itrp 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/Gemfile +19 -0
- data/Gemfile.lock +86 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +23 -0
- data/Rakefile +51 -0
- data/VERSION +1 -0
- data/lib/cmd_base.rb +106 -0
- data/lib/cmd_root.rb +20 -0
- data/lib/handlers/alert.rb +27 -0
- data/lib/handlers/counter.rb +49 -0
- data/lib/handlers/delete_alerts.rb +43 -0
- data/lib/handlers/flow.rb +29 -0
- data/lib/handlers/fts.rb +32 -0
- data/lib/handlers/getkey.rb +38 -0
- data/lib/handlers/getlabel.rb +39 -0
- data/lib/handlers/help.rb +13 -0
- data/lib/handlers/list.rb +13 -0
- data/lib/handlers/list_counters.rb +32 -0
- data/lib/handlers/meters.rb +40 -0
- data/lib/handlers/options.rb +33 -0
- data/lib/handlers/query_alerts.rb +77 -0
- data/lib/handlers/query_flow.rb +73 -0
- data/lib/handlers/query_fts.rb +51 -0
- data/lib/handlers/query_resource.rb +68 -0
- data/lib/handlers/resolve.rb +34 -0
- data/lib/handlers/resource.rb +30 -0
- data/lib/handlers/set.rb +35 -0
- data/lib/handlers/timeslices.rb +31 -0
- data/lib/handlers/toppers.rb +41 -0
- data/lib/handlers/trackers.rb +49 -0
- data/lib/handlers/traffic.rb +68 -0
- data/lib/itrp.rb +140 -0
- data/test/helper.rb +34 -0
- data/test/test_itrp.rb +7 -0
- metadata +179 -0
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_flow < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :any
|
|
7
|
+
@attach_cmd = 'set'
|
|
8
|
+
@trigger = 'flow'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
def completions(patt)
|
|
13
|
+
[
|
|
14
|
+
"IP Flows {99A78737-4B41-4387-8F31-8077DB917336}"
|
|
15
|
+
].grep( /#{Regexp.escape(patt)}/i)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def enter(s)
|
|
19
|
+
patt = s.scan(/set\s+flow\s+(.*)\s+({.*}$)/).flatten
|
|
20
|
+
patt = ["IP Flows", "{99A78737-4B41-4387-8F31-8077DB917336}"] if patt.empty?
|
|
21
|
+
print("\nContext set to flow group [#{patt[0]}] [#{patt[1]}]\n\n")
|
|
22
|
+
@appenv.prompt = "iTRP F:(#{patt[0]})> "
|
|
23
|
+
@appenv.context_data[:cgguid] = patt[1]
|
|
24
|
+
@appenv.context_data[:cgname] = patt[0]
|
|
25
|
+
@appenv.context = :flow
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
end
|
data/lib/handlers/fts.rb
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_fts < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :any
|
|
7
|
+
@attach_cmd = 'set'
|
|
8
|
+
@trigger = 'fts'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
def completions(patt)
|
|
13
|
+
[ "HTTP Headers {28217924-E7A5-4523-993C-44B52758D5A8}",
|
|
14
|
+
"SSL Certs {9FEB8ADE-ADBB-49AD-BC68-C6A02F389C71}",
|
|
15
|
+
].grep( /#{Regexp.escape(patt)}/i)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
def enter(s)
|
|
20
|
+
patt = s.scan(/set\s+fts\s+(.*)\s+({.*}$)/).flatten
|
|
21
|
+
patt[0].strip!
