Merge pull request #71 from splunk/develop

Develop

Author: weliasz

.github/workflows/exclude-patterns.txt

@@ -0,0 +1,2 @@
+mibs/.*\.py
+poetry.lock

.github/workflows/review-secrets.yml

@@ -9,4 +9,5 @@ jobs:
         uses: actions/checkout@v1
       - name: Trufflehog Actions Scan
         uses: edplato/[email protected]
-
+        with:
+          scanArguments: "-x /github/workspace/.github/workflows/exclude-patterns.txt"

splunk_connect_for_snmp_traps/manager/hec_sender.py

@@ -2,6 +2,7 @@
 import logging
 import os
 import threading
+import time
 
 import requests
 
@@ -24,6 +25,7 @@ def configure_thread_pool(self):
         user_suggested_working_threads = self._args.hec_threads
         max_workers = max_allowed_working_threads(user_suggested_working_threads)
         logger.debug(f"Configured a thread-pool with {max_workers} concurrent threads")
+        logger.debug(f"Configured Splunk index for SNMP traps: {self._args.index}")
         return concurrent.futures.ThreadPoolExecutor(max_workers=max_workers)
 
     def get_session(self):
@@ -33,9 +35,10 @@ def get_session(self):
 
     def post_data_to_thread_pool(self, host, variables_binds):
         data = {
+            "time": time.time(),
             "sourcetype": "sc4snmp:traps",
             "host": host,
-            "index": self._server_config["splunk"]["index"],
+            "index": self._args.index,
             "event": variables_binds,
         }
 

splunk_connect_for_snmp_traps/manager/mib_server_client.py

@@ -1,10 +1,13 @@
-import logging
 import json
-import requests
+import logging
 import os
+
+import requests
 from requests.adapters import HTTPAdapter
 from requests.packages.urllib3.util.retry import Retry
 
+from splunk_connect_for_snmp_traps.utilities import format_value_for_mib_server
+
 logger = logging.getLogger(__name__)
 
 
@@ -22,7 +25,7 @@ def get_translation(var_binds, mib_server_url):
         var_bind = {
             "oid": str(name),
             "oid_type": name.__class__.__name__,
-            "val": str(val),
+            "val": format_value_for_mib_server(val, val.__class__.__name__),
             "val_type": val.__class__.__name__,
         }
         var_binds_list.append(var_bind)

splunk_connect_for_snmp_traps/snmp_trap_server.py

@@ -32,6 +32,10 @@ def main():
     )
     parser.add_argument("-c", "--config", default="config.yaml", help="Config File")
 
+    parser.add_argument(
+        "-i", "--index", default="##EVENTS_INDEX##", help="Index for traps"
+    )
+
     args = parser.parse_args()
 
     log_level = args.loglevel.upper()

splunk_connect_for_snmp_traps/utilities.py

@@ -29,3 +29,24 @@ def initialize_signals_handler():
     )
     for one_signal in signals_to_catch:
         signal.signal(one_signal, default_signal_handler)
+
+
+# 1.3.6.1.2.1.2.2.1.4.1|Integer|16436|16436|True
+# 1.3.6.1.2.1.1.6.0|DisplayString|San Francisco, California, United States|San Francisco, California, United States|True
+# 1.3.6.1.2.1.2.2.1.6.2|OctetString|<null>ybù@|0x00127962f940|False
+# 1.3.6.1.2.1.1.9.1.2.7|ObjectIdentity|1.3.6.1.2.1.50|SNMPv2-SMI::mib-2.50|False
+# 1.3.6.1.2.1.6.13.1.4.195.218.254.105.51684.194.67.10.226.22|IpAddress|ÂCâ|194.67.10.226|False
+# 1.3.6.1.2.1.25.3.2.1.6.1025|Counter32|0|0|True
+# 1.3.6.1.2.1.31.1.1.1.15.2|Gauge32|100|100|True
+# 1.3.6.1.2.1.1.3.0|TimeTicks|148271768|148271768|True
+# 1.3.6.1.4.1.2021.10.1.6.1|Opaque|Ÿx>ë…|0x9f78043eeb851f|False
+# 1.3.6.1.2.1.31.1.1.1.10.1|Counter64|453477588|453477588|True
+#
+# As you can see, for most types str(value) == value.prettyPrint(), however:
+# - for Opaque, IpAddress, and OctetString we need to use prettyPrint(), otherwise the data is rubbish
+# - any other type should use str() before sending data to MIB-server
+def format_value_for_mib_server(value, value_type):
+    if value_type in ("OctetString", "IpAddress", "Opaque"):
+        return value.prettyPrint()
+    else:
+        return str(value)