"""
Constants for csle collector
"""
import re
LATEST_VERSION = "latest"
INSTALL = "sudo /root/miniconda3/bin/pip install -U --no-cache-dir csle-collector "
[docs]class DICT_PROPERTIES:
"""
String constants representing dict properties
"""
RUNNING = "running"
TOPICS = "topics"
[docs]class HTTP:
"""
Constants related to HTTP
"""
HTTP_PROTOCOL_PREFIX = "http://"
LOCALHOST = "localhost"
GET = "GET"
PUT = "PUT"
POST = "POST"
DELETE = "DELETE"
APPLICATION_JSON_TYPE = "application/json"
OK_RESPONSE_CODE = 200
INTERNAL_SERVER_ERROR_RESPONSE_CODE = 500
BAD_REQUEST_RESPONSE_CODE = 400
[docs]class BEATS:
"""
Constants related to beats
"""
RELOAD_ENABLED_PROPERTY = "reload.enabled"
SETUP_TEMPLATE_SETTINGS_PROPERTY = "setup.template.settings"
INDEX_NUM_SHARDS_PROPERTY = "index.number_of_shards"
SETUP_KIBANA_PROPERTY = "setup.kibana"
HOST_PROPERTY = "host"
HOSTS_PROPERTY = "hosts"
ELASTIC_OUTPUT_PROPERTY = "output.elasticsearch"
PROCESSORS_PROPERTY = "processors"
ADD_HOST_METADATA_PROPERTY = "add_host_metadata"
WHEN_NOT_CONTAIN_TAGS_PROPERTY = "when.not.contains.tags"
FORWARDED_PROPERTY = "forwarded"
MODULE_PROPERTY = "module"
LOG_PROPERTY = "log"
SYSLOG_PROPERTY = "syslog"
AUTH_PROPERTY = "auth"
SLOWLOG_PROPERTY = "slowlog"
AUDIT_PROPERTY = "audit"
SERVER_PROPERTY = "server"
VAR_INPUT_PROPERTY = "var.input"
VAR_PATHS_PROPERTY = "var.paths"
FILE_PROPERTY = "file"
TYPE_PROPERTY = "type"
FILESTREAM_PROPERTY = "filestream"
KAFKA_PROPERTY = "kafka"
TOPICS_PROPERTY = "topics"
GROUP_ID_PROPERTY = "group_id"
ID_PROPERTY = "id"
NAME_PROPERTY = "name"
ENABLED_PROPERTY = "enabled"
PATHS_PROPERTY = "paths"
PATH_PROPERTY = "path"
PERIOD_PROPERTY = "period"
METRICSETS_PROPERTY = "metricsets"
[docs]class FILEBEAT:
"""
Constants related to Filebeat
"""
FILEBEAT_GROUP_ID = "filebeat"
CONFIG_DIR = "/etc/filebeat/"
CONFIG_FILE = "/etc/filebeat/filebeat.yml"
SETUP_CMD = "filebeat setup -e"
SNORT_MODULE = "snort"
ELASTICSEARCH_MODULE = "elasticsearch"
KIBANA_MODULE = "kibana"
SYSTEM_MODULE = "system"
KAFKA_MODULE = "kafka"
LOGSTASH_MODULE = "logstash"
ENABLE_MODULE_CMD = "filebeat modules enable {}"
MODULES_CONFIG_DIR = "/etc/filebeat/modules.d/"
SNORT_MODULE_CONFIG_FILE = "snort.yml"
LOGSTASH_MODULE_CONFIG_FILE = "logstash.yml"
KIBANA_MODULE_CONFIG_FILE = "kibana.yml"
SYSTEM_MODULE_CONFIG_FILE = "system.yml"
KAFKA_MODULE_CONFIG_FILE = "kafka.yml"
ELASTICSEARCH_MODULE_CONFIG_FILE = "elasticsearch.yml"
INPUTS_PROPERTY = "filebeat.inputs"
MODULES_PROPERTY = "filebeat.config.modules"
FILEBEAT_STATUS = "sudo service filebeat status"
FILEBEAT_START = "sudo service filebeat start"
FILEBEAT_STOP = "sudo service filebeat stop"
[docs]class PACKETBEAT:
"""
Constants related to Packetbeat
"""
CONFIG_DIR = "/etc/packetbeat/"
CONFIG_FILE = "/etc/packetbeat/packetbeat.yml"
SETUP_CMD = "packetbeat setup -e"
PACKETBEAT_STATUS = "sudo service packetbeat status"
PACKETBEAT_START = "sudo service packetbeat start"
PACKETBEAT_STOP = "sudo service packetbeat stop"
INTERFACES_TYPE_PROPERTY = "packetbeat.interfaces.type"
AF_PACKET_PROPERTY = "af_packet"
ANY_DEVICE_PROPERTY = "any"
INTERFACES_DEVICE_PROPERTY = "packetbeat.interfaces.device"
FLOWS = "packetbeat.flows"
TIMEOUT_PROPERTY = "timeout"
PROTOCOLS = "packetbeat.protocols"
ICMP_PROTOCOL = "icmp"
AMQP_PROTOCOL = "amqp"
PORTS_PROPERTY = "ports"
AMQP_PORTS = [5672]
CASSANDRA_PROTOCOL = "cassandra"
CASSANDRA_PORTS = [9042]
DHCPV4_PROTOCOL = "dhcpv4"
DHCPV4_PORTS = [67, 68]
DNS_PROTOCOL = "dns"
DNS_PORTS = [53]
HTTP_PROTOCOL = "http"
HTTP_PORTS = [80, 8080, 8000, 5000, 8002]
MEMCACHE_PROTOCOL = "memcache"
MEMCACHE_PORTS = [11211]
MYSQL_PROTOCOL = "mysql"
MYSQL_PORTS = [3306, 3307]
PGSQL_PROTOCOL = "pgsql"
PGSQL_PORTS = [5432]
REDIS_PROTOCOL = "redis"
REDIS_PORTS = [6379]
THRIFT_PROTOCOL = "thrift"
THRIFT_PORTS = [9090]
MONGODB_PROTOCOL = "mongodb"
MONGODB_PORTS = [27017]
NFS_PROTOCOL = "nfs"
NFS_PORTS = [2049]
TLS_PROTOCOL = "tls"
TLS_PORTS = [443, 993, 995, 5223, 8443, 8883, 9243]
SIP_PROTOCOL = "sip"
SIP_PORTS = [9243]
[docs]class METRICBEAT:
"""
Constants related to Metricbeat
"""
CONFIG_DIR = "/etc/metricbeat/"
CONFIG_FILE = "/etc/metricbeat/metricbeat.yml"
SETUP_CMD = "metricbeat setup -e"
ELASTICSEARCH_MODULE = "elasticsearch"
KIBANA_MODULE = "kibana"
SYSTEM_MODULE = "system"
LINUX_MODULE = "linux"
KAFKA_MODULE = "kafka"
LOGSTASH_MODULE = "logstash"
ENABLE_MODULE_CMD = "metricbeat modules enable {}"
MODULES_CONFIG_DIR = "/etc/metricbeat/modules.d/"
SNORT_MODULE_CONFIG_FILE = "snort.yml"
LOGSTASH_MODULE_CONFIG_FILE = "logstash.yml"
KIBANA_MODULE_CONFIG_FILE = "kibana.yml"
SYSTEM_MODULE_CONFIG_FILE = "system.yml"
LINUX_MODULE_CONFIG_FILE = "linux.yml"
KAFKA_MODULE_CONFIG_FILE = "kafka.yml"
ELASTICSEARCH_MODULE_CONFIG_FILE = "elasticsearch.yml"
MODULES_PROPERTY = "metricbeat.config.modules"
METRICBEAT_STATUS = "sudo service metricbeat status"
METRICBEAT_START = "sudo service metricbeat start"
METRICBEAT_STOP = "sudo service metricbeat stop"
PROCESSES_PROPERTY = "processes"
CPU_METRICS_PROPERTY = "cpu.metrics"
CORE_METRICS_PROPERTY = "core.metrics"
PERCENTAGES_PROPERTY = "percentages"
NORMALIZED_PERCENTAGES_PROPERTY = "normalized_percentages"
CPU_METRIC = "cpu"
LOAD_METRIC = "load"
MEMORY_METRIC = "memory"
NETWORK_METRIC = "network"
PROCESS_METRIC = "process"
PROCESS_SUMMARY_METRIC = "process_summary"
SOCKET_SUMMARY_METRIC = "socket_summary"
PAGEINFO_METRIC = "pageinfo"
SUMMARY_METRIC = "memory"
[docs]class HEARTBEAT:
"""
Constants related to heartbeat
"""
CONFIG_DIR = "/etc/heartbeat/"
CONFIG_FILE = "/etc/heartbeat/heartbeat.yml"
SETUP_CMD = "heartbeat setup -e"
HEARTBEAT_STATUS = "sudo service heartbeat-elastic status"
HEARTBEAT_START = "sudo service heartbeat-elastic start"
HEARTBEAT_STOP = "sudo service heartbeat-elastic stop"
SCHEDULE_PROPERTY = "schedule"
ICMP_MONITOR_TYPE = "icmp"
HEARTBEAT_MONITORS_PROPERTY = "heartbeat.monitors"
CSLE_MONITOR_SERVICE_NAME = "csle-topology-connection-service"
CSLE_MONITOR_SERVICE_ID = "csle-topology-connection-service-id"
[docs]class GRPC:
"""
Constants related to GRPC
"""
TIMEOUT_SECONDS = 60
CONFIG_TIMEOUT_SECONDS = 300
OPERATION_TIMEOUT_SECONDS = 30000
[docs]class SYSTEM:
"""
Constants related to system
"""
AUTH_LOG = "/var/log/auth.log"
SYSLOG = "/var/log/syslog"
[docs]class LOG_FILES:
"""
Constants related to the log files
"""
KAFKA_MANAGER_LOG_FILE = "kafka_manager.log"
KAFKA_MANAGER_LOG_DIR = "/"
OSSEC_IDS_MANAGER_LOG_FILE = "ossec_ids_manager.log"
OSSEC_IDS_MANAGER_LOG_DIR = "/"
SNORT_IDS_MANAGER_LOG_FILE = "snort_ids_manager.log"
SNORT_IDS_MANAGER_LOG_DIR = "/"
ELK_MANAGER_LOG_FILE = "elk_manager.log"
ELK_MANAGER_LOG_DIR = "/"
DOCKER_STATS_MANAGER_LOG_FILE = "docker_stats_manager.log"