|
|
22
|
+
print("\nContext set to FTS (Full Text Search) [#{patt[0]}] [#{patt[1]}]\n\n")
|
|
23
|
+
@appenv.prompt = "iTRP D:(#{patt[0]})> "
|
|
24
|
+
@appenv.context_data[:cgguid] = patt[1]
|
|
25
|
+
@appenv.context_data[:cgname] = patt[0]
|
|
26
|
+
@appenv.context = :fts
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_getkey < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :counter
|
|
7
|
+
@attach_cmd = ''
|
|
8
|
+
@trigger = 'getkey'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
def enter(cmdline)
|
|
14
|
+
|
|
15
|
+
patt = cmdline.scan(/getkey (.*)/).flatten
|
|
16
|
+
|
|
17
|
+
print("Search [#{patt[0]}]\n")
|
|
18
|
+
req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
|
|
19
|
+
:counter_group => appstate(:cgguid),
|
|
20
|
+
:label => patt[0])
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
rows = []
|
|
24
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
25
|
+
resp.keys.each do |k|
|
|
26
|
+
rows << [ k.key, k.label, k.readable ]
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
|
|
32
|
+
puts(table)
|
|
33
|
+
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_getlabel < Cmd
|
|
4
|
+
|
|
5
|
+
def initialize (e)
|
|
6
|
+
super(e)
|
|
7
|
+
@enabled_in_state = :counter
|
|
8
|
+
@attach_cmd = ''
|
|
9
|
+
@trigger = 'getlabel'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def enter(cmdline)
|
|
13
|
+
|
|
14
|
+
patt = cmdline.scan(/getlabel (.*)/).flatten
|
|
15
|
+
|
|
16
|
+
print("Search [#{patt[0]}]\n")
|
|
17
|
+
req =mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
|
|
18
|
+
:counter_group => appstate(:cgguid),
|
|
19
|
+
:pattern => patt[0])
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
rows = []
|
|
23
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
24
|
+
resp.keys.each do |k|
|
|
25
|
+
rows << [ k.key, k.label, k.readable ]
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
table = Terminal::Table.new( :headings => %w(Key Label Readable ), :rows => rows)
|
|
31
|
+
puts(table)
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_cglist < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :any
|
|
7
|
+
@attach_cmd = 'list'
|
|
8
|
+
@trigger = 'counters'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
def enter(cmdline)
|
|
13
|
+
req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST)
|
|
14
|
+
|
|
15
|
+
rows = []
|
|
16
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
17
|
+
resp.group_details.each do |group_detail|
|
|
18
|
+
rows << [ group_detail.name,
|
|
19
|
+
group_detail.guid,
|
|
20
|
+
group_detail.bucket_size.to_i/1000
|
|
21
|
+
]
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
table = Terminal::Table.new :headings => %w(name guid bs), :rows => rows
|
|
26
|
+
puts(table)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_meters < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :counter
|
|
7
|
+
@attach_cmd = ''
|
|
8
|
+
@trigger = 'meters'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def enter(cmdline)
|
|
12
|
+
req =mk_request(TRP::Message::Command::COUNTER_GROUP_INFO_REQUEST,
|
|
13
|
+
:counter_group => @appenv.context_data[:cgguid],
|
|
14
|
+
:get_meter_info => true )
|
|
15
|
+
|
|
16
|
+
rows = []
|
|
17
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
18
|
+
resp.group_details.each do |group_detail|
|
|
19
|
+
group_detail.meters.each do |meter|
|
|
20
|
+
rows << [ meter.id,
|
|
21
|
+
meter.name,
|
|
22
|
+
meter.description,
|
|
23
|
+
meter.type,
|
|
24
|
+
meter.topcount,
|
|
25
|
+
meter.units]
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
table = Terminal::Table.new(
|
|
31
|
+
:headings => %w(MeterNo Name Description Type TopperCount Units),
|
|
32
|
+
:rows => rows)
|
|
33
|
+
|
|
34
|
+
puts(table)
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_options < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :any
|
|
7
|
+
@attach_cmd = 'set'
|
|
8
|
+
@trigger = 'options'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def completions(patt)
|
|
12
|
+
[ "maxitems", "key", "resolve_keys" ].grep( /^#{Regexp.escape(patt)}/i)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def enter(cmdline)
|
|
16
|
+
|
|
17
|
+
terms = cmdline.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
|
18
|
+
|
|
19
|
+
terms.each do |a|
|
|
20
|
+
val = case a[0]
|
|
21
|
+
when 'maxitems'; a[1].to_i
|
|
22
|
+
when 'resolve_keys'; a[1] == "true"
|
|
23
|
+
else; a[1]
|
|
24
|
+
end
|
|
25
|
+
@appenv.context_data.store( a[0].to_sym, val )
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_query_alerts < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :alerts
|
|
7
|
+
@attach_cmd = ''
|
|
8
|
+
@trigger = 'query'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def completions(patt)
|
|
12
|
+
TRP::QueryAlertsRequest
|
|
13
|
+
.fields
|
|
14
|
+
.values
|
|
15
|
+
.collect { |a| a.name }
|
|
16
|
+
.grep( /^#{Regexp.escape(patt)}/i)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def enter(patt)
