diff -r 8e7493df9f52 -r 614161f85d9b logwatcher.py --- a/logwatcher.py Thu Mar 20 18:47:58 2008 +0200 +++ b/logwatcher.py Thu Mar 20 19:46:04 2008 +0200 @@ -52,14 +52,31 @@ def _filter (self, match) : return match.string -class SudoFilter (Filter) : - REGEXP = "sudo:\s*(?P\S+) : TTY=(?P\S+) ; PWD=(?P.+?) ; USER=(?P\S+) ; COMMAND=(?P.*)" +class AutoFilter (Filter) : + # your event type here, as a string + EVENT = None + # your regexp here, with named matchgroups + REGEXP = None + + # your output format, with named interpolation params + OUTPUT = None + def __init__ (self) : - super(SudoFilter, self).__init__(self.REGEXP, "sudo") + super(AutoFilter, self).__init__(self.REGEXP, self.EVENT) + + def _filter (self, match) : + return self.OUTPUT % match.groupdict() - def _filter (self, match) : - return "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" % match.groupdict() +class SudoFilter (AutoFilter) : + EVENT = "sudo" + REGEXP = "sudo:\s*(?P\S+) : TTY=(?P\S+) ; PWD=(?P.+?) ; USER=(?P\S+) ; COMMAND=(?P.*)" + OUTPUT = "%(username)s:%(tty)s - %(pwd)s - `%(command)s` as %(target_user)s" + +class SSHFilter (AutoFilter) : + EVENT = "ssh" + REGEXP = "(?PAccepted|Failed) password for (?P\S+) from (?P\S+) port (?P\S+) (?P\S+)" + OUTPUT = "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s" class ExampleModule (api.Module) : name = "logs" @@ -67,12 +84,14 @@ event_types = [ "error", - "sudo" + "sudo", + "ssh", ] log_files = ( ("auth.log", "/var/log/auth.log", ( SudoFilter(), + SSHFilter(), )), ) @@ -88,14 +107,11 @@ p = self.log_objs[name] = TailProcessProtocol(self, name, filters) - reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "--follow=name", file]) + reactor.spawnProcess(p, "/usr/bin/tail", ["tail", "-n0", "--follow=name", file]) def error (self, msg) : self.sendEvent("error", msg) if __name__ == '__main__' : - log.startLogging(sys.stderr) - - module = ExampleModule() - reactor.run() + ExampleModule().run()