1#! /usr/bin/python
2import argparse, logging, os, shutil, re, subprocess, sys, requests, glob, socket, sensors, datetime, time, operator
4from sys import stdin
5from collections import namedtuple, defaultdict
6diskstat = namedtuple('diskstat', ['cap', 'alloc', 'free', 'ratio'])
8drivetemp = namedtuple('drivetemp', ['name', 'temp', 'units'])
9AUTHPATH = "/var/log/auth.log"
12CRONPATH = "/var/log/cron.log"
13SYSPATH = "/var/log/syslog"
14SMBDDIR = "/var/log/samba"
15ZFSPATH = "/var/log/zpool.log"
16ALLOCPATH = "/tmp/alloc"
17POSTFIXPATH = "/var/log/mail.log"
18HTTPDSTATUS = "http://localhost/server-status"
19HTTPDDIR = "/var/log/apache2"
20HOSTNAMEPATH = "/etc/hostname"
21DUPATHS = ["/home/andrew", "/mnt/andrew"]
22HDDTEMPS = ["/dev/sda", "/dev/sdc", "/dev/sdd", "/dev/sde"]
23HDDTEMPPORT = 7634
24SUMMARYPATH = "/mnt/andrew/temp/logparse-test.html"
25HEADERPATH = "header.html"
26STYLEPATH = "main.css"
27OUTPUT = ""
28TITLE = "logparse"
29MAXLIST = 10
30CMDNO = 3
31MAILSUBJECT = "logparse from $host$"
32VERSION = "v0.1"
33# Set up logging
35logging.basicConfig(level=logging.DEBUG)
36logger = logging.getLogger('logparse')
37# Get arguments
39parser = argparse.ArgumentParser(description='grab logs of some common services and send them by email')
40parser.add_argument('-t','--to', help='mail recipient (\"to\" address)',required=False)
41to = parser.parse_args().to
42def __main__():
44 logger.info("Beginning log analysis at " + str(timenow))
45 if (to == None):
46 logger.info("no recipient address provided, outputting to stdout")
47 else:
48 logger.info("email will be sent to " + to)
49 global tempfile
51 tempfile = open(SUMMARYPATH, 'w+')
52 tempfile.write(header(HEADERPATH))
53 opentag('div', 1, 'main')
54 sshd()
55 sudo()
56 cron()
57 nameget()
58 httpd()
59 smbd()
60 postfix()
61 zfs()
62 temp()
63 du()
64 for tag in ['div', 'body', 'html']:
65 closetag(tag, 1)
66 tempfile.close()
67 if (to != None):
68 logger.debug("sending email")
69 subprocess.call("cat " + SUMMARYPATH + " | mail -a 'Content-type: text/html' -s " + subject(MAILSUBJECT) + ' ' + to, shell=True)
70 logger.info("sent email")
71def writetitle(title):
74 if (title == '' or '\n' in title):
75 logger.error("invalid title")
76 return
77 logger.debug("writing title for " + title)
78 tag('h2', 0, title)
79def writedata(subtitle, data = None): # write title and data to tempfile
81 if (subtitle == ""):
82 loggger.warning("no subtitle provided.. skipping section")
83 return
84 tag('p', 0, subtitle)
86 if (data == None):
87 logger.warning("no data provided.. just printing subtitle")
88 else:
89 logger.debug("received data " + str(data))
90 opentag('ul', 1)
91 for datum in data:
92 logger.debug("printing datum " + datum)
93 tag('li', 0, datum)
94 closetag('ul', 1)
95def opentag(tag, block = 0, id = None, cl = None): # write html opening tag
97 if (block == 1):
98 tempfile.write('\n')
99 tempfile.write('<' + tag)
100 if (id != None):
101 tempfile.write(" id='" + id + "'")
102 if (cl != None):
103 tempfile.write(" class='" + cl + "'")
104 tempfile.write('>')
105 if (block == 1):
106 tempfile.write('\n')
107def closetag(tag, block = 0): # write html closing tag
109 if (block == 0):
110 tempfile.write("</" + tag + ">")
111 else:
112 tempfile.write("\n</" + tag + ">\n")
113def tag(tag, block = 0, content = ""): # write html opening tag, content, and html closing tag
115 opentag(tag, block)
116 tempfile.write(content)
117 closetag(tag, block)
118def header(template): # return a parsed html header from file
120 headercontent = open(template, 'r').read()
121 headercontent = varpattern.sub(lambda m: varfilter[re.escape(m.group(0))], headercontent)
122 return headercontent
123def subject(template):
125 return varpattern.sub(lambda m: varfilter[re.escape(m.group(0))], template)
126def hostname(): # get the hostname
128 hnfile = open(HOSTNAMEPATH, 'r')
129 return hnfile.read()
130def resolve(ip): # try to resolve an ip to hostname
132 logger.debug("trying to resolve ip " + ip)
133 try:
134 socket.inet_aton(ip) # succeeds if text contains ip
135 hn = socket.gethostbyaddr(ip)[0].split(".")[0] # resolve ip to hostname
136 logger.debug("found hostname " + hn)
137 return(hn)
138 except:
139 logger.warning("failed to resolve hostname for " + ip)
