def main(): # Create search API client object search_api = swagger_client.SearchApi() # TODO: Add/Change filter to get valid results filter_string = "vcenter_manager.name = '10.197.17.43'" # Create request parameters required for search APIs public_api_search_request_params = dict(entity_type=swagger_client.EntityType.VIRTUALMACHINE, filter=filter_string, size=100) logger.info("Get all VMs with filter = [{}]".format(filter_string)) # Create payload from search parameters required for calling the search API search_payload = swagger_client.SearchRequest( **public_api_search_request_params) while True: # Call the search API api_response = search_api.search_entities(body=search_payload) logger.info("Response attributes: Total Count: {} Cursor : {} " "Time: {}".format(api_response.total_count, api_response.cursor, time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(api_response.end_time)))) for result in api_response.results: entities_api = swagger_client.EntitiesApi(api_client=api_client) logger.info("VM Name: {}".format( entities_api.get_vm(id=result.entity_id).name)) # make sure we don't hit the vRNI throttle and start getting 429 errors time.sleep(0.025) if not api_response.cursor: break search_payload.cursor = api_response.cursor
def main(): # Create search API client object search_api = swagger_client.SearchApi() # TODO: Add/Change filter to get valid results filter_string = "((source_datacenter.name = 'washington-dc-delta-1'))" # Create request parameters required for search APIs public_api_search_request_params = dict(entity_type=swagger_client.EntityType.FLOW, size=3) logger.info("Get all VMs with filter = [{}]".format(filter_string)) # Create payload from search parameters required for calling the search API search_payload = swagger_client.SearchRequest(**public_api_search_request_params) f_csv = open('flows_to_internet.csv', 'w') fields = ['src_ip', 'dst_ip', 'src_vm', 'src_security_groups', 'port'] writer = csv.DictWriter(f_csv, fieldnames=fields, delimiter=":") writer.writeheader() while True: # Call the search API api_response = search_api.search_entities(body=search_payload) logger.info("Response attributes: Total Count: {} " "Time: {}".format(api_response.total_count, time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(api_response.end_time)))) logger.info("Result list : {} ".format(api_response.results)) # payload for bulk fetch payload ={"entity_ids" : api_response.results} entities_api = swagger_client.EntitiesApi(api_client=api_client) # bulk fetching the entities api_response = entities_api.entities_fetch_post(body=payload) time.sleep(0.025) # make sure we don't hit the vRNI throttle and start getting 429 errors for result in api_response.results: # Get Source VM Name src_vm_name = get_referenced_entity_name(entity_id=result.entity.source_vm.entity_id, entity_type=result.entity.source_vm.entity_type, entities_api=entities_api) time.sleep(0.025) # make sure we don't hit the vRNI throttle and start getting 429 errors # Get Source security groups sec_group_names = [] for src_sec_group in result.entity.source_security_groups: name = get_referenced_entity_name(entity_id=src_sec_group.entity_id, entity_type=src_sec_group.entity_type, entities_api=entities_api) if name: sec_group_names.append(name) time.sleep(0.025) # make sure we don't hit the vRNI throttle and start getting 429 errors # Write it to csv file flow_fields = dict(src_ip=result.entity.source_ip.ip_address, dst_ip=result.entity.destination_ip.ip_address, port=result.entity.port.iana_port_display, src_vm=src_vm_name, src_security_groups=",".join(sec_group_names)) writer.writerow(flow_fields) if not api_response.cursor: break search_payload.cursor = api_response.cursor f_csv.close()
