def _set_timeline(self, start, end):
for unit in "minute", "hour", "day", "month", "year", "unlimited":
self.dataset["timeline.%s_selected" % unit] = ""
self.dataset["timeline.%s_selected" % self.parameters["timeline_unit"]] = "selected='selected'"
tzobj = None
if self.parameters["timezone"] == "utc":
tzobj = utils.timeutil.tzutc()
self.dataset["timeline.range_timezone"] = "UTC"
else:
tzobj = utils.timeutil.tzlocal()
self.dataset["timeline.range_timezone"] = _("localtime")
if not start and not end:
return
self.dataset["timeline.start"] = localization.format_datetime(start.astimezone(tzobj), format="medium")
self.dataset["timeline.end"] = localization.format_datetime(end.astimezone(tzobj), format="medium")
self.dataset["timeline.current"] = utils.create_link(self.main.view_path, self.parameters - ["timeline_end"])
timeunit = self.parameters["timeline_unit"]
if timeunit != "unlimited":
delta = relativedelta(**{timeunit + "s": self.parameters["timeline_value"]})
self._set_timeline_link("next", end, end + delta)
self._set_timeline_link("prev", start - delta, start)
def _load_widget(self):
widget = Widget(env.request.parameters["widget"])
categories = Widget.get_categories()
if categories:
if widget["category"] not in categories:
raise error.PrewikkaUserError(
N_("Invalid widget"),
N_("The widget category does not exist"))
data = categories[widget["category"]].prepare_render(widget)
if data:
return data
data = self._get_graph(widget)
if widget.get("period") and widget["category"] != "chronology":
dictperiod = dict(
('timeline_' + k, v) for k, v in widget["period"].items())
period = mainmenu.TimePeriod(dictperiod)
data["period_display"] = {
"start": localization.format_datetime(period.start),
"end": localization.format_datetime(period.end)
}
if widget.get("filter"):
data["filter"] = widget.get("filter")
return data
def getTime(self, t):
if not t:
return None
t = datetime.fromtimestamp(t, utils.timeutil.tzoffset(None, t.getGmtOffset()))
local = t.astimezone(utils.timeutil.tzlocal())
s = localization.format_datetime(local, format="medium")
if t.tzinfo.utcoffset(t) != local.tzinfo.utcoffset(local):
s = " ".join((s, _("(agent local time: %s)") % localization.format_datetime(t, format="medium")))
return s
def getTime(self, dt):
if not dt:
return None
agent_time = datetime.fromtimestamp(dt, utils.timeutil.tzoffset(None, dt.getGmtOffset()))
user_time = datetime.fromtimestamp(dt, env.request.user.timezone)
s = localization.format_datetime(user_time, format="medium")
if agent_time.tzinfo.utcoffset(agent_time) != user_time.tzinfo.utcoffset(user_time):
s = " ".join((s, _("(agent local time: %s)") % localization.format_datetime(agent_time, tzinfo=agent_time.tzinfo, format="medium")))
return s
def getTime(self, dt):
if not dt:
return None
agent_time = dt
user_time = dt.astimezone(env.request.user.timezone)
s = localization.format_datetime(user_time, format="medium")
if agent_time.tzinfo.utcoffset(agent_time) != user_time.tzinfo.utcoffset(user_time):
s = " ".join((s, _("(agent local time: %s)") % localization.format_datetime(agent_time, tzinfo=agent_time.tzinfo, format="medium")))
return s
def getTime(self, dt):
if not dt:
return None
agent_time = datetime.fromtimestamp(
dt, utils.timeutil.tzoffset(None, dt.getGmtOffset()))
user_time = datetime.fromtimestamp(dt, env.request.user.timezone)
s = localization.format_datetime(user_time, format="medium")
if agent_time.tzinfo.utcoffset(
agent_time) != user_time.tzinfo.utcoffset(user_time):
s = " ".join(
(s, _("(agent local time: %s)") % localization.format_datetime(
agent_time, tzinfo=agent_time.tzinfo, format="medium")))
return s
class Formatter(object):
highlighter = HighLighter
ignore_fields = frozenset()
_converters = {
datetime.datetime:
lambda f, r, o: resource.HTMLNode(
"span", format_datetime(o), **{
"data-field": f.field,
