Correct timestamp used

IPv6 address supported

Correct timestamp used
a06a23d1 · Michal Kostěnec · root · 1308a6d9 · a06a23d1
Commit a06a23d1 authored 9 years ago by Michal Kostěnec Committed by root 9 years ago
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -21,7 +21,7 @@ DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5


-def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip4, dst_ip4, aggr_win):
+def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win):

  event = {
     "Format": "IDEA0",
@@ -32,14 +32,9 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
     "Category": ["Attempt.Login"],
     "Note": "SSH login attempt",
     "ConnCount": conn_count,
-     "Source": [
-        { 
-          "IP4": [src_ip4],
-        }
-     ],
+     "Source": [{}],
     "Target": [
        {
-           "IP4": [dst_ip4],
           "Proto": ["tcp", "ssh"],
           "Port" : [22]
        }
@@ -54,6 +49,10 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
     ]
  }

+  af = "IP4" if not ':' in src_ip else "IP6"
+  event['Source'][0][af] = [src_ip]
+  event['Target'][0][af] = [dst_ip]
+
  return event

 def main():
@@ -72,7 +71,7 @@ def main():
  crs = con.cursor()

  events = []
-  query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+  query =  "SELECT UNIX_TIMESTAMP(CONVERT_TZ(s.starttime, '+00:00', @@global.time_zone)) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
            FROM sessions s \
            LEFT JOIN sensors sn ON s.sensor=sn.id \
            WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s SECOND) \
@@ -84,7 +83,7 @@ def main():
    dtime = format_timestamp(row['starttime'])
    etime = format_timestamp(time())
    stime = format_timestamp(time() - awin)
-    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin))
      
  print "=== Sending ==="
  start = time()