[Sguil-cvs] sguil/sensor sensor_agent.tcl,1.35,1.36
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
[Sguil-cvs] sguil/sensor sensor_agent.tcl,1.35,1.36
|
From: Bamm V. <ba...@us...> - 2005-06-03 22:36:16
|
Update of /cvsroot/sguil/sguil/sensor In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29715/sensor Modified Files: sensor_agent.tcl Log Message: Agent loading of sancp, ssn, and portscans now confirmed and IPC comms handled better w/loaderd. Index: sensor_agent.tcl =================================================================== RCS file: /cvsroot/sguil/sguil/sensor/sensor_agent.tcl,v retrieving revision 1.35 retrieving revision 1.36 diff -C2 -d -r1.35 -r1.36 *** sensor_agent.tcl 20 Apr 2005 14:46:21 -0000 1.35 --- sensor_agent.tcl 3 Jun 2005 22:35:35 -0000 1.36 *************** *** 20,24 **** # Don't touch these set CONNECTED 0 ! set BUSY 0 proc InitBYSocket { port } { --- 20,26 ---- # Don't touch these set CONNECTED 0 ! set SANCPFILEWAIT 0 ! set SSNFILEWAIT 0 ! set PORTSCANFILEWAIT 0 proc InitBYSocket { port } { *************** *** 137,141 **** proc CopyDataToServer { fileName socketID } { ! global DEBUG SERVER_HOST BUSY # We no do this any more --- 139,143 ---- proc CopyDataToServer { fileName socketID } { ! global DEBUG SERVER_HOST # We no do this any more *************** *** 148,151 **** --- 150,154 ---- global PORTSCAN_DIR PS_CHECK_DELAY_IN_MSECS DEBUG CONNECTED + global PORTSCANFILEWAIT HOSTNAME if {$CONNECTED} { *************** *** 153,171 **** if {$DEBUG} {puts "Checking for PS files in $PORTSCAN_DIR."} - set i 0 foreach fileName [glob -nocomplain $PORTSCAN_DIR/portscan_log.*] { if { [file size $fileName] > 0 } { ! SendToSguild [list PSFile [file tail $fileName] [file size $fileName]] ! BinCopyToSguild $fileName ! file delete $fileName ! update ! if { $i == 9 } { break } ! incr i } else { file delete $fileName ! update } } --- 156,188 ---- if {$DEBUG} {puts "Checking for PS files in $PORTSCAN_DIR."} foreach fileName [glob -nocomplain $PORTSCAN_DIR/portscan_log.*] { if { [file size $fileName] > 0 } { ! ! if { $CONNECTED } { ! ! set PORTSCANFILEWAIT $fileName ! SendToSguild [list PSFile $HOSTNAME [file tail $fileName] [file size $fileName]] ! BinCopyToSguild $fileName ! # Wait 5 secs and make sure the file was confirmed ! after 5000 CheckPortscanConfirmation $fileName ! vwait PORTSCANFILEWAIT ! ! } else { ! ! # Lost our cnx ! break ! ! } ! } else { + file delete $fileName ! } + # Break out if we lost our connection. + if { !$CONNECTED } { break } + } *************** *** 179,185 **** global SSN_DIR SSN_CHECK_DELAY_IN_MSECS DEBUG CONNECTED ! global SENSOR_ID ! if { !$CONNECTED || ![info exists SENSOR_ID] } { # Try again later after $SSN_CHECK_DELAY_IN_MSECS CheckForSsnFiles --- 196,203 ---- global SSN_DIR SSN_CHECK_DELAY_IN_MSECS DEBUG CONNECTED ! global SENSOR_ID SSNFILEWAIT HOSTNAME ! # Have to have a sensor ID before we can send a ssn file ! if { ![info exists SENSOR_ID] || !$CONNECTED } { # Try again later after $SSN_CHECK_DELAY_IN_MSECS CheckForSsnFiles *************** *** 189,193 **** if {$DEBUG} {puts "Checking for Session files in $SSN_DIR."} - set i 0 foreach fileName [glob -nocomplain $SSN_DIR/ssn_log.