import sys
import os.path
import re
import sre_constants
import shlex
import ujson
sys.path.insert(0, "/usr/local/opnsense/site-python")
from log_helper import reverse_log_reader
from params import update_params
from lib import suricata_alert_log
if __name__ == '__main__':
# handle parameters
parameters = {'limit': '0', 'offset': '0', 'filter': '', 'fileid': ''}
update_params(parameters)
# choose logfile by number
if parameters['fileid'].isdigit():
suricata_log = '%s.%d' % (suricata_alert_log, int(parameters['fileid']))
else:
suricata_log = suricata_alert_log
if parameters['limit'].isdigit():
limit = int(parameters['limit'])
else:
limit = 0
if parameters['offset'].isdigit():
offset = int(parameters['offset'])
else:
line.split(' label ')[-1:]).strip()[1:].split('"')[0]
if rid in rule_map:
line_id_map[line_id] = {
'rid': rid,
'label': rule_map[rid]
}
else:
line_id_map[line_id] = {'rid': None, 'label': rid}
return {'line_ids': line_id_map, 'rule_map': rule_map}
if __name__ == '__main__':
# read parameters
parameters = {'limit': '0', 'digest': ''}
update_params(parameters)
parameters['limit'] = int(parameters['limit'])
# parse current running config
running_conf_descr = fetch_rule_details()
result = list()
filter_logs = []
if os.path.isdir('/var/log/filter'):
filter_logs = list(
sorted(glob.glob("/var/log/filter/filter_*.log"), reverse=True))
if os.path.isfile('/var/log/filter.log'):
filter_logs.append('/var/log/filter.log')
for filter_log in filter_logs:
do_exit = False
result = list()
with tempfile.NamedTemporaryFile() as output_stream:
unbound_control(['list_local_data'], output_stream)
for line in output_stream.read().split('\n'):
parts = line.split()
if len(parts) > 4 and parts[3] == 'A':
result.append(parts[4])
return result
# parse input params
app_params = {'pid': '/var/run/unbound_dhcpd.pid',
'domain': 'local',
'target': '/var/unbound/dhcpleases.conf',
'background': '1'}
params.update_params(app_params)
def main():
# cleanup interval (seconds)
cleanup_interval = 60
# initiate lease watcher and setup cache
dhcpdleases = watchers.dhcpd.DHCPDLease()
cached_leases = dict()
known_addresses = unbound_known_addresses()
# start watching dhcp leases
last_cleanup = time.time()
while True:
dhcpd_changed = False
import random
sys.path.insert(0, "/usr/local/opnsense/site-python")
from lib.parse import parse_flow
from lib.aggregate import BaseFlowAggregator
import lib.aggregates
import params
# define
app_params = {'resolution': '',
'start_time': '',
'end_time': '',
'key_fields': '',
'provider': '',
'sample': ''
}
params.update_params(app_params)
# handle input parameters
valid_params = False
if app_params['start_time'].isdigit():
start_time = int(app_params['start_time'])
if app_params['end_time'].isdigit():
end_time = int(app_params['end_time'])
if app_params['resolution'].isdigit():
resolution = int(app_params['resolution'])
if app_params['key_fields']:
key_fields = app_params['key_fields'].split(',')
valid_params = True
timeseries=dict()
if valid_params:
