corrction de quelques bugs

remplacement des ports par leur noms quand ils sont connus

darcs-hash:20060105200555-4ec08-f83ce0cdbf359d5c55f0417a19f16b8842dd3574.gz

surveillance/analyse.py

@@ -2,7 +2,7 @@
 # -*- coding: iso8859-15 -*-
 
 import socket
-import sys
+import sys, re
 from pyPgSQL import PgSQL
 sys.path.append('/usr/scripts/gestion/')
 from affich_tools import tableau_ng
@@ -40,11 +40,11 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_
     
     if 'ip_crans' in show and len(ip_crans)!=1:
         select.append('ip_crans')
-        largeur.append('10')
+        largeur.append(13)
         titre.append('machine crans')
         format.append('s')
         alignement.append('c')
-    
+                
     if 'ip_ext' in show :
         select.append('ip_ext')
         largeur.append('*')
@@ -79,8 +79,8 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_
     ip_ext = ' OR '.join([ "ip_ext='%s'"%x for x in ip_ext ])
     if not ip_ext: ip_ext='true'
 
-    requete = "SELECT * FROM ( SELECT %s FROM upload WHERE (%s) AND (%s) AND (date > timestamp 'now' - interval '%d hours') AND (date < timestamp 'now' - interval '%d hours') GROUP BY %s ORDER BY upload DESC ) AS resultat_intemediaire WHERE upload>='%d' LIMIT %d;" %  (','.join(select), ip_crans, ip_ext, begin_time, end_time, ','.join(show), upload_mini*1024*1024, show_limit)
-
+    requete = "SELECT * FROM ( SELECT %s FROM upload WHERE (%s) AND (%s) AND (date > timestamp 'now' - interval '%d hours') AND (date < timestamp 'now' - interval '%d hours') GROUP BY %s) AS resultat_intemediaire WHERE upload>='%d' ORDER BY upload DESC LIMIT %d;" %  (','.join(select), ip_crans, ip_ext, begin_time, end_time, ','.join(show), upload_mini*1024*1024, show_limit)
+    
     pgsql = PgSQL.connect(host='/var/run/postgresql', database='filtrage', user='crans')
     curseur = pgsql.cursor()
     curseur.execute(requete)
@@ -89,18 +89,30 @@ def stats (ip_crans=[], ip_ext=[], show=['ip_crans','ip_ext','port_crans','port_
     # on transforme tout en chaine
     results = [ [ str(x) for x in line ] for line in results ]
 
-    # on modifie les ip en noms de machine
+    # on modifie les ip en noms de machine et les ports en noms
     def nom_de_machine (ip) :
         try :
             return socket.gethostbyaddr(ip)[0]
         except :
             return ip
-
+        
+    port_to_service = {}
+    for service,port in [ re.split('[ \t]+',x.strip().replace('/tcp','').replace('/udp',''))[:2] for x in open('/etc/services').readlines() if x[0] not in ['\n','#'] ] :
+        port_to_service[port]=service
+        
     for champ in select :
-        if champ in ['ip_ext','ip_crans']:
+        if champ == 'ip_ext':
             col = select.index(champ)
             results = [ x[:col] + [nom_de_machine(x[col])] + x[col+1:] for x in results ]
 
+        elif champ == 'ip_crans':
+            col = select.index(champ)
+            results = [ x[:col] + [nom_de_machine(x[col]).split('.')[0]] + x[col+1:] for x in results ]
+            
+        elif 'port' in champ:
+            col = select.index(champ)
+            results = [ x[:col] + [port_to_service.get(x[col],x[col])] + x[col+1:] for x in results ]
+
     return tableau_ng(results, titre=titre, largeur=largeur, alignement=alignement, format=format)
 
 if __name__ == '__main__' :
@@ -211,9 +223,10 @@ Exemples :
     ##################################
     limit = 10
     for key,value in opts :
-        if key == 'show-limit' :
+        if key == '--show-limit' :
             try :
                 limit = int(value)
+                print '    affichage des %d premiers résultats' % limit
             except :
                 print 'Le nombre limite n\'est pas un entier'
                 sys.exit(3)