itrp 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. checksums.yaml +7 -0
  2. data/.document +5 -0
  3. data/Gemfile +19 -0
  4. data/Gemfile.lock +86 -0
  5. data/LICENSE.txt +20 -0
  6. data/README.rdoc +23 -0
  7. data/Rakefile +51 -0
  8. data/VERSION +1 -0
  9. data/lib/cmd_base.rb +106 -0
  10. data/lib/cmd_root.rb +20 -0
  11. data/lib/handlers/alert.rb +27 -0
  12. data/lib/handlers/counter.rb +49 -0
  13. data/lib/handlers/delete_alerts.rb +43 -0
  14. data/lib/handlers/flow.rb +29 -0
  15. data/lib/handlers/fts.rb +32 -0
  16. data/lib/handlers/getkey.rb +38 -0
  17. data/lib/handlers/getlabel.rb +39 -0
  18. data/lib/handlers/help.rb +13 -0
  19. data/lib/handlers/list.rb +13 -0
  20. data/lib/handlers/list_counters.rb +32 -0
  21. data/lib/handlers/meters.rb +40 -0
  22. data/lib/handlers/options.rb +33 -0
  23. data/lib/handlers/query_alerts.rb +77 -0
  24. data/lib/handlers/query_flow.rb +73 -0
  25. data/lib/handlers/query_fts.rb +51 -0
  26. data/lib/handlers/query_resource.rb +68 -0
  27. data/lib/handlers/resolve.rb +34 -0
  28. data/lib/handlers/resource.rb +30 -0
  29. data/lib/handlers/set.rb +35 -0
  30. data/lib/handlers/timeslices.rb +31 -0
  31. data/lib/handlers/toppers.rb +41 -0
  32. data/lib/handlers/trackers.rb +49 -0
  33. data/lib/handlers/traffic.rb +68 -0
  34. data/lib/itrp.rb +140 -0
  35. data/test/helper.rb +34 -0
  36. data/test/test_itrp.rb +7 -0
  37. metadata +179 -0
data/lib/handlers/flow.rb ADDED
@@ -0,0 +1,29 @@
1
+ module ITRP
2
+
3
+ class Cmd_flow < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'flow'
9
+ end
10
+
11
+
12
+ def completions(patt)
13
+ [
14
+ "IP Flows {99A78737-4B41-4387-8F31-8077DB917336}"
15
+ ].grep( /#{Regexp.escape(patt)}/i)
16
+ end
17
+
18
+ def enter(s)
19
+ patt = s.scan(/set\s+flow\s+(.*)\s+({.*}$)/).flatten
20
+ patt = ["IP Flows", "{99A78737-4B41-4387-8F31-8077DB917336}"] if patt.empty?
21
+ print("\nContext set to flow group [#{patt[0]}] [#{patt[1]}]\n\n")
22
+ @appenv.prompt = "iTRP F:(#{patt[0]})> "
23
+ @appenv.context_data[:cgguid] = patt[1]
24
+ @appenv.context_data[:cgname] = patt[0]
25
+ @appenv.context = :flow
26
+ end
27
+ end
28
+
29
+ end
data/lib/handlers/fts.rb ADDED
@@ -0,0 +1,32 @@
1
+ module ITRP
2
+
3
+ class Cmd_fts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'fts'
9
+ end
10
+
11
+
12
+ def completions(patt)
13
+ [ "HTTP Headers {28217924-E7A5-4523-993C-44B52758D5A8}",
14
+ "SSL Certs {9FEB8ADE-ADBB-49AD-BC68-C6A02F389C71}",
15
+ ].grep( /#{Regexp.escape(patt)}/i)
16
+ end
17
+
18
+
19
+ def enter(s)
20
+ patt = s.scan(/set\s+fts\s+(.*)\s+({.*}$)/).flatten
21
+ patt[0].strip!
