csle_collector.constants package
Submodules
csle_collector.constants.constants module
Constants for csle collector
- class csle_collector.constants.constants.BEATS[source]
Bases:
objectConstants related to beats
- ADD_HOST_METADATA_PROPERTY = 'add_host_metadata'
- AUDIT_PROPERTY = 'audit'
- AUTH_PROPERTY = 'auth'
- ELASTIC_OUTPUT_PROPERTY = 'output.elasticsearch'
- ENABLED_PROPERTY = 'enabled'
- FILESTREAM_PROPERTY = 'filestream'
- FILE_PROPERTY = 'file'
- FORWARDED_PROPERTY = 'forwarded'
- GROUP_ID_PROPERTY = 'group_id'
- HOSTS_PROPERTY = 'hosts'
- HOST_PROPERTY = 'host'
- ID_PROPERTY = 'id'
- INDEX_NUM_SHARDS_PROPERTY = 'index.number_of_shards'
- KAFKA_PROPERTY = 'kafka'
- LOG_PROPERTY = 'log'
- METRICSETS_PROPERTY = 'metricsets'
- MODULE_PROPERTY = 'module'
- NAME_PROPERTY = 'name'
- PATHS_PROPERTY = 'paths'
- PATH_PROPERTY = 'path'
- PERIOD_PROPERTY = 'period'
- PROCESSORS_PROPERTY = 'processors'
- RELOAD_ENABLED_PROPERTY = 'reload.enabled'
- SERVER_PROPERTY = 'server'
- SETUP_KIBANA_PROPERTY = 'setup.kibana'
- SETUP_TEMPLATE_SETTINGS_PROPERTY = 'setup.template.settings'
- SLOWLOG_PROPERTY = 'slowlog'
- SYSLOG_PROPERTY = 'syslog'
- TOPICS_PROPERTY = 'topics'
- TYPE_PROPERTY = 'type'
- VAR_INPUT_PROPERTY = 'var.input'
- VAR_PATHS_PROPERTY = 'var.paths'
- WHEN_NOT_CONTAIN_TAGS_PROPERTY = 'when.not.contains.tags'
- class csle_collector.constants.constants.DICT_PROPERTIES[source]
Bases:
objectString constants representing dict properties
- RUNNING = 'running'
- TOPICS = 'topics'
- class csle_collector.constants.constants.DOCKER_STATS[source]
Bases:
objectConstants related to Docker stats
- BLKIO_STATS = 'blkio_stats'
- BLK_READ = 'blk_read'
- BLK_WRITE = 'blk_write'
- CONTAINER_ID = 'container_id'
- CONTAINER_IP = 'container_ip'
- CONTAINER_NAME = 'container_name'
- CPU_PERCENT = 'cpu_percent'
- CPU_STATS = 'cpu_stats'
- CPU_USAGE = 'cpu_usage'
- CURRENT = 'current'
- IO_SERVICE_BYTES_RECURSIVE = 'io_service_bytes_recursive'
- LIMIT = 'limit'
- MEMORY_STATS = 'memory_stats'
- MEM_CURRENT = 'mem_current'
- MEM_PERCENT = 'mem_percent'
- MEM_TOTAL = 'mem_total'
- NETWORKS = 'networks'
- NET_RX = 'net_rx'
- NET_TX = 'net_tx'
- ONLINE_CPUS = 'online_cpus'
- OP = 'op'
- PERCPU_USAGE = 'percpu_usage'
- PIDS = 'pids'
- PIDS_STATS = 'pids_stats'
- PRECPU_STATS = 'precpu_stats'
- READ = 'Read'
- RX_BYTES = 'rx_bytes'
- SYSTEM_CPU_USAGE = 'system_cpu_usage'
- TIMESTAMP = 'timestamp'
- TOTAL_USAGE = 'total_usage'
- TX_BYTES = 'tx_bytes'
- UNIX_DOCKER_SOCK_URL = 'unix://var/run/docker.sock'
- USAGE = 'usage'
- VALUE = 'value'
- WRITE = 'Write'
- class csle_collector.constants.constants.ELK[source]
Bases:
objectString constants for managing the ELK stack
- ELASTICSEARCH_LOG_DIR = '/var/log/elasticsearch/'
- ELASTICSEARCH_START = 'service elasticsearch start'
- ELASTICSEARCH_STATUS = 'service elasticsearch status'
- ELASTICSEARCH_STOP = 'service elasticsearch stop'
- ELASTIC_PORT = 9200
- ELK_LOG = '/elk_server.log'
- ELK_START = 'nohup /usr/local/bin/start.sh > /elk_server.log &'
- KIBANA_LOG_DIR = '/var/log/kibana/'
- KIBANA_PORT = 5601
- KIBANA_START = 'service kibana start'
- KIBANA_STATUS = 'service kibana status'
- KIBANA_STOP = 'service kibana stop'
- LOGSTASH_LOG_DIR = '/var/log/logstash/'
- LOGSTASH_PORT = 5044
- LOGSTASH_START = 'service logstash start'
- LOGSTASH_STATUS = 'service logstash status'
- LOGSTASH_STOP = 'service logstash stop'
- class csle_collector.constants.constants.ELK_CONFIG[source]
Bases:
objectConstants related to the ELK container configuration
- NETWORK_ID_FOURTH_OCTET = 252
- NETWORK_ID_THIRD_OCTET = 253
- SUFFIX = '_1'
- class csle_collector.constants.constants.EXTERNAL_NETWORK[source]
Bases:
objectConstants related to the external network
- NETWORK_ID_THIRD_OCTET = 1
- class csle_collector.constants.constants.FILEBEAT[source]
Bases:
objectConstants related to Filebeat
- CONFIG_DIR = '/etc/filebeat/'
- CONFIG_FILE = '/etc/filebeat/filebeat.yml'
- ELASTICSEARCH_MODULE = 'elasticsearch'
- ELASTICSEARCH_MODULE_CONFIG_FILE = 'elasticsearch.yml'
- ENABLE_MODULE_CMD = 'filebeat modules enable {}'
- FILEBEAT_GROUP_ID = 'filebeat'
- FILEBEAT_START = 'sudo service filebeat start'
- FILEBEAT_STATUS = 'sudo service filebeat status'
- FILEBEAT_STOP = 'sudo service filebeat stop'
- INPUTS_PROPERTY = 'filebeat.inputs'
- KAFKA_MODULE = 'kafka'
- KAFKA_MODULE_CONFIG_FILE = 'kafka.yml'
