def stop_monitor():
"""
Stops ElasticSearch, Logstash, and Kibana on localhost
:return: True, if successfully stopped
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
es_process = elasticsearch.ElasticProcess()
ls_process = logstash.LogstashProcess()
kb_process = kibana.KibanaProcess()
if not (es_profiler.is_installed or ls_profiler.is_installed
or kb_profiler.is_installed):
sys.stderr.write('[-] Could not start monitor. Is it installed?\n')
sys.stderr.write('[-] dynamite install monitor\n')
return False
sys.stdout.write('[+] Stopping monitor processes.\n')
if not es_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.elasticsearch.\n')
return False
elif not ls_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.logstash.\n')
return False
elif not kb_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.kibana.\n')
return False
return True
def profile_monitor():
"""
Get information about installation/running processes within the monitor stack
:return: A dictionary containing the status of each component
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
return dict(ELASTICSEARCH=es_profiler.get_profile(),
LOGSTASH=ls_profiler.get_profile(),
KIBANA=kb_profiler.get_profile())
def status_monitor():
"""
Retrieve the status of the monitor processes
:return: A tuple where the first element is elasticsearch status (dict), second is logstash status (dict),
and third is Kibana status.
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
es_process = elasticsearch.ElasticProcess()
ls_process = logstash.LogstashProcess()
kb_process = kibana.KibanaProcess()
if not (es_profiler.is_installed or ls_profiler.is_installed
or kb_profiler.is_installed):
sys.stderr.write('[-] Could not start monitor. Is it installed?\n')
sys.stderr.write('[-] dynamite install monitor\n')
return False
return es_process.status(), ls_process.status(), kb_process.status()
def uninstall_monitor(prompt_user=True):
"""
Uninstall standalone monitor components (ElasticSearch, Logstash, and Kibana)
:return: True, if uninstall successful
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
if not (es_profiler.is_installed and ls_profiler.is_installed
and kb_profiler.is_installed):
sys.stderr.write(
'[-] A standalone monitor installation was not detected on this system. Please uninstall '
'ElasticSearch, Logstash, or Kibana individually.\n')
return False
if prompt_user:
sys.stderr.write(
'[-] WARNING! UNINSTALLING THE MONITOR WILL PREVENT EVENTS FROM BEING PROCESSED/VISUALIZED.\n'
)
resp = utilities.prompt_input(
'Are you sure you wish to continue? ([no]|yes): ')
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input(
'Are you sure you wish to continue? ([no]|yes): ')
if resp != 'yes':
sys.stdout.write('[+] Exiting\n')
return False
es_uninstall = elasticsearch.uninstall_elasticsearch(stdout=True,
prompt_user=False)
ls_uninstall = logstash.uninstall_logstash(stdout=True, prompt_user=False)
kb_uninstall = kibana.uninstall_kibana(stdout=True, prompt_user=False)
res = es_uninstall and ls_uninstall and kb_uninstall
if res:
sys.stdout.write('[+] Monitor uninstalled successfully.\n')
else:
sys.stderr.write(
'[-] An error occurred while uninstalling one or more monitor components.\n'
)
return res
def install_monitor(elasticsearch_password='******', verbose=False):
"""
Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana.
:param elasticsearch_password: The password used for authentication across all builtin ES users
:param verbose: Include output from system utilities
:return: True, if installation succeeded
"""
es_pre_profiler = elasticsearch.ElasticProfiler()
ls_pre_profiler = logstash.LogstashProfiler()
kb_pre_profiler = kibana.KibanaProfiler()
if ls_pre_profiler.is_installed and es_pre_profiler.is_installed and kb_pre_profiler.is_installed:
sys.stderr.write(
'[-] Monitor is already installed. If you wish to re-install, first uninstall.\n'
)
return False
if utilities.get_memory_available_bytes() < 14 * (1000**3):
sys.stderr.write(
'[-] WARNING Dynamite standalone monitor requires '
'at-least 14GB to run currently available [{} GB]\n'.format(
utilities.get_memory_available_bytes() / (1024**3)))
if str(utilities.prompt_input('Continue? [y|N]: ')).lower() != 'y':
return False
utilities.create_dynamite_user(utilities.generate_random_password(50))
utilities.download_java(stdout=True)
utilities.extract_java(stdout=True)
utilities.setup_java()
if not es_pre_profiler.is_installed:
sys.stdout.write('[+] Installing Elasticsearch on localhost.\n')
es_installer = elasticsearch.ElasticInstaller(
host='0.0.0.0',
port=9200,
download_elasticsearch_archive=not ls_pre_profiler.is_downloaded,
password=elasticsearch_password,
stdout=True,
verbose=verbose)
es_installer.setup_elasticsearch()
if not elasticsearch.ElasticProfiler().is_installed:
sys.stderr.write(
'[-] ElasticSearch failed to install on localhost.\n')
return False
sys.stdout.write('[+] Starting ElasticSearch on localhost.\n')
es_process = elasticsearch.ElasticProcess()
es_process.start()
if not ls_pre_profiler.is_installed:
ls_installer = logstash.LogstashInstaller(
host='0.0.0.0',
elasticsearch_password=elasticsearch_password,
download_logstash_archive=not es_pre_profiler.is_downloaded,
stdout=True,
verbose=verbose)
ls_installer.setup_logstash()
if not logstash.LogstashProfiler().is_installed:
sys.stderr.write('[-] LogStash failed to install on localhost.\n')
return False
if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler(
).is_installed:
sys.stdout.write('[+] Installing Kibana on localhost.\n')
kb_installer = kibana.KibanaInstaller(
host='0.0.0.0',
port=5601,
elasticsearch_host='localhost',
elasticsearch_port=9200,
elasticsearch_password=elasticsearch_password,
download_kibana_archive=not kb_pre_profiler.is_downloaded,
stdout=True,
verbose=verbose)
if not kb_pre_profiler.is_downloaded:
kb_installer.download_kibana(stdout=True)
kb_installer.extract_kibana(stdout=True)
kb_installer.setup_kibana()
if not kibana.KibanaProfiler().is_installed:
sys.stderr.write('[-] Kibana failed to install on localhost.\n')
return False
sys.stdout.write(
'[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n'
)
sys.stdout.flush()
return True
def install_monitor(elasticsearch_password='******'):
"""
Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana.
