def write(self, *args, **kwargs):
# Change output format depending on if we're handling a connection or
# a single packet
if not self.format_is_set:
if "clientip" in kwargs:
self.set_format(self._CONNECTION_FORMAT)
else:
self.set_format(self._PACKET_FORMAT)
self.format_is_set = True
if self.group:
# If grouping, check if the IP tuple is in the cache already.
# If not, check the reverse of the tuple (i.e. opposite direction)
try:
key = tuple([kwargs[g] for g in self.group_fields])
except KeyError as e:
self.logger.error("Could not group by key %s" % str(e))
Output.write(self, *args, **kwargs)
return
if key not in self.group_cache:
rkey = key[::-1]
if rkey in self.group_cache:
key = rkey
else:
self.group_cache[key] = []
self.group_cache[key].append(kwargs)
else:
# If not grouping, just write out the connection immediately
Output.write(self, *args, **kwargs)
def close(self):
if self.group:
self.group = False # we're done grouping, so turn it off
for key in sorted(self.group_cache.keys()):
# write header by mapping key index with user's group list
self.fh.write(' '.join([
'%s=%s' % (self.group_fields[i], key[i])
for i in range(len(self.group_fields))
]) + "\n")
for kw in self.group_cache[key]:
self.fh.write("\t")
Output.write(self, **kw)
self.fh.write("\n")
Output.close(self)