def send_cmd_on_threshold_limit(namespace_dict): master_iplist = [] total_ips = 0 result = None cmdstr ="" #Loop through the dictionary and log it in mfc_accesslog_analyzer.log for items in sorted(namespace_dict): iplist = namespace_dict[items] #put this list in a unique aggregated list for generating the command that is going to be dumped to a file master_iplist.extend(x for x in iplist if x not in master_iplist) if result != None: result += "Namespace: %s No of server ips: %d"%(items, len(iplist)) else: result = "Namespace: %s No of server ips: %d"%(items, len(iplist)) total_ips += len(iplist) ipstr = "\n".join(sorted(iplist, reverse=True)) if result != None: result += "\n"+ipstr + "\n" if result != None: result += "\n" + "TOTAL NO OF IP'S: %d"% total_ips + "\n" fp_log = open(mfc_result_file, 'w') fp_log.write(result) fp_log.close() #Go through the sorted aggreaged list of dest ip's to generate the MX router command for item in sorted(master_iplist, reverse=True): cmdstr += "set policy-options prefix-list redirect-to-proxy %s\n"% item #Send the cmd to be dumped in a file if len(master_iplist) > 0: del master_iplist[:] mfcloganalyzer_log.info("Firing/Saving PBR rules to router/file") #print cmdstr gen_utils.sendCmd(cmdstr, "no", mfc_pbr_file, 'w') else: mfcloganalyzer_log.info("No PBR rules available in the processed log files")
def sendPbrs(cmds_list): err = 0 if len(cmds_list) > 0: # Get the commands to be fired to the router cmdstr = "\n".join(cmds_list) # print cmdstr # dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr) if fire_to_router.lower() == "yes": dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n") else: dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n") # Fire the transaction to the router or to a file err = gen_utils.sendCmd(cmdstr, fire_to_router, header.DPI_ANALYZER_RESULT_FILE, "a+", dpiloganalyzer_log) if err == 0: # Persist with the dictionary of destination-ip's with open(header.DEST_IP_PICKLE, "wb") as f: if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE): pickle.dump(dest_ips, f) del cmds_list[:] # Clear the dictionary if it has more than 25000 entries if len(dest_ips) > header.MAX_DICT_SIZE: dest_ips.clear() else: dpiloganalyzer_log.error("The 'commit' of the filter-rules failed in the device") else: dpiloganalyzer_log.info("No unique pbr's available to be fired to the router")
def sendPbrs(cmds_list): err = 0 if len(cmds_list) > 0: #Get the commands to be fired to the router cmdstr = "\n".join(cmds_list) #print cmdstr #dpiloganalyzer_log.info("The transaction to be fired is \n%s\n", cmdstr) if fire_to_router.lower() == 'yes': dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE ROUTER\n") else: dpiloganalyzer_log.info("FIRING THE FILTER-RULES TO THE FILE\n") #Fire the transaction to the router or to a file err = gen_utils.sendCmd(cmdstr, fire_to_router, header.DPI_ANALYZER_RESULT_FILE, 'a+', dpiloganalyzer_log) if err == 0: #Persist with the dictionary of destination-ip's with open(header.DEST_IP_PICKLE, 'wb') as f: if not os.path.isfile(header.CLEAR_FILTER_RULES_FILE): pickle.dump(dest_ips, f) del cmds_list[:] #Clear the dictionary if it has more than 25000 entries if len(dest_ips) > header.MAX_DICT_SIZE: dest_ips.clear() else: dpiloganalyzer_log.error( "The 'commit' of the filter-rules failed in the device") else: dpiloganalyzer_log.info( "No unique pbr's available to be fired to the router")
def fireOneTimeCommands(analyzer_conf_dict): try: mfc_interface_ip = analyzer_conf_dict["mfc_interface_ip"] mx_client_interface = analyzer_conf_dict["mx_client_interface"] mx_server_interface = analyzer_conf_dict["mx_server_interface"] mx_mfc_interface = analyzer_conf_dict["mx_mfc_interface"] mx_mfc_interface_ip_mask = analyzer_conf_dict["mx_mfc_interface_ip_mask"] except KeyError as e: dpiloganalyzer_log.info( "Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router", e, ) return # Validate if all the MX router mirror configuration entries are entered in the router. # If not given a message will be logged and the one time configuration will not be configured in the router if ( mfc_interface_ip == "" or mx_client_interface == "" or mx_server_interface == "" or mx_mfc_interface == "" or mx_mfc_interface_ip_mask == "" ): dpiloganalyzer_log.info( "Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now" ) return cmd_list = [ "set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy", "set firewall family inet filter media_flow term to_mfc