- KIBANA_MODULE = 'kibana'
- KIBANA_MODULE_CONFIG_FILE = 'kibana.yml'
- LOGSTASH_MODULE = 'logstash'
- LOGSTASH_MODULE_CONFIG_FILE = 'logstash.yml'
- MODULES_CONFIG_DIR = '/etc/filebeat/modules.d/'
- MODULES_PROPERTY = 'filebeat.config.modules'
- SETUP_CMD = 'filebeat setup -e'
- SNORT_MODULE = 'snort'
- SNORT_MODULE_CONFIG_FILE = 'snort.yml'
- SYSTEM_MODULE = 'system'
- SYSTEM_MODULE_CONFIG_FILE = 'system.yml'
- class csle_collector.constants.constants.GRPC[source]
Bases:
objectConstants related to GRPC
- CONFIG_TIMEOUT_SECONDS = 300
- OPERATION_TIMEOUT_SECONDS = 30000
- TIMEOUT_SECONDS = 60
- class csle_collector.constants.constants.GRPC_WORKERS[source]
Bases:
objectConstants related to the number of GRPC workers
- DEFAULT_MAX_NUM_WORKERS = 10
- class csle_collector.constants.constants.HEARTBEAT[source]
Bases:
objectConstants related to heartbeat
- CONFIG_DIR = '/etc/heartbeat/'
- CONFIG_FILE = '/etc/heartbeat/heartbeat.yml'
- CSLE_MONITOR_SERVICE_ID = 'csle-topology-connection-service-id'
- CSLE_MONITOR_SERVICE_NAME = 'csle-topology-connection-service'
- HEARTBEAT_MONITORS_PROPERTY = 'heartbeat.monitors'
- HEARTBEAT_START = 'sudo service heartbeat-elastic start'
- HEARTBEAT_STATUS = 'sudo service heartbeat-elastic status'
- HEARTBEAT_STOP = 'sudo service heartbeat-elastic stop'
- ICMP_MONITOR_TYPE = 'icmp'
- SCHEDULE_PROPERTY = 'schedule'
- SETUP_CMD = 'heartbeat setup -e'
- class csle_collector.constants.constants.HOST_METRICS[source]
Bases:
objectConstants related to the defender’s sensor commands
- LIST_FAILED_LOGIN_ATTEMPTS = 'sudo tail -10000 /var/log/auth.log'
- LIST_LOGGED_IN_USERS_CMD = 'users'
- LIST_NUMBER_OF_PROCESSES = 'ps -e | wc -l'
- LIST_OPEN_CONNECTIONS_CMD = 'netstat -n'
- LIST_SUCCESSFUL_LOGIN_ATTEMPTS = 'last'
- LIST_USER_ACCOUNTS = 'cat /etc/passwd'
- class csle_collector.constants.constants.HTTP[source]
Bases:
objectConstants related to HTTP
- APPLICATION_JSON_TYPE = 'application/json'
- BAD_REQUEST_RESPONSE_CODE = 400
- DELETE = 'DELETE'
- GET = 'GET'
- HTTP_PROTOCOL_PREFIX = 'http://'
- INTERNAL_SERVER_ERROR_RESPONSE_CODE = 500
- LOCALHOST = 'localhost'
- OK_RESPONSE_CODE = 200
- POST = 'POST'
- PUT = 'PUT'
- class csle_collector.constants.constants.INTERFACES[source]
Bases:
objectString constrants related to networking interfaces
- ADDR = 'addr'
- ETH0 = 'eth0'
- ETH1 = 'eth1'
- class csle_collector.constants.constants.KAFKA[source]
Bases:
objectString constants for managing Kafka
- AUTO_OFFSET_RESET_PROPERTY = 'auto.offset.reset'
- BOOTSTRAP_SERVERS_PROPERTY = 'bootstrap.servers'
- CLIENT_ID_PROPERTY = 'client.id'
- DIR = '/usr/local/kafka/logs/'
- EARLIEST_OFFSET = 'earliest'
- EXTERNAL_IP_PLACEHOLDER = 'EXTERNAL_IP'
- EXTERNAL_PORT = 9292
- GROUP_ID_PROPERTY = 'group.id'
- INTERNAL_IP_PLACEHOLDER = 'INTERNAL_IP'
- KAFKA_CONFIG_FILE = '/usr/local/kafka/config/server.properties'
- KAFKA_START = 'service kafka start'
- KAFKA_STATUS = 'service kafka status'
- KAFKA_STOP = 'service kafka stop'
- PORT = 9092
- RETENTION_MS_CONFIG_PROPERTY = 'retention.ms'
- class csle_collector.constants.constants.KAFKA_CONFIG[source]
Bases:
objectConstants related to the kafka container configuration
- ALL_DELTA_AGG_LABELS = ['total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_priority', 'priority_1_alerts', 'priority_2_alerts', 'priority_3_alerts', 'priority_4_alerts', 'attempted-admin_alerts', 'attempted-user_alerts', 'inappropriate-content_alerts', 'policy-violation_alerts', 'shellcode-detect_alerts', 'successful-admin_alerts', 'successful-user_alerts', 'trojan-activity_alerts', 'unsuccessful-user_alerts', 'web-application-attack_alerts', 'attempted-dos_alerts', 'attempted-recon_alerts', 'bad-unknown_alerts', 'default-login-attempt_alerts', 'denial-of-service_alerts', 'misc-attack_alerts', 'non-standard-protocol_alerts', 'rpc-portmap-decode_alerts', 'successful-dos_alerts', 'successful-recon-largescale_alerts', 'successful-recon-limited_alerts', 'suspicious-filename-detect_alerts', 'suspicious-login_alerts', 'system-call-detect_alerts', 'unusual-client-port-connection_alerts', 'web-application-activity_alerts', 'icmp-event_alerts', 'misc-activity_alerts', 'network-scan_alerts', 'not-suspicious_alerts', 'protocol-command-decode_alerts', 'string-detect_alerts', 'unknown_alerts', 'tcp-connection_alerts', 'num_logged_in_users', 'severe_alerts', 'warning_alerts', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users', 