本文整理匯總了Python中GeoIP.new方法的典型用法代碼示例。如果您正苦於以下問題:Python GeoIP.new方法的具體用法?Python GeoIP.new怎麽用?Python GeoIP.new使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類GeoIP
的用法示例。
在下文中一共展示了GeoIP.new方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: cname
# 需要導入模塊: import GeoIP [as 別名]
# 或者: from GeoIP import new [as 別名]
def cname(self, ipv4_str): # Thanks Are.
"""Checks the ipv4_str against the GeoIP database. Returns the full country name of origin if
the IPv4 address is found in the database. Returns None if not found."""
geo = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
country = geo.country_name_by_addr(ipv4_str)
return country
示例2: __init__
# 需要導入模塊: import GeoIP [as 別名]
# 或者: from GeoIP import new [as 別名]
def __init__(self, threadID):
threading.Thread.__init__(self)
self.threadID = threadID
self.bro_conn_log_path = '/opt/zeek/logs/current/conn.log'
self.last_pos = 0
self.last_file_size = 0
self.new_lines = []
self.gi = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
示例3: create_alert
# 需要導入模塊: import GeoIP [as 別名]
# 或者: from GeoIP import new [as 別名]
def create_alert(self, ts, ip, mac, hostname):
ctime = int(time.time())
description = 'A new device was connected to your network. If this device was not ' \
'connected or authorized by you we recommend to check your router ' \
'configuration and disallow the access to this device.'
reference = 'https://en.wikipedia.org/wiki/Networking_hardware'
vendor = utils.get_vendor(mac)
indicators = ip + '|' + mac + '|' + hostname + '|' + [lambda:vendor, lambda:''][not vendor]()
a = [0, 'new_device', ts, ctime, 0, 0, 'New Device', ip, indicators, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[ip].alerts.append(alert_id)
示例4: run
# 需要導入模塊: import GeoIP [as 別名]
# 或者: from GeoIP import new [as 別名]
def run(self):
while 1:
try:
f = open('/opt/zeek/logs/current/notice.log', 'r')
lines = f.readlines()
for line in lines:
line = line.strip()
fields = json.loads(line)
uid = fields["ts"]
if uid not in self.recorded:
if fields["note"] == "Scan::Port_Scan":
ts = float(fields["ts"])
src = fields["src"]
dst = fields["dst"]
with lock:
if src in homenet.hosts:
ctime = int(time.time())
description = 'This host has been detected scanning one or multiple destination ' \
'IP addresses for open ports. This could indicate that a hacker has ' \
'compromised and taken control of this device and is now trying to locate ' \
'and compromise other hosts in your network.'
reference = 'https://en.wikipedia.org/wiki/Port_scanner'
a = [0, 'port_scan', ts, ctime, 0, 0, 'Port Scan', src, dst, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[src].alerts.append(alert_id)
elif fields["note"] == "Traceroute::Detected":
ts = float(fields["ts"])
src = fields["src"]
with lock:
if src in homenet.hosts:
ctime = int(time.time())
indicator = '%s performed a traceroute' % src
description = 'This host has been detected performing traceroute on your network.' \
'Traceroute is usually used by hackers during the initial stage ' \
'of an attack on a new network (reconnaissance). With this the ' \
'attacker gains visibility on how the traffic is travelling from ' \
'your internal network to other internal networks or the ' \
'Internet, which routers are on the way, etc.'
reference = 'https://en.wikipedia.org/wiki/Traceroute'
a = [0, 'traceroute', ts, ctime, 0, 0, 'Traceroute', src, indicator, 0, description, reference]
alert_id = utils.add_alert_to_db(a)
homenet.hosts[src].alerts.append(alert_id)
self.recorded.append(uid)
except Exception as e:
log.debug('FG-DEBUG: read_bro_notice_log - ' + str(e.__doc__) + " - " + str(e))
if len(self.recorded) > 100000:
del self.recorded[:]
time.sleep(5)