
            'file_path': file_path,
            'file_name': os.path.basename(file_path),
            'line': line
        }
        self.sensor_service.dispatch(trigger=trigger, payload=payload)