def doEdit(tmpfilename):
# get editor
editor = os.getenv('SPLUNK_EDITOR')
if editor == None:
editor = 'vi'
print "SPLUNK_EDITOR not defined. Defaulting to 'vi' for all your hipsters"
time.sleep(1) # give hipsters time to read
stanzas = {}
while (True):
# user is now editing config
os.system("%s %s" % (editor, tmpfilename))
errors = []
# read the edited config back in
stanzas = conf.ConfParser.parse(tmpfilename, True, errors)
# validate bookkeeping attribute on each stanza
for name, stanza in stanzas.items():
if name.lower()!="default" and INTERNAL_ATTRIBUTE not in stanza:
errors.append("%s attribute not seen on %s stanza." % (INTERNAL_ATTRIBUTE, name))
if len(errors) == 0:
break
print
print "-"*80
for error in errors:
print error.title()
answer = interactiveutils.askMultipleChoiceQuestion("Fix errors encountered?", ["fix", "abort"], defaultanswer="fix")
if answer == "abort":
exit("Aborting...")
print "\nRe-editing..."
time.sleep(1)
return stanzas
def getHosts(config):
hosts = []
# get patterns and replace friendly "*" with regex-correct pattern ".*"
patterns = [pattern.replace("*", ".*") for pattern in config['IGNORED_HOSTS']]
regex = listToRegex(patterns)
while True:
needsApprove = False
operation = interactiveutils.askMultipleChoiceQuestion("How should I get the names of hosts to search? (default=nmap)", ['nmap', 'hosts', 'manually', 'quit'], 'nmap')
if operation == 'nmap':
hosts = getHostsViaNMap(config)
needsApprove = True
elif operation == 'hosts':
hosts = getHostsViaHosts()
needsApprove = True
elif operation == 'manually':
interactiveutils.addListItems("Please enter the names of remote hosts to search for log files.", "remote-host", hosts, isValidHost)
elif operation == 'quit':
break
# didn't get any hosts
if hosts == None or len(hosts) == 0:
print "Unable to get hosts with that method. Please try another method."
else: # got some hosts
hosts = [host for host in hosts if re.search(regex, host.lower()) == None]
hosts.sort()
if needsApprove:
hosts = interactiveutils.validateElements("hosts", hosts)
if len(hosts) > 0:
break
return hosts
def getHosts(config):
hosts = []
# get patterns and replace friendly "*" with regex-correct pattern ".*"
patterns = [
pattern.replace("*", ".*") for pattern in config['IGNORED_HOSTS']
]
regex = listToRegex(patterns)
while True:
needsApprove = False
operation = interactiveutils.askMultipleChoiceQuestion(
"How should I get the names of hosts to search? (default=nmap)",
['nmap', 'hosts', 'manually', 'quit'], 'nmap')
if operation == 'nmap':
hosts = getHostsViaNMap(config)
needsApprove = True
elif operation == 'hosts':
hosts = getHostsViaHosts()
needsApprove = True
elif operation == 'manually':
interactiveutils.addListItems(
"Please enter the names of remote hosts to search for log files.",
"remote-host", hosts, isValidHost)
elif operation == 'quit':
break
# didn't get any hosts
if hosts == None or len(hosts) == 0:
print "Unable to get hosts with that method. Please try another method."
else: # got some hosts
hosts = [
host for host in hosts
if re.search(regex, host.lower()) == None
]
hosts.sort()
if needsApprove:
hosts = interactiveutils.validateElements("hosts", hosts)
if len(hosts) > 0:
break
return hosts
def doEdit(tmpfilename):
# get editor
editor = os.getenv('SPLUNK_EDITOR')
if editor == None:
editor = 'vi'
print "SPLUNK_EDITOR not defined. Defaulting to 'vi' for all your hipsters"
time.sleep(1) # give hipsters time to read
stanzas = {}
while (True):
# user is now editing config
os.system("%s %s" % (editor, tmpfilename))
errors = []
# read the edited config back in
stanzas = conf.ConfParser.parse(tmpfilename, True, errors)
# validate bookkeeping attribute on each stanza
for name, stanza in stanzas.items():
if name.lower() != "default" and INTERNAL_ATTRIBUTE not in stanza:
errors.append("%s attribute not seen on %s stanza." %
(INTERNAL_ATTRIBUTE, name))
if len(errors) == 0:
break
print
print "-" * 80
for error in errors:
print error.title()
answer = interactiveutils.askMultipleChoiceQuestion(
"Fix errors encountered?", ["fix", "abort"], defaultanswer="fix")
if answer == "abort":
exit("Aborting...")
