17.03.2018

FastNetMon Advanced JSON notify script in Python

This script implements example notify script in Perl which implements JSON interface for FastNetMon Advanced.

NB! JSON based script uses different arguments from text based notify script. Please keep it in mind!

This script implemented in Python 2 and does not need any additional libraries.

It prints all information received from FastNetMon to log file /tmp/fastnetmon_notify_script.log:

#!/usr/bin/python

import sys
import logging
import json
import pprint

logging.basicConfig(filename='/tmp/fastnetmon_notify_script.log', format='%(asctime)s %(message)s', level=logging.DEBUG)

if len(sys.argv) != 3:
    logging.error("Please provide two arguments for script: action and IP address")
    sys.exit(1)

# Action could be: ban, unban, partial_block
action = sys.argv[1]
ip_address = sys.argv[2]

logging.info("Start for action %s and IP %s" % (action, ip_address))

# Read all data from stdin
stdin_data = sys.stdin.read()

logging.info("We got following details: " + stdin_data)

parsed_details = json.loads(stdin_data)

logging.info("Decoded details from JSON: " + pprint.pformat(parsed_details))

# You can use attack details in this form:
# logging.info("Attack direction: " + parsed_details['attack_details']['attack_direction'])

Please put it to file

/usr/local/bin/notify_json.py

And set executable bit for it:

sudo chmod +x /usr/local/bin/notify_json.py

You need to use following mode from FastNetMon to use this script properly:

sudo fcli set main notify_script_enabled enable
sudo fcli set main notify_script_format json
sudo fcli set main notify_script_path /usr/local/bin/notify_json.py
sudo fcli commit

More documentation about JSON formats you could find here