--- a/logwatcher.py Thu Mar 20 18:47:58 2008 +0200
+++ b/logwatcher.py Thu Mar 20 19:46:04 2008 +0200
@@ -52,14 +52,31 @@
def _filter (self, match) :
return match.string
-class SudoFilter (Filter) :
- REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)"
+class AutoFilter (Filter) :
+ # your event type here, as a string
+ EVENT = None
+ # your regexp here, with named matchgroups
+ REGEXP = None
+
+ # your output format, with named interpolation params
+ OUTPUT = None
+
def __init__ (self) :
- super(SudoFilter, self).__init__(self.REGEXP, "sudo")
+ super(AutoFilter, self).__init__(self.REGEXP, self.EVENT)
+
+ def _filter (self, match) :
+ return self.OUTPUT % match.groupdict()
- def _filter (self, match) :
- return "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" % match.groupdict()
+class SudoFilter (AutoFilter) :
+ EVENT = "sudo"
+ REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)"
+ OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s"
+
+class SSHFilter (AutoFilter) :
+ EVENT = "ssh"
+ REGEXP = "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)"
+ OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s"
class ExampleModule (api.Module) :
name = "logs"
@@ -67,12 +84,14 @@
event_types = [
"error",
- "sudo"
+ "sudo",
+ "ssh",
]
log_files = (
("auth.log", "/var/log/auth.log", (
SudoFilter(),
+ SSHFilter(),
)),
)
@@ -88,14 +107,11 @@
p = self.log_objs[name] = TailProcessProtocol(self, name, filters)
- reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "--follow=name", file])
+ reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "-n0", "--follow=name", file])
def error (self, msg) :
self.sendEvent("error", msg)
if __name__ == '__main__' :
- log.startLogging(sys.stderr)
-
- module = ExampleModule()
- reactor.run()
+ ExampleModule().run()