'pids', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rx', 'net_tx', 'cpu_percent', 'cpu_percent', 'num_clients', 'rate', 'service_time', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- ALL_DELTA_MACHINE_LABELS = ['total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_priority', 'priority_1_alerts', 'priority_2_alerts', 'priority_3_alerts', 'priority_4_alerts', 'attempted-admin_alerts', 'attempted-user_alerts', 'inappropriate-content_alerts', 'policy-violation_alerts', 'shellcode-detect_alerts', 'successful-admin_alerts', 'successful-user_alerts', 'trojan-activity_alerts', 'unsuccessful-user_alerts', 'web-application-attack_alerts', 'attempted-dos_alerts', 'attempted-recon_alerts', 'bad-unknown_alerts', 'default-login-attempt_alerts', 'denial-of-service_alerts', 'misc-attack_alerts', 'non-standard-protocol_alerts', 'rpc-portmap-decode_alerts', 'successful-dos_alerts', 'successful-recon-largescale_alerts', 'successful-recon-limited_alerts', 'suspicious-filename-detect_alerts', 'suspicious-login_alerts', 'system-call-detect_alerts', 'unusual-client-port-connection_alerts', 'web-application-activity_alerts', 'icmp-event_alerts', 'misc-activity_alerts', 'network-scan_alerts', 'not-suspicious_alerts', 'protocol-command-decode_alerts', 'string-detect_alerts', 'unknown_alerts', 'tcp-connection_alerts', 'num_logged_in_users', 'severe_alerts', 'warning_alerts', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users', 'pids', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rx', 'net_tx', 'cpu_percent', 'cpu_percent', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- ALL_INITIAL_AGG_LABELS = ['num_logged_in_users', 'severe_alerts', 'warning_alerts', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users', 'pids', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rx', 'net_tx', 'cpu_percent', 'cpu_percent', 'num_clients', 'rate', 'service_time', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_priority', 'priority_1_alerts', 'priority_2_alerts', 'priority_3_alerts', 'priority_4_alerts', 'attempted-admin_alerts', 'attempted-user_alerts', 'inappropriate-content_alerts', 'policy-violation_alerts', 'shellcode-detect_alerts', 'successful-admin_alerts', 'successful-user_alerts', 'trojan-activity_alerts', 'unsuccessful-user_alerts', 'web-application-attack_alerts', 'attempted-dos_alerts', 'attempted-recon_alerts', 'bad-unknown_alerts', 'default-login-attempt_alerts', 'denial-of-service_alerts', 'misc-attack_alerts', 'non-standard-protocol_alerts', 'rpc-portmap-decode_alerts', 'successful-dos_alerts', 'successful-recon-largescale_alerts', 'successful-recon-limited_alerts', 'suspicious-filename-detect_alerts', 'suspicious-login_alerts', 'system-call-detect_alerts', 'unusual-client-port-connection_alerts', 'web-application-activity_alerts', 'icmp-event_alerts', 'misc-activity_alerts', 'network-scan_alerts', 'not-suspicious_alerts', 'protocol-command-decode_alerts', 'string-detect_alerts', 'unknown_alerts', 'tcp-connection_alerts', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- ALL_INITIAL_MACHINE_LABELS = ['num_logged_in_users', 'severe_alerts', 'warning_alerts', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users', 'pids', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rx', 'net_tx', 'cpu_percent', 'cpu_percent', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_priority', 'priority_1_alerts', 'priority_2_alerts', 'priority_3_alerts', 'priority_4_alerts', 'attempted-admin_alerts', 'attempted-user_alerts', 'inappropriate-content_alerts', 'policy-violation_alerts', 'shellcode-detect_alerts', 'successful-admin_alerts', 'successful-user_alerts', 'trojan-activity_alerts', 'unsuccessful-user_alerts', 'web-application-attack_alerts', 'attempted-dos_alerts', 'attempted-recon_alerts', 'bad-unknown_alerts', 'default-login-attempt_alerts', 'denial-of-service_alerts', 'misc-attack_alerts', 'non-standard-protocol_alerts', 'rpc-portmap-decode_alerts', 'successful-dos_alerts', 'successful-recon-largescale_alerts', 'successful-recon-limited_alerts', 'suspicious-filename-detect_alerts', 'suspicious-login_alerts', 'system-call-detect_alerts', 'unusual-client-port-connection_alerts', 'web-application-activity_alerts', 'icmp-event_alerts', 'misc-activity_alerts', 'network-scan_alerts', 'not-suspicious_alerts', 'protocol-command-decode_alerts', 'string-detect_alerts', 'unknown_alerts', 'tcp-connection_alerts', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- ATTACKER_ACTIONS_ATTRIBUTES = ['timestamp', 'id', 'description', 'index', 'name', 'time', 'ip', 'cmd']