CLUSTER_MANAGER_LOG_FILE = "cluster_manager.log"
DOCKER_STATS_MANAGER_LOG_DIR = "/var/log/csle/"
CLUSTER_MANAGER_LOG_DIR = "/var/log/csle/"
HOST_MANAGER_LOG_FILE = "host_manager.log"
HOST_MANAGER_LOG_DIR = "/"
CLIENT_MANAGER_LOG_FILE = "client_manager.log"
CLIENT_MANAGER_LOG_DIR = "/"
TRAFFIC_MANAGER_LOG_FILE = "traffic_manager.log"
TRAFFIC_MANAGER_LOG_DIR = "/"
KAFKA_LOG_FILE = "/usr/local/kafka/logs/server.log"
RYU_MANAGER_LOG_FILE = "ryu_manager.log"
RYU_MANAGER_LOG_DIR = "/"
MINBFT_MANAGER_LOG_FILE = "minbft_manager.log"
MINBFT_MANAGER_LOG_DIR = "/"
MINBFT_CLIENT_MANAGER_LOG_FILE = "minbft_manager.log"
MINBFT_CLIENT_MANAGER_LOG_DIR = "/"
DEFAULT_LOG_FILE_PATHS = ["/*.log", "/var/log/*.log", "/var/log/*/*.log", "/var/log/*/*/*.log"]
FIVE_G_CORE_MANAGER_LOG_FILE = "five_g_core_manager.log"
FIVE_G_CORE_MANAGER_LOG_DIR = "/"
FIVE_G_CU_MANAGER_LOG_FILE = "five_g_cu_manager.log"
FIVE_G_CU_MANAGER_LOG_DIR = "/"
FIVE_G_DU_MANAGER_LOG_FILE = "five_g_du_manager.log"
FIVE_G_DU_MANAGER_LOG_DIR = "/"
FIVE_G_CORE_LOG_FILE = "/var/log/open5gs/amf.log"
FIVE_G_DU_LOG_FILE = "/du.log"
FIVE_G_CU_LOG_FILE = "/cu.log"
FIVE_G_UE_LOG_FILE = "/ue.log"
[docs]class MANAGER_PORTS:
"""
Constants related to the ports of managers
"""
TRAFFIC_MANAGER_DEFAULT_PORT = 50043
CLIENT_MANAGER_DEFAULT_PORT = 50044
SDN_CONTROLLER_MANAGER_DEFAULT_PORT = 50042
HOST_MANAGER_DEFAULT_PORT = 50049
SNORT_IDS_MANAGER_DEFAULT_PORT = 50048
OSSEC_IDS_MANAGER_DEFAULT_PORT = 50047
DOCKER_STATS_MANAGER_DEFAULT_PORT = 50046
ELK_MANAGER_DEFAULT_PORT = 50045
KAFKA_MANAGER_DEFAULT_PORT = 50051
FIVE_G_CORE_MANAGER_DEFAULT_PORT = 50052
FIVE_G_CU_MANAGER_DEFAULT_PORT = 50053
FIVE_G_DU_MANAGER_DEFAULT_PORT = 50054
[docs]class GRPC_WORKERS:
"""
Constants related to the number of GRPC workers
"""
DEFAULT_MAX_NUM_WORKERS = 100
[docs]class TRAFFIC_GENERATOR:
"""
Constants related to the traffic generator
"""
START_TRAFFIC_GENERATOR_CMD = "sudo nohup /traffic_generator.sh &"
TRAFFIC_GENERATOR_FILE_NAME = "traffic_generator.sh"
CREATE_TRAFFIC_GENERATOR_FILE = "sudo touch /traffic_generator.sh"
MAKE_TRAFFIC_GENERATOR_FILE_EXECUTABLE = "sudo chmod 777 /traffic_generator.sh"
REMOVE_OLD_TRAFFIC_GENERATOR_FILE = "sudo rm -f /traffic_generator.sh"
CHECK_IF_TRAFFIC_GENERATOR_IS_RUNNING = "ps -aux | grep traffic_generator"
STOP_TRAFFIC_GENERATOR = "sudo pkill -f traffic_generator.sh"
[docs]class DOCKER_STATS:
"""
Constants related to Docker stats
"""
CPU_STATS = "cpu_stats"
CPU_USAGE = "cpu_usage"
PERCPU_USAGE = "percpu_usage"
PRECPU_STATS = "precpu_stats"
TOTAL_USAGE = "total_usage"
SYSTEM_CPU_USAGE = "system_cpu_usage"
ONLINE_CPUS = "online_cpus"
BLKIO_STATS = "blkio_stats"
IO_SERVICE_BYTES_RECURSIVE = "io_service_bytes_recursive"
OP = "op"
READ = "Read"
VALUE = "value"
WRITE = "Write"
NETWORKS = "networks"
RX_BYTES = "rx_bytes"
TX_BYTES = "tx_bytes"
MEMORY_STATS = "memory_stats"
USAGE = "usage"
LIMIT = "limit"
PIDS = "pids"
TIMESTAMP = "timestamp"
CPU_PERCENT = "cpu_percent"
MEM_CURRENT = "mem_current"
MEM_TOTAL = "mem_total"
MEM_PERCENT = "mem_percent"
BLK_READ = "blk_read"
BLK_WRITE = "blk_write"
NET_RX = "net_rx"
NET_TX = "net_tx"
PIDS_STATS = "pids_stats"
CURRENT = "current"
CONTAINER_NAME = "container_name"
CONTAINER_ID = "container_id"
CONTAINER_IP = "container_ip"
UNIX_DOCKER_SOCK_URL = "unix://var/run/docker.sock"
[docs]class OSSEC:
"""
Constants related to the OSSEC HIDS
"""
MAX_ALERTS = 10000
OSSEC_ALERTS_FILE = "/var/ossec/alerts/alerts.log"
OSSEC_LOG_FILE = "/var/ossec/logs/ossec.log"
TAIL_ALERTS_COMMAND = "sudo tail -" + str(MAX_ALERTS)
ALERTLINE_REGEX = re.compile(r"\*\* Alert (\d+.\d+)*: - (\w+.+)")
HOSTLINE_REGEX = re.compile(r"\d+ \w+ \d+ \d+:\d+:\d+ \((\w+.+)\) (\d+.\d+.\d+.\d+)")
SERVHOSTLINE_REGEX = re.compile(r"\d+ \w+ \d+ \d+:\d+:\d+ (\w+)")
RULELINE_REGEX = re.compile(r"Rule: (\d+)* \(level (\d+)\) -> '(\w+.+)'")
SRCIPLINE_REGEX = re.compile(r"Src IP: (\d+.\d+.\d+.\d+)")
USERLINE_REGEX = re.compile(r"User: (\w+)")
DATELINEREGEX = re.compile(r"\d+ \w+ \d+ \d+:\d+:\d+")
OSSEC_ALERT_RULE_ID_TO_DESCR = {}
OSSEC_ALERT_RULE_ID_TO_DESCR[0] = "Ignored - No action taken. Used to avoid false positives. " \
"These rules are scanned before all the others. " \
"They include events with no security relevance."
OSSEC_ALERT_RULE_ID_TO_DESCR[1] = "None"
OSSEC_ALERT_RULE_ID_TO_DESCR[2] = "System low priority notification - System notification or status messages. " \
"They have no security relevance."
OSSEC_ALERT_RULE_ID_TO_DESCR[3] = "Successful/Authorized events - They include successful login attempts, " \
"firewall allow events, etc."
OSSEC_ALERT_RULE_ID_TO_DESCR[4] = "System low priority error - Errors related to bad configurations or " \
"unused devices/applications. They have no security relevance and are usually " \
"caused by default installations or software testing."
OSSEC_ALERT_RULE_ID_TO_DESCR[5] = "User generated error - They include missed passwords, denied actions, etc. " \
"By itself they have no security relevance."
OSSEC_ALERT_RULE_ID_TO_DESCR[6] = "Low relevance attack - They indicate a worm or a virus that have no affect to " \
"the system (like code red for apache servers, etc). " \
"They also include frequently IDS events and frequently errors."
OSSEC_ALERT_RULE_ID_TO_DESCR[7] = "'Bad word' matching. They include words like 'bad', " \
"'error', etc. These events " \
"are most of the time unclassified and may have some security relevance."
OSSEC_ALERT_RULE_ID_TO_DESCR[8] = "First time seen - Include first time seen events. First time an IDS event is " \
"fired or the first time an user logged in. If you just started using OSSEC " \
"HIDS these messages will probably be frequently. After a while they should " \
"go away, It also includes security relevant actions " \
"(like the starting of a sniffer or something like that)."
OSSEC_ALERT_RULE_ID_TO_DESCR[9] = "Error from invalid source - Include attempts to login as an unknown user or " \
"from an invalid source. May have security relevance (specially if repeated). " \
"They also include errors regarding the “admin” (root) account."
OSSEC_ALERT_RULE_ID_TO_DESCR[10] = "Multiple user generated errors - They include multiple bad passwords, " \
"multiple failed logins, etc. " \
"They may indicate an attack or may just be that a user " \
"just forgot his credentials."
OSSEC_ALERT_RULE_ID_TO_DESCR[11] = "Integrity checking warning - They include messages regarding the " \
"modification of binaries or the presence of rootkits (by rootcheck). " \
"If you just modified your system configuration you should be fine " \
"regarding the “syscheck” messages. " \
"They may indicate a successful attack. Also included IDS events that " \
"will be ignored (high number of repetitions)."
