def doEdit(tmpfilename): # get editor editor = os.getenv('SPLUNK_EDITOR') if editor == None: editor = 'vi' print "SPLUNK_EDITOR not defined. Defaulting to 'vi' for all your hipsters" time.sleep(1) # give hipsters time to read stanzas = {} while (True): # user is now editing config os.system("%s %s" % (editor, tmpfilename)) errors = [] # read the edited config back in stanzas = conf.ConfParser.parse(tmpfilename, True, errors) # validate bookkeeping attribute on each stanza for name, stanza in stanzas.items(): if name.lower()!="default" and INTERNAL_ATTRIBUTE not in stanza: errors.append("%s attribute not seen on %s stanza." % (INTERNAL_ATTRIBUTE, name)) if len(errors) == 0: break print print "-"*80 for error in errors: print error.title() answer = interactiveutils.askMultipleChoiceQuestion("Fix errors encountered?", ["fix", "abort"], defaultanswer="fix") if answer == "abort": exit("Aborting...") print "\nRe-editing..." time.sleep(1) return stanzas
def getHosts(config): hosts = [] # get patterns and replace friendly "*" with regex-correct pattern ".*" patterns = [pattern.replace("*", ".*") for pattern in config['IGNORED_HOSTS']] regex = listToRegex(patterns) while True: needsApprove = False operation = interactiveutils.askMultipleChoiceQuestion("How should I get the names of hosts to search? (default=nmap)", ['nmap', 'hosts', 'manually', 'quit'], 'nmap') if operation == 'nmap': hosts = getHostsViaNMap(config) needsApprove = True elif operation == 'hosts': hosts = getHostsViaHosts() needsApprove = True elif operation == 'manually': interactiveutils.addListItems("Please enter the names of remote hosts to search for log files.", "remote-host", hosts, isValidHost) elif operation == 'quit': break # didn't get any hosts if hosts == None or len(hosts) == 0: print "Unable to get hosts with that method. Please try another method." else: # got some hosts hosts = [host for host in hosts if re.search(regex, host.lower()) == None] hosts.sort() if needsApprove: hosts = interactiveutils.validateElements("hosts", hosts) if len(hosts) > 0: break return hosts
def getHosts(config): hosts = [] # get patterns and replace friendly "*" with regex-correct pattern ".*" patterns = [ pattern.replace("*", ".*") for pattern in config['IGNORED_HOSTS'] ] regex = listToRegex(patterns) while True: needsApprove = False operation = interactiveutils.askMultipleChoiceQuestion( "How should I get the names of hosts to search? (default=nmap)", ['nmap', 'hosts', 'manually', 'quit'], 'nmap') if operation == 'nmap': hosts = getHostsViaNMap(config) needsApprove = True elif operation == 'hosts': hosts = getHostsViaHosts() needsApprove = True elif operation == 'manually': interactiveutils.addListItems( "Please enter the names of remote hosts to search for log files.", "remote-host", hosts, isValidHost) elif operation == 'quit': break # didn't get any hosts if hosts == None or len(hosts) == 0: print "Unable to get hosts with that method. Please try another method." else: # got some hosts hosts = [ host for host in hosts if re.search(regex, host.lower()) == None ] hosts.sort() if needsApprove: hosts = interactiveutils.validateElements("hosts", hosts) if len(hosts) > 0: break return hosts
def doEdit(tmpfilename): # get editor editor = os.getenv('SPLUNK_EDITOR') if editor == None: editor = 'vi' print "SPLUNK_EDITOR not defined. Defaulting to 'vi' for all your hipsters" time.sleep(1) # give hipsters time to read stanzas = {} while (True): # user is now editing config os.system("%s %s" % (editor, tmpfilename)) errors = [] # read the edited config back in stanzas = conf.ConfParser.parse(tmpfilename, True, errors) # validate bookkeeping attribute on each stanza for name, stanza in stanzas.items(): if name.lower() != "default" and INTERNAL_ATTRIBUTE not in stanza: errors.append("%s attribute not seen on %s stanza." % (INTERNAL_ATTRIBUTE, name)) if len(errors) == 0: break print print "-" * 80 for error in errors: print error.title() answer = interactiveutils.askMultipleChoiceQuestion( "Fix errors encountered?", ["fix", "abort"], defaultanswer="fix") if answer == "abort": exit("Aborting...") print "\nRe-editing..." time.sleep(1) return stanzas
