def ossec_log(type_log='all', category='all', months=3, offset=0, limit=common.database_limit, sort=None, search=None):
"""
Gets logs from ossec.log.
:param type_log: Filters by log type: all, error or info.
:param category: Filters by log category (i.e. ossec-remoted).
:param months: Returns logs of the last n months. By default is 3 months.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
logs = []
first_date = previous_month(months)
statfs_error = "ERROR: statfs('******') produced error: No such file or directory"
for line in tail(common.ossec_log, 2000):
try:
log_date = datetime.strptime(line[:10], '%Y/%m/%d')
except ValueError:
continue
if log_date < first_date:
continue
if category != 'all':
log_category = __get_ossec_log_category(line)
if log_category:
if log_category != category:
continue
else:
continue
line = line.replace('\n', '')
if type_log == 'all':
logs.append(line)
elif type_log == 'error' and "error:" in line.lower():
if "ERROR: statfs(" in line:
if statfs_error in logs:
continue
else:
logs.append(statfs_error)
else:
logs.append(line)
elif type_log == 'info' and "error:" not in line.lower():
logs.append(line)
if search:
logs = search_array(logs, search['value'], search['negation'])
if sort:
logs = sort_array(logs, order=sort['order'])
else:
logs = sort_array(logs, order='desc')
return {'items': cut_array(logs, offset, limit), 'totalItems': len(logs)}
def ossec_log(type_log='all', category='all', months=3, offset=0, limit=common.database_limit, sort=None, search=None):
"""
Gets logs from ossec.log.
:param type_log: Filters by log type: all, error or info.
:param category: Filters by log category (i.e. ossec-remoted).
:param months: Returns logs of the last n months. By default is 3 months.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
logs = []
first_date = previous_month(months)
statfs_error = "ERROR: statfs('******') produced error: No such file or directory"
for line in tail(common.ossec_log, 2000):
try:
log_date = datetime.strptime(line[:10], '%Y/%m/%d')
except ValueError:
continue
if log_date < first_date:
continue
if category != 'all':
log_category = __get_ossec_log_category(line)
if log_category:
if log_category != category:
continue
else:
continue
line = line.replace('\n', '')
if type_log == 'all':
logs.append(line)
elif type_log == 'error' and "error:" in line.lower():
if "ERROR: statfs(" in line:
if statfs_error in logs:
continue
else:
logs.append(statfs_error)
else:
logs.append(line)
elif type_log == 'info' and "error:" not in line.lower():
logs.append(line)
if search:
logs = search_array(logs, search['value'], search['negation'])
if sort:
logs = sort_array(logs, order=sort['order'])
else:
logs = sort_array(logs, order='desc')
return {'items': cut_array(logs, offset, limit), 'totalItems': len(logs)}
def ossec_log_summary(months=3):
"""
Summary of ossec.log.
:param months: Check logs of the last n months. By default is 3 months.
:return: Dictionary by categories.
"""
categories = {}
first_date = previous_month(months)
with open(common.ossec_log) as f:
lines_count = 0
for line in f:
if lines_count > 50000:
break
lines_count = lines_count + 1
line = __get_ossec_log_fields(line)
# multine logs
if line is None:
continue
log_date, category, log_type, _, = line
if log_date < first_date:
break
if category:
if category in categories:
categories[category]['all'] += 1
else:
categories[category] = {
'all': 1,
'info': 0,
'error': 0,
'critical': 0,
'warning': 0,
'debug': 0
}
categories[category][log_type] += 1
else:
continue
return categories
def ossec_log_summary(months=3):
"""
Summary of ossec.log.
:param months: Check logs of the last n months. By default is 3 months.
:return: Dictionary by categories.
"""
categories = {}
first_date = previous_month(months)
with open(common.ossec_log) as f:
lines_count = 0
for line in f:
if lines_count > 50000:
break
lines_count = lines_count + 1
try:
log_date = datetime.strptime(line[:10], '%Y/%m/%d')
except ValueError:
continue
if log_date < first_date:
break
category = __get_ossec_log_category(line)
if category:
if category in categories:
categories[category]['all'] += 1
else:
categories[category] = {'all': 1, 'info': 0, 'error': 0}
if "error" in line.lower():
categories[category]['error'] += 1
else:
categories[category]['info'] += 1
else:
continue
return categories
def ossec_log_summary(months=3):
"""
Summary of ossec.log.
