def _set_agents_summary(self):
results = env.dataprovider.query(["max(heartbeat.create_time)", "heartbeat.analyzer(-1).analyzerid/group_by"])
if not results:
return
c = Criterion()
for create_time, analyzerid in results:
c |= Criterion("heartbeat.create_time", "==", create_time) & Criterion("heartbeat.analyzer(-1).analyzerid", "==", analyzerid)
agents = {
"up": utils.AttrObj(count=0, title=_("Online"), label="label-success", status=["online"]),
"down": utils.AttrObj(count=0, title=_("Offline"), label="label-danger", status=["offline", "missing", "unknown"])
}
heartbeat_error_margin = env.config.general.get_int("heartbeat_error_margin", 3)
for heartbeat in env.dataprovider.get(c):
heartbeat = heartbeat["heartbeat"]
analyzer = heartbeat["analyzer"][-1]
analyzer.status = utils.get_analyzer_status_from_latest_heartbeat(heartbeat, heartbeat_error_margin)[0]
for key, values in agents.items():
if analyzer.status in values.status:
values.count += 1
parameters = env.request.menu_parameters
val = agents["down"] if agents["down"].count else agents["up"]
data = resource.HTMLNode("a", localization.format_number(val.count), title=val.title, _class="label " + val.label, href=url_for("Agents.agents", status=val.status, **parameters))
return utils.AttrObj(
name="agents",
title=resource.HTMLNode("a", _("Agents"), href=url_for("Agents.agents", **parameters)),
data=[data]
)
def _get_plugin_infos(self):
# FIXME: for some reason, the cache gets desynchronized at initialization.
# This is a temporary fix.
env.db.modinfos_cache.clear()
data = utils.AttrObj(installed={}, maintenance={}, maintenance_total=0)
for catname, plugin in self._iter_plugin():
self._add_plugin_info(data, catname, plugin)
return data
def create(self, user, form):
return utils.AttrObj(content=self.get_queries(user, form),
url={
"save":
url_for('BaseView.history_save', form=form),
"delete":
url_for('BaseView.history_delete', form=form),
"get":
url_for('BaseView.history_get', form=form)
})
def _setup_template(self, template, ajax_error):
dataset = template.dataset()
for i in ("name", "message", "details", "code", "traceback", "errno"):
dataset[i] = getattr(self, i)
dataset["is_ajax_error"] = ajax_error
dataset["document"] = utils.AttrObj()
dataset["document"].base_url = utils.iri2uri(
env.request.web.get_baseurl())
dataset["is_error_template"] = True
return dataset
def _set_logs_summary(self):
count = localization.format_number(env.dataprovider.query(
["count(1)"], env.request.menu.get_criteria(), type="log")[0][0],
short=True)
data = resource.HTMLNode("a",
count,
title=_("Log"),
_class="label label-info",
href=url_for("LogDataSearch.dashboard",
**env.request.menu_parameters))
return utils.AttrObj(name="archive",
title=resource.HTMLNode("span", _("Archive")),
data=[data])
def _set_alerts_summary(self):
severities = ["info", "low", "medium", "high"]
alerts = dict(
env.dataprovider.query([
"alert.assessment.impact.severity/group_by",
"count(alert.messageid)"
], env.request.menu.get_criteria()))
labels = {
"info":
utils.AttrObj(title=_("Minimal severity"), label="label-info"),
"low":
utils.AttrObj(title=_("Low severity"), label="label-success"),
"medium":
utils.AttrObj(title=_("Medium severity"), label="label-warning"),
"high":
utils.AttrObj(title=_("High severity"), label="label-danger")
}
data = []
for i in reversed(severities):
data.append(
resource.HTMLNode(
"a",
localization.format_number(alerts.get(i, 0), short=True),
title=labels[i].title,
_class="label " + labels[i].label,
href=url_for("AlertDataSearch.forensic",
criteria=Criterion(
"alert.assessment.impact.severity", "==",
i))))
return utils.AttrObj(name="alerts",
title=resource.HTMLNode(
"a",
_("Alerts"),
href=url_for("AlertDataSearch.forensic")),
data=data)
def ajax_infos(self):
infos = collections.OrderedDict()
infos["general"] = utils.AttrObj(label=_("General"),
info=self._get_common_infos())
extra_infos = filter(
None,
hookmanager.trigger("HOOK_DATASEARCH_INFO",
env.request.parameters))
for category, data in itertools.chain(extra_infos,
self._get_extra_infos()):
infos[category] = data
return response.PrewikkaResponse({"infos": infos})
def _get_table_info(self, table):
out = {}
typemap = {
"bigint": "integer",
"smallint": "integer",
"character varying": "text"
}
for field, _type, defval in self.query(