def main(): # Create search API client object search_api = swagger_client.SearchApi() logger = logging.getLogger("vrni_sdk") filter_string = "(source_security_tags.name = 'OPI' or destination_security_tags.name='OPI') " \ "and (flow_tag != TAG_INTERNET_TRAFFIC) and" \ "(source_security_tags.name != AD ) and (destination_security_tags.name != AD)" filter_string = "((flow_tag = TAG_INTERNET_TRAFFIC) and (source_datacenter.name = 'HaaS-1'))" # Create request parameters required for search APIs public_api_search_request_params = dict( entity_type=swagger_client.EntityType.FLOW, filter=filter_string, size=100) logger.info("Get all VMs with filter = [{}]".format(filter_string)) search_payload = swagger_client.SearchRequest( **public_api_search_request_params) f_csv = open('flows_to_internet.csv', 'w') fields = [ 'source_sec_tag', 'destination_sec_tag', 'src_security_groups', 'dst_security_groups', 'src_vm', 'src_ip', 'destination_vm', 'dst_ip', 'protocol', 'port' ] writer = csv.DictWriter(f_csv, fieldnames=fields, delimiter=":") writer.writeheader() destination_ip_port_protocol = [] while True: # Call the search API api_response = search_api.search_entities(body=search_payload) logger.info("Response attributes: Total Count: {} " "Time: {}".format( api_response.total_count, time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(api_response.end_time)))) for result in api_response.results: entities_api = swagger_client.EntitiesApi() flow_details = entities_api.get_flow(id=result.entity_id) logger.info("Flow: {}".format(flow_details.name)) # Ignore same source IPs dest_ip_port_protocol = '{}-{}--{}-{}'.format( flow_details.destination_ip.ip_address, flow_details.protocol, flow_details.port.start, flow_details.port.end) if dest_ip_port_protocol in destination_ip_port_protocol: continue destination_ip_port_protocol.append(dest_ip_port_protocol) # Get Source VM Name src_vm_name = None if flow_details.source_vm is None else get_referenced_entity_name( referenced_entity=flow_details.source_vm) if src_vm_name is None: pass # Get vm name # Get Destination VM Name dst_vm_name = None if flow_details.destination_vm is None else get_referenced_entity_name( referenced_entity=flow_details.destination_vm) if dst_vm_name is None: pass # Get VM Name # Get Source security groups src_group_names = [] for src_sec_group in flow_details.source_security_groups: name = get_referenced_entity_name( referenced_entity=src_sec_group) if name: src_group_names.append(name) dst_group_names = [] for dst_sec_group in flow_details.destination_security_groups: name = get_referenced_entity_name( referenced_entity=dst_sec_group) if name: dst_group_names.append(name) # Get Source security tag src_security_tag_names = [] for src_sec_tag in flow_details.source_security_tags: name = get_referenced_entity_name( referenced_entity=src_sec_tag) if name: src_security_tag_names.append(name) dst_security_tag_names = [] for dst_sec_tag in flow_details.destination_security_groups: name = get_referenced_entity_name( referenced_entity=dst_sec_tag) if name: dst_security_tag_names.append(name) # Write it to csv file flow_fields = dict( src_ip=flow_details.source_ip.ip_address, dst_ip=flow_details.destination_ip.ip_address, port=flow_details.port.iana_port_display, protocol=flow_details.protocol, src_vm=src_vm_name, destination_vm=dst_vm_name, source_sec_tag=",".join(src_security_tag_names), destination_sec_tag=",".join(dst_security_tag_names), src_security_groups=",".join(src_group_names), dst_security_groups=",".join(dst_group_names)) writer.writerow(flow_fields) if not api_response.cursor: break search_payload.cursor = api_response.cursor f_csv.close()
def main(args): # Create search API client object search_api = swagger_client.SearchApi() logger = logging.getLogger("vrni_sdk") filter_string = CONFIG_FILTER_STRING # Create request parameters required for search APIs public_api_search_request_params = dict( entity_type=swagger_client.EntityType.FLOW, filter=filter_string, size=100) logger.info("Get all flows with filter = [{}]".format(filter_string)) search_payload = swagger_client.SearchRequest( **public_api_search_request_params) # to prevent default lookups, keep a record destination_ip_port_protocol = [] while True: # Call the search API api_response = search_api.search_entities(body=search_payload) logger.info( "Response attributes: Total Count: {} Start Time: {} End Time: {}". format(api_response.total_count, datetime.fromtimestamp(api_response.start_time), datetime.fromtimestamp(api_response.end_time))) # print(api_response) for result in api_response.results: entities_api = swagger_client.EntitiesApi() flow_timestamp = result.time flow_details = entities_api.get_flow(id=result.entity_id, time=flow_timestamp) flow_name = flow_details.name.encode('utf-8').strip() logger.info("Flow: {}".format(flow_name)) # Ignore flows we've already seen dest_ip_port_protocol = '{}-{}--{}-{}'.format( flow_details.destination_ip.ip_address, flow_details.protocol, flow_details.port.start, flow_details.port.end) if