def main():
parser = optparse.OptionParser()
parser.add_option("-v",
"--verbose",
dest="verbose",
help="Be verbose in output, don't daemonise",
default=False,
action="store_true")
parser.add_option("-c",
"--conf",
action="store",
dest="conffile",
default=src_dir + '/conf/bothound.yaml',
help="Path to config file")
(parsed_options, args) = parser.parse_args()
conf_options = {
'verbose': parsed_options.verbose,
'conffile': parsed_options.conffile
}
stram = open(conf_options['conffile'], "r")
conf = yaml.load(stram)
conf_options['sniffers'] = conf["sniffers"]
if conf_options['verbose']:
mainlogger = logging.getLogger()
logging.basicConfig(level=logging.DEBUG)
log_stream = logging.StreamHandler(sys.stdout)
log_stream.setLevel(logging.DEBUG)
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
log_stream.setFormatter(formatter)
mainlogger.addHandler(log_stream)
else:
for sniffer in conf_options['sniffers']:
logger = logging.getLogger('logfetcher')
hdlr = logging.FileHandler(sniffer["logfile"])
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
logger.setLevel(logging.DEBUG)
tools = BothoundTools(conf)
tools.connect_to_db()
session_computer = SessionComputer(tools)
session_computer.start()
lfetcher = BothoundLiveSniffer(conf_options, tools)
lfetcher.run()
def main():
parser = optparse.OptionParser()
parser.add_option("-v", "--verbose", dest="verbose",
help="Be verbose in output, don't daemonise",
default=False,
action="store_true")
parser.add_option("-c", "--conf",
action="store", dest="conffile",
default=src_dir+'/conf/bothound.yaml',
help="Path to config file")
(parsed_options, args) = parser.parse_args()
conf_options = {'verbose': parsed_options.verbose, 'conffile': parsed_options.conffile}
stram = open(conf_options ['conffile'], "r")
conf = yaml.load(stram)
conf_options['sniffers'] = conf["sniffers"];
if conf_options['verbose']:
mainlogger = logging.getLogger()
logging.basicConfig(level=logging.DEBUG)
log_stream = logging.StreamHandler(sys.stdout)
log_stream.setLevel(logging.DEBUG)
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
log_stream.setFormatter(formatter)
mainlogger.addHandler(log_stream)
else:
for sniffer in conf_options['sniffers']:
logger = logging.getLogger('logfetcher')
hdlr = logging.FileHandler(sniffer["logfile"])
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
logger.setLevel(logging.DEBUG)
tools = BothoundTools(conf)
tools.connect_to_db()
session_computer = SessionComputer(tools)
session_computer.start()
lfetcher = BothoundLiveSniffer(conf_options, tools)
lfetcher.run()
print "Incident {} processed.".format(incident['id'])
return ip_feature_db
def extract(self):
"""
check all incidents which needs to be processed and compute the features on them
finally store the sessions in the db
"""
#this make more sense to happens in the constructor however,
for incident in bothound_tools.get_incidents(process = True):
cur_session_feature_db = self.process_incident(incident)
def store_results(self, session_feature_db):
# Add the result to the database
for cur_sesion in session_feature_db:
db_tools.store(cur_session)
if __name__ == "__main__":
stram = open("../conf/bothound.yaml", "r")
conf = yaml.load(stram)
bothound_tools = BothoundTools(conf)
bothound_tools.connect_to_db()
session_extractor = SessionExtractor(bothound_tools)
session_extractor.extract()
lines = set(lines)
f1=open(file_name_output, 'w+')
for l in lines:
print >> f1, l
f1.close()
return len(lines)
if __name__ == "__main__":
stram = open("../conf/bothound.yaml", "r")
conf = yaml.load(stram)
bothound_tools = BothoundTools(conf)
bothound_tools.connect_to_db()
analytics = Analytics(bothound_tools)
#print analytics.get_unique_lines("botnets/ips_botnet_1.txt", "botnets1/ips_botnet_1.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_2.txt", "botnets1/ips_botnet_2.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_4.txt", "botnets1/ips_botnet_4.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_5.txt", "botnets1/ips_botnet_5.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_6.txt", "botnets1/ips_botnet_6.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_7.txt", "botnets1/ips_botnet_7.txt")
#id_incidents = [24,25,26,19,27]
#id_incidents = [29,30,31,32,33,34]
lines = set(lines)
f1 = open(file_name_output, 'w+')
for l in lines:
print >> f1, l
f1.close()
return len(lines)
if __name__ == "__main__":
stram = open("../conf/bothound.yaml", "r")
conf = yaml.load(stram)
bothound_tools = BothoundTools(conf)
bothound_tools.connect_to_db()
analytics = Analytics(bothound_tools)
#print analytics.get_unique_lines("botnets/ips_botnet_1.txt", "botnets1/ips_botnet_1.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_2.txt", "botnets1/ips_botnet_2.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_4.txt", "botnets1/ips_botnet_4.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_5.txt", "botnets1/ips_botnet_5.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_6.txt", "botnets1/ips_botnet_6.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_7.txt", "botnets1/ips_botnet_7.txt")
#id_incidents = [24,25,26,19,27]
#id_incidents = [29,30,31,32,33,34]
id_incidents = [50, 51, 52, 53, 54]
for incident in self.bothound_tools.get_incidents(process=True):
cur_session_feature_db = self.process_incident(incident)
def store_results(self, session_feature_db):
# Add the result to the database
for cur_sesion in session_feature_db:
db_tools.store(cur_session)
def run(self):
print "Running SessionComputer..."
