示例#1
0
    def sid(self, app, action, sid, **kwargs):
        ''' return details for a specific alertevent'''

        alertevent = None
        output = None
        user = cherrypy.session['user']['name']
        host_app = cherrypy.request.path_info.split('/')[3]

        try:
            job = splunk.search.getJob(sid)

            #for r in job.results:
            #    logger.debug("results %s" % r)

            fired = FiredAlert.all()
            fired = fired.search('sid=%s' % sid)[0]

            hosts = sorted(list({str(x.get('host')) for x in job.results if x.get('hosts')}))
            alertevent = {'alert_name': job.label,
                    'time': fired.trigger_time,
                    'description': fired.savedsearch_name,
                    'severity': fired.severity,
                    'hosts': hosts,
                    'sid': sid,
                    'et': job.earliestTime,
                    'lt': job.latestTime}

            logger.debug(alertevent)

        except Exception, ex:
            logger.exception(ex)
            logger.warn('problem retreiving alertevent %s' % id)
            raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
示例#2
0
    def index(self, app, **params):
        # request param cast/defaults
        offset      = int(params.get('offset', 0))
        count       = int(params.get('count', 25))
        alerts_app  = getArgValue('eai:acl.app', params, app)
        alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-'))

        # fired alerts search filters
        search_params = ['severity', 'search']
        search_string = []
        for key in search_params:
            value = params.get(key)
            if value and value != '*':
                if key=='search':
                    search_string.append('%s' % value)
                else:
                    search_string.append('%s="%s"' % (key, urllib.unquote_plus(value)))
        # fired alerts query
        if not 'alerts_id' in params:
            fired_alerts = FiredAlert.all()
        else:
            fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id')))
        # augment query with search
        if len(search_string) > 0:
           fired_alerts = fired_alerts.search(' '.join(search_string))
        # augment query with app or user filters
        fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user)
        fired_alerts._count_per_req = count
        if 'sort_by' in params or 'sort_dir' in params:
            fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc'))
        
        # fired alert summary information
        fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user)
        fired_alert_summary._count_per_req = count
        
        # apps listings
        apps  = App.all().filter(is_disabled=False)
        
        # users listings
        users = User.all()
        max_users = 250
        users._count_per_req = max_users
        users = users[:max_users]
        
        # paginator
        pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset)
        
        app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label')
        # view variables
        template_args = dict(app=alerts_app, apps=apps, users=users, count=count, 
                             fired_alerts=fired_alerts, 
                             fired_alert_summary=fired_alert_summary, 
                             offset=offset, pager=pager, app_label=app_label)
        return self.render_template('alerts/index.html', template_args)
    def index(self, app, **params):
        # request param cast/defaults
        offset = int(params.get('offset', 0))
        count = int(params.get('count', 25))
        alerts_app = getArgValue('eai:acl.app', params, app)
        alerts_user = urllib.unquote_plus(
            getArgValue('eai:acl.owner', params, '-'))

        # fired alerts search filters
        search_params = ['severity', 'search']
        search_string = []
        for key in search_params:
            value = params.get(key)
            if value and value != '*':
                if key == 'search':
                    search_string.append('%s' % value)
                else:
                    search_string.append('%s="%s"' %
                                         (key, urllib.unquote_plus(value)))
        # fired alerts query
        if not 'alerts_id' in params:
            fired_alerts = FiredAlert.all()
        else:
            fired_alerts = FiredAlert.get_alerts(
                urllib.unquote_plus(params.get('alerts_id')))

        # augment query with search
        if len(search_string) > 0:
            fired_alerts = fired_alerts.search(' '.join(search_string))
        # augment query with app or user filters
        fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
            alerts_user)
        fired_alerts._count_per_req = count
        if 'sort_by' in params or 'sort_dir' in params:
            fired_alerts = fired_alerts.order_by(
                params.get('sort_by', 'trigger_time'),
                sort_dir=params.get('sort_dir', 'desc'))

