def pause(module, base_url, headers, stream_id): url = "/".join([base_url, stream_id, "pause"]) response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='POST') if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def query_tag(module, base_url, tag, headers): url = "/".join([base_url, "experimental/gnql?query=tags:%s" % tag]) response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='GET') if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def delete(module, base_url, headers): url = "/".join([base_url, module.params['name']]) response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='DELETE') if info['status'] != 204: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def default_index_set(module, endpoint, base_url, headers): url = "https://%s/api/system/indices/index_sets?skip=0&limit=0&stats=false" % (endpoint) response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='GET') if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') indices = json.loads(content) except AttributeError: content = info.pop('body', '') default_index_set_id = "" if indices is not None: default_index_set_id = indices['index_sets'][0]['id'] return default_index_set_id
def main(): module = AnsibleModule(argument_spec=dict( action=dict(type='str', required=False, default='list_tags', choices=['query_ip', 'query_tag', 'list_tags']), ip=dict(type='str'), tag=dict(type='str'), greynoise_api_key=dict(type='str', no_log=True))) action = module.params['action'] ip = module.params['ip'] tag = module.params['tag'] greynoise_api_key = module.params['greynoise_api_key'] base_url = "https://api.greynoise.io/v2" headers = '{ "Accept": "application/json", \ "Key": "%s" }' % greynoise_api_key if action == "query_ip": status, message, content, url = query_ip(module, base_url, ip, headers) elif action == "query_tag": status, message, content, url = query_tag(module, base_url, tag, headers) elif action == "list_tags": status, message, content, url = list_tags(module, base_url, headers) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['status'] = status uresp['msg'] = message uresp['json'] = js uresp['url'] = url module.exit_json(**uresp)
def create_rule(module, base_url, headers): url = "/".join([base_url, module.params['stream_id'], "rules"]) payload = {} for key in ['field', 'type', 'value', 'inverted', 'description']: if module.params[key] is not None: payload[key] = module.params[key] response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='POST', data=module.jsonify(payload)) if info['status'] != 201: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def list(module, base_url, headers, id): if id is not None: url = base_url + "/%s" % (id) else: url = base_url response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='GET') if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def create(module, base_url, headers, index_set_id): url = base_url payload = {} for key in ['title', 'description', 'remove_matches_from_default_stream', 'matching_type', 'rules']: if module.params[key] is not None and module.params[key] != "": payload[key] = module.params[key] payload['index_set_id'] = index_set_id response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='POST', data=module.jsonify(payload)) if info['status'] != 201: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def update(module, base_url, headers): url = "/".join([base_url, module.params['id']]) payload = {} for key in ['title', 'description', 'index_prefix', 'field_type_refresh_interval', 'writable', 'default', 'index_analyzer', 'shards', 'replicas', 'rotation_strategy_class', 'retention_strategy_class', 'rotation_strategy', 'retention_strategy', 'index_optimization_max_num_segments', 'index_optimization_disabled']: if module.params[key] is not None: payload[key] = module.params[key] response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='PUT', data=module.jsonify(payload)) if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), validate_certs=dict(type='bool', required=False, default=True), allow_http=dict(type='bool', required=False, default=False), action=dict(type='str', required=False, default='create', choices=['create', 'update']), input_type=dict(type='str', required=False, default='UDP', choices=['UDP', 'TCP', 'HTTP']), title=dict(type='str', required=True), global_input=dict(type='bool', required=False, default=True), node=dict(type='str', required=False), bind_address=dict(type='str', required=False, default='0.0.0.0'), port=dict(type='int', required=False, default=12201), number_worker_threads=dict(type='int', required=False, default=2), override_source=dict(type='str', required=False), recv_buffer_size=dict(type='int', required=False, default=1048576), tcp_keepalive=dict(type='bool', required=False, default=False), tls_enable=dict(type='bool', required=False, default=False), tls_cert_file=dict(type='str', required=False), tls_key_file=dict(type='str', required=False), tls_key_password=dict(type='str', required=False, no_log=True), tls_client_auth=dict(type='str', required=False, default='disabled', choices=['disabled', 'optional', 