import os import numpy as np import matplotlib.pyplot as plt import pylab # color palette from matplotlib import cm from logsparser.lognormalizer import LogNormalizer as LN import GeoIP normalizer = LN('/home/kura//.virtualenvs/ssh-attack-visualisation/share/logsparser/normalizers/') auth_logs = open('/home/kura/workspace/ssh-attack-visualisation/logs/auth.log.combined', 'r') locator = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE) dataset = {} for log in auth_logs: l = {'raw' : log[:-1] } # remove the ending \n normalizer.normalize(l) if l.get('action') == 'fail': key = str(l['date'].hour).rjust(2,'0') +\ str(l['date'].minute).rjust(2,'0') +\ str(l['date'].second).rjust(2,'0') dataset[key] = dataset.get(key, {}) country_l = locator.country_code_by_addr(l['source_ip']) if country_l: country = country_l else: country = "Unknown" dataset[key][country] = dataset[key].get(country, 0) + 1 from mpl_toolkits.basemap import Basemap
# # You should have received a copy of the GNU Lesser General Public License # along with this library; if not, write to the Free Software Foundation, Inc., # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # """Utility to visualize tags per taxonomy.""" import time import os from sys import exit as sysexit from logsparser.lognormalizer import LogNormalizer as LN from optparse import OptionParser normalizer_path = os.environ['NORMALIZERS_PATH'] or '../normalizers/' ln = LN(normalizer_path) help = """ This utility aims to list tags frequencies per taxonomy. It uses the environment variable $NORMALIZERS_PATH as the source of normalizers to test. By default, this script will use the sample logs shipped in the normalizers as its input; it is possible to use another log file by using the parameter -i. The script's output is a classification of tags per service type. It looks like this: Category *SERVICENAME* (N log(s)): * tag1 : 16.67%
# Authors: Paul Mason (Paulmason126[at]gmail[dot]com) ; Kyle Fleming (kylefleming[at]gmail[dot}com) # Contributors: TBC Come on folks!!! # Thanks: TJ O'Connor Author of Violent Python which gave us the inspiration for this app import sys, signal, socket import urllib2 import urlparse import re import pygmaps import pygeoip import mechanize import os from logsparser.lognormalizer import LogNormalizer as LN from time import sleep os.system('clear') normalizer = LN('/usr/local/share/logsparser/normalizers') gi = pygeoip.GeoIP('./GeoLiteCity.dat') countries = {} latlong = {} def geo_menu(): print 'Geolocation Menu' print '1) Enter and locate an IP Addr' print '2) Enter a url, resolve IP and geolocate' print '3) Log Check and IP geolocate (sshd)' print '0) Exit' geo_option = raw_input('Please choose an option: ') try: choice = geomenudict[geo_option] choice()
if os.path.exists(PID_FILE_PATH): debugMessage(1, "Tamaauth is already running, exiting") exit(0) else: pid_file = open(PID_FILE_PATH, "w") pid_file.write(str(os.getpid()) + "\n") pid_file.close() if len(sys.argv) > 1: AUTH_LOG_PATH = sys.argv[1] debugMessage(2, "Parsing " + AUTH_LOG_PATH + " as auth.log") normalizer = LN( '/usr/local/lib/python2.7/dist-packages/pylogsparser-0.4-py2.7.egg/share/logsparser/normalizers' ) engine = sqlalchemy.create_engine('sqlite:///' + AUTH_DB_PATH) Base = declarative_base() class Event(Base): __tablename__ = 'events' id = sqlalchemy.Column(sqlalchemy.Integer, primary_key=True) date = sqlalchemy.Column(sqlalchemy.DateTime) action = sqlalchemy.Column(sqlalchemy.String) user = sqlalchemy.Column(sqlalchemy.String) program = sqlalchemy.Column(sqlalchemy.String) source = sqlalchemy.Column(sqlalchemy.String)