itrp 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/Gemfile +19 -0
- data/Gemfile.lock +86 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +23 -0
- data/Rakefile +51 -0
- data/VERSION +1 -0
- data/lib/cmd_base.rb +106 -0
- data/lib/cmd_root.rb +20 -0
- data/lib/handlers/alert.rb +27 -0
- data/lib/handlers/counter.rb +49 -0
- data/lib/handlers/delete_alerts.rb +43 -0
- data/lib/handlers/flow.rb +29 -0
- data/lib/handlers/fts.rb +32 -0
- data/lib/handlers/getkey.rb +38 -0
- data/lib/handlers/getlabel.rb +39 -0
- data/lib/handlers/help.rb +13 -0
- data/lib/handlers/list.rb +13 -0
- data/lib/handlers/list_counters.rb +32 -0
- data/lib/handlers/meters.rb +40 -0
- data/lib/handlers/options.rb +33 -0
- data/lib/handlers/query_alerts.rb +77 -0
- data/lib/handlers/query_flow.rb +73 -0
- data/lib/handlers/query_fts.rb +51 -0
- data/lib/handlers/query_resource.rb +68 -0
- data/lib/handlers/resolve.rb +34 -0
- data/lib/handlers/resource.rb +30 -0
- data/lib/handlers/set.rb +35 -0
- data/lib/handlers/timeslices.rb +31 -0
- data/lib/handlers/toppers.rb +41 -0
- data/lib/handlers/trackers.rb +49 -0
- data/lib/handlers/traffic.rb +68 -0
- data/lib/itrp.rb +140 -0
- data/test/helper.rb +34 -0
- data/test/test_itrp.rb +7 -0
- metadata +179 -0
@@ -0,0 +1,29 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_flow < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :any
|
7
|
+
@attach_cmd = 'set'
|
8
|
+
@trigger = 'flow'
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
def completions(patt)
|
13
|
+
[
|
14
|
+
"IP Flows {99A78737-4B41-4387-8F31-8077DB917336}"
|
15
|
+
].grep( /#{Regexp.escape(patt)}/i)
|
16
|
+
end
|
17
|
+
|
18
|
+
def enter(s)
|
19
|
+
patt = s.scan(/set\s+flow\s+(.*)\s+({.*}$)/).flatten
|
20
|
+
patt = ["IP Flows", "{99A78737-4B41-4387-8F31-8077DB917336}"] if patt.empty?
|
21
|
+
print("\nContext set to flow group [#{patt[0]}] [#{patt[1]}]\n\n")
|
22
|
+
@appenv.prompt = "iTRP F:(#{patt[0]})> "
|
23
|
+
@appenv.context_data[:cgguid] = patt[1]
|
24
|
+
@appenv.context_data[:cgname] = patt[0]
|
25
|
+
@appenv.context = :flow
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
data/lib/handlers/fts.rb
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_fts < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :any
|
7
|
+
@attach_cmd = 'set'
|
8
|
+
@trigger = 'fts'
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
def completions(patt)
|
13
|
+
[ "HTTP Headers {28217924-E7A5-4523-993C-44B52758D5A8}",
|
14
|
+
"SSL Certs {9FEB8ADE-ADBB-49AD-BC68-C6A02F389C71}",
|
15
|
+
].grep( /#{Regexp.escape(patt)}/i)
|
16
|
+
end
|
17
|
+
|
18
|
+
|
19
|
+
def enter(s)
|
20
|
+
patt = s.scan(/set\s+fts\s+(.*)\s+({.*}$)/).flatten
|
21
|
+
patt[0].strip!
