beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add -m flag for decisions list to display the machine (#1361)

Browse source 
* Add -m flag for decisions list to display the machine
This commit is contained in:
AlteredCoder 2022-03-16 17:29:31 +01:00 committed by GitHub
parent 023ac9e138
commit e4cc5fc997
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/crowdsec-cli/alerts.go
View file

@ -329,7 +329,7 @@ cscli alerts list --type ban`,
cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)") cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)")
cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope") cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope")
cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range") cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sended alerts") cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sent alerts")
cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)") cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)")
cmdAlerts.AddCommand(cmdAlertsList) cmdAlerts.AddCommand(cmdAlertsList)

37
cmd/crowdsec-cli/decisions.go
View file

@ -32,7 +32,7 @@ var (
defaultReason = "manual" defaultReason = "manual"
) )
func DecisionsToTable(alerts *models.GetAlertsResponse) error { func DecisionsToTable(alerts *models.GetAlertsResponse, printMachine bool) error {
/*here we cheat a bit : to make it more readable for the user, we dedup some entries*/ /*here we cheat a bit : to make it more readable for the user, we dedup some entries*/
var spamLimit map[string]bool = make(map[string]bool) var spamLimit map[string]bool = make(map[string]bool)
var skipped = 0 var skipped = 0
@ -53,13 +53,17 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
} }
if csConfig.Cscli.Output == "raw" { if csConfig.Cscli.Output == "raw" {
csvwriter := csv.NewWriter(os.Stdout) csvwriter := csv.NewWriter(os.Stdout)
err := csvwriter.Write([]string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"}) header := []string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"}
if printMachine {
header = append(header, "machine")
}
err := csvwriter.Write(header)
if err != nil { if err != nil {
return err return err
} }
for _, alertItem := range *alerts { for _, alertItem := range *alerts {
for _, decisionItem := range alertItem.Decisions { for _, decisionItem := range alertItem.Decisions {
err := csvwriter.Write([]string{ raw := []string{
fmt.Sprintf("%d", decisionItem.ID), fmt.Sprintf("%d", decisionItem.ID),
*decisionItem.Origin, *decisionItem.Origin,
*decisionItem.Scope + ":" + *decisionItem.Value, *decisionItem.Scope + ":" + *decisionItem.Value,
@ -71,7 +75,12 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
*decisionItem.Duration, *decisionItem.Duration,
fmt.Sprintf("%t", *decisionItem.Simulated), fmt.Sprintf("%t", *decisionItem.Simulated),
fmt.Sprintf("%d", alertItem.ID), fmt.Sprintf("%d", alertItem.ID),
}) }
if printMachine {
raw = append(raw, alertItem.MachineID)
}
err := csvwriter.Write(raw)
if err != nil { if err != nil {
return err return err
} }
@ -83,7 +92,11 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
fmt.Printf("%s", string(x)) fmt.Printf("%s", string(x))
} else if csConfig.Cscli.Output == "human" { } else if csConfig.Cscli.Output == "human" {
table := tablewriter.NewWriter(os.Stdout) table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"}) header := []string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"}
if printMachine {
header = append(header, "Machine")
}
table.SetHeader(header)
if len(*alerts) == 0 { if len(*alerts) == 0 {
fmt.Println("No active decisions") fmt.Println("No active decisions")
@ -95,7 +108,7 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
if *alertItem.Simulated { if *alertItem.Simulated {
*decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type) *decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type)
} }
table.Append([]string{ raw := []string{
strconv.Itoa(int(decisionItem.ID)), strconv.Itoa(int(decisionItem.ID)),
*decisionItem.Origin, *decisionItem.Origin,
*decisionItem.Scope + ":" + *decisionItem.Value, *decisionItem.Scope + ":" + *decisionItem.Value,
@ -106,7 +119,13 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
strconv.Itoa(int(*alertItem.EventsCount)), strconv.Itoa(int(*alertItem.EventsCount)),
*decisionItem.Duration, *decisionItem.Duration,
strconv.Itoa(int(alertItem.ID)), strconv.Itoa(int(alertItem.ID)),
}) }
if printMachine {
raw = append(raw, alertItem.MachineID)
}
table.Append(raw)
} }
} }
table.Render() // Send output table.Render() // Send output
@ -170,6 +189,7 @@ func NewDecisionsCmd() *cobra.Command {
} }
NoSimu := new(bool) NoSimu := new(bool)
contained := new(bool) contained := new(bool)
var printMachine bool
var cmdDecisionsList = &cobra.Command{ var cmdDecisionsList = &cobra.Command{
Use: "list [options]", Use: "list [options]",
Short: "List decisions from LAPI", Short: "List decisions from LAPI",
@ -255,7 +275,7 @@ cscli decisions list -t ban
log.Fatalf("Unable to list decisions : %v", err.Error()) log.Fatalf("Unable to list decisions : %v", err.Error())
} }
err = DecisionsToTable(alerts) err = DecisionsToTable(alerts, printMachine)
if err != nil { if err != nil {
log.Fatalf("unable to list decisions : %v", err.Error()) log.Fatalf("unable to list decisions : %v", err.Error())
} }
@ -274,6 +294,7 @@ cscli decisions list -t ban
cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)") cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)")
cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)") cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)")
cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode") cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode")
cmdDecisionsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that triggered decisions")
cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range") cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
cmdDecisions.AddCommand(cmdDecisionsList) cmdDecisions.AddCommand(cmdDecisionsList)