def get_ossec_logs(limit=2000): """Return last <limit> lines of ossec.log file. Returns ------- logs : list List of dictionaries with requested logs """ logs = [] for line in tail(common.ossec_log, limit): log_fields = get_ossec_log_fields(line) if log_fields: date, tag, level, description = log_fields # We transform local time (ossec.log) to UTC with ISO8601 maintaining time integrity log_line = { 'timestamp': date.astimezone(timezone.utc), 'tag': tag, 'level': level, 'description': description } logs.append(log_line) return logs
def ossec_log(type_log='all', category='all', months=3, offset=0, limit=common.database_limit, sort_by=None, sort_ascending=True, search_text=None, complementary_search=False, search_in_fields=None, q=''): """Gets logs from ossec.log. :param type_log: Filters by log type: all, error or info. :param category: Filters by log category (i.e. ossec-remoted). :param months: Returns logs of the last n months. By default is 3 months. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort_by: Fields to sort the items by :param sort_ascending: Sort in ascending (true) or descending (false) order :param search_text: Text to search :param complementary_search: Find items without the text to search :param search_in_fields: Fields to search in :param q: Defines query to filter. :return: AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult(all_msg=f"Logs read successfully" f"{' in specified node' if node_id != 'manager' else ''}", some_msg='Could not read logs in some nodes', none_msg=f"Could not read logs" f"{' in specified node' if node_id != 'manager' else ''}" ) logs = [] first_date = previous_month(months) statfs_error = "ERROR: statfs('******') produced error: No such file or directory" for line in tail(common.ossec_log, 2000): log_fields = get_ossec_log_fields(line) if log_fields: log_date, log_category, level, description = log_fields if log_date < first_date: continue if category != 'all': if log_category: if log_category != category: continue else: continue # We transform local time (ossec.log) to UTC with ISO8601 maintaining time integrity log_line = {'timestamp': log_date.astimezone(timezone.utc), 'tag': log_category, 'level': level, 'description': description} if type_log == 'all': logs.append(log_line) elif type_log.lower() == level.lower(): if "ERROR: statfs(" in line: if statfs_error in logs: continue else: logs.append(statfs_error) else: logs.append(log_line) else: continue else: if logs and line and log_category == logs[-1]['tag'] and level == logs[-1]['level']: logs[-1]['description'] += "\n" + line data = process_array(logs, search_text=search_text, search_in_fields=search_in_fields, complementary_search=complementary_search, sort_by=sort_by, sort_ascending=sort_ascending, offset=offset, limit=limit, q=q) result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] return result