def test_read_host_country():
with OpenPostgreSQLsshTunnel(port=5436) as pport:
engine = create_db_engine(port=pport)
host_country = read_host_country(engine)
assert len(host_country) >= 13754
assert host_country['218.87.111.108'] == 'CN'
def test_read_host_country():
with OpenPostgreSQLsshTunnel(port=5436) as pport:
engine = create_db_engine(port=pport)
host_country = read_host_country(engine)
assert len(host_country) >= 13754
assert host_country['218.87.111.108'] == 'CN'
def test_analyze_files():
with OpenPostgreSQLsshTunnel(port=5437) as pport:
engine = create_db_engine(port=pport, dbname='test_ssh_intrusion_logs')
create_tables(engine)
output = analyze_files(engine, test=True)
print(output)
assert output >= 0
delete_tables(engine)
def test_read_country_code():
with OpenPostgreSQLsshTunnel(port=5435) as pport:
engine = create_db_engine(port=pport)
country_code = read_country_code(engine)
print(len(country_code))
assert len(country_code) == 250
assert country_code['IL'] == 'Israel'
def test_analyze_files():
with OpenPostgreSQLsshTunnel(port=5437) as pport:
engine = create_db_engine(port=pport, dbname='test_ssh_intrusion_logs')
create_tables(engine)
output = analyze_files(engine, test=True)
print(output)
assert output >= 0
delete_tables(engine)
def test_read_country_code():
with OpenPostgreSQLsshTunnel(port=5435) as pport:
engine = create_db_engine(port=pport)
country_code = read_country_code(engine)
print(len(country_code))
assert len(country_code) == 250
assert country_code['IL'] == 'Israel'
def test_find_originating_country():
with OpenPostgreSQLsshTunnel(port=5434) as pport:
engine = create_db_engine(port=pport)
country_list = read_country_code(engine)
host = 'host-219-235-1-84.iphost.gotonets.com'
country = find_originating_country(hostname=host,
country_code_list=country_list)
assert country == 'CN'
def run_parse():
"""
Open connection with postgresql database
create engine
run analyze_files
"""
with OpenPostgreSQLsshTunnel(port=5433) as pport:
engine = create_db_engine(port=pport)
print(analyze_files(engine))
def run_parse():
"""
Open connection with postgresql database
create engine
run analyze_files
"""
with OpenPostgreSQLsshTunnel(port=5433) as pport:
engine = create_db_engine(port=pport)
print(analyze_files(engine))
def test_find_originating_country():
with OpenPostgreSQLsshTunnel(port=5434) as pport:
engine = create_db_engine(port=pport)
country_list = read_country_code(engine)
host = 'host-219-235-1-84.iphost.gotonets.com'
country = find_originating_country(hostname=host,
country_code_list=country_list)
assert country == 'CN'
def run_analyze(data_path=security_log_analysis.__path__[0]):
"""
Open connection with postgresql database
create engine
plot time domain frequencies
print local / remote comparison
"""
with OpenPostgreSQLsshTunnel(port=5433) as pport:
engine = create_db_engine(port=pport)
fill_country_plot(engine, data_path)
for table in ('ssh_log', 'ssh_log_cloud', 'apache_log', 'apache_log_cloud'):
plot_time_access(engine, table, table)
print('\nssh local remote comparison')
local_remote_comparison(engine)
print('\napache local remote comparison')
local_remote_comparison(engine, table='local_remote_compare_apache')
def run_analyze(data_path=security_log_analysis.__path__[0]):
"""
Open connection with postgresql database
create engine
plot time domain frequencies
print local / remote comparison
"""
with OpenPostgreSQLsshTunnel(port=5433) as pport:
engine = create_db_engine(port=pport)
fill_country_plot(engine, data_path)
for table in ('ssh_log', 'ssh_log_cloud', 'apache_log',
'apache_log_cloud'):
plot_time_access(engine, table, table)
print('\nssh local remote comparison')
local_remote_comparison(engine)
print('\napache local remote comparison')
local_remote_comparison(engine, table='local_remote_compare_apache')