void ConvertCaptureToDump(std::string captureFolder)
{
engine = new ClassificationAggregator();
Database::Inst()->ClearAllSuspects();
if(chdir(Config::Inst()->GetPathHome().c_str()) == -1)
{
LOG(CRITICAL, "Unable to change folder to " + Config::Inst()->GetPathHome(), "");
}
string dumpFile = captureFolder + "/nova.dump";
string pcapFile = captureFolder + "/capture.pcap";
string haystackFile = captureFolder + "/haystackIps.txt";
UpdateHaystackFeatures(haystackFile);
trainingFileStream.open(dumpFile);
if(!trainingFileStream.is_open())
{
LOG(CRITICAL, "Unable to open the training capture file.", "Unable to open training capture file at: "+dumpFile);
}
FilePacketCapture capture(pcapFile);
capture.SetPacketCb(HandleTrainingPacket);
capture.Init();
capture.SetFilter(ConstructFilterString());
capture.StartCaptureBlocking();
LOG(DEBUG, "Done processing PCAP file.", "");
suspects.WriteToDatabase();
vector<Suspect> suspects = Database::Inst()->GetSuspects(SUSPECTLIST_ALL);
for (int i = 0; i < suspects.size(); i++)
{
Suspect suspectCopy = suspects[i];
//Store in training file if needed
trainingFileStream << suspectCopy.GetIpString() << " ";
suspectCopy.GetFeatureSet();
EvidenceAccumulator fs = suspectCopy.GetFeatureSet(MAIN_FEATURES);
if(fs.m_features[0] != fs.m_features[0] )
{
cout << "This can't be good..." << endl;
}
for(int j = 0; j < DIM; j++)
{
trainingFileStream << fs.m_features[j] << " ";
}
trainingFileStream << "\n";
}
trainingFileStream.close();
}
void PrintAllSuspects(enum SuspectListType listType, bool csv)
{
Connect();
vector<SuspectIdentifier> suspects = GetSuspectList(listType);
// Print the CSV header
if (csv)
{
cout << "IP,";
cout << "INTERFACE,";
for(int i = 0; i < DIM; i++)
{
cout << FeatureSet::m_featureNames[i] << ",";
}
cout << "CLASSIFICATION" << endl;
}
for(uint i = 0; i < suspects.size(); i++)
{
Suspect *suspect = GetSuspect(suspects.at(i));
if(suspect != NULL)
{
if(!csv)
{
cout << suspect->ToString() << endl;
}
else
{
cout << suspect->GetIpString() << ",";
cout << suspect->GetIdentifier().m_interface << ",";
for(int i = 0; i < DIM; i++)
{
cout << suspect->GetFeatureSet().m_features[i] << ",";
}
cout << suspect->GetClassification() << endl;
}
delete suspect;
}
else
{
cout << "Error: No suspect received" << endl;
}
}
CloseNovadConnection();
}