Difference between revisions of "Useful Functions"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) |
Kevin Wilkie (Talk | contribs) |
||
(33 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:Scripts]] | ||
Sleep | Sleep | ||
function sleep(delay) { | function sleep(delay) { | ||
var start = new Date().getTime(); | var start = new Date().getTime(); | ||
while (new Date().getTime() < start + delay); | while (new Date().getTime() < start + delay); | ||
+ | } | ||
+ | |||
+ | HTTP Request with pem files | ||
+ | var utils = Java.type('ros.CROSUtils'); | ||
+ | //var d = utils.getJSONFromString(utils.getHTTPsGet("c:/temp/viavi1Cert.pem", "c:/temp/viavi1-Key.pem", "https://proxy.lynchehaun.net:6200/nuage_dpi_flowstats-2020.12.09-000001/_search")); | ||
+ | var d = JSON.parse(utils.getHTTPsGet("c:/temp/viavi1Cert.pem", "c:/temp/viavi1-Key.pem", "https://proxy.lynchehaun.net:6200/nuage_dpi_flowstats-2020.12.09-000001/_search")); | ||
+ | log.warn(d); | ||
+ | for (key in d.hits.hits){ | ||
+ | var el = d.hits.hits[key] | ||
+ | log.warn(JSON.stringify(el._source.SrcIp+"\t"+el._source.DstIp)); | ||
} | } | ||
Line 94: | Line 105: | ||
return ""; | return ""; | ||
} | } | ||
+ | |||
+ | Clear empty tables | ||
+ | var query = "SELECT nspname || '.' || relname AS \"relation\", pg_size_pretty(pg_relation_size(C.oid)) AS \"size\" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) " | ||
+ | +"WHERE nspname NOT IN ('pg_catalog', 'information_schema') " | ||
+ | +"and relname like 'netflow________%' " | ||
+ | +"and pg_relation_size(C.oid)=0 " | ||
+ | +"ORDER BY pg_relation_size(C.oid) asc;" | ||
+ | var cuttofftime = (new Date().getTime())-(1000*60*60*24*4); | ||
+ | var cuttoffwindow=1000*60*60*24; | ||
+ | log.warn(cuttofftime+" "+cuttoffwindow); | ||
+ | log.warn("Clean empty tables, start"); | ||
+ | var rows = actions.getDatabaseManager().getVectorFromDBprepared(query,[]) | ||
+ | log.warn("Clean empty tables, rows:"+rows.size()); | ||
+ | var countremove=0; | ||
+ | var countskipped=0; | ||
+ | for (var i=0;i<rows.length;i++){ | ||
+ | var fields=rows[i][0].split("_"); | ||
+ | if ((((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))){ | ||
+ | var rowcount=actions.getDatabaseManager().getLongFromDB("select count(*) from "+rows[i][0],0) | ||
+ | if (rowcount==0){ | ||
+ | countremove++; | ||
+ | log.warn("Clean empty tables, removing:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]); | ||
+ | actions.getDatabaseManager().executePrepared("drop table "+rows[i][0],[]) | ||
+ | }else{ | ||
+ | log.warn("Clean empty tables, not removing unempty taable:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" rowcount"+rowcount); | ||
+ | } | ||
+ | }else{ | ||
+ | countskipped++; | ||
+ | log.warn("Clean empty tables, skipping: "+rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" time:" | ||
+ | +(parseInt(fields[4])<cuttofftime)+" window:"+(parseInt(fields[5])<cuttoffwindow)+" "+(parseInt(fields[4])+parseInt(fields[5]))+" "+(((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))); | ||
+ | } | ||
+ | } | ||
+ | log.warn("Clean empty tables, removed:"+countremove+" skipped:"+countskipped); | ||
+ | log.warn("Clean empty tables, vacuuming:pg_catalog.pg_inherits"); | ||
+ | actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_inherits;",[]) | ||
+ | log.warn("Clean empty tables, vacuuming:pg_catalog.pg_constraint"); | ||
+ | actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_constraint;",[]) | ||
+ | log.warn("Clean empty tables, vacuuming:pg_catalog.pg_depend"); | ||
+ | actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_depend;",[]) | ||
