lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

(ids) use actual timestamp to find alertlogs

Browse Source
This commit is contained in:
Ad Schellevis 2015-08-31 09:03:41 +02:00
parent 8addbbee66
commit 4f57160807
1 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/opnsense/scripts/suricata/listAlertLogs.py
View File

@ -33,20 +33,34 @@
import os
import glob
import ujson
import time
import datetime
from lib import suricata_alert_log
from lib.log import reverse_log_reader
result = []
for filename in sorted(glob.glob('%s*'%suricata_alert_log)):
row = dict()
row['modified'] = os.stat(filename).st_mtime
row['filename'] = filename.split('/')[-1]
ext=filename.split('.')[-1]
if ext.isdigit():
row['sequence'] = int(ext)
else:
row['sequence'] = None
row['size'] = os.stat(filename).st_size
if row['size'] > 0:
row['modified'] = os.stat(filename).st_mtime
row['filename'] = filename.split('/')[-1]
# try to find actual timestamp from file
for line in reverse_log_reader(filename=filename):
if line['line'] != '':
record = ujson.loads(line['line'])
if record.has_key('timestamp'):
row['modified'] = int(time.mktime(datetime.datetime.strptime(record['timestamp'].split('.')[0], "%Y-%m-%dT%H:%M:%S").timetuple()))
break
result.append(row)
ext=filename.split('.')[-1]
if ext.isdigit():
row['sequence'] = int(ext)
else:
row['sequence'] = None
result.append(row)
# output results
print(ujson.dumps(result))