22
+ print("\nContext set to FTS (Full Text Search) [#{patt[0]}] [#{patt[1]}]\n\n")
23
+ @appenv.prompt = "iTRP D:(#{patt[0]})> "
24
+ @appenv.context_data[:cgguid] = patt[1]
25
+ @appenv.context_data[:cgname] = patt[0]
26
+ @appenv.context = :fts
27
+ end
28
+ end
29
+
30
+
31
+
32
+ end
data/lib/handlers/getkey.rb ADDED
@@ -0,0 +1,38 @@
1
+ module ITRP
2
+
3
+ class Cmd_getkey < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :counter
7
+ @attach_cmd = ''
8
+ @trigger = 'getkey'
9
+ end
10
+
11
+
12
+
13
+ def enter(cmdline)
14
+
15
+ patt = cmdline.scan(/getkey (.*)/).flatten
16
+
17
+ print("Search [#{patt[0]}]\n")
18
+ req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
19
+ :counter_group => appstate(:cgguid),
20
+ :label => patt[0])
21
+
22
+
23
+ rows = []
24
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
25
+ resp.keys.each do |k|
26
+ rows << [ k.key, k.label, k.readable ]
27
+ end
28
+ end
29
+
30
+
31
+ table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
32
+ puts(table)
33
+
34
+ end
35
+
36
+ end
37
+ end
38
+
data/lib/handlers/getlabel.rb ADDED
@@ -0,0 +1,39 @@
1
+ module ITRP
2
+
3
+ class Cmd_getlabel < Cmd
4
+
5
+ def initialize (e)
6
+ super(e)
7
+ @enabled_in_state = :counter
8
+ @attach_cmd = ''
9
+ @trigger = 'getlabel'
10
+ end
11
+
12
+ def enter(cmdline)
13
+
14
+ patt = cmdline.scan(/getlabel (.*)/).flatten
15
+
16
+ print("Search [#{patt[0]}]\n")
17
+ req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
18
+ :counter_group => appstate(:cgguid),
19
+ :pattern => patt[0])
20
+
21
+
22
+ rows = []
23
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
24
+ resp.keys.each do |k|
25
+ rows << [ k.key, k.label, k.readable ]
26
+ end
27
+ end
28
+
29
+
30
+ table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
31
+ puts(table)
32
+
33
+ end
34
+
35
+ end
36
+ end
37
+
38
+
39
+
data/lib/handlers/help.rb ADDED
@@ -0,0 +1,13 @@
1
+ module ITRP
2
+
3
+ class Cmd_help < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = ''
8
+ @trigger = 'help'
9
+ end
10
+ end
11
+
12
+ end
13
+
data/lib/handlers/list.rb ADDED
@@ -0,0 +1,13 @@
1
+ module ITRP
2
+
3
+ class Cmd_list < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = ''
8
+ @trigger = 'list'
9
+ end
10
+ end
11
+
12
+ end
13
+
data/lib/handlers/list_counters.rb ADDED
@@ -0,0 +1,32 @@
1
+ module ITRP
2
+
3
+ class Cmd_cglist < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'list'
8
+ @trigger = 'counters'
9
+ end
10
+
11
+
12
+ def enter(cmdline)
13
+ req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST)
14
+
15
+ rows = []
16
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
17
+ resp.group_details.each do |group_detail|
18
+ rows << [ group_detail.name,
19
+ group_detail.guid,
20
+ group_detail.bucket_size.to_i/1000
21
+ ]
22
+ end
23
+ end
24
+
25
+ table = Terminal::Table.new :headings => %w(name guid bs), :rows => rows
26
+ puts(table)
27
+ end
28
+
29
+ end
30
+ end
31
+
32
+
data/lib/handlers/meters.rb ADDED
@@ -0,0 +1,40 @@
1
+ module ITRP
2
+
3
+ class Cmd_meters < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :counter
7
+ @attach_cmd = ''
8
+ @trigger = 'meters'
9
+ end
10
+
11
+ def enter(cmdline)
12
+ req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST,
13
+ :counter_group => @appenv.context_data[:cgguid],
14
+ :get_meter_info => true )
15
+
16
+ rows = []
17
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
18
+ resp.group_details.each do |group_detail|
19
+ group_detail.meters.each do |meter|
20
+ rows << [ meter.id,
21
+ meter.name,
22
+ meter.description,
23
+ meter.type,
24
+ meter.topcount,
25
+ meter.units]
26
+ end
27
+ end
28
+ end
29
+
30
+ table = Terminal::Table.new(
31
+ :headings => %w(MeterNo Name Description Type TopperCount Units),
32
+ :rows => rows)
33
+
34
+ puts(table)
35
+
36
+ end
37
+ end
38
+
39
+ end
40
+
data/lib/handlers/options.rb ADDED
@@ -0,0 +1,33 @@
1
+ module ITRP
2
+
3
+ class Cmd_options < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'options'
9
+ end
10
+
11
+ def completions(patt)
12
+ [ "maxitems", "key", "resolve_keys" ].grep( /^#{Regexp.escape(patt)}/i)
13
+ end
14
+
15
+ def enter(cmdline)
16
+
17
+ terms = cmdline.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
18
+
19
+ terms.each do |a|
20
+ val = case a[0]
21
+ when 'maxitems'; a[1].to_i
22
+ when 'resolve_keys'; a[1] == "true"
23
+ else; a[1]
24
