D4
/
analyzer-d4-log
mirror of https://github.com/D4-project/analyzer-d4-log
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [sshd] wip - not functional

nifi
Jean-Louis Huynen 2020-01-27 16:07:09 +01:00
parent 3818bdab6b
commit 62d6ed2c75
No known key found for this signature in database
GPG Key ID: 64799157F4BD6B93
3 changed files with 89 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
logparser/parser.go
View File

@ -6,7 +6,7 @@ type (
// Parse to parse a line of log // Parse to parse a line of log
// GetAttributes to get list of attributes (map keys) // GetAttributes to get list of attributes (map keys)
Parser interface { Parser interface {
Parse() error Parse(string) error
Push() error Push() error
Pop() map[string]string Pop() map[string]string
} }

58
logparser/sshd.go
View File

@ -1,6 +1,14 @@
package logparser package logparser
import "github.com/gomodule/redigo/redis" import (
"fmt"
"log"
"regexp"
"strconv"
"time"
"github.com/gomodule/redigo/redis"
)
// Sshd is a struct that corresponds to a line // Sshd is a struct that corresponds to a line
type Sshd struct { type Sshd struct {
@ -26,8 +34,52 @@ func New(rconn *redis.Conn) *SshdParser {
} }
// Parse parses a line of sshd log // Parse parses a line of sshd log
func (s *SshdParser) Parse() error { func (s *SshdParser) Parse(logline string) error {
//TODO r := *s.r
re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
n1 := re.SubexpNames()
r2 := re.FindAllStringSubmatch(logline, -1)[0]
// Build the group map for the line
md := map[string]string{}
for i, n := range r2 {
// fmt.Printf("%d. match='%s'\tname='%s'\n", i, n, n1[i])
md[n1[i]] = n
}
// Assumes the system parses logs recorded during the current year
md["date"] = fmt.Sprintf("%v %v", md["date"], time.Now().Year())
// Make this automatic or a config parameter
loc, _ := time.LoadLocation("Europe/Luxembourg")
parsedTime, _ := time.ParseInLocation("Jan 02 15:04:05 2006", md["date"], loc)
md["date"] = string(strconv.FormatInt(parsedTime.Unix(), 10))
// Pushing logline in redis
redislog := fmt.Sprintf("HMSET %v:%v username \"%v\" src \"%v\"", md["date"], md["host"], md["username"], md["src"])
a, err := r.Do(redislog)
fmt.Println(a)
if err != nil {
log.Fatal("Could connect to the Redis database")
}
today := time.Now()
// Statistics
dailysrc := fmt.Sprintf("ZINCBY %v%v%v:statssrc 1 %v", today.Year(), int(today.Month()), today.Day(), md["src"])
_, err = r.Do(dailysrc)
if err != nil {
log.Fatal("Could connect to the Redis database")
}
dailyusername := fmt.Sprintf("ZINCBY %v%v%v:statsusername 1 %v", today.Year(), int(today.Month()), today.Day(), md["username"])
fmt.Println(dailyusername)
_, err = r.Do(dailyusername)
if err != nil {
log.Fatal("Could connect to the Redis database")
}
dailyhost := fmt.Sprintf("ZINCBY %v%v%v:statshost 1 %v", today.Year(), int(today.Month()), today.Day(), md["host"])
_, err = r.Do(dailyhost)
if err != nil {
log.Fatal("Could connect to the Redis database")
}
return nil return nil
} }

37
main.go
View File

@ -10,6 +10,8 @@ import (
"strings" "strings"
"time" "time"
"bufio"
"github.com/D4-project/analyzer-d4-log/logparser" "github.com/D4-project/analyzer-d4-log/logparser"
config "github.com/D4-project/d4-golang-utils/config" config "github.com/D4-project/d4-golang-utils/config"
"github.com/gomodule/redigo/redis" "github.com/gomodule/redigo/redis"
@ -122,7 +124,7 @@ func main() {
log.Fatal("Missing Database Count in Redis config: should be host:port/max number of DB") log.Fatal("Missing Database Count in Redis config: should be host:port/max number of DB")
} }
rp.redisDBCount, _ = strconv.Atoi(ss[1]) rp.redisDBCount, _ = strconv.Atoi(ss[1])
ret, ss[0] = config.IsNet(string(tmp)) ret, ss[0] = config.IsNet(ss[0])
if !ret { if !ret {
sss := strings.Split(string(ss[0]), ":") sss := strings.Split(string(ss[0]), ":")
rp.redisHost = sss[0] rp.redisHost = sss[0]
@ -132,10 +134,10 @@ func main() {
// Create a connection Pool // Create a connection Pool
redisParsers = newPool(rp.redisHost+":"+rp.redisPort, rp.redisDBCount) redisParsers = newPool(rp.redisHost+":"+rp.redisPort, rp.redisDBCount)
var torun = []logparser.Parser{}
// Init parser depending on the parser flags: // Init parser depending on the parser flags:
if *all { if *all {
// Init all parsers // Init all parsers
var torun = []logparser.Parser{}
for _, v := range parsers { for _, v := range parsers {
switch v { switch v {
case "sshd": case "sshd":
@ -143,6 +145,10 @@ func main() {
if err != nil { if err != nil {
log.Fatal("Could not connect to Parser Redis") log.Fatal("Could not connect to Parser Redis")
} }
_, err = sshdrcon.Do("PING")
if err != nil {
log.Fatal("Could connect to the Redis database")
}
sshd := logparser.New(&sshdrcon) sshd := logparser.New(&sshdrcon)
torun = append(torun, sshd) torun = append(torun, sshd)
} }
@ -151,8 +157,31 @@ func main() {
log.Println("TODO should run specific parser here") log.Println("TODO should run specific parser here")
} }
// Run the parsers f, err = os.Open("./test_seed.log")
log.Println("TODO should run the parsers here") if err != nil {
log.Fatalf("Error opening test file: %v", err)
}
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
// Pop D4 redis queue
//for {
// err := errors.New("")
// logline, err := redis.String(redisD4.Do("LPOP", "analyzer:3:"+rd4.redisQueue))
logline := scanner.Text()
// if err != nil {
// log.Fatal(err)
// }
// fmt.Println(logline)
// Run the parsers
for _, v := range torun {
v.Parse(logline)
}
}
log.Println("Exit") log.Println("Exit")
} }