warden_filer now supports adding Node for receiver

d320a28b · Pavel Kácha · 74941953 · d320a28b · d320a28b · d320a28b
Commit d320a28b authored 10 years ago by Pavel Kácha
--- a/warden3/contrib/warden_filer/README
+++ b/warden3/contrib/warden_filer/README
@@ -75,11 +75,16 @@ JSON object, containing configuration. See also warden_filer.cfg as example.
               doc, possible keys: cat, nocat, group, nogroup, tag, notag),
               unmatched events get discarded and deleted
      node - o information about detector to be prepended into event Node
-             array (see Idea doc)
+             array (see Idea doc). Note that Warden server may require it
+             to correspond with client registration
   receiver - configuration section for receiver mode
      dir - directory, whose "incoming" subdir will serve as target for events
      filter - filter fields for Warden query (see Warden and Idea doc,
               possible keys: cat, nocat, group, nogroup, tag, notag)
+      node - o information about detector to be prepended into event Node
+             array (see Idea doc). Be careful here, you may ruin Idea
+             messages by wrongly formatted data and they are not checked
+             here in any way

 ------------------------------------------------------------------------------
 E. Directories and locking issues

--- a/warden3/contrib/warden_filer/warden_filer.cfg
+++ b/warden3/contrib/warden_filer/warden_filer.cfg
@@ -26,9 +26,9 @@
        },
        // Optional information about detector to be prepended into Idea Node array
        "node": {
-            "Name": "cz.example.warden.test",
+            "Name": "cz.example.warden.test_sender",
            "Type": ["Relay"],
-            "SW": ["warden_filer"],
+            "SW": ["warden_filer-sender"],
            "AggrWin": "00:05:00",
            "Note": "Test warden_filer sender"
        }
@@ -45,5 +45,13 @@
            "tag": null,
            "notag": ["Honeypot"]
        }
+        // Optional information about detector to be prepended into Idea Node array
+        "node": {
+            "Name": "cz.example.warden.test_receiver",
+            "Type": ["Relay"],
+            "SW": ["warden_filer-receiver"],
+            "AggrWin": "00:05:00",
+            "Note": "Test warden_filer receiver"
+        }
    }
 }
--- a/warden3/contrib/warden_filer/warden_filer.py
+++ b/warden3/contrib/warden_filer/warden_filer.py
@@ -141,6 +141,7 @@ class SafeDir(object):

 def receiver(config, wclient, sdir, oneshot):
    poll_time = config.get("poll_time", 5)
+    node = config.get("node", None)
    conf_filt = config.get("filter", {})
    filt = {}
    # Extract filter explicitly to be sure we have right param names for getEvents
@@ -152,6 +153,9 @@ def receiver(config, wclient, sdir, oneshot):
        count_ok = count_err = 0
        while events:
            for event in events:
+                if node:
+                    nodelist = event.setdefault("Node", [])
+                    nodelist.insert(0, node)
                try:
                    nf = None
                    nf = sdir.newfile()