Native warden3 time functions used

Aggregation window size bug fix

Native warden3 time functions used
e4a76559 · Michal Kostěnec · root · 98ed03c5 · e4a76559
Commit e4a76559 authored 10 years ago by Michal Kostěnec Committed by root 10 years ago
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -4,7 +4,7 @@
 # Copyright (C) 2011-2015 Cesnet z.s.p.o
 # Use of this source is governed by a 3-clause BSD-style license, see LICENSE file.
-from warden_client import Client, Error, read_cfg
+from warden_client import Client, Error, read_cfg, format_timestamp
 import json
 import string
 from time import time, gmtime, strftime
@@ -20,12 +20,6 @@ DEFAULT_WCONFIG = 'warden_client.cfg'
 DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5
-def get_precise_timestamp(epoch=None):
-    t = epoch if epoch else time()
-    us = trunc((t-trunc(t))*1000000)
-    g = gmtime(t)
-    iso = '%04d-%02d-%02dT%02d:%02d:%02d.%0dZ' % (g[0:6]+(us,))
-    return iso
 def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip4, dst_ip4, aggr_win):
@@ -63,43 +57,43 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
  return event
 def main():
-    aconfig = read_cfg(DEFAULT_ACONFIG)
+  aconfig = read_cfg(DEFAULT_ACONFIG)
-    wconfig = read_cfg(aconfig.get('warden', DEFAULT_WCONFIG))
+  wconfig = read_cfg(aconfig.get('warden', DEFAULT_WCONFIG))
-    aname = aconfig.get('name', DEFAULT_NAME)
+  aname = aconfig.get('name', DEFAULT_NAME)
-    awin = aconfig.get('awin', DEFAULT_AWIN)
+  awin = aconfig.get('awin', DEFAULT_AWIN) * 60
-    wconfig['name'] = aname
+  wconfig['name'] = aname
-    wclient = Client(**wconfig)   
+  wclient = Client(**wconfig)   
-    con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
+  con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
-                      db=aconfig['dbname'], port=aconfig['dbport'], cursorclass=mycursors.DictCursor)
+                    db=aconfig['dbname'], port=aconfig['dbport'], cursorclass=mycursors.DictCursor)
-    crs = con.cursor()
+  crs = con.cursor()
-    events = []
+  events = []
-    query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+  query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
-              FROM sessions s \
+            FROM sessions s \
-              LEFT JOIN sensors sn ON s.sensor=sn.id \
+            LEFT JOIN sensors sn ON s.sensor=sn.id \
-              WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s MINUTE) \
+            WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s SECOND) \
-              GROUP BY s.ip ORDER BY s.starttime ASC;"
+            GROUP BY s.ip ORDER BY s.starttime ASC;"
-    crs.execute(query, awin)
+  crs.execute(query, awin)
-    rows = crs.fetchall()
+  rows = crs.fetchall()
-    for row in rows:
+  for row in rows:
-      dtime = get_precise_timestamp(row['starttime'])
+    dtime = format_timestamp(row['starttime'])
-      etime = get_precise_timestamp(time())
+    etime = format_timestamp(time())
-      stime = get_precise_timestamp(time() - awin * 60)
+    stime = format_timestamp(time() - awin)
-      events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
-    print "=== Sending ==="
+  print "=== Sending ==="
-    start = time()
+  start = time()
-    ret = wclient.sendEvents(events)
+  ret = wclient.sendEvents(events)
-    if ret:
+  if ret:
-      wclient.logger.info("%d event(s) successfully delivered." % len(rows))
+    wclient.logger.info("%d event(s) successfully delivered." % len(rows))
-    print "Time: %f" % (time() - start)
+  print "Time: %f" % (time() - start)
 if __name__ == "__main__":