OSSEC_ALERT_RULE_ID_TO_DESCR[12] = "High importancy event - They include error or warning messages from the " \
"system, kernel, etc. They may indicate an attack against a " \
"specific application."
OSSEC_ALERT_RULE_ID_TO_DESCR[13] = "Unusual error (high importance) - Most of the times it matches a " \
"common attack pattern."
OSSEC_ALERT_RULE_ID_TO_DESCR[14] = "High importance security event. Most of the times done with correlation and " \
"it indicates an attack."
OSSEC_ALERT_RULE_ID_TO_DESCR[15] = "Severe attack - No chances of false positives. Immediate attention " \
"is necessary."
OSSEC_IDS_ALERT_GROUP_ID = {}
OSSEC_IDS_ALERT_GROUP_ID["invalid_login"] = 0
OSSEC_IDS_ALERT_GROUP_ID["authentication_success"] = 1
OSSEC_IDS_ALERT_GROUP_ID["authentication_failed"] = 2
OSSEC_IDS_ALERT_GROUP_ID["connection_attempt"] = 3
OSSEC_IDS_ALERT_GROUP_ID["attacks"] = 4
OSSEC_IDS_ALERT_GROUP_ID["adduser"] = 5
OSSEC_IDS_ALERT_GROUP_ID["sshd"] = 6
OSSEC_IDS_ALERT_GROUP_ID["ids"] = 7
OSSEC_IDS_ALERT_GROUP_ID["firewall"] = 8
OSSEC_IDS_ALERT_GROUP_ID["squid"] = 9
OSSEC_IDS_ALERT_GROUP_ID["apache"] = 10
OSSEC_IDS_ALERT_GROUP_ID["syslog"] = 11
OSSEC_SEVERE_ALERT_LEVEL_THRESHOLD = 10
STOP_OSSEC_IDS = "/var/ossec/bin/ossec-control stop"
START_OSSEC_IDS = "/var/ossec/bin/ossec-control start"
CHECK_IF_OSSEC_IS_RUNNING_CMD = "service ossec status"
OSSEC_RUNNING_SEARCH = "ossec-execd is running"
[docs]class SNORT_IDS_ROUTER:
"""
Constants related to the Snort IDS
"""
MAX_ALERTS = 10000
UPDATE_RULESET = "/pulledpork/pulledpork.pl -c /pulledpork/etc/pulledpork.conf -l -P -E -H SIGHUP"
SNORT_FAST_LOG_FILE = "/var/snort/fast.log"
SNORT_ALERTS_FILE = "/var/snort/alert.csv"
SNORT_STATS_FILE = "/var/snort/snort.stats"
TAIL_ALERTS_COMMAND = "sudo tail -" + str(MAX_ALERTS)
TAIL_FAST_LOG_COMMAND = "sudo tail -" + str(str(MAX_ALERTS))
TAIL_ALERTS_LATEST_COMMAND = "sudo tail -1"
PRIORITY_REGEX = re.compile(r"Priority: \d")
IPS_REGEX = re.compile(r"\d{1,3}.\d{1,3}\.\d{1,3}\.\d{1,3} -> \d{1,3}.\d{1,3}\.\d{1,3}\.\d{1,3}")
RULE_ID_REGEX = re.compile(r"\[\d{1,3}\:\d{1,3}")
CLASSIFICATION_REGEX = re.compile(r"(?<=Classification: )(.*?)(?=])")
SNORT_SEVERE_ALERT_PRIORITY_THRESHOLD = 2
SNORT_ALERT_IDS_ID = {}
SNORT_ALERT_IDS_ID["tcp-connection"] = 0
SNORT_ALERT_IDS_ID["A TCP connection was detected"] = 0
SNORT_ALERT_IDS_ID["unknown"] = 1
SNORT_ALERT_IDS_ID["Unknown Traffic"] = 1
SNORT_ALERT_IDS_ID["string-detect"] = 2
SNORT_ALERT_IDS_ID["A suspicious string was detected"] = 2
SNORT_ALERT_IDS_ID["protocol-command-decode"] = 3
SNORT_ALERT_IDS_ID["Generic Protocol Command Decode"] = 3
SNORT_ALERT_IDS_ID["not-suspicious"] = 4
SNORT_ALERT_IDS_ID["Not Suspicious Traffic"] = 4
SNORT_ALERT_IDS_ID["network-scan"] = 5
SNORT_ALERT_IDS_ID["Detection of a Network Scan"] = 5
SNORT_ALERT_IDS_ID["misc-activity"] = 6
SNORT_ALERT_IDS_ID["Misc activity"] = 6
SNORT_ALERT_IDS_ID["icmp-event"] = 7
SNORT_ALERT_IDS_ID["Generic ICMP event"] = 7
SNORT_ALERT_IDS_ID["web-application-activity"] = 8
SNORT_ALERT_IDS_ID["Access to a potentially vulnerable web application"] = 8
SNORT_ALERT_IDS_ID["unusual-client-port-connection"] = 9
SNORT_ALERT_IDS_ID["A client was using an unusual port"] = 9
SNORT_ALERT_IDS_ID["system-call-detect"] = 10
SNORT_ALERT_IDS_ID["A system call was detected"] = 10
SNORT_ALERT_IDS_ID["suspicious-login"] = 11
SNORT_ALERT_IDS_ID["An attempted login using a suspicious username was detected"] = 11
SNORT_ALERT_IDS_ID["suspicious-filename-detect"] = 12
SNORT_ALERT_IDS_ID["A suspicious filename was detected"] = 12
SNORT_ALERT_IDS_ID["successful-recon-limited"] = 13
SNORT_ALERT_IDS_ID["Information Leak"] = 13
SNORT_ALERT_IDS_ID["successful-recon-largescale"] = 14
SNORT_ALERT_IDS_ID["Large Scale Information Leak"] = 14
SNORT_ALERT_IDS_ID["successful-dos"] = 15
SNORT_ALERT_IDS_ID["Denial of Service"] = 15
SNORT_ALERT_IDS_ID["rpc-portmap-decode"] = 16
SNORT_ALERT_IDS_ID["Decode of an RPC Query"] = 16
SNORT_ALERT_IDS_ID["non-standard-protocol"] = 17
SNORT_ALERT_IDS_ID["Detection of a non-standard protocol or event"] = 17
SNORT_ALERT_IDS_ID["misc-attack"] = 18
SNORT_ALERT_IDS_ID["Misc Attack"] = 18
SNORT_ALERT_IDS_ID["denial-of-service"] = 19
SNORT_ALERT_IDS_ID["Detection of a Denial of Service Attack"] = 19
SNORT_ALERT_IDS_ID["default-login-attempt"] = 20
SNORT_ALERT_IDS_ID["Attempt to login by a default username and password"] = 20
SNORT_ALERT_IDS_ID["bad-unknown"] = 21
SNORT_ALERT_IDS_ID["Potentially Bad Traffic"] = 21
SNORT_ALERT_IDS_ID["attempted-recon"] = 22
SNORT_ALERT_IDS_ID["Attempted Information Leak"] = 22
SNORT_ALERT_IDS_ID["attempted-dos"] = 23
SNORT_ALERT_IDS_ID["Attempted Denial of Service"] = 23
SNORT_ALERT_IDS_ID["web-application-attack"] = 24
SNORT_ALERT_IDS_ID["Web Application Attack"] = 24
SNORT_ALERT_IDS_ID["unsuccessful-user"] = 25
SNORT_ALERT_IDS_ID["Unsuccessful User Privilege Gain"] = 25
SNORT_ALERT_IDS_ID["trojan-activity"] = 26
SNORT_ALERT_IDS_ID["A Network Trojan was detected"] = 26
SNORT_ALERT_IDS_ID["successful-user"] = 27
SNORT_ALERT_IDS_ID["Successful User Privilege Gain"] = 27
SNORT_ALERT_IDS_ID["successful-admin"] = 28
SNORT_ALERT_IDS_ID["Successful Administrator Privilege Gain"] = 28
SNORT_ALERT_IDS_ID["shellcode-detect"] = 29
SNORT_ALERT_IDS_ID["Executable code was detected"] = 29
SNORT_ALERT_IDS_ID["policy-violation"] = 30
SNORT_ALERT_IDS_ID["Potential Corporate Privacy Violation"] = 30
SNORT_ALERT_IDS_ID["inappropriate-content"] = 31
SNORT_ALERT_IDS_ID["Inappropriate Content was Detected"] = 31
SNORT_ALERT_IDS_ID["attempted-user"] = 32
SNORT_ALERT_IDS_ID["Attempted User Privilege Gain"] = 32
SNORT_ALERT_IDS_ID["attempted-admin"] = 33
SNORT_ALERT_IDS_ID["Attempted Administrator Privilege Gain"] = 33
STOP_SNORT_IDS = "kill -9 $(pgrep snort)"
START_SNORT_IDS = "sudo snort -D -q -c /etc/snort/snort.conf -i {}:{} -l " \
"/var/snort/ -h {} -Q -I --create-pidfile"
SNORT_LOG_DIR_PERMISSION_CMD = "sudo chmod -R 777 /var/snort"
CHECK_IF_SNORT_IS_RUNNING_CMD = "ps -aux | grep snort.conf"
PS_AUX_CMD = "ps -aux"
GREP_SNORT_CONF = "grep snort.conf"
SEARCH_SNORT_RUNNING = "/etc/snort/snort.conf"
[docs]class HOST_METRICS:
"""
Constants related to the defender's sensor commands
"""
LIST_LOGGED_IN_USERS_CMD = "users"
LIST_OPEN_CONNECTIONS_CMD = "netstat -n"
LIST_USER_ACCOUNTS = "cat /etc/passwd"
LIST_FAILED_LOGIN_ATTEMPTS = "sudo tail -10000 /var/log/auth.log"
LIST_SUCCESSFUL_LOGIN_ATTEMPTS = "last"
LIST_NUMBER_OF_PROCESSES = "ps -e | wc -l"
[docs]class EXTERNAL_NETWORK:
"""
Constants related to the external network
"""
NETWORK_ID_THIRD_OCTET = 1
[docs]class ELK_CONFIG:
"""
