terom@21: import re
terom@21: 
terom@21: class FullFilter (object) :
terom@21:     def __init__ (self, event_type) :
terom@21:         self.event_type = event_type
terom@21: 
terom@21:     def test (self, line) :
terom@21:         return line
terom@21: 
terom@21: class NullFilter (object) :
terom@21:     def __init__ (self, pattern, flags=None) :
terom@21:         self.regexp = re.compile(pattern, flags)
terom@21:     
terom@21:     def test (self, line) :
terom@21:         match = self.regexp.search(line)
terom@21:         
terom@21:         if match :
terom@21:             return False
terom@21: 
terom@21: class SimpleFilter (object) :
terom@21:     def __init__ (self, event_type, pattern, format) :
terom@21:         self.event_type = event_type
terom@21: 
terom@21:         self.regexp = re.compile(pattern)
terom@21:         self.format = format
terom@21: 
terom@21:     def test (self, line) :
terom@21:         match = self.regexp.search(line)
terom@21:         
terom@21:         if match :
terom@21:             return self._filter(match)
terom@21:         
terom@21:     def _filter (self, match) :
terom@21:         return self.format % match.groupdict()
terom@21: 
terom@21: _timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
terom@21: 
terom@21: all = FullFilter("all")
terom@21: 
terom@21: all_wo_timestamps = SimpleFilter(
terom@21:     "all",
terom@21:     "^" + _timestamp + " (?P<line>.+)$",
terom@21:     "%(line)s"
terom@21: )
terom@21: 
terom@21: sudo = SimpleFilter(
terom@21:     "sudo",
terom@21:     "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
terom@21:     "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r"
terom@21: )
terom@21: 
terom@21: ssh = SimpleFilter(
terom@21:     "ssh",
terom@21:     "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
terom@21:     "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s"
terom@21: )
terom@21: 
terom@21: cron_killer = NullFilter(
terom@21:         "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$",
terom@21:         re.IGNORECASE
terom@21: )
terom@21: 
terom@21: su_nobody_killer = NullFilter(
terom@21:     "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",
terom@21:     re.IGNORECASE
terom@21: )