'required']), tls_client_auth_cert_file=dict(type='str', required=False), use_null_delimiter=dict(type='bool', required=False, default=False), decompress_size_limit=dict(type='int', required=False, default=8388608), enable_cors=dict(type='bool', required=False, default=True), idle_writer_timeout=dict(type='int', required=False, default=60), max_chunk_size=dict(type='int', required=False, default=65536), max_message_size=dict(type='int', required=False, default=2097152))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] allow_http = module.params['allow_http'] if allow_http == True: endpoint = "http://" + endpoint else: endpoint = "https://" + endpoint # Build full name of input type if module.params['input_type'] == "TCP": module.params[ 'input_type'] = "org.graylog2.inputs.gelf.tcp.GELFTCPInput" elif module.params['input_type'] == "UDP": module.params[ 'input_type'] = "org.graylog2.inputs.gelf.udp.GELFUDPInput" else: module.params[ 'input_type'] = "org.graylog2.inputs.gelf.http.GELFHttpInput" base_url = endpoint + "/api/system/inputs" api_token = get_token(module, endpoint, graylog_user, graylog_password, allow_http) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' status, message, content, url = action(module, base_url, headers) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), allow_http=dict(type='bool', required=False, default=False), validate_certs=dict(type='bool', required=False, default=True), action=dict(type='str', required=False, default='list', choices=[ 'create', 'create_connection', 'parse_rule', 'create_rule', 'update', 'update_connection', 'update_rule', 'delete', 'delete_rule', 'list', 'list_rules', 'query_rules', 'query_pipelines' ]), pipeline_id=dict(type='str'), pipeline_name=dict(type='str'), rule_id=dict(type='str'), rule_name=dict(type='str'), stream_ids=dict(type='list'), title=dict(type='str'), description=dict(type='str'), source=dict(type='str'))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] action = module.params['action'] pipeline_id = module.params['pipeline_id'] pipeline_name = module.params['pipeline_name'] rule_id = module.params['rule_id'] rule_name = module.params['rule_name'] allow_http = module.params['allow_http'] if allow_http == True: endpoint = "http://" + endpoint else: endpoint = "https://" + endpoint pipeline_url = endpoint + "/api/system/pipelines/pipeline" rule_url = endpoint + "/api/system/pipelines/rule" connection_url = endpoint + "/api/system/pipelines/connections" api_token = get_token(module, endpoint, graylog_user, graylog_password) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' if action == "create": status, message, content, url = create(module, pipeline_url, headers) elif action == "parse_rule": status, message, content, url = parse_rule(module, rule_url, headers) elif action == "create_rule": status, message, content, url = create_rule(module, rule_url, headers) elif action == "create_connection": status, message, content, url = create_connection( module, connection_url, headers) elif action == "update": status, message, content, url = update(module, pipeline_url, headers) elif action == "update_connection": status, message, content, url = update_connection( module, connection_url, headers) elif action == "update_rule": status, message, content, url = update_rule(module, rule_url, headers) elif action == "delete": status, message, content, url = delete(module, pipeline_url, headers, pipeline_id) elif action == "delete_rule": status, message, content, url = delete_rule(module, rule_url, headers, rule_id) elif action == "list": query = "no" status, message, content, url = list(module, pipeline_url, headers, pipeline_id, query) elif action == "query_pipelines": pipeline_id = query_pipelines(module, pipeline_url, headers, pipeline_name) query = "yes" status, message, content, url = list(module, pipeline_url, headers, pipeline_id, query) elif action == "list_rules": query = "no" status, message, content, url = list_rules(module, rule_url, headers, rule_id, query) elif action == "query_rules": rule_id = query_rules(module, rule_url, headers, rule_name) query = "yes" status, message, content, url = list_rules(module, rule_url, headers, rule_id, query) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), action=dict(type='str', required=False, default='list_configurations', choices=[ 'list_configurations', 'query_collector_configurations', 'update_snippet' ]), configuration_id=dict(type='str'), configuration_name=dict(type='str'), configuration_tags=dict(type='list'), snippet_name=dict(type='str'), snippet_source=dict(type='str'), backend=dict(type='str'))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] action = module.params['action'] configuration_id = module.params['configuration_id'] configuration_name = module.params['configuration_name'] snippet_name = module.params['snippet_name'] configuration_url = "https://%s/api/plugins/org.graylog.plugins.collector/configurations" % ( endpoint) api_token = get_token(module, endpoint, graylog_user, graylog_password) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' if action == "list_configurations": query = "no" status, message, content, url = list_configurations( module, configuration_url, headers, configuration_id, query) elif