############################################################################## # # # idabench is public domain software and may be freely used and # # distributed with or without modification. # # # # See file "idabench.terms" for DISCLAIMER OF ALL WARRANTIES. # # # ############################################################################## my $head = "Bob's packetstuffer: Status"; my $color = "#cccccc"; my $lastfile = ""; # # Return the string necessary to invoke the tool on each file # $individual = sub { my ($err, $fail, $retcmd, @rule); my $table = "logFragment"; my ($filterfile, $outputfile) = @_; $err .= "Cannot open $filterfile for bobs preprocessor\n" unless (do("$filterfile")); # The $lastfile keeps the ending timestamp of the previous run. Packetstuffer # will jump to the packet immediately following this value, which it refers to # as "start-time", and begin adding records from that point on. $lastfile = "${IDABENCH::IDABENCH_SCRATCH_PATH}/lasttime.$honeygroup_id"; # Because we need the actual gzipped filename, and it is not an IDABENCH:: # global, that filename needs to be reconstructed from the output filename. (my $zipfile = $outputfile ) =~ s/\/hourly_results//; $zipfile =~ s/\.txt.*$/.gz/; $zipfile =~ s/\/([0-9]+\.gz)/\/tcp.$1/; unless ( -x $IDABENCH::BOBS_PLGBIN){ $err .= "########\nPLUGIN FATAL: Plugin error. Bobs preprocessor not found.\n########\n" ; $fail = 1; $retcmd = "cat > /dev/null; echo Bobs preprocessor not found>$outputfile"; } print STDERR "Connecting to MySqld with params: $db_name, $db_host:\n"; use DBI; $dbh = DBI->connect("DBI:mysql:$db_name;host=$db_host", "$db_user", "$db_password") or $err .= "$!"; $dbh->do(qq ( UPDATE seq_table SET value=LAST_INSERT_ID(value+1) WHERE name="$table" ) ); $insertid = $dbh->{'mysql_insertid'}; print STDERR "creating $table record:\n\tid = $insertid" . "\n\thoneyGroup_id = $honeygroup_id" . "\n\ttcpDump = 1" . "\n\tfileName = $zipfile" . "\x0d\tprocessStatus = input underway\n"; $dbh->do(qq(INSERT INTO $table(id, honeyGroup_id, tcpDump, fileName, processStatus) VALUES ($insertid, $honeygroup_id, 1, \'$zipfile\', 'input underway'))); $dbh->disconnect(); print STDERR "INSERT_ID for this session is $insertid\n"; if ($err){ print STDERR "$err"; return ("$retcmd") if ($fail); } print STDERR "returning: \"$IDABENCH::BOBS_PLGBIN /dev/stdin \'$insertid\' \'$db_host\' \'$db_user\' \'$db_password\' \'$db_name\' >$outputfile\"\n"; return ("$IDABENCH::BOBS_PLGBIN /dev/stdin \'$insertid\' \'$db_host\' \'$db_user\' \'$db_password\' \'$db_name\' '0' >$outputfile"); }; # # The single argument names the file containing the concatenated # output from the process above applied with each rule file. # Now do any processing required on this concatenated output and write # it to OUTPUT. # $aggregate = sub { my $inputfile = shift; my ($starttime, $endtime); if(!open(BOBS_INP, $inputfile)) { print IDABENCH::OUTPUT "bobs preprocessor failed"; return; } # print IDABENCH::OUTPUT "-" x 20, "\n"; while () { $_ =~ s//>/gm; $_ =~ s/^input: -$//; next if $_ =~ /^$/; $_ =~ m/start-time ([0-9].*)$/; chomp($starttime = $1); $_ =~ m/end-time ([0-9].*)$/; chomp($endtime = $1); $starttime =~ tr/\.//d; $endtime =~ tr/\.//d; print IDABENCH::OUTPUT $_; } close BOBS_INP; $dbh = DBI->connect("DBI:mysql:$db_name;host=$db_host", "$db_user", "$db_password") or $err .= "$!"; $dbh->do(qq ( UPDATE logFragment SET processStatus='input complete' WHERE id="$insertid" ) )or $err .= "$!"; $dbh->do(qq ( UPDATE logFragment SET startTime="$starttime" WHERE id="$insertid" ) )or $err .= "$!"; $dbh->do(qq ( UPDATE logFragment SET endTime="$endtime" WHERE id="$insertid" ) )or $err .= "$!"; $dbh->disconnect(); print STDERR "$err" if ($err); };