From 4e890eb5a1cbc5cd69ed22015bdadc922cf8a66f Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sun, 6 Sep 2015 19:05:16 +0200 Subject: [PATCH] style fix queryAlertLog.py --- .../scripts/suricata/queryAlertLog.py | 149 +++++++++--------- 1 file changed, 75 insertions(+), 74 deletions(-) diff --git a/src/opnsense/scripts/suricata/queryAlertLog.py b/src/opnsense/scripts/suricata/queryAlertLog.py index 59b71886f..5b6d9349c 100755 --- a/src/opnsense/scripts/suricata/queryAlertLog.py +++ b/src/opnsense/scripts/suricata/queryAlertLog.py @@ -39,89 +39,90 @@ from lib.log import reverse_log_reader from lib.params import updateParams from lib import suricata_alert_log -# handle parameters -parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''} -updateParams(parameters) +if __name__ == '__main__': + # handle parameters + parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''} + updateParams(parameters) -# choose logfile by number -if parameters['fileid'].isdigit(): - suricata_log = '%s.%d'%(suricata_alert_log,int(parameters['fileid'])) -else: - suricata_log = suricata_alert_log + # choose logfile by number + if parameters['fileid'].isdigit(): + suricata_log = '%s.%d'%(suricata_alert_log,int(parameters['fileid'])) + else: + suricata_log = suricata_alert_log -if parameters['limit'].isdigit(): - limit = int(parameters['limit']) -else: - limit = 0 + if parameters['limit'].isdigit(): + limit = int(parameters['limit']) + else: + limit = 0 -if parameters['offset'].isdigit(): - offset = int(parameters['offset']) -else: - offset = 0 + if parameters['offset'].isdigit(): + offset = int(parameters['offset']) + else: + offset = 0 -data_filters = {} -data_filters_comp = {} -for filter in shlex.split(parameters['filter']): - filterField = filter.split('/')[0] - if filter.find('/') > -1: - data_filters[filterField] = '/'.join(filter.split('/')[1:]) - filter_regexp = data_filters[filterField] - filter_regexp = filter_regexp.replace('*', '.*') - filter_regexp = filter_regexp.lower() - try: - data_filters_comp[filterField] = re.compile(filter_regexp) - except sre_constants.error: - # remove illegal expression - #del data_filters[filterField] - data_filters_comp[filterField] = re.compile('.*') + data_filters = {} + data_filters_comp = {} + for filter in shlex.split(parameters['filter']): + filterField = filter.split('/')[0] + if filter.find('/') > -1: + data_filters[filterField] = '/'.join(filter.split('/')[1:]) + filter_regexp = data_filters[filterField] + filter_regexp = filter_regexp.replace('*', '.*') + filter_regexp = filter_regexp.lower() + try: + data_filters_comp[filterField] = re.compile(filter_regexp) + except sre_constants.error: + # remove illegal expression + #del data_filters[filterField] + data_filters_comp[filterField] = re.compile('.*') -# filter one specific log line -if 'filepos' in data_filters and data_filters['filepos'].isdigit(): - log_start_pos = int(data_filters['filepos']) -else: - log_start_pos = None + # filter one specific log line + if 'filepos' in data_filters and data_filters['filepos'].isdigit(): + log_start_pos = int(data_filters['filepos']) + else: + log_start_pos = None -# query suricata eve log -result = {'filters':data_filters,'rows':[],'total_rows':0,'origin':suricata_log.split('/')[-1]} -if os.path.exists(suricata_log): - for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos): - try: - record = ujson.loads(line['line']) - except ValueError: - # can not handle line - record = {} + # query suricata eve log + result = {'filters':data_filters,'rows':[],'total_rows':0,'origin':suricata_log.split('/')[-1]} + if os.path.exists(suricata_log): + for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos): + try: + record = ujson.loads(line['line']) + except ValueError: + # can not handle line + record = {} - # only process valid alert items - if 'alert' in record: - # add position in file - record['filepos'] = line['pos'] - record['fileid'] = parameters['fileid'] - # flatten structure - record['alert_sid'] = record['alert']['signature_id'] - record['alert'] = record['alert']['signature'] + # only process valid alert items + if 'alert' in record: + # add position in file + record['filepos'] = line['pos'] + record['fileid'] = parameters['fileid'] + # flatten structure + record['alert_sid'] = record['alert']['signature_id'] + record['alert'] = record['alert']['signature'] - # use filters on data (using regular expressions) - do_output = True - for filterKeys in data_filters: - filter_hit = False - for filterKey in filterKeys.split(','): - if record.has_key(filterKey) and data_filters_comp[filterKeys].match(('%s'%record[filterKey]).lower()): - filter_hit = True + # use filters on data (using regular expressions) + do_output = True + for filterKeys in data_filters: + filter_hit = False + for filterKey in filterKeys.split(','): + if record.has_key(filterKey) and data_filters_comp[filterKeys].match(('%s'%record[filterKey]).lower()): + filter_hit = True - if not filter_hit: - do_output = False - if do_output: - result['total_rows'] += 1 - if (len(result['rows']) < limit or limit == 0) and result['total_rows'] >= offset: - result['rows'].append(record) - elif result['total_rows'] > offset + limit: - # do not fetch data until end of file... - break + if not filter_hit: + do_output = False + if do_output: + result['total_rows'] += 1 + if (len(result['rows']) < limit or limit == 0) and result['total_rows'] >= offset: + result['rows'].append(record) + elif result['total_rows'] > offset + limit: + # do not fetch data until end of file... + break - # only try to fetch one line when filepos is given - if log_start_pos != None: - break + # only try to fetch one line when filepos is given + if log_start_pos != None: + break -# output results -print(ujson.dumps(result)) + # output results + print(ujson.dumps(result))