|
22
|
+
print("\nContext set to FTS (Full Text Search) [#{patt[0]}] [#{patt[1]}]\n\n")
|
23
|
+
@appenv.prompt = "iTRP D:(#{patt[0]})> "
|
24
|
+
@appenv.context_data[:cgguid] = patt[1]
|
25
|
+
@appenv.context_data[:cgname] = patt[0]
|
26
|
+
@appenv.context = :fts
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
|
32
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_getkey < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :counter
|
7
|
+
@attach_cmd = ''
|
8
|
+
@trigger = 'getkey'
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
|
13
|
+
def enter(cmdline)
|
14
|
+
|
15
|
+
patt = cmdline.scan(/getkey (.*)/).flatten
|
16
|
+
|
17
|
+
print("Search [#{patt[0]}]\n")
|
18
|
+
req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
|
19
|
+
:counter_group => appstate(:cgguid),
|
20
|
+
:label => patt[0])
|
21
|
+
|
22
|
+
|
23
|
+
rows = []
|
24
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
25
|
+
resp.keys.each do |k|
|
26
|
+
rows << [ k.key, k.label, k.readable ]
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
|
32
|
+
puts(table)
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_getlabel < Cmd
|
4
|
+
|
5
|
+
def initialize (e)
|
6
|
+
super(e)
|
7
|
+
@enabled_in_state = :counter
|
8
|
+
@attach_cmd = ''
|
9
|
+
@trigger = 'getlabel'
|
10
|
+
end
|
11
|
+
|
12
|
+
def enter(cmdline)
|
13
|
+
|
14
|
+
patt = cmdline.scan(/getlabel (.*)/).flatten
|
15
|
+
|
16
|
+
print("Search [#{patt[0]}]\n")
|
17
|
+
req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
|
18
|
+
:counter_group => appstate(:cgguid),
|
19
|
+
:pattern => patt[0])
|
20
|
+
|
21
|
+
|
22
|
+
rows = []
|
23
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
24
|
+
resp.keys.each do |k|
|
25
|
+
rows << [ k.key, k.label, k.readable ]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
|
30
|
+
table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
|
31
|
+
puts(table)
|
32
|
+
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_cglist < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :any
|
7
|
+
@attach_cmd = 'list'
|
8
|
+
@trigger = 'counters'
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
def enter(cmdline)
|
13
|
+
req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST)
|
14
|
+
|
15
|
+
rows = []
|
16
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
17
|
+
resp.group_details.each do |group_detail|
|
18
|
+
rows << [ group_detail.name,
|
19
|
+
group_detail.guid,
|
20
|
+
group_detail.bucket_size.to_i/1000
|
21
|
+
]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
table = Terminal::Table.new :headings => %w(name guid bs), :rows => rows
|
26
|
+
puts(table)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
|
@@ -0,0 +1,40 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_meters < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :counter
|
7
|
+
@attach_cmd = ''
|
8
|
+
@trigger = 'meters'
|
9
|
+
end
|
10
|
+
|
11
|
+
def enter(cmdline)
|
12
|
+
req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST,
|
13
|
+
:counter_group => @appenv.context_data[:cgguid],
|
14
|
+
:get_meter_info => true )
|
15
|
+
|
16
|
+
rows = []
|
17
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
18
|
+
resp.group_details.each do |group_detail|
|
19
|
+
group_detail.meters.each do |meter|
|
20
|
+
rows << [ meter.id,
|
21
|
+
meter.name,
|
22
|
+
meter.description,
|
23
|
+
meter.type,
|
24
|
+
meter.topcount,
|
25
|
+
meter.units]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
table = Terminal::Table.new(
|
31
|
+
:headings => %w(MeterNo Name Description Type TopperCount Units),
|
32
|
+
:rows => rows)
|
33
|
+
|
34
|
+
puts(table)
|
35
|
+
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_options < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :any
|
7
|
+
@attach_cmd = 'set'
|
8
|
+
@trigger = 'options'
|
9
|
+
end
|
10
|
+
|
11
|
+
def completions(patt)
|
12
|
+
[ "maxitems", "key", "resolve_keys" ].grep( /^#{Regexp.escape(patt)}/i)
|
13
|
+
end
|
14
|
+
|
15
|
+
def enter(cmdline)
|
16
|
+
|
17
|
+
terms = cmdline.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
18
|
+
|
19
|
+
terms.each do |a|
|
20
|
+
val = case a[0]
|
21
|
+
when 'maxitems'; a[1].to_i
|
22
|
+
when 'resolve_keys'; a[1] == "true"
|
23
|
+
else; a[1]
|
24
|
+
end
|
25
|
+
@appenv.context_data.store( a[0].to_sym, val )
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
|
@@ -0,0 +1,77 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_query_alerts < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :alerts
|
7
|
+
@attach_cmd = ''
|
8
|
+
@trigger = 'query'
|
9
|
+
end
|
10
|
+
|
11
|
+
def completions(patt)
|
12
|
+
