def setup(self):
if not self._file_paths:
raise ValueError('No file_paths configured to monitor')
self._tail = Tail(filenames=self._file_paths)
self._tail.handler = self._handle_line
self._tail.should_run = True
def setup(self):
if not self._file_paths:
raise ValueError('No file_paths configured to monitor')
if not self._triggers:
raise ValueError('No triggers to evaluate for matches')
self._tail = Tail(filenames=self._file_paths)
self._tail.handler = self._handle_line
self._tail.should_run = True
class Syslog_Sensor(Sensor):
def __init__(self, sensor_service, config=None):
super(Syslog_Sensor, self).__init__(sensor_service=sensor_service,
config=config)
self._config = self._config['syslog_watch_sensor']
self._file_paths = self._config.get('syslog_paths', [])
self._triggers = self._config.get('triggers', [])
self._tail = None
self._logger = self.sensor_service.get_logger(
name=self.__class__.__name__)
def setup(self):
if not self._file_paths:
raise ValueError('No file_paths configured to monitor')
if not self._triggers:
raise ValueError('No triggers to evaluate for matches')
self._tail = Tail(filenames=self._file_paths)
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
pass
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
pass
def _handle_line(self, file_path, line):
for trigger in self._triggers:
regex = re.compile(trigger['regex'])
match = regex.match(line)
if match:
payload = {}
for k, v in trigger['groups'].items():
payload.update({v: match.group(k)})
self.sensor_service.dispatch(trigger=trigger['trigger'],
payload=payload)
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._config = self._config['file_watch_sensor']
self._file_paths = self._config.get('file_paths', [])
self._trigger_ref = 'linux.file_watch.line'
self._tail = None
def setup(self):
if not self._file_paths:
raise ValueError('No file_paths configured to monitor')
self._tail = Tail(filenames=self._file_paths)
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
pass
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
pass
def _handle_line(self, file_path, line):
trigger = self._trigger_ref
payload = {
'file_path': file_path,
'file_name': os.path.basename(file_path),
'line': line
}
self.sensor_service.dispatch(trigger=trigger, payload=payload)
def setup(self):
self.tail = Tail(filenames=[])
self.tail.handler = self._handle_line
self.tail.should_run = True
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._trigger = None
self._logger = self._sensor_service.get_logger(__name__)
self._tail = None
def setup(self):
self._tail = Tail(filenames=[])
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error('Received trigger type without "file_path" field.')
return
self._trigger = trigger.get('ref', None)
if not self._trigger:
raise Exception('Trigger %s did not contain a ref.' % trigger)
self._tail.add_file(filename=file_path)
self._logger.info('Added file "%s"' % (file_path))
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error('Received trigger type without "file_path" field.')
return
self._tail.remove_file(filename=file_path)
self._trigger = None
self._logger.info('Removed file "%s"' % (file_path))
def _handle_line(self, file_path, line):
trigger = self._trigger
payload = {
'file_path': file_path,
'file_name': os.path.basename(file_path),
'line': line
}
self._logger.debug('Sending payload %s for trigger %s to sensor_service.',
payload, trigger)
self.sensor_service.dispatch(trigger=trigger, payload=payload)
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(
sensor_service=sensor_service, config=config
)
self.log = self._sensor_service.get_logger(__name__)
self.tail = None
self.file_ref = {}
def setup(self):
self.tail = Tail(filenames=[])
self.tail.handler = self._handle_line
self.tail.should_run = True
def run(self):
self.tail.run()
def cleanup(self):
if self.tail:
self.tail.should_run = False
try:
self.tail.notifier.stop()
except Exception:
self.log.exception("Unable to stop the tail notifier")
def add_trigger(self, trigger):
file_path = trigger["parameters"].get("file_path", None)
if not file_path:
self.log.error('Received trigger type without "file_path" field.')
return
trigger = trigger.get("ref", None)
if not trigger:
raise Exception(f"Trigger {trigger} did not contain a ref.")
# Wait a bit to avoid initialization race in logshipper library
eventlet.sleep(1.0)
self.tail.add_file(filename=file_path)
self.file_ref[file_path] = trigger
self.log.info(f"Added file '{file_path}' ({trigger}) to watch list.")
