def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
d = {
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '172.18.1.1'
}, {
'type': 'ip',
'value': '172.18.1.2'
}],
'type':
'in'
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue('172.18.1.1', '172.18.1.2')])
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')])
d = {
'left': {
'name': 'Src',
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_infilter(self):
# Naked INFilter
infilter = InFilter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
d = {
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "172.18.1.1"
}, {
"type": "ip",
"value": "172.18.1.2"
}],
"type":
"in",
}
self.assertDictEqual(infilter.filter, d)
# Add to query using query method
query = LogQuery()
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue("172.18.1.1", "172.18.1.2")])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
# Update the original filter, validate update
infilter.update_filter(FieldValue("Src"), [IPValue("1.1.1.1")])
d = {
"left": {
"name": "Src",
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
}
# Update filter on query
self.assertDictEqual(infilter.filter, d)
query.update_filter(InFilter(FieldValue("Src"), [IPValue("1.1.1.1")]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_defined(self):
query = LogQuery()
query.add_defined_filter(FieldValue(LogField.ACTION))
f = {"type": "defined", "value": {"id": 14, "type": "field"}}
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
def test_defined(self):
query = LogQuery()
query.add_defined_filter(FieldValue(LogField.ACTION))
f = {'type': 'defined', 'value': {'id': 14, 'type': 'field'}}
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
def name_with_fields(self):
query = LogQuery(fetch_size=100)
query.add_in_filter(FieldValue(LogField.SRC),
[IPValue("192.168.4.84")])
query.format.field_format("name")
logquery = {
"format": {
"type": "texts",
"field_format": "name",
"resolving": {
"senders": True
}
},
"query": {
"type": "stored",
"end_ms": 0,
"start_ms": 0,
"filter": {
"type": "in",
"left": {
"type": "field",
"id": LogField.SRC
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
},
},
"fetch": {
"quantity": 100,
"backwards": True
},
}
self.assertDictEqual(query.request, logquery)
"target": ENGINENAME
},
"fetch": {},
"format": {
"type": "texts"
}
}
ws.send(json.dumps(query))
result = ws.recv()
print("Received '%s'" % result)
result = ws.recv()
print("Received '%s'" % result)
ws.close()
print("")
print("Retrieve IPv6 Neighbors Data using smc_monitoring")
query = NeighborQuery(ENGINENAME)
query.add_in_filter(FieldValue(LogField.NEIGHBORPROTOCOL),
[StringValue("IPv6")])
for record in query.fetch_batch():
print(record)
print("Retrieve all Neighbor elements using smc_monitoring")
query = NeighborQuery(ENGINENAME)
for element in query.fetch_as_element():
print(element.node_id + " " + element.neighbor_state + " " +
element.neighbor_interface + " " + element.neighbor_protocol + " " +
element.neighbor_l3_data + "->" + element.neighbor_l2_data)
session.logout()
#session.login(url='http://172.18.1.26:8082', api_key='kKphtsbQKjjfHR7amodA0001', timeout=45,
# beta=True)
session.login(url='http://172.18.1.150:8082',
api_key='EiGpKD4QxlLJ25dbBEp20001',
timeout=30,
api_version='6.4')
#session.login(url='https://172.18.1.151:8082', api_key='xJRo27kGja4JmPek9l3Nyxm4',
# verify=False)
pprint(session._get_log_schema())
#TODO: BLACKLISTQUERY fails when using format ID's due to CombinedFilter.
query = BlacklistQuery('ve-1')
query.add_in_filter(FieldValue(LogField.BLACKLISTENTRYSOURCEIP),
[IPValue('3.3.3.3/32')])
for record in query.fetch_as_element(
): # <-- must get as element to obtain delete() method
#for record in query.fetch_raw():
pprint(vars(record))
record.delete()
#print("Deleting!")
