/** * Update IP contact for a ticket. * * @param Ticket $ticket */ public static function ipContact($ticket) { $ipContact = FindContact::byIP($ticket['ip']); // Update IP Contact fields in ticket $ticket->ip_contact_account_id = $ipContact->account_id; $ticket->ip_contact_reference = $ipContact->reference; $ticket->ip_contact_name = $ipContact->name; $ticket->ip_contact_email = $ipContact->email; $ticket->ip_contact_api_host = $ipContact->api_host; $ticket->ip_contact_auto_notify = $ipContact->auto_notify; $ticket->save(); }
/** * Return contact by Code * * @param string $id contact reference * @return object */ public static function byId($id) { // If local lookups are not preferred, then do the remote lookup first if (config('main.external.prefer_local') === false) { $findContact = FindContact::getExternalContact('id', $id); if (!empty($findContact)) { return $findContact; } } // Do a local lookup $result = Contact::where('reference', '=', $id)->where('enabled', '=', true)->take(1)->get(); if (isset($result[0])) { return $result[0]; } // Do a remote lookup, if local lookups are preferred. Else skip this as this was already done. if (config('main.external.prefer_local') === true) { $findContact = FindContact::getExternalContact('id', $id); if (!empty($findContact)) { return $findContact; } } return FindContact::undefined(); }
/** * Execute the command. * * @param array $events * @param integer $evidenceID * @return array */ public function save($events, $evidenceID) { $ticketCount = 0; $eventCount = 0; $eventsIgnored = 0; foreach ($events as $event) { /* Here we will seek through all the events and look if there is an existing ticket. We will split them up * into two seperate arrays: $eventsNew and $events$known. We can save all the known events in the DB with * a single event saving loads of queries * * IP Owner is leading, as in most cases even if the domain is moved * The server might still have a problem. Next to the fact that domains * Arent transferred to a new owner 'internally' anyways. * * So we do a lookup based on the IP same as with the 3.x engine. After * the lookup we check wither the domain contact was changed, if so we UPDATE * the ticket and put a note somewhere about it. This way the IP owner does * not get a new ticket on this matter and the new domain owner is getting updates. * * As the ASH link is based on the contact code, the old domain owner will not * have any access to the ticket anymore. */ // If an event is too old we are ignoring it if (config('main.reports.min_lastseen') !== false && strtotime(config('main.reports.min_lastseen')) !== false && strtotime(config('main.reports.min_lastseen') . ' ago') > $event['timestamp']) { Log::debug(get_class($this) . ': ' . "is ignoring event because its older then " . config('main.reports.min_lastseen')); continue; } // Start with building a classification lookup table and switch out name for ID foreach ((array) Lang::get('classifications') as $classID => $class) { if ($class['name'] == $event['class']) { $event['class'] = $classID; } } // Also build a types lookup table and switch out name for ID foreach ((array) Lang::get('types.type') as $typeID => $type) { if ($type['name'] == $event['type']) { $event['type'] = $typeID; } } // Lookup the ip contact and if needed the domain contact too $findContact = new FindContact(); $ipContact = $findContact->byIP($event['ip']); if ($event['domain'] != '') { $domainContact = $findContact->byDomain($event['domain']); } else { $domainContact = $findContact->undefined(); } /* * Ignore the event if both ip and domain contacts are undefined and the resolving of an contact * was required. This is handy to ignore any reports that are not considered local, but use * with caution as it might just ignore anything if your IP/domains are not correctly configured */ if ($ipContact->reference == 'UNDEF' && $domainContact->reference == 'UNDEF' && config('main.reports.resolvable_only') === true) { if (!empty($domainContact) && $domainContact->reference == 'UNDEF' || empty($domainContact)) { Log::debug(get_class($this) . ': ' . "is ignoring event because there is no IP or Domain