Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import MySQLdb
- import argparse
- import getpass
- def parse_args():
- parser = argparse.ArgumentParser()
- parser.add_argument("days", help="number of days for which to execute the query")
- return parser.parse_args()
- def main():
- args = parse_args()
- db_pass = getpass.getpass("mysql password:")
- db = MySQLdb.connect(host="localhost", # your host
- user="snort", # username
- passwd=db_pass, # password
- db="snort") # name of the database
- cur = db.cursor()
- sql = "SELECT DATE_FORMAT(timestamp, '%%Y-%%m-%%d') AS date, COUNT(event.cid), " \
- "sig_priority, inet_ntoa(ip_src), inet_ntoa(ip_dst), sig_name "\
- "FROM event "\
- "INNER JOIN signature on event.signature = signature.sig_id "\
- "INNER JOIN iphdr on event.sid = iphdr.sid AND event.cid = iphdr.cid "\
- "WHERE timestamp > DATE_SUB(NOW(), INTERVAL %s day) " \
- "GROUP BY date, sig_name, sig_priority, inet_ntoa(ip_src), inet_ntoa(ip_dst) "\
- "ORDER BY date, COUNT(event.cid) ASC" %(args.days)
- # "DATE_FORMAT(timestamp, '%Y-%m-%d') AS date, DATE_FORMAT(timestamp, '%H:%i') AS time, "\
- cur.execute(sql)
- for row in cur.fetchall() :
- print "%s\t%d\t%d\t%s\t%s\t\t%s" %(row)
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement