import re
import glob
-from ..formatting import *
-from ..util import readlog, resolve
-from .. import config
+from logparse.formatting import *
+from logparse.util import readlog, resolve
+from logparse import config
import logging
logger = logging.getLogger(__name__)
def parse_log():
logger.debug("Starting smbd section")
section = Section("smbd")
- files = glob.glob(config.prefs['logs']['smb'] + "/log.*[!\.gz][!\.old]") # find list of logfiles
+ files = glob.glob(config.prefs.get("logs", "smbd") + "/log.*[!\.gz][!\.old]") # find list of logfiles
# for f in files:
# file_mod_time = os.stat(f).st_mtime
# find the machine (ip or hostname) that this file represents
ip = re.search('log\.(.*)', file).group(1) # get ip or hostname from file path (/var/log/samba/log.host)
- host = resolve(ip, fqdn=config.prefs['smbd']['resolve-domains'])
- if (host == ip and (config.prefs['smbd']['resolve-domains'] or config.prefs['resolve-domains']) != 'ip'): # if ip has disappeared, fall back to a hostname from logfile
+ host = resolve(ip, fqdn=config.prefs.get("smbd", "resolve-domains"))
+ if host == ip and (config.prefs.get("smbd", "resolve-domains") != "ip" or config.prefs.get("logparse", "resolve-domains") != "ip"): # if ip has disappeared, fall back to a hostname from logfile
newhost = re.findall('.*\]\@\[(.*)\]', readlog(file))
if (len(set(newhost)) == 1): # all hosts in one file should be the same
host = newhost[0].lower()
else: # multiple users
auth_data.items = sigma_auths
auth_data.orderbyfreq()
- auth_data.truncl(config.prefs['maxlist'])
+ auth_data.truncl(config.prefs.getint("logparse", "maxlist"))
logger.debug("Found {0} samba logins".format(str(n_auths)))
section.append_data(auth_data)
logger.info("Finished smbd section")