action == "update_snippet": configuration_id = query_collector_configurations( module, configuration_url, headers, configuration_name) snippet_id = query_snippets(module, configuration_url, headers, configuration_id, snippet_name) status, message, content, url = update_snippet(module, configuration_url, headers, configuration_id, snippet_id) elif action == "query_collector_configurations": configuration_id = query_collector_configurations( module, configuration_url, headers, configuration_name) query = "yes" status, message, content, url = list_configurations( module, configuration_url, headers, configuration_id, query) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), allow_http=dict(type='bool', required=False, default=False), validate_certs=dict(type='bool', required=False, default=True), action=dict( type='str', required=False, default='list', choices=[ 'create', 'create_rule', 'start', 'pause', 'update', 'update_rule', 'delete', 'delete_rule', 'list', 'query_streams' ]), stream_id=dict(type='str'), stream_name=dict(type='str'), rule_id=dict(type='str'), title=dict(type='str'), field=dict(type='str'), type=dict(type='int', default=1), value=dict(type='str'), index_set_id=dict(type='str'), inverted=dict(type='bool', default=False), description=dict(type='str'), remove_matches_from_default_stream=dict(type='bool', default=False), matching_type=dict(type='str'), rules=dict(type='list'))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] action = module.params['action'] stream_id = module.params['stream_id'] stream_name = module.params['stream_name'] rule_id = module.params['rule_id'] title = module.params['title'] field = module.params['field'] type = module.params['type'] value = module.params['value'] index_set_id = module.params['index_set_id'] inverted = module.params['inverted'] description = module.params['description'] remove_matches_from_default_stream = module.params[ 'remove_matches_from_default_stream'] matching_type = module.params['matching_type'] rules = module.params['rules'] allow_http = module.params['allow_http'] if allow_http == True: endpoint = "http://" + endpoint else: endpoint = "https://" + endpoint base_url = endpoint + "/api/streams" api_token = get_token(module, endpoint, graylog_user, graylog_password) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' if action == "create": if index_set_id is None: index_set_id = default_index_set(module, endpoint, base_url, headers) status, message, content, url = create(module, base_url, headers, index_set_id) elif action == "create_rule": status, message, content, url = create_rule(module, base_url, headers) elif action == "update": status, message, content, url = update( module, base_url, headers, stream_id, title, description, remove_matches_from_default_stream, matching_type, rules, index_set_id) elif action == "update_rule": status, message, content, url = update_rule(module, base_url, headers, stream_id, rule_id, field, type, value, inverted, description) elif action == "delete": status, message, content, url = delete(module, base_url, headers, stream_id) elif action == "delete_rule": status, message, content, url = delete_rule(module, base_url, headers, stream_id, rule_id) elif action == "start": status, message, content, url = start(module, base_url, headers, stream_id) elif action == "pause": status, message, content, url = pause(module, base_url, headers, stream_id) elif action == "list": status, message, content, url = list(module, base_url, headers, stream_id) elif action == "query_streams": stream_id = query_streams(module, base_url, headers, stream_name) status, message, content, url = list(module, base_url, headers, stream_id) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)
def update(module, base_url, headers, stream_id, title, description, remove_matches_from_default_stream, matching_type, rules, index_set_id): url = "/".join([base_url, stream_id]) payload = {} response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='GET') if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') payload_current = json.loads(content) except AttributeError: content = info.pop('body', '') if title is not None: payload['title'] = title else: payload['title'] = payload_current['title'] if description is not None: payload['description'] = description else: payload['description'] = payload_current['description'] if remove_matches_from_default_stream is not None: payload[ 'remove_matches_from_default_stream'] = remove_matches_from_default_stream else: payload['remove_matches_from_default_stream'] = payload_current[ 'remove_matches_from_default_stream'] if matching_type is not None: payload['matching_type'] = matching_type else: payload['matching_type'] = payload_current['matching_type'] if rules is not None: payload['rules'] = rules else: payload['rules'] = payload_current['rules'] if index_set_id is not None: payload['index_set_id'] = index_set_id else: payload['index_set_id'] = payload_current['index_set_id'] response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='PUT', data=module.jsonify(payload)) if info['status'] != 200: module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body']))) try: content = to_text(response.read(), errors='surrogate_or_strict') except AttributeError: content = info.pop('body', '') return info['status'], info['msg'], content, url
