itrp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,29 @@
1
+ module ITRP
2
+
3
+ class Cmd_flow < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'flow'
9
+ end
10
+
11
+
12
+ def completions(patt)
13
+ [
14
+ "IP Flows {99A78737-4B41-4387-8F31-8077DB917336}"
15
+ ].grep( /#{Regexp.escape(patt)}/i)
16
+ end
17
+
18
+ def enter(s)
19
+ patt = s.scan(/set\s+flow\s+(.*)\s+({.*}$)/).flatten
20
+ patt = ["IP Flows", "{99A78737-4B41-4387-8F31-8077DB917336}"] if patt.empty?
21
+ print("\nContext set to flow group [#{patt[0]}] [#{patt[1]}]\n\n")
22
+ @appenv.prompt = "iTRP F:(#{patt[0]})> "
23
+ @appenv.context_data[:cgguid] = patt[1]
24
+ @appenv.context_data[:cgname] = patt[0]
25
+ @appenv.context = :flow
26
+ end
27
+ end
28
+
29
+ end
@@ -0,0 +1,32 @@
1
+ module ITRP
2
+
3
+ class Cmd_fts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'fts'
9
+ end
10
+
11
+
12
+ def completions(patt)
13
+ [ "HTTP Headers {28217924-E7A5-4523-993C-44B52758D5A8}",
14
+ "SSL Certs {9FEB8ADE-ADBB-49AD-BC68-C6A02F389C71}",
15
+ ].grep( /#{Regexp.escape(patt)}/i)
16
+ end
17
+
18
+
19
+ def enter(s)
20
+ patt = s.scan(/set\s+fts\s+(.*)\s+({.*}$)/).flatten
21
+ patt[0].strip!
22
+ print("\nContext set to FTS (Full Text Search) [#{patt[0]}] [#{patt[1]}]\n\n")
23
+ @appenv.prompt = "iTRP D:(#{patt[0]})> "
24
+ @appenv.context_data[:cgguid] = patt[1]
25
+ @appenv.context_data[:cgname] = patt[0]
26
+ @appenv.context = :fts
27
+ end
28
+ end
29
+
30
+
31
+
32
+ end
@@ -0,0 +1,38 @@
1
+ module ITRP
2
+
3
+ class Cmd_getkey < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :counter
7
+ @attach_cmd = ''
8
+ @trigger = 'getkey'
9
+ end
10
+
11
+
12
+
13
+ def enter(cmdline)
14
+
15
+ patt = cmdline.scan(/getkey (.*)/).flatten
16
+
17
+ print("Search [#{patt[0]}]\n")
18
+ req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
19
+ :counter_group => appstate(:cgguid),
20
+ :label => patt[0])
21
+
22
+
23
+ rows = []
24
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
25
+ resp.keys.each do |k|
26
+ rows << [ k.key, k.label, k.readable ]
27
+ end
28
+ end
29
+
30
+
31
+ table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
32
+ puts(table)
33
+
34
+ end
35
+
36
+ end
37
+ end
38
+
@@ -0,0 +1,39 @@
1
+ module ITRP
2
+
3
+ class Cmd_getlabel < Cmd
4
+
5
+ def initialize (e)
6
+ super(e)
7
+ @enabled_in_state = :counter
8
+ @attach_cmd = ''
9
+ @trigger = 'getlabel'
10
+ end
11
+
12
+ def enter(cmdline)
13
+
14
+ patt = cmdline.scan(/getlabel (.*)/).flatten
15
+
16
+ print("Search [#{patt[0]}]\n")
17
+ req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
18
+ :counter_group => appstate(:cgguid),
19
+ :pattern => patt[0])
20
+
21
+
22
+ rows = []
23
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
24
+ resp.keys.each do |k|
25
+ rows << [ k.key, k.label, k.readable ]
26
+ end
27
+ end
28
+
29
+
30
+ table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
31
+ puts(table)
32
+
33
+ end
34
+
35
+ end
36
+ end
37
+
38
+
39
+
@@ -0,0 +1,13 @@
1
+ module ITRP
2
+
3
+ class Cmd_help < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = ''
8
+ @trigger = 'help'
9
+ end
10
+ end
11
+
12
+ end
13
+
@@ -0,0 +1,13 @@
1
+ module ITRP
2
+
3