"SELECT column_name, data_type, column_default FROM information_schema.columns WHERE table_name = %s",
table.lower()):
out[field] = utils.AttrObj(type=_type,
generic_type=typemap.get(_type, _type),
default=defval,
auto_increment="nextval" in (defval
or ""))
return out
def __init__(self, criteria_type=_SENTINEL, parameters=None, **kwargs):
if criteria_type is not _SENTINEL:
self._criteria_type = criteria_type
else:
self._criteria_type = env.request.view.view_datatype
self._parameters = parameters or env.request.menu_parameters
self.dataset = _MAINMENU_TEMPLATE.dataset(inline=True,
period=True,
refresh=True,
period_optional=False,
label_width=2,
input_size="sm",
update=False)
self.dataset.update(kwargs)
self.dataset["timeline"] = utils.AttrObj()
self.dataset["timeline"].quick = collections.OrderedDict(
(((1, "day", True, 0), _("Today")), ((1, "day", True, -1),
_("Yesterday")),
((1, "week", True, 0), _("This week")), ((1, "week", True, -1),
_("Last week")),
((1, "month", True, 0), _("This month")), ((1, "month", True, -1),
_("Last month")),
((1, "hour", False, 0), ngettext("%d hour", "%d hours", 1) % 1),
((2, "hour", False, 0), ngettext("%d hour", "%d hours", 2) % 2),
((1, "day", False, 0), ngettext("%d day", "%d days", 1) % 1),
((2, "day", False, 0), ngettext("%d day", "%d days", 2) % 2),
((1, "week", False, 0), ngettext("%d week", "%d weeks", 1) % 1),
((1, "month", False, 0), ngettext("%d month", "%d months", 1) %
1), ((3, "month", False, 0),
ngettext("%d month", "%d months", 3) % 3),
((1, "year", False, 0), ngettext("%d year", "%d years", 1) % 1)))
self.dataset["timeline"].refresh = collections.OrderedDict(
((30, ngettext("%d second", "%d seconds", 30) % 30),
(60, ngettext("%d minute", "%d minutes", 1) % 1),
(60 * 5, ngettext("%d minute", "%d minutes", 5) % 5),
(60 * 10, ngettext("%d minute", "%d minutes", 10) % 10)))
self._render()
def _get_extra_infos(self):
builders = {
"classification": self._build_classification,
"assessment": self._build_classification
}
field = env.request.parameters["field"]
parent_field = field.split('.', 1)[0]
criteria = utils.json.loads(env.request.parameters["_criteria"])
alert = env.dataprovider.get(criteria)[0]["alert"]
builder = next((v for k, v in builders.items() if k in field), None)
if builder:
html = builder(alert)
else:
try:
html = self._generic_builder(alert, parent_field)
except RuntimeError:
return []
return [("idmef", utils.AttrObj(label=_("IDMEF"), info=html))]
def __init__(self):
env.request.menu = self
self.dataset = _MAINMENU_TEMPLATE.dataset()
self.dataset["timeline"] = utils.AttrObj()
self.dataset["timeline"].quick = [
(_("Today"), 1, "day", 1),
(_("This month"), 1, "month", 1),
(ngettext("%d hour", "%d hours", 1) % 1, 1, "hour", 0),
(ngettext("%d hour", "%d hours", 2) % 2, 2, "hour", 0),
(ngettext("%d day", "%d days", 1) % 1, 1, "day", 0),
(ngettext("%d day", "%d days", 2) % 2, 2, "day", 0),
(ngettext("%d week", "%d weeks", 1) % 1, 1, "week", 0),
(ngettext("%d month", "%d months", 1) % 1, 1, "month", 0),
(ngettext("%d month", "%d months", 3) % 3, 3, "month", 0),
(ngettext("%d year", "%d years", 1) % 1, 1, "year", 0)]
self.dataset["timeline"].refresh = [
(ngettext("%d second", "%d seconds", 30) % 30, 30),
(ngettext("%d minute", "%d minutes", 1) % 1, 60),
(ngettext("%d minute", "%d minutes", 5) % 5, 60*5),
(ngettext("%d minute", "%d minutes", 10) % 10, 60*10)]
def _setup_dataset_default(self):
env.request.dataset["document"] = utils.AttrObj()
env.request.dataset["document"].base_url = utils.iri2uri(
env.request.web.get_baseurl())
env.request.dataset["document"].href = utils.iri2uri(
env.request.web.get_uri())
def analyze(self, analyzerid):
analyzer, heartbeat = self._get_analyzer(analyzerid)
delta = heartbeat["create_time"] - utils.timeutil.now()
analyzer.last_heartbeat_time = localization.format_timedelta(delta, add_direction=True)
analyzer.status = None
analyzer.events = []
res = env.dataprovider.get(Criterion("heartbeat.analyzer(-1).analyzerid", "=", analyzerid), limit=self._heartbeat_count)
prev = None
total_interval = 0
# Iterate from oldest heartbeat to newest
for obj in reversed(res):
cur = HeartbeatObject(obj["heartbeat"])
if not (prev and cur.status and cur.interval):
prev = cur
continue
total_interval += cur.interval
event = None
