340
edits
REST API description: Difference between revisions
→REST API Examples
| Line 384: | Line 384: | ||
for t in threads: | for t in threads: | ||
t.join() | t.join() | ||
</pre> | |||
==== Python Script Example - Top IPs ==== | |||
<pre> | |||
#! /usr/bin/python3 | |||
import requests | |||
requests.packages.urllib3.disable_warnings() | |||
host = "https://allegro-mm-xxxx" | |||
session = requests.Session() | |||
session.auth = ("user", "password") | |||
session.verify = False # disable ssl verification | |||
params = { | |||
"sort": "bytes", | |||
"reverse": True, | |||
"page": 0, | |||
"count": 10, | |||
"timespan": 60, | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
with session.get(host + "/API/stats/modules/ip/ips_paged", params=params) as resp: | |||
ip_list = resp.json() | |||
for ip_entry in ip_list["displayedItems"]: | |||
bytes_rx = ip_entry["interval"][1] #meaning of index defined in history.rows | |||
bytes_tx = ip_entry["interval"][3] | |||
print(ip_entry["ip"] + ": " + str(bytes_rx + bytes_tx) + "B") | |||
</pre> | |||
==== Python Script Example - Top IPs pagination ==== | |||
<pre> | |||
#! /usr/bin/python3 | |||
import requests | |||
requests.packages.urllib3.disable_warnings() | |||
host = "https://allegro-mm-xxxx" | |||
session = requests.Session() | |||
session.auth = ("user", "password") | |||
session.verify = False # disable ssl verification | |||
params = { | |||
"sort": "bytes", | |||
"reverse": True, | |||
"page": 0, | |||
"count": 10, | |||
"timespan": 60, | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
with session.get(host + "/API/stats/modules/ip/ips_paged", params=params) as resp: | |||
ip_list = resp.json() | |||
number_of_items = ip_list["numberOfItems"] | |||
number_of_pages = ip_list["numberOfPages"] | |||
items_per_page = ip_list["itemsPerPage"] | |||
for page in range(0, number_of_pages): | |||
params["page"] = page | |||
with session.get(host + "/API/stats/modules/ip/ips_paged", params=params) as resp: | |||
ip_list = resp.json() | |||
for ip_entry in ip_list["displayedItems"]: | |||
bytes_rx = ip_entry["interval"][1] #meaning of index defined in history.rows | |||
bytes_tx = ip_entry["interval"][3] | |||
print(ip_entry["ip"] + ": " + str(bytes_rx + bytes_tx) + "B") | |||
</pre> | |||
==== Python Script Example - Top IPs CSV download ==== | |||
<pre> | |||
#! /usr/bin/python3 | |||
import requests | |||
import shutil | |||
requests.packages.urllib3.disable_warnings() | |||
host = "https://allegro-mm-xxxx" | |||
session = requests.Session() | |||
session.auth = ("user", "password") | |||
session.verify = False # disable ssl verification | |||
params = { | |||
"csv": True, | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
headers = { | |||
"Accept-Encoding": "" # for compression use "gzip" | |||
} | |||
output = "ip_list_out.csv" | |||
with session.get(host + "/API/stats/modules/ip/ips_paged", params=params, headers=headers, stream=True) as resp: | |||
with open(output, "wb") as fh: | |||
shutil.copyfileobj(resp.raw, fh) | |||
</pre> | |||
==== Python Script Example - Retrieval of global connections and PCAP download of a certain connection ==== | |||
<pre> | |||
#! /usr/bin/python3 | |||
import requests | |||
import shutil | |||
import time | |||
import datetime | |||
requests.packages.urllib3.disable_warnings() | |||
host = "https://allegro-mm-xxxx" | |||
session = requests.Session() | |||
session.auth = ("user", "password") | |||
session.verify = False # disable ssl verification | |||
params = { | |||
"sort": "bytes", | |||
"reverse": True, | |||
"mode": "rtpStats", | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
# get all RTP connections, sorted by bytes | |||
with session.get(host + "/API/stats/modules/ip/globalConnections", params=params) as resp: | |||
asyncID = resp.json()["asyncID"] | |||
asyncUUID = resp.json()["asyncUUID"] | |||
#print(resp.json()) | |||
finished = False | |||
success = False | |||
params = { | |||
"uuid": asyncUUID, | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
while not finished: | |||
with session.get(host + "/API/async/{}".format(asyncID), params=params) as resp: | |||
if (resp.status_code == 202): | |||
# request still pending | |||
time.sleep(1) | |||
continue; | |||
else: | |||
finished = True | |||
r = resp.json() | |||
if "errorCode" in r and r["errorCode"] == 0: | |||
asyncResult = r["asyncResult"] | |||
success = True | |||
# get start and end time of second connection | |||
if success and len(asyncResult["displayedItems"]) > 1: | |||
rtpConnection = asyncResult["displayedItems"][1] | |||
print("{}:{} <-> {}:{}".format(rtpConnection["clientIp"], | |||
rtpConnection["clientPort"], | |||
rtpConnection["serverIp"], | |||
rtpConnection["serverPort"])) | |||
print(rtpConnection["l4ProtocolShortName"] + ", " + rtpConnection["dpiProtocol"]) | |||
start = datetime.datetime.fromtimestamp(rtpConnection["connectionStart"] / 1000) | |||
end = datetime.datetime.fromtimestamp(rtpConnection["lastActivity"] / 1000) | |||
print("start: " + start.strftime("%m-%d-%Y %H-%M-%S")) | |||
print("end: " + end.strftime("%m-%d-%Y %H-%M-%S")) | |||
# download PCAP of connection | |||
params = { | |||
"expression": "IP == {}:{} and IP == {}:{}".format(rtpConnection["clientIp"], | |||
rtpConnection["clientPort"], | |||
rtpConnection["serverIp"], | |||
rtpConnection["serverPort"]), | |||
"fromCaptureBuffer": True, | |||
"captureBufferSlotId": 0, | |||
"startTime": rtpConnection["connectionStart"] * 1000, | |||
"endTime": rtpConnection["lastActivity"] * 1000, | |||
"mm-id": "local:1" #0 live traffic, 1 1st PCAP analysis | |||
} | |||
headers = { | |||
"Accept-Encoding": "" # for compression use "gzip" | |||
} | |||
output = "rtp_connection.pcapng" | |||
with session.get(host + "/API/data/modules/capture", params=params, headers=headers, stream=True) as resp: | |||
with open(output, "wb") as fh: | |||
shutil.copyfileobj(resp.raw, fh) | |||
</pre> | </pre> | ||