#print(prepared_request(href='http://172.18.1.150:8082/6.4/elements/virtual_fw/10677/blacklist/Nzg2NDMz').delete())
# query = LogQuery(http_proxy_host='1.1.1.1')
# for log in query.fetch_live():
# print(log)
class Foo(object):
sys.exit(1)
websocket.enableTrace(True)
#os.kill(os.getpid(), signal.SIGTERM)
#print(os.getpid())
#subscribe_policy()
field_ids = ConnectionQuery.field_ids
field_ids.remove(LogField.TIMESTAMP)
field_ids.remove(LogField.NODEID)
field_ids.extend((LogField.NATSRC, LogField.NATDPORT))
query = ConnectionQuery('sg_vm')
query.format.field_ids(field_ids)
ports = [Value([{'type': 'number', 'value': p} for p in (9999, 3000)])]
query.add_in_filter(FieldValue(LogField.DPORT), ports)
pprint(vars(query))
for batch in query.fetch_batch(CSVFormat,
max_recv=1): # is max_recv mandatory?
print(batch)
import sys
sys.exit(1)
#from smc_monitoring.models.query import Query
#query = ConnectionQuery('sg_vm')
#for log in query.fetch_live():
# print(log)
#pprint(query.request)
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"and",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
])
d = {
"type":
"and",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 14,
"type": "field"
},
"right": [{
"type": "constant",
"value": 0
}, {
"type": "constant",
"value": 13
}],
"type":
"in",
},
],
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
f = {
"type":
"or",
"values": [
{
"left": {
"id": 7,
"type": "field"
},
"right": [{
"type": "ip",
"value": "192.168.4.84"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/80"
}],
"type": "in",
},
],
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]),
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]),
])
d = {
"type":
"or",
"values": [
{
"left": {
"id": 8,
"type": "field"
},
"right": [{
"type": "ip",
"value": "1.1.1.1"
}],
"type": "in",
},
{
"left": {
"id": 27,
"type": "field"
},
"right": [{
"type": "service",
"value": "TCP/443"
}],
"type": "in",
},
],
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("TCP/443")]),
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_not_filter(self):
notfilter = NotFilter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("UDP/53", "TCP/80")])
])
f = {
"type": "not",
"value": {
"left": {
"id": 27,
"type": "field"
},
"right": [
{
"type": "service",
"value": "UDP/53"
},
{
"type": "service",
"value": "TCP/80"
},
],
"type":
"in",
},
}
self.assertDictEqual(notfilter.filter, f)
query = LogQuery()
query.add_not_filter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue("UDP/53", "TCP/80")])
])
query_filter = query.request["query"]["filter"]
self.assertDictEqual(f, query_filter)
notfilter.update_filter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue("play.googleapis.com")])
])
d = {
"type": "not",
"value": {
"left": {
"id": 1586,
"type": "field"
},
"right": [{
"type": "string",
"value": "play.googleapis.com"
}],
"type": "in",
},
}
self.assertDictEqual(d, notfilter.filter)
query.update_filter(
NotFilter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue("play.googleapis.com")])
]))
query_filter = query.request["query"]["filter"]
self.assertDictEqual(d, query_filter)
def test_and_filter(self):
andfilter = AndFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'and',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(andfilter.filter, f)
query = LogQuery()
query.add_and_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
# Update the original filter
andfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
])
d = {
'type':
'and',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 14,
'type': 'field'
},
'right': [{
'type': 'constant',
'value': 0
}, {
'type': 'constant',
'value': 13
}],
'type':
'in'
}]
}
self.assertDictEqual(andfilter.filter, d)
query.update_filter(
AndFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.ACTION),
[ConstantValue(Actions.DISCARD, Actions.BLOCK)])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_or_filter(self):
