def process(self): locations = self._plugin.get("config", "location") locations = locations.split(',') logger.info("*******************") #REMOTE???? # first check if file exists #for location in locations: # self.check_file_path(location) # compile the list of regexp unsorted_rules = self._plugin.rules() keys = unsorted_rules.keys() keys.sort() for key in keys: item = unsorted_rules[key] self.rules.append(RuleMatch(key, item, self._plugin)) conns = [] host = self._plugin.get("config", "host") user = self._plugin.get("config", "user") passwd = self._plugin.get("config", "passwd") conn = SSHConnection(host, 22, user, passwd) res = conn.connect() if res == False: print "Error connecting to %s for remote logging" % host self.stop_processing == False else: print "Connected to %s" % host conns.append(conn) while not self.stop_processing: # is plugin enabled? if not self._plugin.getboolean("config", "enable"): # wait until plugin is enabled while not self._plugin.getboolean("config", "enable"): time.sleep(1) # plugin is now enabled, skip events generated on # 'disable' state, so move to the end of file self._thresholding() for c in conns: # stop processing tails if requested if self.stop_processing: break transport = c.client.get_transport() channel = transport.open_session() if self._plugin.getboolean("config", "readAll"): cmd = "tail -f -n 10000000000000000000 %s" % locations[0] else: cmd = "tail -f -n 0 %s" % locations[0] print cmd channel.exec_command(cmd) tmp_data = "" while True: if self.stop_processing: break rl, wl, xl = select.select([channel], [], [], 0.0) if len(rl) > 0: data = tmp_data + channel.recv(1024) data = data.split("\n") tmp_data = data[len(data) - 1] for d in data: matches = 0 rules = 0 if self.stop_processing: break for rule in self.rules: rules += 1 rule.feed(d) if rule.match(): matches += 1 logger.debug('Match rule: [%s] -> %s' % (rule.name, d)) event = rule.generate_event() if event is not None: self.send_message(event) break time.sleep(0.1) for c in conns: c.client.close() logger.debug("Processing completed.")
def process(self): locations = self._plugin.get("config", "location") locations = locations.split(',') #REMOTE???? # first check if file exists #for location in locations: # self.check_file_path(location) # compile the list of regexp unsorted_rules = self._plugin.rules() keys = unsorted_rules.keys() keys.sort() for key in keys: item = unsorted_rules[key] self.rules.append(RuleMatch(key, item, self._plugin)) conns = [] host = self._plugin.get("config", "host") user = self._plugin.get("config", "user") passwd = self._plugin.get("config", "passwd") conn = SSHConnection(host, 22, user, passwd) connected = False while not connected: connected = conn.connect() if not connected: logger.info("Error connecting to %s for remote logging, retry in 30 seconds." % host) time.sleep(30) logger.info("Connected to %s" % host) conns.append(conn) while not self.stop_processing: # is plugin enabled? if not self._plugin.getboolean("config", "enable"): # wait until plugin is enabled while not self._plugin.getboolean("config", "enable"): time.sleep(1) # plugin is now enabled, skip events generated on # 'disable' state, so move to the end of file self._thresholding() for c in conns: # stop processing tails if requested if self.stop_processing: break transport = c.client.get_transport() channel = transport.open_session() if self._plugin.getboolean("config", "readAll"): cmd = "tail -f -n 10000000000000000000 %s" % locations[0] else: cmd = "tail -f -n 0 %s" % locations[0] channel.exec_command(cmd) tmp_data = "" while True: if self.stop_processing: break rl, wl, xl = select.select([channel],[],[],0.0) if len(rl) > 0: data = tmp_data + channel.recv(1024) data = data.split("\n") tmp_data = data[len(data)-1] for d in data: matches = 0 rules = 0 if self.stop_processing: break for rule in self.rules: rules += 1 rule.feed(d) if rule.match(): matches += 1 logger.debug('Match rule: [%s] -> %s' % (rule.name, d)) event = rule.generate_event() if event is not None: self.send_message(event) break time.sleep(0.1) for c in conns: c.closeConnection() logger.debug("Processing completed.")