-
Tomáš Plesník authoredTomáš Plesník authored
sender-cli.pl 4.51 KiB
#!/usr/bin/perl
#
# Copyright (C) 2011-2015 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
use strict;
use warnings;
use DateTime;
use Getopt::Long;
#-------------------------------------------------------------------------------
# Warden 2.2. Command-line Client, Sender
#
# Command-line warden-client sender. For detailed info how to use particular
# variables and/or values see warden-client/doc/README file.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Preparation of event attributes.
# Mandatory attributes
my $opt_s; # service
my $opt_t = "" . DateTime->from_epoch(epoch => time()) . ""; # time of detection
my $opt_e; # type of detected event
my $opt_o; # event source type
# Optional attributes
my $opt_v = ""; # event source value
my $opt_p = ""; # target protocol
my $opt_r = ""; # target port
my $opt_a = ""; # attack scale
my $opt_n = ""; # note
# Other attributes
my $opt_w = "../../warden-client"; # path to warden directory
my $opt_h; # display help
# Check whether mandatory fields are given. Otherwise print help and exit.
if (!GetOptions("service|s=s" => \$opt_s,
"timestamp|t=s" => \$opt_t,
"event-type|e=s" => \$opt_e,
"source-type|o=s" => \$opt_o,
"source-value|v=s" => \$opt_v,
"proto|p=s" => \$opt_p,
"port|r=i" => \$opt_r,
"attack-scale|a=i" => \$opt_a,
"note|n=s" => \$opt_n,
"warden-dir|w=s" => \$opt_w,
"help|h" => \$opt_h) ||
!defined($opt_s) || !defined($opt_e) || !defined($opt_o) ||
$opt_h) {
print "\nAbout command-line-sender.pl\n";
print "\n Script is supposed to be used as a simple command-line warden client that can send one event to the warden server at a time. For more information about the Warden system and it's events' structure, please see warden-client/doc/README file.\n";
print "\nUsage:\n\n ./command-line-sender.pl -s <service> -e <event_type> -o <source_type> [-t <timestamp_of_detection>] [-v <source>] [-p <protocol>] [-r <port>] [-a <attack_scale>] [-n <note>] [-w <warden_directory>] [-h]\n";
print "\nArguments:\n\n";
print " -s SERVICE, --service=SERVICE - Name of detection service\n\n";
print " -e EVENT_TYPE, --event-type=EVENT_TYPE - Type of detected event\n\n";
print " -o SOURCE_TYPE, --source-type=SOURCE_TYPE - Type of detected event\'s source\n\n";
print "\n";
print "Optional (but important) arguments:\n\n";
print " -t TIMESTAMP, --timestamp=TIMESTAMP - Timestamp of detection.\n";
print " Default is current system time (" . DateTime->from_epoch(epoch => time()) . ")\n\n";
print " -v SOURCE_VALUE, --source-value=SOURCE_VALUE - Source of detected event\n\n";
print " -p PROTO, --proto=PROTO - Protocol\n\n";
print " -r PORT, --port=PORT - Port\n\n";
print " -a ATTACK_SCALE, --attack-scale=ATTACK_SCALE - Scale of detected event\n\n";
print " -n NOTE, --note=NOTE - Note, comment or other data\n\n";
print " -w WARDEN_DIR, --warden-dir=WARDEN_DIR - Path to the warden-client directory. Default is \'../../warden-client\'\n\n";