--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fixbot/logwatch_filters.py	Mon Sep 15 00:27:05 2008 +0300
@@ -0,0 +1,66 @@
+import re
+
+class FullFilter (object) :
+    def __init__ (self, event_type) :
+        self.event_type = event_type
+
+    def test (self, line) :
+        return line
+
+class NullFilter (object) :
+    def __init__ (self, pattern, flags=None) :
+        self.regexp = re.compile(pattern, flags)
+    
+    def test (self, line) :
+        match = self.regexp.search(line)
+        
+        if match :
+            return False
+
+class SimpleFilter (object) :
+    def __init__ (self, event_type, pattern, format) :
+        self.event_type = event_type
+
+        self.regexp = re.compile(pattern)
+        self.format = format
+
+    def test (self, line) :
+        match = self.regexp.search(line)
+        
+        if match :
+            return self._filter(match)
+        
+    def _filter (self, match) :
+        return self.format % match.groupdict()
+
+_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
+
+all = FullFilter("all")
+
+all_wo_timestamps = SimpleFilter(
+    "all",
+    "^" + _timestamp + " (?P<line>.+)$",
+    "%(line)s"
+)
+
+sudo = SimpleFilter(
+    "sudo",
+    "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
+    "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r"
+)
+
+ssh = SimpleFilter(
+    "ssh",
+    "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
+    "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s"
+)
+
+cron_killer = NullFilter(
+        "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$",
+        re.IGNORECASE
+)
+
+su_nobody_killer = NullFilter(
+    "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",
+    re.IGNORECASE
+)