equal
deleted
inserted
replaced
33 def _filter (self, match) : |
33 def _filter (self, match) : |
34 return self.format % match.groupdict() |
34 return self.format % match.groupdict() |
35 |
35 |
36 all = FullFilter("all") |
36 all = FullFilter("all") |
37 |
37 |
38 _timestamp = "\w{3} \d{2} \d{2}:\d{2}:\d{2}" |
38 _timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}" |
39 |
39 |
40 sudo = SimpleFilter( |
40 sudo = SimpleFilter( |
41 "sudo", |
41 "sudo", |
42 "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)", |
42 "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)", |
43 "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r" |
43 "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r" |
48 "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)", |
48 "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)", |
49 "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
49 "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
50 ) |
50 ) |
51 |
51 |
52 cron_killer = NullFilter( |
52 cron_killer = NullFilter( |
53 "^" + _timestamp + "\S+\s+CRON\[\d+\]: (\w+) session (opened|closed) for user \w+( by \(uid=\d+\))?$", |
53 "^" + _timestamp + " \S+\s+CRON\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$", |
54 re.IGNORECASE |
54 re.IGNORECASE |
55 ) |
55 ) |
56 |
56 |