diff --git a/warden3/contrib/warden_filer/README b/warden3/contrib/warden_filer/README index a33de1f433d71e19be4a68e5586af8c9f3d21b32..09640055521d24d836425ccd7f924218afa89f06 100644 --- a/warden3/contrib/warden_filer/README +++ b/warden3/contrib/warden_filer/README @@ -75,11 +75,16 @@ JSON object, containing configuration. See also warden_filer.cfg as example. doc, possible keys: cat, nocat, group, nogroup, tag, notag), unmatched events get discarded and deleted node - o information about detector to be prepended into event Node - array (see Idea doc) + array (see Idea doc). Note that Warden server may require it + to correspond with client registration receiver - configuration section for receiver mode dir - directory, whose "incoming" subdir will serve as target for events filter - filter fields for Warden query (see Warden and Idea doc, possible keys: cat, nocat, group, nogroup, tag, notag) + node - o information about detector to be prepended into event Node + array (see Idea doc). Be careful here, you may ruin Idea + messages by wrongly formatted data and they are not checked + here in any way ------------------------------------------------------------------------------ E. Directories and locking issues diff --git a/warden3/contrib/warden_filer/warden_filer.cfg b/warden3/contrib/warden_filer/warden_filer.cfg index 402f5183d7e2da138b70256415eafe59d8fd6daf..f522778715cb312fe259514d9100476418150e7d 100644 --- a/warden3/contrib/warden_filer/warden_filer.cfg +++ b/warden3/contrib/warden_filer/warden_filer.cfg @@ -26,9 +26,9 @@ }, // Optional information about detector to be prepended into Idea Node array "node": { - "Name": "cz.example.warden.test", + "Name": "cz.example.warden.test_sender", "Type": ["Relay"], - "SW": ["warden_filer"], + "SW": ["warden_filer-sender"], "AggrWin": "00:05:00", "Note": "Test warden_filer sender" } @@ -45,5 +45,13 @@ "tag": null, "notag": ["Honeypot"] } + // Optional information about detector to be prepended into Idea Node array + "node": { + "Name": "cz.example.warden.test_receiver", + "Type": ["Relay"], + "SW": ["warden_filer-receiver"], + "AggrWin": "00:05:00", + "Note": "Test warden_filer receiver" + } } } diff --git a/warden3/contrib/warden_filer/warden_filer.py b/warden3/contrib/warden_filer/warden_filer.py index b4c19c8a596217af56535d087a86170039b06d1a..cabd2b8d37978d54243b5d3f9c4e4a320f334c4f 100644 --- a/warden3/contrib/warden_filer/warden_filer.py +++ b/warden3/contrib/warden_filer/warden_filer.py @@ -141,6 +141,7 @@ class SafeDir(object): def receiver(config, wclient, sdir, oneshot): poll_time = config.get("poll_time", 5) + node = config.get("node", None) conf_filt = config.get("filter", {}) filt = {} # Extract filter explicitly to be sure we have right param names for getEvents @@ -152,6 +153,9 @@ def receiver(config, wclient, sdir, oneshot): count_ok = count_err = 0 while events: for event in events: + if node: + nodelist = event.setdefault("Node", []) + nodelist.insert(0, node) try: nf = None nf = sdir.newfile()