:param months: Check logs of the last n months. By default is 3 months.
:return: Dictionary by categories.
"""
categories = {}
first_date = previous_month(months)
with open(common.ossec_log) as f:
for line in f:
try:
log_date = datetime.strptime(line[:10], '%Y/%m/%d')
except ValueError:
continue
if log_date < first_date:
continue
category = __get_ossec_log_category(line)
if category:
if category in categories:
categories[category]['all'] += 1
else:
categories[category] = {'all': 1, 'info': 0, 'error': 0}
if "error" in line.lower():
categories[category]['error'] += 1
else:
categories[category]['info'] += 1
else:
continue
return categories
def ossec_log(type_log='all',
category='all',
months=3,
offset=0,
limit=common.database_limit,
sort=None,
search=None):
"""
Gets logs from ossec.log.
:param type_log: Filters by log type: all, error or info.
:param category: Filters by log category (i.e. ossec-remoted).
:param months: Returns logs of the last n months. By default is 3 months.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
logs = []
first_date = previous_month(months)
statfs_error = "ERROR: statfs('******') produced error: No such file or directory"
for line in tail(common.ossec_log, 2000):
log_fields = __get_ossec_log_fields(line)
if log_fields:
log_date, log_category, level, description = log_fields
if log_date < first_date:
continue
if category != 'all':
if log_category:
if log_category != category:
continue
else:
continue
log_line = {
'timestamp': str(log_date),
'tag': log_category,
'level': level,
'description': description
}
if type_log == 'all':
logs.append(log_line)
elif type_log.lower() == level.lower():
if "ERROR: statfs(" in line:
if statfs_error in logs:
continue
else:
logs.append(statfs_error)
else:
logs.append(log_line)
else:
continue
else:
if logs:
logs[-1]['description'] += "\n" + line
if search:
logs = search_array(logs, search['value'], search['negation'])
if sort:
if sort['fields']:
logs = sort_array(logs,
order=sort['order'],
sort_by=sort['fields'])
else:
logs = sort_array(logs, order=sort['order'], sort_by=['timestamp'])
else:
logs = sort_array(logs, order='desc', sort_by=['timestamp'])
return {'items': cut_array(logs, offset, limit), 'totalItems': len(logs)}
def ossec_log(months=3,
offset=0,
limit=common.database_limit,
sort=None,
search=None,
filters={},
q=''):
"""
Gets logs from ossec.log.
:param months: Returns logs of the last n months. By default is 3 months.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:param filters: Defines field filters required by the user. Format: {"field1":"value1", "field2":["value2","value3"]}.
This filter is used for filtering by 'type_log' (all, error or info) or 'category' (i.e. ossec-remoted).
:param q: Defines query to filter.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
# set default values to 'type_log' and 'category' parameters
type_log = filters.get('type_log', 'all')
category = filters.get('category', 'all')
logs = []
first_date = previous_month(months)
statfs_error = "ERROR: statfs('******') produced error: No such file or directory"
for line in tail(common.ossec_log, 2000):
log_fields = __get_ossec_log_fields(line)
if log_fields:
log_date, log_category, level, description = log_fields
if log_date < first_date:
continue
if category != 'all':
if log_category:
if log_category != category:
continue
else:
continue
# We transform local time (ossec.log) to UTC maintaining time integrity and log format
log_line = {
'timestamp':
log_date.astimezone(
timezone.utc).strftime('%Y-%m-%d %H:%M:%S'),
'tag':
log_category,
'level':
level,
'description':
description
}
if type_log == 'all':
logs.append(log_line)
elif type_log.lower() == level.lower():
if "ERROR: statfs(" in line:
if statfs_error in logs:
continue
else:
logs.append(statfs_error)
else:
logs.append(log_line)
else:
continue
else:
if logs and line and log_category == logs[-1][
'tag'] and level == logs[-1]['level']:
logs[-1]['description'] += "\n" + line
if search:
logs = search_array(logs, search['value'], search['negation'])
if q:
logs = filter_array_by_query(q, logs)
if sort:
if sort['fields']:
logs = sort_array(logs,
order=sort['order'],
sort_by=sort['fields'])
else:
logs = sort_array(logs, order=sort['order'], sort_by=['timestamp'])
else:
logs = sort_array(logs, order='desc', sort_by=['timestamp'])
return {'items': cut_array(logs, offset, limit), 'totalItems': len(logs)}