--- a/fixbot/logwatch/filters.py Fri Feb 05 21:30:06 2010 +0200
+++ b/fixbot/logwatch/filters.py Fri Feb 05 21:35:55 2010 +0200
@@ -111,7 +111,11 @@
self.label = label
# store
- self.regexp = re.compile(pattern, re_flags)
+ if pattern :
+ self.regexp = re.compile(pattern, re_flags)
+ else :
+ self.regexp = None
+
self.program = program
self.drop = drop
@@ -153,14 +157,9 @@
_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
-# matches all lines
-all = FullFilter("all")
-
-# match all lines, but drop the prefixed timestamp
-all_wo_timestamps = SimpleFilter(
- "all",
- "^" + _timestamp + " (?P<line>.+)$",
- "%(line)s"
+# match all lines, but doesn't include the timestamp
+all = SyslogFilter('all',
+ format = "%(hostname)s %(message)s"
)
# match sudo invocations, reformatting them nicely
@@ -170,25 +169,25 @@
format = "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r",
)
-#sudo = SimpleFilter(
-# "sudo",
-# "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
-# "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r"
-#)
-
# match accepted ssh logins
-ssh = SimpleFilter(
- "ssh",
- "(?P<hostname>\S+)\s+sshd\[\d+\]:\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
- "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s"
+ssh = SyslogFilter('ssh',
+ program = "sshd",
+ pattern = "^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
+ format = "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s",
)
-# drops pam output from cron
-cron_killer = NullFilter(
- "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
- re.IGNORECASE
+# drops all output from cron
+# XXX: what about su?
+cron_killer = SyslogFilter('all',
+ program = "cron",
+ drop = True,
)
+#cron_killer = NullFilter(
+# "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
+# re.IGNORECASE
+#)
+
# drops `su nobody` output (from cron)
su_nobody_killer = NullFilter(
"^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",