#IP second check for C&C flg_C2 = parser_config.get_ip_secondcheck() if (flg_C2 == 1): # 从info中IP检查,提升为warn mylog.info('all_IP size:{}'.format(len(all_IP))) ip_check_C2.main(startTime, all_IP, serverNum, dport, indx) startTime = startTime + delta flgnum += 1 # runtime=time.clock()-st# get the time of whole process except Exception, e: # print e mylog.error(e) if __name__ == "__main__": #delta = 5mins delta, discard, offset = parser_config.getCheckDeltatime() # entertime = if (discard.lower() == 'now'): startTime = time.strftime("%Y-%m-%d %H:%M:%S") else: startTime = datetime.datetime.strptime(discard, '%Y-%m-%d %H:%M:%S') entertime = time.strftime("%Y-%m-%d %H:%M:%S") serverNum, dport, indx, aggs_name, querys = parser_config.get_ES_info() #serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip #set global dic for storm suppression blacklist_tools.global_init() blacklist_tools.set_global_value('warn', []) new_run(startTime, delta, serverNum, dport, offset, querys, indx, aggs_name) # store_run()
os.mkdir(dirpath) while datetime.datetime.now() < startTime: #print('time sleep...') mylog.info("time sleep...") time.sleep((startTime-datetime.datetime.now()).total_seconds()) try: # st=time.clock() #update source dataset if(datetime.datetime.now()>updatetime): update_blacklist.main(tday,flgnum) updatetime=updatetime+delta # check interval time is 5mins checkES(startTime,indx,aggs_name,serverNum,dport,tday) startTime = startTime + delta flgnum+=1 # runtime=time.clock()-st# get the time of whole process except Exception, e: # print e mylog.error(e) if __name__=="__main__": #delta = 5mins delta,discard=parser_config.getCheckDeltatime() # entertime = entertime = time.strftime("%Y-%m-%d %H:%M:%S") startTime = datetime.datetime.strptime(discard, '%Y-%m-%d %H:%M:%S') serverNum,dport,indx,aggs_name=parser_config.get_ES_info() #serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip new_run(startTime,delta,serverNum,dport,indx,aggs_name) # store_run()
tday = datetime.datetime.now().date() runtime = 0 # elapsed time of whole process,included check and merge while True: if (tday != datetime.datetime.now().date()): flgnum = 0 # reset flgnum per day tday = datetime.datetime.now().date() while datetime.datetime.now() < startTime: print('time sleep...') time.sleep(delta.seconds - runtime) try: st = time.clock() #update source dataset update_blacklist.main(tday, flgnum) # check interval time is 15mins checkES(startTime, indx, aggs_name, serverNum, dport, tday) startTime = startTime + delta flgnum += 1 runtime = time.clock() - st # get the time of whole process except Exception, e: print e if __name__ == "__main__": entertime = datetime.datetime.now() # entertime=datetime.datetime.strptime("2018-04-20 15:30:00",'%Y-%m-%d %H:%M:%S') #delta = 5mins delta = parser_config.getCheckDeltatime() serverNum, dport, indx, aggs_name = parser_config.get_ES_info() #serverNum='172.23.2.96',dport = "9200";indx=tcp-*; aggs_name=dip new_run(entertime, delta, serverNum, dport, indx, aggs_name) # store_run()