import os
import numpy as np
import matplotlib.pyplot as plt
import pylab
# color palette
from matplotlib import cm
from logsparser.lognormalizer import LogNormalizer as LN
import GeoIP
normalizer = LN('/home/kura//.virtualenvs/ssh-attack-visualisation/share/logsparser/normalizers/')
auth_logs = open('/home/kura/workspace/ssh-attack-visualisation/logs/auth.log.combined', 'r')
locator = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
dataset = {}
for log in auth_logs:
l = {'raw' : log[:-1] } # remove the ending \n
normalizer.normalize(l)
if l.get('action') == 'fail':
key = str(l['date'].hour).rjust(2,'0') +\
str(l['date'].minute).rjust(2,'0') +\
str(l['date'].second).rjust(2,'0')
dataset[key] = dataset.get(key, {})
country_l = locator.country_code_by_addr(l['source_ip'])
if country_l:
country = country_l
else:
country = "Unknown"
dataset[key][country] = dataset[key].get(country, 0) + 1
from mpl_toolkits.basemap import Basemap
# # You should have received a copy of the GNU Lesser General Public License # along with this library; if not, write to the Free Software Foundation, Inc., # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # """Utility to visualize tags per taxonomy.""" import time import os from sys import exit as sysexit from logsparser.lognormalizer import LogNormalizer as LN from optparse import OptionParser normalizer_path = os.environ['NORMALIZERS_PATH'] or '../normalizers/' ln = LN(normalizer_path) help = """ This utility aims to list tags frequencies per taxonomy. It uses the environment variable $NORMALIZERS_PATH as the source of normalizers to test. By default, this script will use the sample logs shipped in the normalizers as its input; it is possible to use another log file by using the parameter -i. The script's output is a classification of tags per service type. It looks like this: Category *SERVICENAME* (N log(s)): * tag1 : 16.67%
# Authors: Paul Mason (Paulmason126[at]gmail[dot]com) ; Kyle Fleming (kylefleming[at]gmail[dot}com)
# Contributors: TBC Come on folks!!!
# Thanks: TJ O'Connor Author of Violent Python which gave us the inspiration for this app
import sys, signal, socket
import urllib2
import urlparse
import re
import pygmaps
import pygeoip
import mechanize
import os
from logsparser.lognormalizer import LogNormalizer as LN
from time import sleep
os.system('clear')
normalizer = LN('/usr/local/share/logsparser/normalizers')
gi = pygeoip.GeoIP('./GeoLiteCity.dat')
countries = {}
latlong = {}
def geo_menu():
print 'Geolocation Menu'
print '1) Enter and locate an IP Addr'
print '2) Enter a url, resolve IP and geolocate'
print '3) Log Check and IP geolocate (sshd)'
print '0) Exit'
geo_option = raw_input('Please choose an option: ')
try:
choice = geomenudict[geo_option]
choice()
if os.path.exists(PID_FILE_PATH):
debugMessage(1, "Tamaauth is already running, exiting")
exit(0)
else:
pid_file = open(PID_FILE_PATH, "w")
pid_file.write(str(os.getpid()) + "\n")
pid_file.close()
if len(sys.argv) > 1:
AUTH_LOG_PATH = sys.argv[1]
debugMessage(2, "Parsing " + AUTH_LOG_PATH + " as auth.log")
normalizer = LN(
'/usr/local/lib/python2.7/dist-packages/pylogsparser-0.4-py2.7.egg/share/logsparser/normalizers'
)
engine = sqlalchemy.create_engine('sqlite:///' + AUTH_DB_PATH)
Base = declarative_base()
class Event(Base):
__tablename__ = 'events'
id = sqlalchemy.Column(sqlalchemy.Integer, primary_key=True)
date = sqlalchemy.Column(sqlalchemy.DateTime)
action = sqlalchemy.Column(sqlalchemy.String)
user = sqlalchemy.Column(sqlalchemy.String)
program = sqlalchemy.Column(sqlalchemy.String)
source = sqlalchemy.Column(sqlalchemy.String)