*] { --- 207,210 ---- *************** *** 201,211 **** set tmpDate [lindex $fdPair 1] set fileBytes [file size $tmpFile] ! # Tell sguild it has a file coming ! SendToSguild [list SsnFile [file tail $tmpFile] $tmpDate $fileBytes] ! BinCopyToSguild $tmpFile ! file delete $tmpFile ! update ! if { $i == 9 } { break } ! incr i } --- 218,238 ---- set tmpDate [lindex $fdPair 1] set fileBytes [file size $tmpFile] ! set SSNFILEWAIT $tmpFile ! ! if { $CONNECTED } { ! ! # Tell sguild it has a file coming ! SendToSguild [list SsnFile $HOSTNAME [file tail $tmpFile] $tmpDate $fileBytes] ! BinCopyToSguild $tmpFile ! # Check to see that that file was confirmed after 10 secs ! after 5000 CheckSsnConfirmation $tmpFile ! vwait SSNFILEWAIT ! ! } else { ! ! # Lost our cnx ! break ! ! } } *************** *** 215,223 **** # Delete files with no data file delete $fileName - update } } after $SSN_CHECK_DELAY_IN_MSECS CheckForSsnFiles --- 242,253 ---- # Delete files with no data file delete $fileName } + + # break if we lost our cnx to sguild + if { !$CONNECTED } { break } } + after $SSN_CHECK_DELAY_IN_MSECS CheckForSsnFiles *************** *** 227,233 **** global DEBUG SANCP_DIR SENSOR_ID CONNECTED SSN_CHECK_DELAY_IN_MSECS ! global HOSTNAME ! if { !$CONNECTED || ![info exists SENSOR_ID] } { # Try again later after $SSN_CHECK_DELAY_IN_MSECS CheckForSancpFiles --- 257,264 ---- global DEBUG SANCP_DIR SENSOR_ID CONNECTED SSN_CHECK_DELAY_IN_MSECS ! global HOSTNAME SANCPFILEWAIT ! # Have to have a sensor ID before we can send a sancp file. ! if { ![info exists SENSOR_ID] || !$CONNECTED } { # Try again later after $SSN_CHECK_DELAY_IN_MSECS CheckForSancpFiles *************** *** 237,270 **** if {$DEBUG} {puts "Checking for sancp stats files in $SANCP_DIR."} - set i 0 foreach fileName [glob -nocomplain $SANCP_DIR/stats.*.*] { if { [file size $fileName] > 0 } { foreach fdPair [ParseSsnSancpFiles $fileName] { set tmpFile [lindex $fdPair 0] set tmpDate [lindex $fdPair 1] set fileBytes [file size $tmpFile] ! # Tell sguild it has a file coming ! SendToSguild [list SancpFile $HOSTNAME [file tail $tmpFile] $tmpDate $fileBytes] ! BinCopyToSguild $tmpFile ! file delete $tmpFile ! update } - if { $i == 9 } { break } - incr i } else { file delete $fileName - update } } after $SSN_CHECK_DELAY_IN_MSECS CheckForSancpFiles } proc BinCopyToSguild { fileName } { --- 268,412 ---- if {$DEBUG} {puts "Checking for sancp stats files in $SANCP_DIR."} foreach fileName [glob -nocomplain $SANCP_DIR/stats.*.*] { if { [file size $fileName] > 0 } { + foreach fdPair [ParseSsnSancpFiles $fileName] { + set tmpFile [lindex $fdPair 0] set tmpDate [lindex $fdPair 1] set fileBytes [file size $tmpFile] ! set SANCPFILEWAIT $tmpFile ! ! if { $CONNECTED } { ! ! # Tell sguild it has a file coming ! SendToSguild [list SancpFile $HOSTNAME [file tail $tmpFile] $tmpDate $fileBytes] ! BinCopyToSguild $tmpFile ! # Check to see that that file was confirmed after 10 secs ! after 5000 CheckSancpConfirmation $tmpFile ! vwait SANCPFILEWAIT ! ! } else { ! ! # Lost our cnx ! break ! } ! } } else { file delete $fileName } + # break if we lost our cnx to sguild + if { !$CONNECTED } { break } + } + after $SSN_CHECK_DELAY_IN_MSECS CheckForSancpFiles } + proc CheckSancpConfirmation { tmpFile } { + + global SANCPFILEWAIT DEBUG + + if { $SANCPFILEWAIT == $tmpFile } { + + # Something got held up. Release the vwait + if { $DEBUG } { puts "No confirmation on $tmpFile" } + set SANCPFILEWAIT 0 + + } + + } + + proc CheckSsnConfirmation { tmpFile } { + + global SSNFILEWAIT DEBUG + + if { $SSNFILEWAIT == $tmpFile } { + + # Something got held up. Release the vwait + if { $DEBUG } { puts "No confirmation on $tmpFile" } + set SSNFILEWAIT 0 + + } + + } + + proc