pwnlandia / hpfeeds-logger Goto Github PK
View Code? Open in Web Editor NEWSmall App for reading from MHN's hpfeeds broker and writing splunk logs
Small App for reading from MHN's hpfeeds broker and writing splunk logs
Python2 is EOL
Collecting hpfeeds-logger
Downloading https://files.pythonhosted.org/packages/c0/bd/f7c119ea6bc6c9646e2113a7454bd60c1a9fffd7733e33dd942d2a9f748a/hpfeeds-logger-0.0.7.7.tar.gz
Complete output from command python setup.py egg_info:
Downloading https://pypi.python.org/packages/source/d/distribute/distribute-0.6.14.tar.gz
Extracting in /tmp/tmpay1463ms
Traceback (most recent call last):
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 143, in use_setuptools
raise ImportError
ImportError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/setup.py", line 16, in <module>
use_setuptools()
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 145, in use_setuptools
return _do_download(version, download_base, to_dir, download_delay)
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 125, in _do_download
_build_egg(egg, tarball, to_dir)
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 99, in _build_egg
_extractall(tar)
File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 467, in _extractall
self.chown(tarinfo, dirpath)
TypeError: chown() missing 1 required positional argument: 'numeric_owner'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-unfas0o4/hpfeeds-logger/
Could commit fe41b4a be reverted?
Unfortunately I wasn't able to quickly find any justification for this commit, but I would like to request that it be reverted.
My assumption is that src_ip and dest_ip always hold ip addresses
According to Splunk's Common Information Model (CIM) the Network Traffic model, dest_ip and src_ip should hold the ip address of the destination and source device when available. The src/dest fields should be populated with the src/dest ip, hostname, or mac address depending on what's available in the log. Thus when searching for an ip address, its standard to use src_ip/dest_ip.
While I can account for this in Splunk itself by using a regex to extract src to src_ip (similar for dest) if src/dest appear to be ip addresses, it is less work for the system, to just copy anything in the src_ip field to the src field. Even the documentation suggest src could be aliased from src_ip, src_mac etc (although best practice is not to alias but copy, but that's an advanced Splunk administration topic)
While that may seem like a very small thing (and it is), Splunk does these field extractions at search time. So every time that record is returned in a search result (okay there are exceptions and I'm simplifying), that extraction is done and it has to be done for EVERY search result of this sourcetype (again simplification; typically done by sourcetype but could be done in other ways).
When you consider its more performant on the Splunk side to reverse this change AND it simplifies the code here (quite trivially, but still), I believe this request is justified. Again, there's a huge caveat that I don't know why it was originally added and without that context I may be overlooking other issues.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.