Skip to content

process

A simple process manager wrapping Zeek, Suricata, and Filebeat.

To import...

from dynamite_nsm.services.agent import process as agent_process

ProcessManager

Agent Process Manager

__init__(self, stdout=True, verbose=False, pretty_print_status=False) special

Manage Agent Processes

Parameters:

Name Type Description Default
stdout Optional[bool]

Print output to console

 True
verbose Optional[bool]

Include detailed debug messages

 False
pretty_print_status Optional[bool]

If enabled, status will be printed in a tabulated style

 False

Returns:

Type Description

None
Source code in dynamite_nsm/services/agent/process.py 
def __init__(self, stdout: Optional[bool] = True, verbose: Optional[bool] = False,
             pretty_print_status: Optional[bool] = False):
    """Manage Agent Processes
    Args:
        stdout: Print output to console
        verbose: Include detailed debug messages
        pretty_print_status: If enabled, status will be printed in a tabulated style
    Returns:
        None
    """
    self.stdout = stdout
    self.verbose = verbose
    self.pretty_print_status = pretty_print_status
    log_level = logging.INFO
    if verbose:
        log_level = logging.DEBUG
    self.logger = get_logger('agent.process', level=log_level, stdout=stdout)

start(self)

Start agent processes

Returns:

Type Description
bool

True, if successful
Source code in dynamite_nsm/services/agent/process.py 
def start(self) -> bool:
    """Start agent processes
    Returns:
        True, if successful
    """
    filebeat_res, suricata_res, zeek_res = True, True, True
    if not filebeat_profile.ProcessProfiler().is_installed():
        self.logger.error('You must install Filebeat to run this command.')
        return False
    filebeat_res = filebeat_process.ProcessManager().start()
    if suricata_profile.ProcessProfiler().is_installed():
        suricata_res = suricata_process.ProcessManager().start()
    if zeek_profile.ProcessProfiler().is_installed():
        zeek_res = zeek_process.ProcessManager().start()
    return filebeat_res and zeek_res and suricata_res

status(self)

Get the status of a processes

Returns:

Type Description
Union[Dict, str]

A dictionary containing process status or a tabulated string if pretty_print is True.
Source code in dynamite_nsm/services/agent/process.py 
def status(self) -> Optional[Union[Dict, str]]:
    """Get the status of a processes
    Returns:
        A dictionary containing process status or a tabulated string if `pretty_print` is True.
    """
    if not filebeat_profile.ProcessProfiler().is_installed():
        self.logger.error('You must install filebeat to run this command.')
        return None
    agent_status = {}
    filebeat_status, zeek_status, suricata_status = {}, {}, {}
    filebeat_status = filebeat_process.ProcessManager().status()
    agent_status.update({'filebeat': {'running': filebeat_status.get('running'),
                                      'enabled_on_startup': filebeat_status.get('enabled_on_startup')}})
    if zeek_profile.ProcessProfiler().is_installed():
        zeek_status = zeek_process.ProcessManager().status()
        agent_status.update({'zeek': {'running': zeek_status.get('running'),
                                      'enabled_on_startup': zeek_status.get('enabled_on_startup')}})
    if suricata_profile.ProcessProfiler().is_installed():
        suricata_status = suricata_process.ProcessManager().status()
        agent_status.update({'suricata': {'running': suricata_status.get('running'),
                                          'enabled_on_startup': suricata_status.get('enabled_on_startup')}})
    if self.pretty_print_status:
        colorize = utilities.PrintDecorations.colorize
        child_services = [
            ['Service', 'Running', 'Enabled on Startup'],
            ['filebeat',
             colorize('yes', 'green') if filebeat_status.get('running') else colorize('no', 'red'),
             colorize('yes', 'green') if filebeat_status.get('enabled_on_startup') else colorize('no', 'red')
             ]
        ]
        if zeek_status:
            child_services.append(
                ['zeek', colorize('yes', 'green') if zeek_status.get('running') else colorize('no', 'red'),
                 colorize('yes', 'green') if zeek_status.get('enabled_on_startup') else colorize('no', 'red')]
            )
        if suricata_status:
            child_services.append(
                ['suricata', colorize('yes', 'green') if zeek_status.get('running') else colorize('no', 'red'),
                 colorize('yes', 'green') if zeek_status.get('enabled_on_startup') else colorize('no', 'red')]
            )

        return tabulate.tabulate(child_services, tablefmt='fancy_grid')
    return agent_status

stop(self)

Stop agent processes

Returns:

Type Description
bool

True, if successful
Source code in dynamite_nsm/services/agent/process.py 
def stop(self) -> bool:
    """Stop agent processes
    Returns:
        True, if successful
    """
    filebeat_res, suricata_res, zeek_res = True, True, True
    if not filebeat_profile.ProcessProfiler().is_installed():
        self.logger.error('You must install Filebeat to run this command.')
        return False
    filebeat_res = filebeat_process.ProcessManager().stop()
    if suricata_profile.ProcessProfiler().is_installed():
        suricata_res = suricata_process.ProcessManager().stop()
    if zeek_profile.ProcessProfiler().is_installed():
        zeek_res = zeek_process.ProcessManager().stop()
    return filebeat_res and zeek_res and suricata_res