1""" 2Get login statistics for a samba server. 3NOTE: This file is now deprecated in favour of the newer journald mechanism 4used in smbd-journald.py. This parser is still functional but is slower and 5has less features. Please switch over if possible. 6""" 7 8import re 9import glob 10 11from logparse.formatting import* 12from logparse.util import readlog, resolve 13from logparse import config 14from logparse.load_parsers import Parser 15 16classSmbd(Parser): 17 18def__init__(self): 19super().__init__() 20 self.name ="smbd" 21 self.info ="Get login statistics for a samba server." 22 self.deprecated =True 23 self.successor ="smbd_journald" 24 25defparse_log(self): 26 27# Find list of logfiles 28 29 logger.debug("Starting smbd section") 30 section =Section("smbd") 31 files = glob.glob(config.prefs.get("logs","smbd") 32+"/log.*[!\.gz][!\.old]") 33 34 logger.debug("Found log files "+str(files)) 35 36 n_auths =0# total number of logins from all users 37 sigma_auths = []# contains users 38 39forfilein files:# one log file for each client 40 41 logger.debug("Looking at file "+file) 42 43# Find the machine (IP or hostname) that this file represents 44 45# Get IP or hostname from file path (/var/log/samba/log.host) 46 ip = re.search('log\.(.*)',file).group(1) 47 48# If IP has disappeared, fall back to a hostname from logfile 49 host =resolve(ip, fqdn=config.prefs.get("smbd","smbd-resolve-domains")) 50if(host == ip and( 51 config.prefs.get("smbd","smbd-resolve-domains") !="ip" 52or config.prefs.get("logparse","resolve-domains") !="ip"): 53 newhost = re.findall('.*\]\@\[(.*)\]',readlog(file)) 54if(len(set(newhost)) ==1):# all hosts in one file should be the same 55 host = newhost[0].lower() 56 57# Count number of logins from each user-host pair 58 matches = re.findall('.*(?:authentication for user \[|connect " 59 "to service .* initially as user )(\S*)(?:\] .*succeeded| \()', 60readlog(file)) 61 62for match in matches: 63 userhost = match +"@"+ host 64 sigma_auths.append(userhost) 65 n_auths +=1 66 67 auth_data =Data(subtitle=plural("login", n_auths) +" from") 68if(len(sigma_auths) ==1): 69# If only one user, do not display no of logins for this user 70 auth_data.subtitle +=' '+ sigma_auths[0][0] 71 section.append_data(auth_data) 72else:# multiple users 73 auth_data.items = sigma_auths 74 auth_data.orderbyfreq() 75 auth_data.truncl(config.prefs.getint("logparse","maxlist")) 76 logger.debug("Found{0}samba logins".format(str(n_auths))) 77 section.append_data(auth_data) 78 logger.info("Finished smbd section") 79return section