Constants related to the ELK container configuration
"""
NETWORK_ID_THIRD_OCTET = 253
NETWORK_ID_FOURTH_OCTET = 252
SUFFIX = "_1"
[docs]class KAFKA_CONFIG:
"""
Constants related to the kafka container configuration
"""
DEFAULT_NUM_PARTITIONS = 1
DEFAULT_NUM_REPLICAS = 1
DEFAULT_RETENTION_TIME_HOURS = 240
NETWORK_ID_THIRD_OCTET = 253
NETWORK_ID_FOURTH_OCTET = 253
SUFFIX = "_1"
CLIENT_POPULATION_TOPIC_NAME = "client_population"
SNORT_IDS_LOG_TOPIC_NAME = "snort_ids_log"
SNORT_IDS_RULE_LOG_TOPIC_NAME = "snort_ids_rule_log"
SNORT_IDS_IP_LOG_TOPIC_NAME = "snort_ids_ip_log"
OSSEC_IDS_LOG_TOPIC_NAME = "ossec_ids_log"
HOST_METRICS_TOPIC_NAME = "host_metrics"
FIVE_G_CORE_AMF_METRICS_TOPIC_NAME = "five_g_core_amf_metrics"
FIVE_G_CORE_UPF_METRICS_TOPIC_NAME = "five_g_core_upf_metrics"
FIVE_G_CORE_MME_METRICS_TOPIC_NAME = "five_g_core_mme_metrics"
FIVE_G_CORE_SMF_METRICS_TOPIC_NAME = "five_g_core_smf_metrics"
FIVE_G_CORE_HSS_METRICS_TOPIC_NAME = "five_g_core_hss_metrics"
FIVE_G_CORE_PCRF_METRICS_TOPIC_NAME = "five_g_core_pcrf_metrics"
FIVE_G_CORE_PCF_METRICS_TOPIC_NAME = "five_g_core_pcf_metrics"
FIVE_G_DU_METRICS_TOPIC_NAME = "five_g_du_metrics"
FIVE_G_DU_CELL_METRICS_TOPIC_NAME = "five_g_du_cell_metrics"
FIVE_G_DU_LOW_METRICS_TOPIC_NAME = "five_g_du_low_metrics"
FIVE_G_DU_RLC_METRICS_TOPIC_NAME = "five_g_du_rlc_metrics"
FIVE_G_DU_APP_RESOURCE_USAGE_METRICS_TOPIC_NAME = "five_g_du_app_resource_usage_metrics"
FIVE_G_DU_BUFFER_POOL_METRICS_TOPIC_NAME = "five_g_du_buffer_pool_metrics"
FIVE_G_CU_CP_METRICS_TOPIC_NAME = "five_g_cu_cp_metrics"
FIVE_G_CU_APP_RESOURCE_USAGE_METRICS_TOPIC_NAME = "five_g_cu_app_resource_usage_metrics"
FIVE_G_CU_BUFFER_POOL_METRICS_TOPIC_NAME = "five_g_cu_buffer_pool_metrics"
DOCKER_STATS_TOPIC_NAME = "docker_stats"
DOCKER_HOST_STATS_TOPIC_NAME = "docker_host_stats"
OPENFLOW_FLOW_STATS_TOPIC_NAME = "openflow_flow_stats"
OPENFLOW_PORT_STATS_TOPIC_NAME = "openflow_port_stats"
OPENFLOW_AGG_FLOW_STATS_TOPIC_NAME = "openflow_flow_agg_stats"
AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_NAME = "avg_openflow_flow_stats_per_switch"
AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_NAME = "avg_openflow_port_stats_per_switch"
ATTACKER_ACTIONS_TOPIC_NAME = "attacker_actions"
DEFENDER_ACTIONS_TOPIC_NAME = "defender_actions"
CLIENT_POPULATION_TOPIC_ATTRIBUTES = ["timestamp", "ip", "num_clients", "rate"]
SNORT_IDS_LOG_TOPIC_ATTRIBUTES = ["timestamp", "ip", "attempted-admin", "attempted-user",
"inappropriate-content", "policy-violation", "shellcode-detect",
"successful-admin", "successful-user", "trojan-activity", "unsuccessful-user",
"web-application-attack", "attempted-dos", "attempted-recon", "bad-unknown",
"default-login-attempt", "denial-of-service", "misc-attack",
"non-standard-protocol", "rpc-portmap-decode", "successful-dos",
"successful-recon-largescale", "successful-recon-limited",
"suspicious-filename-detect", "suspicious-login", "system-call-detect",
"unusual-client-port-connection", "web-application-activity", "icmp-event",
"misc-activity", "network-scan", "not-suspicious", "protocol-command-decode",
"string-detect", "unknown", "tcp-connection", "priority_1", "priority_2",
"priority_3", "priority_4", "alerts_weighted_by_priority", "total_alerts",
"severe_alerts", "warning_alerts"]
OSSEC_IDS_LOG_TOPIC_ATTRIBUTES = ["timestamp", "ip", "total_alerts", "warning_alerts", "severe_alerts",
"alerts_weighted_by_level", "level_0_alerts", "level_1_alerts",
"level_2_alerts", "level_3_alerts", "level_4_alerts", "level_5_alerts",
"level_6_alerts", "level_7_alerts", "level_8_alerts", "level_9_alerts",
"level_10_alerts", "level_11_alerts", "level_12_alerts", "level_13_alerts",
"level_14_alerts", "level_15_alerts", "invalid_login_alerts",
"authentication_success_alerts", "authentication_failed_alerts",
"connection_attempt_alerts", "attacks_alerts", "adduser_alerts", "sshd_alerts",
"ids_alerts", "firewall_alerts", "squid_alerts",
"apache_alerts", "syslog_alerts"]
SNORT_IDS_RULE_LOG_ATTRIBUTES = ["timestamp", "ip", "alert_rule_id", "num_alerts"]
SNORT_IDS_IP_LOG_ATTRIBUTES = ["timestamp", "ip", "alert_ip", "attempted-admin", "attempted-user",
"inappropriate-content", "policy-violation", "shellcode-detect",
"successful-admin", "successful-user", "trojan-activity", "unsuccessful-user",
"web-application-attack", "attempted-dos", "attempted-recon", "bad-unknown",
"default-login-attempt", "denial-of-service", "misc-attack",
"non-standard-protocol", "rpc-portmap-decode", "successful-dos",
"successful-recon-largescale", "successful-recon-limited",
"suspicious-filename-detect", "suspicious-login", "system-call-detect",
"unusual-client-port-connection", "web-application-activity", "icmp-event",
"misc-activity", "network-scan", "not-suspicious", "protocol-command-decode",
"string-detect", "unknown", "tcp-connection", "priority_1", "priority_2",
"priority_3", "priority_4", "alerts_weighted_by_priority", "total_alerts",
"severe_alerts", "warning_alerts"]
HOST_METRICS_TOPIC_ATTRIBUTES = ["timestamp", "ip", "num_logged_in_users", "num_failed_login_attempts",
"num_open_connections", "num_login_events", "num_processes", "num_users"]
DOCKER_STATS_TOPIC_ATTRIBUTES = ["timestamp", "ip", "cpu_percent", "mem_current", "mem_total",
"mem_percent", "blk_read", "blk_write", "net_rc", "net_tx", "pids"]
ATTACKER_ACTIONS_ATTRIBUTES = ["timestamp", "id", "description", "index", "name", "time", "ip", "cmd"]
DEFENDER_ACTIONS_ATTRIBUTES = ["timestamp", "id", "description", "index", "name", "time", "ip", "cmd"]
OPENFLOW_FLOW_STATS_TOPIC_ATTRIBUTES = ["timestamp", "datapath_id", "in_port", "out_port", "dst_mac_address",
"num_packets", "num_bytes", "duration_nanoseconds",
"duration_seconds", "hard_timeout", "idle_timeout", "priority",
"cookie"]
OPENFLOW_PORT_STATS_TOPIC_ATTRIBUTES = ["timestamp", "datapath_id", "port", "num_received_packets",
"num_received_bytes", "num_received_errors", "num_transmitted_packets",
"num_transmitted_bytes", "num_transmitted_errors", "num_received_dropped",
"num_transmitted_dropped", "num_received_frame_errors",
"num_received_overrun_errors", "num_received_crc_errors", "num_collisions",
"duration_nanoseconds", "duration_seconds"]
OPENFLOW_AGG_FLOW_STATS_TOPIC_ATTRIBUTES = ["timestamp", "datapath_id", "total_num_packets", "total_num_bytes",
"total_num_flows"]
AVERAGE_OPENFLOW_FLOW_STATS_PER_SWITCH_TOPIC_ATTRIBUTES = [
"timestamp", "datapath_id", "total_num_packets", "total_num_bytes", "avg_duration_nanoseconds",
"avg_duration_seconds", "avg_hard_timeout", "avg_idle_timeout", "avg_priority", "avg_cookie"]
AVERAGE_OPENFLOW_PORT_STATS_PER_SWITCH_TOPIC_ATTRIBUTES = [
"timestamp", "datapath_id", "total_num_received_packets", "total_num_received_bytes",
"total_num_received_errors", "total_num_transmitted_packets", "total_num_transmitted_bytes",
"total_num_transmitted_errors", "total_num_received_dropped", "total_num_transmitted_dropped",
"total_num_received_frame_errors", "total_num_received_overrun_errors",
"total_num_received_crc_errors", "total_num_collisions", "avg_duration_nanoseconds", "avg_duration_seconds"]
FIVE_G_CORE_AMF_TOPIC_ATTRIBUTES = ["timestamp", "ip",
"fivegs_amffunction_mm_confupdate", "fivegs_amffunction_rm_reginitreq",
"fivegs_amffunction_rm_regemergreq", "fivegs_amffunction_mm_paging5greq",
"fivegs_amffunction_rm_regperiodreq", "fivegs_amffunction_mm_confupdatesucc",
"fivegs_amffunction_rm_reginitsucc", "fivegs_amffunction_amf_authreject",
"fivegs_amffunction_rm_regmobreq", "amf_session",
"fivegs_amffunction_rm_regmobsucc", "fivegs_amffunction_amf_authreq",
"fivegs_amffunction_rm_regemergsucc", "fivegs_amffunction_mm_paging5gsucc",
"ran_ue", "fivegs_amffunction_rm_regperiodsucc",
"process_max_fds", "process_virtual_memory_max_bytes",
"process_cpu_seconds_total", "process_virtual_memory_bytes",
"process_start_time_seconds",
"process_start_time_seconds", "process_open_fds"]
FIVE_G_CORE_UPF_TOPIC_ATTRIBUTES = ["timestamp", "ip",
"fivegs_ep_n3_gtp_indatapktn3upf", "fivegs_ep_n3_gtp_outdatapktn3upf",
"fivegs_upffunction_sm_n4sessionestabreq",
"fivegs_upffunction_sm_n4sessionreport",
"fivegs_upffunction_sm_n4sessionreportsucc",
"fivegs_upffunction_upf_sessionnbr",
"pfcp_peers_active", "process_max_fds", "process_virtual_memory_max_bytes",
"process_cpu_seconds_total", "process_virtual_memory_bytes",
"process_resident_memory_bytes", "process_start_time_seconds",
"process_open_fds"]
FIVE_G_CORE_MME_TOPIC_ATTRIBUTES = ["timestamp", "ip",
"enb_ue", "mme_session", "enb", "process_max_fds",
"process_virtual_memory_max_bytes", "process_cpu_seconds_total",
"process_virtual_memory_bytes", "process_resident_memory_bytes",
"process_start_time_seconds", "process_open_fds"]
FIVE_G_CORE_SMF_TOPIC_ATTRIBUTES = [
"timestamp",
"ip",
"gn_rx_createpdpcontextreq",
"gn_rx_deletepdpcontextreq",
"gtp1_pdpctxs_active",
"pfcp_peers_active",
"fivegs_smffunction_sm_n4sessionreport",
"ues_active",
"gtp2_sessions_active",
"pfcp_sessions_active",
"s5c_rx_createsession",
"s5c_rx_deletesession",
"gtp_new_node_failed",
"s5c_rx_parse_failed",
"fivegs_smffunction_sm_n4sessionreportsucc",
"fivegs_smffunction_sm_n4sessionestabreq",
"bearers_active",
"gn_rx_parse_failed",
"gtp_peers_active",
"fivegs_smffunction_sm_sessionnbr",
"fivegs_smffunction_sm_pdusessioncreationreq",
"fivegs_smffunction_sm_pdusessioncreationsucc",
"fivegs_smffunction_sm_qos_flow_nbr",
"fivegs_smffunction_sm_n4sessionestabfail",
"fivegs_smffunction_sm_pdusessioncreationfail",
"process_max_fds",
"process_virtual_memory_max_bytes",
"process_cpu_seconds_total",
"process_virtual_memory_bytes",
"process_resident_memory_bytes",
"process_start_time_seconds",
"process_open_fds"
]
FIVE_G_CORE_HSS_TOPIC_ATTRIBUTES = [
"timestamp",
"ip",
"cx_rx_lir",
"cx_rx_uar",
"cx_tx_lia",
"cx_rx_unknown",
"cx_rx_sar",
"s6a_rx_pur",
"swx_rx_mar_error",
"cx_tx_uaa",
"s6a_rx_pur_error",
"s6a_tx_clr",
"cx_tx_saa",
"cx_rx_lir_error",
"s6a_rx_ulr",
"s6a_rx_cla",
"s6a_rx_cla_error",
"s6a_rx_air",
"cx_rx_mar",
"swx_rx_sar",
"s6a_rx_air_error",
"s6a_rx_ida_error",
"cx_tx_maa",
"swx_rx_mar",
"s6a_rx_unknown",
"s6a_tx_pua",
"swx_rx_unknown",
"cx_rx_mar_error",
"cx_rx_uar_error",
"s6a_tx_ula",
"s6a_rx_ulr_error",
"s6a_tx_aia",
"s6a_tx_idr",
"s6a_rx_ida",
"cx_rx_sar_error",
"swx_rx_sar_error",
"swx_tx_maa",
"swx_tx_saa",
"hss_imsi",
"hss_impi",
"hss_impu",
"process_max_fds",
"process_virtual_memory_max_bytes",
"process_cpu_seconds_total",
"process_virtual_memory_bytes",
"process_resident_memory_bytes",
"process_start_time_seconds",
"process_open_fds"
]
FIVE_G_CORE_PCRF_TOPIC_ATTRIBUTES = [
"timestamp",
"ip",
"gx_rx_unknown",
"gx_rx_ccr",
"gx_rx_ccr_error",
"gx_rx_raa",
"gx_tx_cca",
"gx_tx_rar",
"gx_tx_rar_error",
"rx_rx_unknown",
"rx_rx_aar",
"rx_rx_aar_error",
"rx_rx_asa",
"rx_rx_asa_error",
"rx_rx_str_error",
"rx_tx_aaa",
"rx_tx_sar",
"rx_tx_sta",
"process_max_fds",
"process_virtual_memory_max_bytes",
"process_cpu_seconds_total",
"process_virtual_memory_bytes",
"process_resident_memory_bytes",
"process_start_time_seconds",
"process_open_fds"
]
FIVE_G_CORE_PCF_TOPIC_ATTRIBUTES = [
"timestamp",
"ip",
"fivegs_pcffunction_pa_policyamassoreq",
"fivegs_pcffunction_pa_policyamassosucc",
"fivegs_pcffunction_pa_policysmassoreq",
"fivegs_pcffunction_pa_policysmassosucc",
"fivegs_pcffunction_pa_sessionnbr",
"process_max_fds",
"process_virtual_memory_max_bytes",
"process_cpu_seconds_total",
"process_virtual_memory_bytes",
"process_resident_memory_bytes",
"process_start_time_seconds",
"process_open_fds"
]
FIVE_G_DU_TOPIC_ATTRIBUTES = ["timestamp", "ip", "pci", "average_latency_us", "cpu_usage_percent", "max_latency_us",
"min_latency_us"]
FIVE_G_DU_CELL_TOPIC_ATTRIBUTES = ["timestamp", "ip", "pci", "average_latency",
"max_latency", "pucch_tot_rb_usage_avg", "active_ues",
"dl_brate", "ul_brate", "dl_mcs", "ul_mcs",
"pusch_snr_db", "pucch_snr_db", "cqi", "dl_bler",
"ul_bler"]
FIVE_G_DU_LOW_TOPIC_ATTRIBUTES = ["timestamp", "ip", "dl_avg_latency_us",
"dl_cpu_usage_percent", "dl_max_latency_us",
"dl_fec_tput_mbps", "ul_avg_latency_us",
"ul_cpu_usage_percent", "ul_max_latency_us",
"ul_sinr_db", "ul_ch_est_latency_us",
"ul_ldpc_dec_latency_us", "ul_fec_tput_mbps"]
FIVE_G_DU_RLC_TOPIC_ATTRIBUTES = ["timestamp", "ip", "ue_id", "drb_id", "rx_num_pdus",
"rx_num_bytes", "rx_num_lost_pdus",
"rx_num_malformed_pdus", "tx_num_sdus", "tx_num_bytes",
"tx_num_dropped_sdus", "tx_num_discarded_sdus",
"tx_max_pdu_latency_ns", "tx_sum_pdu_latency_ns",
"tx_sum_sdu_latency_us"]
FIVE_G_DU_APP_RESOURCE_TOPIC_ATTRIBUTES = ["timestamp", "ip", "cpu_usage_percent",
"memory_usage_mb", "power_consumption_watts"]
FIVE_G_DU_BUFFER_POOL_TOPIC_ATTRIBUTES = ["timestamp", "ip", "central_cache_size"]
FIVE_G_CU_CP_TOPIC_ATTRIBUTES = ["timestamp", "ip", "cu_cp_id", "amf_connected",
"nof_cn_initiated_paging_requests",
"nof_pdu_sessions_requested_to_setup",
"nof_pdu_sessions_successfully_setup",
"nof_pdu_sessions_failed_to_setup_total",
"nof_handover_preparations_requested",
"nof_successful_handover_preparations",
"rrc_establishments_attempted_total",
"rrc_establishments_successful_total",
"rrc_establishments_attempted_mo_data",
"rrc_establishments_successful_mo_data",
"rrc_establishments_attempted_mo_sig",