- ATTACKER_ACTIONS_TOPIC_NAME = 'attacker_actions'
- AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_ATTRIBUTES = ['timestamp', 'datapath_id', 'total_num_packets', 'total_num_bytes', 'avg_duration_nanoseconds', 'avg_duration_seconds', 'avg_hard_timeout', 'avg_idle_timeout', 'avg_priority', 'avg_cookie']
- AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_NAME = 'avg_openflow_flow_stats_per_switch'
- AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_ATTRIBUTES = ['timestamp', 'datapath_id', 'total_num_received_packets', 'total_num_received_bytes', 'total_num_received_errors', 'total_num_transmitted_packets', 'total_num_transmitted_bytes', 'total_num_transmitted_errors', 'total_num_received_dropped', 'total_num_transmitted_dropped', 'total_num_received_frame_errors', 'total_num_received_overrun_errors', 'total_num_received_crc_errors', 'total_num_collisions', 'avg_duration_nanoseconds', 'avg_duration_seconds']
- AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_NAME = 'avg_openflow_port_stats_per_switch'
- CLIENT_POPULATION_METRIC_LABELS = ['num_clients', 'rate', 'service_time']
- CLIENT_POPULATION_TOPIC_ATTRIBUTES = ['timestamp', 'ip', 'num_clients', 'rate']
- CLIENT_POPULATION_TOPIC_NAME = 'client_population'
- DEFAULT_NUM_PARTITIONS = 1
- DEFAULT_NUM_REPLICAS = 1
- DEFAULT_RETENTION_TIME_HOURS = 240
- DEFENDER_ACTIONS_ATTRIBUTES = ['timestamp', 'id', 'description', 'index', 'name', 'time', 'ip', 'cmd']
- DEFENDER_ACTIONS_TOPIC_NAME = 'defender_actions'
- DOCKER_HOST_STATS_TOPIC_NAME = 'docker_host_stats'
- DOCKER_STATS_COUNTER_LABELS = ['pids', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rx', 'net_tx']
- DOCKER_STATS_PERCENT_LABELS = ['cpu_percent', 'cpu_percent']
- DOCKER_STATS_TOPIC_ATTRIBUTES = ['timestamp', 'ip', 'cpu_percent', 'mem_current', 'mem_total', 'mem_percent', 'blk_read', 'blk_write', 'net_rc', 'net_tx', 'pids']
- DOCKER_STATS_TOPIC_NAME = 'docker_stats'
- HOST_METRICS_LABELS = ['num_logged_in_users', 'severe_alerts', 'warning_alerts', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users']
- HOST_METRICS_TOPIC_ATTRIBUTES = ['timestamp', 'ip', 'num_logged_in_users', 'num_failed_login_attempts', 'num_open_connections', 'num_login_events', 'num_processes', 'num_users']
- HOST_METRICS_TOPIC_NAME = 'host_metrics'
- NETWORK_ID_FOURTH_OCTET = 253
- NETWORK_ID_THIRD_OCTET = 253
- OPENFLOW_AGG_FLOW_STATS_TOPIC_ATTRIBUTES = ['timestamp', 'datapath_id', 'total_num_packets', 'total_num_bytes', 'total_num_flows']
- OPENFLOW_AGG_FLOW_STATS_TOPIC_NAME = 'openflow_flow_agg_stats'
- OPENFLOW_FLOW_STATS_TOPIC_ATTRIBUTES = ['timestamp', 'datapath_id', 'in_port', 'out_port', 'dst_mac_address', 'num_packets', 'num_bytes', 'duration_nanoseconds', 'duration_seconds', 'hard_timeout', 'idle_timeout', 'priority', 'cookie']
- OPENFLOW_FLOW_STATS_TOPIC_NAME = 'openflow_flow_stats'
- OPENFLOW_PORT_STATS_TOPIC_ATTRIBUTES = ['timestamp', 'datapath_id', 'port', 'num_received_packets', 'num_received_bytes', 'num_received_errors', 'num_transmitted_packets', 'num_transmitted_bytes', 'num_transmitted_errors', 'num_received_dropped', 'num_transmitted_dropped', 'num_received_frame_errors', 'num_received_overrun_errors', 'num_received_crc_errors', 'num_collisions', 'duration_nanoseconds', 'duration_seconds']
- OPENFLOW_PORT_STATS_TOPIC_NAME = 'openflow_port_stats'
- OSSEC_IDS_ALERTS_LABELS = ['total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- OSSEC_IDS_LOG_TOPIC_ATTRIBUTES = ['timestamp', 'ip', 'total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_level', 'level_0_alerts', 'level_1_alerts', 'level_2_alerts', 'level_3_alerts', 'level_4_alerts', 'level_5_alerts', 'level_6_alerts', 'level_7_alerts', 'level_8_alerts', 'level_9_alerts', 'level_10_alerts', 'level_11_alerts', 'level_12_alerts', 'level_13_alerts', 'level_14_alerts', 'level_15_alerts', 'invalid_login_alerts', 'authentication_success_alerts', 'authentication_failed_alerts', 'connection_attempt_alerts', 'attacks_alerts', 'adduser_alerts', 'sshd_alerts', 'ids_alerts', 'firewall_alerts', 'squid_alerts', 'apache_alerts', 'syslog_alerts']
- OSSEC_IDS_LOG_TOPIC_NAME = 'ossec_ids_log'
