Add verbose flag to analyzer

Adds a new flag, '-v' or '--verbose', to the analyzer.py script. It uses a new print method and also skips some parts of the script if not passed on the CLI.
bitkeks · Jan 20, 2020 · 565f829 · 565f829
1 parent adb02ea
commit 565f829
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/analyzer.py b/analyzer.py
@@ -26,6 +26,11 @@
 logger = logging.getLogger(__name__)
 
 
+def printv(message, *args, **kwargs):
+    if args.verbose == True:
+        print(message.format(*args, **kwargs))
+
+
 @functools.lru_cache(maxsize=None)
 def resolve_hostname(ip):
     return socket.getfqdn(ip)
@@ -160,6 +165,8 @@ def total_packets(self):
                         help="The file to analyze (defaults to stdin if not provided)")
     parser.add_argument('-p', '--packets', dest='packets_threshold', type=int, default=10,
                         help="Number of packets representing the lower bound in connections to be processed")
+    parser.add_argument('-v', '--verbose', dest="verbose", action="store_true",
+                        help="Enable verbose output.")
     args = parser.parse_args()
 
     # Using a file and using stdin differ in their further usage for gzip.open
@@ -198,6 +205,8 @@ def total_packets(self):
     skipped = 0
     skipped_threshold = args.packets_threshold
 
+    first_line = True  # print header line before first line
+
     for key in sorted(data):
         timestamp = datetime.fromtimestamp(float(key)).strftime("%Y-%m-%d %H:%M.%S")
         client = data[key]["client"]
@@ -236,13 +245,22 @@ def total_packets(self):
                 skipped += 1
                 continue
 
-            print("{timestamp}: {service:<14} | {size:8} | {duration:9} | {packets:5} | Between {src_host} ({src}) and {dest_host} ({dest})" \
+            if first_line:
+                print("{:19} | {:14} | {:8} | {:9} | {:7} | Involved hosts".format("Timestamp", "Service", "Size", "Duration", "Packets"))
+                print("-" * 100)
+                first_line = False
+
+            print("{timestamp} | {service:<14} | {size:8} | {duration:9} | {packets:7} | Between {src_host} ({src}) and {dest_host} ({dest})" \
                   .format(timestamp=timestamp, service=con.service.upper(), src_host=con.hostnames.src, src=con.src,
                           dest_host=con.hostnames.dest, dest=con.dest, size=con.human_size, duration=con.human_duration,
                           packets=con.total_packets))
 
     if skipped > 0:
-        print(f"{skipped} connections skipped, because they had less than {skipped_threshold} packets.")
+        print(f"{skipped} connections skipped, because they had less than {skipped_threshold} packets (this value can be set with the -p flag).")
+
+    if not args.verbose:
+        # Exit here if no debugging session was wanted
+        exit(0)
 
     if len(pending) > 0:
         print(f"There are {len(pending)} first_switched entries left in the pending dict!")
@@ -260,4 +278,4 @@ def total_packets(self):
                     print(first_switched, peer, flow["IPV6_DST_ADDR"], flow["IN_PKTS"])
 
         if all_noise:
-            print("They were all noise!")
+            print("They were all noise!")