"data-value": o
})
}
def __init__(self, data_type):
self._enrich_data_cb = [
elem[1] for elem in sorted(
hookmanager.trigger(
"HOOK_DATASEARCH_FORMATTER_ENRICH_CALLBACK"))
]
self.type = data_type
def _format_nonstring(self, field, value):
if isinstance(value, list):
value = ", ".join(value)
return resource.HTMLNode("span",
resource.HTMLNode("span", value),
_class="selectable",
**{"data-field": field})
def format_value(self, field, value):
if not isinstance(value, text_type):
return self._format_nonstring(field, value)
hl = self.highlighter(value or "n/a")
node, value = hl.html, hl.value
node.attrs["data-field"] = field
for i in self._enrich_data_cb:
node = i(node, value, self.type)
return node
def format(self, finfo, root, obj):
if finfo.type in self._converters:
return self._converters[finfo.type](finfo, root, obj)
if finfo.field in self.ignore_fields:
return obj
return self.format_value(finfo.field, obj)
def _format_time(self, finfo, root, obj):
href = None
if root["%s.messageid" % self.type]:
href = url_for("%ssummary.render" % self.type,
messageid=root["%s.messageid" % self.type],
_default=None,
**env.request.menu.get_parameters())
return resource.HTMLNode("a",
format_datetime(obj),
href=href,
title=_("See IDMEF details"),
**{
"data-toggle": "tooltip",
"data-container": "#main"
})
def createTimeField(self, timeobj, timezone=None):
if not timeobj:
return { "value": "n/a" }
timeval = float(timeobj)
tzobj = { "utc": utils.timeutil.tzutc,
"sensor_localtime": lambda: utils.timeutil.tzoffset(None, timeobj.getGmtOffset()),
"frontend_localtime": utils.timeutil.tzlocal
}[timezone]()
time_value = localization.format_time(timeval, format="short", tzinfo=tzobj)
value = localization.format_datetime(timeval, format="short", tzinfo=tzobj)
if isinstance(tzobj, utils.timeutil.tzoffset):
value += " (" + localization.format_time(timeval, format="z", tzinfo=tzobj) + ")"
return { "value": value or "n/a" }
def createTimeField(self, timeobj):
if not timeobj:
return { "value": "n/a" }
return { "value": localization.format_datetime(timeobj, format="short") }
def __init__(self, heartbeat):
self.status = heartbeat.get("additional_data('Analyzer status').data")[0]
self.interval = heartbeat["heartbeat_interval"]
self.time = heartbeat["create_time"]
self.time_str = localization.format_datetime(self.time)
def analyze(self, analyzerid):
analyzer, heartbeat = self._get_analyzer(analyzerid)
delta = float(heartbeat["create_time"]) - time.time()
analyzer.last_heartbeat_time = localization.format_timedelta(
delta, add_direction=True)
analyzer.status = None
analyzer.events = []
res = env.dataprovider.get(Criterion(
"heartbeat.analyzer(-1).analyzerid", "=", analyzerid),
limit=self._heartbeat_count)
prev = None
latest = True
total_interval = 0
for idx, cur in enumerate(res):
cur = cur["heartbeat"]
cur_status, cur_interval, cur_time = cur.get(
"additional_data('Analyzer status').data"
)[0], cur["heartbeat_interval"], cur["create_time"]
cur_time_str = localization.format_datetime(float(cur_time))
try:
prev = res[idx + 1]["heartbeat"]
prev_status, prev_time = prev.get(
"additional_data('Analyzer status').data"
)[0], prev["create_time"]
except:
break
if not cur_status or not cur_interval:
continue
total_interval += int(cur_interval)
if latest:
latest = False
analyzer.status, analyzer.status_meaning = \
utils.get_analyzer_status_from_latest_heartbeat(cur, self._heartbeat_error_margin)
if analyzer.status == "missing":
delta = time.time() - float(cur_time)
analyzer.events.append(
utils.AttrObj(time=cur_time_str,
value=_("Sensor is down since %s") %
localization.format_timedelta(delta),
type="down"))
event = None
if cur_status == "starting":
if prev_status == "exiting":
event = utils.AttrObj(time=cur_time_str,
value=_("Normal sensor start"),
type="start")
else:
event = utils.AttrObj(time=cur_time_str,
