Permalink
Browse files

add interrupt rescue for unified2 event loop

  • Loading branch information...
1 parent 296e694 commit d225979e2558efd7b5cfab20e5115c1f4e69ac05 @mephux mephux committed Apr 13, 2011
View
@@ -72,8 +72,7 @@ The snorby collection agent is in charge of monitoring & process unified2 data.
* unified2: ~> 0.2.0
* datamapper: ~> 1.0.2
* env: ~> 0.1.2
- * ruby-progressbar: ~ 0.9
- * daemon-spawn: ~> 0.4.1
+ * pidly: ~> 0.1
## Install
View
@@ -3,12 +3,11 @@
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
-# begin
-# require 'snorby/collect'
-# rescue LoadError => e
-# STDERR.puts 'Could not load "snorby/collect"'
-# exit -1
-# end
+begin
+ require 'snorby/collect'
+rescue LoadError => e
+ STDERR.puts 'Could not load "snorby/collect"'
+ exit -1
+end
-require 'snorby/collect'
Snorby::Collect::CLI.start
View
@@ -28,13 +28,12 @@ post_install_message: |
More Information: http://github.com/Snorby/snorby-collect
**************************************************************************
-
dependencies:
- unified2: ~> 0.4.0
- datamapper: ~> 1.0.2
- dm-is-counter_cacheable: ~> 0.1.0
env: ~> 0.1.2
- daemon-spawn: ~> 0.4.1
+ unified2: ~> 0.5
+ datamapper: ~> 1.1.0
+ dm-is-counter_cacheable: ~> 0.1
+ pidly: ~> 0.1
development_dependencies:
ore-tasks: ~> 0.4
View
@@ -38,9 +38,9 @@ def optparse(*args)
@run = true
end
- @opts.on('-d', '--daemon COMMAND', 'Run as daemon. Example -d [start,stop,status,restart]') do |daemon_args|
+ @opts.on('-d', '--daemon COMMAND', 'Run as daemon. Example -d [start,stop,status,restart,kill,clean]') do |daemon_args|
@daemon = true
- if daemon_args.match(/^(start|stop|status|restart)$/)
+ if daemon_args.match(/^(start|stop|status|restart|kill|clean!)$/)
@daemon_args = daemon_args
else
Snorby::Collect.logger.fail("Unknown option for daemon `#{daemon_args}`")
@@ -66,8 +66,7 @@ def optparse(*args)
exit -1
end
- begin
-
+ #begin
# Build default configuration file and directory structure.
Config.build_defaults
@@ -85,16 +84,13 @@ def optparse(*args)
Snorby::Collect.logger = Logger.new(@verbose)
if @run || @daemon
if @daemon
- Daemon.spawn!(
- {
- :application => "Snorby Collection Agent v#{Snorby::Collect::VERSION}",
- :log_file => File.join(Config.logs, "#{Config.logname}.log"),
- :pid_file => File.join(Config.pids, "#{Config.logname}.pid"),
- :sync_log => true,
- :working_dir => Config.path
- },
- [@daemon_args, @verbose]
+ collect = Daemon.spawn(
+ :name => Config.name,
+ :path => Config.path,
+ :sync_log => true,
+ :verbose => true
)
+ collect.send @daemon_args
else
@collect = Collector.new
@collect.setup
@@ -103,22 +99,22 @@ def optparse(*args)
end
end
- rescue Interrupt
- Snorby::Collect.logger.warn('Shutting down...')
- exit -1
- rescue RuntimeError => e
- Snorby::Collect.logger.fail(e.message)
- exit -1
- rescue OptionParser::MissingArgument => e
- Snorby::Collect.logger.fail(e.message)
- usage
- rescue OptionParser::InvalidOption => e
- Snorby::Collect.logger.fail(e.message)
- usage
- rescue => e
- Snorby::Collect.logger.fail(e.message)
- exit -1
- end
+ # rescue Interrupt
+ # Snorby::Collect.logger.warn('Shutting down...')
+ # exit -1
+ # rescue RuntimeError => e
+ # Snorby::Collect.logger.fail(e.message)
+ # exit -1
+ # rescue OptionParser::MissingArgument => e
+ # Snorby::Collect.logger.fail(e.message)
+ # usage
+ # rescue OptionParser::InvalidOption => e
+ # Snorby::Collect.logger.fail(e.message)
+ # usage
+ # rescue => e
+ # Snorby::Collect.logger.fail(e.message)
+ # exit -1
+ # end
end
def usage(error=nil)
@@ -3,7 +3,7 @@
module Snorby
module Collect
-
+
class Collector
include Collect::Model
include Collect::Helpers
@@ -20,76 +20,101 @@ def initialize
:name => Config.name, :checksum => Config.checksum
load :classifications, Config.classifications
-
+
load :generators, Config.generators
-
+
load :signatures, Config.signatures
end
end
def setup
logger.say(:info, 'Querying database for sensor.')
-
+
unless File.exists?(Config.unified2)
logger.fail("#{Config.unified2} not found.")
exit -1
end
-
+
@sensor, @host = Sensor.find(Unified2.sensor)
Unified2.sensor.id = @sensor.id
logger.say(:info, "Found: \"#{@sensor.name}\" (#{@sensor.interface}@#{@sensor.host.hostname})")
+
+ Severity.build_defaults
+
end
def start
begin
logger.say(:info, "Monitoring unified2 for data to process.")