140 return(ip) # return ip if no hostname exists
141def plural(noun, quantity): # return "1 noun" or "n nouns"
143 if (quantity == 1):
144 return(str(quantity) + " " + noun)
145 else:
146 return(str(quantity) + " " + noun + "s")
147def parsesize(num, suffix='B'): # return human-readable size from number of bytes
149 for unit in ['','Ki','Mi','Gi','Ti','Pi','Ei','Zi']:
150 if abs(num) < 1024.0:
151 return "%3.1f %s%s" % (num, unit, suffix)
152 num /= 1024.0
153 return "%.1f%s%s" % (num, 'Yi', suffix)
154def readlog(path = None, mode = 'r'): # read file, substituting known paths
156 if (path == None):
157 logger.error("no path provided")
158 return
159 else:
160 path = pathpattern.sub(lambda m: pathfilter[re.escape(m.group(0))], path)
161 return open(path, mode).read()
162def writelog(path = None, content = "", mode = 'w'): # read file, substituting known paths
164 if (path == None or content == None):
165 logger.error("invalid usage of writelog")
166 return
167 else:
168 path = pathpattern.sub(lambda m: pathfilter[re.escape(m.group(0))], path)
169 file = open(path, mode)
170 file.write(content)
171 file.close()
172def getusage(path): # Get disk usage statistics
174 disk = os.statvfs(path)
175 cap = float(disk.f_bsize*disk.f_blocks) # disk capacity
176 alloc = float(disk.f_bsize*(disk.f_blocks-disk.f_bfree)) # size of path
177 free = float(disk.f_bsize*disk.f_bfree) # free space on disk (blocks, not usable space)
178 ratio = alloc / cap * 100 # percentage used
179 return diskstat(cap, alloc, free, ratio)
180def orderbyfreq(l): # order a list by the frequency of its elements and remove duplicates
182 temp_l = l[:]
183 l = list(set(l))
184 l.sort(key=lambda x:temp_l.count(x))
185 return l
186def addtag(l, tag): # add prefix and suffix tags to each item in a list
188 l2 = ['<' + tag + '>' + i + '</' + tag + '>' for i in l]
189 return l2
190def truncl(input, limit): # truncate list
192 if (len(input) > limit):
193 more = str(len(input) - limit)
194 output = input[-limit:]
195 output.append("+ " + more + " more")
196 return(output)
197 else:
198 return(input)
199#
201#
202#
203def sshd():
205 logger.debug("starting sshd section")
206 opentag('div', 1, 'sshd', 'section')
207 matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog('auth')) # get all logins
208 users = [] # list of users with format [username, number of logins] for each item
209 data = []
210 num = sum(1 for x in matches) # total number of logins
211 for match in matches:
212 entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match) # [('user', 'ip')]
213 user = entry.group(1)
215 ip = entry.group(2)
216 userhost = user + '@' + resolve(ip)
218 exists = [i for i, item in enumerate(users) if re.search(userhost, item[0])]
219 if (exists == []):
220 users.append([userhost, 1])
221 else:
222 users[exists[0]][1] += 1
223 writetitle('sshd')
225 subtitle = plural('login', num) + ' from'
226 if (len(users) == 1): # if only one user, do not display no of logins for this user
227 logger.debug("found " + str(len(matches)) + " ssh logins for user " + users[0][0])
228 subtitle += ' ' + users[0][0]
229 writedata(subtitle)
230 else:
231 subtitle += ':'
232 for user in users:
233 data.append(user[0] + ' (' + str(user[1]) + ')')
234 if len(data) > MAXLIST: # if there are lots of users, truncate them
235 data.append('+ ' + str(len(users) - MAXLIST - 1) + " more")
236 break
237 logger.debug("found " + str(len(matches)) + " ssh logins for users " + str(data))
238 writedata(subtitle, data)
239 closetag('div', 1)
240 logger.info("finished sshd section")
241#
243#
244#
245def sudo():
247 logger.debug("starting sudo section")
248 opentag('div', 1, 'sudo', 'section')
249 umatches = re.findall('.*sudo:session\): session opened.*', readlog('auth'))
250 num = sum(1 for line in umatches) # total number of sessions
251 users = []
252 data = []
253 for match in umatches:
254 user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
255 exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
256 if (exists == []):
257 users.append([user, 1])
258 else:
259 users[exists[0]][1] += 1
260 commands = []
261 cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog('auth'))
262 for cmd in cmatches:
263 commands.append(cmd)
264 logger.debug("found the following commands: " + str(commands))
