from flask import Flask, request
import socket
from datetime import datetime
import json

app = Flask(__name__)

SYSLOG_SERVER = 'syslog.server.address'  # Replace with your syslog server address
SYSLOG_PORT = 6675  # Replace with your syslog server port
FACILITY = 13  # 1 - User-level messages, 13 - Security audit log
SEVERITY = 2  # 1 - Alert, 2 - critical, 3 - Error, 4 - Warning, 5- Notice, 6 - Informational message

def get_host_ip():
    try:
        # Get the hostname
        host_name = socket.gethostname()
        print(f"Hostname: {host_name}")  # Debug print

        # Get the IP address of the host
        host_ip = socket.gethostbyname(host_name)
        print(f"Host IP: {host_ip}")  # Debug print
        return host_ip
    except Exception as e:
        print(f"Error getting host IP: {e}")  # Debug print
        return "Unable to get Host IP"


def format_uef(payload,source_ip):
    # Static fields as per UEF specification
    device_product = "Eyeglass Zero Trust"
    device_vendor = "Superna"
    device_version = "V1"  # Replace with the actual version if available
    device_event_class_id = "security"  # Replace or determine dynamically if possible
    version = "1.0"  # Literal string for version
    event_type = "threat_detection"  # Literal string for event_type
    # Extracting the protocol field from the payload
    protocol = payload.get('protocol', 'Unknown')
    client_ip = payload.get('clientIPs', ['Unknown'])[0]  # Assuming clientIPs is a list
    # Extracting the comment field from the payload, assuming it's in the actions list
    comments = [action.get('comment', '') for action in payload.get('actions', [])]
    comment = ' | '.join(comments)  # Concatenate all comments, separated by ' | '    

    # Dynamic fields from the payload
    time = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z'
    print(time)  # Outputs timestamp in the format: yyyy-MM-ddTHH:mm:ss.SSSZ
    user = payload.get('userName', 'Unknown')
    action = payload.get('actions', [{}])[0].get('action', 'Unknown')
    severity = payload.get('severity', 'Unknown')
    state = payload.get('state', 'Unknown')
    
    # Convert the entire payload to a JSON-formatted string
    custom_data = json.dumps(payload)
    

    # Construct the UEF message with the new fields
   # uef_message = (f"time={time}, source_ip={client_ip}, user={user}, account={user}, action={action}, "
    #              f"severity={severity}, state={state}, protocol={protocol}, client_ip={client_ip}, "
    #              f"device_product={device_product}, device_vendor={device_vendor}, "
    #              f"device_version={device_version}, device_event_class_id={device_event_class_id}, "
    #              f"version={version}, event_type={event_type}, custom_data={custom_data}")
    uef_message = (f"custom_data={custom_data}")
    return uef_message


def send_to_syslog(uef_message, source_ip):
    priority = FACILITY * 8 + SEVERITY
    syslog_header = f"<{priority}>1 {datetime.utcnow().isoformat()} eyeglass-vm Superna-Zero-Trust {source_ip} -"
    syslog_message = f"{syslog_header} {uef_message}"
    print(f"Syslog Message: {syslog_message}")  # Print the syslog message to console
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sock.sendto(syslog_message.encode('utf-8'), (SYSLOG_SERVER, SYSLOG_PORT))
    sock.close()

@app.route('/webhook', methods=['POST'])
def webhook():
    try:
        payload = request.json
        source_ip = get_host_ip()  # Get the host IP
        uef_message = format_uef(payload, source_ip)
        send_to_syslog(uef_message, source_ip)  # Pass source_ip here as well
        return "Success", 200
    except Exception as e:
        return str(e), 500

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000,debug=True)