"rrc_establishments_successful_mo_sig",
"max_nof_rrc_connections",
"mean_nof_rrc_connections",
"rrc_reestablishments_attempted",
"rrc_reestablishments_successful",
"nof_handover_executions_requested",
"nof_successful_handover_executions"]
FIVE_G_CU_APP_RESOURCE_TOPIC_ATTRIBUTES = ["timestamp", "ip", "cpu_usage_percent",
"memory_usage_mb", "power_consumption_watts"]
FIVE_G_CU_BUFFER_POOL_TOPIC_ATTRIBUTES = ["timestamp", "ip", "central_cache_size"]
SNORT_IDS_ALERTS_LABELS = [
"total_alerts", "warning_alerts", "severe_alerts", "alerts_weighted_by_priority",
"priority_1_alerts", "priority_2_alerts",
"priority_3_alerts", "priority_4_alerts", "attempted-admin_alerts",
"attempted-user_alerts", "inappropriate-content_alerts", "policy-violation_alerts",
"shellcode-detect_alerts", "successful-admin_alerts",
"successful-user_alerts", "trojan-activity_alerts", "unsuccessful-user_alerts",
"web-application-attack_alerts",
"attempted-dos_alerts", "attempted-recon_alerts", "bad-unknown_alerts",
"default-login-attempt_alerts",
"denial-of-service_alerts", "misc-attack_alerts", "non-standard-protocol_alerts",
"rpc-portmap-decode_alerts",
"successful-dos_alerts", "successful-recon-largescale_alerts", "successful-recon-limited_alerts",
"suspicious-filename-detect_alerts", "suspicious-login_alerts", "system-call-detect_alerts",
"unusual-client-port-connection_alerts", "web-application-activity_alerts", "icmp-event_alerts",
"misc-activity_alerts", "network-scan_alerts", "not-suspicious_alerts", "protocol-command-decode_alerts",
"string-detect_alerts", "unknown_alerts", "tcp-connection_alerts"
]
OSSEC_IDS_ALERTS_LABELS = [
"total_alerts", "warning_alerts", "severe_alerts", "alerts_weighted_by_level",
"level_0_alerts", "level_1_alerts",
"level_2_alerts", "level_3_alerts", "level_4_alerts", "level_5_alerts", "level_6_alerts", "level_7_alerts",
"level_8_alerts", "level_9_alerts", "level_10_alerts", "level_11_alerts", "level_12_alerts",
"level_13_alerts", "level_14_alerts", "level_15_alerts",
"invalid_login_alerts", "authentication_success_alerts", "authentication_failed_alerts",
"connection_attempt_alerts", "attacks_alerts", "adduser_alerts", "sshd_alerts", "ids_alerts",
"firewall_alerts", "squid_alerts", "apache_alerts", "syslog_alerts"
]
HOST_METRICS_LABELS = [
"num_logged_in_users", "severe_alerts", "warning_alerts",
"num_failed_login_attempts", "num_open_connections", "num_login_events",
"num_processes", "num_users"
]
DOCKER_STATS_COUNTER_LABELS = [
"pids", "cpu_percent", "mem_current", "mem_total",
"mem_percent", "blk_read", "blk_write", "net_rx", "net_tx"
]
DOCKER_STATS_PERCENT_LABELS = [
"cpu_percent", "cpu_percent"
]
CLIENT_POPULATION_METRIC_LABELS = ["num_clients", "rate", "service_time"]
ALL_DELTA_AGG_LABELS = (SNORT_IDS_ALERTS_LABELS + HOST_METRICS_LABELS + DOCKER_STATS_COUNTER_LABELS +
DOCKER_STATS_PERCENT_LABELS + CLIENT_POPULATION_METRIC_LABELS + OSSEC_IDS_ALERTS_LABELS)
ALL_DELTA_MACHINE_LABELS = (SNORT_IDS_ALERTS_LABELS + HOST_METRICS_LABELS + DOCKER_STATS_COUNTER_LABELS +
DOCKER_STATS_PERCENT_LABELS + OSSEC_IDS_ALERTS_LABELS)
ALL_INITIAL_AGG_LABELS = (HOST_METRICS_LABELS + DOCKER_STATS_COUNTER_LABELS + DOCKER_STATS_PERCENT_LABELS +
CLIENT_POPULATION_METRIC_LABELS + SNORT_IDS_ALERTS_LABELS + OSSEC_IDS_ALERTS_LABELS)
ALL_INITIAL_MACHINE_LABELS = (HOST_METRICS_LABELS + DOCKER_STATS_COUNTER_LABELS + DOCKER_STATS_PERCENT_LABELS +
SNORT_IDS_ALERTS_LABELS + OSSEC_IDS_ALERTS_LABELS)
[docs]class KAFKA:
"""
String constants for managing Kafka
"""
KAFKA_STATUS = "service kafka status"
KAFKA_STOP = "service kafka stop"
KAFKA_START = "service kafka start"
RETENTION_MS_CONFIG_PROPERTY = "retention.ms"
BOOTSTRAP_SERVERS_PROPERTY = "bootstrap.servers"
CLIENT_ID_PROPERTY = "client.id"
GROUP_ID_PROPERTY = "group.id"
AUTO_OFFSET_RESET_PROPERTY = "auto.offset.reset"
EARLIEST_OFFSET = "earliest"
PORT = 9092
EXTERNAL_PORT = 9292
INTERNAL_IP_PLACEHOLDER = "INTERNAL_IP"
EXTERNAL_IP_PLACEHOLDER = "EXTERNAL_IP"
DIR = "/usr/local/kafka/logs/"
KAFKA_CONFIG_FILE = "/usr/local/kafka/config/server.properties"
EMPTY_ADDR = "0.0.0.0"
[docs]class ELK:
"""
String constants for managing the ELK stack
"""
ELK_START = "nohup /usr/local/bin/start.sh > /elk_server.log &"
ELK_LOG = "/elk_server.log"
ELASTICSEARCH_STOP = "service elasticsearch stop"
KIBANA_STOP = "service kibana stop"
LOGSTASH_STOP = "service logstash stop"
ELASTICSEARCH_START = "service elasticsearch start"
KIBANA_START = "service kibana start"
LOGSTASH_START = "service logstash start"
ELASTICSEARCH_STATUS = "service elasticsearch status"
KIBANA_STATUS = "service kibana status"
LOGSTASH_STATUS = "service logstash status"
ELASTICSEARCH_LOG_DIR = "/var/log/elasticsearch/"
LOGSTASH_LOG_DIR = "/var/log/logstash/"
KIBANA_LOG_DIR = "/var/log/kibana/"
ELASTIC_PORT = 9200
KIBANA_PORT = 5601
LOGSTASH_PORT = 5044
[docs]class RYU:
"""
String constants for managing Ryu
"""
CHECK_IF_RYU_CONTROLLER_IS_RUNNING = "ps -aux | grep ryu_controller.py"
STOP_RYU_CONTROLLER = "sudo pkill -f ryu_controller.py"
STOP_RYU_CONTROLLER_MANAGER = "sudo pkill -f ryu-manager"
RYU_CONTROLLER_FILENAME = "ryu_controller.py"
SEARCH_CONTROLLER = "/root/miniconda3/bin/python3 /ryu_controller.py"
START_RYU_CONTROLLER = "sudo nohup /root/miniconda3/bin/python3 /ryu_controller.py --port {} --webport {} " \
"--controller {} &"
START_PRODUCER_HTTP_RESOURCE = "/cslenorthboundapi/producer/start"
STOP_PRODUCER_HTTP_RESOURCE = "/cslenorthboundapi/producer/stop"
STATUS_PRODUCER_HTTP_RESOURCE = "/cslenorthboundapi/producer/status"
TIME_STEP_LEN_SECONDS = "time_step_len_seconds"
PRODUCER_RUNNING = "producer_running"
KAFKA_CONF = "kafka_conf"
REQUEST_TIMEOUT_S = 5
[docs]class INTERFACES:
"""
String constrants related to networking interfaces
"""
ETH1 = "eth1"
ETH0 = "eth0"
ADDR = "addr"
[docs]class SPARK:
"""
Constants related to Spark
"""
START_SPARK_MASTER = "/spark-3.5.7-bin-hadoop3/sbin/start-master.sh"
START_SPARK_WORKER = "/spark-3.5.7-bin-hadoop3/sbin/start-worker.sh spark://15.13.1.161:7077 -m 2G -c 1"
SPARK_MASTER_PID_FILE = "/tmp/spark--org.apache.spark.deploy.master.Master-1.pid"
SPARK_WORKER_PID_FILE = "/tmp/spark--org.apache.spark.deploy.worker.Worker-1.pid"
STOP_SPARK_WORKER = "sudo kill -9 {}"
STOP_SPARK_MASTER = "sudo kill -9 {}"
[docs]class FIVE_G_CORE:
"""
Constants related to the 5G core
"""
AMF_METRICS_URL = "http://127.0.0.5:9090/metrics"
UPF_METRICS_URL = "http://127.0.0.7:9090/metrics"
MME_METRICS_URL = "http://127.0.0.2:9090/metrics"
SMF_METRICS_URL = "http://127.0.0.4:9090/metrics"
HSS_METRICS_URL = "http://127.0.0.8:9090/metrics"
PCRF_METRICS_URL = "http://127.0.0.9:9090/metrics"