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
file_path = trigger["parameters"].get("file_path", None)
if not file_path:
self.log.error("Received trigger type without 'file_path' field.")
return
self.tail.remove_file(filename=file_path)
self.file_ref.pop(file_path)
self.log.info(f"Removed file '{file_path}' ({trigger}) from watch list.")
def _handle_line(self, file_path, line):
if file_path not in self.file_ref:
self.log.error(
f"No reference found for {file_path}, unable to emit trigger!"
)
return
trigger = self.file_ref[file_path]
payload = {
"file_path": file_path,
"file_name": os.path.basename(file_path),
"line": line,
}
self.log.debug(
f"Sending payload {payload} for trigger {trigger} to sensor_service."
)
self.sensor_service.dispatch(trigger=trigger, payload=payload)
def setup(self):
self._tail = Tail(filenames=[])
self._tail.handler = self._handle_line
self._tail.should_run = True
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._trigger = None
self._logger = self._sensor_service.get_logger(__name__)
self._tail = None
def setup(self):
self._tail = Tail(filenames=[])
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._trigger = trigger.get('ref', None)
if not self._trigger:
raise Exception('Trigger %s did not contain a ref.' % trigger)
self._tail.add_file(filename=file_path)
self._logger.info('Added file "%s"' % (file_path))
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._tail.remove_file(filename=file_path)
self._trigger = None
self._logger.info('Removed file "%s"' % (file_path))
def _handle_line(self, file_path, line):
trigger = self._trigger
payload = {
'file_path': file_path,
'file_name': os.path.basename(file_path),
'line': line
}
self._logger.debug(
'Sending payload %s for trigger %s to sensor_service.', payload,
trigger)
self.sensor_service.dispatch(trigger=trigger, payload=payload)
class LoggingWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(LoggingWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._config = self._config['logging_watch_sensor']
self._file_paths = self._config.get('logging_paths', [])
self._trigger_ref = 'campus_ztp.logging_watch.line'
self._tail = None
def setup(self):
if not self._file_paths:
raise ValueError('No file_paths configured to monitor')
self._tail = Tail(filenames=self._file_paths)
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
pass
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
pass
def _handle_line(self, file_path, line):
#Dec 19 17:10:17 RSOC-TEST-STACK 172.20.40.243 System: Interface ethernet 2/1/29, state down
regex = re.compile(
'(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( System: Interface ethernet )(\d+\/\d+\/\d+)(, state down)'
)
match = regex.match(line)
if match:
payload = {'device': match.group(3), 'port': match.group(5)}
# check to see if this port is being used
connection = pymysql.connect(host="127.0.0.1",
user="******",
passwd="brocade",
db='users')
cursor = connection.cursor()
# Check to make sure this port was previously authorized
sql = "select count(*) from authorized where port='%s'" % (
payload["port"])
cursor.execute(sql)
count = cursor.fetchone()[0]
if count != 0:
print "port should be reverted"
trigger = 'campus_ztp.rpvlan_port_down'
self.sensor_service.dispatch(trigger=trigger, payload=payload)
cursor.close()
connection.close()
return
#Jan 4 14:00:49 ING-135-01 172.20.41.44 MAC Authentication failed for [f8e7.1e0f.9083 ] on port 8/1/36 (Invalid User)
regex = re.compile(
'(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MAC Authentication failed for \[)([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( \] on port )(\d+\/\d+\/\d+)( \(Invalid User\).*)'
)
match = regex.match(line)
if match:
payload = {
'device': match.group(3),
'mac': match.group(5),
'port': match.group(7)
}
# check to see if this exists in DB
connection = pymysql.connect(host="127.0.0.1",
user="******",
passwd="brocade",
db='users')
cursor = connection.cursor()
# Check to make sure this isn't already logged for tracking
sql = "select count(*) from authorized where mac='%s'" % (
payload["mac"])
cursor.execute(sql)
count = cursor.fetchone()[0]
if count == 0:
