def main(options): """ This script will connect to the LO-PHI Disk Sensor and log all of the activity to both a dcap file with RAW data capture """ # Should we automatically set a output dir? OUTPUT_DIR = options.output_dir if OUTPUT_DIR is None: OUTPUT_DIR = "lophi_data_" + datetime.datetime.now().strftime("%m%d") # Make sure we can create the output directory if not os.path.exists(OUTPUT_DIR): try: os.makedirs(OUTPUT_DIR) except: logger.error("Could not create output directory. (%s)" % OUTPUT_DIR) return # Auto-generate our dcap filename log_dcap_filename = os.path.join( OUTPUT_DIR, "lophi_disk_" + datetime.datetime.now().strftime("%m-%d-%H:%M") + ".dcap") print "* Initializing SATA sensor..." # Initialize our disk sensor if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: disk_sensor = DiskSensorPhysical(G.SENSOR_DISK.DEFAULT_IP, bind_ip=default_dest_ip, name="SATA_Sensor") if not disk_sensor.is_up(): logger.error("Disk sensor appears to be down.") return else: disk_sensor = DiskSensorVirtual(options.target) print "* Logging data to: %s" % log_dcap_filename print "* Setting up DCAP logger..." # Setup our dcap logger # We use a queue so that we don't hold up the socket. log_dcap_queue = multiprocessing.Queue() log_dcap_writer = CaptureWriter(log_dcap_filename, log_dcap_queue) log_dcap_writer.start() print "* Connecting to our sensor..." # Get data forever and report it back disk_sensor._connect() if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: print "* Enabling SATA extraction..." disk_sensor.sata_enable_all() print "* Reading SATA Frame packets..." else: print "* Reading Disk Sensor Packets..." UPDATE_INTERVAL = 5 # Seconds last_print_time = 0 while 1: try: # Get our packet # Returns a SATAFrame for physical and DiskSensorPacket for virtual. packet = disk_sensor.get_disk_packet() # Log to if log_dcap_queue is not None: log_dcap_queue.put(packet) # Should we print something to screen? now = time.time() if now - last_print_time > UPDATE_INTERVAL: size = sizeof_fmt(os.path.getsize(log_dcap_filename)) print "* Captured %s." % size last_print_time = now except: logger.error("Problem getting disk packet.") G.print_traceback() break if log_dcap_queue is not None: log_dcap_writer.stop() if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: disk_sensor.sata_disable() return
def main(options): """ This script will connect to the LO-PHI Disk Sensor and log all of the activity to both a dcap file with RAW data capture """ # Should we automatically set a output dir? OUTPUT_DIR = options.output_dir if OUTPUT_DIR is None: OUTPUT_DIR = "lophi_data_"+datetime.datetime.now().strftime("%m%d") # Make sure we can create the output directory if not os.path.exists(OUTPUT_DIR): try: os.makedirs(OUTPUT_DIR) except: logger.error("Could not create output directory. (%s)"%OUTPUT_DIR) return # Auto-generate our dcap filename log_dcap_filename = os.path.join(OUTPUT_DIR, "lophi_disk_"+datetime.datetime.now().strftime("%m-%d-%H:%M")+".dcap") print "* Initializing SATA sensor..." # Initialize our disk sensor if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: disk_sensor = DiskSensorPhysical(G.SENSOR_DISK.DEFAULT_IP, bind_ip=default_dest_ip, name="SATA_Sensor") if not disk_sensor.is_up(): logger.error("Disk sensor appears to be down.") return else: disk_sensor = DiskSensorVirtual(options.target) print "* Logging data to: %s" % log_dcap_filename print "* Setting up DCAP logger..." # Setup our dcap logger # We use a queue so that we don't hold up the socket. log_dcap_queue = multiprocessing.Queue() log_dcap_writer = CaptureWriter(log_dcap_filename, log_dcap_queue) log_dcap_writer.start() print "* Connecting to our sensor..." # Get data forever and report it back disk_sensor._connect() if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: print "* Enabling SATA extraction..." disk_sensor.sata_enable_all() print "* Reading SATA Frame packets..." else: print "* Reading Disk Sensor Packets..." UPDATE_INTERVAL = 5 # Seconds last_print_time = 0 while 1: try: # Get our packet # Returns a SATAFrame for physical and DiskSensorPacket for virtual. packet = disk_sensor.get_disk_packet() # Log to if log_dcap_queue is not None: log_dcap_queue.put( packet ) # Should we print something to screen? now = time.time() if now - last_print_time > UPDATE_INTERVAL: size = sizeof_fmt(os.path.getsize(log_dcap_filename)) print "* Captured %s."%size last_print_time = now except: logger.error("Problem getting disk packet.") G.print_traceback() break if log_dcap_queue is not None: log_dcap_writer.stop() if options.sensor_type == G.MACHINE_TYPES.PHYSICAL: disk_sensor.sata_disable() return