# Renames a category across all collectors and sources in a given account. # # python mv-cat.py <accessId/email> <accessKey/password> <fromName> <toName> # # TODO update query category constraints # TODO regex import sys from sumologic import SumoLogic args = sys.argv sumo = SumoLogic(args[1], args[2]) fromCat, toCat = args[3], args[4] cs = sumo.collectors() for c in cs: if 'category' in c and c['category'] == fromCat: cv, etag = sumo.collector(c['id']) cv['collector']['category'] = toCat print sumo.update_collector(cv, etag).text ss = sumo.sources(c['id']) for s in ss: if s['category'] == fromCat: sv, etag = sumo.source(c['id'], s['id']) sv['source']['category'] = toCat print sumo.update_source(c['id'], sv, etag).text
# Deletes all sources (not collectors) in a given category. # # python rm-src-by-cat.py <accessId> <accessKey> <category> import sys from sumologic import SumoLogic args = sys.argv sumo = SumoLogic(args[1], args[2]) cat = args[3] cs = sumo.collectors() for c in cs: ss = sumo.sources(c['id']) for s in ss: if s['category'] == cat: sv, _ = sumo.source(c['id'], s['id']) print(sumo.delete_source(c['id'], sv).text)
def putCollectors(): data = request.json sumo = SumoLogic(data["apiid"], data["apikey"]) response = {"errors": [], "success": []} # Go through each collector in the collector_map: for collectorid in data["collector_map"].keys(): # Go through each source for a collector listed in the collector map for sourceid in data["collector_map"][collectorid]: # Find the souce that matches the name (they're by name, for UI) for sourcename in data["source_names"].keys(): # Do we skip this source altogether? (Over)Complicated by transient nature of 'selected' if not "selected" in data["source_names"][sourcename] or ( "selected" in data["source_names"][sourcename] and not data["source_names"][sourcename]["selected"] ): # If there's a match, send the source to Sumo for update if sourceid in data["source_names"][sourcename]["memberids"]: # Are we just here to delete? if ( "delete" in data["source_names"][sourcename] and data["source_names"][sourcename]["delete"] == True ): print "- Deleting collector %s's source %s named %s." % ( collectorid, str(sourceid), sourcename, ) result = sumo.delete_source(collectorid, {"source": {"id": sourceid}}) print "- Delete Source: %s" % result.status_code else: # We'll be mutating this, so keep the original re-usable sourcepayload = deepcopy(data["source_names"][sourcename]["flattened"]) # Blacklists must be a list of path expressions, or missing: if "blacklist" in sourcepayload and not isinstance(sourcepayload["blacklist"], list): blklst = [] [ blklst.append(blacklist.strip()) for blacklist in sourcepayload["blacklist"].split(",") ] sourcepayload["blacklist"] = blklst # Remove keys marked to be ignored for ignorekey in data["source_names"][sourcename]["ignore"]: if ignorekey in sourcepayload: del sourcepayload[ignorekey] # The ID is deliberately absent from the flattened data, add sourcepayload["id"] = sourceid # Grrrrr: # "All modifiable fields must be provided, and all immutable # fields must match those existing in the system." --Sumo sourcepayload["sourceType"] = data["all_sources"][str(sourceid)]["sourceType"] # Convert boolean string to booleans sourcepayload = fixBooleans(sourcepayload) print "+ Updating Collector %s's source %s named %s" % (collectorid, sourceid, sourcename) # You have to get the etag from a collector call # TODO: refactor the initial fetch to include this somehow. throwaway, etag = sumo.source(collectorid, sourceid) result = sumo.update_source(collectorid, {"source": sourcepayload}, etag) sleep(0.15) print "+ Source Update: %s" % result.status_code # , result.text) # if str(result.status_code).startswith("2"): # response['success'].append(result) # else: # response['errors'].append(result) break else: print ". Skipping source %s" % sourcename # TODO: actually return useful information return jsonify(results=response)
# Deletes all sources (not collectors) in a given category. # # python rm-src-by-cat.py <accessId> <accessKey> <category> import sys from sumologic import SumoLogic args = sys.argv sumo = SumoLogic(args[1], args[2]) cat = args[3] cs = sumo.collectors() for c in cs: ss = sumo.sources(c['id']) for s in ss: if s['category'] == cat: sv, _ = sumo.source(c['id'], s['id']) print sumo.delete_source(c['id'], sv).text
f = [ { u"regexp": u"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.(\\d{1,3})", u"mask": u"255", u"filterType": u"Mask", u"name": u"last octet mask", } ] for c in cs: if "category" not in c or "bwe" not in c["category"] and "bwm" not in c["category"]: print "collector: " + c["name"] ss = sumo.sources(c["id"]) time.sleep(delay) for s in ss: sv, etag = sumo.source(c["id"], s["id"]) time.sleep(delay) svi = sv["source"] if "category" not in svi or "bwe" not in svi["category"] and "bwm" not in svi["category"]: print "source: " + svi["name"] svi["filters"] = f r = sumo.update_source(c["id"], sv, etag) print r print r.text time.sleep(delay) # if svi['forceTimeZone'] == False: # svi['forceTimeZone'] = True # svi[u'timeZone'] = u'UTC' # r = sumo.update_source(c['id'], sv, etag) # print str(r) + ': ' + str(r.text) # time.sleep(delay)