def _disp_recs_tailf(dbase: DBPassive, flt: Filter, field: str) -> None:
# 1. init
firstrecs = list(dbase.get(flt, sort=[(field, -1)], limit=10))
firstrecs.reverse()
# in case we don't have (yet) records matching our criteria
r = {"firstseen": 0, "lastseen": 0}
for r in firstrecs:
if "addr" in r:
print(utils.force_int2ip(r["addr"]), end=" ")
else:
print(r["targetval"], end=" ")
disp_rec(r)
sys.stdout.flush()
# 2. loop
try:
while True:
prevtime = r[field]
time.sleep(1)
for r in dbase.get(
dbase.flt_and(
flt,
dbase.searchnewer(prevtime, new=field == "firstseen"),
),
sort=[(field, 1)],
):
if "addr" in r:
print(utils.force_int2ip(r["addr"]), end=" ")
else:
print(r["targetval"], end=" ")
disp_rec(r)
sys.stdout.flush()
except KeyboardInterrupt:
pass
def _disp_recs_tail(dbase: DBPassive, flt: Filter, field: str,
nbr: Optional[int]) -> None:
recs = list(dbase.get(flt, sort=[(field, -1)], limit=nbr))
recs.reverse()
for r in recs:
if "addr" in r:
print(utils.force_int2ip(r["addr"]), end=" ")
else:
print(r["targetval"], end=" ")
disp_rec(r)
def disp_recs_json(
dbase: DBPassive, flt: Filter, sort: Sort, limit: Optional[int], skip: Optional[int]
) -> None:
indent: Optional[int]
if os.isatty(sys.stdout.fileno()):
indent = 4
else:
indent = None
for rec in dbase.get(flt, sort=sort, limit=limit, skip=skip):
try:
del rec["_id"]
except KeyError:
pass
print(json.dumps(rec, indent=indent, default=dbase.serialize))
def disp_recs(
dbase: DBPassive,
flt: Filter,
sort: Sort,
limit: Optional[int],
skip: Optional[int],
) -> None:
for rec in dbase.get(flt, sort=sort, limit=limit, skip=skip):
try:
del rec["_id"]
except KeyError:
pass
lastseen = rec.pop("lastseen", None)
timestamp = rec.pop("firstseen")
try:
to_db.insert_or_update(timestamp, rec, lastseen=lastseen)
except Exception:
utils.LOGGER.warning("Cannot insert record %r", rec, exc_info=True)
def disp_recs_json(dbase: DBPassive, flt: Filter, sort: Sort,
limit: Optional[int], skip: Optional[int]) -> None:
indent: Optional[int]
if os.isatty(sys.stdout.fileno()):
indent = 4
else:
indent = None
for rec in dbase.get(flt, sort=sort, limit=limit, skip=skip):
try:
del rec["_id"]
except KeyError:
pass
if rec.get("recontype") == "SSL_SERVER" and rec.get("source") in {
"cert",
"cacert",
}:
rec["value"] = utils.encode_b64(rec["value"]).decode()
print(json.dumps(rec, indent=indent, default=dbase.serialize))
def disp_recs_std(
dbase: DBPassive, flt: Filter, sort: Sort, limit: Optional[int], skip: Optional[int]
) -> None:
old_addr = None
sort = sort or [("addr", 1), ("port", 1), ("recontype", 1), ("source", 1)]
for rec in dbase.get(flt, sort=sort, limit=limit, skip=skip):
if "addr" not in rec or not rec["addr"]:
continue
if old_addr != rec["addr"]:
if old_addr is not None:
print()
old_addr = rec["addr"]
print(utils.force_int2ip(old_addr))
ipinfo = db.data.infos_byip(old_addr)
if ipinfo:
if "address_type" in ipinfo:
print("\t", end=" ")
print(ipinfo["address_type"], end=" ")
print()
if "country_code" in ipinfo:
print("\t", end=" ")
print(ipinfo["country_code"], end=" ")
if "country_name" in ipinfo:
cname = ipinfo["country_name"]
else:
try:
cname = db.data.country_name_by_code(ipinfo["country_code"])
except AttributeError:
cname = None
if cname:
print("[%s]" % cname, end=" ")
print()
if "as_num" in ipinfo:
print("\t", end=" ")
print("AS%d" % ipinfo["as_num"], end=" ")
if "as_name" in ipinfo:
print("[%s]" % ipinfo["as_name"], end=" ")
print()
elif "as_name" in ipinfo:
print("\t", end=" ")
print("AS????? [%s]" % ipinfo["as_name"], end=" ")
print()
disp_rec(rec)
