# HG changeset patch
# User Tero Marttila <terom@fixme.fi>
# Date 1265398555 -7200
# Node ID 5f720d719d01ea71daeb9eca23431651cb4f3e17
# Parent  395182b7ea0fd31d1ae2df15871940f917e4f37a
update filters

diff -r 395182b7ea0f -r 5f720d719d01 fixbot/logwatch/filters.py
--- a/fixbot/logwatch/filters.py	Fri Feb 05 21:30:06 2010 +0200
+++ b/fixbot/logwatch/filters.py	Fri Feb 05 21:35:55 2010 +0200
@@ -111,7 +111,11 @@
         self.label = label
         
         # store
-        self.regexp = re.compile(pattern, re_flags)
+        if pattern :
+            self.regexp = re.compile(pattern, re_flags)
+        else :
+            self.regexp = None
+
         self.program = program
 
         self.drop = drop
@@ -153,14 +157,9 @@
 _timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
 
 
-# matches all lines
-all = FullFilter("all")
-
-# match all lines, but drop the prefixed timestamp
-all_wo_timestamps = SimpleFilter(
-    "all",
-    "^" + _timestamp + " (?P<line>.+)$",
-    "%(line)s"
+# match all lines, but doesn't include the timestamp
+all = SyslogFilter('all',
+    format  = "%(hostname)s %(message)s"
 )
 
 # match sudo invocations, reformatting them nicely
@@ -170,25 +169,25 @@
     format  = "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r",
 )
 
-#sudo = SimpleFilter(
-#    "sudo",
-#    "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
-#    "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r"
-#)
-
 # match accepted ssh logins
-ssh = SimpleFilter(
-    "ssh",
-    "(?P<hostname>\S+)\s+sshd\[\d+\]:\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
-    "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s"
+ssh = SyslogFilter('ssh',
+    program = "sshd",
+    pattern = "^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
+    format  = "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s",
 )
 
-# drops pam output from cron
-cron_killer = NullFilter(
-        "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
-        re.IGNORECASE
+# drops all output from cron
+# XXX: what about su?
+cron_killer = SyslogFilter('all',
+    program = "cron",
+    drop    = True,
 )
 
+#cron_killer = NullFilter(
+#        "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
+#        re.IGNORECASE
+#)
+
 # drops `su nobody` output (from cron)
 su_nobody_killer = NullFilter(
     "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",