PCF_METRICS_URL = "http://127.0.0.13:9090/metrics"
CONTROL_SCRIPT_PATH = "/start_stop_5g.sh"
SUBSCRIBER_CONTROL_SCRIPT_PATH = "/subscriber_init.sh"
RUNNING = "RUNNING"
STOPPED = "STOPPED"
ALL = "all"
STATUS = "status"
START = "start"
STOP = "stop"
INIT = "init"
MONGO = "mongo"
MME = "mme"
SGWC = "sgwc"
SMF = "smf"
AMF = "amf"
SGWU = "sgwu"
UPF = "upf"
HSS = "hss"
PCRF = "pcrf"
NRF = "nrf"
SCP = "scp"
SEPP = "sepp"
AUSF = "ausf"
UDM = "udm"
PCF = "pcf"
NSSF = "nssf"
BSF = "bsf"
UDR = "udr"
WEBUI = "webui"
MONGO_RUNNING = "mongo_running"
MME_RUNNING = "mme_running"
SGWC_RUNNING = "sgwc_running"
SMF_RUNNING = "smf_running"
AMF_RUNNING = "amf_running"
SGWU_RUNNING = "sgwu_running"
UPF_RUNNING = "upf_running"
HSS_RUNNING = "hss_running"
PCRF_RUNNING = "pcrf_running"
NRF_RUNNING = "nrf_running"
SCP_RUNNING = "scp_running"
SEPP_RUNNING = "sepp_running"
AUSF_RUNNING = "ausf_running"
UDM_RUNNING = "udm_running"
PCF_RUNNING = "pcf_running"
NSSF_RUNNING = "nssf_running"
BSF_RUNNING = "bsf_running"
UDR_RUNNING = "udr_running"
WEBUI_RUNNING = "webui_running"
MONITOR_RUNNING = "monitor_running"
IP = "ip"
TS = "ts"
AMF_YAML = "/etc/open5gs/amf.yaml"
UPF_YAML = "/etc/open5gs/upf.yaml"
ADDRESS = "address"
GTPU = "gtpu"
NGAP = "ngap"
SERVER = "server"
GNB = "gnb"
FIVEGS_AMFFUNCTION_MM_CONFUPDATE = "fivegs_amffunction_mm_confupdate"
FIVEGS_AMFFUNCTION_RM_REGINITREQ = "fivegs_amffunction_rm_reginitreq"
FIVEGS_AMFFUNCTION_RM_REGEMERGREQ = "fivegs_amffunction_rm_regemergreq"
FIVEGS_AMFFUNCTION_MM_PAGING5GREQ = "fivegs_amffunction_mm_paging5greq"
FIVEGS_AMFFUNCTION_RM_REGPERIODREQ = "fivegs_amffunction_rm_regperiodreq"
FIVEGS_AMFFUNCTION_MM_CONFUPDATESUCC = "fivegs_amffunction_mm_confupdatesucc"
FIVEGS_AMFFUNCTION_RM_REGINITSUCC = "fivegs_amffunction_rm_reginitsucc"
FIVEGS_AMFFUNCTION_AMF_AUTHREJECT = "fivegs_amffunction_amf_authreject"
FIVEGS_AMFFUNCTION_RM_REGMOBREQ = "fivegs_amffunction_rm_regmobreq"
AMF_SESSION = "amf_session"
FIVEGS_AMFFUNCTION_RM_REGMOBSUCC = "fivegs_amffunction_rm_regmobsucc"
FIVEGS_AMFFUNCTION_AMF_AUTHREQ = "fivegs_amffunction_amf_authreq"
FIVEGS_AMFFUNCTION_RM_REGEMERGSUCC = "fivegs_amffunction_rm_regemergsucc"
FIVEGS_AMFFUNCTION_MM_PAGING5GSUCC = "fivegs_amffunction_mm_paging5gsucc"
RAN_UE = "ran_ue"
FIVEGS_AMFFUNCTION_RM_REGPERIODSUCC = "fivegs_amffunction_rm_regperiodsucc"
PROCESS_MAX_FDS = "process_max_fds"
PROCESS_VIRTUAL_MEMORY_MAX_BYTES = "process_virtual_memory_max_bytes"
PROCESS_CPU_SECONDS_TOTAL = "process_cpu_seconds_total"
PROCESS_VIRTUAL_MEMORY_BYTES = "process_virtual_memory_bytes"
PROCESS_RESIDENT_MEMORY_BYTES = "process_resident_memory_bytes"
PROCESS_START_TIME_SECONDS = "process_start_time_seconds"
PROCESS_OPEN_FDS = "process_open_fds"
# UPF specific
FIVEGS_EP_N3_GTP_INDATAPKTN3UPF = "fivegs_ep_n3_gtp_indatapktn3upf"
FIVEGS_EP_N3_GTP_OUTDATAPKTN3UPF = "fivegs_ep_n3_gtp_outdatapktn3upf"
FIVEGS_UPFFUNCTION_SM_N4SESSIONESTABREQ = "fivegs_upffunction_sm_n4sessionestabreq"
FIVEGS_UPFFUNCTION_SM_N4SESSIONREPORT = "fivegs_upffunction_sm_n4sessionreport"
FIVEGS_UPFFUNCTION_SM_N4SESSIONREPORTSUCC = "fivegs_upffunction_sm_n4sessionreportsucc"
FIVEGS_UPFFUNCTION_UPF_SESSIONNBR = "fivegs_upffunction_upf_sessionnbr"
PFCP_PEERS_ACTIVE = "pfcp_peers_active"
# MME specific
ENB_UE = "enb_ue"
MME_SESSION = "mme_session"
ENB = "enb"
# SMF specific
GN_RX_CREATEPDPCONTEXTREQ = "gn_rx_createpdpcontextreq"
GN_RX_DELETEPDPCONTEXTREQ = "gn_rx_deletepdpcontextreq"
GTP1_PDPCTXS_ACTIVE = "gtp1_pdpctxs_active"
UES_ACTIVE = "ues_active"
GTP2_SESSIONS_ACTIVE = "gtp2_sessions_active"
PFCP_SESSIONS_ACTIVE = "pfcp_sessions_active"
S5C_RX_CREATESESSION = "s5c_rx_createsession"
S5C_RX_DELETESESSION = "s5c_rx_deletesession"
GTP_NEW_NODE_FAILED = "gtp_new_node_failed"
S5C_RX_PARSE_FAILED = "s5c_rx_parse_failed"
FIVEGS_SMFFUNCTION_SM_SESSIONNBR = "fivegs_smffunction_sm_sessionnbr"
FIVEGS_SMFFUNCTION_SM_PDUSESSIONCREATIONREQ = "fivegs_smffunction_sm_pdusessioncreationreq"
FIVEGS_SMFFUNCTION_SM_PDUSESSIONCREATIONSUCC = "fivegs_smffunction_sm_pdusessioncreationsucc"
FIVEGS_SMFFUNCTION_SM_QOS_FLOW_NBR = "fivegs_smffunction_sm_qos_flow_nbr"
FIVEGS_SMFFUNCTION_SM_N4SESSIONESTABFAIL = "fivegs_smffunction_sm_n4sessionestabfail"
FIVEGS_SMFFUNCTION_SM_PDUSESSIONCREATIONFAIL = "fivegs_smffunction_sm_pdusessioncreationfail"
BEARERS_ACTIVE = "bearers_active"
GN_RX_PARSE_FAILED = "gn_rx_parse_failed"
GTP_PEERS_ACTIVE = "gtp_peers_active"
# HSS specific
CX_RX_LIR = "cx_rx_lir"
CX_RX_UAR = "cx_rx_uar"
CX_TX_LIA = "cx_tx_lia"
CX_RX_UNKNOWN = "cx_rx_unknown"
CX_RX_SAR = "cx_rx_sar"
S6A_RX_PUR = "s6a_rx_pur"
SWX_RX_MAR_ERROR = "swx_rx_mar_error"
CX_TX_UAA = "cx_tx_uaa"
S6A_RX_PUR_ERROR = "s6a_rx_pur_error"
S6A_TX_CLR = "s6a_tx_clr"
CX_TX_SAA = "cx_tx_saa"
CX_RX_LIR_ERROR = "cx_rx_lir_error"
S6A_RX_ULR = "s6a_rx_ulr"
S6A_RX_CLA = "s6a_rx_cla"
S6A_RX_CLA_ERROR = "s6a_rx_cla_error"
S6A_RX_AIR = "s6a_rx_air"
CX_RX_MAR = "cx_rx_mar"
SWX_RX_SAR = "swx_rx_sar"
S6A_RX_AIR_ERROR = "s6a_rx_air_error"
S6A_RX_IDA_ERROR = "s6a_rx_ida_error"
CX_TX_MAA = "cx_tx_maa"
SWX_RX_MAR = "swx_rx_mar"
S6A_RX_UNKNOWN = "s6a_rx_unknown"
S6A_TX_PUA = "s6a_tx_pua"
SWX_RX_UNKNOWN = "swx_rx_unknown"
CX_RX_MAR_ERROR = "cx_rx_mar_error"
CX_RX_UAR_ERROR = "cx_rx_uar_error"
S6A_TX_ULA = "s6a_tx_ula"
S6A_RX_ULR_ERROR = "s6a_rx_ulr_error"
S6A_TX_AIA = "s6a_tx_aia"
S6A_TX_IDR = "s6a_tx_idr"
S6A_RX_IDA = "s6a_rx_ida"
CX_RX_SAR_ERROR = "cx_rx_sar_error"
SWX_RX_SAR_ERROR = "swx_rx_sar_error"
SWX_TX_MAA = "swx_tx_maa"
SWX_TX_SAA = "swx_tx_saa"
HSS_IMSI = "hss_imsi"
HSS_IMPI = "hss_impi"
HSS_IMPU = "hss_impu"
# PCRF specific
GX_RX_UNKNOWN = "gx_rx_unknown"
GX_RX_CCR = "gx_rx_ccr"
GX_RX_CCR_ERROR = "gx_rx_ccr_error"
GX_RX_RAA = "gx_rx_raa"
GX_TX_CCA = "gx_tx_cca"
GX_TX_RAR = "gx_tx_rar"
GX_TX_RAR_ERROR = "gx_tx_rar_error"
RX_RX_UNKNOWN = "rx_rx_unknown"
RX_RX_AAR = "rx_rx_aar"
RX_RX_AAR_ERROR = "rx_rx_aar_error"
RX_RX_ASA = "rx_rx_asa"
RX_RX_ASA_ERROR = "rx_rx_asa_error"
RX_RX_STR_ERROR = "rx_rx_str_error"
RX_TX_AAA = "rx_tx_aaa"
RX_TX_SAR = "rx_tx_sar"
RX_TX_STA = "rx_tx_sta"
# PCF specific
FIVEGS_PCFFUNCTION_PA_POLICYAMASSOREQ = "fivegs_pcffunction_pa_policyamassoreq"
FIVEGS_PCFFUNCTION_PA_POLICYAMASSOSUCC = "fivegs_pcffunction_pa_policyamassosucc"
FIVEGS_PCFFUNCTION_PA_POLICYSMASSOREQ = "fivegs_pcffunction_pa_policysmassoreq"
FIVEGS_PCFFUNCTION_PA_POLICYSMASSOSUCC = "fivegs_pcffunction_pa_policysmassosucc"
FIVEGS_PCFFUNCTION_PA_SESSIONNBR = "fivegs_pcffunction_pa_sessionnbr"
[docs]class FIVE_G_CU:
"""
Constants related to the 5G CU
"""
CONTROL_SCRIPT_PATH = "/start_stop_cu.sh"
RUNNING = "RUNNING"
