We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
crowdsec
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Add -m flag for decisions list to display the machine (#1361)

* Add -m flag for decisions list to display the machine
AlteredCoder %!s(int64=3) %!d(string=hai) anos
pai
023ac9e138
achega
e4cc5fc997
Modificáronse 2 ficheiros con 30 adicións e 9 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      cmd/crowdsec-cli/alerts.go
  2. 29 8
      cmd/crowdsec-cli/decisions.go

+ 1 - 1
cmd/crowdsec-cli/alerts.go
Ver ficheiro 

@@ -329,7 +329,7 @@ cscli alerts list --type ban`,
 
 	cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)")
 
 	cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope")
 
 	cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
 
-	cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sended alerts")
 
+	cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sent alerts")
 
 	cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)")
 
 	cmdAlerts.AddCommand(cmdAlertsList)

+ 29 - 8
cmd/crowdsec-cli/decisions.go
Ver ficheiro 

@@ -32,7 +32,7 @@ var (
 
 	defaultReason   = "manual"
 
 )
 
 
-func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
+func DecisionsToTable(alerts *models.GetAlertsResponse, printMachine bool) error {
 
 	/*here we cheat a bit : to make it more readable for the user, we dedup some entries*/
 
 	var spamLimit map[string]bool = make(map[string]bool)
 
 	var skipped = 0
 
@@ -53,13 +53,17 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
 	}
 
 	if csConfig.Cscli.Output == "raw" {
 
 		csvwriter := csv.NewWriter(os.Stdout)
 
-		err := csvwriter.Write([]string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"})
 
+		header := []string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"}
 
+		if printMachine {
 
+			header = append(header, "machine")
 
+		}
 
+		err := csvwriter.Write(header)
 
 		if err != nil {
 
 			return err
 
 		}
 
 		for _, alertItem := range *alerts {
 
 			for _, decisionItem := range alertItem.Decisions {
 
-				err := csvwriter.Write([]string{
 
+				raw := []string{
 
 					fmt.Sprintf("%d", decisionItem.ID),
 
 					*decisionItem.Origin,
 
 					*decisionItem.Scope + ":" + *decisionItem.Value,
 
@@ -71,7 +75,12 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
 					*decisionItem.Duration,
 
 					fmt.Sprintf("%t", *decisionItem.Simulated),
 
 					fmt.Sprintf("%d", alertItem.ID),
 
-				})
 
+				}
 
+				if printMachine {
 
+					raw = append(raw, alertItem.MachineID)
 
+				}
 
+
 
+				err := csvwriter.Write(raw)
 
 				if err != nil {
 
 					return err
 
 				}
 
@@ -83,7 +92,11 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
 		fmt.Printf("%s", string(x))
 
 	} else if csConfig.Cscli.Output == "human" {
 
 		table := tablewriter.NewWriter(os.Stdout)
 
-		table.SetHeader([]string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"})
 
+		header := []string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"}
 
+		if printMachine {
 
+			header = append(header, "Machine")
 
+		}
 
+		table.SetHeader(header)
 
 
 		if len(*alerts) == 0 {
 
 			fmt.Println("No active decisions")
 
@@ -95,7 +108,7 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
 				if *alertItem.Simulated {
 
 					*decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type)
 
 				}
 
-				table.Append([]string{
 
+				raw := []string{
 
 					strconv.Itoa(int(decisionItem.ID)),
 
 					*decisionItem.Origin,
 
 					*decisionItem.Scope + ":" + *decisionItem.Value,
 
@@ -106,7 +119,13 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
 
 					strconv.Itoa(int(*alertItem.EventsCount)),
 
 					*decisionItem.Duration,
 
 					strconv.Itoa(int(alertItem.ID)),
 
-				})
 
+				}
 
+
 
+				if printMachine {
 
+					raw = append(raw, alertItem.MachineID)
 
+				}
 
+
 
+				table.Append(raw)
 
 			}
 
 		}
 
 		table.Render() // Send output
 
@@ -170,6 +189,7 @@ func NewDecisionsCmd() *cobra.Command {
 
 	}
 
 	NoSimu := new(bool)
 
 	contained := new(bool)
 
+	var printMachine bool
 
 	var cmdDecisionsList = &cobra.Command{
 
 		Use:   "list [options]",
 
 		Short: "List decisions from LAPI",
 
@@ -255,7 +275,7 @@ cscli decisions list -t ban
 
 				log.Fatalf("Unable to list decisions : %v", err.Error())
 
 			}
 
 
-			err = DecisionsToTable(alerts)
 
+			err = DecisionsToTable(alerts, printMachine)
 
 			if err != nil {
 
 				log.Fatalf("unable to list decisions : %v", err.Error())
 
 			}
 
@@ -274,6 +294,7 @@ cscli decisions list -t ban
 
 	cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)")
 
 	cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)")
 
 	cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode")
 
+	cmdDecisionsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that triggered decisions")
 
 	cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
 
 
 	cmdDecisions.AddCommand(cmdDecisionsList)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5