# We assume that the MODULE is inside the /bin/ of an app APP_PATH = path.dirname(path.dirname(MODULE_PATH)) LOG_PATH = path.join(APP_PATH, 'log') CONFIG_FILE = path.join(APP_PATH, 'default', 'ipfix.conf'), \ path.join(APP_PATH, 'local', 'ipfix.conf') # Read config file Config = ConfigParser() Config.read(CONFIG_FILE) HOST = Config.get('network', 'host') PORT = Config.getint('network', 'port') MAX_BYTES = Config.getint('logging', 'maxBytes') BACKUP_COUNT = Config.getint('logging', 'backupCount') BUFFER_OUTPUT = Config.getboolean('logging', 'useFileForOutput') splunkLogger = SplunkLogger(path.join(LOG_PATH, 'output.log'), MAX_BYTES, BACKUP_COUNT) debugLogger = SplunkLogger(path.join(LOG_PATH, 'debug.log'), MAX_BYTES, BACKUP_COUNT) # ProcessPcap is about testing, we're reading a previously captured .pcap file captureFile = Config.get('testing', 'file') pkts = PcapReader(captureFile) # For each packet in the pcap file, extract, decode and print AppFlow IPFIX records. # NOTE: for testing, we want high log output (unless we care about speed) debugLogger.setLevel(logging.WARNING) f1 = time() for p in pkts: # assume layer 2 is Ethernet