github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

- Improved log parsing speed. We remember the last position and restart from there when the file is modified 

- Added DNS lookup support
- Removed unused functions


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@81 a942ae1a-1317-0410-a47c-b1dcaea8d605
0.6
Cyril Jaquier 2005-03-06 17:49:41 +00:00
parent fa39e3b57d
commit 6fb00dc582
1 changed files with 18 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
logreader/logreader.py
View File

@ -26,6 +26,8 @@ __license__ = "GPL"
import os, sys, time, re import os, sys, time, re
from utils.dns import *
class LogReader: class LogReader:
""" Reads a log file and reports information about IP that make password """ Reads a log file and reports information about IP that make password
failure, bad user or anything else that is considered as doubtful login failure, bad user or anything else that is considered as doubtful login
@ -41,6 +43,7 @@ class LogReader:
self.ignoreIpList = [] self.ignoreIpList = []
self.lastModTime = 0 self.lastModTime = 0
self.logSys = logSys self.logSys = logSys
self.lastPos = 0
def setName(self, name): def setName(self, name):
""" Sets the name of the log reader. """ Sets the name of the log reader.
@ -98,13 +101,15 @@ class LogReader:
""" """
ipList = dict() ipList = dict()
logFile = self.openLogFile() logFile = self.openLogFile()
self.logSys.debug("Setting file position to " + `self.lastPos`)
logFile.seek(self.lastPos)
for line in logFile.readlines(): for line in logFile.readlines():
value = self.findFailure(line) failList = self.findFailure(line)
if value: for element in failList:
ip = value[0] ip = element[0]
unixTime = value[1] unixTime = element[1]
if unixTime < time.time()-self.findTime: if unixTime < time.time()-self.findTime:
continue break
if self.inIgnoreIPList(ip): if self.inIgnoreIPList(ip):
self.logSys.debug("Ignore "+ip) self.logSys.debug("Ignore "+ip)
continue continue
@ -113,6 +118,7 @@ class LogReader:
ipList[ip] = (ipList[ip][0]+1, unixTime) ipList[ip] = (ipList[ip][0]+1, unixTime)
else: else:
ipList[ip] = (1, unixTime) ipList[ip] = (1, unixTime)
self.lastPos = logFile.tell()
logFile.close() logFile.close()
return ipList return ipList
@ -123,16 +129,17 @@ class LogReader:
Returns a dict with IP and timestamp. Returns a dict with IP and timestamp.
""" """
match = self.matchLine(self.failregex, line) failList = list()
match = re.search(self.failregex, line)
if match: if match:
timeMatch = self.matchLine(self.timeregex, match.string) timeMatch = re.search(self.timeregex, match.string)
if timeMatch: if timeMatch:
date = self.getUnixTime(timeMatch.group()) date = self.getUnixTime(timeMatch.group())
ipMatch = self.matchAddress(match.string) ipMatch = textToIp(match.string)
if ipMatch: if ipMatch:
ip = ipMatch.group() for ip in ipMatch:
return [ip, date] failList.append([ip, date])
return None return failList
def getUnixTime(self, value): def getUnixTime(self, value):
""" Returns the Unix timestamp of the given value. """ Returns the Unix timestamp of the given value.
@ -144,17 +151,3 @@ class LogReader:
date[0] = time.gmtime()[0] date[0] = time.gmtime()[0]
unixTime = time.mktime(date) unixTime = time.mktime(date)
return unixTime return unixTime
def matchLine(self, pattern, line):
""" Checks if the line contains a pattern.
Return a match object.
"""
return re.search(pattern, line)
def matchAddress(self, line):
""" Return a match on the IP address present in
line.
"""
return self.matchLine("(?:\d{1,3}\.){3}\d{1,3}", line)