Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 58 lines (43 sloc) 1.96 kB
169200d @rep geoloc script used in honeymap
authored
1
2 import json
3 import traceback
4 import datetime
5 import urlparse
6
7 class ezdict(object):
8 def __init__(self, d):
9 self.d = d
10 def __getattr__(self, name):
11 return self.d.get(name, None)
12
13 # time string
14 def timestr(dt):
15 return dt.strftime("%Y-%m-%d %H:%M:%S")
16
17 # geoloc_none
18 def geoloc_none(t):
19 if t == None: return {'latitude': None, 'longitude': None, 'city': None, 'country_name': None, 'country_code': None}
20 if t['city'] != None: t['city'] = t['city'].decode('latin1')
21 return t
22
23 def glastopf_event(identifier, payload, gi):
24 try:
25 dec = ezdict(json.loads(str(payload)))
26 req = ezdict(dec.request)
27 sip, sport = dec.source
28 tstamp = datetime.datetime.strptime(dec.time, '%Y-%m-%d %H:%M:%S')
29 except:
30 print 'exception processing glastopf event', repr(payload)
31 traceback.print_exc()
32 return
33
34 if dec.pattern == 'unknown': return None
35
36 geoloc = geoloc_none( gi.record_by_addr(sip) )
37
38 return {'type': 'glastopf.events', 'sensor': identifier, 'time': str(tstamp), 'latitude': geoloc['latitude'], 'longitude': geoloc['longitude'], 'source': sip, 'city': geoloc['city'], 'country': geoloc['country_name'], 'countrycode': geoloc['country_code']}
39
40
41 def dionaea_capture(identifier, payload, gi):
42 try:
43 dec = ezdict(json.loads(str(payload)))
44 tstamp = datetime.datetime.now()
45 except:
46 print 'exception processing dionaea event'
47 traceback.print_exc()
48 return
49
50 geoloc = geoloc_none( gi.record_by_addr(dec.saddr) )
51 geoloc2 = geoloc_none( gi.record_by_addr(dec.daddr) )
52
53 return {'type': 'dionaea.capture', 'sensor': identifier, 'time': timestr(tstamp), 'latitude': geoloc['latitude'], 'longitude': geoloc['longitude'], 'source': dec.saddr, 'latitude2': geoloc2['latitude'], 'longitude2': geoloc2['longitude'], 'dest': dec.daddr, 'md5': dec.md5,
54 'city': geoloc['city'], 'country': geoloc['country_name'], 'countrycode': geoloc['country_code'],
55 'city2': geoloc2['city'], 'country2': geoloc2['country_name'], 'countrycode2': geoloc2['country_code']}
56
57
Something went wrong with that request. Please try again.