| author | Tero Marttila <terom@fixme.fi> |
| Wed, 26 Mar 2008 01:12:11 +0200 | |
| changeset 15 | e31e38d654b6 |
| parent 12 | cf388baabf0a |
| child 18 | 6348bf9750bc |
| permissions | -rw-r--r-- |
|
12
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
1 |
import re |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
2 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
3 |
class Filter (object) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
4 |
def __init__ (self, regexp, event_type) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
5 |
self.regexp = re.compile(regexp) |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
6 |
self.event_type = event_type |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
7 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
8 |
def test (self, line) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
9 |
match = self.regexp.search(line) |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
10 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
11 |
if match : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
return self._filter(match) |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
13 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
14 |
def _filter (self, match) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
15 |
return match.string |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
16 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
17 |
class AutoFilter (Filter) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
18 |
# your event type here, as a string |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
19 |
EVENT = None |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
20 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
21 |
# your regexp here, with named matchgroups |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
22 |
REGEXP = None |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
23 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
24 |
# your output format, with named interpolation params |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
25 |
OUTPUT = None |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
26 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
27 |
def __init__ (self) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
28 |
super(AutoFilter, self).__init__(self.REGEXP, self.EVENT) |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
29 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
30 |
def _filter (self, match) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
31 |
return self.OUTPUT % match.groupdict() |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
32 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
33 |
class SudoFilter (AutoFilter) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
34 |
EVENT = "sudo" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
35 |
REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
36 |
OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
37 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
38 |
class SSHFilter (AutoFilter) : |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
39 |
EVENT = "ssh" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
40 |
REGEXP = "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
41 |
OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
42 |
|
|
cf388baabf0a
split off config from logwatcher.py into separate modules
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
43 |