dest_ip_port_protocol in destination_ip_port_protocol: continue destination_ip_port_protocol.append(dest_ip_port_protocol) # get source VM Name, if any src_vm_name = None if flow_details.source_vm != None: src_vm_name = lookup_vm_name(flow_details.source_vm) # get destination VM Name, if any dst_vm_name = None if flow_details.destination_vm != None: dst_vm_name = lookup_vm_name(flow_details.destination_vm) # for debugging purposes #print("Flow info: ") #print("Source: ", flow_details.source_ip.ip_address, " (",src_vm_name,") Destination: ", flow_details.destination_ip.ip_address, " (",dst_vm_name,")") #print("Port: ", flow_details.port.iana_port_display, " Protocol: ", flow_details.protocol) # create syslog message datetime_str = datetime.fromtimestamp(flow_timestamp) syslog_msg = 'vRNI-Flow: {} {} {} {}'.format( datetime_str, flow_details.firewall_action, flow_details.protocol, flow_name) print(syslog_msg) # form the fields parameter, which will show up as 'Fields' in vRLI log_fields = {} log_fields[ "__vrni_flow_firewall_action"] = flow_details.firewall_action log_fields[ "__vrni_flow_firewall_rule_id"] = flow_details.firewall_rule_id log_fields["__vrni_flow_traffic_type"] = flow_details.traffic_type log_fields["__vrni_flow_tag"] = flow_details.flow_tag log_fields[ "__vrni_flow_source_ip"] = flow_details.source_ip.ip_address log_fields[ "__vrni_flow_destination_ip"] = flow_details.destination_ip.ip_address log_fields["__vrni_flow_port"] = flow_details.port.display log_fields["__vrni_flow_port_name"] = flow_details.port.iana_name log_fields["__vrni_flow_protocol"] = flow_details.protocol log_fields["__vrni_flow_timestamp"] = flow_timestamp # vRLI takes milliseconds as the ts flow_timestamp_ms = flow_timestamp * 1000 try: send_vrli_message(syslog_msg, flow_timestamp_ms, log_fields, args) except: print("Failure sending to vRLI") # make sure we don't hit the vRNI throttle and start getting 429 errors time.sleep(0.025) # break from the loop if this was the last results page if not api_response.cursor: break # otherwise save the cursor of the next page and move on search_payload.cursor = api_response.cursor
def main(): # Create search API client object search_api = swagger_client.SearchApi() logger = logging.getLogger("vrni_sdk") # TODO: Add/Change filter to get valid results filter_string = "((flow_tag = TAG_INTERNET_TRAFFIC) and (source_datacenter.name = 'HaaS-1'))" # Create request parameters required for search APIs public_api_search_request_params = dict( entity_type=swagger_client.EntityType.FLOW, filter=filter_string, size=100) logger.info("Get all VMs with filter = [{}]".format(filter_string)) # Create payload from search parameters required for calling the search API search_payload = swagger_client.SearchRequest( **public_api_search_request_params) f_csv = open('flows_to_internet.csv', 'w') fields = ['src_ip', 'dst_ip', 'src_vm', 'src_security_groups', 'port'] writer = csv.DictWriter(f_csv, fieldnames=fields, delimiter=":") writer.writeheader() while True: # Call the search API api_response = search_api.search_entities(body=search_payload) logger.info("Response attributes: Total Count: {} " "Time: {}".format( api_response.total_count, time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(api_response.end_time)))) for result in api_response.results: entities_api = swagger_client.EntitiesApi() internet_flow = entities_api.get_flow(id=result.entity_id) logger.info("Flow: {}".format(internet_flow.name)) time.sleep( 0.025 ) # make sure we don't hit the vRNI throttle and start getting 429 errors # Get Source VM Name src_vm_name = get_referenced_entity_name( referenced_entity=internet_flow.source_vm) time.sleep( 0.025 ) # make sure we don't hit the vRNI throttle and start getting 429 errors # Get Source security groups sec_group_names = [] for src_sec_group in internet_flow.source_security_groups: name = get_referenced_entity_name( referenced_entity=src_sec_group) if name: sec_group_names.append(name) # Write it to csv file flow_fields = dict(src_ip=internet_flow.source_ip.ip_address, dst_ip=internet_flow.destination_ip.ip_address, port=internet_flow.port.iana_port_display, src_vm=src_vm_name, src_security_groups=",".join(sec_group_names)) writer.writerow(flow_fields) if not api_response.cursor: break search_payload.cursor = api_response.cursor f_csv.close()