hillar/nos.js

## nos.js
/*

NOS === Newly Observed Sessions

depends on https://github.com/simme/node-http-digest-client

*/

'use strict'

const wiseSource = require('./wiseSource.js')
const util = require('util')
const http = require('http')

const SELFNAME = 'NOS'

function DummySource (api, section) {
    DummySource.super_.call(this, api, section)
    if (!api.getConfigSection(section)) {
      console.log(this.section, `- WARNING not loading since no section \x1b[41m ${this.section} \x1b[0m specified in config file`)
      return
    }
    const CONFIG = ["moloHost","moloPort","moloUser","moloPass","tagPrefix","hours"]
    for (const item of CONFIG) {
      this[item] = api.getConfig(section, item)
      if (this[item] === undefined) {
        console.log(this.section, `- ERROR not loading since no \x1b[41m ${item} \x1b[0m specified in config file`)
        return
      }
    }
    this.digest = require('./http-digest-client')(this.moloUser, this.moloPass)
    api.addSource(SELFNAME, this)
    this.tagsField = this.api.addField("field:tags");
    console.log(this.section,this.moloHost,this.moloPort,this.moloUser,this.hours)
}

util.inherits(DummySource, wiseSource)

DummySource.prototype.getTuple = function(tuple, cb) {
  var bites = tuple.split(";");
  var src = bites[2];
  var dst = bites[4];
  if (src.startsWith('0.0') && dst.startsWith('0.0')) {
    // wait for wise_lookup_tuple supports ipV6
    return cb(null, wiseSource.emptyResult)
  } else {
    this.digest.request({
       host: this.moloHost,
       path: `/unique.txt?expression=ip%3D%3D${src}%26%26ip%3D%3D${dst}&date=${this.hours}&counts=0&exp=mac.src`,
       port: this.moloPort,
       method: 'GET',
       headers: { "User-Agent": "wise" }
     }, (res) => {
       var d = []
       res.on('data', (data) => {
         d += data
       });
       res.on('end', () => {
         const result = d.toString().trim().split('\n').filter((obj) => obj )
         if (result.length === 0) {
           const newresult = {num: args.length/2 , buffer: Buffer.concat([wiseSource.encode.apply(null, [this.tagsField, this.tagPrefix+'_'+this.hours])])}
           return cb(null, newresult)
         } else {
           return cb(null, wiseSource.emptyResult)
         }
       })
       res.on('error', (err) => {
         console.error(err)
         return cb(null, wiseSource.emptyResult);
       })
     })
  }
}

exports.initSource = function(api) {
  const source = new DummySource(api, SELFNAME)
}
	/*

	NOS === Newly Observed Sessions

	depends on https://github.com/simme/node-http-digest-client

	*/

	'use strict'

	const wiseSource = require('./wiseSource.js')
	const util = require('util')
	const http = require('http')

	const SELFNAME = 'NOS'

	function DummySource (api, section) {
	DummySource.super_.call(this, api, section)
	if (!api.getConfigSection(section)) {
	console.log(this.section, `- WARNING not loading since no section \x1b[41m ${this.section} \x1b[0m specified in config file`)
	return
	}
	const CONFIG = ["moloHost","moloPort","moloUser","moloPass","tagPrefix","hours"]
	for (const item of CONFIG) {
	this[item] = api.getConfig(section, item)
	if (this[item] === undefined) {
	console.log(this.section, `- ERROR not loading since no \x1b[41m ${item} \x1b[0m specified in config file`)
	return
	}
	}
	this.digest = require('./http-digest-client')(this.moloUser, this.moloPass)
	api.addSource(SELFNAME, this)
	this.tagsField = this.api.addField("field:tags");
	console.log(this.section,this.moloHost,this.moloPort,this.moloUser,this.hours)
	}

	util.inherits(DummySource, wiseSource)

	DummySource.prototype.getTuple = function(tuple, cb) {
	var bites = tuple.split(";");
	var src = bites[2];
	var dst = bites[4];
	if (src.startsWith('0.0') && dst.startsWith('0.0')) {
	// wait for wise_lookup_tuple supports ipV6
	return cb(null, wiseSource.emptyResult)
	} else {
	this.digest.request({
	host: this.moloHost,
	path: `/unique.txt?expression=ip%3D%3D${src}%26%26ip%3D%3D${dst}&date=${this.hours}&counts=0&exp=mac.src`,
	port: this.moloPort,
	method: 'GET',
	headers: { "User-Agent": "wise" }
	}, (res) => {
	var d = []
	res.on('data', (data) => {
	d += data
	});
	res.on('end', () => {
	const result = d.toString().trim().split('\n').filter((obj) => obj )
	if (result.length === 0) {
	const newresult = {num: args.length/2 , buffer: Buffer.concat([wiseSource.encode.apply(null, [this.tagsField, this.tagPrefix+'_'+this.hours])])}
	return cb(null, newresult)
	} else {
	return cb(null, wiseSource.emptyResult)
	}
	})
	res.on('error', (err) => {
	console.error(err)
	return cb(null, wiseSource.emptyResult);
	})
	})
	}
	}

	exports.initSource = function(api) {
	const source = new DummySource(api, SELFNAME)
	}