- SNORT_IDS_ALERTS_LABELS = ['total_alerts', 'warning_alerts', 'severe_alerts', 'alerts_weighted_by_priority', 'priority_1_alerts', 'priority_2_alerts', 'priority_3_alerts', 'priority_4_alerts', 'attempted-admin_alerts', 'attempted-user_alerts', 'inappropriate-content_alerts', 'policy-violation_alerts', 'shellcode-detect_alerts', 'successful-admin_alerts', 'successful-user_alerts', 'trojan-activity_alerts', 'unsuccessful-user_alerts', 'web-application-attack_alerts', 'attempted-dos_alerts', 'attempted-recon_alerts', 'bad-unknown_alerts', 'default-login-attempt_alerts', 'denial-of-service_alerts', 'misc-attack_alerts', 'non-standard-protocol_alerts', 'rpc-portmap-decode_alerts', 'successful-dos_alerts', 'successful-recon-largescale_alerts', 'successful-recon-limited_alerts', 'suspicious-filename-detect_alerts', 'suspicious-login_alerts', 'system-call-detect_alerts', 'unusual-client-port-connection_alerts', 'web-application-activity_alerts', 'icmp-event_alerts', 'misc-activity_alerts', 'network-scan_alerts', 'not-suspicious_alerts', 'protocol-command-decode_alerts', 'string-detect_alerts', 'unknown_alerts', 'tcp-connection_alerts']
- SNORT_IDS_IP_LOG_ATTRIBUTES = ['timestamp', 'ip', 'alert_ip', 'attempted-admin', 'attempted-user', 'inappropriate-content', 'policy-violation', 'shellcode-detect', 'successful-admin', 'successful-user', 'trojan-activity', 'unsuccessful-user', 'web-application-attack', 'attempted-dos', 'attempted-recon', 'bad-unknown', 'default-login-attempt', 'denial-of-service', 'misc-attack', 'non-standard-protocol', 'rpc-portmap-decode', 'successful-dos', 'successful-recon-largescale', 'successful-recon-limited', 'suspicious-filename-detect', 'suspicious-login', 'system-call-detect', 'unusual-client-port-connection', 'web-application-activity', 'icmp-event', 'misc-activity', 'network-scan', 'not-suspicious', 'protocol-command-decode', 'string-detect', 'unknown', 'tcp-connection', 'priority_1', 'priority_2', 'priority_3', 'priority_4', 'alerts_weighted_by_priority', 'total_alerts', 'severe_alerts', 'warning_alerts']
- SNORT_IDS_IP_LOG_TOPIC_NAME = 'snort_ids_ip_log'
- SNORT_IDS_LOG_TOPIC_ATTRIBUTES = ['timestamp', 'ip', 'attempted-admin', 'attempted-user', 'inappropriate-content', 'policy-violation', 'shellcode-detect', 'successful-admin', 'successful-user', 'trojan-activity', 'unsuccessful-user', 'web-application-attack', 'attempted-dos', 'attempted-recon', 'bad-unknown', 'default-login-attempt', 'denial-of-service', 'misc-attack', 'non-standard-protocol', 'rpc-portmap-decode', 'successful-dos', 'successful-recon-largescale', 'successful-recon-limited', 'suspicious-filename-detect', 'suspicious-login', 'system-call-detect', 'unusual-client-port-connection', 'web-application-activity', 'icmp-event', 'misc-activity', 'network-scan', 'not-suspicious', 'protocol-command-decode', 'string-detect', 'unknown', 'tcp-connection', 'priority_1', 'priority_2', 'priority_3', 'priority_4', 'alerts_weighted_by_priority', 'total_alerts', 'severe_alerts', 'warning_alerts']
- SNORT_IDS_LOG_TOPIC_NAME = 'snort_ids_log'
- SNORT_IDS_RULE_LOG_ATTRIBUTES = ['timestamp', 'ip', 'alert_rule_id', 'num_alerts']
- SNORT_IDS_RULE_LOG_TOPIC_NAME = 'snort_ids_rule_log'
- SUFFIX = '_1'
- class csle_collector.constants.constants.LOG_FILES[source]
Bases:
objectConstants related to the log files
- CLIENT_MANAGER_LOG_DIR = '/'
- CLIENT_MANAGER_LOG_FILE = 'client_manager.log'
- CLUSTER_MANAGER_LOG_DIR = '/var/log/csle/'
- CLUSTER_MANAGER_LOG_FILE = 'cluster_manager.log'
- DEFAULT_LOG_FILE_PATHS = ['/*.log', '/var/log/*.log', '/var/log/*/*.log', '/var/log/*/*/*.log']
- DOCKER_STATS_MANAGER_LOG_DIR = '/var/log/csle/'
- DOCKER_STATS_MANAGER_LOG_FILE = 'docker_stats_manager.log'
- ELK_MANAGER_LOG_DIR = '/'
- ELK_MANAGER_LOG_FILE = 'elk_manager.log'
- HOST_MANAGER_LOG_DIR = '/'
- HOST_MANAGER_LOG_FILE = 'host_manager.log'
- KAFKA_LOG_FILE = '/usr/local/kafka/logs/server.log'
- KAFKA_MANAGER_LOG_DIR = '/'
- KAFKA_MANAGER_LOG_FILE = 'kafka_manager.log'
- MINBFT_CLIENT_MANAGER_LOG_DIR = '/'
- MINBFT_CLIENT_MANAGER_LOG_FILE = 'minbft_manager.log'
- MINBFT_MANAGER_LOG_DIR = '/'
- MINBFT_MANAGER_LOG_FILE = 'minbft_manager.log'
- OSSEC_IDS_MANAGER_LOG_DIR = '/'
- OSSEC_IDS_MANAGER_LOG_FILE = 'ossec_ids_manager.log'
- RYU_MANAGER_LOG_DIR = '/'
- RYU_MANAGER_LOG_FILE = 'ryu_manager.log'
- SNORT_IDS_MANAGER_LOG_DIR = '/'
- SNORT_IDS_MANAGER_LOG_FILE = 'snort_ids_manager.log'
