def ProcessResponse(self, response):
"""Sends an email for each response."""
if self.state.emails_sent >= self.state.args.email_limit:
return
client_id = response.source
client = aff4.FACTORY.Open(client_id, token=self.token)
hostname = client.Get(client.Schema.HOSTNAME) or "unknown hostname"
subject = ("GRR Hunt results collection %s got a new result." %
self.state.collection_urn)
url = urllib.urlencode((("c", client_id),
("main", "HostInformation")))
response_htm = rendering.FindRendererForObject(response).RawHTML()
self.state.emails_sent += 1
if self.state.emails_sent == self.state.args.email_limit:
additional_message = self.too_many_mails_msg % self.state.args.email_limit
else:
additional_message = ""
email_alerts.SendEmail(
self.state.args.email, "grr-noreply",
subject,
self.template % dict(
client_id=client_id,
admin_ui=config_lib.CONFIG["AdminUI.url"],
hostname=hostname,
urn=url,
creator=self.token.username,
collection_urn=self.state.collection_urn,
response=response_htm,
additional_message=additional_message,
),
is_html=True)
def ProcessMessage(self, message=None, event=None):
"""Processes this event."""
_ = event
client_id = message.source
nanny_msg = ""
flow_obj = aff4.FACTORY.Open(message.session_id, token=self.token)
# Log.
logging.info("Client crash reported, client %s.", client_id)
# Only kill the flow it is does not handle its own crashes. Some flows
# restart the client and therefore expect to get a crash notification.
if flow_obj.handles_crashes:
return
# Export.
stats.STATS.IncrementCounter("grr_client_crashes")
# Write crash data to AFF4.
client = aff4.FACTORY.Open(client_id, token=self.token)
client_info = client.Get(client.Schema.CLIENT_INFO)
status = rdf_flows.GrrStatus(message.payload)
crash_details = rdf_client.ClientCrash(
client_id=client_id,
session_id=message.session_id,
client_info=client_info,
crash_message=status.error_message,
timestamp=rdfvalue.RDFDatetime().Now(),
crash_type=self.well_known_session_id)
self.WriteAllCrashDetails(client_id,
crash_details,
flow_session_id=message.session_id)
# Also send email.
to_send = []
try:
hunt_session_id = self._ExtractHuntId(message.session_id)
if hunt_session_id and hunt_session_id != message.session_id:
hunt_obj = aff4.FACTORY.Open(hunt_session_id,
aff4_type=implementation.GRRHunt,
token=self.token)
email = hunt_obj.GetRunner().args.crash_alert_email
if email:
to_send.append(email)
except aff4.InstantiationError:
logging.error("Failed to open hunt %s.", hunt_session_id)
email = config_lib.CONFIG["Monitoring.alert_email"]
if email:
to_send.append(email)
for email_address in to_send:
if status.nanny_status:
nanny_msg = "Nanny status: %s" % status.nanny_status
client = aff4.FACTORY.Open(client_id, token=self.token)
hostname = client.Get(client.Schema.HOSTNAME)
url = urllib.urlencode(
(("c", client_id), ("main", "HostInformation")))
renderer = rendering.FindRendererForObject(flow_obj.state)
email_alerts.EMAIL_ALERTER.SendEmail(
email_address,
"GRR server",
"Client %s reported a crash." % client_id,
self.mail_template %
dict(client_id=client_id,
admin_ui=config_lib.CONFIG["AdminUI.url"],
hostname=hostname,
state=renderer.RawHTML(),
urn=url,
nanny_msg=nanny_msg,
signature=config_lib.CONFIG["Email.signature"]),
is_html=True)
if nanny_msg:
msg = "Client crashed, " + nanny_msg
else:
msg = "Client crashed."
# Now terminate the flow.
flow.GRRFlow.TerminateFlow(message.session_id,
reason=msg,
token=self.token,
force=True)
def ProcessMessage(self, message=None, event=None):
"""Processes this event."""
_ = event
client_id = message.source
nanny_msg = ""
flow_obj = aff4.FACTORY.Open(message.session_id, token=self.token)
# Log.
logging.info("Client crash reported, client %s.", client_id)
# Export.
stats.STATS.IncrementCounter("grr_client_crashes")
# Write crash data to AFF4.
client = aff4.FACTORY.Open(client_id, token=self.token)
client_info = client.Get(client.Schema.CLIENT_INFO)
status = rdf_flows.GrrStatus(message.payload)
crash_details = rdf_client.ClientCrash(
client_id=client_id,
session_id=message.session_id,
client_info=client_info,
crash_message=status.error_message,
timestamp=rdfvalue.RDFDatetime().Now(),
crash_type=self.well_known_session_id)
self.WriteAllCrashDetails(client_id,
crash_details,
flow_session_id=message.session_id)
# Also send email.
if config_lib.CONFIG["Monitoring.alert_email"]:
if status.nanny_status:
nanny_msg = "Nanny status: %s" % status.nanny_status
client = aff4.FACTORY.Open(client_id, token=self.token)
hostname = client.Get(client.Schema.HOSTNAME)
url = urllib.urlencode(
(("c", client_id), ("main", "HostInformation")))
renderer = rendering.FindRendererForObject(flow_obj.state)
email_alerts.EMAIL_ALERTER.SendEmail(
config_lib.CONFIG["Monitoring.alert_email"],
"GRR server",
"Client %s reported a crash." % client_id,
self.mail_template %
dict(client_id=client_id,
admin_ui=config_lib.CONFIG["AdminUI.url"],
hostname=hostname,
state=renderer.RawHTML(),
urn=url,
nanny_msg=nanny_msg,
signature=config_lib.CONFIG["Email.signature"]),
is_html=True)
if nanny_msg:
msg = "Client crashed, " + nanny_msg
else:
msg = "Client crashed."
# Now terminate the flow.
flow.GRRFlow.TerminateFlow(message.session_id,
reason=msg,
token=self.token,
force=True)
