def parseDNS(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
#print(lastTime, lineDate)
if lineDate < lastTime:
return ''
lineHostName = lineParsedLine["syslogtag"][:-1]
lineParsedMsg = lineParsedLine["msg"].split()
lineDestDomain = ''
lineLocalIP = lineParsedMsg[2][:-1]
if re.match(r"[a-z0-9-]*\.[a-z0-9-]", lineParsedMsg[4]):
lineDestDomain = re.findall(r"[a-z0-9-]*\.{1,61}[a-z0-9-]*\.{1,61}$",
lineParsedMsg[4])
lineDestDomain = lineDestDomain[0][:-1]
if lineDestDomain == '':
return ''
#
parsedLine = lineHostName + '_DNS' + ',domain=' + lineDestDomain + ',localIP=' + lineLocalIP + ' value=1 ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseInterface(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
line = lineParsedLine["msg"]
lineHostName = line[1:line.find(": ")]
lineParsedMsg = line.split(";")
for x in lineParsedMsg:
if "name" in x:
lineIntName = x[x.find("=") + 1:]
if "rx-bits-per-second" in x:
lineRXbits = x[x.find("=") + 1:]
if "tx-bits-per-second" in x:
lineTXbits = x[x.find("=") + 1:]
if "rx-drops-per-second" in x:
lineRXdrops = x[x.find("=") + 1:]
if "rx-errors-per-second" in x:
lineRXerrors = x[x.find("=") + 1:]
if "tx-drops-per-second" in x:
lineTXdrops = x[x.find("=") + 1:]
if "tx-errors-per-second" in x:
lineTXerrors = x[x.find("=") + 1:]
parsedLine = lineHostName + '_INTERFACES' + ',Interface=' + lineIntName + ' RX=' + lineRXbits + ',TX=' + lineTXbits + ',RXDrops=' + lineRXdrops + ',TXDrops=' + lineTXdrops + ',RXError=' + lineRXerrors + ',TXError=' + lineTXerrors + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseDNS_cache(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"].split()
for x in lineParsedMsg:
if "cache_size" in x:
lineCacheSize = x[x.find("=") + 1:]
if lineCacheSize == '':
return ''
if "cache_used" in x:
lineCacheUsed = x[x.find("=") + 1:]
if lineCacheUsed == '':
return ''
if "cache_items" in x:
lineCacheItems = x[x.find("=") + 1:]
if lineCacheItems == '':
return ''
lineHostName = lineParsedMsg[0][:-1]
parsedLine = lineHostName + '_DNS' + ' CacheSize=' + lineCacheSize + ',CacheUsed=' + lineCacheUsed + ',CacheItems=' + lineCacheItems + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseUserLoginFailure(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"].strip().split()
lineHostName = lineParsedMsg[0][:-1]
lineUserName = lineParsedMsg[5]
lineIP = lineParsedMsg[7]
lineVIA = lineParsedMsg[9]
parsedLine = lineHostName + '_USERS' + ',Action=login_failure' + ',UserName='******',Via=' + lineVIA + ',IP=' + lineIP + ' value=1 ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseDNS_cache(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"].split()
lineHostName = lineParsedMsg[0][:-1]
lineCacheSize = lineParsedMsg[2][11:]
lineCacheUsed = lineParsedMsg[3][11:]
lineCacheItems = lineParsedMsg[4][12:]
parsedLine = lineHostName + '_DNS' + ' CacheSize=' + lineCacheSize + ',CacheUsed=' + lineCacheUsed + ',CacheItems=' + lineCacheItems + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseAccounting(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"].strip().split(';')
lineHostName = lineParsedMsg[0][:lineParsedMsg[0].find(": ")]
lineDST = lineParsedMsg[2][12:]
lineSRC = lineParsedMsg[4][12:]
lineBytes = lineParsedMsg[1][6:]
parsedLine = lineHostName + '_accounting' + ',DestinationIP=' + lineDST + ',SourceIP=' + lineSRC + ' bytes=' + lineBytes + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseSystem(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"].split()