- TRAFFIC_MANAGER_LOG_DIR = '/'
- TRAFFIC_MANAGER_LOG_FILE = 'traffic_manager.log'
- class csle_collector.constants.constants.MANAGER_PORTS[source]
Bases:
objectConstants related to the ports of managers
- CLIENT_MANAGER_DEFAULT_PORT = 50044
- DOCKER_STATS_MANAGER_DEFAULT_PORT = 50046
- ELK_MANAGER_DEFAULT_PORT = 50045
- HOST_MANAGER_DEFAULT_PORT = 50049
- KAFKA_MANAGER_DEFAULT_PORT = 50051
- OSSEC_IDS_MANAGER_DEFAULT_PORT = 50047
- SDN_CONTROLLER_MANAGER_DEFAULT_PORT = 50042
- SNORT_IDS_MANAGER_DEFAULT_PORT = 50048
- TRAFFIC_MANAGER_DEFAULT_PORT = 50043
- class csle_collector.constants.constants.METRICBEAT[source]
Bases:
objectConstants related to Metricbeat
- CONFIG_DIR = '/etc/metricbeat/'
- CONFIG_FILE = '/etc/metricbeat/metricbeat.yml'
- CORE_METRICS_PROPERTY = 'core.metrics'
- CPU_METRIC = 'cpu'
- CPU_METRICS_PROPERTY = 'cpu.metrics'
- ELASTICSEARCH_MODULE = 'elasticsearch'
- ELASTICSEARCH_MODULE_CONFIG_FILE = 'elasticsearch.yml'
- ENABLE_MODULE_CMD = 'metricbeat modules enable {}'
- KAFKA_MODULE = 'kafka'
- KAFKA_MODULE_CONFIG_FILE = 'kafka.yml'
- KIBANA_MODULE = 'kibana'
- KIBANA_MODULE_CONFIG_FILE = 'kibana.yml'
- LINUX_MODULE = 'linux'
- LINUX_MODULE_CONFIG_FILE = 'linux.yml'
- LOAD_METRIC = 'load'
- LOGSTASH_MODULE = 'logstash'
- LOGSTASH_MODULE_CONFIG_FILE = 'logstash.yml'
- MEMORY_METRIC = 'memory'
- METRICBEAT_START = 'sudo service metricbeat start'
- METRICBEAT_STATUS = 'sudo service metricbeat status'
- METRICBEAT_STOP = 'sudo service metricbeat stop'
- MODULES_CONFIG_DIR = '/etc/metricbeat/modules.d/'
- MODULES_PROPERTY = 'metricbeat.config.modules'
- NETWORK_METRIC = 'network'
- NORMALIZED_PERCENTAGES_PROPERTY = 'normalized_percentages'
- PAGEINFO_METRIC = 'pageinfo'
- PERCENTAGES_PROPERTY = 'percentages'
- PROCESSES_PROPERTY = 'processes'
- PROCESS_METRIC = 'process'
- PROCESS_SUMMARY_METRIC = 'process_summary'
- SETUP_CMD = 'metricbeat setup -e'
- SNORT_MODULE_CONFIG_FILE = 'snort.yml'
- SOCKET_SUMMARY_METRIC = 'socket_summary'
- SUMMARY_METRIC = 'memory'
- SYSTEM_MODULE = 'system'
- SYSTEM_MODULE_CONFIG_FILE = 'system.yml'
- class csle_collector.constants.constants.OSSEC[source]
Bases:
objectConstants related to the OSSEC HIDS
- ALERTLINE_REGEX = re.compile('\\*\\* Alert (\\d+.\\d+)*: - (\\w+.+)')
- CHECK_IF_OSSEC_IS_RUNNING_CMD = 'service ossec status'
- DATELINEREGEX = re.compile('\\d+ \\w+ \\d+ \\d+:\\d+:\\d+')
- HOSTLINE_REGEX = re.compile('\\d+ \\w+ \\d+ \\d+:\\d+:\\d+ \\((\\w+.+)\\) (\\d+.\\d+.\\d+.\\d+)')
- MAX_ALERTS = 10000
- OSSEC_ALERTS_FILE = '/var/ossec/alerts/alerts.log'
- OSSEC_ALERT_RULE_ID_TO_DESCR = {0: 'Ignored - No action taken. Used to avoid false positives. These rules are scanned before all the others. They include events with no security relevance.', 1: 'None', 2: 'System low priority notification - System notification or status messages. They have no security relevance.', 3: 'Successful/Authorized events - They include successful login attempts, firewall allow events, etc.', 4: 'System low priority error - Errors related to bad configurations or unused devices/applications. They have no security relevance and are usually caused by default installations or software testing.', 5: 'User generated error - They include missed passwords, denied actions, etc. By itself they have no security relevance.', 6: 'Low relevance attack - They indicate a worm or a virus that have no affect to the system (like code red for apache servers, etc). They also include frequently IDS events and frequently errors.', 7: "'Bad word' matching. They include words like 'bad', 'error', etc. These events are most of the time unclassified and may have some security relevance.", 8: 'First time seen - Include first time seen events. First time an IDS event is fired or the first time an user logged in. If you just started using OSSEC HIDS these messages will probably be frequently. After a while they should go away, It also includes security relevant actions (like the starting of a sniffer or something like that).', 9: 'Error from invalid source - Include attempts to login as an unknown user or from an invalid source. May have security relevance (specially if repeated). They also include errors regarding the “admin” (root) account.', 10: 'Multiple user generated errors - They include multiple bad passwords, multiple failed logins, etc. They may indicate an attack or may just be that a user