コード例 #1
0
    def test_geoip_reporting(self):
        '''Tests GeoIP reporting information'''
        tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)

        report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
                                                               self._test_site,
                                                               self._db_connection)
        geoip_report = report_manager.retrieve_geoip_breakdown(
            datetime.now() - timedelta(days=1),
            datetime.now(),
            self._db_connection)

        self.assertEqual(len(geoip_report), 14)
コード例 #2
0
    def test_full_host_breakdown(self):
        '''Tests internet host breakdown'''
        tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)

        report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
                                                               self._test_site,
                                                               self._db_connection)
        internet_host_breakdown = report_manager.retrieve_internet_host_breakdown(
            datetime.now() - timedelta(days=1),
            datetime.now(),
            self._db_connection)

        self.assertEqual(len(internet_host_breakdown), 74)
コード例 #3
0
    def test_machine_breakdown_reporting(self):
        '''Tests breaking down data by machine'''
        tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)

        report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
                                                               self._test_site,
                                                               self._db_connection)
        local_ip_report = report_manager.retrieve_geoip_by_local_ip_breakdown(
            datetime.now() - timedelta(days=1),
            datetime.now(),
            self._db_connection)

        # Need less crappy tests
        self.assertEqual(len(local_ip_report), 15)
コード例 #4
0
    def test_email_report_zip(self):
        '''Tests generation of email reports with CSV in a ZIP and such'''
        tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)

        report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
                                                               self._test_site,
                                                               self._db_connection)

        report_manager.generate_report_emails(datetime.now() - timedelta(days=1),
                                              datetime.now(),
                                              db_conn=self._db_connection,
                                              send=True)

        with open(self._test_contact_zip, 'r') as f:
            alert_email = f.read()

        self.assertIn("Attached to this email is a CSV breakdown of all traffic for the last 24 hours.", alert_email)
コード例 #5
0
    def test_email_report(self):
        '''Tests generation of email reports and such'''
        tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)

        report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
                                                               self._test_site,
                                                               self._db_connection)

        report_manager.generate_report_emails(datetime.now() - timedelta(days=1),
                                              datetime.now(),
                                              db_conn=self._db_connection,
                                              send=True)

        with open(self._test_contact_inline, 'r') as f:
            alert_email = f.read()

        self.assertIn("This is a snapshot of internet traffic broken down by destination IP", alert_email)
コード例 #6
0
def main():
    '''Main function for handling daily processing tasks'''

    # Do our basic setup work
    logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s')
    logger = logging.getLogger(name=__name__)
    logger.setLevel(logging.DEBUG)

    # We need both configs
    parser = argparse.ArgumentParser(
        description="Run daily processing tasks for NDR")
    parser.add_argument('-s',
                        '--server-config',
                        default='/etc/ndr/ndr_server.yml',
                        help='NDR Server Configuration File')
    args = parser.parse_args()

    nsc = ndr_server.Config(logger, args.server_config)

    db_conn = nsc.database.get_connection()

    nsc.logger.info("Generating GeoIP statistics email")

    # Retrieve all sites
    sites = ndr_server.Site.retrieve_all(nsc, db_conn)

    for site in sites:
        nsc.logger.info("Processing site %s (%d)", site.name, site.pg_id)

        # TShark Reports
        report_manager = ndr_server.TsharkTrafficReportManager(
            nsc, site, db_conn)

        report_manager.generate_report_emails(datetime.now() -
                                              timedelta(days=1),
                                              datetime.now(),
                                              db_conn=db_conn,
                                              send=True)

    db_conn.commit()