if size < 1024: size = 1 else: size /= 1024 print "\t", time.ctime(modtime).rjust(20), str(size).rjust(20), sourcetype.rjust(20), "\t", name if interactiveutils.askYesNoQuestion("Collapse files into common directories?"): # TK ESD 4/25/08 sortedFiles = recursivelyFindCommonDirectories(g_config, sortedFiles, int(g_config['COLLAPSE_THRESHOLD'][0])) print print "Collapsed files:" print "-"*80 for fname in sortedFiles: print "\t", fname ALL = "all"; SOME = "some"; NOPE = "none"; YES = "yes"; NO = "no"; ABORT = "abort" answer = interactiveutils.askMultipleChoiceQuestion("Index found files into Splunk?", [ALL, SOME, NOPE], NOPE) #TK ESD 3/11/08 auth = "admin:changeme" if answer != NOPE: success = startSplunk() if not success: print "Unable to start splunkd. Exiting..." # TK ESD 3/11/08 sys.exit() username = interactiveutils.promptWithDefault("splunk username", "admin") password = interactiveutils.promptPassWithDefault("splunk password", "changeme") auth = username + ":" + password if answer == ALL: for fname in sortedFiles: addFile(fname, auth) elif answer == SOME: for fname in sortedFiles: fileanswer = interactiveutils.askMultipleChoiceQuestion("Index " + str(fname) + " into Splunk?", [YES, NO, ABORT], NO) #TK ESD 3/11/08
aCount = len(sys.argv) if aCount == 2: last = sys.argv[-1].lower() if last.startswith("debug"): g_debug = True elif last.startswith("quiet"): g_quiet = True else: print "\n\tUsage:", sys.argv[0], "[debug|quiet]\n" sys.exit() user = interactiveutils.promptWithDefault("username", "root") dir = interactiveutils.promptWithDefault("starting directory", "/") manyhosts = interactiveutils.askMultipleChoiceQuestion( "Run on more than one host? (default=no)", ['no', 'yes'], 'no') copyfiles = 'yes' == interactiveutils.askMultipleChoiceQuestion( "Do you want to retrieve the files found for further inspection?", ['yes', 'no'], 'yes') if manyhosts == 'yes': hosts = getHosts(config) password = None if interactiveutils.askYesNoQuestion( "Do you want to automatically use a common password for all hosts?", False): password = getPassword("Enter remote password") crawlerThreads = [] for host in hosts: crawler = Crawler(config, user, password, host, [dir],
aCount = len(sys.argv) if aCount == 2: last = sys.argv[-1].lower() if last.startswith("debug"): g_debug = True elif last.startswith("quiet"): g_quiet = True else: print "\n\tUsage:", sys.argv[0], "[debug|quiet]\n" sys.exit() user = interactiveutils.promptWithDefault("username", "root") dir = interactiveutils.promptWithDefault("starting directory", "/") manyhosts = interactiveutils.askMultipleChoiceQuestion("Run on more than one host? (default=no)", ['no', 'yes'], 'no') copyfiles = 'yes' == interactiveutils.askMultipleChoiceQuestion("Do you want to retrieve the files found for further inspection?", ['yes', 'no'], 'yes') if manyhosts == 'yes': hosts = getHosts(config) password = None if interactiveutils.askYesNoQuestion("Do you want to automatically use a common password for all hosts?", False): password = getPassword("Enter remote password") crawlerThreads = [] for host in hosts: crawler = Crawler(config, user, password, host, [dir], daysSizeKPairs, collapseThreshold, copyfiles) crawlerThreads.append(crawler) try: crawler.start()