print "\nRe-editing..."
time.sleep(1)
return stanzas
if size < 1024:
size = 1
else:
size /= 1024
print "\t", time.ctime(modtime).rjust(20), str(size).rjust(20), sourcetype.rjust(20), "\t", name
if interactiveutils.askYesNoQuestion("Collapse files into common directories?"): # TK ESD 4/25/08
sortedFiles = recursivelyFindCommonDirectories(g_config, sortedFiles, int(g_config['COLLAPSE_THRESHOLD'][0]))
print
print "Collapsed files:"
print "-"*80
for fname in sortedFiles:
print "\t", fname
ALL = "all"; SOME = "some"; NOPE = "none"; YES = "yes"; NO = "no"; ABORT = "abort"
answer = interactiveutils.askMultipleChoiceQuestion("Index found files into Splunk?", [ALL, SOME, NOPE], NOPE) #TK ESD 3/11/08
auth = "admin:changeme"
if answer != NOPE:
success = startSplunk()
if not success:
print "Unable to start splunkd. Exiting..." # TK ESD 3/11/08
sys.exit()
username = interactiveutils.promptWithDefault("splunk username", "admin")
password = interactiveutils.promptPassWithDefault("splunk password", "changeme")
auth = username + ":" + password
if answer == ALL:
for fname in sortedFiles:
addFile(fname, auth)
elif answer == SOME:
for fname in sortedFiles:
fileanswer = interactiveutils.askMultipleChoiceQuestion("Index " + str(fname) + " into Splunk?", [YES, NO, ABORT], NO) #TK ESD 3/11/08
aCount = len(sys.argv)
if aCount == 2:
last = sys.argv[-1].lower()
if last.startswith("debug"):
g_debug = True
elif last.startswith("quiet"):
g_quiet = True
else:
print "\n\tUsage:", sys.argv[0], "[debug|quiet]\n"
sys.exit()
user = interactiveutils.promptWithDefault("username", "root")
dir = interactiveutils.promptWithDefault("starting directory", "/")
manyhosts = interactiveutils.askMultipleChoiceQuestion(
"Run on more than one host? (default=no)", ['no', 'yes'], 'no')
copyfiles = 'yes' == interactiveutils.askMultipleChoiceQuestion(
"Do you want to retrieve the files found for further inspection?",
['yes', 'no'], 'yes')
if manyhosts == 'yes':
hosts = getHosts(config)
password = None
if interactiveutils.askYesNoQuestion(
"Do you want to automatically use a common password for all hosts?",
False):
password = getPassword("Enter remote password")
crawlerThreads = []
for host in hosts:
crawler = Crawler(config, user, password, host, [dir],
aCount = len(sys.argv)
if aCount == 2:
last = sys.argv[-1].lower()
if last.startswith("debug"):
g_debug = True
elif last.startswith("quiet"):
g_quiet = True
else:
print "\n\tUsage:", sys.argv[0], "[debug|quiet]\n"
sys.exit()
user = interactiveutils.promptWithDefault("username", "root")
dir = interactiveutils.promptWithDefault("starting directory", "/")
manyhosts = interactiveutils.askMultipleChoiceQuestion("Run on more than one host? (default=no)", ['no', 'yes'], 'no')
copyfiles = 'yes' == interactiveutils.askMultipleChoiceQuestion("Do you want to retrieve the files found for further inspection?", ['yes', 'no'], 'yes')
if manyhosts == 'yes':
hosts = getHosts(config)
password = None
if interactiveutils.askYesNoQuestion("Do you want to automatically use a common password for all hosts?", False):
password = getPassword("Enter remote password")
crawlerThreads = []
for host in hosts:
crawler = Crawler(config, user, password, host, [dir], daysSizeKPairs, collapseThreshold, copyfiles)
crawlerThreads.append(crawler)
try:
crawler.start()