        # fired alert summary information
        fired_alert_summary = FiredAlertSummary.all().filter_by_app(
            alerts_app).filter_by_user(alerts_user)
        fired_alert_summary._count_per_req = count
        try:
            fired_alert_summary[0]
        except Exception, e:
            if e.statusCode == 402:
                return self.render_template('admin/402.html',
                                            {'feature': _('Alerting')})
示例#4
0
    def sid(self, app, action, sid, **kwargs):
        ''' return details for a specific alertevent'''

        alertevent = None
        output = None
        user = cherrypy.session['user']['name']
        host_app = cherrypy.request.path_info.split('/')[3]

        try:
            job = splunk.search.getJob(sid)

            #for r in job.results:
            #    logger.debug("results %s" % r)

            fired = FiredAlert.all()
            fired = fired.search('sid=%s' % sid)[0]

            hosts = sorted(
                list({
                    str(x.get('host'))
                    for x in job.results if x.get('hosts')
                }))
            alertevent = {
                'alert_name': job.label,
                'time': fired.trigger_time,
                'description': fired.savedsearch_name,
                'severity': fired.severity,
                'hosts': hosts,
                'sid': sid,
                'et': job.earliestTime,
                'lt': job.latestTime
            }

            logger.debug(alertevent)

        except Exception, ex:
            logger.exception(ex)
            logger.warn('problem retreiving alertevent %s' % id)
            raise cherrypy.HTTPRedirect(
                self._redirect(host_app, app, 'alertevent_not_found', sid=sid),
                303)
示例#5
0
    def index(self, app, **params):
        # request param cast/defaults
        offset = int(params.get('offset', 0))
        count = int(params.get('count', 25))
        alerts_app = getArgValue('eai:acl.app', params, app)
        alerts_user = urllib.unquote_plus(
            getArgValue('eai:acl.owner', params, '-'))

        # fired alerts search filters
        search_params = ['severity', 'search']
        search_string = []
        for key in search_params:
            value = params.get(key)
            if value and value != '*':
                if key == 'search':
                    search_string.append('%s' % value)
                else:
                    search_string.append('%s="%s"' %
                                         (key, urllib.unquote_plus(value)))
        # fired alerts query
        if not 'alerts_id' in params:
            fired_alerts = FiredAlert.all()
        else:
            fired_alerts = FiredAlert.get_alerts(
                urllib.unquote_plus(params.get('alerts_id')))
        # augment query with search
        if len(search_string) > 0:
            fired_alerts = fired_alerts.search(' '.join(search_string))
        # augment query with app or user filters
        fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
            alerts_user)
        fired_alerts._count_per_req = count
        if 'sort_by' in params or 'sort_dir' in params:
            fired_alerts = fired_alerts.order_by(
                params.get('sort_by', 'trigger_time'),
                sort_dir=params.get('sort_dir', 'desc'))

        # fired alert summary information
        fired_alert_summary = FiredAlertSummary.all().filter_by_app(
            alerts_app).filter_by_user(alerts_user)
        fired_alert_summary._count_per_req = count

        # apps listings
        apps = App.all().filter(is_disabled=False)

        # users listings
        users = User.all()
        max_users = 250
        users._count_per_req = max_users
        users = users[:max_users]

        # paginator
        pager = paginator.Google(fired_alerts.get_total(),
                                 max_items_page=count,
                                 item_offset=offset)

        app_label = splunk.bundle.getConf('app',
                                          namespace=app)['ui'].get('label')
        # view variables
        template_args = dict(app=alerts_app,
                             apps=apps,
                             users=users,
                             count=count,
                             fired_alerts=fired_alerts,
                             fired_alert_summary=fired_alert_summary,
                             offset=offset,
                             pager=pager,
                             app_label=app_label)
        return self.render_template('alerts/index.html', template_args)