Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # coding: utf-8
- import sys,MySQLdb,os,re
- def dogpile(rulerepo):
- x = 0
- try:
- conn = MySQLdb.connect (host = "localhost",
- user = "root",
- passwd = "",
- db = "snortdb")
- except MySQLdb.Error, e:
- print "Error %d: %s" % (e.args[0], e.args[1])
- sys.exit (1)
- if conn:
- print "sucessfully connected to database"
- cursor = conn.cursor()
- cursor.execute("DROP TABLE IF EXISTS snortrules")
- cursor.execute("""
- CREATE TABLE snortrules
- (
- sid INT UNSIGNED,
- rule TEXT(2048) NOT NULL,
- PRIMARY KEY(sid),
- INDEX ruleindex(rule(767))
- )
- """)
- """get the rules"""
- for root, dir, files in os.walk(str(rulerepo)):
- for file in files:
- if ".rules" in file:
- openrule = open(root + '/' + file)
- readrule = openrule.read()
- alertrules = re.findall(r'alert.*rev:\d\;\)',readrule)
- for snortrule in alertrules:
- sidnum = ''.join(re.findall(r'sid:(\d*)',snortrule))
- cursor.execute ("""
- INSERT INTO snortrules (sid,rule)
- VALUES(%s,%s)""",(sidnum,snortrule))
- x += 1
- print "\nNumber of rows inserted: " + str(x)
- conn.commit()
- cursor.close()
- conn.close()
- def main():
- rulerepo = sys.argv[1]
- dogpile(rulerepo)
- if __name__ == '__main__':
- main()
Add Comment
Please, Sign In to add comment