lib_tabular.AddData(log_strm, grph, node_process, "CIM_Process", pidstr, ["cpu", "virt"], tpl[1:3]) ################################################################################ # Runs in the subprocess of the HTTP server and parses the output of "tcpdump". # The entity id should be the default value and is not relevant. def TopEngine(sharedTupleQueue, entityId): while 1: # Should be a parameter. sys.stderr.write("Top pid=%d entity=%s sz=%d" % (os.getpid(), entityId, sharedTupleQueue.qsize())) for proc in psutil.process_iter(): pid = proc.pid cpu_percent = proc.get_cpu_percent(interval=0) rss, vms = proc.get_memory_info() sharedTupleQueue.put((pid, cpu_percent, vms)) time.sleep(20) # Should never happen. return "top execution end" ################################################################################ # This is the CGI script started by Apache. if __name__ == '__main__': lib_webserv.DoTheJob(TopEngine, TopDeserialize, __file__, "top processes statistics")
def TcpDumpEngine(sharedTupleQueue, entityId): tmpFil = lib_common.TmpFile("TcpDump", "log") filNam = tmpFil.Name fil = open(filNam, "w") tcpdump_cmd = GetTcmpDumpCommand() fil.write("TCPcommand=%s\n" % (tcpdump_cmd)) fil.flush() cnt = 0 for lin in os.popen(tcpdump_cmd): sys.stderr.write("cnt=%d:%s\n" % (cnt, lin)) if lin: TcpDumpEnqueue(sharedTupleQueue, lin) if cnt % 100 == 0: fil.write("cnt=%d:%s" % (cnt, lin)) fil.flush() cnt += 1 fil.write("Leaving after %d iterations\n" % (cnt)) fil.close() return "Tcpdump execution end" ################################################################################ if __name__ == '__main__': img = "http://sectools.org/logos/tcpdump-80x70.png" lib_webserv.DoTheJob(TcpDumpEngine, TcpDumpDeserialize, __file__, "Tcpdump display", img)
if not funcName in func_parsers: LogMsg( "Unknown function=" + lin ) continue # Example: "66, {sa_family=AF_NETLINK, pid=7593, groups=00000000}, [12]" args = matchCall.group(3) vecArgs = ParseArgs( args ) # The entity is the process id. lstResult = [ entityId, funcName ] + vecArgs # This builds a tuple from a list. sharedTupleQueue.put( tuple( lstResult ) ) # TODO: IL FAUDRAIT LAISSER UN MESSAGE POUR LE PROCESS LECTEUR. # PEUT ETRE QIE CONVENTIONNELLEMENT, SI ON LAISSE DANS LA QUEUE # AUTRE CHSOE QU UN TUPLE, C EST UN MESSAGE ??? LogMsg( "Leaving." ) return "THIS IS AN ERROR AND LEAVING MESSAGE" ################################################################################ # Pour tester, utiliser le process qui execute firefox-bin # car il nous appartient et de plus est tres actif. if __name__ == '__main__': lib_webserv.DoTheJob(STraceEngine,STraceDeserialize,__file__,"strace stack trace","LAYOUT_RECT")
fil = open(filNam,"w") # TODO: The delay could be a parameter. iostat_cmd = "iostat -d 1" fil.write( "iostat_cmd=%s\n" % ( iostat_cmd ) ) fil.flush() cnt = 0 for lin in os.popen(iostat_cmd): sys.stderr.write("cnt=%d:%s\n" % ( cnt, lin ) ) if lin: # We transfer also the header. spl = re.split(' +',lin) sharedTupleQueue.put( tuple( spl ) ) if cnt % 100 == 0: fil.write("cnt=%d:%s" % ( cnt, lin ) ) fil.flush() cnt += 1 fil.write( "Leaving after %d iterations\n" % ( cnt ) ) fil.close() return "Iostat execution end" ################################################################################ if __name__ == '__main__': img = "http://sectools.org/logos/tcpdump-80x70.png" lib_webserv.DoTheJob(IOStatEngine,IOStatDeserialize,__file__,"Disks iostat",img)
| win32con.FILE_SHARE_WRITE | win32con.FILE_SHARE_DELETE, None, win32con.OPEN_EXISTING, win32con.FILE_FLAG_BACKUP_SEMANTICS, None) while True: # # ReadDirectoryChangesW takes a previously-created # handle to a directory, a buffer size for results, # a flag to indicate whether to watch subtrees and # a filter of what changes to notify. # # NB Tim Juchcinski reports that he needed to up # the buffer size to be sure of picking up all # events when a large number of files were # deleted at once. # results = win32file.ReadDirectoryChangesW( hDir, 1024, True, win32con.FILE_NOTIFY_CHANGE_FILE_NAME | win32con.FILE_NOTIFY_CHANGE_DIR_NAME | win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES | win32con.FILE_NOTIFY_CHANGE_SIZE | win32con.FILE_NOTIFY_CHANGE_LAST_WRITE | win32con.FILE_NOTIFY_CHANGE_SECURITY, None, None) for action, updated_file in results: sharedTupleQueue.put( [path_to_watch, updated_file, ACTIONS.get(action, "Unknown")]) if __name__ == '__main__': lib_webserv.DoTheJob(WindDirChangeEngine, WindDirChangeDeserialize, __file__, "Directory updates events")
tcpHeader = receivedPacket[34:54] tcpHdr = struct.unpack("!2s2s16s", tcpHeader) try: sourcePort = DecodePort(tcpHdr[0], 0) destinationPort = DecodePort(tcpHdr[1], 0) except Exception: exc = sys.exc_info()[1] print("Caught:%s" % str(exc)) time.sleep(0.2) sharedTupleQueue.put( (protoc, sourceIP, sourcePort, destinationIP, destinationPort)) ################################################################################ def PromiscuousEngine(sharedTupleQueue, entityId): if lib_util.isPlatformWindows: PromiscuousEngineWin(sharedTupleQueue, entityId) else: PromiscuousEngineLinux(sharedTupleQueue, entityId) ################################################################################ if __name__ == '__main__': lib_webserv.DoTheJob(PromiscuousEngine, PromiscuousDeserialize, __file__, "Sockets in promiscuous mode")