terom@134: terom@134: -- terom@134: -- Helper functions terom@134: -- terom@134: terom@134: -- match all lines and output them as-is terom@138: local function logwatch_filter_all (name) terom@138: return { name=name } terom@134: end terom@134: terom@134: -- match using a regex pattern, but output the full line terom@138: local function logwatch_filter_raw (name, pat) terom@138: return { name=name, pat=pat } terom@134: end terom@134: terom@134: -- match using a regexp pattern, and output a formatted line terom@138: local function logwatch_filter (name, pat, fmt) terom@138: return { name=name, pat=pat, fmt=fmt } terom@134: end terom@134: terom@138: -- match using a regexp pattern, and do *not* output terom@138: local function logwatch_filter_blackhole (name, pat) terom@138: return { name=name, pat=pat, channel_is_null=true } terom@138: end terom@138: terom@138: logwatch_timestamp_pat = "\\w{3} [0-9 ]\\d \\d{2}:\\d{2}:\\d{2}" terom@138: terom@134: -- match auth.log sudo entries terom@138: local function logwatch_filter_sudo (name) terom@138: return logwatch_filter(name, terom@138: "^" .. logwatch_timestamp_pat .. " (?P\\S+)\\s+sudo:\\s*(?P\\S+) : TTY=(?P\\S+) ; PWD=(?P.+?) ; USER=(?P\\S+) ; COMMAND=(?P.*)$", terom@134: "{username}:{tty} - {target_user}@{hostname}:{pwd} - {command:r}" terom@134: ) terom@134: end terom@134: terom@138: -- filter out the prefixed timestamp from lines terom@138: local function logwatch_filter_strip_timestamp (name) terom@138: return logwatch_filter(name, terom@138: "^" .. logwatch_timestamp_pat .. " (?P.+)$", terom@138: "{line}" terom@138: ) terom@138: end terom@138: terom@138: -- filter out auth.log cron messages terom@138: local function logwatch_filter_no_cron (name) terom@138: return logwatch_filter_blackhole(name, terom@138: "^" .. logwatch_timestamp_pat .. " \\S+\\s+(CRON|su)\\[\\d+\\]: pam_unix\\(\\w+:\\w+\\): session (opened|closed) for user \\w+( by \\(uid=\\d+\\))?$" terom@138: ) terom@138: end terom@138: terom@138: -- filter out auth.log 'su for nobody by root' messages terom@138: local function logwatch_filter_no_su_nobody (name) terom@138: return logwatch_filter_blackhole(name, terom@138: "^" .. logwatch_timestamp_pat .. " \\S+\\s+su\\[\\d+\\]: (Successful su for nobody by root|\\+ \\?\\?\\? root:nobody)$" terom@138: ) terom@138: end terom@138: terom@134: -- terom@134: -- Procedural config terom@134: -- terom@134: local function apply_config (conf) terom@134: -- apply general terom@134: log_level(conf.log_level) terom@134: terom@134: -- apply conf.name terom@134: client:set_defaults(conf.name.nickname, conf.name.username, conf.name.realname) terom@134: terom@134: -- apply conf.networks terom@134: for network, settings in pairs(conf.networks) do terom@134: -- establish the irc_net terom@134: net = client:connect(network, settings.hostname) terom@134: terom@134: -- join each channel terom@134: for i, channel in ipairs(settings.channels) do terom@134: net:join(channel) terom@134: end terom@134: end terom@134: terom@134: -- apply conf.modules_path terom@134: if conf.modules_path then terom@134: modules:path(conf.modules_path) terom@134: end terom@134: terom@134: -- apply conf.modules terom@134: for name, settings in pairs(conf.modules) do terom@134: -- load the module terom@134: module = modules:load(name, settings.path) terom@134: terom@134: -- apply confs terom@134: for key, value in pairs(settings.conf) do terom@134: module:conf(key, value) terom@134: end terom@134: end terom@134: terom@134: -- conf.mod_logwatch terom@134: if conf.mod_logwatch then terom@134: module = modules:load("logwatch") terom@134: terom@134: for fifo_path, settings in pairs(conf.mod_logwatch) do terom@134: module:conf("source_fifo", fifo_path) terom@134: source_name = fifo_path terom@134: terom@138: for i, filter in ipairs(settings.filters) do terom@138: if filter.channel_is_null then terom@138: channel = nil terom@138: else terom@138: channel = settings.channel terom@138: end terom@138: terom@138: module:conf("filter", filter.name, source_name, filter.pat, filter.fmt, channel) terom@134: end terom@134: end terom@134: end terom@134: end terom@134: terom@134: -- terom@134: -- Declarative configuration settings terom@134: -- terom@134: apply_config{ terom@106: log_level = "DEBUG", terom@106: terom@106: name = { terom@106: nickname = "SpBotDev", terom@106: username = "spbot-dev", terom@106: realname = "SpBot (development version)" terom@106: }, terom@106: terom@106: networks = { terom@106: PVLNet = { terom@106: hostname = "irc.fixme.fi", terom@106: terom@106: channels = { terom@106: "#test" terom@106: } terom@106: }, terom@106: }, terom@106: terom@115: modules_path = "src/modules", terom@115: terom@106: modules = { terom@106: irc_log = { terom@106: conf = { terom@106: db_info = "dbname=spbot", terom@106: channel = "PVLNet/#test", terom@106: } terom@106: } terom@106: }, terom@134: terom@134: mod_logwatch = { terom@134: ["test.fifo"] = { terom@134: channel = "PVLNet/#test", terom@134: terom@134: filters = { terom@138: logwatch_filter_raw ("test.foo", "foo" ), terom@138: logwatch_filter_sudo ("test.sudo" ), terom@138: logwatch_filter_no_cron ("test.no_cron" ), terom@138: logwatch_filter_no_su_nobody ("test.no_cron_su" ), terom@138: logwatch_filter_strip_timestamp ("test.all" ) terom@134: } terom@134: }, terom@134: }, terom@106: } terom@106: