Commit 39691002 authored by Ignacio Crespo's avatar Ignacio Crespo

Command line arguments

parent f007cb76
......@@ -11,9 +11,8 @@ import moev.MoEv as MoEv
import datetime
import time
import pytz
import argparse
HOST = '172.16.238.17'
PORT = 9563
def parse_timestamp(date):
print date
......@@ -38,90 +37,111 @@ def check_attack(json_flow):
predictions = moev_Manager.createModels()
return predictions
parser = argparse.ArgumentParser()
parser.add_argument("-r", "--redis", help="IP redis")
parser.add_argument("-l", "--logstash", help="IP logstash")
parser.add_argument("-p", "--port", help="Port logstash")
args = parser.parse_args()
HOST_redis = ""
HOST_logstash = ""
PORT_logstash = ""
if not args.redis or not args.logstash or not args.port:
print("It is neccesary to indicate IPs")
parser.print_help()
quit()
else:
r = redis.StrictRedis(host='172.16.238.11', port=6379, db=0)
print(r)
HOST_redis = args.redis
HOST_logstash = args.logstash
PORT_logstash = args.port
r = redis.StrictRedis(host=HOST_redis, port=6379, db=0)
print(r)
# delete the key
netflow_redis = r.lindex("logstash", -1)
netflow = json.loads(netflow_redis)
print(netflow)
netflow_redis = r.lindex("logstash", -1)
print(netflow["netflow"]["in_bytes"])
netflow = json.loads(netflow_redis)
#print(netflow)
netflow_moev = collections.OrderedDict()
print(netflow["netflow"]["in_bytes"])
netflow_moev['#:unix_secs'] = parse_timestamp(netflow["@timestamp"].split('.')[0])
netflow_moev['unix_nsecs'] = 886670
netflow_moev['sysuptime'] = 69000
netflow_moev = collections.OrderedDict()
netflow_moev['exaddr'] = netflow["host"]["ip"]
netflow_moev['dpkts'] = netflow["netflow"]["in_pkts"]
netflow_moev['#:unix_secs'] = parse_timestamp(netflow["@timestamp"].split('.')[0])
netflow_moev['unix_nsecs'] = 886670
netflow_moev['sysuptime'] = 69000
netflow_moev['doctets'] = netflow["netflow"]["in_bytes"]
netflow_moev['exaddr'] = netflow["host"]["ip"]
netflow_moev['dpkts'] = netflow["netflow"]["in_pkts"]
netflow_moev['first'] = 53440
netflow_moev['last'] = 53440
netflow_moev['doctets'] = netflow["netflow"]["in_bytes"]
netflow_moev['engine_type'] = netflow["netflow"]["engine_type"]
netflow_moev['engine_id'] = netflow["netflow"]["engine_id"]
netflow_moev['first'] = 53440
netflow_moev['last'] = 53440
netflow_moev['srcaddr'] = netflow["source"]["ip"]
netflow_moev['dstaddr'] = netflow["destination"]["ip"]
netflow_moev['nexthop'] = netflow["flow"]["next_hop"]
netflow_moev['input'] = netflow["flow"]["input_snmp"]
netflow_moev['ouput'] = netflow["flow"]["output_snmp"]
netflow_moev['srcport'] = netflow["source"]["port"]
netflow_moev['dstport'] = netflow["destination"]["port"]
netflow_moev['engine_type'] = netflow["netflow"]["engine_type"]
netflow_moev['engine_id'] = netflow["netflow"]["engine_id"]
netflow_moev['prot'] = netflow["network"]["iana_number"]
netflow_moev['tos'] = netflow["flow"]["tos"]
netflow_moev['srcaddr'] = netflow["source"]["ip"]
netflow_moev['dstaddr'] = netflow["destination"]["ip"]
netflow_moev['nexthop'] = netflow["flow"]["next_hop"]
netflow_moev['input'] = netflow["flow"]["input_snmp"]
netflow_moev['ouput'] = netflow["flow"]["output_snmp"]
netflow_moev['srcport'] = netflow["source"]["port"]
netflow_moev['dstport'] = netflow["destination"]["port"]
netflow_moev['prot'] = netflow["network"]["iana_number"]
netflow_moev['tos'] = netflow["flow"]["tos"]
if "tcp_flags" in netflow:
if "tcp_flags" in netflow:
with open("./tcp_flags.yml") as f:
file_flags= yaml.load(f, Loader=yaml.FullLoader)
tcp_flags = file_flags[('-'.join(netflow["flow"]["tcp_flags"]))]
f.close()
else:
else:
tcp_flags = 0
netflow_moev['tcp_flags'] = tcp_flags
netflow_moev['src_mask'] = netflow["flow"]["src_mask_len"]
netflow_moev['dst_mask'] = netflow["flow"]["dst_mask_len"]
netflow_moev['src_as'] = netflow["netflow"]["src_as"]
netflow_moev['dst_as'] = netflow["netflow"]["dst_as"]
netflow_moev['tcp_flags'] = tcp_flags
netflow_moev['src_mask'] = netflow["flow"]["src_mask_len"]
netflow_moev['dst_mask'] = netflow["flow"]["dst_mask_len"]
netflow_moev['src_as'] = netflow["netflow"]["src_as"]
netflow_moev['dst_as'] = netflow["netflow"]["dst_as"]
test = json.dumps(netflow_moev)
#print(json.dumps(netflow_moev))
#print(json.loads(test))
test = json.dumps(netflow_moev)
#print(json.dumps(netflow_moev))
#print(json.loads(test))
predictions = check_attack(json.loads(test,object_pairs_hook=OrderedDict))
predictions = check_attack(json.loads(test,object_pairs_hook=OrderedDict))
y = {"Check_Attack":predictions}
netflow.update(y)
y = {"Check_Attack":predictions}
netflow.update(y)
print(json.dumps(netflow))
print(json.dumps(netflow))
try:
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error as msg:
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(1)
try:
sock.connect((HOST, PORT))
except socket.error as msg:
try:
sock.connect((HOST_logstash, int(PORT_logstash)))
except socket.error as msg:
sys.stderr.write("[ERROR] %s\n" % msg[1])
sys.exit(2)
msg = netflow
sock.send(json.dumps(netflow))
msg = netflow
sock.send(json.dumps(netflow))
sock.close()
sys.exit(0)
sock.close()
sys.exit(0)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment