Permalink
Browse files

various critical fixes for dparser / dorothive:

DB DDL fixed (it was broken!)
GeoIP method fixed
  • Loading branch information...
1 parent f1ee541 commit 6871f07e332fbb6c5f65e9ac12e2188fed18264f @m4rco- committed Oct 28, 2013
Showing with 31 additions and 24 deletions.
  1. +3 −3 bin/dparser_start
  2. +22 −16 etc/ddl/dorothive.ddl
  3. +2 −2 lib/doroParser.rb
  4. +2 −1 lib/dorothy2/DEM.rb
  5. +2 −2 lib/dorothy2/do-utils.rb
View
@@ -82,12 +82,12 @@ end
begin
DoroParser.start(daemon)
rescue => e
- puts "[PARSER]".yellow + " An error occurred: ".red + $!
+ puts "[PARSER]".yellow + " An error occurred: ".red + e.inspect
if daemon
- puts "[PARSER]".yellow + " For more information check the logfile" + $!
+ puts "[PARSER]".yellow + " For more information check the logfile" + e.inspect
puts "[PARSER]".yellow + "Dorothy-Parser has been stopped"
end
- LOGGER_PARSER.error "Parser", "An error occurred: " + $!
+ LOGGER_PARSER.error "Parser", "An error occurred: " + e.inspect
LOGGER_PARSER.debug "Parser", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
LOGGER_PARSER.info "Parser", "Dorothy-Parser has been stopped"
end
View
@@ -1079,21 +1079,16 @@ SELECT pg_catalog.setval('whois_id_seq', 1, false);
-- Name: sys_procs; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
--
-CREATE TABLE dorothy.sys_procs
-(
- analysis_id integer NOT NULL,
- pid integer NOT NULL,
- name character varying,
- owner character varying,
- "cmdLine" character varying,
- "startTime" timestamp without time zone,
- "endTime" timestamp without time zone,
- "exitCode" integer,
- CONSTRAINT "procs-pk" PRIMARY KEY (analysis_id , pid ),
- CONSTRAINT "anal_id-fk" FOREIGN KEY (analysis_id)
- REFERENCES dorothy.analyses (id) MATCH SIMPLE
- ON UPDATE NO ACTION ON DELETE NO ACTION
-)
+CREATE TABLE sys_procs (
+ analysis_id integer NOT NULL,
+ pid integer NOT NULL,
+ name character varying,
+ owner character varying,
+ "cmdLine" character varying,
+ "startTime" timestamp without time zone,
+ "endTime" timestamp without time zone,
+ "exitCode" integer
+);
ALTER TABLE dorothy.sys_procs OWNER TO postgres;
@@ -1486,6 +1481,12 @@ ALTER TABLE ONLY host_ips
ALTER TABLE ONLY irc_data
ADD CONSTRAINT pk_irc PRIMARY KEY (id);
+--
+-- Name: procs-pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
+--
+
+ALTER TABLE ONLY sys_procs
+ ADD CONSTRAINT "procs-pk" PRIMARY KEY (analysis_id, pid);
--
-- Name: reports_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
@@ -1639,6 +1640,12 @@ CREATE INDEX fki_shash ON reports USING btree (sample);
CREATE INDEX fki_tdumps ON analyses USING btree (traffic_dump);
+--
+-- Name: anal_id-fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
+--
+
+ALTER TABLE ONLY sys_procs
+ ADD CONSTRAINT "anal_id-fk" FOREIGN KEY (analysis_id) REFERENCES analyses(id);
--
-- Name: dest_ip; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
@@ -1797,4 +1804,3 @@ GRANT ALL ON SCHEMA dorothy TO PUBLIC;
--
-- PostgreSQL database dump complete
--
-
View
@@ -85,7 +85,7 @@ def analyze_bintraffic(pcaps)
rescue => e
LOGGER_PARSER.fatal "PARSER", "Can't connect to the PCAPR server."
- LOGGER_PARSER.debug "PARSER", "#{$!}"
+ LOGGER_PARSER.debug "PARSER", "#{e.inspect}"
LOGGER_PARSER.debug "PARSER", e.backtrace if VERBOSE
return false
end
@@ -385,7 +385,7 @@ def analyze_bintraffic(pcaps)
rescue => e
LOGGER_PARSER.error "DB", "Something went wrong while adding a DNS entry into the DB (packet malformed?) - The packet will be skipped"
- LOGGER_PARSER.debug "DB", "#{$!}" if VERBOSE
+ LOGGER_PARSER.debug "DB", "#{e.inspect}" if VERBOSE
LOGGER_PARSER.debug "DB", e if VERBOSE
end
View
@@ -136,12 +136,13 @@ def initialize(ip)
if File.exists?(DoroSettings.env[:geoisp])
geoisp = GeoIP.new(DoroSettings.env[:geoisp])
- @isp = geoisp.isp(ip) ? geoisp(ip) : "null"
+ @isp = geoisp.isp(ip) ? geoisp.isp(ip) : "null"
end
rescue => e
LOGGER_PARSER.fatal "GEO", "Error while fetching GeoIP dat file for IP: " + ip
LOGGER_PARSER.fatal "GEO", e.inspect
+ LOGGER_PARSER.fatal "GEO" ,e.backtrace
@city, @country, @coord, @asn, @isp = "null", "null", "null", "null", "null"
end
@@ -19,14 +19,14 @@ def exists?(file)
end
def init_db(ddl=DoroSettings.dorothive[:ddl], force=false)
- LOGGER.warn "DB", "The database is going to be initialized with the file #{ddl}. If the Dorothive is already present, " + "all the its data will be lost".red + ". Continue?(write yes)"
+ LOGGER.warn "DB", "The database is going to be initialized with the file #{ddl}. If the Dorothive is already present, " + "all its data will be lost".red + ". Continue?(write yes)"
answ = "yes"
answ = gets.chop unless force
if answ == "yes"
begin
#ugly, I know, but couldn't find a better and easier way..
- raise 'An error occurred' unless system "psql -h #{DoroSettings.dorothive[:dbhost]} -U #{DoroSettings.dorothive[:dbuser]} -f #{ddl} 1> /dev/null"
+ raise 'An error occurred' unless system "sh -c 'psql -h #{DoroSettings.dorothive[:dbhost]} -U #{DoroSettings.dorothive[:dbuser]} -f #{ddl} 1> /dev/null'"
LOGGER.info "DB", "Database correctly initialized. Now you can restart Dorothy!"
rescue => e
LOGGER.error "DB", $!

0 comments on commit 6871f07

Please sign in to comment.