+ | log.warn("Clean empty tables, Done"); | ||
+ | |||
+ | |||
+ | Disable autovacuum, | ||
+ | var query = "SELECT nspname || '.' || relname AS \"relation\" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) " | ||
+ | +"WHERE nspname NOT IN ('pg_catalog', 'information_schema') " | ||
+ | +"and relname like 'netflow________%';" | ||
+ | var rows = actions.getDatabaseManager().getVectorFromDBprepared(query,[]) | ||
+ | log.warn("Setting tables, rows:"+rows.size()); | ||
+ | var count=0; | ||
+ | for (var i=0;i<rows.length;i++){ | ||
+ | count++; | ||
+ | log.warn("Setting tables :"+count+" "+rows[i][0]); | ||
+ | actions.getDatabaseManager().executePrepared("alter table "+rows[i][0]+" set (autovacuum_enabled = false, toast.autovacuum_enabled = false)",[]) | ||
+ | } | ||
+ | log.warn("Setting tables, donw:"+count); | ||
+ | |||
+ | SNMP To A Device | ||
+ | var BigInteger = Java.type("java.math.BigInteger"); var rosutils = Java.type('ros.CROSUtils'); var PrintWriter = Java.type('java.io.PrintWriter'); | ||
+ | var writer = new PrintWriter("./resources/webapps/static/softwareversions.html", "UTF-8"); | ||
+ | writer.println("<html>"); writer.println("<head>"); writer.println("<link href='/static/css/jquery.dataTables.css' rel='stylesheet'>"); | ||
+ | writer.println("<link href='/static/css/dashboard.css' rel='stylesheet'>"); writer.println("</head>");writer.println("<body><table class='datatable'><tbody><thead><tr><th>IP</th><th>Name</th><th>OID</th><th>Version</th><th>Description</th></tr></thead>"); | ||
+ | var devices= actions.getDatabaseManager().getVectorFromDBprepared("select ip from devices;",[]); | ||
+ | for (var i = 0; i < devices.size(); i++) { | ||
+ | var thisDevice = actions.getDevice(devices.get(i)[0]); | ||
+ | if (thisDevice.getSysOID().match("1.3.6.1.4.1.9.6.1.88.26..*")){ | ||
+ | writer.println("<tr><td>"+thisDevice.getIP()+"</td><td>"+thisDevice.getName()+"</td><td>"+thisDevice.getSysOID()+"</td><td>"+actions.querySNMPText(thisDevice, '.1.3.6.1.4.1.9.6.1.101.2.16.1.1.5.1', -1)+"</td><td>"+thisDevice.getSysDescr()+"</td></tr>"); | ||
+ | }else{ | ||
+ | log.warn("No version:"+thisDevice) | ||
+ | } | ||
+ | } | ||
+ | writer.println("</tbody></table></body></html>"); | ||
+ | writer.close(); | ||
+ | |||
+ | Processing synner data | ||
+ | //This script should be set to run every minute | ||
+ | //It will find the syn sources matching the required thresholds so that additional actions are performed | ||
+ | var utils = Java.type('ros.CROSUtils'); //load utility classes | ||
+ | var upperPortCountThreshold=15; //set upper boundary, only synners who probe less than this number are eligible | ||
+ | var lowerPortCountThreshold=1; // set lower boundary, only synners who probe more than this number are eligible | ||
+ | var ipCount=1; //Set unique IP destination count to match for | ||
+ | for (var synner in actions.ros.synMonitor.synners){ //process all source synners. Sinner field contains this synners ip. | ||
+ | var synEntry=actions.ros.synMonitor.synners.get(synner); //get sinner object for current synner ip | ||
+ | if (!synEntry.ipAlerted){ //if this entry hasn’t been alerted on already | ||
+ | if (synEntry.getIps()==ipCount&&synEntry.getDstports()>lowerPortCountThreshold&&synEntry.getDstports()<upperPortCountThreshold){ //check the thresholds | ||
+ | log.warn("Synner:"+utils.inet_btoa(synner)+" synCount:"+synEntry.getSyncount()+" Unique IPs:"+synEntry.getIps()+" UniquePorts:"+synEntry.getDstports()); //log out ematching details | ||
+ | //Preform actions | ||