+ class Cmd_list < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = ''
8
+ @trigger = 'list'
9
+ end
10
+ end
11
+
12
+ end
13
+
@@ -0,0 +1,32 @@
1
+ module ITRP
2
+
3
+ class Cmd_cglist < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'list'
8
+ @trigger = 'counters'
9
+ end
10
+
11
+
12
+ def enter(cmdline)
13
+ req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST)
14
+
15
+ rows = []
16
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
17
+ resp.group_details.each do |group_detail|
18
+ rows << [ group_detail.name,
19
+ group_detail.guid,
20
+ group_detail.bucket_size.to_i/1000
21
+ ]
22
+ end
23
+ end
24
+
25
+ table = Terminal::Table.new :headings => %w(name guid bs), :rows => rows
26
+ puts(table)
27
+ end
28
+
29
+ end
30
+ end
31
+
32
+
@@ -0,0 +1,40 @@
1
+ module ITRP
2
+
3
+ class Cmd_meters < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :counter
7
+ @attach_cmd = ''
8
+ @trigger = 'meters'
9
+ end
10
+
11
+ def enter(cmdline)
12
+ req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST,
13
+ :counter_group => @appenv.context_data[:cgguid],
14
+ :get_meter_info => true )
15
+
16
+ rows = []
17
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
18
+ resp.group_details.each do |group_detail|
19
+ group_detail.meters.each do |meter|
20
+ rows << [ meter.id,
21
+ meter.name,
22
+ meter.description,
23
+ meter.type,
24
+ meter.topcount,
25
+ meter.units]
26
+ end
27
+ end
28
+ end
29
+
30
+ table = Terminal::Table.new(
31
+ :headings => %w(MeterNo Name Description Type TopperCount Units),
32
+ :rows => rows)
33
+
34
+ puts(table)
35
+
36
+ end
37
+ end
38
+
39
+ end
40
+
@@ -0,0 +1,33 @@
1
+ module ITRP
2
+
3
+ class Cmd_options < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :any
7
+ @attach_cmd = 'set'
8
+ @trigger = 'options'
9
+ end
10
+
11
+ def completions(patt)
12
+ [ "maxitems", "key", "resolve_keys" ].grep( /^#{Regexp.escape(patt)}/i)
13
+ end
14
+
15
+ def enter(cmdline)
16
+
17
+ terms = cmdline.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
18
+
19
+ terms.each do |a|
20
+ val = case a[0]
21
+ when 'maxitems'; a[1].to_i
22
+ when 'resolve_keys'; a[1] == "true"
23
+ else; a[1]
24
+ end
25
+ @appenv.context_data.store( a[0].to_sym, val )
26
+ end
27
+
28
+ end
29
+
30
+ end
31
+ end
32
+
33
+
@@ -0,0 +1,77 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_alerts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :alerts
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ TRP::QueryAlertsRequest
13
+ .fields
14
+ .values
15
+ .collect { |a| a.name }
16
+ .grep( /^#{Regexp.escape(patt)}/i)
17
+ end
18
+
19
+ def enter(patt)
20
+
21
+ terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
22
+ qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
23
+
24
+ [:maxitems].each do |a|
25
+ qparams[a] = qparams[a].to_i if qparams.key? a
26
+ end
27
+
28
+ [:idlist].each do |a|
29
+ qparams[a] = qparams[a].split(',') if qparams.key? a
30
+ end
31
+
32
+ p qparams
33
+
34
+
35
+ req =mk_request(TRP::Message::Command::QUERY_ALERTS_REQUEST,
36
+ { :alert_group => appstate(:cgguid),
37
+ :time_interval => appstate(:time_interval)
38
+ }.merge(qparams))
39
+
40
+
41
+ rows = []
42
+
43
+ labelfmt = lambda do |fld|
44
+ fld.label.empty? ? fld.key : fld.label