STOPPED = "STOPPED"
STATUS = "status"
START = "start"
STOP = "stop"
CU = "srscu"
# Metric keys
CU_CP_ID = "cu_cp_id"
AMF_CONNECTED = "amf_connected"
NOF_CN_INITIATED_PAGING_REQUESTS = "nof_cn_initiated_paging_requests"
NOF_PDU_SESSIONS_REQUESTED_TO_SETUP = "nof_pdu_sessions_requested_to_setup"
NOF_PDU_SESSIONS_SUCCESSFULLY_SETUP = "nof_pdu_sessions_successfully_setup"
NOF_PDU_SESSIONS_FAILED_TO_SETUP_TOTAL = "nof_pdu_sessions_failed_to_setup_total"
NOF_HANDOVER_PREPARATIONS_REQUESTED = "nof_handover_preparations_requested"
NOF_SUCCESSFUL_HANDOVER_PREPARATIONS = "nof_successful_handover_preparations"
RRC_ESTABLISHMENTS_ATTEMPTED_TOTAL = "rrc_establishments_attempted_total"
RRC_ESTABLISHMENTS_SUCCESSFUL_TOTAL = "rrc_establishments_successful_total"
RRC_ESTABLISHMENTS_ATTEMPTED_MO_DATA = "rrc_establishments_attempted_mo_data"
RRC_ESTABLISHMENTS_SUCCESSFUL_MO_DATA = "rrc_establishments_successful_mo_data"
RRC_ESTABLISHMENTS_ATTEMPTED_MO_SIG = "rrc_establishments_attempted_mo_sig"
RRC_ESTABLISHMENTS_SUCCESSFUL_MO_SIG = "rrc_establishments_successful_mo_sig"
MAX_NOF_RRC_CONNECTIONS = "max_nof_rrc_connections"
MEAN_NOF_RRC_CONNECTIONS = "mean_nof_rrc_connections"
RRC_REESTABLISHMENTS_ATTEMPTED = "rrc_reestablishments_attempted"
RRC_REESTABLISHMENTS_SUCCESSFUL = "rrc_reestablishments_successful"
NOF_HANDOVER_EXECUTIONS_REQUESTED = "nof_handover_executions_requested"
NOF_SUCCESSFUL_HANDOVER_EXECUTIONS = "nof_successful_handover_executions"
# App Resource Usage metrics
CPU_USAGE_PERCENT = "cpu_usage_percent"
MEMORY_USAGE_MB = "memory_usage_mb"
POWER_CONSUMPTION_WATTS = "power_consumption_watts"
# Buffer Pool metrics
CENTRAL_CACHE_SIZE = "central_cache_size"
# Keys for WebSocket parsing
TIMESTAMP = "timestamp"
CU_CP = "cu-cp"
APP_RESOURCE_USAGE = "app_resource_usage"
BUFFER_POOL = "buffer_pool"
NGAPS = "ngaps"
NGAP = "ngap"
CONNECTED = "connected"
PAGING_MEASUREMENT = "paging_measurement"
NOF_CN_INITIATED_PAGING_REQUESTS = "nof_cn_initiated_paging_requests"
PDU_SESSION_MANAGEMENT = "pdu_session_management"
NOF_PDU_SESSIONS_REQUESTED_TO_SETUP = "nof_pdu_sessions_requested_to_setup"
NOF_PDU_SESSIONS_SUCCESSFULLY_SETUP = "nof_pdu_sessions_successfully_setup"
NOF_PDU_SESSIONS_FAILED_TO_SETUP = "nof_pdu_sessions_failed_to_setup"
NOF_HANDOVER_PREPARATIONS_REQUESTED = "nof_handover_preparations_requested"
NOF_SUCCESSFUL_HANDOVER_PREPARATIONS = "nof_successful_handover_preparations"
RRCS = "rrcs"
DU = "du"
RRC_CONNECTION_ESTABLISHMENT = "rrc_connection_establishment"
ATTEMPTED_RRC_CONNECTION_ESTABLISHMENTS = "attempted_rrc_connection_establishments"
MO_DATA = "mo_data"
MO_SIG = "mo_sig"
SUCCESSFUL_RRC_CONNECTION_ESTABLISHMENTS = "successful_rrc_connection_establishments"
RRC_CONNECTION_NUMBER = "rrc_connection_number"
MAX_NOF_RRC_CONNECTIONS = "max_nof_rrc_connections"
MEAN_NOF_RRC_CONNECTIONS = "mean_nof_rrc_connections"
RRC_CONNECTION_REESTABLISHMENT = "rrc_connection_reestablishment"
ATTEMPTED_RRC_CONNECTION_REESTABLISHMENTS = "attempted_rrc_connection_reestablishments"
SUCCESSFUL_RRC_CONNECTION_REESTABLISHMENTS_WITH_UE_CONTEXT = \
"successful_rrc_connection_reestablishments_with_ue_context"
NOF_HANDOVER_EXECUTIONS_REQUESTED = "nof_handover_executions_requested"
NOF_SUCCESSFUL_HANDOVER_EXECUTIONS = "nof_successful_handover_executions"
ID = "id"
IP = "ip"
TS = "ts"
TRUE = "true"
CMD = "cmd"
METRICS_SUBSCRIBE = "metrics_subscribe"
CU_CP_KEY = "cu_cp"
APP_KEY = "app"
BUFFER_KEY = "buffer"
[docs]class FIVE_G_DU:
"""
Constants related to the 5G DU
"""
CONTROL_SCRIPT_PATH = "/start_stop_du.sh"
UE_CONTROL_SCRIPT_PATH = "/start_stop_ue.sh"
RUNNING = "RUNNING"
STOPPED = "STOPPED"
STATUS = "status"
START = "start"
STOP = "stop"
INIT = "init"
DU = "srsdu"
UE = "srsue"
# Metric keys
PCI = "pci"
AVERAGE_LATENCY_US = "average_latency_us"
CPU_USAGE_PERCENT = "cpu_usage_percent"
MAX_LATENCY_US = "max_latency_us"
MIN_LATENCY_US = "min_latency_us"
# Cell metrics
AVERAGE_LATENCY = "average_latency"
MAX_LATENCY = "max_latency"
PUCCH_TOT_RB_USAGE_AVG = "pucch_tot_rb_usage_avg"
ACTIVE_UES = "active_ues"
DL_BRATE = "dl_brate"
UL_BRATE = "ul_brate"
DL_MCS = "dl_mcs"
UL_MCS = "ul_mcs"
PUSCH_SNR_DB = "pusch_snr_db"
PUCCH_SNR_DB = "pucch_snr_db"
CQI = "cqi"
DL_BLER = "dl_bler"
UL_BLER = "ul_bler"
# Low metrics
DL_AVG_LATENCY_US = "dl_avg_latency_us"
DL_CPU_USAGE_PERCENT = "dl_cpu_usage_percent"
DL_MAX_LATENCY_US = "dl_max_latency_us"
DL_FEC_TPUT_MBPS = "dl_fec_tput_mbps"
UL_AVG_LATENCY_US = "ul_avg_latency_us"
UL_CPU_USAGE_PERCENT = "ul_cpu_usage_percent"
UL_MAX_LATENCY_US = "ul_max_latency_us"
UL_SINR_DB = "ul_sinr_db"
UL_CH_EST_LATENCY_US = "ul_ch_est_latency_us"
UL_LDPC_DEC_LATENCY_US = "ul_ldpc_dec_latency_us"
UL_FEC_TPUT_MBPS = "ul_fec_tput_mbps"
# RLC metrics
UE_ID = "ue_id"
DRB_ID = "drb_id"
RX_NUM_PDUS = "rx_num_pdus"
RX_NUM_BYTES = "rx_num_bytes"
RX_NUM_LOST_PDUS = "rx_num_lost_pdus"
RX_NUM_MALFORMED_PDUS = "rx_num_malformed_pdus"
TX_NUM_SDUS = "tx_num_sdus"
TX_NUM_BYTES = "tx_num_bytes"
TX_NUM_DROPPED_SDUS = "tx_num_dropped_sdus"
TX_NUM_DISCARDED_SDUS = "tx_num_discarded_sdus"
TX_MAX_PDU_LATENCY_NS = "tx_max_pdu_latency_ns"
TX_SUM_PDU_LATENCY_NS = "tx_sum_pdu_latency_ns"
TX_SUM_SDU_LATENCY_US = "tx_sum_sdu_latency_us"
# App Resource Usage metrics
MEMORY_USAGE_MB = "memory_usage_mb"
POWER_CONSUMPTION_WATTS = "power_consumption_watts"
# Buffer Pool metrics
CENTRAL_CACHE_SIZE = "central_cache_size"
# Keys for WebSocket parsing
TIMESTAMP = "timestamp"
DU_HIGH = "du_high"
MAC = "mac"
DL = "dl"
APP_RESOURCE_USAGE = "app_resource_usage"
BUFFER_POOL = "buffer_pool"
CELLS = "cells"
LOW = "low"
RLC = "rlc"
ENTITIES = "entities"
UL = "ul"
DU_LOW = "du_low"
FEC = "fec"
ALGO_EFFICIENCY = "algo_efficiency"
CHANNEL_ESTIMATION = "channel_estimation"
LDPC_DECODER = "ldpc_decoder"
AVERAGE_THROUGHPUT_MBPS = "average_throughput_mbps"
CELL_METRICS = "cell_metrics"
UE_LIST = "ue_list"
DL_NOF_OK = "dl_nof_ok"
DL_NOF_NOK = "dl_nof_nok"
UL_NOF_OK = "ul_nof_ok"
UL_NOF_NOK = "ul_nof_nok"
RX = "rx"
TX = "tx"
SUM_PDU_LATENCY_NS = "sum_pdu_latency_ns"
SUM_SDU_LATENCY_US = "sum_sdu_latency_us"
RLC_METRICS = "rlc_metrics"
NUM_PDUS = "num_pdus"
NUM_PDU_BYTES = "num_pdu_bytes"
NUM_LOST_PDUS = "num_lost_pdus"
NUM_MALFORMED_PDUS = "num_malformed_pdus"
NUM_SDUS = "num_sdus"
NUM_SDU_BYTES = "num_sdu_bytes"
NUM_DROPPED_SDUS = "num_dropped_sdus"
NUM_DISCARDED_SDUS = "num_discarded_sdus"
MAX_PDU_LATENCY_NS = "max_pdu_latency_ns"
CMD = "cmd"
METRICS_SUBSCRIBE = "metrics_subscribe"
CELL_KEY = "cell"
DU_KEY = "du"
DU_LOW_KEY = "du_low"
RLC_KEY = "rlc"
APP_KEY = "app"
BUFFER_KEY = "buffer"
IP = "ip"
TS = "ts"