12 October, 2009

Adding GeoIP to the Sguil Client

This is a post I meant to publish months ago, but for some reason slipped off my radar. I was reading the Sguil wishlist on NSMWiki and saw something that looked simple to implement. Here are a couple diffs I created after adding a menu item for GeoIP in sguil.tk and a proc for it in lib/extdata.tcl. All I did was copy the existing DShield proc and menu items, then edit as needed to change the URL and menu listings.

I think it should work and I downloaded a pristine copy of the files before running diff since I've hacked Sguil files previously, but no warranty is assumed or implied, et cetera.

Ideally, I would love to help out and tackle some of the other items on the wishlist. My time constraints make it hard, but at least I now have a Tcl book.

sguil.tk

2865a2866
> .ipQueryMenu add cascade -label "GeoIP Lookup" -menu $ipQueryMenu.geoIPMenu
2873a2875,2876
> menu $ipQueryMenu.geoIPMenu -tearoff 0 -background $SELECTBACKGROUND -foreground $SELECTFOREGROUND \
> -activeforeground $SELECTBACKGROUND -activebackground $SELECTFOREGROUND
2917a2921,2922
> $ipQueryMenu.geoIPMenu add command -label "SrcIP" -command "GetGeoIP srcip"
> $ipQueryMenu.geoIPMenu add command -label "DstIP" -command "GetGeoIP dstip"
lib/extdata.tcl
211a212,243
> proc GetGeoIP { arg } {
>
>     global DEBUG BROWSER_PATH CUR_SEL_PANE ACTIVE_EVENT MULTI_SELECT
>
>     if { $ACTIVE_EVENT && !$MULTI_SELECT} {
>
>         set selectedIndex [$CUR_SEL_PANE(name) curselection]
>
>         if { $arg == "srcip" } {
>             set ipAddr [$CUR_SEL_PANE(name) getcells $selectedIndex,srcip]
>         } else {
>             set ipAddr [$CUR_SEL_PANE(name) getcells $selectedIndex,dstip]
>         }
>
>         if {[file exists $BROWSER_PATH] && [file executable $BROWSER_PATH]} {
>
>             # Launch browser
>             exec $BROWSER_PATH http://www.geoiptool.com/?IP=$ipAddr &
>
>         } else {
>
>             tk_messageBox -type ok -icon warning -message\
>               "$BROWSER_PATH does not exist or is not executable. Please update the BROWSER_PATH variable\
>               to point your favorite browser."
>             puts "Error: $BROWSER_PATH does not exist or is not executable."
>
>         }
>
>     }
>
> }
>

Posted by Nathaniel Richmond at 02:55

Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)