geoloc script used in honeymap

hpfeeds · Oct 2, 2012 · 169200d · 169200d
1 parent f2e95b6
commit 169200d
Show file tree

Hide file tree

Showing 2 changed files with 128 additions and 0 deletions.
diff --git a/cli/geoloc/geoloc.py b/cli/geoloc/geoloc.py
@@ -0,0 +1,71 @@
+
+import sys
+import datetime
+import logging
+logging.basicConfig(level=logging.CRITICAL)
+
+import hpfeeds
+from processors import *
+
+import GeoIP
+
+HOST = 'hpfeeds.honeycloud.net'
+PORT = 10000
+CHANNELS = [
+	'dionaea.capture',
+	'glastopf.events',
+]
+GEOLOC_CHAN = 'geoloc.events'
+IDENT = ''
+SECRET = ''
+
+PROCESSORS = {
+	'glastopf.events': [glastopf_event,],
+	'dionaea.capture': [dionaea_capture,],
+}
+
+def main():
+	gi = GeoIP.open("/opt/GeoLiteCity.dat",GeoIP.GEOIP_STANDARD)
+
+	try:
+		hpc = hpfeeds.new(HOST, PORT, IDENT, SECRET)
+	except hpfeeds.FeedException, e:
+		print >>sys.stderr, 'feed exception:', e
+		return 1
+
+	print >>sys.stderr, 'connected to', hpc.brokername
+
+	def on_message(identifier, channel, payload):
+		procs = PROCESSORS.get(channel, [])
+		p = None
+		for p in procs:
+			m = p(identifier, payload, gi)
+			try: tmp = json.dumps(m)
+			except: print 'DBG', m
+			if m != None: hpc.publish(GEOLOC_CHAN, json.dumps(m))
+
+		if not p:
+			print 'not p?'
+
+	def on_error(payload):
+		print >>sys.stderr, ' -> errormessage from server: {0}'.format(payload)
+		hpc.stop()
+
+	hpc.subscribe(CHANNELS)
+	try:
+		hpc.run(on_message, on_error)
+	except hpfeeds.FeedException, e:
+		print >>sys.stderr, 'feed exception:', e
+	except KeyboardInterrupt:
+		pass
+	except:
+		import traceback
+		traceback.print_exc()
+	finally:
+		hpc.close()
+	return 0
+
+if __name__ == '__main__':
+	try: sys.exit(main())
+	except KeyboardInterrupt:sys.exit(0)
+
diff --git a/cli/geoloc/processors.py b/cli/geoloc/processors.py
@@ -0,0 +1,57 @@
+
+import json
+import traceback
+import datetime
+import urlparse
+
+class ezdict(object):
+	def __init__(self, d):
+		self.d = d
+	def __getattr__(self, name):
+		return self.d.get(name, None)
+
+# time string
+def timestr(dt):
+	return dt.strftime("%Y-%m-%d %H:%M:%S")
+
+# geoloc_none
+def geoloc_none(t):
+	if t == None: return {'latitude': None, 'longitude': None, 'city': None, 'country_name': None, 'country_code': None}
+	if t['city'] != None: t['city'] = t['city'].decode('latin1')
+	return t
+
+def glastopf_event(identifier, payload, gi):
+	try:
+		dec = ezdict(json.loads(str(payload)))
+		req = ezdict(dec.request)
+		sip, sport = dec.source
+		tstamp = datetime.datetime.strptime(dec.time, '%Y-%m-%d %H:%M:%S')
+	except:
+		print 'exception processing glastopf event', repr(payload)
+		traceback.print_exc()
+		return
+
+	if dec.pattern == 'unknown': return None
+
+	geoloc = geoloc_none( gi.record_by_addr(sip) )
+
+	return {'type': 'glastopf.events', 'sensor': identifier, 'time': str(tstamp), 'latitude': geoloc['latitude'], 'longitude': geoloc['longitude'], 'source': sip, 'city': geoloc['city'], 'country': geoloc['country_name'], 'countrycode': geoloc['country_code']}
+
+
+def dionaea_capture(identifier, payload, gi):
+	try:
+		dec = ezdict(json.loads(str(payload)))
+		tstamp = datetime.datetime.now()
+	except:
+		print 'exception processing dionaea event'
+		traceback.print_exc()
+		return
+
+	geoloc = geoloc_none( gi.record_by_addr(dec.saddr) )
+	geoloc2 = geoloc_none( gi.record_by_addr(dec.daddr) )
+
+	return {'type': 'dionaea.capture', 'sensor': identifier, 'time': timestr(tstamp), 'latitude': geoloc['latitude'], 'longitude': geoloc['longitude'], 'source': dec.saddr, 'latitude2': geoloc2['latitude'], 'longitude2': geoloc2['longitude'], 'dest': dec.daddr, 'md5': dec.md5,
+'city': geoloc['city'], 'country': geoloc['country_name'], 'countrycode': geoloc['country_code'],
+'city2': geoloc2['city'], 'country2': geoloc2['country_name'], 'countrycode2': geoloc2['country_code']}
+
+