equal
deleted
inserted
replaced
31 return self._filter(match) |
31 return self._filter(match) |
32 |
32 |
33 def _filter (self, match) : |
33 def _filter (self, match) : |
34 return self.format % match.groupdict() |
34 return self.format % match.groupdict() |
35 |
35 |
|
36 _timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}" |
|
37 |
36 all = FullFilter("all") |
38 all = FullFilter("all") |
37 |
39 |
38 _timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}" |
40 all_wo_timestamps = SimpleFilter( |
|
41 "all", |
|
42 "^" + _timestamp + " (?P<line>.+)$", |
|
43 "%(line)s" |
|
44 ) |
39 |
45 |
40 sudo = SimpleFilter( |
46 sudo = SimpleFilter( |
41 "sudo", |
47 "sudo", |
42 "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)", |
48 "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)", |
43 "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r" |
49 "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r" |
48 "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)", |
54 "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)", |
49 "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
55 "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
50 ) |
56 ) |
51 |
57 |
52 cron_killer = NullFilter( |
58 cron_killer = NullFilter( |
53 "^" + _timestamp + " \S+\s+CRON\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$", |
59 "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$", |
54 re.IGNORECASE |
60 re.IGNORECASE |
55 ) |
61 ) |
56 |
62 |
|
63 su_nobody_killer = NullFilter( |
|
64 "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$", |
|
65 re.IGNORECASE |
|
66 ) |