OSSIM open source security information management system

Keywords: Operation & Maintenance security


The code analyzed last week is mainly Framework.py. This week, we will analyze the code of other files involved in the call.

1. Analysis of other classes involved in Framework.py

1.1 brief introduction

Last week, we briefly analyzed and introduced the source code of the main source code file Framework.py of the Framework part, in which Framework.py imported and referenced many other classes and class methods. Last week, when analyzing the source code of the main file Framework.py, for the methods of other classes called, I just looked at the basic information such as the functions implemented by this class method and the returned values, without a detailed analysis of its implementation process and the class to which this method belongs. Therefore, this week's task is mainly to conduct a detailed analysis of the implementation code of relevant classes and related class methods referenced in the Framework.py file, and analyze the method implementation process and principle.

1.2 class diagram

Use UML class diagram to briefly describe the relationship between various classes involved in Framework.py


This part analyzes the source code of Logger.py. This part mainly realizes the functions related to the system log, such as outputting the log to the system file in a certain format, outputting the log to the remote system and so on. The key in the logger class is actually the logger attribute, and the definition of the logger attribute: logger = logging. Getlogger ('framework d '), which is mainly related to the logging module of python.

First, import relevant modules

import string, logging, os, sys

When writing code in Python, you can use print xx to display and print relevant information on the console where you want to view relevant information, so that you can know some relevant information generated during the operation of the program. However, when I need to see a large number of places or view in a file, it may not be convenient to use print at this time, So Python introduces the logging module to record the information I want.

Print can also input logs, but logging is more convenient than print to control where and how to output the output and control the message level to filter out unwanted information.

Next is the code part of the concrete class

First, create a logger log object, then set the default log level, create a log format object, customize the log format, and load the StreamHandler object with the logger log object.

handler: rules used to customize log objects (such as setting log output format, level, etc.)

This level will be covered later

Level sorting: critical > error > warning > info > debug

debug: print all logs and detailed information, which usually only appears in the diagnosis of problems

Info: print logs at info, warning, error and critical levels to confirm that everything runs as expected

Warning: print the warning,error,critical level log. It is an indication that something unexpected has happened or that some problems will occur in the near future (for example, low disk space). This software can still work as expected

Error: print error,critical level log, more serious problem, the software fails to perform some functions

Critical: print the critical level, a serious error, indicating that the program itself may not continue to run

#Use the factory method to return a Logger instance
logger = logging.getLogger('frameworkd')

#Log level master switch to set the log level   

DEFAULT_FORMAT = '%(asctime)s %(module)s [%(levelname)s]: %(message)s'
SYSLOG_FORMAT = 'ossim-frameword: %(asctime)s %(module)s [%(levelname)s]: %(message)s'

#Define the output format of the handler. The Formatter is a general format output tool for python and a string formatting tool
__formatter = logging.Formatter(DEFAULT_FORMAT)
__streamhandler = None

#By default, the Streamhandler is loaded, that is, the information is output to the console
#It will be deleted in daemon mode
__streamhandler = logging.StreamHandler()

#StreamHandler object custom log format

#logger log object loads the StreamHandler object

1,remove_console_handler() method:

This method code is very simple and is used to remove the default settings of the above code__ streamhandler = logging.StreamHandler()

This method is called when the Agent starts in daemon mode

if Logger.__streamhandler:

2,_ add_file_handler(file, log_level = None) method:

Output the log information to the specified disk file in a specific format

First, get the directory address of the incoming variable file and judge whether the directory address exists. If it does not exist, use makedirs to create the directory recursively

def _add_file_handler(file, log_level = None):
    #rstrip: deletes the specified character at the end of a string (the default is a space)
    #The os.path module is mainly used to obtain the attributes of the file
    #basename(): returns the file name
    #dir is the directory address of the file
    dir = file.rstrip(os.path.basename(file))
    #First judge whether the file directory address exists. If it does not exist, use makedirs to create the directory address
    #os.makedirs(dir, 0755): create directories recursively.
    #If the subdirectory creation fails or already exists, an OSError exception will be thrown.
    if not os.path.isdir(dir):
           os.makedirs(dir, 0755)
        except OSError, e:
           print "Logger: Error adding file handler,", \
                    "can not create log directory (%s): %s" % (dir, e)

Then create a FileHandler object, customize the log format, and the logger log object loads the FileHandler object

#Create a FileHandler object and catch the corresponding exception
#FileHandler: inherited from StreamHandler. Output log information to disk file.
    handler = logging.FileHandler(file)
except IOError, e:
    print "Logger: Error adding file handler: %s" % (e)

#Custom log format
if log_level: # Modify log_level

#logger load FileHandler object

3,add_error_file_handler(file) method:

This method is very simple. Its function is to output log error and critical information to the specified disk file

By calling the method just analyzed_ add_file_handler(file, logging.ERROR) implementation.

Set log level log_level = logging.ERROR, so that only error and critical log information can be output to the specified file

def add_error_file_handler(file):
    Logger._add_file_handler(file, logging.ERROR)

About grades: the above article has briefly described the relationship between grades and the corresponding printout content information. Here is a simple experimental test

Test code:

import logging  # Introducing the logging module
# Print information to the console

Console output:

It can be seen that only the last three levels are output. The level of the default generated root logger is logging.WARNING, and those lower than this level will not be output

4,add_syslog_handler(address) method:

Send events to the remote system log

The process is the same as before: first create a SysLogHandler, then set the log format, and finally load the SysLogHandler object from the logger log object

def add_syslog_handler(address):
    from logging.handlers import SysLogHandler
    handler = SysLogHandler(address)

The next article continues to analyze BackupManager.py

Previous: OSSIM open source security information management system (6)

Posted by footiemadman007 on Fri, 22 Oct 2021 05:05:20 -0700