+ | synEntry.ipAlerted=true; //set this sinner as if it has alerted already so we don’t reprocess it. | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | Find Un-managed Devices | ||
+ | var utils = Java.type('ros.CROSUtils'); | ||
+ | var BigDecimal=Java.type("java.math.BigDecimal") | ||
+ | var BigInteger=Java.type("java.math.BigInteger") | ||
+ | var Integer = Java.type("java.lang.Long") | ||
+ | var Integer = Java.type("java.lang.Integer") | ||
+ | var jsonarray = Java.type('org.json.JSONArray'); | ||
+ | var portsToTest=[22,80,21] | ||
+ | var message="Unmanaged devices"; | ||
+ | addSubnet("172.21.21.20/24"); | ||
+ | addSubnet("172.21.50.0/24"); | ||
+ | //addSubnet("1.0.0.0/29"); | ||
+ | //addSubnet("192.168.1.0/24"); | ||
+ | log.warn(message); | ||
+ | //actions.sendMail('emailaddress@emailaddress.here', 'Potential new devices' ,message); | ||
+ | function isAlive(ip){ | ||
+ | var results=new jsonarray(true); | ||
+ | utils.tcpPortTest(results,ip,portsToTest,100,10); | ||
+ | for (var j=0;j<results.length();j++){ | ||
+ | var entry =results.getJSONObject(j); | ||
+ | if (entry.getInt("response")>-1){ | ||
+ | log.warn(entry); | ||
+ | return true; | ||
+ | } | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function addSubnet(subnet){ | ||
+ | var d = utils.getIPRange(subnet.split("/")) | ||
+ | //log.warn(utils.inet_btoa(d[0])+" - "+utils.inet_btoa(d[1])); | ||
+ | for (var i=d[0];i.compareTo(d[1])<1;i=i.add(BigInteger.ONE)){ | ||
+ | if (actions.getDevice(utils.inet_btoa(i))!==null){ | ||
+ | //log.warn(utils.inet_btoa(i)+" is already managed") | ||
+ | }else{ | ||
+ | if (isAlive(utils.inet_btoa(i))){ | ||
+ | message+=utils.inet_btoa(i)+" is on the network and unmanaged" | ||
+ | log.warn(utils.inet_btoa(i)+" "+isAlive(utils.inet_btoa(i))) | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | log.warn(d); | ||
+ | } | ||
+ | |||
+ | Adding arp users | ||
+ | var utils = Java.type('ros.CROSUtils'); | ||
+ | var now = new Date().getTime(); | ||
+ | function addArp(deviceip,amac,athisip,username,domain,ifindex){ | ||
+ | var router = actions.getDevice(deviceip); | ||
+ | var mac=utils.macToLong(amac); | ||
+ | var thisip=utils.inet_atob(athisip); | ||
+ | if (router!==null){ | ||
+ | log.warn("known router:"+router); | ||
+ | router.addArp(ifindex,mac,thisip,now) | ||
+ | actions.addUserToIP(router,thisip,username,domain,now,true); | ||
+ | actions.getDatabaseManager().executePrepared("insert into arps_0_"+(now-(now%86400000))+"(customerid,device,ip,mac,userid,domain,ifindex,firstseen,lastseen) values(?,?,?,?,?,?,?,?,?)" ,[[0,router.getIp(),thisip,mac,username,domain,ifindex,now,now]]) | ||
+ | actions.getDatabaseManager().executePrepared("insert into cams_0_"+(now-(now%86400000))+" values(?,?,?,?,?,?,?)" ,[[0,router.getIp(),mac,0,ifindex,now,now]]) | ||
+ | actions.getDatabaseManager().executePrepared("insert into searchips_0_"+(now-(now%86400000))+" values(?,?,?,?,?,?,?) " ,[[thisip,now,router.getIp(),ifindex,1,username,domain]]) | ||
+ | }else{ | ||
+ | log.warn("unknown router:"+deviceip); | ||
+ | } | ||
+ | } | ||
+ | addArp("10.20.170.254","18:a9:05:cc:ab:cd","10.200.6.22","john.smith","viavi",30) | ||
+ | addArp("172.21.42.3","c0:4a:00:2c:d4:06","10.238.12.30","john.smith","viavi",30) | ||
+ | addArp("10.238.12.30","18:a9:05:4b:ab:cd","10.238.12.30","bill.procotor@viavisolutions.com","",30) | ||
+ | |||
+ | |||
+ | |||
+ | Accessing users to ip | ||
+ | log.warn(actions.usersToIP) | ||
+ | var userdata = actions.usersToIP; | ||
+ | var keys=userdata.keys() | ||
+ | for (var i in userdata){ | ||
+ | var thisentry=actions.usersToIP.get(i) | ||
