diff --git a/src/warden-client/doc/example-receiver.pl.txt b/src/warden-client/doc/example-receiver.pl.txt
old mode 100644
new mode 100755
index afe5e5125f6503329b4cd8de951f7fe984edc7f5..71809f65bb47bdef290b80f8ee2ec20ada1779c8
--- a/src/warden-client/doc/example-receiver.pl.txt
+++ b/src/warden-client/doc/example-receiver.pl.txt
@@ -18,17 +18,14 @@ use strict;
# This code should developer add into his/her application.
# Path to warden-client directory
-my $warden_path = '/opt/warden-client';
+my $warden_path = '/home/soukal/client-test/2.0.0_beta/warden-client/';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
# Definition of requested event type. This attributes is also set on server
# and must not change.
-my $requested_type = "botnet_c_c";
-
-# Download of new evetns from Warden server
-my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type);
+my $requested_type = "portscan";
#------------------------------------------------------------------------------
# Simple code that prints out new events obtained from Warden server.
@@ -37,9 +34,15 @@ print "+------------------------------------------------------------------------
print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
-foreach (@new_events) {
- print "| " . join(' | ', @$_) . " |" . "\n";
+# Download of new evetns from Warden server
+while (my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type)) {
+ foreach my $event_ref (@new_events) {
+ my @event = @$event_ref;
+ print "| " . join(' | ', @event) . " |" . "\n";
+ }
+print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
}
+
print "+------------------------------------------------------------------------------------------------------------------------------------------+";
print "\n";
print "Last events in: " . scalar(localtime(time)) . "\n";
diff --git a/src/warden-client/lib/WardenClientReceive.pm b/src/warden-client/lib/WardenClientReceive.pm
index 437e9b5eb5e0f1cb91816f1a710384180de99cba..1544c3bdef107b13237a8fcc3c7dca22aadc69d0 100755
--- a/src/warden-client/lib/WardenClientReceive.pm
+++ b/src/warden-client/lib/WardenClientReceive.pm
@@ -81,94 +81,102 @@ sub c2s
#-------------------------------------------------------------------------------
sub getNewEvents
{
- my $warden_path = shift;
- my $requested_type = shift;
-
- my $vardir = $warden_path . "/var/";
- my $etcdir = $warden_path . "/etc/";
- my $libdir = $warden_path . "/lib/";
-
- # read the config file
- require $libdir . "WardenClientConf.pm";
- my $conf_file = $etcdir . "warden-client.conf";
- my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit) = WardenClientConf::loadConf($conf_file);
-
- # set name of ID file for each client aplication
- my $caller_name = $FindBin::Script;
- my $id_file = $vardir . $caller_name . ".id";
-
- #-----------------------------------------------------------------------------
- # get last ID from ID file (if exist) or
- # get last ID from warden server DB and save it into ID file
- my $last_id;
- if (-e $id_file) {
- open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
- foreach(<ID>) {
- $last_id = $_;
+ my @events;
+
+ eval {
+
+ my $warden_path = shift;
+ my $requested_type = shift;
+
+ my $vardir = $warden_path . "/var/";
+ my $etcdir = $warden_path . "/etc/";
+ my $libdir = $warden_path . "/lib/";
+
+ # read the config file
+ require $libdir . "WardenClientConf.pm";
+ my $conf_file = $etcdir . "warden-client.conf";
+ my ($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, $max_rcv_events_limit) = WardenClientConf::loadConf($conf_file);
+
+ # set name of ID file for each client aplication
+ my $caller_name = $FindBin::Script;
+ my $id_file = $vardir . $caller_name . ".id";
+
+ #-----------------------------------------------------------------------------
+ # get last ID from ID file (if exist) or
+ # get last ID from warden server DB and save it into ID file
+ my $last_id;
+ if (-e $id_file) {
+ open(ID, "< $id_file") || errMsg("Cannot open ID file $id_file: $!");
+ foreach(<ID>) {
+ $last_id = $_;
+ }
+ close ID;
+ } else {
+ my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
+ $last_id = $response->result;
