Пример #1
0
    def write(self, *args, **kwargs):
        # Change output format depending on if we're handling a connection or
        # a single packet
        if not self.format_is_set:
            if "clientip" in kwargs:
                self.set_format(self._CONNECTION_FORMAT)
            else:
                self.set_format(self._PACKET_FORMAT)
            self.format_is_set = True

        if self.group:
            # If grouping, check if the IP tuple is in the cache already.
            # If not, check the reverse of the tuple (i.e. opposite direction)
            try:
                key = tuple([kwargs[g] for g in self.group_fields])
            except KeyError as e:
                self.logger.error("Could not group by key %s" % str(e))
                Output.write(self, *args, **kwargs)
                return
            if key not in self.group_cache:
                rkey = key[::-1]
                if rkey in self.group_cache:
                    key = rkey
                else:
                    self.group_cache[key] = []
            self.group_cache[key].append(kwargs)
        else:
            # If not grouping, just write out the connection immediately
            Output.write(self, *args, **kwargs)
Пример #2
0
 def close(self):
     if self.group:
         self.group = False  # we're done grouping, so turn it off
         for key in sorted(self.group_cache.keys()):
             # write header by mapping key index with user's group list
             self.fh.write(' '.join([
                 '%s=%s' % (self.group_fields[i], key[i])
                 for i in range(len(self.group_fields))
             ]) + "\n")
             for kw in self.group_cache[key]:
                 self.fh.write("\t")
                 Output.write(self, **kw)
             self.fh.write("\n")
     Output.close(self)