scripts: merge suricata/queryAlertLog.py from master

2c79de82 · Franco Fichtner · 1c4867a9 · 2c79de82
Commit 2c79de82 authored Sep 09, 2015 by Franco Fichtner
Show whitespace changes
Inline Side-by-side

Showing with 87 additions and 86 deletions

queryAlertLog.py src/opnsense/scripts/suricata/queryAlertLog.py +87 -86

No files found.
--- a/src/opnsense/scripts/suricata/queryAlertLog.py
+++ b/src/opnsense/scripts/suricata/queryAlertLog.py
@@ -39,30 +39,31 @@ from lib.log import reverse_log_reader
 from lib.params import updateParams
 from lib import suricata_alert_log

-# handle parameters
-parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''}
-updateParams(parameters)
+if __name__ == '__main__':
+    # handle parameters
+    parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''}
+    updateParams(parameters)

-# choose logfile by number
-if parameters['fileid'].isdigit():
+    # choose logfile by number
+    if parameters['fileid'].isdigit():
        suricata_log = '%s.%d'%(suricata_alert_log,int(parameters['fileid']))
-else:
+    else:
        suricata_log = suricata_alert_log

-if parameters['limit'].isdigit():
+    if parameters['limit'].isdigit():
        limit = int(parameters['limit'])
-else:
+    else:
        limit = 0

-if parameters['offset'].isdigit():
+    if parameters['offset'].isdigit():
        offset = int(parameters['offset'])
-else:
+    else:
        offset = 0


-data_filters = {}
-data_filters_comp = {}
-for filter in shlex.split(parameters['filter']):
+    data_filters = {}
+    data_filters_comp = {}
+    for filter in shlex.split(parameters['filter']):
        filterField = filter.split('/')[0]
        if filter.find('/') > -1:
            data_filters[filterField] = '/'.join(filter.split('/')[1:])
@@ -76,15 +77,15 @@ for filter in shlex.split(parameters['filter']):
                #del data_filters[filterField]
                data_filters_comp[filterField] = re.compile('.*')

-# filter one specific log line
-if 'filepos' in data_filters and data_filters['filepos'].isdigit():
+    # filter one specific log line
+    if 'filepos' in data_filters and data_filters['filepos'].isdigit():
        log_start_pos = int(data_filters['filepos'])
-else:
+    else:
        log_start_pos = None

-# query suricata eve log
-result = {'filters':data_filters,'rows':[],'total_rows':0,'origin':suricata_log.split('/')[-1]}
-if os.path.exists(suricata_log):
+    # query suricata eve log
+    result = {'filters':data_filters,'rows':[],'total_rows':0,'origin':suricata_log.split('/')[-1]}
+    if os.path.exists(suricata_log):
        for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos):
            try:
                record = ujson.loads(line['line'])
@@ -123,5 +124,5 @@ if os.path.exists(suricata_log):
            if log_start_pos != None:
                break

-# output results
-print(ujson.dumps(result))
+    # output results
+    print(ujson.dumps(result))