--- a/logwatcher.py Tue Mar 25 19:10:59 2008 +0200
+++ b/logwatcher.py Wed Mar 26 01:12:11 2008 +0200
@@ -1,8 +1,9 @@
from twisted.internet import protocol, reactor
from twisted.python import log
-import sys, re
+import sys
import api
+import logwatch_config as config
class TailProcessProtocol (protocol.ProcessProtocol) :
def __init__ (self, module, name, filters) :
@@ -38,46 +39,6 @@
log.err(msg)
self.module.error(msg)
-class Filter (object) :
- def __init__ (self, regexp, event_type) :
- self.regexp = re.compile(regexp)
- self.event_type = event_type
-
- def test (self, line) :
- match = self.regexp.search(line)
-
- if match :
- return self._filter(match)
-
- def _filter (self, match) :
- return match.string
-
-class AutoFilter (Filter) :
- # your event type here, as a string
- EVENT = None
-
- # your regexp here, with named matchgroups
- REGEXP = None
-
- # your output format, with named interpolation params
- OUTPUT = None
-
- def __init__ (self) :
- super(AutoFilter, self).__init__(self.REGEXP, self.EVENT)
-
- def _filter (self, match) :
- return self.OUTPUT % match.groupdict()
-
-class SudoFilter (AutoFilter) :
- EVENT = "sudo"
- REGEXP = "sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)"
- OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s"
-
-class SSHFilter (AutoFilter) :
- EVENT = "ssh"
- REGEXP = "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)"
- OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s"
-
class LogWatchModule (api.Module) :
name = "logs"
version = 0x0001
@@ -87,13 +48,8 @@
"sudo",
"ssh",
]
-
- log_files = (
- ("auth.log", "/var/log/auth.log", (
- SudoFilter(),
- SSHFilter(),
- )),
- )
+
+ log_files = config.log_files
log_objs = None