Move output to logging module

8dbf0e02 · Franco (nextime) Lanza · f2d0cc15 · 8dbf0e02
Commit 8dbf0e02 authored Apr 24, 2021 by Franco (nextime) Lanza
Hide whitespace changes
Inline Side-by-side

Showing with 67 additions and 22 deletions

dpi dpi +67 -22

No files found.
--- a/dpi
+++ b/dpi
@@ -6,6 +6,16 @@ from nfstream import NFStreamer
 import time
 import sys, signal
 import json
+import logging
+
+
+logging.basicConfig(filename="/tmp/dpi.log",
+                    filemode='a',
+                    format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
+                    datefmt='%Y-%m-%d %H:%M:%S',
+                    level=logging.DEBUG)
+
+log=logging.getLogger("NexDPI")

 deftimeout="3600"

@@ -78,9 +88,9 @@ def reloadconf(signum, frame):
      fconf.close()
      Cats = R['Cats']
      Apps = R['Apps']
-      print("Rules file reloaded")
+      log.info("Rules file reloaded")
   except:
-      print("Error loading rules file.")
+      log.error("Error loading rules file.")



@@ -91,23 +101,60 @@ Apps = R['Apps']

 UnknownMatch=[]

+
+"""
+NFlow(id=5,
+      expiration_id=0, 
+      src_ip=192.168.42.140,
+      src_mac=ee:9a:15:8d:4c:2e,
+      src_oui=ee:9a:15,
+      src_port=37860,  
+      dst_ip=102.132.99.1,
+      dst_mac=40:62:31:05:c8:56,
+      dst_oui=40:62:31,
+      dst_port=443,
+      protocol=6,
+      ip_version=4,
+      vlan_id=0,
+      bidirectional_first_seen_ms=1619278659528,
+      bidirectional_last_seen_ms=1619278660194,
+      bidirectional_duration_ms=666,
+      bidirectional_packets=25,
+      bidirectional_bytes=10856,
+      src2dst_first_seen_ms=1619278659528,
+      src2dst_last_seen_ms=1619278660194,
+      src2dst_duration_ms=666,
+      src2dst_packets=14,
+      src2dst_bytes=2930,
+      dst2src_first_seen_ms=1619278659532,
+      dst2src_last_seen_ms=1619278660193,
+      dst2src_duration_ms=661,
+      dst2src_packets=11,
+      dst2src_bytes=7926,
+      splt_direction=[0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1],
+      splt_ps=[74, 74, 66, 583, 66, 3309, 66, 66, 66, 130, 66, 243, 721, 66, 66, 1300, 66, 420, 66, 1297],
+      splt_piat_ms=[0, 4, 1, 11, 2, 1, 1, 0, 0, 22, 2, 0, 1, 2, 37, 126, 1, 1, 3, 167],
+      application_name=TLS.Facebook,
+      application_category_name=SocialNetwork,
+      application_is_guessed=0,
+      requested_server_name=graph.facebook.com,
+      client_fingerprint=9b02ebd3a43b62d825e1ac605b621dc8,
+      server_fingerprint=,
+      user_agent=,
+      content_type=)   
+"""
+
+
 class NexDPI():

   fullname=False
   isknown=False

-   def __init__(self):
-      print(time.asctime(), "NexDPI created")
-      

   def main(self):
-      print(time.asctime(), "NexDPI started")
+      log.info("NexDPI started")
      for flow in online_streamer:

-         if self.fullname and not self.fullname in UnknownMatch and not self.isknown:
-            print(self.fullname)
-            UnknownMatch.append(self.fullname)
-
         self.isknown = False
         self.fullname=flow.application_name+" "+flow.application_category_name
         triplet=str(flow.dst_ip)+","+str(flow.dst_port)+","+str(flow.src_ip)
@@ -116,18 +163,21 @@ class NexDPI():
         sername = aname.split(".")[-1:][0]
         ipv=flow.ip_version

+         log.info("RECEIVED: "+cname+" "+aname+" "+sername)
+
         if cname in list(Cats.keys()):
            if ipv==6:
               ipset_list = Cats[cname]['ipset']+"6"
            else:
               ipset_list = Cats[cname]['ipset']
+            log.info("CHECKCATEGORY: "+str(tuple(Cats[cname]['nostart'])))
            if not aname.startswith(tuple(Cats[cname]['nostart'])) and not sername in list(Cats[cname]['noapps']):
               sh("ipset test "+ipset_list+" "+triplet+" >/dev/null 2>&1 || ipset add "+ipset_list+" "+triplet+" timeout "+Cats[cname]['timeout']+" > /dev/null 2>&1")
+               log.info("ADD: "+ipset_list+" "+triplet+" "+self.fullname)
               if sername in list(Cats[cname]['knownapps']):
                  self.isknown = True
-               continue
-         
-         if sername in list(Apps.keys()):
+
+         elif sername in list(Apps.keys()):
            appd=Apps[sername]
            if ipv==6:
               ipset_list = appd['ipset']+"6"
@@ -135,24 +185,19 @@ class NexDPI():
               ipset_list = appd['ipset']
            if not aname.startswith(tuple(appd['nostart'])):
               sh("ipset test "+ipset_list+" "+triplet+" >/dev/null 2>&1 || ipset add "+ipset_list+" "+triplet+" timeout "+appd['timeout']+" > /dev/null 2>&1")
+               log.info("ADD: "+ipset_list+" "+triplet+" "+self.fullname)
               if aname.startswith(tuple(appd['knowstarts'])):
                  self.isknown = True
-               continue
-

-         #print(flow.application_is_guessed)
-         #print(flow.src_ip)
-         #print(flow.src_port)
-         #print(flow.dst_ip)
-         #print(flow.dst_port)
-         #print(flow.requested_server_name)
+         if self.fullname and not self.fullname in UnknownMatch and not self.isknown:
+            log.warning("UNKNOWN: "+self.fullname)
+            UnknownMatch.append(self.fullname)

         #time.sleep(0.1)



 if __name__ == "__main__":
-   import sys
   ndpi=NexDPI()
   ndpi.main()