lineHostName = lineParsedMsg[0][:-1]
lineCPULoad = lineParsedMsg[2][8:]
lineFreeMEM = lineParsedMsg[3][8:]
lineTotalMEM = lineParsedMsg[4][9:]
lineFreeHDD = lineParsedMsg[5][8:]
lineTotalHDD = lineParsedMsg[6][9:]
parsedLine = lineHostName + '_SYSTEM' + ' CPULoad=' + lineCPULoad + ',FreeMEM=' + lineFreeMEM + ',TotalMEM=' + lineTotalMEM + ',FreeHDD=' + lineFreeHDD + ',TotalHDD=' + lineTotalHDD + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseAccounting(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
line = lineParsedLine["msg"]
lineHostName = line[1:line.find(": ")]
lineParsedMsg = line.split(";")
for x in lineParsedMsg:
if "bytes" in x:
lineBytes = x[x.find("=") + 1:]
if "dst-address" in x:
lineDST = x[x.find("=") + 1:]
if "src-address" in x:
lineSRC = x[x.find("=") + 1:]
parsedLine = lineHostName + '_accounting' + ',DestinationIP=' + lineDST + ',SourceIP=' + lineSRC + ' bytes=' + lineBytes + ' ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseUserLoginFailure(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineParsedMsg = lineParsedLine["msg"]
lineParsedMsg = lineParsedMsg[1:]
lineHostName = lineParsedMsg[0:lineParsedMsg.find(":")].replace(" ", "_")
lineUserName = lineParsedMsg[lineParsedMsg.find("user") +
len("user "):lineParsedMsg.
find(" from")].replace(" ", "_")
lineIP = lineParsedMsg[lineParsedMsg.find("from") +
len("from "):lineParsedMsg.find(" via")].replace(
" ", "_")
lineVIA = lineParsedMsg[lineParsedMsg.find("via") + len("via "):].replace(
" ", "_")
parsedLine = lineHostName + '_USERS' + ',Action=login_failure' + ',UserName='******',Via=' + lineVIA + ',IP=' + lineIP + ' value=1 ' + str(
int(lineDate.timestamp()))
return (parsedLine)
def parseDNS(message, lastTime):
lineParsedLine = json.loads(message)
lineDate = dateParser.dateParser(lineParsedLine['time'])
if lineDate < lastTime:
return ''
lineHostName = lineParsedLine["syslogtag"][:-1]
lineParsedMsg = lineParsedLine["msg"].split()
lineDestDomain = ''
lineLocalIP = lineParsedMsg[2][:-1]
lineParsedDomain = lineParsedMsg[4][:-1].split('.')
domainLenght = len(lineParsedDomain)
if domainLenght < 2:
return ''
lineDestDomain = lineParsedDomain[
domainLenght - 2] + '.' + lineParsedDomain[domainLenght - 1]
parsedLine = lineHostName + '_DNS' + ',domain=' + lineDestDomain + ',localIP=' + lineLocalIP + ' value=1 ' + str(
int(lineDate.timestamp()))
return (parsedLine)
logHandler.setFormatter(formatter)
logger.addHandler(logHandler)
except:
sys.stdout.write('Problem activating logging to file \n')
sys.stdout.write('Please Check if correct file is specified in ' +
configFile + ' in section "applogfile" \n')
sys.stdout.write('exiting ... \n')
exit()
sys.stdout.write(
'Switching from STDOUT to file logging, please check this file: ' +
appLogFile + '\n')
logger.info('Trying convert string date to date object')
try:
lastTimeObj = dateParser.dateParser(lastTimeStrUTC[1:-1])
except:
logger.error(
'Problem convert date to object, please check section "lasttimeutc" if date is in correct format example: "2020-09-25T12:49:43.943211+00:00"'
)
exit()
logger.info('Trying open logfile: ' + logFile)
try:
f = open(logFile)
except:
logger.error('Problem open file: ' + logFile)
exit()
logger.info('Trying read line from logfile')
try: