def test_geoip_reporting(self):
'''Tests GeoIP reporting information'''
tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)
report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
self._test_site,
self._db_connection)
geoip_report = report_manager.retrieve_geoip_breakdown(
datetime.now() - timedelta(days=1),
datetime.now(),
self._db_connection)
self.assertEqual(len(geoip_report), 14)
def test_full_host_breakdown(self):
'''Tests internet host breakdown'''
tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)
report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
self._test_site,
self._db_connection)
internet_host_breakdown = report_manager.retrieve_internet_host_breakdown(
datetime.now() - timedelta(days=1),
datetime.now(),
self._db_connection)
self.assertEqual(len(internet_host_breakdown), 74)
def test_machine_breakdown_reporting(self):
'''Tests breaking down data by machine'''
tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)
report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
self._test_site,
self._db_connection)
local_ip_report = report_manager.retrieve_geoip_by_local_ip_breakdown(
datetime.now() - timedelta(days=1),
datetime.now(),
self._db_connection)
# Need less crappy tests
self.assertEqual(len(local_ip_report), 15)
def test_email_report_zip(self):
'''Tests generation of email reports with CSV in a ZIP and such'''
tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)
report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
self._test_site,
self._db_connection)
report_manager.generate_report_emails(datetime.now() - timedelta(days=1),
datetime.now(),
db_conn=self._db_connection,
send=True)
with open(self._test_contact_zip, 'r') as f:
alert_email = f.read()
self.assertIn("Attached to this email is a CSV breakdown of all traffic for the last 24 hours.", alert_email)
def test_email_report(self):
'''Tests generation of email reports and such'''
tests.util.ingest_test_file(self, TRAFFIC_REPORT_LOG)
report_manager = ndr_server.TsharkTrafficReportManager(self._nsc,
self._test_site,
self._db_connection)
report_manager.generate_report_emails(datetime.now() - timedelta(days=1),
datetime.now(),
db_conn=self._db_connection,
send=True)
with open(self._test_contact_inline, 'r') as f:
alert_email = f.read()
self.assertIn("This is a snapshot of internet traffic broken down by destination IP", alert_email)
def main():
'''Main function for handling daily processing tasks'''
# Do our basic setup work
logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s')
logger = logging.getLogger(name=__name__)
logger.setLevel(logging.DEBUG)
# We need both configs
parser = argparse.ArgumentParser(
description="Run daily processing tasks for NDR")
parser.add_argument('-s',
'--server-config',
default='/etc/ndr/ndr_server.yml',
help='NDR Server Configuration File')
args = parser.parse_args()
nsc = ndr_server.Config(logger, args.server_config)
db_conn = nsc.database.get_connection()
nsc.logger.info("Generating GeoIP statistics email")
# Retrieve all sites
sites = ndr_server.Site.retrieve_all(nsc, db_conn)
for site in sites:
nsc.logger.info("Processing site %s (%d)", site.name, site.pg_id)
# TShark Reports
report_manager = ndr_server.TsharkTrafficReportManager(
nsc, site, db_conn)
report_manager.generate_report_emails(datetime.now() -
timedelta(days=1),
datetime.now(),
db_conn=db_conn,
send=True)
db_conn.commit()