+ | log.warn(i+" "+thisentry.seenuser.getCurrentIP()+" "+thisentry.seenuser.getLastSeen()+" "+thisentry.seenuser.getUserName()+" "+thisentry.seenuser.getUserDomain()) | ||
+ | } | ||
+ | |||
+ | Create LLDP Table | ||
+ | var utils = Java.type('ros.CROSUtils'); | ||
+ | actions.getDatabaseManager().executePrepared("create table lldpneighbours(lastseen bigint,device numeric(39),ip text,localintrface text, ifindex int, lldptype int,peeraddress text, peername text, peerplatform text ) ",[]) | ||
+ | var timenow= utils.now(); | ||
+ | for (var deviceid in actions.getDevices()){ | ||
+ | var device =actions.getDevice(deviceid); | ||
+ | if (device.lldpEntries.size()>0){ | ||
+ | //log.warn("---device:"+device+" lldps:"+device.lldpEntries.size()); | ||
+ | for (var lldpid in device.lldpEntries){ | ||
+ | var lldp =device.lldpEntries.get(lldpid); | ||
+ | //log.warn(lldp); | ||
+ | var ifindex =device.getIfIndexFromName(lldp.getLocalinterface()); | ||
+ | if (ifindex>-1){ | ||
+ | log.warn(timenow+" "+device.getIp()+" "+device.getIP()+" name:"+lldp.getLocalinterface()+" ifindex:"+ifindex+"-------lldp:"+lldp.getType()+" getPeerAddress:"+lldp.getPeerAddress()+" | ||
+ | getPeerName:"+lldp.getPeerName()+" getPlatform:"+lldp.getPlatform()); | ||
+ | actions.getDatabaseManager().executePrepared("insert into lldpneighbours values ("+timenow+",'"+device.getIp()+"','"+device.getIP()+"','"+utils.cleanText(lldp.getLocalinterface())+"',"+ifindex+","+lldp.getType()+",'"+lldp.getPeerAddress()+"','"+utils.cleanText(lldp.getPeerName())+"','"+utils.cleanText(ll dp.getPlatform())+"')",[]) | ||
+ | }else{ | ||
+ | //Couldn't identify interface | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | actions.getDatabaseManager().executePrepared("delete from lldpneighbours where lastseen!="+timenow+";",[]) | ||
+ | |||
+ | |||
+ | Injecting events into the database directly | ||
+ | var utils = Java.type('ros.CROSUtils'); | ||
+ | var ros = Java.type('ros.ROS'); | ||
+ | ros.postureToString.put(1000,"Interface State"); | ||
+ | var now= new Date().getTime(); | ||
+ | log.warn("ROS.eventsWindow:"+ros.eventsWindow); | ||
+ | var fields='(customerid,device,firstseen,eventtype,eventsrctype,eventsrc,message,datatype,data,datasource,category,confidence,severity,target)'; | ||
+ | //Just edit the following | ||
+ | var state="Down"; | ||
+ | var deviceip="172.21.21.254" | ||
+ | var ifindex=1; | ||
+ | // | ||
+ | var customerid=0; | ||
+ | var device=utils.inet_atob(deviceip); | ||
+ | var firstseen=now; | ||
+ | var eventtype=1000 | ||
+ | var eventsrctype=8 | ||
+ | var eventsrc=deviceip | ||
+ | var message="Interface "+state+" on ifindex:"+ifindex; | ||
+ | var datatype=1 | ||
+ | var data=JSON.stringify({"inif":ifindex,"outif":ifindex,"device":deviceip}); | ||
+ | var datasource="IF Script" | ||
+ | var category="Interface "+state | ||
+ | var confidence=100; | ||
+ | var severity=100; | ||
+ | var target=deviceip; | ||
+ | log.warn("insert into events_"+(now - (now % ros.eventsWindow))+" "+fields+" values (?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); | ||
+ | actions.getDatabaseManager().executePrepared("insert into events_"+(now - (now % ros.eventsWindow))+" "+fields+" values (?,?,?,?,?,?,?,?,?,?,?,?,?,?)", | ||
+ | [[customerid,device,firstseen,eventtype,eventsrctype,eventsrc,message,datatype,data,datasource,category,confidence,severity,target]]) |
Revision as of 15:37, 12 August 2021
Sleep
function sleep(delay) { var start = new Date().getTime(); while (new Date().getTime() < start + delay); }
HTTP Request with pem files