orfilter = OrFilter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
f = {
'type':
'or',
'values': [{
'left': {
'id': 7,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '192.168.4.84'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/80'
}],
'type': 'in'
}]
}
self.assertDictEqual(orfilter.filter, f)
query = LogQuery()
query.add_or_filter([
InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
orfilter.update_filter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')])
])
d = {
'type':
'or',
'values': [{
'left': {
'id': 8,
'type': 'field'
},
'right': [{
'type': 'ip',
'value': '1.1.1.1'
}],
'type': 'in'
}, {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'TCP/443'
}],
'type': 'in'
}]
}
self.assertDictEqual(d, orfilter.filter)
query.update_filter(
OrFilter([
InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]),
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('TCP/443')])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
def test_not_filter(self):
notfilter = NotFilter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('UDP/53', 'TCP/80')])
])
f = {
'type': 'not',
'value': {
'left': {
'id': 27,
'type': 'field'
},
'right': [{
'type': 'service',
'value': 'UDP/53'
}, {
'type': 'service',
'value': 'TCP/80'
}],
'type':
'in'
}
}
self.assertDictEqual(notfilter.filter, f)
query = LogQuery()
query.add_not_filter([
InFilter(FieldValue(LogField.SERVICE),
[ServiceValue('UDP/53', 'TCP/80')])
])
query_filter = query.request['query']['filter']
self.assertDictEqual(f, query_filter)
notfilter.update_filter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue('play.googleapis.com')])
])
d = {
'type': 'not',
'value': {
'left': {
'id': 1586,
'type': 'field'
},
'right': [{
'type': 'string',
'value': 'play.googleapis.com'
}],
'type': 'in'
}
}
self.assertDictEqual(d, notfilter.filter)
query.update_filter(
NotFilter([
InFilter(FieldValue(LogField.HTTPREQUESTHOST),
[StringValue('play.googleapis.com')])
]))
query_filter = query.request['query']['filter']
self.assertDictEqual(d, query_filter)
#print(Query.resolve_field_ids(BlacklistQuery.field_ids))
#query.request = {"query":{"definition":"BLACKLIST","target":"lynn"}, "fetch":{}, "format":{"type":"texts"}}
#myfilter = InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.82'), IPValue('172.18.1.152')])
#Use case to pull specific filter logs from Audit
query = LogQuery(backwards=False)
query.format.timezone('CET')
default_audit_fields_ids = [LogField.TIMESTAMP, LogField.DATATYPE, LogField.USERORIGINATOR, LogField.TYPEDESCRIPTION, LogField.RESULT, LogField.OBJECTNAME, LogField.OBJECTID, LogField.OBJECTTYPE, LogField.INFOMSG]
query.format.field_ids(default_audit_fields_ids)
# Show only Audit log entries
query.add_in_filter( FieldValue(LogField.DATATYPE), [ConstantValue(DataType.AUDIT)]) #HINT: it could be nice to have the Audit Data Type as constant in the LogField
for log in query.fetch_batch(CSVFormat):
print(log)
#OBJECTNAME
#for log in query.fetch_live():
# print(log)
#pprint(query._get_field_schema())
#if 'fields' in fields:
# return fields['fields']
#from smc_monitoring.models.query import Query
#for fields in Query.resolve_field_ids(LogQuery.field_ids):
# print(fields)
query = {
"query": {"definition": "NEIGHBORS", "target": ENGINENAME},
"fetch": {},
"format": {"type": "texts"},
}
ws.send(json.dumps(query))
result = ws.recv()
print("Received '%s'" % result)
result = ws.recv()
print("Received '%s'" % result)
ws.close()
print("")
print("Retrieve IPv6 Neighbors Data using smc_monitoring")
query = NeighborQuery(ENGINENAME)
query.add_in_filter(FieldValue(LogField.NEIGHBORPROTOCOL), [StringValue("IPv6")])
for record in query.fetch_batch():
print(record)
print("Retrieve all Neighbor elements using smc_monitoring")
query = NeighborQuery(ENGINENAME)
for element in query.fetch_as_element(query_timeout=10):
print(
element.node_id
+ " "
+ element.neighbor_state
+ " "
+ element.neighbor_interface
+ " "
+ element.neighbor_protocol
+ " "