just forgot his credentials.', 11: 'Integrity checking warning - They include messages regarding the modification of binaries or the presence of rootkits (by rootcheck). If you just modified your system configuration you should be fine regarding the “syscheck” messages. They may indicate a successful attack. Also included IDS events that will be ignored (high number of repetitions).', 12: 'High importancy event - They include error or warning messages from the system, kernel, etc. They may indicate an attack against a specific application.', 13: 'Unusual error (high importance) - Most of the times it matches a common attack pattern.', 14: 'High importance security event. Most of the times done with correlation and it indicates an attack.', 15: 'Severe attack - No chances of false positives. Immediate attention is necessary.'}
- OSSEC_IDS_ALERT_GROUP_ID = {'adduser': 5, 'apache': 10, 'attacks': 4, 'authentication_failed': 2, 'authentication_success': 1, 'connection_attempt': 3, 'firewall': 8, 'ids': 7, 'invalid_login': 0, 'squid': 9, 'sshd': 6, 'syslog': 11}
- OSSEC_LOG_FILE = '/var/ossec/logs/ossec.log'
- OSSEC_RUNNING_SEARCH = 'ossec-execd is running'
- OSSEC_SEVERE_ALERT_LEVEL_THRESHOLD = 10
- RULELINE_REGEX = re.compile("Rule: (\\d+)* \\(level (\\d+)\\) -> '(\\w+.+)'")
- SERVHOSTLINE_REGEX = re.compile('\\d+ \\w+ \\d+ \\d+:\\d+:\\d+ (\\w+)')
- SRCIPLINE_REGEX = re.compile('Src IP: (\\d+.\\d+.\\d+.\\d+)')
- START_OSSEC_IDS = '/var/ossec/bin/ossec-control start'
- STOP_OSSEC_IDS = '/var/ossec/bin/ossec-control stop'
- TAIL_ALERTS_COMMAND = 'sudo tail -10000'
- USERLINE_REGEX = re.compile('User: (\\w+)')
- class csle_collector.constants.constants.PACKETBEAT[source]
Bases:
objectConstants related to Packetbeat
- AF_PACKET_PROPERTY = 'af_packet'
- AMQP_PORTS = [5672]
- AMQP_PROTOCOL = 'amqp'
- ANY_DEVICE_PROPERTY = 'any'
- CASSANDRA_PORTS = [9042]
- CASSANDRA_PROTOCOL = 'cassandra'
- CONFIG_DIR = '/etc/packetbeat/'
- CONFIG_FILE = '/etc/packetbeat/packetbeat.yml'
- DHCPV4_PORTS = [67, 68]
- DHCPV4_PROTOCOL = 'dhcpv4'
- DNS_PORTS = [53]
- DNS_PROTOCOL = 'dns'
- FILEBEAT_GROUP_ID = 'packetbeat'
- FLOWS = 'packetbeat.flows'
- HTTP_PORTS = [80, 8080, 8000, 5000, 8002]
- HTTP_PROTOCOL = 'http'
- ICMP_PROTOCOL = 'icmp'
- INTERFACES_DEVICE_PROPERTY = 'packetbeat.interfaces.device'
- INTERFACES_TYPE_PROPERTY = 'packetbeat.interfaces.type'
- MEMCACHE_PORTS = [11211]
- MEMCACHE_PROTOCOL = 'memcache'
- MONGODB_PORTS = [27017]
- MONGODB_PROTOCOL = 'mongodb'
- MYSQL_PORTS = [3306, 3307]
- MYSQL_PROTOCOL = 'mysql'
- NFS_PORTS = [2049]
- NFS_PROTOCOL = 'nfs'
- PACKETBEAT_START = 'sudo service packetbeat start'
- PACKETBEAT_STATUS = 'sudo service packetbeat status'
- PACKETBEAT_STOP = 'sudo service packetbeat stop'
- PGSQL_PORTS = [5432]
- PGSQL_PROTOCOL = 'pgsql'
- PORTS_PROPERTY = 'ports'
- PROTOCOLS = 'packetbeat.protocols'
- REDIS_PORTS = [6379]
- REDIS_PROTOCOL = 'redis'
- SETUP_CMD = 'packetbeat setup -e'
- SIP_PORTS = [9243]
- SIP_PROTOCOL = 'sip'
- THRIFT_PORTS = [9090]
- THRIFT_PROTOCOL = 'thrift'
- TIMEOUT_PROPERTY = 'timeout'
- TLS_PORTS = [443, 993, 995, 5223, 8443, 8883, 9243]
- TLS_PROTOCOL = 'tls'
- class csle_collector.constants.constants.RYU[source]
Bases:
objectString constants for managing Ryu
- CHECK_IF_RYU_CONTROLLER_IS_RUNNING = 'ps -aux | grep ryu_controller.py'
- KAFKA_CONF = 'kafka_conf'
- PRODUCER_RUNNING = 'producer_running'
- REQUEST_TIMEOUT_S = 5
- RYU_CONTROLLER_FILENAME = 'ryu_controller.py'
- SEARCH_CONTROLLER = '/root/miniconda3/bin/python3 /ryu_controller.py'
- START_PRODUCER_HTTP_RESOURCE = '/cslenorthboundapi/producer/start'
- START_RYU_CONTROLLER = 'sudo nohup /root/miniconda3/bin/python3 /ryu_controller.py --port {} --webport {} --controller {} &'
- STATUS_PRODUCER_HTTP_RESOURCE = '/cslenorthboundapi/producer/status'
- STOP_PRODUCER_HTTP_RESOURCE = '/cslenorthboundapi/producer/stop'
- STOP_RYU_CONTROLLER = 'sudo pkill -f ryu_controller.py'
- STOP_RYU_CONTROLLER_MANAGER = 'sudo pkill -f ryu-manager'
- TIME_STEP_LEN_SECONDS = 'time_step_len_seconds'
- class csle_collector.constants.constants.SNORT_IDS_ROUTER[source]
Bases:
objectConstants related to the Snort IDS
- CHECK_IF_SNORT_IS_RUNNING_CMD = 'ps -aux | grep snort.conf'
- CLASSIFICATION_REGEX = re.compile('(?<=Classification: )(.*?)(?=])')
- GREP_SNORT_CONF = 'grep snort.conf'