var utils = Java.type('ros.CROSUtils'); //var d = utils.getJSONFromString(utils.getHTTPsGet("c:/temp/viavi1Cert.pem", "c:/temp/viavi1-Key.pem", "https://proxy.lynchehaun.net:6200/nuage_dpi_flowstats-2020.12.09-000001/_search")); var d = JSON.parse(utils.getHTTPsGet("c:/temp/viavi1Cert.pem", "c:/temp/viavi1-Key.pem", "https://proxy.lynchehaun.net:6200/nuage_dpi_flowstats-2020.12.09-000001/_search")); log.warn(d); for (key in d.hits.hits){ var el = d.hits.hits[key] log.warn(JSON.stringify(el._source.SrcIp+"\t"+el._source.DstIp)); }
Adding Attributes, automaticaly creating the category if it doesn't exists
actions.addIPAttribute("172.21.40.14","State","New York"); //Add "New York" Attribute to "State" category for this ip actions.addMACAttribute("a4:ba:db:ff:18:bc","State","Washington"); //Add "Washington" Attribute to "State" category for this mac actions.addMACAttribute("a4:ba:db:ff:18:bc","City","Colorado");
JSON access to data
var utils = Java.type('ros.CROSUtils'); var json = utils.getJSONFromString(data.get("fields").get(0)); log.warn(json.getString('field_1')); log.warn(json.getString('field_2'));
Base64 encoding and decoding
var utils = Java.type('ros.CROSUtils'); var user='Kevin' var password = '!£$%^&*()1234kevin' var encodeduser=utils.base64EncodeString(user); var encodedpass=utils.base64EncodeString(password); var decodeduser=utils.base64DecodeString(encodeduser); var decodedpass=utils.base64DecodeString(encodedpass); log.warn("user:"+user+" password:"+password+" encodeduser:"+encodeduser+" encodedpass:"+encodedpass) log.warn("user:"+user+" password:"+password+" decodeduser:"+decodeduser+" decodedpass:"+decodedpass) //Output= user:Kevin password:!£$%^&*()1234kevin encodeduser:S2V2aW4= encodedpass:IcKjJCVeJiooKTEyMzRrZXZpbg== //Output= user:Kevin password:!£$%^&*()1234kevin decodeduser:Kevin decodedpass:!£$%^&*()1234kevin
Http Post with attributes
var utils = Java.type('ros.CROSUtils'); var thisurl = 'https://jsonplaceholder.typicode.com/posts/1'; var user='Kevin' var password = '!£$%^&*()1234kevin' var encodeduser=utils.base64EncodeString(user); var encodedpass=utils.base64EncodeString(password); var decodeduser=utils.base64DecodeString(encodeduser); var decodedpass=utils.base64DecodeString(encodedpass); log.warn("user:"+user+" password:"+password+" encodeduser:"+encodeduser+" encodedpass:"+encodedpass) log.warn("user:"+user+" password:"+password+" decodeduser:"+decodeduser+" decodedpass:"+decodedpass) //log.warn(utils.HTTPSClientGet(thisurl)) log.warn(utils.HTTPSClientPost("http://jsonplaceholder.typicode.com/posts",[["title","fook"],["body","bark"],["userId","1"]]));
Live DNS lookups
var InetSocketAddress = Java.type('java.net.InetSocketAddress'); var hostname = new InetSocketAddress("172.21.40.14",0).getAddress().getCanonicalHostName(); log.warn(hostname);
Cached DNS lookups
var hostname = actions.dnsCache.resolve("172.21.40.14").name; log.warn(hostname);
See if an ip address is within a range using isIPInRange function
var utils = Java.type('ros.CROSUtils'); log.warn("new arp "+ data.get("display")+" "+data.get("ifdisplay")+" "+data.get("ip")+" "+data.get("macAddress")+" "+data.get("seenIPAddress")+ " "+utils.isIPInRange(data.get("seenIPAddress"),"172.21.40.0","172.21.40.254"));
Sending Syslog Messages
actions.ros.getSyslogSender().send("test");
Searching for IP addresses seen
var utils = Java.type('ros.CROSUtils'); log.warn(actions.allIPs.size()) for (var i=0;i<255;i++){ checkAddress("172.21.40."+i); } function checkAddress(address){ if (actions.allIPs.containsKey(utils.inet_atob(address))){ log.warn("seen "+address+" "+actions.allIPs.get(utils.inet_atob(address))) }else{ log.warn("didnt see "+address); } }
Resolve DNS
