1 from twisted.internet import protocol, reactor |
1 from twisted.internet import protocol, reactor |
2 from twisted.python import log |
2 from twisted.python import log |
3 import sys, re |
3 import sys |
4 |
4 |
5 import api |
5 import api |
|
6 import logwatch_config as config |
6 |
7 |
7 class TailProcessProtocol (protocol.ProcessProtocol) : |
8 class TailProcessProtocol (protocol.ProcessProtocol) : |
8 def __init__ (self, module, name, filters) : |
9 def __init__ (self, module, name, filters) : |
9 self.module = module |
10 self.module = module |
10 self.name = name |
11 self.name = name |
36 msg = "tail process for %s quit: %s" % (self.name, reason.getErrorMessage()) |
37 msg = "tail process for %s quit: %s" % (self.name, reason.getErrorMessage()) |
37 |
38 |
38 log.err(msg) |
39 log.err(msg) |
39 self.module.error(msg) |
40 self.module.error(msg) |
40 |
41 |
41 class Filter (object) : |
|
42 def __init__ (self, regexp, event_type) : |
|
43 self.regexp = re.compile(regexp) |
|
44 self.event_type = event_type |
|
45 |
|
46 def test (self, line) : |
|
47 match = self.regexp.search(line) |
|
48 |
|
49 if match : |
|
50 return self._filter(match) |
|
51 |
|
52 def _filter (self, match) : |
|
53 return match.string |
|
54 |
|
55 class AutoFilter (Filter) : |
|
56 # your event type here, as a string |
|
57 EVENT = None |
|
58 |
|
59 # your regexp here, with named matchgroups |
|
60 REGEXP = None |
|
61 |
|
62 # your output format, with named interpolation params |
|
63 OUTPUT = None |
|
64 |
|
65 def __init__ (self) : |
|
66 super(AutoFilter, self).__init__(self.REGEXP, self.EVENT) |
|
67 |
|
68 def _filter (self, match) : |
|
69 return self.OUTPUT % match.groupdict() |
|
70 |
|
71 class SudoFilter (AutoFilter) : |
|
72 EVENT = "sudo" |
|
73 REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)" |
|
74 OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" |
|
75 |
|
76 class SSHFilter (AutoFilter) : |
|
77 EVENT = "ssh" |
|
78 REGEXP = "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)" |
|
79 OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" |
|
80 |
|
81 class LogWatchModule (api.Module) : |
42 class LogWatchModule (api.Module) : |
82 name = "logs" |
43 name = "logs" |
83 version = 0x0001 |
44 version = 0x0001 |
84 |
45 |
85 event_types = [ |
46 event_types = [ |
86 "error", |
47 "error", |
87 "sudo", |
48 "sudo", |
88 "ssh", |
49 "ssh", |
89 ] |
50 ] |
90 |
51 |
91 log_files = ( |
52 log_files = config.log_files |
92 ("auth.log", "/var/log/auth.log", ( |
|
93 SudoFilter(), |
|
94 SSHFilter(), |
|
95 )), |
|
96 ) |
|
97 |
53 |
98 log_objs = None |
54 log_objs = None |
99 |
55 |
100 def handleConnect (self) : |
56 def handleConnect (self) : |
101 log.msg("Spawning tail processes...") |
57 log.msg("Spawning tail processes...") |