Andrew's git / logparse.git / logparse/parsers/smbd.py
?
logparse / parsers / smbd.pyon commit rename parsers, better journald integration (e1f7605)
   1"""
   2Get login statistics for a samba server.
   3NOTE: This file is now deprecated in favour of the newer journald mechanism
   4used in smbd-journald.py. This parser is still functional but is slower and
   5has less features. Please switch over if possible.
   6"""
   7
   8import re
   9import glob
  10
  11from logparse.formatting import *
  12from logparse.util import readlog, resolve
  13from logparse import config
  14from logparse.load_parsers import Parser
  15
  16class Smbd(Parser):
  17
  18    def __init__(self):
  19        super().__init__()
  20        self.name = "smbd"
  21        self.info = "Get login statistics for a samba server."
  22        self.deprecated = True
  23        self.successor = "smbd_journald"
  24
  25    def parse_log(self):
  26
  27        # Find list of logfiles
  28
  29        logger.debug("Starting smbd section")
  30        section = Section("smbd")
  31        files = glob.glob(config.prefs.get("logs", "smbd") 
  32                + "/log.*[!\.gz][!\.old]")
  33
  34        logger.debug("Found log files " + str(files))
  35
  36        n_auths = 0         # total number of logins from all users
  37        sigma_auths = []    # contains users
  38
  39        for file in files:  # one log file for each client
  40
  41            logger.debug("Looking at file " + file)
  42
  43            # Find the machine (IP or hostname) that this file represents
  44
  45            # Get IP or hostname from file path (/var/log/samba/log.host)
  46            ip = re.search('log\.(.*)', file).group(1)    
  47
  48            # If IP has disappeared, fall back to a hostname from logfile
  49            host = resolve(ip, fqdn=config.prefs.get("smbd", "smbd-resolve-domains"))
  50            if (host == ip and (
  51                        config.prefs.get("smbd", "smbd-resolve-domains") != "ip" 
  52                        or config.prefs.get("logparse", "resolve-domains") != "ip"):    
  53                newhost = re.findall('.*\]\@\[(.*)\]', readlog(file))
  54                if (len(set(newhost)) == 1):    # all hosts in one file should be the same
  55                    host = newhost[0].lower()
  56
  57            # Count number of logins from each user-host pair
  58            matches = re.findall('.*(?:authentication for user \[|connect "
  59                "to service .* initially as user )(\S*)(?:\] .*succeeded| \()',
  60                readlog(file))
  61
  62            for match in matches:
  63                userhost = match + "@" + host
  64                sigma_auths.append(userhost)
  65                n_auths += 1
  66
  67        auth_data = Data(subtitle=plural("login", n_auths) + " from")
  68        if (len(sigma_auths) == 1):             
  69            # If only one user, do not display no of logins for this user
  70            auth_data.subtitle += ' ' + sigma_auths[0][0]
  71            section.append_data(auth_data)
  72        else:       # multiple users
  73            auth_data.items = sigma_auths
  74            auth_data.orderbyfreq()
  75            auth_data.truncl(config.prefs.getint("logparse", "maxlist"))
  76            logger.debug("Found {0} samba logins".format(str(n_auths)))
  77        section.append_data(auth_data)
  78        logger.info("Finished smbd section")
  79        return section