+ end
25
+ @appenv.context_data.store( a[0].to_sym, val )
26
+ end
27
+
28
+ end
29
+
30
+ end
31
+ end
32
+
33
+
data/lib/handlers/query_alerts.rb ADDED
@@ -0,0 +1,77 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_alerts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :alerts
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ TRP::QueryAlertsRequest
13
+ .fields
14
+ .values
15
+ .collect { |a| a.name }
16
+ .grep( /^#{Regexp.escape(patt)}/i)
17
+ end
18
+
19
+ def enter(patt)
20
+
21
+ terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
22
+ qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
23
+
24
+ [:maxitems].each do |a|
25
+ qparams[a] = qparams[a].to_i if qparams.key? a
26
+ end
27
+
28
+ [:idlist].each do |a|
29
+ qparams[a] = qparams[a].split(',') if qparams.key? a
30
+ end
31
+
32
+ p qparams
33
+
34
+
35
+ req =mk_request(TRP::Message::Command::QUERY_ALERTS_REQUEST,
36
+ { :alert_group => appstate(:cgguid),
37
+ :time_interval => appstate(:time_interval)
38
+ }.merge(qparams))
39
+
40
+
41
+ rows = []
42
+
43
+ labelfmt = lambda do |fld|
44
+ fld.label.empty? ? fld.key : fld.label
45
+ end
46
+
47
+ get_response_zmq(@zmq_endpt,req) do |resp|
48
+
49
+ resp.alerts.each do | res |
50
+
51
+
52
+ rows << [ "#{res.alert_id}",
53
+ Time.at( res.time.tv_sec).to_s(),
54
+ res.occurrances,
55
+ res.source_ip.label,
56
+ res.source_port.label,
57
+ res.destination_ip.label,
58
+ res.destination_port.label,
59
+ res.sigid.key,
60
+ res.priority.key,
61
+ res.classification.key
62
+ ]
63
+ end
64
+
65
+ end
66
+
67
+ table = Terminal::Table.new(
68
+ :headings => %w(ID Time Count SourceIP Port DestIP Port SigID Prio Class ),
69
+ :rows => rows)
70
+ puts(table)
71
+
72
+ end
73
+
74
+ end
75
+ end
76
+
77
+
data/lib/handlers/query_flow.rb ADDED
@@ -0,0 +1,73 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_flow < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :flow
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ TRP::QuerySessionsRequest
13
+ .fields
14
+ .values
15
+ .collect { |a| a.name }
16
+ .grep( /^#{Regexp.escape(patt)}/i)
17
+ end
18
+
19
+ def enter(patt)
20
+
21
+ terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
22
+ qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
23
+
24
+ [:maxitems].each do |a|
25
+ qparams[a] = qparams[a].to_i if qparams.key? a
26
+ end
27
+
28
+ [:idlist].each do |a|
29
+ qparams[a] = qparams[a].split(',') if qparams.key? a
30
+ end
31
+
32
+ p qparams
33
+
34
+ # meter names
35
+ req =mk_request(TRP::Message::Command::QUERY_SESSIONS_REQUEST ,
36
+ {
37
+ :session_group => appstate(:cgguid),
38
+ :time_interval => appstate(:time_interval),
39
+ :resolve_keys => true,
40
+ }.merge(qparams))
41
+
42
+ rows = []
43
+
44
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
45
+
46
+ resp.sessions.each do | sess |
47
+
48
+ rows << [ "#{sess.session_id}",
49
+ Time.at( sess.time_interval.from.tv_sec).to_s(),
50
+ sess.time_interval.to.tv_sec - sess.time_interval.from.tv_sec,
51
+ sess.protocol.label,
52
+ sess.key1A.label,
53
+ sess.key1Z.label,
54
+ sess.key2A.label,
55
+ sess.key2Z.label,
56
+ sess.az_bytes + sess.za_bytes
57
+ ]
58
+ end
59
+
60
+ end
61
+
62
+ table = Terminal::Table.new(
63
+ :headings => %w(ID Time Dur Prot SourceIP DestIP SPort DPort Volume),
64
+ :rows => rows)
65
+ puts(table)
66
+
67
+ end
68
+
69
+
70
+ end
71
+ end
72
+
73
+
data/lib/handlers/query_fts.rb ADDED
@@ -0,0 +1,51 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_fts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :fts
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ %w( keywords )
13
+ end
14
+
15
+ def enter(patt)
16
+
17
+ terms = patt.scan( /keywords\s*=\s*(.+)/ )
18
+
19
+ req =mk_request(TRP::Message::Command::QUERY_FTS_REQUEST,
20
+ { :fts_group => appstate(:cgguid),
21
+ :time_interval => appstate(:time_interval),
22
+ :maxitems => 20,
23
+ :keywords => terms.flatten.first
24
+ })
25
+
26
+
27
+ rows = []
28
+
29
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
30
+
31
+ resp.documents.each do | doc |
32
+ rows << [ doc.dockey,
33
+ doc.flows.inject("") do |acc,item|
34
+ item.key
35
+ end,
36
+ 'wrap(doc.fullcontent,60)',
37
+ ]
38
+ end
39
+
40
+ end
41
+
42
+ table = Terminal::Table.new(
43
+ :headings => %w(DocID Flows Content),
44
+ :rows => rows)
45
+ puts(table)
46
+ end
47
+
48
+ end
49
+ end
50
+
51
+