contact"); continue; } } /* * Search to see if there is an existing ticket for this event classification */ $ticket = Ticket::where('ip', '=', $event['ip'])->where('class_id', '=', $event['class'], 'AND')->where('type_id', '=', $event['type'], 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 2, 'AND')->get(); if ($ticket->count() === 0) { /* * If there are no search results then there is no existing ticket and we should create one */ $ticketCount++; $newTicket = new Ticket(); $newTicket->ip = $event['ip']; $newTicket->domain = empty($event['domain']) ? '' : $event['domain']; $newTicket->class_id = $event['class']; $newTicket->type_id = $event['type']; $newTicket->ip_contact_account_id = $ipContact->account_id; $newTicket->ip_contact_reference = $ipContact->reference; $newTicket->ip_contact_name = $ipContact->name; $newTicket->ip_contact_email = $ipContact->email; $newTicket->ip_contact_api_host = $ipContact->api_host; $newTicket->ip_contact_api_key = $ipContact->api_key; $newTicket->ip_contact_auto_notify = $ipContact->auto_notify; $newTicket->ip_contact_notified_count = 0; $newTicket->domain_contact_account_id = $domainContact->account_id; $newTicket->domain_contact_reference = $domainContact->reference; $newTicket->domain_contact_name = $domainContact->name; $newTicket->domain_contact_email = $domainContact->email; $newTicket->domain_contact_api_host = $domainContact->api_host; $newTicket->domain_contact_api_key = $domainContact->api_key; $newTicket->domain_contact_auto_notify = $domainContact->auto_notify; $newTicket->domain_contact_notified_count = 0; $newTicket->status_id = 1; $newTicket->last_notify_count = 0; $newTicket->last_notify_timestamp = 0; $newTicket->save(); $newEvent = new Event(); $newEvent->evidence_id = $evidenceID; $newEvent->information = $event['information']; $newEvent->source = $event['source']; $newEvent->ticket_id = $newTicket->id; $newEvent->timestamp = $event['timestamp']; $newEvent->save(); } elseif ($ticket->count() === 1) { /* * There is an existing ticket, so we just need to add the event to this ticket. If the event is an * exact match we consider it a duplicate and will ignore it. */ $ticket = $ticket[0]; if (Event::where('information', '=', $event['information'])->where('source', '=', $event['source'])->where('ticket_id', '=', $ticket->id)->where('timestamp', '=', $event['timestamp'])->exists()) { $eventsIgnored++; } else { // New unique event, so we will save this $eventCount++; $newEvent = new Event(); $newEvent->evidence_id = $evidenceID; $newEvent->information = $event['information']; $newEvent->source = $event['source']; $newEvent->ticket_id = $ticket->id; $newEvent->timestamp = $event['timestamp']; $newEvent->save(); /* * If the reference has changed for the domain owner, then we update the ticket with the new * domain owner. We not check if anything else then the reference has changed. If you change the * contact data you have the option to propogate it onto open tickets. */ if (!empty($event['domain']) && $domainContact !== false && $domainContact->reference !== $ticket->domain_contact_reference) { $ticket->domain_contact_reference = $domainContact->reference; $ticket->domain_contact_name = $domainContact->name; $ticket->domain_contact_email = $domainContact->email; $ticket->domain_contact_api_host = $domainContact->api_host; $ticket->domain_contact_api_key = $domainContact->api_key; $ticket->domain_contact_auto_notify = $domainContact->auto_notify; $ticket->account_id = $domainContact->account->id; $ticket->save(); } // TODO: If this is an abuse/escalation ticket and currently 'resolved' then put status back to Open // TODO: Implement escalation triggers } } else { /* * We should not never have more then two open tickets for the same case. If this happens there is a * fault in the aggregator which must be resolved first. Until then we will permfail here. */ $this->failed('Unable to link to ticket, multiple open tickets found for same event type'); } } Log::debug(get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$eventCount} new events and ignored {$eventsIgnored} duplicates"); $this->success(''); }
