50 return self._filter(match) |
50 return self._filter(match) |
51 |
51 |
52 def _filter (self, match) : |
52 def _filter (self, match) : |
53 return match.string |
53 return match.string |
54 |
54 |
55 class SudoFilter (Filter) : |
55 class AutoFilter (Filter) : |
56 REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)" |
56 # your event type here, as a string |
|
57 EVENT = None |
57 |
58 |
|
59 # your regexp here, with named matchgroups |
|
60 REGEXP = None |
|
61 |
|
62 # your output format, with named interpolation params |
|
63 OUTPUT = None |
|
64 |
58 def __init__ (self) : |
65 def __init__ (self) : |
59 super(SudoFilter, self).__init__(self.REGEXP, "sudo") |
66 super(AutoFilter, self).__init__(self.REGEXP, self.EVENT) |
|
67 |
|
68 def _filter (self, match) : |
|
69 return self.OUTPUT % match.groupdict() |
60 |
70 |
61 def _filter (self, match) : |
71 class SudoFilter (AutoFilter) : |
62 return "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" % match.groupdict() |
72 EVENT = "sudo" |
|
73 REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)" |
|
74 OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" |
|
75 |
|
76 class SSHFilter (AutoFilter) : |
|
77 EVENT = "ssh" |
|
78 REGEXP = "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)" |
|
79 OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
63 |
80 |
64 class ExampleModule (api.Module) : |
81 class ExampleModule (api.Module) : |
65 name = "logs" |
82 name = "logs" |
66 version = 0x0001 |
83 version = 0x0001 |
67 |
84 |
68 event_types = [ |
85 event_types = [ |
69 "error", |
86 "error", |
70 "sudo" |
87 "sudo", |
|
88 "ssh", |
71 ] |
89 ] |
72 |
90 |
73 log_files = ( |
91 log_files = ( |
74 ("auth.log", "/var/log/auth.log", ( |
92 ("auth.log", "/var/log/auth.log", ( |
75 SudoFilter(), |
93 SudoFilter(), |
|
94 SSHFilter(), |
76 )), |
95 )), |
77 ) |
96 ) |
78 |
97 |
79 log_objs = None |
98 log_objs = None |
80 |
99 |
86 for name, file, filters in self.log_files : |
105 for name, file, filters in self.log_files : |
87 log.msg("\t%s - %s..." % (name, file)) |
106 log.msg("\t%s - %s..." % (name, file)) |
88 |
107 |
89 p = self.log_objs[name] = TailProcessProtocol(self, name, filters) |
108 p = self.log_objs[name] = TailProcessProtocol(self, name, filters) |
90 |
109 |
91 reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "--follow=name", file]) |
110 reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "-n0", "--follow=name", file]) |
92 |
111 |
93 def error (self, msg) : |
112 def error (self, msg) : |
94 self.sendEvent("error", msg) |
113 self.sendEvent("error", msg) |
95 |
114 |
96 if __name__ == '__main__' : |
115 if __name__ == '__main__' : |
97 log.startLogging(sys.stderr) |
116 ExampleModule().run() |
98 |
|
99 module = ExampleModule() |
|
100 reactor.run() |
|
101 |
117 |