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), allow_http=dict(type='bool', required=False, default=False), validate_certs=dict(type='bool', required=False, default=True), action=dict( type='str', required=False, default='list', choices=['create', 'update', 'delete', 'list', 'query_index_sets' ]), title=dict(type='str'), description=dict(type='str'), creation_date=dict(type='str', required=False), id=dict(type='str'), index_prefix=dict(type='str'), index_analyzer=dict(type='str', default="standard"), shards=dict(type='int', default=4), replicas=dict(type='int', default=1), field_type_refresh_interval=dict(type='int', default=5000), rotation_strategy_class=dict( type='str', default= 'org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy' ), retention_strategy_class=dict( type='str', default= 'org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy' ), rotation_strategy=dict( type='dict', default=dict( type= 'org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig', rotation_period='P1D')), retention_strategy=dict( type='dict', default=dict( type= 'org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig', max_number_of_indices=14)), index_optimization_max_num_segments=dict(type='int', default=1), index_optimization_disabled=dict(type='bool', default=False), writable=dict(type='bool', default=True), default=dict(type='bool', default=False))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] action = module.params['action'] allow_http = module.params['allow_http'] title = module.params['title'] id = module.params['id'] creation_date = module.params['creation_date'] or datetime.datetime.utcnow( ).isoformat() + 'Z' if allow_http == True: endpoint = "http://" + endpoint else: endpoint = "https://" + endpoint base_url = endpoint + "/api/system/indices/index_sets" api_token = get_token(module, endpoint, graylog_user, graylog_password) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' if action == "create": status, message, content, url = create(module, base_url, headers, creation_date) elif action == "update": status, message, content, url = update(module, base_url, headers) elif action == "delete": status, message, content, url = delete(module, base_url, headers, id) elif action == "list": status, message, content, url = list(module, base_url, headers, id) elif action == "query_index_sets": id = query_index_sets(module, base_url, headers, title) status, message, content, url = list(module, base_url, headers, id) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)
def main(): module = AnsibleModule(argument_spec=dict( endpoint=dict(type='str'), graylog_user=dict(type='str'), graylog_password=dict(type='str', no_log=True), action=dict(type='str', required=False, default='get', choices=['get', 'update', 'delete', 'test']), allow_http=dict(type='bool', required=False, default=False), validate_certs=dict(type='bool', required=False, default=True), enabled=dict(type='bool', required=False, default=False), active_directory=dict(type='bool', required=False, default=False), ldap_uri=dict(type='str', required=False), use_start_tls=dict(type='bool', required=False, default=False), trust_all_certificates=dict(type='bool', required=False, default=False), system_password_set=dict(type='bool', required=False, default=False), system_username=dict(type='str', required=False), system_password=dict(type='str', required=False, no_log=True), search_base=dict(type='str', required=False), search_pattern=dict(type='str', required=False), display_name_attribute=dict(type='str', required=False), group_search_base=dict(type='str', required=False), group_search_pattern=dict(type='str', required=False), group_id_attribute=dict(type='str', required=False), default_group=dict(type='str', required=False, default='Reader'), group_mapping=dict(type='list', required=False))) endpoint = module.params['endpoint'] graylog_user = module.params['graylog_user'] graylog_password = module.params['graylog_password'] action = module.params['action'] allow_http = module.params['allow_http'] if allow_http == True: endpoint = "http://" + endpoint else: endpoint = "https://" + endpoint base_url = endpoint + "/api/system/ldap" api_token = get_token(module, endpoint, graylog_user, graylog_password, allow_http) headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \ "Authorization": "Basic ' + api_token.decode() + '" }' if action == "get": status, message, content, url = get(module, base_url, headers) elif action == "update": status, message, content, url = update(module, base_url, headers) elif action == "delete": status, message, content, url = delete(module, base_url, headers) elif action == "test": status, message, content, url = test(module, base_url, headers) uresp = {} content = to_text(content, encoding='UTF-8') try: js = json.loads(content) except ValueError: js = "" uresp['json'] = js uresp['status'] = status uresp['msg'] = message uresp['url'] = url module.exit_json(**uresp)