function getDNS(ip){ log.warn("getDNS:"+actions.dnsCache.cache.size()); log.warn("getDNS:\""+ip+"\""); var ret = actions.dnsCache.resolve(ip); log.warn(ret); log.warn(ret.name); log.warn(ret.ip); log.warn(ret.resolved); if (ret==null||typeof ret==='undefined'){ return ""; } if (ret.name!==ip){ log.warn(ret); return "Hostname:"+ret.name; } return ""; }
Clear empty tables
var query = "SELECT nspname || '.' || relname AS \"relation\", pg_size_pretty(pg_relation_size(C.oid)) AS \"size\" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) " +"WHERE nspname NOT IN ('pg_catalog', 'information_schema') " +"and relname like 'netflow________%' " +"and pg_relation_size(C.oid)=0 " +"ORDER BY pg_relation_size(C.oid) asc;" var cuttofftime = (new Date().getTime())-(1000*60*60*24*4); var cuttoffwindow=1000*60*60*24; log.warn(cuttofftime+" "+cuttoffwindow); log.warn("Clean empty tables, start"); var rows = actions.getDatabaseManager().getVectorFromDBprepared(query,[]) log.warn("Clean empty tables, rows:"+rows.size()); var countremove=0; var countskipped=0; for (var i=0;i<rows.length;i++){ var fields=rows[i][0].split("_"); if ((((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))){ var rowcount=actions.getDatabaseManager().getLongFromDB("select count(*) from "+rows[i][0],0) if (rowcount==0){ countremove++; log.warn("Clean empty tables, removing:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]); actions.getDatabaseManager().executePrepared("drop table "+rows[i][0],[]) }else{ log.warn("Clean empty tables, not removing unempty taable:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" rowcount"+rowcount); } }else{ countskipped++; log.warn("Clean empty tables, skipping: "+rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" time:" +(parseInt(fields[4])<cuttofftime)+" window:"+(parseInt(fields[5])<cuttoffwindow)+" "+(parseInt(fields[4])+parseInt(fields[5]))+" "+(((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))); } } log.warn("Clean empty tables, removed:"+countremove+" skipped:"+countskipped); log.warn("Clean empty tables, vacuuming:pg_catalog.pg_inherits"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_inherits;",[]) log.warn("Clean empty tables, vacuuming:pg_catalog.pg_constraint"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_constraint;",[]) log.warn("Clean empty tables, vacuuming:pg_catalog.pg_depend"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_depend;",[]) log.warn("Clean empty tables, Done");
Disable autovacuum,
var query = "SELECT nspname || '.' || relname AS \"relation\" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) " +"WHERE nspname NOT IN ('pg_catalog', 'information_schema') " +"and relname like 'netflow________%';" var rows = actions.getDatabaseManager().getVectorFromDBprepared(query,[]) log.warn("Setting tables, rows:"+rows.size()); var count=0; for (var i=0;i<rows.length;i++){ count++; log.warn("Setting tables :"+count+" "+rows[i][0]); actions.getDatabaseManager().executePrepared("alter table "+rows[i][0]+" set (autovacuum_enabled = false, toast.autovacuum_enabled = false)",[]) } log.warn("Setting tables, donw:"+count);
SNMP To A Device
var BigInteger = Java.type("java.math.BigInteger"); var rosutils = Java.type('ros.CROSUtils'); var PrintWriter = Java.type('java.io.PrintWriter'); var writer = new PrintWriter("./resources/webapps/static/softwareversions.html", "UTF-8"); writer.println("<html>"); writer.println("<head>"); writer.println("<link href='/static/css/jquery.dataTables.css' rel='stylesheet'>");writer.println("<link href='/static/css/dashboard.css' rel='stylesheet'>"); writer.println("</head>");writer.println("<body>