then routing-instance media_flow", "set policy-options prefix-list redirect-to-proxy", "set routing-instances media_flow instance-type forwarding", "set routing-options interface-routes rib-group inet dpi", "set routing-options rib-groups dpi import-rib inet.0", "set routing-options rib-groups dpi import-rib media_flow.inet.0", "set routing-instances media_flow routing-options static route 0.0.0.0/0 next-hop %s" % mfc_interface_ip, "set interfaces %s description client-interface unit 0 family inet filter input-list media_flow" % mx_client_interface, "set interfaces %s description server-interface unit 0 family inet filter input-list media_flow" % mx_server_interface, "set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s" % (mx_mfc_interface, mx_mfc_interface_ip_mask), ] cmdstr = "\n".join(cmd_list) # Fire the transaction to the router gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireMirrorConfiguration(analyzer_conf_dict): try: fpc_slot = analyzer_conf_dict["fpc_slot"] output_interface_name = analyzer_conf_dict["output_interface_name"] next_hop_ip = analyzer_conf_dict["next_hop_ip"] output_interface_name = analyzer_conf_dict["output_interface_name"] output_interface_ip_mask = analyzer_conf_dict["output_interface_ip_mask"] mfc_mirror_interface_ip = analyzer_conf_dict["mfc_mirror_interface_ip"] mac_address = analyzer_conf_dict["mac_address"] except KeyError as e: dpiloganalyzer_log.info( "Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired", e, ) return # Validate if all the MX router mirror configuration entries are entered in the router. # If not given a message will be logged and the mirror configuration will not be configured in the router if ( fpc_slot == "" or output_interface_name == "" or next_hop_ip == "" or output_interface_name == "" or output_interface_ip_mask == "" or mfc_mirror_interface_ip == "" or mac_address == "" ): dpiloganalyzer_log.info( "Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router" ) return # MX router mirror configuration commands cmd_list = [ "set firewall family inet filter media_flow term HTTP_mirror from port http", "set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one", "set firewall family inet filter media_flow term media_flow_default then accept", "set chassis fpc %s port-mirror-instance one" % fpc_slot, "set forwarding-options port-mirroring instance one input rate 1", "set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s" % (output_interface_name, next_hop_ip), "set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s" % (output_interface_name, output_interface_ip_mask, mfc_mirror_interface_ip, mac_address), ] cmdstr = "\n".join(cmd_list) # Fire the transaction to the router gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireOneTimeCommands(analyzer_conf_dict): try: mfc_interface_ip = analyzer_conf_dict['mfc_interface_ip'] mx_client_interface = analyzer_conf_dict['mx_client_interface'] mx_server_interface = analyzer_conf_dict['mx_server_interface'] mx_mfc_interface = analyzer_conf_dict['mx_mfc_interface'] mx_mfc_interface_ip_mask = analyzer_conf_dict[ 'mx_mfc_interface_ip_mask'] except KeyError as e: dpiloganalyzer_log.info( "Mandatory onetime configuration entry %s is missing in the analyzer.conf file. Nothing will be configured in the router", e) return #Validate if all the MX router mirror configuration entries are entered in the router. #If not given a message will be logged and the one time configuration will not be configured in the router if mfc_interface_ip == "" or mx_client_interface == "" or mx_server_interface == "" or mx_mfc_interface == "" or mx_mfc_interface_ip_mask == "": dpiloganalyzer_log.info( "Please make sure all the router one time configuration entries for applying the PBR are given in the analyzer.conf file. One time configuration is not configured in the router now" ) return cmd_list = [ 'set firewall family inet filter media_flow term to_mfc from prefix-list redirect-to-proxy', 'set firewall family inet filter media_flow term to_mfc then routing-instance media_flow', 'set policy-options prefix-list redirect-to-proxy', 'set routing-instances media_flow instance-type forwarding', 'set routing-options interface-routes rib-group inet dpi', 'set routing-options rib-groups dpi import-rib inet.0', 'set routing-options rib-groups dpi import-rib media_flow.inet.0', 'set routing-instances media_flow routing-options static route 0.0.0.0/0 next-hop %s' % mfc_interface_ip, 'set interfaces %s description client-interface unit 0 family inet filter input-list media_flow' % mx_client_interface, 'set interfaces %s description server-interface unit 0 family inet filter input-list media_flow' % mx_server_interface, 'set interfaces %s description mfc_tproxy_interface unit 0 family inet address %s' % (mx_mfc_interface, mx_mfc_interface_ip_mask) ] cmdstr = "\n".join(cmd_list) #Fire the transaction to the router gen_utils.sendCmd(cmdstr, "yes", "", "")