/** * Execute the command. * * @param array $incidents * @param int $evidenceID * * @return array */ public function save($incidents, $evidenceID) { $ticketCount = 0; $incidentCount = 0; $incidentsIgnored = 0; foreach ($incidents as $incident) { /* Here we will seek through all the incidents and look if there is an existing ticket. We will split * them up into two seperate arrays: $incidentsNew and $incidents$known. We can save all the known * incidents in the DB with a single incident saving loads of queries * * IP Owner is leading, as in most cases even if the domain is moved * The server might still have a problem. Next to the fact that domains * Arent transferred to a new owner 'internally' anyways. * * So we do a lookup based on the IP same as with the 3.x engine. After * the lookup we check wither the domain contact was changed, if so we UPDATE * the ticket and put a note somewhere about it. This way the IP owner does * not get a new ticket on this matter and the new domain owner is getting updates. * * As the ASH link is based on the contact code, the old domain owner will not * have any access to the ticket anymore. */ // If an incident is too old we are ignoring it if (config('main.reports.min_lastseen') !== false && strtotime(config('main.reports.min_lastseen')) !== false && strtotime(config('main.reports.min_lastseen') . ' ago') > $incident->timestamp) { Log::debug(get_class($this) . ': ' . 'is ignoring incident because its older then ' . config('main.reports.min_lastseen')); continue; } // Lookup the ip contact and if needed the domain contact too $findContact = new FindContact(); $ipContact = $findContact->byIP($incident->ip); if ($incident->domain != '') { $domainContact = $findContact->byDomain($incident->domain); } else { $domainContact = $findContact->undefined(); } /* * Ignore the incident if both ip and domain contacts are undefined and the resolving of an contact * was required. This is handy to ignore any reports that are not considered local, but use * with caution as it might just ignore anything if your IP/domains are not correctly configured */ if ($ipContact->reference == 'UNDEF' && $domainContact->reference == 'UNDEF' && config('main.reports.resolvable_only') === true) { if (!empty($domainContact) && $domainContact->reference == 'UNDEF' || empty($domainContact)) { Log::debug(get_class($this) . ': ' . 'is ignoring incident because there is no IP or Domain contact'); continue; } } /* * Search to see if there is an existing ticket for this incident classification */ $ticket = Ticket::where('ip', '=', $incident->ip)->where('class_id', '=', $incident->class, 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 'CLOSED', 'AND')->get(); if ($ticket->count() === 0) { /* * If there are no search results then there is no existing ticket and we should create one */ $ticketCount++; $newTicket = new Ticket(); $newTicket->ip = $incident->ip; $newTicket->domain = empty($incident->domain) ? '' : $incident->domain; $newTicket->class_id = $incident->class; $newTicket->type_id = $incident->type; $newTicket->ip_contact_account_id = $ipContact->account_id; $newTicket->ip_contact_reference = $ipContact->reference; $newTicket->ip_contact_name = $ipContact->name; $newTicket->ip_contact_email = $ipContact->email; $newTicket->ip_contact_api_host = $ipContact->api_host; $newTicket->ip_contact_auto_notify = $ipContact->auto_notify; $newTicket->ip_contact_notified_count = 0; $newTicket->domain_contact_account_id = $domainContact->account_id; $newTicket->domain_contact_reference = $domainContact->reference; $newTicket->domain_contact_name = $domainContact->name; $newTicket->domain_contact_email = $domainContact->email; $newTicket->domain_contact_api_host = $domainContact->api_host; $newTicket->domain_contact_auto_notify = $domainContact->auto_notify; $newTicket->domain_contact_notified_count = 0; $newTicket->status_id = 'OPEN'; $newTicket->last_notify_count = 0; $newTicket->last_notify_timestamp = 0; // Validate the model before saving $validator = Validator::make(json_decode(json_encode($newTicket), true), Ticket::createRules()); if ($validator->fails()) { return $this->error('DevError: Internal