Unified2.watch(Config.unified2, @sensor.last_event_id ? @sensor.last_event_id + 1 : :first) do |event|
next if event.signature.blank?
-
+
puts event if logger.debug?
-
- signature = Signature.first_or_create({ :name => event.signature.name }, {
- :signature_id => event.signature.id,
- :generator_id => event.signature.generator,
- :name => event.signature.name,
- :revision => event.signature.revision
- })
-
- classification = Classification.first_or_create({ :short => event.classification.short }, {
- :classification_id => event.classification.id,
- :name => event.classification.name,
- :short => event.classification.short,
- :severity_id => event.classification.severity
- })
-
- insert_event = Event.new({
- :event_id => event.id,
- :checksum => event.checksum,
- :created_at => event.timestamp,
- :sensor => @sensor,
- :host => @host,
- :source_ip => event.source_ip,
- :source_port => event.source_port,
- :destination_ip => event.destination_ip,
- :destination_port => event.destination_port,
- :severity_id => event.severity,
- :protocol => event.protocol,
- :link_type => event.payload.linktype,
- :packet_length => event.payload.length,
- :packet => event.payload.hex,
- :classification => classification,
- :signature => signature,
- :severity_id => event.severity
- })
+
+ signature = Signature.first_or_create(
+ { :name => event.signature.name },
+ {
+ :signature_id => event.signature.id,
+ :generator_id => event.signature.generator,
+ :name => event.signature.name,
+ :revision => event.signature.revision
+ }
+ )
+
+ classification = Classification.first_or_create(
+ { :short => event.classification.short },
+ {
+ :classification_id => event.classification.id,
+ :name => event.classification.name,
+ :short => event.classification.short,
+ :severity_id => event.classification.severity.zero? ? 10 : event.classification.severity
+ }
+ )
+
+ temp_event = {
+ :event_id => event.id,
+ :checksum => event.checksum,
+ :created_at => event.timestamp,
+ :sensor => @sensor,
+ :host => @host,
+ :source_ip => event.source_ip,
+ :source_port => event.source_port,
+ :destination_ip => event.destination_ip,
+ :destination_port => event.destination_port,
+ :severity_id => event.severity,
+ :protocol => event.protocol,
+ :link_type => event.payload.linktype,
+ :payload_length => event.payload.length,
+ :payload_checksum => event.payload.checksum,
+ :payload => event.payload.hex,
+ :classification => classification,
+ :signature => signature,
+ :severity_id => event.severity
+ }
+
+ temp_event.merge!(event.ip_header)
+ insert_event = Event.new(temp_event)
if insert_event.save
+
+ case event.protocol.to_s.to_sym
+ when :ICMP
+ Icmp.create(event.protocol.to_h.merge!({ :event_id => insert_event.id }))
+ when :TCP
+ Tcp.create(event.protocol.to_h.merge!({ :event_id => insert_event.id }))
+ when :UDP
+ Udp.create(event.protocol.to_h.merge!({ :event_id => insert_event.id }))
+ end
+
insert_event.update_sensor
else
logger.say(:fail, "#{insert_event.errors.inspect}")
end
-
+
end
+ rescue Interrupt
+ logger.fail("Shutting down.")
rescue DataObjects::SyntaxError => e
logger.fail(e.message)
rescue => e
@@ -1,25 +1,41 @@
-require 'daemon_spawn'
+require 'pidly'
require 'snorby/collect/collector'
require 'snorby/collect/helpers'
module Snorby
module Collect
- class Daemon < DaemonSpawn::Base
+
+ class Daemon < Pidly::Control
include Collect::Helpers
-
- def start(args)
- args.is_a?(Array) ? ((args.first == :debug) ? log = :verbose : log = :verbose) : log = :verbose
- Snorby::Collect.logger = Logger.new(log, true)
- logger.say(:info, "Daemon started successfully. PID: #{self.pid}")
+
+ before_start do
+ Snorby::Collect.logger = Logger.new(:verbose, true)
+ logger.say(:info, "\"#{@name}\" started successfully (PID: #{@pid})", @log_file, true)
+ end
+
+ start do
@collect = Collector.new
@collect.setup
@collect.start
end
- def stop
- logger.say(:info, "Shutting down.")
+ stop do
+ logger.say(:info, "Attempting to stop \"#{@name}\" (PID: #{@pid})", @log_file, true)
+ end
+
+ after_stop do
+ logger.say(:info, "Successfully stopped \"#{@name}\" (PID: #{@pid})", @log_file, true)
+ end
+
+ error do
+ logger.say(:error, "\"#{@name}\" error (PID: #{@pid})", @log_file)
+ end
+
+ kill do
+ logger.say(:info, "Killing \"#{@name}\" (PID: #{@pid})", @log_file)
end
end
+
end
end
Oops, something went wrong.

0 comments on commit d225979

Please sign in to comment.