value=_("Unexpected sensor restart"),
type="unexpected_restart")
elif cur_status == "running":
delta = abs(int(cur_time) - int(prev_time) - int(cur_interval))
if delta > self._heartbeat_error_margin:
delta = localization.format_timedelta(delta,
granularity="second")
event = utils.AttrObj(
time=cur_time_str,
value=_("Unexpected heartbeat interval: %(delta)s") %
{'delta': delta},
type="abnormal_heartbeat_interval")
elif cur_status == "exiting":
event = utils.AttrObj(time=cur_time_str,
value=_("Normal sensor stop"),
type="normal_stop")
if event:
analyzer.events.append(event)
if not analyzer.status:
analyzer.status, analyzer.status_meaning = "unknown", _("Unknown")
if not analyzer.events:
delta = localization.format_timedelta(total_interval /
self._heartbeat_count)
analyzer.events.append(
utils.AttrObj(
time="",
value=
_("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)"
) % {
'count': self._heartbeat_count,
'delta': delta
},
type="no_anomaly"))
return template.PrewikkaTemplate(
__name__,
"templates/heartbeatanalyze.mak").render(analyzer=analyzer)
def render(self):
analyzerid = self.parameters["analyzerid"]
analyzer, heartbeat = env.idmef_db.getAnalyzer(analyzerid)
delta = float(heartbeat["create_time"]) - time.time()
analyzer.last_heartbeat_time = localization.format_timedelta(delta, add_direction=True)
analyzer.status = None
analyzer.events = [ ]
idents = env.idmef_db.getHeartbeatIdents(criteria="heartbeat.analyzer(-1).analyzerid == %s" % analyzerid,
limit=self._heartbeat_count)
prev = None
latest = True
total_interval = 0
for idx, ident in enumerate(idents):
cur = env.idmef_db.getHeartbeat(ident)["heartbeat"]
cur_status, cur_interval, cur_time = cur.get("additional_data('Analyzer status').data")[0], cur["heartbeat_interval"], cur["create_time"]
cur_time_str = localization.format_datetime(float(cur_time))
try:
prev = env.idmef_db.getHeartbeat(idents[idx + 1])["heartbeat"]
prev_status, prev_time = prev.get("additional_data('Analyzer status').data")[0], prev["create_time"]
except:
break
if not cur_status or not cur_interval:
continue
total_interval += int(cur_interval)
if latest:
latest = False
analyzer.status, analyzer.status_meaning = \
get_analyzer_status_from_latest_heartbeat(cur, self._heartbeat_error_margin)
if analyzer.status == "missing":
delta = time.time() - float(cur_time)
analyzer.events.append({ "time": cur_time_str, "value": _("Sensor is down since %s") % localization.format_timedelta(delta), "type": "down"})
event = None
if cur_status == "starting":
if prev_status == "exiting":
event = { "time": cur_time_str, "value": _("Normal sensor start"), "type": "start" }
else:
event = { "time": cur_time_str, "value": _("Unexpected sensor restart"), "type": "unexpected_restart" }
elif cur_status == "running":
delta = abs(int(cur_time) - int(prev_time) - int(cur_interval))
if delta > self._heartbeat_error_margin:
delta = localization.format_timedelta(delta, granularity="second")
event = { "time": cur_time_str, "value": _("Unexpected heartbeat interval: %(delta)s") % {'delta': delta}, "type": "abnormal_heartbeat_interval" }
elif cur_status == "exiting":
event = { "time": cur_time_str, "value": _("Normal sensor stop"), "type": "normal_stop" }
if event:
analyzer.events.append(event)
if not analyzer.status:
analyzer.status, analyzer.status_meaning = "unknown", _("Unknown")
if not analyzer.events:
delta = localization.format_timedelta(total_interval / self._heartbeat_count)
analyzer.events.append({ "time": "", "value":
_("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)") %
{'count': self._heartbeat_count, 'delta':delta}, "type": "no_anomaly" })
self.dataset["analyzer"] = analyzer
def createTimeField(self, timeobj):
if not timeobj:
return {"value": "n/a"}
return AttrDict(
value=localization.format_datetime(timeobj, format="short"))
