本文整理汇总了Python中GeoIP.new方法的典型用法代码示例。如果您正苦于以下问题:Python GeoIP.new方法的具体用法?Python GeoIP.new怎么用?Python GeoIP.new使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类GeoIP的用法示例。
在下文中一共展示了GeoIP.new方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: cname
# 需要导入模块: import GeoIP [as 别名]
# 或者: from GeoIP import new [as 别名]
def cname(self, ipv4_str): # Thanks Are.
"""Checks the ipv4_str against the GeoIP database. Returns the full country name of origin if
the IPv4 address is found in the database. Returns None if not found."""
geo = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
country = geo.country_name_by_addr(ipv4_str)
return country 示例2: __init__
# 需要导入模块: import GeoIP [as 别名]
# 或者: from GeoIP import new [as 别名]
def __init__(self, threadID):
threading.Thread.__init__(self)
self.threadID = threadID
self.bro_conn_log_path = '/opt/zeek/logs/current/conn.log'
self.last_pos = 0
self.last_file_size = 0
self.new_lines = []
self.gi = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE) 示例3: create_alert
# 需要导入模块: import GeoIP [as 别名]
# 或者: from GeoIP import new [as 别名]
def create_alert(self, ts, ip, mac, hostname):
ctime = int(time.time())
description = 'A new device was connected to your network. If this device was not ' \
'connected or authorized by you we recommend to check your router ' \
'configuration and disallow the access to this device.'
reference = 'https://en.wikipedia.org/wiki/Networking_hardware'
vendor = utils.get_vendor(mac)
indicators = ip + '|' + mac + '|' + hostname + '|' + [lambda:vendor, lambda:''][not vendor]()
a = [0, 'new_device', ts, ctime, 0, 0, 'New Device', ip, indicators, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[ip].alerts.append(alert_id) 示例4: run
# 需要导入模块: import GeoIP [as 别名]
# 或者: from GeoIP import new [as 别名]
def run(self):
while 1:
try:
f = open('/opt/zeek/logs/current/notice.log', 'r')
lines = f.readlines()
for line in lines:
line = line.strip()
fields = json.loads(line)
uid = fields["ts"]
if uid not in self.recorded:
if fields["note"] == "Scan::Port_Scan":
ts = float(fields["ts"])
src = fields["src"]
dst = fields["dst"]
with lock:
if src in homenet.hosts:
ctime = int(time.time())
description = 'This host has been detected scanning one or multiple destination ' \
'IP addresses for open ports. This could indicate that a hacker has ' \
'compromised and taken control of this device and is now trying to locate ' \
'and compromise other hosts in your network.'
reference = 'https://en.wikipedia.org/wiki/Port_scanner'
a = [0, 'port_scan', ts, ctime, 0, 0, 'Port Scan', src, dst, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[src].alerts.append(alert_id)
elif fields["note"] == "Traceroute::Detected":
ts = float(fields["ts"])
src = fields["src"]
with lock:
if src in homenet.hosts:
ctime = int(time.time())
indicator = '%s performed a traceroute' % src
description = 'This host has been detected performing traceroute on your network.' \
'Traceroute is usually used by hackers during the initial stage ' \
'of an attack on a new network (reconnaissance). With this the ' \
'attacker gains visibility on how the traffic is travelling from ' \
'your internal network to other internal networks or the ' \
'Internet, which routers are on the way, etc.'
reference = 'https://en.wikipedia.org/wiki/Traceroute'
a = [0, 'traceroute', ts, ctime, 0, 0, 'Traceroute', src, indicator, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[src].alerts.append(alert_id)
self.recorded.append(uid)
except Exception as e:
log.debug('FG-DEBUG: read_bro_notice_log - ' + str(e.__doc__) + " - " + str(e))
if len(self.recorded) > 100000:
del self.recorded[:]
time.sleep(5)