Commit 39691002 authored by Ignacio Crespo's avatar Ignacio Crespo

Command line arguments

parent f007cb76
...@@ -11,9 +11,8 @@ import moev.MoEv as MoEv ...@@ -11,9 +11,8 @@ import moev.MoEv as MoEv
import datetime import datetime
import time import time
import pytz import pytz
import argparse
HOST = '172.16.238.17'
PORT = 9563
def parse_timestamp(date): def parse_timestamp(date):
print date print date
...@@ -38,90 +37,111 @@ def check_attack(json_flow): ...@@ -38,90 +37,111 @@ def check_attack(json_flow):
predictions = moev_Manager.createModels() predictions = moev_Manager.createModels()
return predictions return predictions
parser = argparse.ArgumentParser()
parser.add_argument("-r", "--redis", help="IP redis")
parser.add_argument("-l", "--logstash", help="IP logstash")
parser.add_argument("-p", "--port", help="Port logstash")
args = parser.parse_args()
HOST_redis = ""
HOST_logstash = ""
PORT_logstash = ""
r = redis.StrictRedis(host='172.16.238.11', port=6379, db=0) if not args.redis or not args.logstash or not args.port:
print(r) print("It is neccesary to indicate IPs")
# delete the key parser.print_help()
netflow_redis = r.lindex("logstash", -1) quit()
else:
netflow = json.loads(netflow_redis) HOST_redis = args.redis
print(netflow) HOST_logstash = args.logstash
PORT_logstash = args.port
r = redis.StrictRedis(host=HOST_redis, port=6379, db=0)
print(r)
# delete the key
netflow_redis = r.lindex("logstash", -1)
print(netflow["netflow"]["in_bytes"]) netflow = json.loads(netflow_redis)
#print(netflow)
netflow_moev = collections.OrderedDict() print(netflow["netflow"]["in_bytes"])
netflow_moev['#:unix_secs'] = parse_timestamp(netflow["@timestamp"].split('.')[0]) netflow_moev = collections.OrderedDict()
netflow_moev['unix_nsecs'] = 886670
netflow_moev['sysuptime'] = 69000
netflow_moev['exaddr'] = netflow["host"]["ip"] netflow_moev['#:unix_secs'] = parse_timestamp(netflow["@timestamp"].split('.')[0])
netflow_moev['dpkts'] = netflow["netflow"]["in_pkts"] netflow_moev['unix_nsecs'] = 886670
netflow_moev['sysuptime'] = 69000
netflow_moev['doctets'] = netflow["netflow"]["in_bytes"] netflow_moev['exaddr'] = netflow["host"]["ip"]
netflow_moev['dpkts'] = netflow["netflow"]["in_pkts"]
netflow_moev['first'] = 53440 netflow_moev['doctets'] = netflow["netflow"]["in_bytes"]
netflow_moev['last'] = 53440
netflow_moev['engine_type'] = netflow["netflow"]["engine_type"] netflow_moev['first'] = 53440
netflow_moev['engine_id'] = netflow["netflow"]["engine_id"] netflow_moev['last'] = 53440
netflow_moev['srcaddr'] = netflow["source"]["ip"] netflow_moev['engine_type'] = netflow["netflow"]["engine_type"]
netflow_moev['dstaddr'] = netflow["destination"]["ip"] netflow_moev['engine_id'] = netflow["netflow"]["engine_id"]
netflow_moev['nexthop'] = netflow["flow"]["next_hop"]
netflow_moev['input'] = netflow["flow"]["input_snmp"]
netflow_moev['ouput'] = netflow["flow"]["output_snmp"]
netflow_moev['srcport'] = netflow["source"]["port"]
netflow_moev['dstport'] = netflow["destination"]["port"]
netflow_moev['prot'] = netflow["network"]["iana_number"] netflow_moev['srcaddr'] = netflow["source"]["ip"]
netflow_moev['tos'] = netflow["flow"]["tos"] netflow_moev['dstaddr'] = netflow["destination"]["ip"]
netflow_moev['nexthop'] = netflow["flow"]["next_hop"]
netflow_moev['input'] = netflow["flow"]["input_snmp"]
netflow_moev['ouput'] = netflow["flow"]["output_snmp"]
netflow_moev['srcport'] = netflow["source"]["port"]
netflow_moev['dstport'] = netflow["destination"]["port"]
netflow_moev['prot'] = netflow["network"]["iana_number"]
netflow_moev['tos'] = netflow["flow"]["tos"]
if "tcp_flags" in netflow: if "tcp_flags" in netflow:
with open("./tcp_flags.yml") as f: with open("./tcp_flags.yml") as f:
file_flags= yaml.load(f, Loader=yaml.FullLoader) file_flags= yaml.load(f, Loader=yaml.FullLoader)
tcp_flags = file_flags[('-'.join(netflow["flow"]["tcp_flags"]))] tcp_flags = file_flags[('-'.join(netflow["flow"]["tcp_flags"]))]
f.close() f.close()
else: else:
tcp_flags = 0 tcp_flags = 0
netflow_moev['tcp_flags'] = tcp_flags netflow_moev['tcp_flags'] = tcp_flags
netflow_moev['src_mask'] = netflow["flow"]["src_mask_len"] netflow_moev['src_mask'] = netflow["flow"]["src_mask_len"]
netflow_moev['dst_mask'] = netflow["flow"]["dst_mask_len"] netflow_moev['dst_mask'] = netflow["flow"]["dst_mask_len"]
netflow_moev['src_as'] = netflow["netflow"]["src_as"] netflow_moev['src_as'] = netflow["netflow"]["src_as"]
netflow_moev['dst_as'] = netflow["netflow"]["dst_as"] netflow_moev['dst_as'] = netflow["netflow"]["dst_as"]
test = json.dumps(netflow_moev) test = json.dumps(netflow_moev)
#print(json.dumps(netflow_moev)) #print(json.dumps(netflow_moev))
#print(json.loads(test)) #print(json.loads(test))
predictions = check_attack(json.loads(test,object_pairs_hook=OrderedDict)) predictions = check_attack(json.loads(test,object_pairs_hook=OrderedDict))
y = {"Check_Attack":predictions} y = {"Check_Attack":predictions}
netflow.update(y) netflow.update(y)
print(json.dumps(netflow)) print(json.dumps(netflow))
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(1)
try:
sock.connect((HOST_logstash, int(PORT_logstash)))
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(2)
msg = netflow
sock.send(json.dumps(netflow))
sock.close()
sys.exit(0)
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(1)
try:
sock.connect((HOST, PORT))
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(2)
msg = netflow
sock.send(json.dumps(netflow))
sock.close()
sys.exit(0)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment