From 6a616217bef9289c8cdbb6a9fa967dbfe87b5951 Mon Sep 17 00:00:00 2001 From: weliasz <77732905+weliasz@users.noreply.github.com> Date: Tue, 20 Apr 2021 08:54:31 +0200 Subject: [PATCH 1/6] ADDON-35662 - fix failing build (#58) * exclude mibs * cganged path * changed path * changed path2 * changed path3 --- .github/workflows/exclude-patterns.txt | 2 ++ .github/workflows/review-secrets.yml | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/exclude-patterns.txt diff --git a/.github/workflows/exclude-patterns.txt b/.github/workflows/exclude-patterns.txt new file mode 100644 index 00000000..2be5bb27 --- /dev/null +++ b/.github/workflows/exclude-patterns.txt @@ -0,0 +1,2 @@ +mibs/.*\.py +poetry.lock \ No newline at end of file diff --git a/.github/workflows/review-secrets.yml b/.github/workflows/review-secrets.yml index bc0c84cb..25a35848 100644 --- a/.github/workflows/review-secrets.yml +++ b/.github/workflows/review-secrets.yml @@ -9,4 +9,5 @@ jobs: uses: actions/checkout@v1 - name: Trufflehog Actions Scan uses: edplato/trufflehog-actions-scan@v0.9f-beta - + with: + scanArguments: "-x /github/workspace/.github/workflows/exclude-patterns.txt" From 86badb235d4325ad1a582fb57f5a461cff9fac45 Mon Sep 17 00:00:00 2001 From: weliasz <77732905+weliasz@users.noreply.github.com> Date: Thu, 22 Apr 2021 11:02:54 +0200 Subject: [PATCH 2/6] fix: timestamp (#62) --- splunk_connect_for_snmp_traps/manager/hec_sender.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/splunk_connect_for_snmp_traps/manager/hec_sender.py b/splunk_connect_for_snmp_traps/manager/hec_sender.py index 3e913961..32fe2273 100644 --- a/splunk_connect_for_snmp_traps/manager/hec_sender.py +++ b/splunk_connect_for_snmp_traps/manager/hec_sender.py @@ -2,6 +2,7 @@ import logging import os import threading +import time import requests @@ -33,6 +34,7 @@ def get_session(self): def post_data_to_thread_pool(self, host, variables_binds): data = { + "time": time.time(), "sourcetype": "sc4snmp:traps", "host": host, "index": self._args.index, From 4c83b3389993c4a414d7b1ab1d7f25c5accaeb39 Mon Sep 17 00:00:00 2001 From: weliasz <77732905+weliasz@users.noreply.github.com> Date: Tue, 20 Apr 2021 08:54:31 +0200 Subject: [PATCH 3/6] ADDON-35662 - fix failing build (#58) * exclude mibs * cganged path * changed path * changed path2 * changed path3 --- .github/workflows/exclude-patterns.txt | 2 ++ .github/workflows/review-secrets.yml | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/exclude-patterns.txt diff --git a/.github/workflows/exclude-patterns.txt b/.github/workflows/exclude-patterns.txt new file mode 100644 index 00000000..2be5bb27 --- /dev/null +++ b/.github/workflows/exclude-patterns.txt @@ -0,0 +1,2 @@ +mibs/.*\.py +poetry.lock \ No newline at end of file diff --git a/.github/workflows/review-secrets.yml b/.github/workflows/review-secrets.yml index bc0c84cb..25a35848 100644 --- a/.github/workflows/review-secrets.yml +++ b/.github/workflows/review-secrets.yml @@ -9,4 +9,5 @@ jobs: uses: actions/checkout@v1 - name: Trufflehog Actions Scan uses: edplato/trufflehog-actions-scan@v0.9f-beta - + with: + scanArguments: "-x /github/workspace/.github/workflows/exclude-patterns.txt" From 273648d9b2133c9b9d1050025333ac9f6becd437 Mon Sep 17 00:00:00 2001 From: weliasz <77732905+weliasz@users.noreply.github.com> Date: Thu, 22 Apr 2021 11:02:54 +0200 Subject: [PATCH 4/6] fix: timestamp (#62) --- splunk_connect_for_snmp_traps/manager/hec_sender.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/splunk_connect_for_snmp_traps/manager/hec_sender.py b/splunk_connect_for_snmp_traps/manager/hec_sender.py index 2becdcca..ca50b0d3 100644 --- a/splunk_connect_for_snmp_traps/manager/hec_sender.py +++ b/splunk_connect_for_snmp_traps/manager/hec_sender.py @@ -2,6 +2,7 @@ import logging import os import threading +import time import requests @@ -33,6 +34,7 @@ def get_session(self): def post_data_to_thread_pool(self, host, variables_binds): data = { + "time": time.time(), "sourcetype": "sc4snmp:traps", "host": host, "index": self._server_config["splunk"]["index"], From 4c5a841e0860224d5c8b947ddcced51f29277546 Mon Sep 17 00:00:00 2001 From: lstoppa <77723162+lstoppa@users.noreply.github.com> Date: Fri, 14 May 2021 14:36:40 +0200 Subject: [PATCH 5/6] fix: call str() or prettyPrint() before sending data to MIB-server (#72) --- .../manager/mib_server_client.py | 9 +++++--- splunk_connect_for_snmp_traps/utilities.py | 21 +++++++++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/splunk_connect_for_snmp_traps/manager/mib_server_client.py b/splunk_connect_for_snmp_traps/manager/mib_server_client.py index 7055f4c0..0b332250 100644 --- a/splunk_connect_for_snmp_traps/manager/mib_server_client.py +++ b/splunk_connect_for_snmp_traps/manager/mib_server_client.py @@ -1,10 +1,13 @@ -import logging import json -import requests +import logging import os + +import requests from requests.adapters import HTTPAdapter from requests.packages.urllib3.util.retry import Retry +from splunk_connect_for_snmp_traps.utilities import format_value_for_mib_server + logger = logging.getLogger(__name__) @@ -22,7 +25,7 @@ def get_translation(var_binds, mib_server_url): var_bind = { "oid": str(name), "oid_type": name.