|
|
20
|
+
|
|
21
|
+
terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
|
22
|
+
qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
|
|
23
|
+
|
|
24
|
+
[:maxitems].each do |a|
|
|
25
|
+
qparams[a] = qparams[a].to_i if qparams.key? a
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
[:idlist].each do |a|
|
|
29
|
+
qparams[a] = qparams[a].split(',') if qparams.key? a
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
p qparams
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
req =mk_request(TRP::Message::Command::QUERY_ALERTS_REQUEST,
|
|
36
|
+
{ :alert_group => appstate(:cgguid),
|
|
37
|
+
:time_interval => appstate(:time_interval)
|
|
38
|
+
}.merge(qparams))
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
rows = []
|
|
42
|
+
|
|
43
|
+
labelfmt = lambda do |fld|
|
|
44
|
+
fld.label.empty? ? fld.key : fld.label
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
get_response_zmq(@zmq_endpt,req) do |resp|
|
|
48
|
+
|
|
49
|
+
resp.alerts.each do | res |
|
|
50
|
+
|
|
51
|
+
|
|
52
|
+
rows << [ "#{res.alert_id}",
|
|
53
|
+
Time.at( res.time.tv_sec).to_s(),
|
|
54
|
+
res.occurrances,
|
|
55
|
+
res.source_ip.label,
|
|
56
|
+
res.source_port.label,
|
|
57
|
+
res.destination_ip.label,
|
|
58
|
+
res.destination_port.label,
|
|
59
|
+
res.sigid.key,
|
|
60
|
+
res.priority.key,
|
|
61
|
+
res.classification.key
|
|
62
|
+
]
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
table = Terminal::Table.new(
|
|
68
|
+
:headings => %w(ID Time Count SourceIP Port DestIP Port SigID Prio Class ),
|
|
69
|
+
:rows => rows)
|
|
70
|
+
puts(table)
|
|
71
|
+
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_query_flow < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :flow
|
|
7
|
+
@attach_cmd = ''
|
|
8
|
+
@trigger = 'query'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def completions(patt)
|
|
12
|
+
TRP::QuerySessionsRequest
|
|
13
|
+
.fields
|
|
14
|
+
.values
|
|
15
|
+
.collect { |a| a.name }
|
|
16
|
+
.grep( /^#{Regexp.escape(patt)}/i)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def enter(patt)
|
|
20
|
+
|
|
21
|
+
terms = patt.scan( /(\w+)\s*=\s*([\w\-_\.\:,]+)+/ )
|
|
22
|
+
qparams = terms.inject({}) { |acc,t| acc.store( t[0].to_sym, t[1]);acc}
|
|
23
|
+
|
|
24
|
+
[:maxitems].each do |a|
|
|
25
|
+
qparams[a] = qparams[a].to_i if qparams.key? a
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
[:idlist].each do |a|
|
|
29
|
+
qparams[a] = qparams[a].split(',') if qparams.key? a
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
p qparams
|
|
33
|
+
|
|
34
|
+
# meter names
|
|
35
|
+
req =mk_request(TRP::Message::Command::QUERY_SESSIONS_REQUEST ,
|
|
36
|
+
{
|
|
37
|
+
:session_group => appstate(:cgguid),
|
|
38
|
+
:time_interval => appstate(:time_interval),
|
|
39
|
+
:resolve_keys => true,
|
|
40
|
+
}.merge(qparams))
|
|
41
|
+
|
|
42
|
+
rows = []
|
|
43
|
+
|
|
44
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
45
|
+
|
|
46
|
+
resp.sessions.each do | sess |
|
|
47
|
+
|
|
48
|
+
rows << [ "#{sess.session_id}",
|
|
49
|
+
Time.at( sess.time_interval.from.tv_sec).to_s(),
|
|
50
|
+
sess.time_interval.to.tv_sec - sess.time_interval.from.tv_sec,
|
|
51
|
+
sess.protocol.label,
|
|
52
|
+
sess.key1A.label,
|
|
53
|
+
sess.key1Z.label,
|
|
54
|
+
sess.key2A.label,
|
|
55
|
+
sess.key2Z.label,
|
|
56
|
+
sess.az_bytes + sess.za_bytes
|
|
57
|
+
]
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
table = Terminal::Table.new(
|
|
63
|
+
:headings => %w(ID Time Dur Prot SourceIP DestIP SPort DPort Volume),
|
|
64
|
+
:rows => rows)
|
|
65
|
+
puts(table)
|
|
66
|
+
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
module ITRP
|
|
2
|
+
|
|
3
|
+
class Cmd_query_fts < Cmd
|
|
4
|
+
def initialize (e)
|
|
5
|
+
super(e)
|
|
6
|
+
@enabled_in_state = :fts
|
|
7
|
+
@attach_cmd = ''
|
|
8
|
+
@trigger = 'query'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def completions(patt)
|
|
12
|
+
%w( keywords )
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def enter(patt)
|
|
16
|
+
|
|
17
|
+
terms = patt.scan( /keywords\s*=\s*(.+)/ )
|
|
18
|
+
|
|
19
|
+
req =mk_request(TRP::Message::Command::QUERY_FTS_REQUEST,
|
|
20
|
+
{ :fts_group => appstate(:cgguid),
|
|
21
|
+
:time_interval => appstate(:time_interval),
|
|
22
|
+
:maxitems => 20,
|
|
23
|
+
:keywords => terms.flatten.first
|
|
24
|
+
})
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
rows = []
|
|
28
|
+
|
|
29
|
+
get_response_zmq(@appenv.zmq_endpt,req) do |resp|
|
|
30
|
+
|
|
31
|
+
resp.documents.each do | doc |
|
|
32
|
+
rows << [ doc.dockey,
|
|
33
|
+
doc.flows.inject("") do |acc,item|
|
|
34
|
+
item.key
|
|
35
|
+
end,
|
|
36
|
+
'wrap(doc.fullcontent,60)',
|
|
37
|
+
]
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
table = Terminal::Table.new(
|
|
43
|
+
:headings => %w(DocID Flows Content),
|
|
44
|
+
:rows => rows)
|
|
45
|
+
puts(table)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
|