def main():
parser = parse_option()
if len(sys.argv) < 2:
logger.error("WatchAD must run with an action.")
parser.print_help()
sys.exit(1)
options, args = parser.parse_args()
if options.install:
if not options.domain or not options.server or not options.username or not options.password:
logger.error(
"WatchAD install action must provide domain, server, user and password params."
)
sys.exit(1)
install(domain=options.domain,
server=options.server,
user=options.username,
password=options.password)
elif options.check:
check()
elif options.start:
start()
elif options.restart:
restart()
elif options.stop:
stop()
elif options.status:
status()
def check_mq_connection() -> bool:
c = Consumer()
if not c.check_connection():
logger.error("Can't connect to the MQ, please reconfirm the settings.")
return False
logger.info("Connect to the MQ successfully, OK.")
return True
def stop():
logger.info("Stopping the WatchAD detect engine ...")
stop_rsp = subprocess.call(
"supervisorctl -c {root_dir}/supervisor.conf stop all".format(
root_dir=project_dir),
shell=True,
env={
"WATCHAD_ENGINE_DIR": project_dir,
"WATCHAD_ENGINE_NUM": "5"
})
if stop_rsp == 0:
logger.info("Stopped detection processes.")
else:
logger.error("Stop failed.")
shutdown_rsp = subprocess.call(
"supervisorctl -c {root_dir}/supervisor.conf shutdown".format(
root_dir=project_dir),
shell=True,
env={
"WATCHAD_ENGINE_DIR": project_dir,
"WATCHAD_ENGINE_NUM": "5"
})
if shutdown_rsp == 0:
logger.info("Shutdown WatchAD.")
else:
logger.error("Shutdown WatchAD failed.")
def wait_log_in_database(self, computer_name, record_number):
"""
因为消息队列和入库ES是分开进行的,所以可能会出现当消费到某条日志时,ES还没入库,所以需要检查同步
"""
count = 0
query = {
"query":
get_must_statement(
get_term_statement("computer_name", computer_name),
get_term_statement("record_number", record_number)),
"_source":
False,
"size":
1
}
while True:
try:
rsp = self.es.search(body=query,
index=ElasticConfig.event_log_index,
doc_type=ElasticConfig.event_log_doc_type,
request_timeout=100)
if rsp.get("error"):
logger.error(rsp.get("error").get("reason"))
break
if len(rsp["hits"]["hits"]) > 0:
return rsp["hits"]["hits"][0]["_id"]
time.sleep(2)
# 最多等5次,即 2 * 5 = 10秒
if count == 10:
break
count += 1
except Exception as e:
logger.error("es wait_log_in_database search error: " + str(e))
break
def check_mongo_connection() -> bool:
mongo = MongoHelper(MongoConfig.uri)
if not mongo.check_connection():
logger.error(
"Can't connect to the MongoDB, please reconfirm the settings.")
return False
logger.info("Connect to the MongoDB successfully, OK.")
return True
def start():
if not check():
sys.exit(-1)
logger.info("Starting the WatchAD detect engine ...")
rsp = subprocess.call("supervisord -c {root_dir}/supervisor.conf".format(root_dir=project_dir),
shell=True,
env={"WATCHAD_ENGINE_DIR": project_dir, "WATCHAD_ENGINE_NUM": "5"})
if rsp == 0:
logger.info("Started!")
else:
logger.error("Start failed.")
def multi_search(self, body, index, doc_type):
try:
rsp = self.es.msearch(body=body,
index=index,
doc_type=doc_type,
request_timeout=100)
if rsp.get("error"):
logger.error(rsp.get("error").get("reason"))
return
return rsp
except Exception as e:
logger.error("es msearch error: " + str(e))
def stop():
logger.info("Stopping the WatchAD detect engine ...")
rsp = subprocess.call(
"supervisorctl -c {root_dir}/supervisor.conf shutdown".format(
root_dir=project_dir),
shell=True,
env={
"WATCHAD_ENGINE_DIR": project_dir,
"ENV_WATCHAD_ENGINE_NUM": 5
})
if rsp == 0:
logger.info("Stopped!")
else:
logger.error("Stop failed.")
def check_es_template() -> bool:
"""
检查ES模板安装状态
"""
logger.info("Check the elasticsearch index template.")
es = ElasticHelper()
for name, temp in template_map.items():
if es.exists_template(name=name):
logger.info("template \"{name}\" ---> exist.".format(name=name))
else:
logger.info(
"template \"{name}\" ---> not exist.".format(name=name))
logger.error("Check the elasticsearch template fail.")
return False
logger.info("Check the elasticsearch template successfully, OK.")
return True
