From d320a28bc226cd80b2e28a5309f5c03cef0fab77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Thu, 26 Feb 2015 16:26:00 +0100
Subject: [PATCH] warden_filer now supports adding Node for receiver
---
warden3/contrib/warden_filer/README | 7 ++++++-
warden3/contrib/warden_filer/warden_filer.cfg | 12 ++++++++++--
warden3/contrib/warden_filer/warden_filer.py | 4 ++++
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/warden3/contrib/warden_filer/README b/warden3/contrib/warden_filer/README
index a33de1f..0964005 100644
--- a/warden3/contrib/warden_filer/README
+++ b/warden3/contrib/warden_filer/README
@@ -75,11 +75,16 @@ JSON object, containing configuration. See also warden_filer.cfg as example.
doc, possible keys: cat, nocat, group, nogroup, tag, notag),
unmatched events get discarded and deleted
node - o information about detector to be prepended into event Node
- array (see Idea doc)
+ array (see Idea doc). Note that Warden server may require it
+ to correspond with client registration
receiver - configuration section for receiver mode
dir - directory, whose "incoming" subdir will serve as target for events
filter - filter fields for Warden query (see Warden and Idea doc,
possible keys: cat, nocat, group, nogroup, tag, notag)
+ node - o information about detector to be prepended into event Node
+ array (see Idea doc). Be careful here, you may ruin Idea
+ messages by wrongly formatted data and they are not checked
+ here in any way
------------------------------------------------------------------------------
E. Directories and locking issues
diff --git a/warden3/contrib/warden_filer/warden_filer.cfg b/warden3/contrib/warden_filer/warden_filer.cfg
index 402f518..f522778 100644
--- a/warden3/contrib/warden_filer/warden_filer.cfg
+++ b/warden3/contrib/warden_filer/warden_filer.cfg
@@ -26,9 +26,9 @@
},
// Optional information about detector to be prepended into Idea Node array
"node": {
- "Name": "cz.example.warden.test",
+ "Name": "cz.example.warden.test_sender",
"Type": ["Relay"],
- "SW": ["warden_filer"],
+ "SW": ["warden_filer-sender"],
"AggrWin": "00:05:00",
"Note": "Test warden_filer sender"
}
@@ -45,5 +45,13 @@
"tag": null,
"notag": ["Honeypot"]
}
+ // Optional information about detector to be prepended into Idea Node array
+ "node": {
+ "Name": "cz.example.warden.test_receiver",
+ "Type": ["Relay"],
+ "SW": ["warden_filer-receiver"],
+ "AggrWin": "00:05:00",
+ "Note": "Test warden_filer receiver"
+ }
}
}
diff --git a/warden3/contrib/warden_filer/warden_filer.py b/warden3/contrib/warden_filer/warden_filer.py
index b4c19c8..cabd2b8 100644
--- a/warden3/contrib/warden_filer/warden_filer.py
+++ b/warden3/contrib/warden_filer/warden_filer.py
@@ -141,6 +141,7 @@ class SafeDir(object):
def receiver(config, wclient, sdir, oneshot):
poll_time = config.get("poll_time", 5)
+ node = config.get("node", None)
conf_filt = config.get("filter", {})
filt = {}
# Extract filter explicitly to be sure we have right param names for getEvents
@@ -152,6 +153,9 @@ def receiver(config, wclient, sdir, oneshot):
count_ok = count_err = 0
while events:
for event in events:
+ if node:
+ nodelist = event.setdefault("Node", [])
+ nodelist.insert(0, node)
try:
nf = None
nf = sdir.newfile()
--
GitLab