Andrew's git / logparse.git / logparse/parsers/smbd.py
?
logparse / parsers / smbd.pyon commit major rewrite: segregate into modules and upgrade to Python 3 (4944c22)
   1#
   2#   smbd.py
   3#   
   4#   Get login statistics for a samba server.
   5#   TODO: add feature to specify shares to check in config file
   6#
   7
   8import re
   9import glob
  10
  11from ..formatting import *
  12from ..util import readlog, resolve
  13from .. import config
  14
  15import logging
  16logger = logging.getLogger(__name__)
  17
  18def parse_log():
  19    output = ''
  20    logger.debug("Starting smbd section")
  21    output += opentag('div', 1, 'smbd', 'section')
  22    files = glob.glob(config.prefs['logs']['smb'] + "/log.*[!\.gz][!\.old]")    # find list of logfiles
  23    # for f in files:
  24
  25        # file_mod_time = os.stat(f).st_mtime
  26
  27        # Time in seconds since epoch for time, in which logfile can be unmodified.
  28        # should_time = time.time() - (30 * 60)
  29
  30        # Time in minutes since last modification of file
  31        # last_time = (time.time() - file_mod_time)
  32        # logger.debug(last_time)
  33
  34        # if (file_mod_time - should_time) < args.time:
  35            # print "CRITICAL: {} last modified {:.2f} minutes. Threshold set to 30 minutes".format(last_time, file, last_time)
  36        # else:
  37
  38        # if (datetime.timedelta(datetime.datetime.now() - datetime.fromtimestamp(os.path.getmtime(f))).days > 7):
  39            # files.remove(f)
  40    logger.debug("Found log files " + str(files))
  41    n_auths = 0         # total number of logins from all users
  42    sigma_auths = []    # contains users
  43
  44    for file in files:  # one log file for each client
  45
  46        logger.debug("Looking at file " + file)
  47
  48        # find the machine (ip or hostname) that this file represents
  49        ip = re.search('log\.(.*)', file).group(1)    # get ip or hostname from file path (/var/log/samba/log.host)
  50        host = resolve(ip, fqdn=config.prefs['smbd']['resolve-domains'])
  51        if (host == ip and (config.prefs['smbd']['resolve-domains'] or config.prefs['resolve-domains']) != 'ip'):    # if ip has disappeared, fall back to a hostname from logfile
  52            newhost = re.findall('.*\]\@\[(.*)\]', readlog(file))
  53            if (len(set(newhost)) == 1):    # all hosts in one file should be the same
  54                host = newhost[0].lower()
  55
  56        # count number of logins from each user-host pair
  57        matches = re.findall('.*(?:authentication for user \[|connect to service .* initially as user )(\S*)(?:\] .*succeeded| \()', readlog(file))
  58        for match in matches:
  59            userhost = match + "@" + host
  60            sigma_auths.append(userhost)
  61            # exists = [i for i, item in enumerate(sigma_auths) if re.search(userhost, item[0])]
  62            # if (exists == []):
  63            #     sigma_auths.append([userhost, 1])
  64            # else:
  65            #     sigma_auths[exists[0]][1] += 1
  66            n_auths += 1
  67    output += writetitle("samba")
  68    subtitle = plural("login", n_auths) + " from"
  69    if (len(sigma_auths) == 1):             # if only one user, do not display no of logins for this user
  70        subtitle += ' ' + sigma_auths[0][0]
  71        output += writedata(subtitle)
  72    else:       # multiple users
  73        sigma_auths = orderbyfreq(sigma_auths)
  74        sigma_auths = truncl(sigma_auths, config.prefs['maxlist'])
  75        logger.debug("Found {0} samba logins".format(str(n_auths)))
  76        output += writedata(subtitle, sigma_auths)
  77    output += closetag('div', 1)
  78    logger.info("Finished smbd section")
  79    return output