IP | Name | OID | Version | Description |
---|---|---|---|---|
"+thisDevice.getIP()+" | "+thisDevice.getName()+" | "+thisDevice.getSysOID()+" | "+actions.querySNMPText(thisDevice, '.1.3.6.1.4.1.9.6.1.101.2.16.1.1.5.1', -1)+" | "+thisDevice.getSysDescr()+" |
writer.close();
Processing synner data
//This script should be set to run every minute //It will find the syn sources matching the required thresholds so that additional actions are performed var utils = Java.type('ros.CROSUtils'); //load utility classes var upperPortCountThreshold=15; //set upper boundary, only synners who probe less than this number are eligible var lowerPortCountThreshold=1; // set lower boundary, only synners who probe more than this number are eligible var ipCount=1; //Set unique IP destination count to match for for (var synner in actions.ros.synMonitor.synners){ //process all source synners. Sinner field contains this synners ip. var synEntry=actions.ros.synMonitor.synners.get(synner); //get sinner object for current synner ip if (!synEntry.ipAlerted){ //if this entry hasn’t been alerted on already if (synEntry.getIps()==ipCount&&synEntry.getDstports()>lowerPortCountThreshold&&synEntry.getDstports()<upperPortCountThreshold){ //check the thresholds log.warn("Synner:"+utils.inet_btoa(synner)+" synCount:"+synEntry.getSyncount()+" Unique IPs:"+synEntry.getIps()+" UniquePorts:"+synEntry.getDstports()); //log out ematching details //Preform actions synEntry.ipAlerted=true; //set this sinner as if it has alerted already so we don’t reprocess it. } } }
Find Un-managed Devices
var utils = Java.type('ros.CROSUtils'); var BigDecimal=Java.type("java.math.BigDecimal") var BigInteger=Java.type("java.math.BigInteger") var Integer = Java.type("java.lang.Long") var Integer = Java.type("java.lang.Integer") var jsonarray = Java.type('org.json.JSONArray'); var portsToTest=[22,80,21] var message="Unmanaged devices"; addSubnet("172.21.21.20/24"); addSubnet("172.21.50.0/24"); //addSubnet("1.0.0.0/29"); //addSubnet("192.168.1.0/24"); log.warn(message); //actions.sendMail('emailaddress@emailaddress.here', 'Potential new devices' ,message); function isAlive(ip){ var results=new jsonarray(true); utils.tcpPortTest(results,ip,portsToTest,100,10); for (var j=0;j<results.length();j++){ var entry =results.getJSONObject(j); if (entry.getInt("response")>-1){ log.warn(entry); return true; } } return false; } function addSubnet(subnet){ var d = utils.getIPRange(subnet.split("/")) //log.warn(utils.inet_btoa(d[0])+" - "+utils.inet_btoa(d[1])); for (var i=d[0];i.compareTo(d[1])<1;i=i.add(BigInteger.ONE)){ if (actions.getDevice(utils.inet_btoa(i))!==null){ //log.warn(utils.inet_btoa(i)+" is already managed") }else{ if (isAlive(utils.inet_btoa(i))){ message+=utils.inet_btoa(i)+" is on the network and unmanaged" log.warn(utils.inet_btoa(i)+" "+isAlive(utils.inet_btoa(i))) } } } log.warn(d); }
Adding arp users
var utils = Java.type('ros.CROSUtils'); var now = new Date().getTime(); function addArp(deviceip,amac,athisip,username,domain,ifindex){ var router = actions.getDevice(deviceip); var mac=utils.macToLong(amac); var thisip=utils.inet_atob(athisip); if (router!