45
+ end
46
+
47
+ get_response_zmq(@zmq_endpt,req) do |resp|
48
+
49
+ resp.alerts.each do | res |
50
+
51
+
52
+ rows << [ "#{res.alert_id}",
53
+ Time.at( res.time.tv_sec).to_s(),
54
+ res.occurrances,
55
+ res.source_ip.label,
56
+ res.source_port.label,
57
+ res.destination_ip.label,
58
+ res.destination_port.label,
59
+ res.sigid.key,
60
+ res.priority.key,
61
+ res.classification.key
62
+ ]
63
+ end
64
+
65
+ end
66
+
67
+ table = Terminal::Table.new(
68
+ :headings => %w(ID Time Count SourceIP Port DestIP Port SigID Prio Class ),
69
+ :rows => rows)
70
+ puts(table)
71
+
72
+ end
73
+
74
+ end
75
+ end
76
+
77
+
@@ -0,0 +1,73 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_flow < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :flow
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ TRP::QuerySessionsRequest
13
+ .fields
14
+ .values
15
+ .collect { |a| a.name }
16
+ .grep( /^#{Regexp.escape(patt)}/i)
17
+ end
18
+
19
+ def enter(patt)
20
+
21
+ terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
22
+ qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
23
+
24
+ [:maxitems].each do |a|
25
+ qparams[a] = qparams[a].to_i if qparams.key? a
26
+ end
27
+
28
+ [:idlist].each do |a|
29
+ qparams[a] = qparams[a].split(',') if qparams.key? a
30
+ end
31
+
32
+ p qparams
33
+
34
+ # meter names
35
+ req =mk_request(TRP::Message::Command::QUERY_SESSIONS_REQUEST ,
36
+ {
37
+ :session_group => appstate(:cgguid),
38
+ :time_interval => appstate(:time_interval),
39
+ :resolve_keys => true,
40
+ }.merge(qparams))
41
+
42
+ rows = []
43
+
44
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
45
+
46
+ resp.sessions.each do | sess |
47
+
48
+ rows << [ "#{sess.session_id}",
49
+ Time.at( sess.time_interval.from.tv_sec).to_s(),
50
+ sess.time_interval.to.tv_sec - sess.time_interval.from.tv_sec,
51
+ sess.protocol.label,
52
+ sess.key1A.label,
53
+ sess.key1Z.label,
54
+ sess.key2A.label,
55
+ sess.key2Z.label,
56
+ sess.az_bytes + sess.za_bytes
57
+ ]
58
+ end
59
+
60
+ end
61
+
62
+ table = Terminal::Table.new(
63
+ :headings => %w(ID Time Dur Prot SourceIP DestIP SPort DPort Volume),
64
+ :rows => rows)
65
+ puts(table)
66
+
67
+ end
68
+
69
+
70
+ end
71
+ end
72
+
73
+
@@ -0,0 +1,51 @@
1
+ module ITRP
2
+
3
+ class Cmd_query_fts < Cmd
4
+ def initialize (e)
5
+ super(e)
6
+ @enabled_in_state = :fts
7
+ @attach_cmd = ''
8
+ @trigger = 'query'
9
+ end
10
+
11
+ def completions(patt)
12
+ %w( keywords )
13
+ end
14
+
15
+ def enter(patt)
16
+
17
+ terms = patt.scan( /keywords\s*=\s*(.+)/ )
18
+
19
+ req =mk_request(TRP::Message::Command::QUERY_FTS_REQUEST,
20
+ { :fts_group => appstate(:cgguid),
21
+ :time_interval => appstate(:time_interval),
22
+ :maxitems => 20,
23
+ :keywords => terms.flatten.first
24
+ })
25
+
26
+
27
+ rows = []
28
+
29
+ get_response_zmq(@appenv.zmq_endpt,req) do |resp|
30
+
31
+ resp.documents.each do | doc |
32
+ rows << [ doc.dockey,
33
+ doc.flows.inject("") do |acc,item|
34
+ item.key
35
+ end,
36
+ 'wrap(doc.fullcontent,60)',
37
+ ]
38
+ end
39
+
40
+ end
41
+
42
+ table = Terminal::Table.new(
43
+ :headings => %w(DocID Flows Content),
44
+ :rows => rows)
45
+ puts(table)
46
+ end
47
+
48
+ end
49
+ end
50
+
51
+