TRP::QueryAlertsRequest
|
13
|
+
.fields
|
14
|
+
.values
|
15
|
+
.collect { |a| a.name }
|
16
|
+
.grep( /^#{Regexp.escape(patt)}/i)
|
17
|
+
end
|
18
|
+
|
19
|
+
def enter(patt)
|
20
|
+
|
21
|
+
terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
22
|
+
qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
|
23
|
+
|
24
|
+
[:maxitems].each do |a|
|
25
|
+
qparams[a] = qparams[a].to_i if qparams.key? a
|
26
|
+
end
|
27
|
+
|
28
|
+
[:idlist].each do |a|
|
29
|
+
qparams[a] = qparams[a].split(',') if qparams.key? a
|
30
|
+
end
|
31
|
+
|
32
|
+
p qparams
|
33
|
+
|
34
|
+
|
35
|
+
req =mk_request(TRP::Message::Command::QUERY_ALERTS_REQUEST,
|
36
|
+
{ :alert_group => appstate(:cgguid),
|
37
|
+
:time_interval => appstate(:time_interval)
|
38
|
+
}.merge(qparams))
|
39
|
+
|
40
|
+
|
41
|
+
rows = []
|
42
|
+
|
43
|
+
labelfmt = lambda do |fld|
|
44
|
+
fld.label.empty? ? fld.key : fld.label
|
45
|
+
end
|
46
|
+
|
47
|
+
get_response_zmq(@zmq_endpt,req) do |resp|
|
48
|
+
|
49
|
+
resp.alerts.each do | res |
|
50
|
+
|
51
|
+
|
52
|
+
rows << [ "#{res.alert_id}",
|
53
|
+
Time.at( res.time.tv_sec).to_s(),
|
54
|
+
res.occurrances,
|
55
|
+
res.source_ip.label,
|
56
|
+
res.source_port.label,
|
57
|
+
res.destination_ip.label,
|
58
|
+
res.destination_port.label,
|
59
|
+
res.sigid.key,
|
60
|
+
res.priority.key,
|
61
|
+
res.classification.key
|
62
|
+
]
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
|
67
|
+
table = Terminal::Table.new(
|
68
|
+
:headings => %w(ID Time Count SourceIP Port DestIP Port SigID Prio Class ),
|
69
|
+
:rows => rows)
|
70
|
+
puts(table)
|
71
|
+
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_query_flow < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :flow
|
7
|
+
@attach_cmd = ''
|
8
|
+
@trigger = 'query'
|
9
|
+
end
|
10
|
+
|
11
|
+
def completions(patt)
|
12
|
+
TRP::QuerySessionsRequest
|
13
|
+
.fields
|
14
|
+
.values
|
15
|
+
.collect { |a| a.name }
|
16
|
+
.grep( /^#{Regexp.escape(patt)}/i)
|
17
|
+
end
|
18
|
+
|
19
|
+
def enter(patt)
|
20
|
+
|
21
|
+
terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
22
|
+
qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
|
23
|
+
|
24
|
+
[:maxitems].each do |a|
|
25
|
+
qparams[a] = qparams[a].to_i if qparams.key? a
|
26
|
+
end
|
27
|
+
|
28
|
+
[:idlist].each do |a|
|
29
|
+
qparams[a] = qparams[a].split(',') if qparams.key? a
|
30
|
+
end
|
31
|
+
|
32
|
+
p qparams
|
33
|
+
|
34
|
+
# meter names
|
35
|
+
req =mk_request(TRP::Message::Command::QUERY_SESSIONS_REQUEST ,
|
36
|
+
{
|
37
|
+
:session_group => appstate(:cgguid),
|
38
|
+
:time_interval => appstate(:time_interval),
|
39
|
+
:resolve_keys => true,
|
40
|
+
}.merge(qparams))
|
41
|
+
|
42
|
+
rows = []
|
43
|
+
|
44
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
45
|
+
|
46
|
+
resp.sessions.each do | sess |
|
47
|
+
|
48
|
+
rows << [ "#{sess.session_id}",
|
49
|
+
Time.at( sess.time_interval.from.tv_sec).to_s(),
|
50
|
+
sess.time_interval.to.tv_sec - sess.time_interval.from.tv_sec,
|
51
|
+
sess.protocol.label,
|
52
|
+
sess.key1A.label,
|
53
|
+
sess.key1Z.label,
|
54
|
+
sess.key2A.label,
|
55
|
+
sess.key2Z.label,
|
56
|
+
sess.az_bytes + sess.za_bytes
|
57
|
+
]
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
table = Terminal::Table.new(
|
63
|
+
:headings => %w(ID Time Dur Prot SourceIP DestIP SPort DPort Volume),
|
64
|
+
:rows => rows)
|
65
|
+
puts(table)
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
|
@@ -0,0 +1,51 @@
|
|
1
|
+
module ITRP
|
2
|
+
|
3
|
+
class Cmd_query_fts < Cmd
|
4
|
+
def initialize (e)
|
5
|
+
super(e)
|
6
|
+
@enabled_in_state = :fts
|
7
|
+
@attach_cmd = ''
|
8
|
+
@trigger = 'query'
|
9
|
+
end
|
10
|
+
|
11
|
+
def completions(patt)
|
12
|
+
%w( keywords )
|
13
|
+
end
|
14
|
+
|
15
|
+
def enter(patt)
|
16
|
+
|
17
|
+
terms = patt.scan( /keywords\s*=\s*(.+)/ )
|
18
|
+
|
19
|
+
req =mk_request(TRP::Message::Command::QUERY_FTS_REQUEST,
|
20
|
+
{ :fts_group => appstate(:cgguid),
|
21
|
+
:time_interval => appstate(:time_interval),
|
22
|
+
:maxitems => 20,
|
23
|
+
:keywords => terms.flatten.first
|
24
|
+
})
|
25
|
+
|
26
|
+
|
27
|
+
rows = []
|
28
|
+
|
29
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
30
|
+
|
31
|
+
resp.documents.each do | doc |
|
32
|
+
rows << [ doc.dockey,
|
33
|
+
doc.flows.inject("") do |acc,item|
|
34
|
+
item.key
|
35
|
+
end,
|
36
|
+
'wrap(doc.fullcontent,60)',
|
37
|
+
]
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
table = Terminal::Table.new(
|
43
|
+
:headings => %w(DocID Flows Content),
|
44
|
+
:rows => rows)
|
45
|
+
puts(table)
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
|