validation failed when saving the Ticket object ' . implode(' ', $validator->messages()->all())); } $newTicket->save(); $newEvent = new Event(); $newEvent->evidence_id = $evidenceID; $newEvent->information = $incident->information; $newEvent->source = $incident->source; $newEvent->ticket_id = $newTicket->id; $newEvent->timestamp = $incident->timestamp; // Validate the model before saving $validator = Validator::make(json_decode(json_encode($newEvent), true), Event::createRules()); if ($validator->fails()) { return $this->error('DevError: Internal validation failed when saving the Event object ' . implode(' ', $validator->messages()->all())); } $newEvent->save(); } elseif ($ticket->count() === 1) { /* * There is an existing ticket, so we just need to add the incident to this ticket. If the * incident is an exact match we consider it a duplicate and will ignore it. */ $ticket = $ticket[0]; if (Event::where('information', '=', $incident->information)->where('source', '=', $incident->source)->where('ticket_id', '=', $ticket->id)->where('timestamp', '=', $incident->timestamp)->exists()) { $incidentsIgnored++; } else { // New unique incident, so we will save this $incidentCount++; $newEvent = new Event(); $newEvent->evidence_id = $evidenceID; $newEvent->information = $incident->information; $newEvent->source = $incident->source; $newEvent->ticket_id = $ticket->id; $newEvent->timestamp = $incident->timestamp; // Validate the model before saving $validator = Validator::make(json_decode(json_encode($newEvent), true), Event::createRules()); if ($validator->fails()) { return $this->error('DevError: Internal validation failed when saving the Event object ' . implode(' ', $validator->messages()->all())); } $newEvent->save(); /* * If the reference has changed for the domain owner, then we update the ticket with the new * domain owner. We not check if anything else then the reference has changed. If you change the * contact data you have the option to propogate it onto open tickets. */ if (!empty($incident->domain) && $domainContact !== false && $domainContact->reference !== $ticket->domain_contact_reference) { $ticket->domain_contact_reference = $domainContact->reference; $ticket->domain_contact_name = $domainContact->name; $ticket->domain_contact_email = $domainContact->email; $ticket->domain_contact_api_host = $domainContact->api_host; $ticket->domain_contact_auto_notify = $domainContact->auto_notify; $ticket->account_id = $domainContact->account->id; } /* * Upgrade the type if the received event has a higher priority type included */ $priority = ['INFO', 'ABUSE', 'ESCALATION']; if (array_search($ticket->type_id, $priority) < array_search($incident->type, $priority)) { $ticket->type_id = $incident->type; } /* * If the ticket was set to resolved, move it back to open */ if ($ticket->status_id == 'RESOLVED') { $ticket->status_id = 'OPEN'; } /* * Walk thru the escalation upgrade path, and upgrade if required */ //echo config("escalations.{$ticket->class_id}.abuse.enabled"); if (is_array(config("escalations.{$ticket->class_id}"))) { // There is a specific escalation path for this class $escalationPath = $ticket->class_id; } else { // Use the default escalation path $escalationPath = 'DEFAULT'; } // Check if all the values are set, or log a warning that were skipping escalation paths if (!is_bool(empty(config("escalations.{$escalationPath}.abuse.enabled"))) || !is_numeric(config("escalations.{$escalationPath}.abuse.threshold")) || !is_bool(empty(config("escalations.{$escalationPath}.escalation.enabled"))) || !is_numeric(config("escalations.{$escalationPath}.escalation.threshold"))) { Log::warning(get_class($this) . ': ' . 'Escalation path settings are missing or incomplete. Skipping this phase'); } else { // Now actually check if anything needs to be changed and if so, change it. if (!empty(config("escalations.{$escalationPath}.abuse.enabled")) && !empty(config("escalations.{$escalationPath}.abuse.threshold")) && $ticket->events->count() > config("escalations.{$escalationPath}.abuse.threshold") && $ticket->type_id == 'INFO') { // Upgrade to abuse Log::debug(get_class($this) . ': ' . "An escalation path threshold has been reached for ticket {$ticket->id}, " . 