def main():
parser = argparse.ArgumentParser()
parser.add_argument('-c', '--count')
args = parser.parse_args()
count = 100
if args.count:
count = int(args.count)
wclient = Client(**read_cfg("warden_client_tester.cfg"))
# Also inline arguments are possible:
# wclient = Client(
# url = 'https://warden.example.com/warden3',
# keyfile = '/opt/warden3/etc/key.pem',
# certfile = '/opt/warden3/etc/cert.pem',
# cafile = '/opt/warden3/etc/tcs-ca-bundle.pem',
# timeout=10,
# errlog={"level": "debug"},
# filelog={"level": "debug"},
# idstore="MyClient.id",
# name="cz.example.warden.test")
#info = wclient.getDebug()
#wclient.logger.debug(info)
#info = wclient.getInfo()
#wclient.logger.info(info)
#wclient.logger.debug("Sending %d event(s)" % count)
start = time()
ret = wclient.sendEvents([gen_random_idea(client_name=wclient.name) for i in range(count)])
ret['time'] = (time()-start)
wclient.logger.info(ret)
from math import trunc
from uuid import uuid4
import json
import string
import os
import sys
import warden_utils_flab as w3u
aconfig = read_cfg('warden_client_uchotcp.cfg')
wconfig = read_cfg('warden_client.cfg')
aclient_name = aconfig['name']
wconfig['name'] = aclient_name
aanonymised = aconfig['anonymised']
aanonymised_net = aconfig['target_net']
aanonymised = aanonymised if (aanonymised_net != '0.0.0.0/0') or (aanonymised_net == 'omit') else '0.0.0.0/0'
wclient = Client(**wconfig)
def gen_event_idea_uchotcp(detect_time, src_ip, src_port, dst_ip, dst_port, proto, decoded, smart, data):
event = {
"Format": "IDEA0",
"ID": str(uuid4()),
"DetectTime": detect_time,
"Category": ["Recon.Scanning", "Test"],
"Note": "Uchotcp event",
"ConnCount": 1,
"Source": [{ "Proto": proto, "Port": [src_port] }],
"Target": [{ "Proto": proto, "Port": [dst_port] }],
"Node": [
{
"Name": aclient_name,
def main():
wclient = Client(**read_cfg("warden_client.cfg"))
# Also inline arguments are possible:
# wclient = Client(
# url = 'https://warden.example.com/warden3',
# keyfile = '/opt/warden3/etc/key.pem',
# certfile = '/opt/warden3/etc/cert.pem',
# cafile = '/opt/warden3/etc/tcs-ca-bundle.pem',
# timeout=10,
# errlog={"level": "debug"},
# filelog={"level": "debug"},
# idstore="MyClient.id",
# name="cz.example.warden.test")
print("=== Debug ===")
info = wclient.getDebug()
pprint(info)
