From a06a23d10f7769ee5e4f280f446cb36b2d93b3c8 Mon Sep 17 00:00:00 2001
From: Michal Kostenec <kostenec@cesnet.cz>
Date: Tue, 28 Apr 2015 09:55:14 +0200
Subject: [PATCH] Correct timestamp used IPv6 address supported

---
 .../connectors/hp-kippo/warden3-kippo-sender.py | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
index b7fba0b..8bac43d 100644
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -21,7 +21,7 @@ DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5
 
 
-def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip4, dst_ip4, aggr_win):
+def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win):
 
   event = {
      "Format": "IDEA0",
@@ -32,14 +32,9 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
      "Category": ["Attempt.Login"],
      "Note": "SSH login attempt",
      "ConnCount": conn_count,
-     "Source": [
-        { 
-          "IP4": [src_ip4],
-        }
-     ],
+     "Source": [{}],
      "Target": [
         {
-           "IP4": [dst_ip4],
            "Proto": ["tcp", "ssh"],
            "Port" : [22]
         }
@@ -54,6 +49,10 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
      ]
   }
 
+  af = "IP4" if not ':' in src_ip else "IP6"
+  event['Source'][0][af] = [src_ip]
+  event['Target'][0][af] = [dst_ip]
+
   return event
 
 def main():
@@ -72,7 +71,7 @@ def main():
   crs = con.cursor()
 
   events = []
-  query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+  query =  "SELECT UNIX_TIMESTAMP(CONVERT_TZ(s.starttime, '+00:00', @@global.time_zone)) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
             FROM sessions s \
             LEFT JOIN sensors sn ON s.sensor=sn.id \
             WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s SECOND) \
@@ -84,7 +83,7 @@ def main():
     dtime = format_timestamp(row['starttime'])
     etime = format_timestamp(time())
     stime = format_timestamp(time() - awin)
-    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin))
       
   print "=== Sending ==="
   start = time()
-- 
GitLab