:return: True, if installation succeeded
"""
if utilities.get_memory_available_bytes() < 14 * (1000**3):
sys.stderr.write(
'[-] Dynamite standalone monitor requires '
'at-least 14GB to run currently available [{} GB]\n'.format(
utilities.get_memory_available_bytes() / (1024**3)))
return False
utilities.create_dynamite_user(utilities.generate_random_password(50))
utilities.download_java(stdout=True)
utilities.extract_java(stdout=True)
utilities.setup_java()
es_installer = elasticsearch.ElasticInstaller(
host='0.0.0.0', port=9200, password=elasticsearch_password)
es_pre_profiler = elasticsearch.ElasticProfiler()
es_process = elasticsearch.ElasticProcess()
ls_installer = logstash.LogstashInstaller(
host='0.0.0.0', elasticsearch_password=elasticsearch_password)
ls_pre_profiler = logstash.LogstashProfiler()
kb_installer = kibana.KibanaInstaller(
host='0.0.0.0',
port=5601,
elasticsearch_host='localhost',
elasticsearch_port=9200,
elasticsearch_password=elasticsearch_password)
kb_pre_profiler = kibana.KibanaProfiler()
if not es_pre_profiler.is_installed:
sys.stdout.write('[+] Installing Elasticsearch on localhost.\n')
if not es_pre_profiler.is_downloaded:
es_installer.download_elasticsearch(stdout=True)
es_installer.extract_elasticsearch(stdout=True)
es_installer.setup_elasticsearch(stdout=True)
if not elasticsearch.ElasticProfiler().is_installed:
sys.stderr.write(
'[-] ElasticSearch failed to install on localhost.\n')
return False
sys.stdout.write('[+] Starting ElasticSearch on localhost.\n')
es_process.start()
if not ls_pre_profiler.is_installed:
if not ls_pre_profiler.is_downloaded:
ls_installer.download_logstash(stdout=True)
ls_installer.extract_logstash(stdout=True)
ls_installer.setup_logstash(stdout=True)
if not logstash.LogstashProfiler().is_installed:
sys.stderr.write('[-] LogStash failed to install on localhost.\n')
return False
if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler(
).is_installed:
sys.stdout.write('[+] Installing Kibana on localhost.\n')
if not kb_pre_profiler.is_downloaded:
kb_installer.download_kibana(stdout=True)
kb_installer.extract_kibana(stdout=True)
kb_installer.setup_kibana(stdout=True)
if not kibana.KibanaProfiler().is_installed:
sys.stderr.write('[-] Kibana failed to install on localhost.\n')
return False
sys.stdout.write(
'[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n'
)
sys.stdout.flush()
return True
sys.stdout.write(
'[-] An error occurred while attempting to start ElasticSearch.\n'
)
sys.exit(1)
except Exception:
_fatal_exception('start', 'elasticsearch', args.debug)
elif args.component == 'logstash':
try:
sys.stdout.write('[+] Starting LogStash\n')
started = logstash.LogstashProcess().start(stdout=True)
if started:
sys.stdout.write(
'[+] LogStash started successfully. Check its status at any time with: '
'\'dynamite status logstash\'.\n')
sys.exit(0)
elif not logstash.LogstashProfiler(stderr=False).is_installed:
_not_installed('start', 'logstash')
sys.exit(0)
else:
sys.stderr.write(
'[-] An error occurred while attempting to start LogStash.\n'
)
sys.exit(1)
except Exception:
_fatal_exception('start', 'logstash', args.debug)
elif args.component == 'kibana':
try:
sys.stdout.write('[+] Starting Kibana\n')
started = kibana.KibanaProcess().start(stdout=True)
if started:
sys.stdout.write(
