diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-09-26 15:15:15 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-09-26 15:15:15 +0200 |
| commit | 04bbbcd0553362f7764c5b70d614c71f1817aed1 (patch) | |
| tree | a537b753aef66a9fe3ef1371fce1c941056bc6fe /examples | |
| parent | 8c61f883621169f5c9451758eed4b3a4ee9ee3a2 (diff) | |
Improved event parsing for Python scripts.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/py-flow-info/flow-info.py | 17 | ||||
| -rwxr-xr-x | examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py | 2 |
2 files changed, 8 insertions, 11 deletions
diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py index 61f25429d..ff513023e 100755 --- a/examples/py-flow-info/flow-info.py +++ b/examples/py-flow-info/flow-info.py @@ -11,12 +11,11 @@ from nDPIsrvd import nDPIsrvdSocket, TermColor def parse_json_str(json_str): j = nDPIsrvd.JsonParseBytes(json_str[0]) - event_str = nDPIsrvd.validateFlowEventName(j) - if event_str is 'Unknown': - if nDPIsrvd.validatePacketEventName(j) is 'Unknown': - raise RuntimeError('Missing flow_event_name in the JSON string.') - else: - return + nDPIdEvent = nDPIsrvd.validateJsonEventTypes(j) + if nDPIdEvent.isValid is False: + raise RuntimeError('Missing flow_event_name in the JSON string: {}'.format(j)) + if nDPIdEvent.FlowEventID == -1: + return ndpi_proto_categ = '' ndpi_frisk = '' @@ -39,7 +38,7 @@ def parse_json_str(json_str): ndpi_frisk[:-2]) if j['l3_proto'] == 'ip4': - print('{:>14}: [{:.>6}] [{}][{:.>5}] [{:.>15}]{} -> [{:.>15}]{} {}'.format(event_str, + print('{:>16}: [{:.>6}] [{}][{:.>5}] [{:.>15}]{} -> [{:.>15}]{} {}'.format(nDPIdEvent.FlowEventName, j['flow_id'], j['l3_proto'], j['l4_proto'], j['src_ip'].lower(), '[{:.>5}]'.format(j['src_port']) if 'src_port' in j else '', @@ -47,7 +46,7 @@ def parse_json_str(json_str): '[{:.>5}]'.format(j['dst_port']) if 'dst_port' in j else '', ndpi_proto_categ)) elif j['l3_proto'] == 'ip6': - print('{:>14}: [{:.>6}] [{}][{:.>5}] [{:.>39}]{} -> [{:.>39}]{} {}'.format(event_str, + print('{:>16}: [{:.>6}] [{}][{:.>5}] [{:.>39}]{} -> [{:.>39}]{} {}'.format(nDPIdEvent.FlowEventName, j['flow_id'], j['l3_proto'], j['l4_proto'], j['src_ip'].lower(), '[{:.>5}]'.format(j['src_port']) if 'src_port' in j else '', @@ -58,7 +57,7 @@ def parse_json_str(json_str): raise RuntimeError('unsupported l3 protocol: {}'.format(j['l3_proto'])) if len(ndpi_frisk) > 0: - print('{:>16}{}'.format('', ndpi_frisk)) + print('{:>18}{}'.format('', ndpi_frisk)) if __name__ == '__main__': diff --git a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py b/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py index 5636b25d5..f3348e9a1 100755 --- a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py +++ b/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py @@ -33,8 +33,6 @@ def parse_json_str(json_str): elif event == 'detected' or event == 'detection-update' or event == 'guessed' or event == 'not-detected': if 'ndpi' in j and 'flow_risk' in j['ndpi']: print('Risky flow with id {}, PCAP dump returned: {}'.format(flow_id, FLOWS[flow_id].fin('risky'))) - - FLOWS[flow_id].detected() else: raise RuntimeError('unknown flow event name: {}'.format(event)) |