CheckPortscanConfirmation { fileName } { + + global PORTSCANFILEWAIT DEBUG + + if { $PORTSCANFILEWAIT == $fileName } { + + # Something got held up. Release the vwait + if { $DEBUG } { puts "No confirmation on $fileName" } + set PORTSCANFILEWAIT 0 + + } + + } + + proc ConfirmSancpFile { fileName } { + + global DEBUG SANCP_DIR SANCPFILEWAIT + + if { [file exists $SANCP_DIR/$fileName] } { + + if [catch [file delete $SANCP_DIR/$fileName] tmpError] { + + puts "ERROR: Deleting $SANCP_DIR/$fileName: $tmpError" + + } + + } + + set SANCPFILEWAIT 0 + + } + + proc ConfirmSsnFile { fileName } { + + global DEBUG SSN_DIR SSNFILEWAIT + + if { [file exists $SSN_DIR/$fileName] } { + + if [catch [file delete $SSN_DIR/$fileName] tmpError] { + + puts "ERROR: Deleting $SSN_DIR/$fileName: $tmpError" + + } + + } + + set SSNFILEWAIT 0 + + } + + proc ConfirmPortscanFile { fileName } { + + global DEBUG PORTSCAN_DIR PORTSCANFILEWAIT + + if { [file exists $PORTSCAN_DIR/$fileName] } { + + if [catch [file delete $PORTSCAN_DIR/$fileName] tmpError] { + + puts "ERROR: Deleting $PORTSCAN_DIR/$fileName: $tmpError" + + } + + } + + set PORTSCANFILEWAIT 0 + + } + + proc BinCopyToSguild { fileName } { *************** *** 451,477 **** } } proc SguildCmdRcvd { socketID } { ! global DEBUG ! if { [eof $socketID] || [catch {gets $socketID data}] } { ! # Socket closed ! close $socketID ! if {$DEBUG} { puts "Socket $socketID closed" } ! if {$DEBUG} { puts "Attempting to reconnect." } ! ConnectToSguilServer ! } else { ! if {$DEBUG} { puts "Sensor Data Rcvd: $data" } ! set sguildCmd [lindex $data 0] ! switch -exact -- $sguildCmd { ! PONG { if {$DEBUG} {puts "PONG recieved"} } ! PING { SendToSguild "PONG" } ! RawDataRequest { eval $sguildCmd $socketID [lrange $data 1 end] } ! SensorID { SetSensorID [lindex $data 1] } ! LastCidResults { SendBYLastCid [lindex $data 1] [lindex $data 2] } ! Confirm { SendBYConfirmMsg [lindex $data 1] [lindex $data 2] } ! Failed { SendBYFailMsg [lindex $data 1] [lindex $data 2] [lindex $data 3] } ! default { if {$DEBUG} {puts "Sguil Cmd Unkown: $sguildCmd"} } } ! } } proc DisplayUsage { cmdName } { puts "Usage: $cmdName \[-D\] \[-c\] <filename>" --- 593,636 ---- } } + proc SguildCmdRcvd { socketID } { ! ! global DEBUG SANCPFILEWAIT ! ! if { [eof $socketID] || [catch {gets $socketID data}] } { ! ! # Socket closed ! close $socketID ! ! if {$DEBUG} { puts "Socket $socketID closed" } ! if {$DEBUG} { puts "Attempting to reconnect." } ! ! ConnectToSguilServer ! ! } else { ! if {$DEBUG} { puts "Sensor Data Rcvd: $data" } ! ! set sguildCmd [lindex $data 0] ! ! switch -exact -- $sguildCmd { ! ! PONG { if {$DEBUG} {puts "PONG recieved"} } ! PING { SendToSguild "PONG" } ! RawDataRequest { eval $sguildCmd $socketID [lrange $data 1 end] } ! SensorID { SetSensorID [lindex $data 1] } ! LastCidResults { SendBYLastCid [lindex $data 1] [lindex $data 2] } ! Confirm { SendBYConfirmMsg [lindex $data 1] [lindex $data 2] } ! ConfirmSancpFile { ConfirmSancpFile [lindex $data 1] } ! ConfirmSsnFile { ConfirmSsnFile [lindex $data 1] } ! ConfirmPortscanFile { ConfirmPortscanFile [lindex $data 1] } ! Failed { SendBYFailMsg [lindex $data 1] [lindex $data 2] [lindex $data 3] } ! default { if {$DEBUG} {puts "Sguil Cmd Unkown: $sguildCmd"} } ! ! } ! } ! } + proc DisplayUsage { cmdName } { puts "Usage: $cmdName \[-D\] \[-c\] <filename>" *************** *** 480,483 **** --- 639,643 ---- exit } + proc Daemonize {} { global PID_FILE DEBUG |