This library gets snort_alert packet and sends it to the Ryu applications. Signed-off-by: OHMURA Kei <[email protected]> --- ryu/lib/snort/alert_monitor.py | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 ryu/lib/snort/alert_monitor.py
diff --git a/ryu/lib/snort/alert_monitor.py b/ryu/lib/snort/alert_monitor.py new file mode 100644 index 0000000..bf28fa5 --- /dev/null +++ b/ryu/lib/snort/alert_monitor.py @@ -0,0 +1,61 @@ +# Copyright (C) 2013 Nippon Telegraph and Telephone Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import os +import gevent + +from oslo.config import cfg +from gevent import socket +from ryu.base import app_manager +from ryu.controller import event +from ryu.lib.snort import alert + +CONF = cfg.CONF +CONF.register_opts([ + cfg.StrOpt('alert-file-name', default='/tmp/snort_alert', + help='set the alert file name') +]) + +BUFSIZE = alert.AlertPkt._ALERTPKT_SIZE + + +class EventAlert(event.EventBase): + def __init__(self, msg): + super(EventAlert, self).__init__() + self.msg = msg + + +class AlertMonitor(app_manager.RyuApp): + def __init__(self): + super(AlertMonitor, self).__init__() + self.name = 'alert_monitor' + self._start_recv() + + def close(cls): + if os.path.exists(CONF.alert_file_name): + os.unlink(CONF.alert_file_name) + + def _recv_loop(self): + while True: + data = self.sock.recv(BUFSIZE) + msg = alert.AlertPkt.parser(data) + if msg: + self.send_event_to_observers(EventAlert(msg)) + + def _start_recv(self): + self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) + self.sock.bind(CONF.alert_file_name) + gevent.spawn_later(0, self._recv_loop) -- 1.7.9.5 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