==null){ log.warn("known router:"+router); router.addArp(ifindex,mac,thisip,now) actions.addUserToIP(router,thisip,username,domain,now,true); actions.getDatabaseManager().executePrepared("insert into arps_0_"+(now-(now%86400000))+"(customerid,device,ip,mac,userid,domain,ifindex,firstseen,lastseen) values(?,?,?,?,?,?,?,?,?)" ,0,router.getIp(),thisip,mac,username,domain,ifindex,now,now) actions.getDatabaseManager().executePrepared("insert into cams_0_"+(now-(now%86400000))+" values(?,?,?,?,?,?,?)" ,0,router.getIp(),mac,0,ifindex,now,now) actions.getDatabaseManager().executePrepared("insert into searchips_0_"+(now-(now%86400000))+" values(?,?,?,?,?,?,?) " ,thisip,now,router.getIp(),ifindex,1,username,domain) }else{ log.warn("unknown router:"+deviceip); } } addArp("10.20.170.254","18:a9:05:cc:ab:cd","10.200.6.22","john.smith","viavi",30) addArp("172.21.42.3","c0:4a:00:2c:d4:06","10.238.12.30","john.smith","viavi",30) addArp("10.238.12.30","18:a9:05:4b:ab:cd","10.238.12.30","bill.procotor@viavisolutions.com","",30)
Accessing users to ip
log.warn(actions.usersToIP) var userdata = actions.usersToIP; var keys=userdata.keys() for (var i in userdata){ var thisentry=actions.usersToIP.get(i) log.warn(i+" "+thisentry.seenuser.getCurrentIP()+" "+thisentry.seenuser.getLastSeen()+" "+thisentry.seenuser.getUserName()+" "+thisentry.seenuser.getUserDomain()) }
Create LLDP Table
var utils = Java.type('ros.CROSUtils'); actions.getDatabaseManager().executePrepared("create table lldpneighbours(lastseen bigint,device numeric(39),ip text,localintrface text, ifindex int, lldptype int,peeraddress text, peername text, peerplatform text ) ",[]) var timenow= utils.now(); for (var deviceid in actions.getDevices()){ var device =actions.getDevice(deviceid); if (device.lldpEntries.size()>0){ //log.warn("---device:"+device+" lldps:"+device.lldpEntries.size()); for (var lldpid in device.lldpEntries){ var lldp =device.lldpEntries.get(lldpid); //log.warn(lldp); var ifindex =device.getIfIndexFromName(lldp.getLocalinterface()); if (ifindex>-1){ log.warn(timenow+" "+device.getIp()+" "+device.getIP()+" name:"+lldp.getLocalinterface()+" ifindex:"+ifindex+"-------lldp:"+lldp.getType()+" getPeerAddress:"+lldp.getPeerAddress()+" getPeerName:"+lldp.getPeerName()+" getPlatform:"+lldp.getPlatform()); actions.getDatabaseManager().executePrepared("insert into lldpneighbours values ("+timenow+",'"+device.getIp()+"','"+device.getIP()+"','"+utils.cleanText(lldp.getLocalinterface())+"',"+ifindex+","+lldp.getType()+",'"+lldp.getPeerAddress()+"','"+utils.cleanText(lldp.getPeerName())+"','"+utils.cleanText(ll dp.getPlatform())+"')",[]) }else{ //Couldn't identify interface } } } } actions.getDatabaseManager().executePrepared("delete from lldpneighbours where lastseen!="+timenow+";",[])
Injecting events into the database directly
var utils = Java.type('ros.CROSUtils'); var ros = Java.type('ros.ROS'); ros.postureToString.put(1000,"Interface State"); var now= new Date().getTime(); log.warn("ROS.eventsWindow:"+ros.eventsWindow); var fields='(customerid,device,firstseen,eventtype,eventsrctype,eventsrc,message,datatype,data,datasource,category,confidence,severity,target)'; //Just edit the following var state="Down"; var deviceip="172.21.21.254" var ifindex=1; // var customerid=0; var device=utils.inet_atob(deviceip); var firstseen=now; var eventtype=1000 var eventsrctype=8 var eventsrc=deviceip var message="Interface "+state+" on ifindex:"+ifindex; var datatype=1 var data=JSON.stringify({"inif":ifindex,"outif":ifindex,"device":deviceip}); var datasource="IF Script" var category="Interface "+state var confidence=100; var severity=100; var target=deviceip; log.warn("insert into events_"+(now - (now % ros.eventsWindow))+" "+fields+" values (?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); actions.getDatabaseManager().executePrepared("insert into events_"+(now - (now % ros.eventsWindow))+" "+fields+" values (?,?,?,?,?,?,?,?,?,?,?,?,?,?)", customerid,device,firstseen,eventtype,eventsrctype,eventsrc,message,datatype,data,datasource,category,confidence,severity,target)