author | Tero Marttila <terom@fixme.fi> |
Thu, 04 Feb 2010 19:38:54 +0200 | |
changeset 38 | 66a42168c80b |
parent 32 | 4a2aa163a576 |
permissions | -rw-r--r-- |
21
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
1 |
import re |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
2 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
3 |
class FullFilter (object) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
4 |
def __init__ (self, event_type) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
5 |
self.event_type = event_type |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
6 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
7 |
def test (self, line) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
8 |
return line |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
9 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
10 |
class NullFilter (object) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
11 |
def __init__ (self, pattern, flags=None) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
12 |
self.regexp = re.compile(pattern, flags) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
13 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
14 |
def test (self, line) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
15 |
match = self.regexp.search(line) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
16 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
17 |
if match : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
18 |
return False |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
19 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
20 |
class SimpleFilter (object) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
21 |
def __init__ (self, event_type, pattern, format) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
22 |
self.event_type = event_type |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
23 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
24 |
self.regexp = re.compile(pattern) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
25 |
self.format = format |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
26 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
27 |
def test (self, line) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
28 |
match = self.regexp.search(line) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
29 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
30 |
if match : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
31 |
return self._filter(match) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
32 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
33 |
def _filter (self, match) : |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
34 |
return self.format % match.groupdict() |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
35 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
36 |
_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}" |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
37 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
38 |
all = FullFilter("all") |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
39 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
40 |
all_wo_timestamps = SimpleFilter( |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
41 |
"all", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
42 |
"^" + _timestamp + " (?P<line>.+)$", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
43 |
"%(line)s" |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
44 |
) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
45 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
46 |
sudo = SimpleFilter( |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
47 |
"sudo", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
48 |
"(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
49 |
"%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r" |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
50 |
) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
51 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
52 |
ssh = SimpleFilter( |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
53 |
"ssh", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
54 |
"(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
55 |
"%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
56 |
) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
57 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
58 |
cron_killer = NullFilter( |
32
4a2aa163a576
update cron_killer for debian lenny
Tero Marttila <terom@fixme.fi>
parents:
21
diff
changeset
|
59 |
"^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$", |
21
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
60 |
re.IGNORECASE |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
61 |
) |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
62 |
|
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
63 |
su_nobody_killer = NullFilter( |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
64 |
"^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$", |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
65 |
re.IGNORECASE |
aa6df8f9c44a
add initial code back under fixbot/, the git-convert somehow broke
terom@fixme.fi
parents:
diff
changeset
|
66 |
) |