fixbot: fixbot/logwatch/filters.py@eb0545ec03e7 (annotated)

21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	1	import re
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	2
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	3	class BaseFilter (object) :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	4	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	5	A filter object matches incoming lines, to determine how they are handled, classify them, and optionally reformat them
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	6	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	7
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	8	# the LogWatchModule event to send
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	9	label = None
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	10
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	11	def __init__ (self, label) :
31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	12	self.label = label
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	13
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	14	def test (self, line) :
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	15	"""
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	16	Match against the given line. See match() for return codes
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	17	"""
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	18
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	19	raise NotImplementedError()
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	20
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	21	def match (self, msg) :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	22	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	23	Match against the given SyslogMessage, and return one of:
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	24	None - filter did not match, continue
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	25	False - filter matched, line should be dropped
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	26	(label, <str>)
31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	27	- filter matched, pass formatted output with given label
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	28	"""
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	29
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	30	# default to a full-line match
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	31	return self.test(str(msg))
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	32
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	33	class FullFilter (BaseFilter) :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	34	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	35	A trivial filter that matches every possible line as-is
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	36	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	37
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	38	def test (self, line) :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	39	# pass through
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	40	return self.label, line
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	41
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	42	class NullFilter (BaseFilter) :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	43	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	44	A filter that drops every line matching a given regexp
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	45	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	46
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	47	def __init__ (self, pattern, flags=0) :
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	48	# don't need an label
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	49
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	50	self.regexp = re.compile(pattern, flags)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	51
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	52	def test (self, line) :
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	53	match = self.regexp.search(line)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	54
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	55	if match :
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	56	# drop
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	57	return False
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	58
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	59	class SimpleFilter (BaseFilter) :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	60	"""
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	61	A simple filter that passes through any lines that match, optionally reformatting them with the given string
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	62	pattern, using the regexp match groups as parameters.
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	63	"""
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	64
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	65	def __init__ (self, label, pattern, format=None) :
31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	66	super(SimpleFilter, self).__init__(label)
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	67
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	68	# store
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	69	self.regexp = re.compile(pattern)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	70	self.format = format
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	71
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	72	def test (self, line) :
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	73	# match
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	74	match = self.regexp.search(line)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	75
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	76	if not match :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	77	# continue
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	78	return None
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	79
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	80	# reformat?
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	81	if self.format :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	82	# format with regexp match groups
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	83	return self.label, self.format % match.groupdict()
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	84
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	85	else :
ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	86	# match as-is
57 31e7421e98af rename event_type to label Tero Marttila <terom@fixme.fi> parents: 56 diff changeset	87	return self.label, line
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	88
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	89	class SyslogFilter (BaseFilter) :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	90	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	91	A more advanced filter that can match against fields in the syslog message.
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	92	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	93
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	94	def __init__ (self, label, pattern=None, program=None, drop=False, format=None, re_flags=0) :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	95	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	96	Filter using the given criteria:
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	97
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	98	label - label match output with given label
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	99
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	100	pattern - match message content against given regexp
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	101	program - (optional) case-insensitive match against message tag's program component
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	102	May also be False to indicate no tag
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	103
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	104	drop - drop this message if this matches
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	105	format - (optional) format output with given format string
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	106
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	107	re_flags - (optional) flags for regular expression
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	108	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	109
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	110	# XXX: super(SyslogFilter, self).__init__(label)
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	111	self.label = label
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	112
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	113	# store
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	114	if pattern :
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	115	self.regexp = re.compile(pattern, re_flags)
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	116	else :
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	117	self.regexp = None
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	118
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	119	self.program = program
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	120
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	121	self.drop = drop
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	122	self.format = format
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	123
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	124	def match (self, msg) :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	125	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	126	Evaluate match on given message
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	127	"""
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	128
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	129	# use the SyslogMessage's match method
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	130	match = msg.match(self.regexp, self.program)
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	131
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	132	# handle result
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	133	if match is False :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	134	# nack
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	135	return None
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	136
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	137	elif self.drop :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	138	# halt processing
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	139	return False
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	140
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	141	elif self.format :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	142	# the messages properties
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	143	params = msg.properties()
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	144
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	145	# the regexp'd matched params
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	146	params.update(match)
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	147
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	148	# formatted output
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	149	return self.label, self.format % params
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	150
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	151	else :
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	152	# boring output
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	153	return self.label, str(msg)
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	154
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	155
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	156	# matches a timestamp prefix
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	157	_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	158
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	159
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	160	# match all lines, but doesn't include the timestamp
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	161	all = SyslogFilter('all',
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	162	format = "%(hostname)s %(message)s"
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	163	)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	164
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	165	# match sudo invocations, reformatting them nicely
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	166	sudo = SyslogFilter('sudo',
21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	167	program = "sudo",
56 b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	168	pattern = r"^\s(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.)",
53 21ab25ffa1e8 implement SyslogFilter Tero Marttila <terom@fixme.fi> parents: 49 diff changeset	169	format = "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r",
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	170	)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	171
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	172	# match accepted ssh logins
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	173	ssh = SyslogFilter('ssh',
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	174	program = "sshd",
56 b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	175	pattern = r"^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	176	format = "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s",
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	177	)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	178
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	179	# drops all output from cron
56 b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	180	# XXX: what about the same from su?
66 eb0545ec03e7 Fix filter names Tero Marttila <terom@fixme.fi> parents: 57 diff changeset	181	cron_killer = SyslogFilter('cron',
55 5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	182	program = "cron",
5f720d719d01 update filters Tero Marttila <terom@fixme.fi> parents: 53 diff changeset	183	drop = True,
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	184	)
aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	185
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	186	# drops `su nobody` output (from cron)
66 eb0545ec03e7 Fix filter names Tero Marttila <terom@fixme.fi> parents: 57 diff changeset	187	su_nobody_killer = SyslogFilter('su-nobody',
56 b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	188	program = "su",
b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	189	pattern = r"^(Successful su for nobody by root\|\+ \?\?\? root:nobody)$",
b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	190	re_flags = re.IGNORECASE,
b801f653f7d4 more filter fixes/updates Tero Marttila <terom@fixme.fi> parents: 55 diff changeset	191	drop = True
21 aa6df8f9c44a add initial code back under fixbot/, the git-convert somehow broke terom@fixme.fi parents: diff changeset	192	)
48 ba101beeb062 work on logwatch docs, small tweaks Tero Marttila <terom@fixme.fi> parents: 40 diff changeset	193

author	Tero Marttila <terom@fixme.fi>
	Sat, 06 Nov 2010 16:01:42 +0200
changeset 66	eb0545ec03e7
parent 57	31e7421e98af
permissions	-rw-r--r--