'threshold: ' . config("escalations.{$escalationPath}.abuse.threshold") . ', ' . 'setting: info -> abuse'); $ticket->type_id = 'ABUSE'; } if (!empty(config("escalations.{$escalationPath}.escalation.enabled")) && !empty(config("escalations.{$escalationPath}.escalation.threshold")) && $ticket->events->count() > config("escalations.{$escalationPath}.escalation.threshold") && $ticket->type_id == 'ABUSE') { // Upgrade to escalation Log::debug(get_class($this) . ': ' . "An escalation path threshold has been reached for ticket {$ticket->id}, " . 'threshold: ' . config("escalations.{$escalationPath}.escalation.threshold") . ', ' . 'setting: abuse -> escalation'); $ticket->type_id = 'ESCALATION'; } } // Validate the model before saving $validator = Validator::make(json_decode(json_encode($ticket), true), Ticket::createRules()); if ($validator->fails()) { return $this->error('DevError: Internal validation failed when saving the Ticket object ' . implode(' ', $validator->messages()->all())); } $ticket->save(); } } else { /* * We should not never have more then two open tickets for the same case. If this happens there is a * fault in the aggregator which must be resolved first. Until then we will permfail here. */ $this->error('Unable to link to ticket, multiple open tickets found for same incident type'); } } Log::debug(get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$incidentCount} new incidents and ignored {$incidentsIgnored} duplicates"); return $this->success(''); }
/** * Return contact by Code * @param string $reference * @return object */ public static function byId($id) { $result = Contact::where('reference', '=', $id)->where('enabled', '=', true)->take(1)->get(); if (isset($result[0])) { return $result[0]; } $findContact = FindContact::getExternalResolver('id', $id); if (!empty($findContact)) { return $findContact; } return FindContact::undefined(); }
/** * @param $ticket * @param $account * * @return Ticket */ private function createTicket($ticket, $account) { // Start with building a classification lookup table and switch out name for ID // But first fix the names: $replaces = ['Possible DDOS sending NTP Server' => 'Possible DDoS sending Server', 'Possible DDOS sending DNS Server' => 'Possible DDoS sending Server']; $old = array_keys($replaces); $new = array_values($replaces); $ticket->Class = str_replace($old, $new, $ticket->Class); foreach ((array) Lang::get('classifications') as $classID => $class) { if ($class['name'] == $ticket->Class) { $ticket->Class = $classID; } } // Also build a types lookup table and switch out name for ID foreach ((array) Lang::get('types.type') as $typeID => $type) { // Consistancy fixes: $ticket->Type = strtoupper($ticket->Type); if ($type['name'] == $ticket->Type) { $ticket->Type = $typeID; } } // Create the ticket $newTicket = new Ticket(); $newTicket->id = $ticket->ID; $newTicket->ip = $ticket->IP; $newTicket->domain = empty($ticket->Domain) ? '' : $ticket->Domain; $newTicket->class_id = $ticket->Class; $newTicket->type_id = $ticket->Type; $newTicket->ip_contact_account_id = $account->id; $newTicket->ip_contact_reference = $ticket->CustomerCode; $newTicket->ip_contact_name = $ticket->CustomerName; $newTicket->ip_contact_email = $ticket->CustomerContact; $newTicket->ip_contact_api_host = ''; $newTicket->ip_contact_auto_notify = $ticket->AutoNotify; $newTicket->ip_contact_notified_count = $ticket->NotifiedCount; $domainContact = FindContact::undefined(); $newTicket->domain_contact_account_id = $domainContact->account_id; $newTicket->domain_contact_reference = $domainContact->reference; $newTicket->domain_contact_name = $domainContact->name; $newTicket->domain_contact_email = $domainContact->email; $newTicket->domain_contact_api_host = $domainContact->api_host; $newTicket->domain_contact_auto_notify = $domainContact->auto_notify; $newTicket->domain_contact_notified_count = 0; $newTicket->last_notify_count = $ticket->LastNotifyReportCount; $newTicket->last_notify_timestamp = $ticket->LastNotifyTimestamp; $newTicket->created_at = Carbon::createFromTimestamp($ticket->FirstSeen); $newTicket->updated_at = Carbon::parse($ticket->LastModified); if ($ticket->Status == 'CLOSED') { $newTicket->status_id = 'CLOSED'; } elseif ($ticket->Status == 'OPEN') { $newTicket->status_id = 'OPEN'; } else { $this->error('Unknown ticket status'); $this->exception(); } if ($ticket->CustomerResolved == 1) { $newTicket->contact_status_id = 'RESOLVED'; } elseif ($ticket->CustomerIgnored == 1) { $newTicket->contact_status_id = 'IGNORED'; } else { $newTicket->contact_status_id = 'OPEN'; } // Validate the model before saving $validator = Validator::make(json_decode(json_encode($newTicket), true), Ticket::createRules()); if ($validator->fails()) { $this->error('DevError: Internal validation failed when saving the Ticket object ' . implode(' ', $validator->messages()->all())); var_dump($ticket); $this->exception(); } $newTicket->save(); return $newTicket; }
/** * Execute the command. * @return array */ public function handle() { $ticketCount = 0; $eventCount = 0; $eventsIgnored = 0; foreach ($this->events as $event) { /* Here we will thru all the events and look if these is an existing ticket. We will split them up into * two seperate arrays: $eventsNew and $events$known. We can save all the known events in the DB with * a single event saving loads of queries * * IP Owner is leading, as in most cases even if the domain is moved * The server might still have a problem. Next to the fact that domains * Arent transferred to a new owner 'internally' anyways. * * So we do a lookup based on the IP same as with the 3.x engine. After * the lookup we check wither the domain contact was changed, if so we UPDATE * the ticket and put a note somewhere about it. This way the IP owner does * not get a new ticket on this matter and the new domain owner is getting updates. * * As the ASH link is based on the contact code, the old domain owner will not * have any access to the ticket anymore. */ // Start with building a classification lookup table and switch out name for ID foreach ((array) Lang::get('classifications') as $classID => $class) { if ($class['name'] == $event['class']) { $event['class'] = $classID; } } // Also build a types lookup table and switch out name for ID foreach ((array) Lang::get('types.type') as $typeID => $type) { if ($type['name'] == $event['type']) { $event['type'] = $typeID; } } // Lookup the ip contact and if needed the domain contact too $ipContact = FindContact::byIP($event['ip']); if ($event['domain'] != '') { $domainContact = FindContact::byDomain($event['domain']); } else { $domainContact = false; } /* * Search to see if there is an existing ticket for this event classification */ $search = Ticket::where('ip', '=', $event['ip'])->where('class_id', '=', $event['class'], 'AND')->where('type_id', '=', $event['type'], 'AND')->where('ip_contact_reference', '=', $ipContact->reference, 'AND')->where('status_id', '!=', 2, 'AND')->get(); if ($search->count() === 0) { /* * If there are no search results then there is no existing ticket and we should create one */ $ticketCount++; $newTicket = new Ticket(); $newTicket->ip = $event['ip']; $newTicket->domain = $event['domain']; $newTicket->class_id = $event['class']; $newTicket->type_id = $event['type']; $newTicket->ip_contact_reference = $ipContact->reference; $newTicket->ip_contact_name = $ipContact->name; $newTicket->ip_contact_email = $ipContact->email; $newTicket->ip_contact_rpchost = $ipContact->rpc_host; $newTicket->ip_contact_rpckey = $ipContact->rpc_key; $newTicket->ip_contact_auto_notify = $ipContact->auto_notify; if (!empty($event['domain']) && $domainContact !