import re
-from ..formatting import *
-from ..util import readlog, resolve
-from .. import config
-
-import logging
-logger = logging.getLogger(__name__)
-
-def parse_log():
- logger.debug("Starting sudo section")
- section = Section("sudo")
- logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
- umatches = re.findall('.*sudo:session\): session opened.*', readlog(config.prefs['logs']['auth']))
- num = sum(1 for line in umatches) # total number of sessions
- users = []
- data = []
- for match in umatches:
- user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
- exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
- if (exists == []):
- users.append([user, 1])
+from logparse.formatting import *
+from logparse.util import readlog
+from logparse.config import prefs
+from logparse.load_parsers import Parser
+
+class Sudo(Parser):
+
+ def __init__(self):
+ super().__init__()
+ self.name = "sudo"
+ self.info = "Get number of sudo sessions for each user"
+
+ def parse_log(self):
+ logger.debug("Starting sudo section")
+ section = Section("sudo")
+ logger.debug("Searching for matches in {0}".format(prefs.get("logs", "auth")))
+ umatches = re.findall('.*sudo:session\): session opened.*', readlog(prefs.get("logs", "auth")))
+ num = sum(1 for line in umatches) # total number of sessions
+ users = []
+ data = []
+ for match in umatches:
+ user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
+ exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
+ if (exists == []):
+ users.append([user, 1])
+ else:
+ users[exists[0]][1] += 1
+ commands = []
+ cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(prefs.get("logs", "auth")))
+ for cmd in cmatches:
+ commands.append(cmd)
+ logger.debug("Finished parsing sudo sessions")
+
+ auth_data = Data(subtitle=plural("sudo session", num) + " for")
+
+ if (len(users) == 1):
+ logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
+ auth_data.subtitle += ' ' + users[0][0]
else:
- users[exists[0]][1] += 1
- commands = []
- cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(config.prefs['logs']['auth']))
- for cmd in cmatches:
- commands.append(cmd)
- logger.debug("Finished parsing sudo sessions")
-
- auth_data = Data(subtitle=plural("sudo session", num) + " for")
-
- if (len(users) == 1):
- logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
- auth_data.subtitle += ' ' + users[0][0]
- else:
- for user in users:
- auth_data.items.append(user[0] + ' (' + str(user[1]) + ')')
- logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
- section.append_data(auth_data)
-
- if (len(commands) > 0):
- command_data = Data(subtitle="top sudo commands")
- commands = backticks(commands)
- command_data.items = commands
- command_data.orderbyfreq()
- command_data.truncl(config.prefs['maxcmd'])
- section.append_data(command_data)
-
- logger.info("Finished sudo section")
-
- return section
+ for user in users:
+ auth_data.items.append(user[0] + ' (' + str(user[1]) + ')')
+ logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
+ section.append_data(auth_data)
+
+ if (len(commands) > 0):
+ command_data = Data(subtitle="top sudo commands")
+ commands = backticks(commands)
+ command_data.items = commands
+ command_data.orderbyfreq()
+ command_data.truncl(prefs.getint("logparse", "maxcmd"))
+ section.append_data(command_data)
+
+ logger.info("Finished sudo section")
+
+ return section