# Renames a category across all collectors and sources in a given account.
#
# python mv-cat.py <accessId/email> <accessKey/password> <fromName> <toName>
#
# TODO update query category constraints
# TODO regex
import sys
from sumologic import SumoLogic
args = sys.argv
sumo = SumoLogic(args[1], args[2])
fromCat, toCat = args[3], args[4]
cs = sumo.collectors()
for c in cs:
if 'category' in c and c['category'] == fromCat:
cv, etag = sumo.collector(c['id'])
cv['collector']['category'] = toCat
print sumo.update_collector(cv, etag).text
ss = sumo.sources(c['id'])
for s in ss:
if s['category'] == fromCat:
sv, etag = sumo.source(c['id'], s['id'])
sv['source']['category'] = toCat
print sumo.update_source(c['id'], sv, etag).text
# Deletes all sources (not collectors) in a given category.
#
# python rm-src-by-cat.py <accessId> <accessKey> <category>
import sys
from sumologic import SumoLogic
args = sys.argv
sumo = SumoLogic(args[1], args[2])
cat = args[3]
cs = sumo.collectors()
for c in cs:
ss = sumo.sources(c['id'])
for s in ss:
if s['category'] == cat:
sv, _ = sumo.source(c['id'], s['id'])
print(sumo.delete_source(c['id'], sv).text)
def putCollectors():
data = request.json
sumo = SumoLogic(data["apiid"], data["apikey"])
response = {"errors": [], "success": []}
# Go through each collector in the collector_map:
for collectorid in data["collector_map"].keys():
# Go through each source for a collector listed in the collector map
for sourceid in data["collector_map"][collectorid]:
# Find the souce that matches the name (they're by name, for UI)
for sourcename in data["source_names"].keys():
# Do we skip this source altogether? (Over)Complicated by transient nature of 'selected'
if not "selected" in data["source_names"][sourcename] or (
"selected" in data["source_names"][sourcename] and not data["source_names"][sourcename]["selected"]
):
# If there's a match, send the source to Sumo for update
if sourceid in data["source_names"][sourcename]["memberids"]:
# Are we just here to delete?
if (
"delete" in data["source_names"][sourcename]
and data["source_names"][sourcename]["delete"] == True
):
print "- Deleting collector %s's source %s named %s." % (
collectorid,
str(sourceid),
sourcename,
)
result = sumo.delete_source(collectorid, {"source": {"id": sourceid}})
print "- Delete Source: %s" % result.status_code
else:
# We'll be mutating this, so keep the original re-usable
sourcepayload = deepcopy(data["source_names"][sourcename]["flattened"])
# Blacklists must be a list of path expressions, or missing:
if "blacklist" in sourcepayload and not isinstance(sourcepayload["blacklist"], list):
blklst = []
[
blklst.append(blacklist.strip())
for blacklist in sourcepayload["blacklist"].split(",")
]
sourcepayload["blacklist"] = blklst
# Remove keys marked to be ignored
for ignorekey in data["source_names"][sourcename]["ignore"]:
if ignorekey in sourcepayload:
del sourcepayload[ignorekey]
# The ID is deliberately absent from the flattened data, add
sourcepayload["id"] = sourceid
# Grrrrr:
# "All modifiable fields must be provided, and all immutable
# fields must match those existing in the system." --Sumo
sourcepayload["sourceType"] = data["all_sources"][str(sourceid)]["sourceType"]
# Convert boolean string to booleans
sourcepayload = fixBooleans(sourcepayload)
print "+ Updating Collector %s's source %s named %s" % (collectorid, sourceid, sourcename)
# You have to get the etag from a collector call
# TODO: refactor the initial fetch to include this somehow.
throwaway, etag = sumo.source(collectorid, sourceid)
result = sumo.update_source(collectorid, {"source": sourcepayload}, etag)
sleep(0.15)
print "+ Source Update: %s" % result.status_code # , result.text)
# if str(result.status_code).startswith("2"):
# response['success'].append(result)
# else:
# response['errors'].append(result)
break
else:
print ". Skipping source %s" % sourcename
# TODO: actually return useful information
return jsonify(results=response)
# Renames a category across all collectors and sources in a given account. # # python mv-cat.py <accessId/email> <accessKey/password> <fromName> <toName> # # TODO update query category constraints # TODO regex import sys from sumologic import SumoLogic args = sys.argv sumo = SumoLogic(args[1], args[2]) fromCat, toCat = args[3], args[4] cs = sumo.collectors() for c in cs: if 'category' in c and c['category'] == fromCat: cv, etag = sumo.collector(c['id']) cv['collector']['category'] = toCat print sumo.update_collector(cv, etag).text ss = sumo.sources(c['id']) for s in ss: if s['category'] == fromCat: sv, etag = sumo.source(c['id'], s['id']) sv['source']['category'] = toCat print sumo.update_source(c['id'], sv, etag).text
# Deletes all sources (not collectors) in a given category. # # python rm-src-by-cat.py <accessId> <accessKey> <category> import sys from sumologic import SumoLogic args = sys.argv sumo = SumoLogic(args[1], args[2]) cat = args[3] cs = sumo.collectors() for c in cs: ss = sumo.sources(c['id']) for s in ss: if s['category'] == cat: sv, _ = sumo.source(c['id'], s['id']) print sumo.delete_source(c['id'], sv).text
f = [
{
u"regexp": u"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.(\\d{1,3})",
u"mask": u"255",
u"filterType": u"Mask",
u"name": u"last octet mask",
}
]
for c in cs:
if "category" not in c or "bwe" not in c["category"] and "bwm" not in c["category"]:
print "collector: " + c["name"]
ss = sumo.sources(c["id"])
time.sleep(delay)
for s in ss:
sv, etag = sumo.source(c["id"], s["id"])
time.sleep(delay)
svi = sv["source"]
if "category" not in svi or "bwe" not in svi["category"] and "bwm" not in svi["category"]:
print "source: " + svi["name"]
svi["filters"] = f
r = sumo.update_source(c["id"], sv, etag)
print r
print r.text
time.sleep(delay)
# if svi['forceTimeZone'] == False:
# svi['forceTimeZone'] = True
# svi[u'timeZone'] = u'UTC'
# r = sumo.update_source(c['id'], sv, etag)
# print str(r) + ': ' + str(r.text)
# time.sleep(delay)
