esppy.connectors.SnifferPublisher¶
-
class
esppy.connectors.SnifferPublisher(interface=None, protocol=None, packetfields=None, name=None, is_active=None, transactional=None, blocksize=None, addtimestamp=None, configfilesection=None, vendorid=None, vendortype=None, indexfieldname=None, publishwithupsert=None, pcapfilter=None, httpports=None, ignorenopayloadpackets=None, maxevents=None)¶ Bases:
esppy.connectors.base.ConnectorPublish local area network packet events
- Parameters
- interfacestring
Specifies the name of the network interface on the local machine from which to capture packets.
- protocolstring
Specifies the port number associated with the protocol type of packets to be captured. You can specify this as a comma-separated list of port numbers.
- packetfieldsstring
Specifies the packet fields to be extracted from a captured packet and included in the published event.
- transactionalstring, optional
Sets the event block type to transactional. The default value is normal.
- blocksizeint, optional
Specifies the number of events to include in a published event block. The default value is 1.
- addtimestampboolean, optional
Specifies to append an ESP_TIMESTAMP field to each published event.
- configfilesectionstring, optional
Specifies the name of the section in the configuration file to parse for configuration parameters. Specify the value as [configfilesection].
- vendoridstring, optional
Specifies the vendor-Id field to match when capturing the Attribute-Specific field in a Vendor-Specific attribute in a Radius Accounting-Request packet.
- vendortypestring, optional
Specifies the vendor-Type field to match when capturing the Attribute-Specific field in a Vendor-Specific attribute in a Radius Accounting-Request packet.
- indexfieldnamestring, optional
Specifies the name to use instead of index for the index:int64 field in the Source window schema.
- publishwithupsertboolean, optional
Specifies to build events with opcode = Upsert instead of Insert.
- pcapfilterstring, optional
Specifies a filter expression as defined in the pcap documentation. Passed to the pcap driver to filter packets received by the connector.
- httpportsstring, optional
Specifies a comma-separated list of destination ports. All sniffed packets that contain a specified port are parsed for HTTP GET parameters. The default value is 80.
- ignorenopayloadpacketsboolean, optional
Specifies whether to ignore packets with no payload, as calculated by subtracting the TCP or UDP header size from the packet size. The default value is FALSE.
- maxeventsint, optional
Specifies the maximum number of events to publish.
- Returns
-
__init__(self, interface=None, protocol=None, packetfields=None, name=None, is_active=None, transactional=None, blocksize=None, addtimestamp=None, configfilesection=None, vendorid=None, vendortype=None, indexfieldname=None, publishwithupsert=None, pcapfilter=None, httpports=None, ignorenopayloadpackets=None, maxevents=None)¶ Initialize self. See help(type(self)) for accurate signature.
Methods
__init__(self[, interface, protocol, …])Initialize self.
clear(self)copy(self[, deep])Return a copy of the object
from_element(data[, session])Construct connector from XML definition
from_parameters(conncls[, type, name, …])from_xml(data[, session])Construct connector from XML definition
get(self, key[, default])items(self)keys(self)pop(self, key[, default])If key is not found, d is returned if given, otherwise KeyError is raised.
popitem(self)as a 2-tuple; but raise KeyError if D is empty.
set_properties(self, \*\*kwargs)Set connector properties
setdefault(self, key[, default])to_element(self)Export connector definition to ElementTree.Element
to_xml(self[, pretty])Export connector definition to XML
update(\*args, \*\*kwds)If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v
values(self)Attributes
connector_keyproperty_defs