--
-- Helper functions
--
-- match all lines and output them as-is
local function logwatch_filter_all (name)
return { name=name }
end
-- match using a regex pattern, but output the full line
local function logwatch_filter_raw (name, pat)
return { name=name, pat=pat }
end
-- match using a regexp pattern, and output a formatted line
local function logwatch_filter (name, pat, fmt)
return { name=name, pat=pat, fmt=fmt }
end
-- match using a regexp pattern, and do *not* output
local function logwatch_filter_blackhole (name, pat)
return { name=name, pat=pat, channel_is_null=true }
end
logwatch_timestamp_pat = "\\w{3} [0-9 ]\\d \\d{2}:\\d{2}:\\d{2}"
-- match auth.log sudo entries
local function logwatch_filter_sudo (name)
return logwatch_filter(name,
"^" .. logwatch_timestamp_pat .. " (?P<hostname>\\S+)\\s+sudo:\\s*(?P<username>\\S+) : TTY=(?P<tty>\\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\\S+) ; COMMAND=(?P<command>.*)$",
"{username}:{tty} - {target_user}@{hostname}:{pwd} - {command:r}"
)
end
-- filter out the prefixed timestamp from lines
local function logwatch_filter_strip_timestamp (name)
return logwatch_filter(name,
"^" .. logwatch_timestamp_pat .. " (?P<line>.+)$",
"{line}"
)
end
-- filter out auth.log cron messages
local function logwatch_filter_no_cron (name)
return logwatch_filter_blackhole(name,
"^" .. logwatch_timestamp_pat .. " \\S+\\s+(CRON|su)\\[\\d+\\]: pam_unix\\(\\w+:\\w+\\): session (opened|closed) for user \\w+( by \\(uid=\\d+\\))?$"
)
end
-- filter out auth.log 'su for nobody by root' messages
local function logwatch_filter_no_su_nobody (name)
return logwatch_filter_blackhole(name,
"^" .. logwatch_timestamp_pat .. " \\S+\\s+su\\[\\d+\\]: (Successful su for nobody by root|\\+ \\?\\?\\? root:nobody)$"
)
end
--
-- Procedural config
--
local function apply_config (conf)
-- apply general
log_level(conf.log_level)
-- apply conf.name
client:set_defaults(conf.name.nickname, conf.name.username, conf.name.realname)
-- apply conf.networks
for network, settings in pairs(conf.networks) do
-- establish the irc_net
net = client:connect(network, settings.hostname)
-- join each channel
for i, channel in ipairs(settings.channels) do
net:join(channel)
end
end
-- apply conf.modules_path
if conf.modules_path then
modules:path(conf.modules_path)
end
-- apply conf.modules
for name, settings in pairs(conf.modules) do
-- load the module
module = modules:load(name, settings.path)
-- apply confs
for key, value in pairs(settings.conf) do
module:conf(key, value)
end
end
-- conf.mod_logwatch
if conf.mod_logwatch then
module = modules:load("logwatch")
for fifo_path, settings in pairs(conf.mod_logwatch) do
module:conf("source_fifo", fifo_path)
source_name = fifo_path
for i, filter in ipairs(settings.filters) do
if filter.channel_is_null then
channel = nil
else
channel = settings.channel
end
module:conf("filter", filter.name, source_name, filter.pat, filter.fmt, channel)
end
end
end
end
--
-- Declarative configuration settings
--
apply_config{
log_level = "DEBUG",
name = {
nickname = "SpBotDev",
username = "spbot-dev",
realname = "SpBot (development version)"
},
networks = {
PVLNet = {
hostname = "irc.fixme.fi",
channels = {
"#test"
}
},
},
modules_path = "src/modules",
modules = {
irc_log = {
conf = {
db_info = "dbname=spbot",
channel = "PVLNet/#test",
}
}
},
mod_logwatch = {
["test.fifo"] = {
channel = "PVLNet/#test",
filters = {
logwatch_filter_raw ("test.foo", "foo" ),
logwatch_filter_sudo ("test.sudo" ),
logwatch_filter_no_cron ("test.no_cron" ),
logwatch_filter_no_su_nobody ("test.no_cron_su" ),
logwatch_filter_strip_timestamp ("test.all" )
}
},
},
}