__class__.__name__, - "val": str(val), + "val": format_value_for_mib_server(val), "val_type": val.__class__.__name__, } var_binds_list.append(var_bind) diff --git a/splunk_connect_for_snmp_traps/utilities.py b/splunk_connect_for_snmp_traps/utilities.py index 608f628f..33ab01ab 100644 --- a/splunk_connect_for_snmp_traps/utilities.py +++ b/splunk_connect_for_snmp_traps/utilities.py @@ -29,3 +29,24 @@ def initialize_signals_handler(): ) for one_signal in signals_to_catch: signal.signal(one_signal, default_signal_handler) + + +# 1.3.6.1.2.1.2.2.1.4.1|Integer|16436|16436|True +# 1.3.6.1.2.1.1.6.0|DisplayString|San Francisco, California, United States|San Francisco, California, United States|True +# 1.3.6.1.2.1.2.2.1.6.2|OctetString|ybù@|0x00127962f940|False +# 1.3.6.1.2.1.1.9.1.2.7|ObjectIdentity|1.3.6.1.2.1.50|SNMPv2-SMI::mib-2.50|False +# 1.3.6.1.2.1.6.13.1.4.195.218.254.105.51684.194.67.10.226.22|IpAddress|ÂCâ|194.67.10.226|False +# 1.3.6.1.2.1.25.3.2.1.6.1025|Counter32|0|0|True +# 1.3.6.1.2.1.31.1.1.1.15.2|Gauge32|100|100|True +# 1.3.6.1.2.1.1.3.0|TimeTicks|148271768|148271768|True +# 1.3.6.1.4.1.2021.10.1.6.1|Opaque|Ÿx>ë…|0x9f78043eeb851f|False +# 1.3.6.1.2.1.31.1.1.1.10.1|Counter64|453477588|453477588|True +# +# As you can see, for most types str(value) == value.prettyPrint(), however: +# - for Opaque, IpAddress, and OctetString we need to use prettyPrint(), otherwise the data is rubbish +# - any other type should use str() before sending data to MIB-server +def format_value_for_mib_server(value, value_type): + if value_type in ("OctetString", "IpAddress", "Opaque"): + return value.prettyPrint() + else: + return str(value) From 54a4a70b350536d15d7e8cd9b7282821f75d030e Mon Sep 17 00:00:00 2001 From: Yuan Ling <32370701+lingy1028@users.noreply.github.com> Date: Wed, 19 May 2021 04:43:06 -0400 Subject: [PATCH 6/6] fix: moved indexes from config yaml to args (#73) * fix: fixed bug in passing aargs to format_value_for_mib_server() * fix: move index from cconfig yaml to args --- splunk_connect_for_snmp_traps/manager/hec_sender.py | 3 ++- splunk_connect_for_snmp_traps/manager/mib_server_client.py | 2 +- splunk_connect_for_snmp_traps/snmp_trap_server.py | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/splunk_connect_for_snmp_traps/manager/hec_sender.py b/splunk_connect_for_snmp_traps/manager/hec_sender.py index ca50b0d3..76660b54 100644 --- a/splunk_connect_for_snmp_traps/manager/hec_sender.py +++ b/splunk_connect_for_snmp_traps/manager/hec_sender.py @@ -25,6 +25,7 @@ def configure_thread_pool(self): user_suggested_working_threads = self._args.hec_threads max_workers = max_allowed_working_threads(user_suggested_working_threads) logger.debug(f"Configured a thread-pool with {max_workers} concurrent threads") + logger.debug(f"Configured Splunk index for SNMP traps: {self._args.index}") return concurrent.futures.ThreadPoolExecutor(max_workers=max_workers) def get_session(self): @@ -37,7 +38,7 @@ def post_data_to_thread_pool(self, host, variables_binds): "time": time.time(), "sourcetype": "sc4snmp:traps", "host": host, - "index": self._server_config["splunk"]["index"], + "index": self._args.index, "event": variables_binds, } diff --git a/splunk_connect_for_snmp_traps/manager/mib_server_client.py b/splunk_connect_for_snmp_traps/manager/mib_server_client.py index 0b332250..3d01455c 100644 --- a/splunk_connect_for_snmp_traps/manager/mib_server_client.py +++ b/splunk_connect_for_snmp_traps/manager/mib_server_client.py @@ -25,7 +25,7 @@ def get_translation(var_binds, mib_server_url): var_bind = { "oid": str(name), "oid_type": name.__class__.__name__, - "val": format_value_for_mib_server(val), + "val": format_value_for_mib_server(val, val.__class__.__name__), "val_type": val.__class__.__name__, } var_binds_list.append(var_bind) diff --git a/splunk_connect_for_snmp_traps/snmp_trap_server.py b/splunk_connect_for_snmp_traps/snmp_trap_server.py index 2b68ad4b..12ca27f0 100644 --- a/splunk_connect_for_snmp_traps/snmp_trap_server.py +++ b/splunk_connect_for_snmp_traps/snmp_trap_server.py @@ -32,6 +32,10 @@ def main(): ) parser.add_argument("-c", "--config", default="config.yaml", help="Config File") + parser.add_argument( + "-i", "--index", default="##EVENTS_INDEX##", help="Index for traps" + ) + args = parser.parse_args() log_level = args.loglevel.upper()