From e4a765591c20f648a9309fd41a93fc8170a1e52b Mon Sep 17 00:00:00 2001
From: Michal Kostenec <kostenec@cesnet.cz>
Date: Thu, 16 Apr 2015 08:59:32 +0200
Subject: [PATCH] Native warden3 time functions used Aggregation window size
 bug fix

---
 .../hp-kippo/warden3-kippo-sender.py          | 72 +++++++++----------
 1 file changed, 33 insertions(+), 39 deletions(-)

diff --git a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
index 1561715..b7fba0b 100644
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -4,7 +4,7 @@
 # Copyright (C) 2011-2015 Cesnet z.s.p.o
 # Use of this source is governed by a 3-clause BSD-style license, see LICENSE file.
 
-from warden_client import Client, Error, read_cfg
+from warden_client import Client, Error, read_cfg, format_timestamp
 import json
 import string
 from time import time, gmtime, strftime
@@ -20,12 +20,6 @@ DEFAULT_WCONFIG = 'warden_client.cfg'
 DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5
 
-def get_precise_timestamp(epoch=None):
-    t = epoch if epoch else time()
-    us = trunc((t-trunc(t))*1000000)
-    g = gmtime(t)
-    iso = '%04d-%02d-%02dT%02d:%02d:%02d.%0dZ' % (g[0:6]+(us,))
-    return iso
 
 def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip4, dst_ip4, aggr_win):
 
@@ -63,43 +57,43 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
   return event
 
 def main():
-    aconfig = read_cfg(DEFAULT_ACONFIG)
-    wconfig = read_cfg(aconfig.get('warden', DEFAULT_WCONFIG))
-    
-    aname = aconfig.get('name', DEFAULT_NAME)
-    awin = aconfig.get('awin', DEFAULT_AWIN)
-    wconfig['name'] = aname
+  aconfig = read_cfg(DEFAULT_ACONFIG)
+  wconfig = read_cfg(aconfig.get('warden', DEFAULT_WCONFIG))
+  
+  aname = aconfig.get('name', DEFAULT_NAME)
+  awin = aconfig.get('awin', DEFAULT_AWIN) * 60
+  wconfig['name'] = aname
 
-    wclient = Client(**wconfig)   
+  wclient = Client(**wconfig)   
 
-    con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
-                      db=aconfig['dbname'], port=aconfig['dbport'], cursorclass=mycursors.DictCursor)
-    
-    crs = con.cursor()
+  con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
+                    db=aconfig['dbname'], port=aconfig['dbport'], cursorclass=mycursors.DictCursor)
+  
+  crs = con.cursor()
 
-    events = []
-    query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
-              FROM sessions s \
-              LEFT JOIN sensors sn ON s.sensor=sn.id \
-              WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s MINUTE) \
-              GROUP BY s.ip ORDER BY s.starttime ASC;"
+  events = []
+  query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+            FROM sessions s \
+            LEFT JOIN sensors sn ON s.sensor=sn.id \
+            WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s SECOND) \
+            GROUP BY s.ip ORDER BY s.starttime ASC;"
 
-    crs.execute(query, awin)
-    rows = crs.fetchall()
-    for row in rows:
-      dtime = get_precise_timestamp(row['starttime'])
-      etime = get_precise_timestamp(time())
-      stime = get_precise_timestamp(time() - awin * 60)
-      events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
-        
-    print "=== Sending ==="
-    start = time()
-    ret = wclient.sendEvents(events)
-    
-    if ret:
-      wclient.logger.info("%d event(s) successfully delivered." % len(rows))
+  crs.execute(query, awin)
+  rows = crs.fetchall()
+  for row in rows:
+    dtime = format_timestamp(row['starttime'])
+    etime = format_timestamp(time())
+    stime = format_timestamp(time() - awin)
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
+      
+  print "=== Sending ==="
+  start = time()
+  ret = wclient.sendEvents(events)
+  
+  if ret:
+    wclient.logger.info("%d event(s) successfully delivered." % len(rows))
 
-    print "Time: %f" % (time() - start)
+  print "Time: %f" % (time() - start)
 
 
 if __name__ == "__main__":
-- 
GitLab