#!/usr/bin/pythonimport osimport timeimport datetimefrom subprocess import c

1. #!/usr/bin/python
2. import os
3. import time
4. import datetime
5. from subprocess import call
6.  
7. # VARIABLES
8. archivepath = '/archive/'
9. logpath = '/logdata/'
10. splunkbin = '/opt/splunk/bin/'
11. debug = 1
12. # /VARIABLES
13.  
14. # Check that we are in screen
15. if os.environ.get('STY') is not None:
16. if debug:
17. print '[+] Screen detected. We are good to go'
18. pass
19. else:
20. print '[-] Run this script in screen, because it might take long time and your SSH session will terminate'
21. exit(1)
22.  
23. index = raw_input('Enter index:').rstrip('\n')
24. if debug:
25. print 'Index : ' + index
26.  
27. frozenpath = archivepath + index + '/'
28. if debug:
29. print 'Frozenpath : ' + frozenpath
30.  
31. thawedpath = logpath + index + '/thaweddb/'
32. if debug:
33. print 'Thawedpath : ' + thawedpath
34.  
35. d1 = raw_input('Enter start date: (eg. 01.08.2017): ')
36. d2 = raw_input('Enter end date: (eg. 31.12.2017): ')
37. if debug:
38. print 'Date1 and Date2 : ' + d1 + ' ' + d2
39.  
40. print '[+] Searching dates on index ' + index
41. print 'in ' + frozenpath
42. try:
43. frozen_list = os.listdir(frozenpath)
44. except:
45. print "[-] Unable to walk index directory, check if path exists : " + archivepath + index
46. exit(1)
47.  
48. if debug:
49. print 'Frozen List ' + str(len(frozen_list))
50.  
51. try:
52. start_date = int(time.mktime(time.strptime(d1 + " 00:00:00", "%d.%m.%Y %H:%M:%S")));
53. except:
54. print "[-] Incorrect date inserted"
55. exit(1)
56.  
57. try:
58. end_date = int(time.mktime(time.strptime(d2 + " 00:00:00", "%d.%m.%Y %H:%M:%S")));
59. except:
60. print "[-] Incorrect date inserted"
61. exit(1)
62.  
63. print "Start Date epoch: " + str(start_date)
64. print "End Date epoch: " + str(end_date)
65.  
66. print "Got " + str(len(frozen_list)) + " elements from " + frozenpath
67.  
68. restore_list = []
69.  
70. for line in frozen_list:
71. tmp = line.split('_')
72. t1 = int(tmp[2])
73. t2 = int(tmp[1])
74. t11 = datetime.datetime.fromtimestamp(t1).strftime('%d-%m-%Y %H:%M:%S')
75. t22 = datetime.datetime.fromtimestamp(t2).strftime('%d-%m-%Y %H:%M:%S')
76.  
77. if ( (start_date >= t1 and end_date >= t2 and start_date <= t1 ) or ( start_date >= t1 and end_date <= t2) or ( start_date <= t1 and end_date >= t2) or ( start_date <= t1 and end_date <= t2 and end_date >= t1)):
78. print "Added line -- " + line + " -- t1 : " + str(t1) + " " + "t2 : " + str(t2) + " - " + t11 + " " + t22
79. restore_list.append(line)
80.  
81. if len(restore_list) == 0:
82. print 'List empty, nothing found..'
83. exit(1)
84.  
85. # Calculate size
86. restoreSize = len(restore_list)*128
87.  
88. print "[+] Found " + str(len(restore_list)) + " files. Total restore size " + str(restoreSize) + " MB"
89. print "[+] Copying databases into thaweddb.."
90.  
91. for db in restore_list:
92. if debug:
93. print "Executing: " + "cp -R " + frozenpath + db + " " + thawedpath
94. call("cp -R " + frozenpath + db + " " + thawedpath,shell = True)
95.  
96. print "[+] Rebuilding DBs"
97. for db in restore_list:
98. if debug:
99. print "Executing: " + splunkbin + "splunk rebuild +thawedpath + db"
100. #call(splunkbin + "splunk rebuild " + thawedpath + db,shell = True)