# All methods return something.
# If you want to catch possible errors (for example implement some
# form of persistent retry, or save failed events for later, you may
# check for Error instance and act based on contained info.
# If you want just to be informed, this is not necessary, just
# configure logging correctly and check logs.
if isinstance(info, Error):
print(info)
print("=== Server info ===")
info = wclient.getInfo()
print("=== Sending 10 event(s) ===")
start = time()
ret = wclient.sendEvents(
[gen_random_idea(client_name=wclient.name) for i in range(10)])
print(ret)
print("Time: %f" % (time() - start))
print("=== Getting 10 events ===")
start = time()
# cat = ['Availability', 'Abusive.Spam','Attempt.Login']
# cat = ['Attempt', 'Information','Fraud.Scam','Malware.Virus']
# cat = ['Fraud', 'Abusive.Spam']
# nocat = ['Availability', 'Information', 'Fraud.Scam']
cat = []
nocat = []
#tag = ['Log', 'Data']
#notag = ['Flow', 'Datagram']
tag = []
notag = []
#group = ['cz.tul.ward.kippo','cz.vsb.buldog.kippo']
#nogroup = ['cz.zcu.civ.afrodita','cz.vutbr.net.bee.hpscan']
group = []
nogroup = []
ret = wclient.getEvents(count=10,
cat=cat,
nocat=nocat,
tag=tag,
notag=notag,
group=group,
nogroup=nogroup)
print("Time: %f" % (time() - start))
print("Got %i events" % len(ret))
for e in ret:
print(e.get("Category"),
e.get("Node")[0].get("Type"),
e.get("Node")[0].get("Name"))
wconfig = read_cfg(wconfig)
fconfig = config.get(args.func, {})
return wconfig, fconfig
if __name__ == "__main__":
args = get_args()
function = sender if args.func == "sender" else receiver
wconfig, fconfig = get_configs()
wclient = Client(**wconfig)
try:
if args.daemon:
daemonize(work_dir=fconfig.get("work_dir", "."),
chroot_dir=fconfig.get("chroot_dir"),
umask=fconfig.get("umask"),
uid=fconfig.get("uid"),
gid=fconfig.get("gid"),
pidfile=args.pid_file,
files_preserve=get_logger_files(wclient.logger),
signals={
signal.SIGTERM: terminate_me,
signal.SIGINT: terminate_me,
signal.SIGHUP: signal.SIG_IGN,
signal.SIGTTIN: signal.SIG_IGN,
def main():
wclient = Client(**read_cfg("warden_client.cfg"))
# Also inline arguments are possible:
# wclient = Client(
# url = 'https://warden.example.com/warden3',
# keyfile = '/opt/warden3/etc/key.pem',
# certfile = '/opt/warden3/etc/cert.pem',
# cafile = '/opt/warden3/etc/tcs-ca-bundle.pem',
# timeout=10,
# errlog={"level": "debug"},
# filelog={"level": "debug"},
# idstore="MyClient.id",
# name="cz.example.warden.test")
print "=== Debug ==="
info = wclient.getDebug()
pprint(info)
# All methods return something.
# If you want to catch possible errors (for example implement some
# form of persistent retry, or save failed events for later, you may
# check for Error instance and act based on contained info.
# If you want just to be informed, this is not necessary, just
# configure logging correctly and check logs.
if isinstance(info, Error):
print info
print "=== Server info ==="
info = wclient.getInfo()
print "=== Sending 10 event(s) ==="
start = time()
ret = wclient.sendEvents([gen_random_idea(client_name=wclient.name) for i in range(10)])
print ret
print "Time: %f" % (time()-start)
print "=== Getting 10 events ==="
start = time()
# cat = ['Availability', 'Abusive.Spam','Attempt.Login']
# cat = ['Attempt', 'Information','Fraud.Scam','Malware.Virus']
# cat = ['Fraud', 'Abusive.Spam']
# nocat = ['Availability', 'Information', 'Fraud.Scam']
cat = []
nocat = []
#tag = ['Log', 'Data']
#notag = ['Flow', 'Datagram']
tag = []
notag = []
#group = ['cz.tul.ward.kippo','cz.vsb.buldog.kippo']
#nogroup = ['cz.zcu.civ.afrodita','cz.vutbr.net.bee.hpscan']
group = []
nogroup = []
ret = wclient.getEvents(count=10, cat=cat, nocat=nocat, tag=tag, notag=notag, group=group, nogroup=nogroup)
print "Time: %f" % (time()-start)
print "Got %i events" % len(ret)
for e in ret:
print e.get("Category"), e.get("Node")[0].get("Type"), e.get("Node")[0].get("Name")
Error(message="Error saving event",
exc=sys.exc_info(),
file=dest_file,
event_ids=[event.get("ID")]).log(wclient.logger)
count_err += 1
wclient.logger.info("warden_archiver: received %d, errors %d" %
(count_ok, count_err))
if __name__ == "__main__":
# Parse arguments
args = argparser.parse_args()
# Create Warden client
wclient = Client(**read_cfg(args.warden_config))
wclient.logger.info("Warden archiver started")
# Ensure the archive directory exists
os.makedirs(args.archive_dir, exist_ok=True)
# Setup signal handlers
for (signum, handler) in signals.items():
signal.signal(signum, handler)
# Run receiver
receiver(config, wclient, args.archive_dir)
wclient.logger.info("Warden archiver stopped")