265 # temp_cmd=commands[:]
266 # commands = list(set(commands))
267 # commands.sort(key=lambda x:temp_cmd.count(x))
268 commands = orderbyfreq(commands)
269 logger.debug("top 3 sudo commands: " + str(commands[-3:]))
270 writetitle("sudo")
272 subtitle = plural("sudo session", num) + " for"
273 if (len(users) == 1):
274 logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
275 subtitle += ' ' + users[0][0]
276 writedata(subtitle)
277 else:
278 subtitle += ':'
279 for user in users:
280 data.append(user[0] + ' (' + str(user[1]) + ')')
281 if len(data) > 3:
282 data.append('+ ' + str(len(users) - 2) + " more")
283 break
284 logger.debug("found " + str(len(matches)) + " sudo sessions for users " + str(data))
285 writedata(subtitle, data)
286 if (len(commands) > 0):
287 commands = addtag(commands, 'code')
288 commands = truncl(commands, CMDNO)
289 writedata("top sudo commands", [c for c in commands])
290 closetag('div', 1)
291 logger.info("finished sudo section")
292#
294#
295#
296def cron():
298 logger.debug("starting cron section")
299 opentag('div', 1, 'cron', 'section')
300 matches = re.findall('.*CMD\s*\(\s*(?!.*cd)(.*)\)', readlog('cron'))
301 num = sum(1 for line in matches)
302 commands = []
303 for match in matches:
304 commands.append(str(match))
305 # commands.append([str(match)for match in matches])
306 logger.debug("found cron command " + str(commands))
307 logger.info("found " + str(num) + " cron jobs")
308 subtitle = str(num) + " cron jobs run"
309 writetitle("cron")
310 writedata(subtitle)
311 if (matches > 0):
312 commands = orderbyfreq(commands)
313 commands = addtag(commands, 'code')
314 commands = truncl(commands, CMDNO)
315 writedata("top cron commands", [c for c in commands])
316 closetag('div', 1)
317 logger.info("finished cron section")
318#
320#
321#
322def nameget():
324 logger.debug("starting nameget section")
325 opentag('div', 1, 'nameget', 'section')
326 syslog = readlog('sys')
327 failed = re.findall('.*nameget.*downloading of (.*) from .*failed.*', syslog)
328 n_f = sum(1 for i in failed)
329 l_f = []
330 for i in failed:
331 l_f.append(i)
332 logger.debug("the following downloads failed: " + str(l_f))
333 succ = re.findall('.*nameget.*downloaded.*', syslog)
334 n_s = sum(1 for i in succ)
335 l_s = []
336 for i in succ:
337 l_s.append(i)
338 logger.debug("the following downloads succeeded: " + str(l_f))
339 logger.debug("found " + str(n_s) + " successful downloads, and " + str(n_f) + " failed attempts")
340 writetitle("nameget")
341 writedata(str(n_s) + " succeeded", truncl(orderbyfreq(l_s), CMDNO))
342 writedata(str(n_f) + " failed", truncl(orderbyfreq(l_f), CMDNO))
343 closetag('div', 1)
344 logger.info("finished nameget section")
345#
347#
348#
349def httpd():
351 logger.info("starting httpd section")
352 opentag('div', 1, 'httpd', 'section')
353 accesslog = readlog("httpd/access.log")
354 a = len(accesslog)
355 errorlog = readlog("httpd/error.log")
356 e = len(errorlog)
357 data_b = 0
358 for line in accesslog.split('\n'):
360 try:
361 data_b += int(re.search('.*HTTP/\d\.\d\" 200 (\d*) ', line).group(1))
362 except Exception as error:
363 if type(error) is AttributeError:
364 pass
365 else:
366 logger.warning("error processing httpd access log: " + str(error))
367 data_h = parsesize(data_b)
368 logger.debug("httpd has transferred " + str(data_b) + " bytes in response to " + str(a) + " requests with " + str(e) + " errors")
370 writetitle("apache")
372 writedata(data_h + " transferred")
373 writedata(str(a) + " requests")
374 writedata(str(e) + " errors")
375 closetag('div', 1)
377 logger.info("finished httpd section")
378#
380#
381#
382def httpdsession():
384 # logger.debug("starting httpd section")
385 opentag('div', 1, 'httpd', 'section')
386 httpdlog = requests.get(HTTPDSTATUS).content
387 uptime = re.search('.*uptime: (.*)<', httpdlog).group(1)
388 uptime = re.sub(' minute[s]', 'm', uptime)
389 uptime = re.sub(' second[s]', 's', uptime)
390 uptime = re.sub(' day[s]', 's', uptime)
391 uptime = re.sub(' month[s]', 'mo', uptime)
392 accesses = re.search('.*accesses: (.*) - .*', httpdlog).group(1)
393 traffic = re.search('.*Traffic: (.*)', httpdlog).group(1)
394 return("<br /><strong>httpd session: </strong> up " + uptime + ", " + accesses + " requests, " + traffic + " transferred")
