Useful Functions
From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 11:00, 23 November 2017 by Kevin Wilkie (Talk | contribs)
Sleep
function sleep(delay) { var start = new Date().getTime(); while (new Date().getTime() < start + delay); }
Adding Attributes, automaticaly creating the category if it doesn't exists
actions.addIPAttribute("172.21.40.14","State","New York"); //Add "New York" Attribute to "State" category for this ip actions.addMACAttribute("a4:ba:db:ff:18:bc","State","Washington"); //Add "Washington" Attribute to "State" category for this mac actions.addMACAttribute("a4:ba:db:ff:18:bc","City","Colorado");
JSON access to data
var utils = Java.type('ros.CROSUtils'); var json = utils.getJSONFromString(data.get("fields").get(0)); log.warn(json.getString('field_1')); log.warn(json.getString('field_2'));
Base64 encoding and decoding
var utils = Java.type('ros.CROSUtils'); var user='Kevin' var password = '!£$%^&*()1234kevin' var encodeduser=utils.base64EncodeString(user); var encodedpass=utils.base64EncodeString(password); var decodeduser=utils.base64DecodeString(encodeduser); var decodedpass=utils.base64DecodeString(encodedpass); log.warn("user:"+user+" password:"+password+" encodeduser:"+encodeduser+" encodedpass:"+encodedpass) log.warn("user:"+user+" password:"+password+" decodeduser:"+decodeduser+" decodedpass:"+decodedpass) //Output= user:Kevin password:!£$%^&*()1234kevin encodeduser:S2V2aW4= encodedpass:IcKjJCVeJiooKTEyMzRrZXZpbg== //Output= user:Kevin password:!£$%^&*()1234kevin decodeduser:Kevin decodedpass:!£$%^&*()1234kevin
Http Post with attributes
var utils = Java.type('ros.CROSUtils'); var thisurl = 'https://jsonplaceholder.typicode.com/posts/1'; var user='Kevin' var password = '!£$%^&*()1234kevin' var encodeduser=utils.base64EncodeString(user); var encodedpass=utils.base64EncodeString(password); var decodeduser=utils.base64DecodeString(encodeduser); var decodedpass=utils.base64DecodeString(encodedpass); log.warn("user:"+user+" password:"+password+" encodeduser:"+encodeduser+" encodedpass:"+encodedpass) log.warn("user:"+user+" password:"+password+" decodeduser:"+decodeduser+" decodedpass:"+decodedpass) //log.warn(utils.HTTPSClientGet(thisurl)) log.warn(utils.HTTPSClientPost("http://jsonplaceholder.typicode.com/posts",[["title","fook"],["body","bark"],["userId","1"]]));
Live DNS lookups
var InetSocketAddress = Java.type('java.net.InetSocketAddress'); var hostname = new InetSocketAddress("172.21.40.14",0).getAddress().getCanonicalHostName(); log.warn(hostname);
Cached DNS lookups
var hostname = actions.dnsCache.resolve("172.21.40.14").name; log.warn(hostname);
See if an ip address is within a range using isIPInRange function
var utils = Java.type('ros.CROSUtils'); log.warn("new arp "+ data.get("display")+" "+data.get("ifdisplay")+" "+data.get("ip")+" "+data.get("macAddress")+" "+data.get("seenIPAddress")+ " "+utils.isIPInRange(data.get("seenIPAddress"),"172.21.40.0","172.21.40.254"));
Sending Syslog Messages
actions.ros.getSyslogSender().send("test");
Searching for IP addresses seen
var utils = Java.type('ros.CROSUtils'); log.warn(actions.allIPs.size()) for (var i=0;i<255;i++){ checkAddress("172.21.40."+i); } function checkAddress(address){ if (actions.allIPs.containsKey(utils.inet_atob(address))){ log.warn("seen "+address+" "+actions.allIPs.get(utils.inet_atob(address))) }else{ log.warn("didnt see "+address); } }
Resolve DNS
function getDNS(ip){ log.warn("getDNS:"+actions.dnsCache.cache.size()); log.warn("getDNS:\""+ip+"\""); var ret = actions.dnsCache.resolve(ip); log.warn(ret); log.warn(ret.name); log.warn(ret.ip); log.warn(ret.resolved); if (ret==null||typeof ret==='undefined'){ return ""; } if (ret.name!==ip){ log.warn(ret); return "Hostname:"+ret.name; } return ""; }
Clear empty tables
var query = "SELECT nspname || '.' || relname AS \"relation\", pg_size_pretty(pg_relation_size(C.oid)) AS \"size\" FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) " +"WHERE nspname NOT IN ('pg_catalog', 'information_schema') " +"and relname like 'netflow________%' " +"and pg_relation_size(C.oid)=0 " +"ORDER BY pg_relation_size(C.oid) asc;" var cuttofftime = (new Date().getTime())-(1000*60*60*24*4); var cuttoffwindow=1000*60*60*24; log.warn(cuttofftime+" "+cuttoffwindow); log.warn("Clean empty tables, start"); var rows = actions.getDatabaseManager().getVectorFromDBprepared(query,[]) log.warn("Clean empty tables, rows:"+rows.size()); var countremove=0; var countskipped=0; for (var i=0;i<rows.length;i++){ var fields=rows[i][0].split("_"); if ((((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))){ var rowcount=actions.getDatabaseManager().getLongFromDB("select count(*) from "+rows[i][0],0) if (rowcount==0){ countremove++; log.warn("Clean empty tables, removing:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]); actions.getDatabaseManager().executePrepared("drop table "+rows[i][0],[]) }else{ log.warn("Clean empty tables, not removing unempty taable:" +rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" rowcount"+rowcount); }
}else{
countskipped++; log.warn("Clean empty tables, skipping: "+rows[i][0]+" 0:"+fields[0]+" 1:"+fields[1]+" 2:"+fields[2]+" 3:"+fields[3]+" 4:"+fields[4]+" 5:"+fields[5]+" time:" +(parseInt(fields[4])<cuttofftime)+" window:"+(parseInt(fields[5])<cuttoffwindow)+" "+(parseInt(fields[4])+parseInt(fields[5]))+" "+(((parseInt(fields[4])+parseInt(fields[5]))<cuttofftime))); } } log.warn("Clean empty tables, removed:"+countremove+" skipped:"+countskipped); log.warn("Clean empty tables, vacuuming:pg_catalog.pg_inherits"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_inherits;",[]) log.warn("Clean empty tables, vacuuming:pg_catalog.pg_constraint"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_constraint;",[]) log.warn("Clean empty tables, vacuuming:pg_catalog.pg_depend"); actions.getDatabaseManager().executePrepared("vacuum full pg_catalog.pg_depend;",[]) log.warn("Clean empty tables, Done");