diff --git a/surveillance/analyse.py b/surveillance/analyse.py index d6e6c583..dbb46324 100755 --- a/surveillance/analyse.py +++ b/surveillance/analyse.py @@ -2,7 +2,7 @@ # -*- coding: iso8859-15 -*- import socket -import sys +import sys, re from pyPgSQL import PgSQL sys.path.append('/usr/scripts/gestion/') from affich_tools import tableau_ng @@ -40,11 +40,11 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_ if 'ip_crans' in show and len(ip_crans)!=1: select.append('ip_crans') - largeur.append('10') + largeur.append(13) titre.append('machine crans') format.append('s') alignement.append('c') - + if 'ip_ext' in show : select.append('ip_ext') largeur.append('*') @@ -79,8 +79,8 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_ ip_ext = ' OR '.join([ "ip_ext='%s'"%x for x in ip_ext ]) if not ip_ext: ip_ext='true' - requete = "SELECT * FROM ( SELECT %s FROM upload WHERE (%s) AND (%s) AND (date > timestamp 'now' - interval '%d hours') AND (date < timestamp 'now' - interval '%d hours') GROUP BY %s ORDER BY upload DESC ) AS resultat_intemediaire WHERE upload>='%d' LIMIT %d;" % (','.join(select), ip_crans, ip_ext, begin_time, end_time, ','.join(show), upload_mini*1024*1024, show_limit) - + requete = "SELECT * FROM ( SELECT %s FROM upload WHERE (%s) AND (%s) AND (date > timestamp 'now' - interval '%d hours') AND (date < timestamp 'now' - interval '%d hours') GROUP BY %s) AS resultat_intemediaire WHERE upload>='%d' ORDER BY upload DESC LIMIT %d;" % (','.join(select), ip_crans, ip_ext, begin_time, end_time, ','.join(show), upload_mini*1024*1024, show_limit) + pgsql = PgSQL.connect(host='/var/run/postgresql', database='filtrage', user='crans') curseur = pgsql.cursor() curseur.execute(requete) @@ -89,18 +89,30 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_ # on transforme tout en chaine results = [ [ str(x) for x in line ] for line in results ] - # on modifie les ip en noms de machine + # on modifie les ip en noms de machine et les ports en noms def nom_de_machine (ip) : try : return socket.gethostbyaddr(ip)[0] except : return ip - + + port_to_service = {} + for service,port in [ re.split('[ \t]+',x.strip().replace('/tcp','').replace('/udp',''))[:2] for x in open('/etc/services').readlines() if x[0] not in ['\n','#'] ] : + port_to_service[port]=service + for champ in select : - if champ in ['ip_ext','ip_crans']: + if champ == 'ip_ext': col = select.index(champ) results = [ x[:col] + [nom_de_machine(x[col])] + x[col+1:] for x in results ] + elif champ == 'ip_crans': + col = select.index(champ) + results = [ x[:col] + [nom_de_machine(x[col]).split('.')[0]] + x[col+1:] for x in results ] + + elif 'port' in champ: + col = select.index(champ) + results = [ x[:col] + [port_to_service.get(x[col],x[col])] + x[col+1:] for x in results ] + return tableau_ng(results, titre=titre, largeur=largeur, alignement=alignement, format=format) if __name__ == '__main__' : @@ -211,9 +223,10 @@ Exemples : ################################## limit = 10 for key,value in opts : - if key == 'show-limit' : + if key == '--show-limit' : try : limit = int(value) + print ' affichage des %d premiers résultats' % limit except : print 'Le nombre limite n\'est pas un entier' sys.exit(3)