while True:
self.compute_incidents()
time.sleep(10)
print "Exit session computer."
if __name__ == "__main__":
stram = open("../conf/bothound.yaml", "r")
conf = yaml.load(stram)
bothound_tools = BothoundTools(conf)
bothound_tools.connect_to_db()
session_computer = SessionComputer(bothound_tools)
session_computer.start()
while True:
pass
def main():
parser = optparse.OptionParser()
parser.add_option("-v", "--verbose", dest="verbose",
help="Be verbose in output, don't daemonise",
default=False,
action="store_true")
parser.add_option("-c", "--conf",
action="store", dest="conffile",
default=src_dir+'/conf/bothound.yaml',
help="Path to config file")
(parsed_options, args) = parser.parse_args()
conf_options = {'verbose': parsed_options.verbose, 'conffile': parsed_options.conffile}
stram = open(conf_options ['conffile'], "r")
conf = yaml.load(stram)
conf_options['sniffers'] = conf["sniffers"];
if conf_options['verbose']:
mainlogger = logging.getLogger()
logging.basicConfig(level=logging.DEBUG)
log_stream = logging.StreamHandler(sys.stdout)
log_stream.setLevel(logging.DEBUG)
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
log_stream.setFormatter(formatter)
mainlogger.addHandler(log_stream)
else:
for sniffer in conf_options['sniffers']:
logger = logging.getLogger('logfetcher')
hdlr = logging.FileHandler(sniffer["logfile"])
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
logger.setLevel(logging.DEBUG)
tools = BothoundTools(conf)
tools.connect_to_db()
#
#print "Processed incidents:"
#print tools.get_processed_incidents()
# Cluster test incident
#tools.cluster(tools.get_test_incident())
# Update geo
#tools.update_geo(tools.get_test_incident())
#sessions = tools.get_sessions(tools.get_test_incident())
#print "test session length:", len(sessions)
#tools.calculate_all_intersections(19)
#print "Deflectees:"
#print tools.get_deflectees()
# Testing factorize_deflectees
#feature_db = {111:{15:"www.google.com"}, 222:{15:"www.apple.com"}, 333:{15:"www.yahoo.com"}}
#feature_db = tools.factorize_deflectees(feature_db)
#print feature_db
lfetcher = BothoundLiveSniffer(conf_options)
lfetcher.run()
lines = set(lines)
f1=open(file_name_output, 'w+')
for l in lines:
print >> f1, l
f1.close()
return len(lines)
if __name__ == "__main__":
stram = open("../conf/bothound.yaml", "r")
conf = yaml.load(stram)
bothound_tools = BothoundTools(conf)
bothound_tools.connect_to_db()
analytics = Analytics(bothound_tools)
#print analytics.get_unique_lines("botnets/ips_botnet_1.txt", "botnets1/ips_botnet_1.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_2.txt", "botnets1/ips_botnet_2.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_4.txt", "botnets1/ips_botnet_4.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_5.txt", "botnets1/ips_botnet_5.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_6.txt", "botnets1/ips_botnet_6.txt")
#print analytics.get_unique_lines("botnets/ips_botnet_7.txt", "botnets1/ips_botnet_7.txt")
#id_incidents = [24,25,26,19,27]
#id_incidents = [29,30,31,32,33,34]