395 closetag('div', 1)
396 # logger.info("finished httpd section")
397#
399#
400#
401def smbd():
403 logger.debug("starting smbd section")
404 opentag('div', 1, 'smbd', 'section')
405 files = glob.glob(SMBDDIR + "/log.*[!\.gz][!\.old]") # find list of logfiles
406 n_auths = 0 # total number of logins from all users
407 sigma_auths = [] # contains users and their respective no. of logins
408 output = ""
409 for file in files: # one log file for each client
411 # find the machine (ip or hostname) that this file represents
413 ip = re.search('log\.(.*)', file).group(1) # get ip or hostname from file path (/var/log/samba/log.host)
414 host = resolve(ip)
415 # count number of logins from each user
417 matches = re.findall('.*sam authentication for user \[(.*)\] succeeded.*', readlog(file))
418 for match in matches:
419 userhost = match + "@" + host
420 exists = [i for i, item in enumerate(sigma_auths) if re.search(userhost, item[0])]
421 if (exists == []):
422 sigma_auths.append([userhost, 1])
423 else:
424 sigma_auths[exists[0]][1] += 1
425 n_auths += 1
426 writetitle("samba")
427 subtitle = plural("login", n_auths) + " from"
428 data = []
429 if (len(sigma_auths) == 1): # if only one user, do not display no of logins for this user
430 subtitle += ' ' + sigma_auths[0][0]
431 writedata(subtitle)
432 else: # multiple users
433 subtitle += ':'
434 for x in sigma_auths:
435 data.append((str(x[0])) + " (" + str(x[1]) + ")")
436 if len(data) > MAXLIST: # if many users, truncate them
437 data.append('+ ' + str(len(sigma_auths) - MAXLIST - 1) + " more")
438 break
439 logger.debug("found " + str(n_auths) + " samba logins for users " + str(sigma_auths))
440 writedata(subtitle, data)
441 closetag('div', 1)
442 logger.info("finished smbd section")
443#
445#
446#
447def postfix():
449 logger.debug("starting postfix section")
450 opentag('div', 1, 'postfix', 'section')
451 messages = re.findall('.*from\=<.*>, size\=(\d*),.*\n.*\n.*\: removed\n.*', readlog('postfix'))
452 size = sum([int(x) for x in messages])
453 size = parsesize(size)
454 n = str(len(messages))
455 writetitle("postfix")
456 writedata(n + " messages sent")
457 writedata("total of " + size)
458 closetag('div', 1)
459 logger.info("finished postfix section")
460#
462#
463#
464def zfs():
466 logger.debug("starting zfs section")
467 opentag('div', 1, 'zfs', 'section')
468 zfslog = readlog('zfs')
469 pool = re.search('.*---\n(\w*)', zfslog).group(1)
470 scrub = re.search('.*scrub repaired (\d*) in \d*h\d*m with (\d*) errors on (\S*\s)(\S*)\s(\d+\s)', zfslog)
471 iostat = re.search('.*---\n\w*\s*(\S*)\s*(\S*)\s', zfslog)
472 scrubrepairs = scrub.group(1)
473 scruberrors = scrub.group(2)
474 scrubdate = scrub.group(3) + scrub.group(5) + scrub.group(4)
475 alloc = iostat.group(1)
476 free = iostat.group(2)
477 writetitle("zfs")
478 subtitle = "Scrub on " + scrubdate + ": "
479 data = [scrubrepairs + " repaired", scruberrors + " errors", alloc + " used", free + " free"]
480 writedata(subtitle, data)
481 closetag('div', 1)
482 logger.info("finished zfs section")
483#
485#
486#
487def temp():
489 logger.debug("starting temp section")
490 opentag('div', 1, 'temp', 'section')
491 sensors.init()
492 coretemps = []
493 pkgtemp = 0
494 systemp = 0
495 try:
496 print(sensors.iter_detected_chips())
497 for chip in sensors.iter_detected_chips():
498 for feature in chip:
499 if "Core" in feature.label:
500 coretemps.append([feature.label, feature.get_value()])
501 logger.debug("found core " + feature.label + " at temp " + str(feature.get_value()))
502 if "CPUTIN" in feature.label:
503 pkgtemp = str(feature.get_value())
504 logger.debug("found cpu package at temperature " + pkgtemp)
505 if "SYS" in feature.label:
506 systemp = feature.get_value()
507 logger.debug("found sys input " + feature.label + " at temp " + str(feature.get_value()))
508 core_avg = reduce(lambda x, y: x[1] + y[1], coretemps) / len(coretemps)
509 logger.debug("average cpu temp is " + str(core_avg))
510 coretemps.append(["avg", str(core_avg)])
511 coretemps.append(["pkg", pkgtemp])
512 coretemps = [x[0] + ": " + str(x[1]) + '℃' for x in coretemps]
513 finally:
514 sensors.cleanup()
515 # For this to work, `hddtemp` must be running in daemon mode.