print "should not allow"
trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow'
self.sensor_service.dispatch(trigger=trigger, payload=payload)
else:
print "should allow"
trigger = 'campus_ztp.rpvlan_new_mac_auth_failure'
self.sensor_service.dispatch(trigger=trigger, payload=payload)
cursor.close()
connection.close()
return
# Jan 1 07:26:35 ZTP_Campus_ICX7750 172.20.40.243 MACAUTH: Port 1/1/48 Mac 406c.8f38.4fb7 - authentication failed since RADIUS server rejected
regex = re.compile(
'(^\w+\s+\d+\s\d+:\d+:\d+ )([\w_-]+ )(\d+\.\d+\.\d+\.\d+)( MACAUTH: Port )(\d+\/\d+\/\d+)( Mac )([0-9a-f]{4}\.[0-9a-f]{4}\.[0-9a-f]{4})( - authentication failed.*)'
)
match = regex.match(line)
if match:
payload = {
'device': match.group(3),
'mac': match.group(7),
'port': match.group(5)
}
# check to see if this exists in DB
connection = pymysql.connect(host="127.0.0.1",
user="******",
passwd="brocade",
db='users')
cursor = connection.cursor()
# Check to make sure this isn't already logged for tracking
sql = "select count(*) from authorized where mac='%s'" % (
payload["mac"])
cursor.execute(sql)
count = cursor.fetchone()[0]
if count == 0:
print "should not allow"
trigger = 'campus_ztp.rpvlan_new_mac_auth_failure_do_not_allow'
self.sensor_service.dispatch(trigger=trigger, payload=payload)
else:
print "should allow"
trigger = 'campus_ztp.rpvlan_new_mac_auth_failure'
self.sensor_service.dispatch(trigger=trigger, payload=payload)
cursor.close()
connection.close()
return
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._trigger = None
self._logger = self._sensor_service.get_logger(__name__)
self._tail = None
def setup(self):
self._tail = Tail(filenames=[])
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
self._logger.exception("Unable to stop the tail notifier")
def add_trigger(self, trigger):
file_path = trigger["parameters"].get("file_path", None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._trigger = trigger.get("ref", None)
if not self._trigger:
raise Exception("Trigger %s did not contain a ref." % trigger)
# Wait a bit to avoid initialization race in logshipper library
eventlet.sleep(1.0)
self._tail.add_file(filename=file_path)
self._logger.info('Added file "%s"' % (file_path))
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
file_path = trigger["parameters"].get("file_path", None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._tail.remove_file(filename=file_path)
self._trigger = None
self._logger.info('Removed file "%s"' % (file_path))
def _handle_line(self, file_path, line):
trigger = self._trigger
payload = {
"file_path": file_path,
"file_name": os.path.basename(file_path),
"line": line,
}
self._logger.debug(
"Sending payload %s for trigger %s to sensor_service.", payload,
trigger)
self.sensor_service.dispatch(trigger=trigger, payload=payload)
class FileWatchSensor(Sensor):
def __init__(self, sensor_service, config=None):
super(FileWatchSensor, self).__init__(sensor_service=sensor_service,
config=config)
self._trigger_ref = 'linux.file_watch.line'
self._logger = self._sensor_service.get_logger(__name__)
self._file_paths = [] # stores a list of file paths we are monitoring
self._tail = None
def setup(self):
self._tail = Tail(filenames=[])
self._tail.handler = self._handle_line
self._tail.should_run = True
def run(self):
self._tail.run()
def cleanup(self):
if self._tail:
self._tail.should_run = False
try:
self._tail.notifier.stop()
except Exception:
pass
def add_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._tail.add_file(filename=file_path)
self._logger.info('Added file "%s"' % (file_path))
def update_trigger(self, trigger):
pass
def remove_trigger(self, trigger):
file_path = trigger['parameters'].get('file_path', None)
if not file_path:
self._logger.error(
'Received trigger type without "file_path" field.')
return
self._tail.remove_file(filename=file_path)
self._logger.info('Removed file "%s"' % (file_path))
def _handle_line(self, file_path, line):
trigger = self._trigger_ref
payload = {
'file_path': file_path,
'file_name': os.path.basename(file_path),
'line': line
}
self.sensor_service.dispatch(trigger=trigger, payload=payload)