Class: Nwsdk::Cli

Inherits:
Thor
  • Object
show all
Defined in:
lib/nwsdk/cli.rb

Instance Method Summary collapse

Instance Method Details

#cef(where) ⇒ Object 



157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
# File 'lib/nwsdk/cli.rb', line 157

def cef(where)
  nwq = Nwsdk::Query.new(Nwsdk.setup_cli(options,where))
  nwq.keys = ['*']
  result  = nwq.request

  mapping = nwq.endpoint.config['cef_mapping']

  sender = case nwq.endpoint.loghost
    when nil
      CEF::UDPSender.new(options[:loghost],options[:logport])
    else
      CEF::UDPSender.new(*nwq.endpoint.loghost)
  end

  result.each do |res|
    event=CEF::Event.new
    event_fields=mapping.keys & res.keys
    event_fields.each do |field|
      event.send('%s=' % mapping[field],res[field].to_s)
    end
    nwq.endpoint.config['cef_static_fields'].each {|k,v| event.send('%s='%k,v)}
    event.name=options[:name]
    event.endTime=(res['time'].to_i * 1000).to_s
    puts event.to_s
    sender.emit(event)
  end
end

#configure(path = File.join(ENV['HOME'],'.nwsdk.json')) ⇒ Object 



199
200
201
202
203
204
205
206
207
208
 
# File 'lib/nwsdk/cli.rb', line 199

def configure(path=File.join(ENV['HOME'],'.nwsdk.json'))
  conf=Nwsdk::Constants::DEFAULT_CONFIG.dup
  conf['endpoint']['host']=options[:host] unless options[:host].nil?
  conf['endpoint']['port']=options[:port]
  conf['endpoint']['user']=options[:user]
  conf['endpoint']['pass']=options[:pass]
  conf['syslog']['loghost']=options[:loghost] unless options[:loghost].nil?
  conf['syslog']['logport']=options[:logport]
  File.open(path,'w') {|f| f.write JSON.pretty_generate(conf) }
end

#content(where) ⇒ Object 



118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'lib/nwsdk/cli.rb', line 118

def content(where)
  content=Nwsdk::Content.new(Nwsdk.setup_cli(options,where))
  content.output_dir=options[:dir]
  incl=options[:include].split(',')
  excl=options[:exclude].split(',')
  content.include_types=incl unless incl==[]
  content.exclude_types=excl unless excl==[]
  content.each_session_file do |file|
    FileUtils.mkdir_p(options[:dir]) unless Dir.exist?(options[:dir])
    outf=File.join(options[:dir],file[:filename])
    STDERR.puts "writing #{outf}"
    File.open(outf,'w') {|f| f.write(file[:data]) }
  end
end

#pcap(where) ⇒ Object 



136
137
138
139
140
141
142
143
144
 
# File 'lib/nwsdk/cli.rb', line 136

def pcap(where)
  p=Nwsdk::Packets.new(Nwsdk.setup_cli(options,where))
  p.group=options[:group]
  p.file_prefix=options[:prefix]
  p.each_pcap_group do |g|
    STDERR.puts "Writing #{g[:filename]}"
    File.open(g[:filename],'w') {|f| f.write(g[:data])}
  end
end

#query(where) ⇒ Object 



107
108
109
110
111
112
 
# File 'lib/nwsdk/cli.rb', line 107

def query(where)
  nwq=Nwsdk::Query.new(Nwsdk.setup_cli(options,where))
  nwq.keys=options[:keys].split(',')
  result=nwq.request
  puts JSON.pretty_generate(result)
end

#timelineObject 



72
73
74
75
76
77
 
# File 'lib/nwsdk/cli.rb', line 72

def timeline
  flags=options[:flags].split(',')
  timeline=Nwsdk::Timeline.new(Nwsdk.setup_cli(options,options[:where]).merge(flags: flags))
  result=timeline.request
  puts JSON.pretty_generate(result)
end

#valuesObject 



95
96
97
98
99
100
101
102
103
 
# File 'lib/nwsdk/cli.rb', line 95

def values
  flags=options[:flags].split(',')
  vals=Nwsdk::Values.new(Nwsdk.setup_cli(options,where=options[:where]))
  vals.key_name=options[:key_name]
  vals.limit=options[:size]
  vals.flags=flags
  result=vals.request
  puts JSON.pretty_generate(result)
end