517 # Start it like this (bash): sudo hddtemp -d /dev/sda /dev/sdX...
518 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
519 s.connect(('localhost',HDDTEMPPORT))
520 output = s.recv(4096)
521 output += s.recv(4096)
522 s.close()
523 hddtemps = []
524 for drive in re.split('\|{2}', output):
525 try:
526 fields = re.search('\|*(/dev/sd.)\|.*\|(\d+)\|(.)', drive)
527 name = fields.group(1)
528 temp = float(fields.group(2))
529 units = fields.group(3)
530 hddtemps.append(drivetemp(name, temp, units))
531 except:
532 pass
533 hddtotal = 0
534 data = []
535 for drive in hddtemps:
536 data.append(drive.name + ': ' + str(drive.temp) + drive.units)
537 logger.debug("found disk " + drive.name + " at " + str(drive.temp))
538 hddtotal += drive.temp
539 logger.debug("found " + str(len(hddtemps)) + " disks")
540 logger.debug("sum of disk temps is " + str(hddtotal))
541 hddavg = hddtotal/float(len(hddtemps))
542 logger.debug("avg disk temp is " + str(hddavg))
543 data.append("avg: " + str(hddavg))
544 writetitle("temperatures")
545 if (systemp != 0):
546 writedata("sys: " + str(systemp) + '℃')
547 if (coretemps != ''):
548 writedata("cores", coretemps)
549 if (hddtemps != ''):
550 writedata("disks", data)
551 closetag('div', 1)
553 logger.info("finished temp section")
554#
556#
557#
558def du():
560 logger.debug("starting du section")
561 opentag('div', 1, 'du', 'section')
562 out = []
563 content = readlog('alloc')
564 contentnew = ""
565 for p in DUPATHS:
566 alloc_f = getusage(p).alloc
567 delta = None
568 try:
569 alloc_i = re.search(p + '\t(.*)\n', content).group(1)
570 delta = alloc_f - float(alloc_i)
571 except:
572 pass
573 logger.debug("delta is " + str(delta))
574 if (delta == None):
575 out.append([p, "used " + parsesize(alloc_f)])
576 else:
577 out.append([p, "used " + parsesize(alloc_f), "delta " + parsesize(delta)])
578 contentnew += (p + '\t' + str(alloc_f) + '\n')
579 writelog('alloc', contentnew)
580 writetitle("du")
582 logger.debug("disk usage data is " + str(out))
583 for path in out:
584 writedata(path[0], [p for p in path[1:]])
585 closetag('div', 1)
587 logger.info("finished du section")
588#
590#
591#
592timenow = time.strftime("%H:%M:%S")
594datenow = time.strftime("%x")
595pathfilter = {"auth": AUTHPATH, "cron": CRONPATH, "sys": SYSPATH, "postfix": POSTFIXPATH, "smb": SMBDDIR, "zfs": ZFSPATH, "alloc": ALLOCPATH, "httpd": HTTPDDIR, "header": HEADERPATH}
597pathfilter = dict((re.escape(k), v) for k, v in pathfilter.iteritems())
598pathpattern = re.compile("|".join(pathfilter.keys()))
599varfilter = {"$title$": TITLE, "$date$": datenow, "$time$": timenow, "$hostname$": hostname(), "$version$": VERSION}
601varfilter = dict((re.escape(k), v) for k, v in varfilter.iteritems())
602varpattern = re.compile("|".join(varfilter.keys()))
603__main__()