コード例 #1
0
    def find_incident(self, key_prefix=None, incident_horizon=None):
        start_time = current_time_offset()-incident_horizon

        recent_incidents = redis.zrevrangebyscore(KEY_INCIDENTS, '+inf', start_time)
        for incident in recent_incidents:
            if incident.startswith(key_prefix):
                return incident
        return None
コード例 #2
0
    def find_incident(self, key_prefix=None, incident_horizon=None):
        start_time = current_time_offset()-incident_horizon

        recent_incidents = redis.zrevrangebyscore(KEY_INCIDENTS, '+inf', start_time)
        for incident in recent_incidents:
            if incident.startswith(key_prefix):
                return incident
        return None
コード例 #3
0
    def do_creation(self, ):
        """
        Insert an Incident hash.

        Before creating a new incident, a check is performed to see
        if the same src host has a live incident within the
        configured time horizon.
        """
        now = current_time_offset()
        incident_key_prefix = self.INCIDENT_KEY_PREFIX + self.data['src_host']
        incident_horizon = float(
            c.config.getVal(self.CONFIG_INCIDENT_HORIZON,
                            default=c.config.getVal('console.incident_horizon',
                                                    default=60)))
        current_incident_key = self.find_incident(
            key_prefix=incident_key_prefix, incident_horizon=incident_horizon)

        if current_incident_key:
            #an incident already exists, update it
            current_incident = redis.hgetall(current_incident_key)
            current_incident['events_list'] += ',' + repr(now)
            current_incident['events_count'] = int(
                current_incident['events_count']) + 1
            current_incident['updated'] = True

            #add new log data to old incident
            if self.data.has_key('logdata'):
                current_incident = self.add_log_data(current_incident)

            redis.hmset(current_incident_key, current_incident)
            redis.zrem(KEY_INCIDENTS, current_incident_key)
            redis.zadd(KEY_INCIDENTS, now, current_incident_key)
        else:
            #this is a new incident
            incident_key = self.make_key(time=now)

            self.data['created'] = now
            self.data['events_list'] = repr(now)
            self.data['events_count'] = 1
            self.data['acknowledged'] = False
            self.data['notified'] = False
            self.data['updated'] = True
            self.data['description'] = self.DESCRIPTION
            if self.data.has_key('logdata'):
                if type(self.data['logdata']) == list:
                    self.data['logdata'] = simplejson.dumps(
                        self.data['logdata'])
                else:
                    self.data['logdata'] = simplejson.dumps(
                        [self.data['logdata']])
            redis.hmset(incident_key, self.data)
            redis.zadd(KEY_INCIDENTS, now, incident_key)

            deferToThread(notify, self)
コード例 #4
0
    def do_creation(self,):
        """
        Insert an Incident hash.

        Before creating a new incident, a check is performed to see
        if the same src host has a live incident within the
        configured time horizon.
        """
        now = current_time_offset()
        incident_key_prefix = self.INCIDENT_KEY_PREFIX + self.data['src_host']
        incident_horizon = float(c.config.getVal(
                                    self.CONFIG_INCIDENT_HORIZON,
                                    default=c.config.getVal(
                                              'console.incident_horizon',
                                              default=60)))
        current_incident_key = self.find_incident(key_prefix=incident_key_prefix,
                                              incident_horizon=incident_horizon)

        if current_incident_key:
            #an incident already exists, update it
            current_incident = redis.hgetall(current_incident_key)
            current_incident['events_list'] += ','+repr(now)
            current_incident['events_count'] = int(current_incident['events_count'])+1
            current_incident['updated'] = True

            #add new log data to old incident
            if self.data.has_key('logdata'):
                current_incident = self.add_log_data(current_incident)

            redis.hmset(current_incident_key, current_incident)
            redis.zrem(KEY_INCIDENTS, current_incident_key)
            redis.zadd(KEY_INCIDENTS, now, current_incident_key)
        else:
            #this is a new incident
            incident_key = self.make_key(time=now)

            self.data['created'] = now
            self.data['events_list'] = repr(now)
            self.data['events_count'] = 1
            self.data['acknowledged'] = False
            self.data['notified'] = False
            self.data['updated'] = True
            self.data['description'] = self.DESCRIPTION
            if self.data.has_key('logdata'):
                if type(self.data['logdata']) == list:
                    self.data['logdata'] = simplejson.dumps(self.data['logdata'])
                else:
                    self.data['logdata'] = simplejson.dumps([self.data['logdata']])
            redis.hmset(incident_key, self.data)
            redis.zadd(KEY_INCIDENTS, now, incident_key)

            deferToThread(notify, self)