Add -m flag for decisions list to display the machine (#1361)
* Add -m flag for decisions list to display the machine
This commit is contained in:
parent
023ac9e138
commit
e4cc5fc997
|
@ -329,7 +329,7 @@ cscli alerts list --type ban`,
|
|||
cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)")
|
||||
cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope")
|
||||
cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
||||
cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sended alerts")
|
||||
cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sent alerts")
|
||||
cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)")
|
||||
cmdAlerts.AddCommand(cmdAlertsList)
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ var (
|
|||
defaultReason = "manual"
|
||||
)
|
||||
|
||||
func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||
func DecisionsToTable(alerts *models.GetAlertsResponse, printMachine bool) error {
|
||||
/*here we cheat a bit : to make it more readable for the user, we dedup some entries*/
|
||||
var spamLimit map[string]bool = make(map[string]bool)
|
||||
var skipped = 0
|
||||
|
@ -53,13 +53,17 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
|||
}
|
||||
if csConfig.Cscli.Output == "raw" {
|
||||
csvwriter := csv.NewWriter(os.Stdout)
|
||||
err := csvwriter.Write([]string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"})
|
||||
header := []string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"}
|
||||
if printMachine {
|
||||
header = append(header, "machine")
|
||||
}
|
||||
err := csvwriter.Write(header)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, alertItem := range *alerts {
|
||||
for _, decisionItem := range alertItem.Decisions {
|
||||
err := csvwriter.Write([]string{
|
||||
raw := []string{
|
||||
fmt.Sprintf("%d", decisionItem.ID),
|
||||
*decisionItem.Origin,
|
||||
*decisionItem.Scope + ":" + *decisionItem.Value,
|
||||
|
@ -71,7 +75,12 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
|||
*decisionItem.Duration,
|
||||
fmt.Sprintf("%t", *decisionItem.Simulated),
|
||||
fmt.Sprintf("%d", alertItem.ID),
|
||||
})
|
||||
}
|
||||
if printMachine {
|
||||
raw = append(raw, alertItem.MachineID)
|
||||
}
|
||||
|
||||
err := csvwriter.Write(raw)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -83,7 +92,11 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
|||
fmt.Printf("%s", string(x))
|
||||
} else if csConfig.Cscli.Output == "human" {
|
||||
table := tablewriter.NewWriter(os.Stdout)
|
||||
table.SetHeader([]string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"})
|
||||
header := []string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"}
|
||||
if printMachine {
|
||||
header = append(header, "Machine")
|
||||
}
|
||||
table.SetHeader(header)
|
||||
|
||||
if len(*alerts) == 0 {
|
||||
fmt.Println("No active decisions")
|
||||
|
@ -95,7 +108,7 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
|||
if *alertItem.Simulated {
|
||||
*decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type)
|
||||
}
|
||||
table.Append([]string{
|
||||
raw := []string{
|
||||
strconv.Itoa(int(decisionItem.ID)),
|
||||
*decisionItem.Origin,
|
||||
*decisionItem.Scope + ":" + *decisionItem.Value,
|
||||
|
@ -106,7 +119,13 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
|||
strconv.Itoa(int(*alertItem.EventsCount)),
|
||||
*decisionItem.Duration,
|
||||
strconv.Itoa(int(alertItem.ID)),
|
||||
})
|
||||
}
|
||||
|
||||
if printMachine {
|
||||
raw = append(raw, alertItem.MachineID)
|
||||
}
|
||||
|
||||
table.Append(raw)
|
||||
}
|
||||
}
|
||||
table.Render() // Send output
|
||||
|
@ -170,6 +189,7 @@ func NewDecisionsCmd() *cobra.Command {
|
|||
}
|
||||
NoSimu := new(bool)
|
||||
contained := new(bool)
|
||||
var printMachine bool
|
||||
var cmdDecisionsList = &cobra.Command{
|
||||
Use: "list [options]",
|
||||
Short: "List decisions from LAPI",
|
||||
|
@ -255,7 +275,7 @@ cscli decisions list -t ban
|
|||
log.Fatalf("Unable to list decisions : %v", err.Error())
|
||||
}
|
||||
|
||||
err = DecisionsToTable(alerts)
|
||||
err = DecisionsToTable(alerts, printMachine)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to list decisions : %v", err.Error())
|
||||
}
|
||||
|
@ -274,6 +294,7 @@ cscli decisions list -t ban
|
|||
cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)")
|
||||
cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)")
|
||||
cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode")
|
||||
cmdDecisionsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that triggered decisions")
|
||||
cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
||||
|
||||
cmdDecisions.AddCommand(cmdDecisionsList)
|
||||
|
|
Loading…
Reference in a new issue