== false) { $newTicket->domain_contact_reference = $domainContact->reference; $newTicket->domain_contact_name = $domainContact->name; $newTicket->domain_contact_email = $domainContact->email; $newTicket->domain_contact_rpchost = $domainContact->rpc_host; $newTicket->domain_contact_rpckey = $domainContact->rpc_key; $newTicket->domain_contact_auto_notify = $domainContact->auto_notify; } $newTicket->status_id = 1; $newTicket->notified_count = 0; $newTicket->last_notify_count = 0; $newTicket->last_notify_timestamp = 0; $newTicket->save(); $newEvent = new Event(); $newEvent->evidence_id = $this->evidenceID; $newEvent->information = $event['information']; $newEvent->source = $event['source']; $newEvent->ticket_id = $newTicket->id; $newEvent->timestamp = $event['timestamp']; $newEvent->save(); // TODO - Call notifier action handler, type new } elseif ($search->count() === 1) { /* * There is an existing ticket, so we just need to add the event to this ticket. If the event is an * exact match we consider it a duplicate and will ignore it. */ $ticketID = $search[0]->id; if (Event::where('information', '=', $event['information'])->where('source', '=', $event['source'])->where('ticket_id', '=', $ticketID)->where('timestamp', '=', $event['timestamp'])->exists()) { $eventsIgnored++; } else { // New unique event, so we will save this $eventCount++; $newEvent = new Event(); $newEvent->evidence_id = $this->evidenceID; $newEvent->information = $event['information']; $newEvent->source = $event['source']; $newEvent->ticket_id = $ticketID; $newEvent->timestamp = $event['timestamp']; $newEvent->save(); // TODO - Update domain owner if changed based on the contactID (reference) // TODO - Call notifier action handler, type update } } else { /* * We should not never have more then two open tickets for the same case. If this happens there is a * fault in the aggregator which must be resolved first. Until then we will permfail here. */ $this->failed('Unable to link to ticket, multiple open tickets found for same event type'); } } Log::debug('(JOB ' . getmypid() . ') ' . get_class($this) . ': ' . "has completed creating {$ticketCount} new tickets, " . "linking {$eventCount} new events and ignored {$eventsIgnored} duplicates"); $this->success(''); }
/** * NIPAP implementation for ByIP method * * @param string $ip * @return Contact|bool|object */ public function getContactByIp($ip) { if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) { $netmask = 128; } elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) { $netmask = 32; } else { return false; } // Start the query for the IP and gather results $result = $this->doQuery('search_prefix', [['auth' => ['authoritative_source' => 'nipap'], 'query' => ['operator' => 'equals', 'val1' => 'prefix', 'val2' => "{$ip}/{$netmask}"], 'search_options' => ['include_all_parents' => true]]]); /* * Walk results in reverse to get the most specific match to use. (if host has no contact, then move up * every prefix until something is found. NIPAP does not inherit AVPS objects which we should ask them to do */ if (is_array($result['result'])) { $resultRev = array_reverse($result['result']); $firstContact = false; foreach ($resultRev as $key => $resultRevSet) { if (!empty($resultRevSet['avps']['AbuseIO_Name']) && !empty($resultRevSet['avps']['AbuseIO_Contact']) && !empty($resultRevSet['avps']['AbuseIO_AutoNotify']) && !empty($resultRevSet['customer_id'])) { $contact = new Contact(); if (!empty($resultRevSet['avps']['AbuseIO_AccountId'])) { $contact->account_id = $resultRevSet['avps']['AbuseIO_AccountId']; } else { $contact->account_id = 1; } $contact->reference = $resultRevSet['customer_id']; $contact->name = $resultRevSet['avps']['AbuseIO_Name']; $contact->enabled = empty($resultRevSet['avps']['AbuseIO_Disabled']) ? true : false; $contact->auto_notify = $resultRevSet['avps']['AbuseIO_AutoNotify']; $contact->email = $resultRevSet['avps']['AbuseIO_Contact']; $contact->api_host = empty($resultRevSet['avps']['AbuseIO_RPCHost']) ? false : $resultRevSet['avps']['AbuseIO_RPCHost']; $contact->api_key = empty($resultRevSet['avps']['AbuseIO_RPCKey']) ? false : $resultRevSet['avps']['AbuseIO_RPCKey']; return $contact; } /* * Save the first found customer ID in case there is no AVPS found at all */ if (!empty($resultRevSet['customer_id']) && empty($firstContact)) { $firstContact = $resultRevSet['customer_id']; } } /* * At this point we never found the required AVPS objects, but we did find a customer ID (reference) so * we can fallback to a lookup onto the byID section of FindContact. */ if (!empty($firstContact)) { $contact = FindContact::byId($firstContact); if ($contact->name !== 'UNDEF') { return $contact; } } } return false; }