def antifixed_func(line=None, extra=None):
if 'Acct' not in line:
return
modname = 'antifixed'
oid = getoid()
host = gethostname()
area = getareaname()
mysql_cmd = groupsql(extra)
mod_id_sql = mysql_cmd + '''-e "select fn_module('%s','%s','%s','%s');"|grep -v fn_module'''%(area,host,oid,modname)
ret = shell_cmd(mod_id_sql,modname)
module_id = ret.split('\\t')[0]
try:
lvstr = line.replace('lv= ','lv=')
ip = str2ip(lvstr.split(' ')[6].split('=')[1])
detime = lvstr.split(' ')[0][1:5]+'-'+line.split(' ')[0][5:7]+'-'+line.split(' ')[0][7:9]+' '+line.split(' ')[1][0:8]
lv = lvstr.split(' ')[4].split('=')[1]
acc = lvstr.split(' ')[8].split('=')[1]
ret = lvstr.split(' ')[7].split('=')[1][1:-1]
except:
log(modname, 3, '日志分析错误: %s' %line)
return
if ret == 'ajjl':
fixsql = '''insert into t_antimod_yes (acc,lv,ret,ip,detime,module_id) values('%s','%s','%s','%s','%s','%s');'''%(acc,lv,ret,ip,detime,module_id)
else:
fixsql = '''insert into t_antimod (acc,lv,ret,ip,detime,module_id) values('%s','%s','%s','%s','%s','%s');'''%(acc,lv,ret,ip,detime,module_id)
return fixsql
def actmod_func(line=None, extra=None):
if 'acctid,acct' in line:
return
modname = 'actmod'
oid = getoid()
host = gethostname()
area = getareaname()
mysql_cmd = groupsql(extra)
mod_id_sql = mysql_cmd + '''-e "select fn_module('%s','%s','%s','%s');"|grep -v fn_module''' % (
area, host, oid, modname)
ret = shell_cmd(mod_id_sql, modname)
module_id = ret.split('\\t')[0]
try:
acctid = line.split(',')[0]
acct = line.split(',')[1]
actid = line.split(',')[2]
act = line.split(',')[3]
level = line.split(',')[4]
m = line.split(',')[5]
ec = line.split(',')[6]
km = line.split(',')[7]
kg = line.split(',')[8]
ki = line.split(',')[9]
gold = line.split(',')[10]
ctime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime())
sql_cmd = '''insert into t_actor_log (acctid,acct,actid,act,level,m,ec,km,kg,ki,gold,module_id,ctime) values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');''' % (
acctid, acct, actid, act, level, m, ec, km, kg, ki, gold,
module_id, ctime)
return sql_cmd
except:
log(modname, 3, '日志分析错误: %s' % line)
return
def antilog_func(line=None, extra=None):
if 'Account' not in line:
return
modname = 'antilog'
oid = getoid()
host = gethostname()
area = getareaname()
mysql_cmd = groupsql(extra)
mod_id_sql = mysql_cmd + '''-e "select fn_module('%s','%s','%s','%s');"|grep -v fn_module'''%(area,host,oid,modname)
ret = shell_cmd(mod_id_sql,modname)
module_id = ret.split('\\t')[0]
try:
acc = line.split(' ')[5].split('=')[1]
lv = line.split(' ')[3].split('=')[1]
ip = str2ip(line.split(' ')[4].split('=')[1])
st = line.split(' ')[7].split('=')[1]
detime = ' '.join(line.split(' ')[0:2])
if st == 'deteched':
app = line.split(' ')[8].split('=')[1]
ver = line.split(' ')[9].split('=')[1]
ret = 'NULL'
sql_cmd = '''insert into t_antimod (acc,lv,ret,ip,wg,ver,detime,module_id) values('%s','%s','%s','%s','%s','%s','%s','%s');'''%(acc,lv,ret,ip,app,ver,detime,module_id)
elif st == 'TimeOut':
app = 'TimeOut'
ver = 'NULL'
ret = 'NULL'
if 'Ret=' in line:
ret = line.split(' ')[8].split('=')[1].strip('\n')
sql_cmd = '''insert into t_antimod_yes (acc,lv,ret,ip,wg,ver,detime,module_id) values('%s','%s','%s','%s','%s','%s','%s','%s');'''%(acc,lv,ret,ip,app,ver,detime,module_id)
return sql_cmd
except:
log(modname, 3, '日志分析错误: %s' %line)
return
acct = line.split(',')[1]
actid = line.split(',')[2]
act = line.split(',')[3]
level = line.split(',')[4]
m = line.split(',')[5]
ec = line.split(',')[6]
km = line.split(',')[7]
kg = line.split(',')[8]
ki = line.split(',')[9]
gold = line.split(',')[10]
ctime = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime())
jsonresult ="{'zone':'%s','group':'%s','acctid':'%s','acct':'%s','actid':'%s','act':'%s','level':'%s','m':'%s','ec':'%s','km':'%s','kg':'%s','ki':'%s','gold':'%s','ctime':'%s','ectype':''} " % \
(area,group,acctid,acct,actid,act,level,m,ec,km,kg,ki,gold,ctime)
except:
log(modname, 3, '日志分析错误: %s' %line)
return
print jsonresult
return jsonresult
if __name__ == '__main__':
modname = 'actmod'
cmd = '''ps -ef |grep %s|grep -v grep|wc -l'''%modname
num = shell_cmd(cmd, modname)
if int(num) == 1:
actmod_func()
else:
log(modname, 3, '进程已经存在: %s' %modname)
sys.exit()