Ruby on rails 鲁比:我在用';执行块';不正确?I';“我得到了”;未定义的方法`扫描';对于#<;哈希:>&引用;
我正在尝试为我的仪表板显示唯一的IPS警报。如果我显示Ruby on rails 鲁比:我在用';执行块';不正确?I';“我得到了”;未定义的方法`扫描';对于#<;哈希:>&引用;,ruby-on-rails,ruby,Ruby On Rails,Ruby,我正在尝试为我的仪表板显示唯一的IPS警报。如果我显示@filtered\u snort\u detail\u query,我会收到大量警报,许多警报可能会被忽略,因为警报是基于数据包的,一次攻击可以生成100或1000个警报。不需要全部显示。我正在尝试使用scan查找sig ID、源IP和目标IP 当这一切都说了又做了,我希望在我的视图中显示@snort\u dash\u info,而不是@filtered\u snort\u detail\u query 我的错误: undefined me
@filtered\u snort\u detail\u queryscan@snort\u dash\u info@filtered\u snort\u detail\u queryundefined method `scan' for #<Hash:0x007f088a7a4830>
app/controllers/csdashboard_controller.rb:139:in `block in index'
app/controllers/csdashboard_controller.rb:138:in `each'
app/controllers/csdashboard_controller.rb:138:in `index'
使用
每对ips_alerts.each_pair { |k, v| puts "#{k} #{v}" }
ips_alerts.each_pair do |k, v|
if k == "sid_data" # pure assumption on my part
sid_data = v.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)
end
end
对不起,我想不出一个更漂亮的方法,但它是有效的。得到了一些有用的东西,所以我想这个问题应该解决。我不再使用未定义的扫描方法,我已经验证了我的
unique\u id唯一的\u idcode: if @es_snort_detail_query.count > 0
sid = Array.new
ip_src = Array.new
ip_dst = Array.new
@snort_dash_info = Array.new
@es_snort_detail_query.each do |ips_detail|
next if ips_detail['_source']['type'] != 'snort-ips'
next if ips_detail['_source']['@timestamp'] < @ts
if ips_detail['_source']['message'].nil?
text_msg = ips_detail['_source']['message']
else
text_msg = ips_detail['_source']['message']
end
unless text_msg.nil?
sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)
src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)
dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)
sid.push(sid_data[0]) unless sid_data[0].nil?
ip_src.push(src_ip_data[0]) unless src_ip_data[0].nil?
ip_dst.push(dst_ip_data[1]) unless dst_ip_data[1].nil?
unique_ids = [{:ips_info => sid},{:ips_info => ip_src}, {:ips_info => ip_dst}]
snort_details_info = unique_ids.uniq do |show_me|
show_me[:ips_info]
end
@snort_dash_info.push(snort_details_info)
end
end
end
if@es\u snort\u detail\u query.count>0
sid=Array.new
ip_src=Array.new
ip_dst=Array.new
@snort\u dash\u info=数组.new
@es|u snort|u detail|u query.each do|ips|u detail|
下一步如果ips_详细信息[''源]['type']!='snort-ips'
下一步如果ips_详细信息[''源]['@timestamp']<@ts
如果ips_详细信息[''源]['消息].nil?
text_msg=ips_详细信息[''u来源]['message']
其他的
text_msg=ips_详细信息[''u来源]['message']
终止
除非文本为零?
sid\u data=text\u msg.scan(/\[\d+:\d+:\d+\]/)
src_ip_data=text_msg.scan(/(?:[0-9]{1,3}\){3}[0-9]{1,3}/)
dst_ip_data=text_msg.scan(/(?:[0-9]{1,3}\){3}[0-9]{1,3}/)
sid.push(sid_数据[0]),除非sid_数据[0].nil?
ip_src.push(src_ip_数据[0]),除非src_ip_数据[0]。nil?
ip_dst.push(dst_ip_数据[1]),除非dst_ip_数据[1]。无?
唯一的\u id=[{:ips\u info=>sid},{:ips\u info=>ip\u src},{:ips\u info=>ip\dst}]
snort_details_info=unique_id.uniq do| show_me|
向我显示[:ips\u信息]
终止
@snort\u dash\u info.push(snort\u详细信息)
终止
终止
终止
@过滤的\u snort\u详细信息\u查询 if @es_snort_detail_query.count > 0
sid = Array.new
ip_src = Array.new
ip_dst = Array.new
@snort_dash_info = Array.new
@es_snort_detail_query.each do |ips_detail|
next if ips_detail['_source']['type'] != 'snort-ips'
next if ips_detail['_source']['@timestamp'] < @ts
if ips_detail['_source']['message'].nil?
text_msg = ips_detail['_source']['message']
else
text_msg = ips_detail['_source']['message']
end
unless text_msg.nil?
sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)
src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)
dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)
sid.push(sid_data[0]) unless sid_data[0].nil?
ip_src.push(src_ip_data[0]) unless src_ip_data[0].nil?
ip_dst.push(dst_ip_data[1]) unless dst_ip_data[1].nil?
unique_ids = [{:ips_info => sid},{:ips_info => ip_src}, {:ips_info => ip_dst}]
snort_details_info = unique_ids.uniq do |show_me|
show_me[:ips_info]
end
@snort_dash_info.push(snort_details_info)
end
end
end