if cur.status == "starting":
if prev.status == "exiting":
event = utils.AttrObj(time=cur.time_str, value=_("Normal sensor start"), type="start")
else:
event = utils.AttrObj(time=cur.time_str, value=_("Unexpected sensor restart"), type="unexpected_restart")
elif cur.status == "running":
delta = cur.time - prev.time
if abs(delta.total_seconds() - cur.interval) > self._heartbeat_error_margin:
delta = localization.format_timedelta(delta, granularity="second")
event = utils.AttrObj(time=cur.time_str, value=_("Unexpected heartbeat interval: %(delta)s") % {'delta': delta}, type="abnormal_heartbeat_interval")
elif cur.status == "exiting":
event = utils.AttrObj(time=cur.time_str, value=_("Normal sensor stop"), type="normal_stop")
if event:
analyzer.events.append(event)
prev = cur
if prev:
analyzer.status, analyzer.status_meaning = \
utils.get_analyzer_status_from_latest_heartbeat(obj["heartbeat"], self._heartbeat_error_margin)
if analyzer.status == "missing":
delta = utils.timeutil.now() - prev.time
analyzer.events.append(utils.AttrObj(time=prev.time_str, value=_("Sensor is down since %s") % localization.format_timedelta(delta), type="down"))
if not analyzer.status:
analyzer.status, analyzer.status_meaning = "unknown", _("Unknown")
if not analyzer.events:
delta = localization.format_timedelta(total_interval / self._heartbeat_count)
analyzer.events.append(utils.AttrObj(
time="",
value=_("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)") % {'count': self._heartbeat_count, 'delta': delta},
type="no_anomaly"
))
return template.PrewikkaTemplate(__name__, "templates/heartbeatanalyze.mak").render(analyzer=analyzer)
def analyze(self, analyzerid):
analyzer, heartbeat = self._get_analyzer(analyzerid)
delta = float(heartbeat["create_time"]) - time.time()
analyzer.last_heartbeat_time = localization.format_timedelta(
delta, add_direction=True)
analyzer.status = None
analyzer.events = []
res = env.dataprovider.get(Criterion(
"heartbeat.analyzer(-1).analyzerid", "=", analyzerid),
limit=self._heartbeat_count)
prev = None
latest = True
total_interval = 0
for idx, cur in enumerate(res):
cur = cur["heartbeat"]
cur_status, cur_interval, cur_time = cur.get(
"additional_data('Analyzer status').data"
)[0], cur["heartbeat_interval"], cur["create_time"]
cur_time_str = localization.format_datetime(float(cur_time))
try:
prev = res[idx + 1]["heartbeat"]
prev_status, prev_time = prev.get(
"additional_data('Analyzer status').data"
)[0], prev["create_time"]
except:
break
if not cur_status or not cur_interval:
continue
total_interval += int(cur_interval)
if latest:
latest = False
analyzer.status, analyzer.status_meaning = \
utils.get_analyzer_status_from_latest_heartbeat(cur, self._heartbeat_error_margin)
if analyzer.status == "missing":
delta = time.time() - float(cur_time)
analyzer.events.append(
utils.AttrObj(time=cur_time_str,
value=_("Sensor is down since %s") %
localization.format_timedelta(delta),
type="down"))
event = None
if cur_status == "starting":
if prev_status == "exiting":
event = utils.AttrObj(time=cur_time_str,
value=_("Normal sensor start"),
type="start")
else:
event = utils.AttrObj(time=cur_time_str,
value=_("Unexpected sensor restart"),
type="unexpected_restart")
elif cur_status == "running":
delta = abs(int(cur_time) - int(prev_time) - int(cur_interval))
if delta > self._heartbeat_error_margin:
delta = localization.format_timedelta(delta,
granularity="second")
event = utils.AttrObj(
time=cur_time_str,
value=_("Unexpected heartbeat interval: %(delta)s") %
{'delta': delta},
type="abnormal_heartbeat_interval")
elif cur_status == "exiting":
event = utils.AttrObj(time=cur_time_str,
value=_("Normal sensor stop"),
type="normal_stop")
if event:
analyzer.events.append(event)
if not analyzer.status:
analyzer.status, analyzer.status_meaning = "unknown", _("Unknown")
if not analyzer.events:
delta = localization.format_timedelta(total_interval /
self._heartbeat_count)
analyzer.events.append(
utils.AttrObj(
time="",
value=
_("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)"
) % {
'count': self._heartbeat_count,
'delta': delta
},
type="no_anomaly"))
return template.PrewikkaTemplate(
__name__,
"templates/heartbeatanalyze.mak").render(analyzer=analyzer)
def get_properties(self):
return utils.AttrObj(format=self._db.getFormatName())