- IPS_REGEX = re.compile('\\d{1,3}.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} -> \\d{1,3}.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}')
- MAX_ALERTS = 10000
- PRIORITY_REGEX = re.compile('Priority: \\d')
- PS_AUX_CMD = 'ps -aux'
- RULE_ID_REGEX = re.compile('\\[\\d{1,3}\\:\\d{1,3}')
- SEARCH_SNORT_RUNNING = '/etc/snort/snort.conf'
- SNORT_ALERTS_FILE = '/var/snort/alert.csv'
- SNORT_ALERT_IDS_ID = {'A Network Trojan was detected': 26, 'A TCP connection was detected': 0, 'A client was using an unusual port': 9, 'A suspicious filename was detected': 12, 'A suspicious string was detected': 2, 'A system call was detected': 10, 'Access to a potentially vulnerable web application': 8, 'An attempted login using a suspicious username was detected': 11, 'Attempt to login by a default username and password': 20, 'Attempted Administrator Privilege Gain': 33, 'Attempted Denial of Service': 23, 'Attempted Information Leak': 22, 'Attempted User Privilege Gain': 32, 'Decode of an RPC Query': 16, 'Denial of Service': 15, 'Detection of a Denial of Service Attack': 19, 'Detection of a Network Scan': 5, 'Detection of a non-standard protocol or event': 17, 'Executable code was detected': 29, 'Generic ICMP event': 7, 'Generic Protocol Command Decode': 3, 'Inappropriate Content was Detected': 31, 'Information Leak': 13, 'Large Scale Information Leak': 14, 'Misc Attack': 18, 'Misc activity': 6, 'Not Suspicious Traffic': 4, 'Potential Corporate Privacy Violation': 30, 'Potentially Bad Traffic': 21, 'Successful Administrator Privilege Gain': 28, 'Successful User Privilege Gain': 27, 'Unknown Traffic': 1, 'Unsuccessful User Privilege Gain': 25, 'Web Application Attack': 24, 'attempted-admin': 33, 'attempted-dos': 23, 'attempted-recon': 22, 'attempted-user': 32, 'bad-unknown': 21, 'default-login-attempt': 20, 'denial-of-service': 19, 'icmp-event': 7, 'inappropriate-content': 31, 'misc-activity': 6, 'misc-attack': 18, 'network-scan': 5, 'non-standard-protocol': 17, 'not-suspicious': 4, 'policy-violation': 30, 'protocol-command-decode': 3, 'rpc-portmap-decode': 16, 'shellcode-detect': 29, 'string-detect': 2, 'successful-admin': 28, 'successful-dos': 15, 'successful-recon-largescale': 14, 'successful-recon-limited': 13, 'successful-user': 27, 'suspicious-filename-detect': 12, 'suspicious-login': 11, 'system-call-detect': 10, 'tcp-connection': 0, 'trojan-activity': 26, 'unknown': 1, 'unsuccessful-user': 25, 'unusual-client-port-connection': 9, 'web-application-activity': 8, 'web-application-attack': 24}
- SNORT_FAST_LOG_FILE = '/var/snort/fast.log'
- SNORT_LOG_DIR_PERMISSION_CMD = 'sudo chmod -R 777 /var/snort'
- SNORT_SEVERE_ALERT_PRIORITY_THRESHOLD = 2
- SNORT_STATS_FILE = '/var/snort/snort.stats'
- START_SNORT_IDS = 'sudo snort -D -q -c /etc/snort/snort.conf -i {}:{} -l /var/snort/ -h {} -Q -I --create-pidfile'
- STOP_SNORT_IDS = 'kill -9 $(pgrep snort)'
- TAIL_ALERTS_COMMAND = 'sudo tail -10000'
- TAIL_ALERTS_LATEST_COMMAND = 'sudo tail -1'
- TAIL_FAST_LOG_COMMAND = 'sudo tail -10000'
- UPDATE_RULESET = '/pulledpork/pulledpork.pl -c /pulledpork/etc/pulledpork.conf -l -P -E -H SIGHUP'
- class csle_collector.constants.constants.SPARK[source]
Bases:
objectConstants related to Spark
- SPARK_MASTER_PID_FILE = '/tmp/spark--org.apache.spark.deploy.master.Master-1.pid'
- SPARK_WORKER_PID_FILE = '/tmp/spark--org.apache.spark.deploy.worker.Worker-1.pid'
- START_SPARK_MASTER = '/spark-3.3.3-bin-hadoop3/sbin/start-master.sh'
- START_SPARK_WORKER = '/spark-3.3.3-bin-hadoop3/sbin/start-worker.sh spark://15.13.1.161:7077 -m 2G -c 1'
- STOP_SPARK_MASTER = 'sudo kill -9 {}'
- STOP_SPARK_WORKER = 'sudo kill -9 {}'
- class csle_collector.constants.constants.SYSTEM[source]
Bases:
objectConstants related to system
- AUTH_LOG = '/var/log/auth.log'
- SYSLOG = '/var/log/syslog'
- class csle_collector.constants.constants.TRAFFIC_GENERATOR[source]
Bases:
objectConstants related to the traffic generator
- CHECK_IF_TRAFFIC_GENERATOR_IS_RUNNING = 'ps -aux | grep traffic_generator'
- CREATE_TRAFFIC_GENERATOR_FILE = 'sudo touch /traffic_generator.sh'
- MAKE_TRAFFIC_GENERATOR_FILE_EXECUTABLE = 'sudo chmod 777 /traffic_generator.sh'
- REMOVE_OLD_TRAFFIC_GENERATOR_FILE = 'sudo rm -f /traffic_generator.sh'
- START_TRAFFIC_GENERATOR_CMD = 'sudo nohup /traffic_generator.sh &'
- STOP_TRAFFIC_GENERATOR = 'sudo pkill -f traffic_generator.sh'
- TRAFFIC_GENERATOR_FILE_NAME = 'traffic_generator.sh'