def fireMirrorConfiguration(analyzer_conf_dict): try: fpc_slot = analyzer_conf_dict['fpc_slot'] output_interface_name = analyzer_conf_dict['output_interface_name'] next_hop_ip = analyzer_conf_dict['next_hop_ip'] output_interface_name = analyzer_conf_dict['output_interface_name'] output_interface_ip_mask = analyzer_conf_dict[ 'output_interface_ip_mask'] mfc_mirror_interface_ip = analyzer_conf_dict['mfc_mirror_interface_ip'] mac_address = analyzer_conf_dict['mac_address'] except KeyError as e: dpiloganalyzer_log.info( "Mandatory mirror configuration entry %s is missing in the analyzer.conf file. Mirror configuration will not be fired", e) return #Validate if all the MX router mirror configuration entries are entered in the router. #If not given a message will be logged and the mirror configuration will not be configured in the router if fpc_slot == "" or output_interface_name == "" or next_hop_ip == "" or output_interface_name == "" or output_interface_ip_mask == "" or mfc_mirror_interface_ip == "" or mac_address == "": dpiloganalyzer_log.info( "Please make sure all the router mirror configuration entries are given in the analyzer.conf file. No configuration done in the router" ) return #MX router mirror configuration commands cmd_list = [ 'set firewall family inet filter media_flow term HTTP_mirror from port http', 'set firewall family inet filter media_flow term HTTP_mirror then port-mirror-instance one', 'set firewall family inet filter media_flow term media_flow_default then accept', 'set chassis fpc %s port-mirror-instance one' % fpc_slot, 'set forwarding-options port-mirroring instance one input rate 1', 'set forwarding-options port-mirroring instance one family inet output interface %s next-hop %s' % (output_interface_name, next_hop_ip), 'set interface %s description mirror-destination-interface unit 0 family inet address %s arp %s mac %s' % (output_interface_name, output_interface_ip_mask, mfc_mirror_interface_ip, mac_address) ] cmdstr = "\n".join(cmd_list) #Fire the transaction to the router gen_utils.sendCmd(cmdstr, "yes", "", "")
def main(): err = 0 #Logger settings logging.basicConfig(filename=header.MFC_LOG_FILE, format='%(asctime)s %(message)s',level=logging.DEBUG) mdreq = MdReq() #Get the device map name device_map_name = str(sys.argv[1]) NODE_DEVICE_MAP_FQDN = '/nkn/device_map/config/' + device_map_name + '/device_info/fqdn' NODE_DEVICE_MAP_USERNAME = '******' + device_map_name + '/device_info/username' NODE_DEVICE_MAP_PASSWORD = '******' + device_map_name + '/device_info/password' #Get the fqdn, username and password fqdn = mdreq.query(NODE_DEVICE_MAP_FQDN) username = mdreq.query(NODE_DEVICE_MAP_USERNAME) password = mdreq.queryCleartext(NODE_DEVICE_MAP_PASSWORD) #First connect to the MX router err = gen_utils.Connect_Router(fqdn,username, password, logging); #Check if the connection to the router succeeded if err == 1: logging.error("The command 'clear log-analyzer filter-rules %s' failed. Cannot connect to the device %s", device_map_name,fqdn); else: #Construct the command to delete the pbr from the router set_commands = """ delete policy-options prefix-list redirect-to-proxy set policy-options prefix-list redirect-to-proxy """ #Fire the command to the router err = gen_utils.sendCmd(set_commands, "yes", "","", logging) #Check if the commit succeeded if err == 0: #Create a empty file so that the log-analyzer tool knows the 'clear' command has been fired open(header.CLEAR_FILTER_RULES_FILE, 'w').close() #If the commit is successful remove the persisted file rules file as well pickle_file = '/var/log/'+header.DEST_IP_PICKLE tmp_pickle_file = '/var/log/'+header.TMP_DEST_IP_PICKLE if os.path.isfile(pickle_file): shutil.copyfile(pickle_file, tmp_pickle_file) os.remove(pickle_file) logging.error("The command 'clear log-analyzer filter-rules %s' succeeded", device_map_name); else: logging.error("The command 'clear log-analyzer filter-rules %s' failed. Commit failed in the device %s", device_map_name, fqdn); return err