+ open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
}
- close ID;
- } else {
- my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getLastId");
- $last_id = $response->result;
- open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
- print ID $last_id;
- close ID;
- }
- #-----------------------------------------------------------------------------
- # get new events from warden server DB based on gathered last ID
-
- # create SOAP data obejct
- my $request_data = SOAP::Data->name(
- request => \SOAP::Data->value(
- SOAP::Data->name(REQUESTED_TYPE => $requested_type),
- SOAP::Data->name(LAST_ID => $last_id),
- SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $max_rcv_events_limit)
- )
- );
+ #-----------------------------------------------------------------------------
+ # get new events from warden server DB based on gathered last ID
+
+ # create SOAP data obejct
+ my $request_data = SOAP::Data->name(
+ request => \SOAP::Data->value(
+ SOAP::Data->name(REQUESTED_TYPE => $requested_type),
+ SOAP::Data->name(LAST_ID => $last_id),
+ SOAP::Data->name(MAX_RCV_EVENTS_LIMIT => $max_rcv_events_limit)
+ )
+ );
- # call server method getNewEvents
- my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
-
- # parse returned SOAP data object
- my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
- my @events;
- my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
- while (scalar @response_list) {
- my $response_data = shift(@response_list);
- my @event;
-
- # parse items of one event
- $id = $response_data->{'ID'};
- $hostname = $response_data->{'HOSTNAME'};
- $service = $response_data->{'SERVICE'};
- $detected = $response_data->{'DETECTED'};
- $type = $response_data->{'TYPE'};
- $source_type = $response_data->{'SOURCE_TYPE'};
- $source = $response_data->{'SOURCE'};
- $target_proto = $response_data->{'TARGET_PROTO'};
- $target_port = $response_data->{'TARGET_PORT'};
- $attack_scale = $response_data->{'ATTACK_SCALE'};
- $note = $response_data->{'NOTE'};
- $priority = $response_data->{'PRIORITY'};
- $timeout = $response_data->{'TIMEOUT'};
-
- # push new event from warden server into @events which is returned
- @event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
- push (@events, \@event);
-
- # set maximum received ID from current batch
- if ($id > $last_id) {
- $last_id = $id;
+ # call server method getNewEvents
+ my $response = c2s($uri, $ssl_key_file, $ssl_cert_file, $ssl_ca_file, "getNewEvents", $request_data);
+
+ # parse returned SOAP data object
+ my ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+# my @events;
+ my @response_list = $response->valueof('/Envelope/Body/getNewEventsResponse/event/');
+ while (scalar @response_list) {
+ my $response_data = shift(@response_list);
+ my @event;
+
+ # parse items of one event
+ $id = $response_data->{'ID'};
+ $hostname = $response_data->{'HOSTNAME'};
+ $service = $response_data->{'SERVICE'};
+ $detected = $response_data->{'DETECTED'};
+ $type = $response_data->{'TYPE'};
+ $source_type = $response_data->{'SOURCE_TYPE'};
+ $source = $response_data->{'SOURCE'};
+ $target_proto = $response_data->{'TARGET_PROTO'};
+ $target_port = $response_data->{'TARGET_PORT'};
+ $attack_scale = $response_data->{'ATTACK_SCALE'};
+ $note = $response_data->{'NOTE'};
+ $priority = $response_data->{'PRIORITY'};
+ $timeout = $response_data->{'TIMEOUT'};
+
+ # push new event from warden server into @events which is returned
+ @event = ($id, $hostname, $service, $detected, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout);
+ push (@events, \@event);
+
+ # set maximum received ID from current batch
+ if ($id > $last_id) {
+ $last_id = $id;
+ }
+ } #end of while loop
+
+ # write last return ID
+ if (defined $last_id) { # must be defined for first check ID
+ open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
+ print ID $last_id;
+ close ID;
}
- } #end of while loop
-
- # write last return ID
- if (defined $last_id) { # must be defined for first check ID
- open(ID, "> $id_file") || die ("Cannot open ID file $id_file: $!");
- print ID $last_id;
- close ID;
- }
+ } # End of eval block
+ or do {
+ return;
+ };
return @events;