D4
/
analyzer-d4-log
mirror of https://github.com/D4-project/analyzer-d4-log
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [sshd] sshd parses logline and pushed to redis

nifi
Jean-Louis Huynen 2020-01-28 10:48:19 +01:00
parent 62d6ed2c75
commit 75a917b6b8
No known key found for this signature in database
GPG Key ID: 64799157F4BD6B93
4 changed files with 41 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf.sample/redis
View File

@ -1 +0,0 @@
localhost:6380/2

7
logparser/parser.go
View File

@ -1,13 +1,14 @@
package logparser package logparser
import "github.com/gomodule/redigo/redis"
type ( type (
// Parser provides the interface for a Parser // Parser provides the interface for a Parser
// It should provide: // It should provide:
// Set to assign a redis connection to it
// Parse to parse a line of log // Parse to parse a line of log
// GetAttributes to get list of attributes (map keys)
Parser interface { Parser interface {
Set(*redis.Conn)
Parse(string) error Parse(string) error
Push() error
Pop() map[string]string
} }
) )

77
logparser/sshd.go
View File

@ -2,7 +2,6 @@ package logparser
import ( import (
"fmt" "fmt"
"log"
"regexp" "regexp"
"strconv" "strconv"
"time" "time"
@ -10,27 +9,15 @@ import (
"github.com/gomodule/redigo/redis" "github.com/gomodule/redigo/redis"
) )
// Sshd is a struct that corresponds to a line
type Sshd struct {
Date string
Host string
User string
Src string
}
// SshdParser Holds a struct that corresponds to a sshd log line // SshdParser Holds a struct that corresponds to a sshd log line
// and the redis connection // and the redis connection
type SshdParser struct { type SshdParser struct {
logs Sshd r *redis.Conn
r *redis.Conn
} }
// New Creates a new sshd parser // Set set the redic connection to this parser
func New(rconn *redis.Conn) *SshdParser { func (s *SshdParser) Set(rconn *redis.Conn) {
return &SshdParser{ s.r = rconn
logs: Sshd{},
r: rconn,
}
} }
// Parse parses a line of sshd log // Parse parses a line of sshd log
@ -54,43 +41,37 @@ func (s *SshdParser) Parse(logline string) error {
parsedTime, _ := time.ParseInLocation("Jan 02 15:04:05 2006", md["date"], loc) parsedTime, _ := time.ParseInLocation("Jan 02 15:04:05 2006", md["date"], loc)
md["date"] = string(strconv.FormatInt(parsedTime.Unix(), 10)) md["date"] = string(strconv.FormatInt(parsedTime.Unix(), 10))
// Pushing logline in redis // Pushing loglines in database 0
redislog := fmt.Sprintf("HMSET %v:%v username \"%v\" src \"%v\"", md["date"], md["host"], md["username"], md["src"]) if _, err := r.Do("SELECT", 0); err != nil {
a, err := r.Do(redislog) r.Close()
fmt.Println(a) return err
if err != nil {
log.Fatal("Could connect to the Redis database")
} }
today := time.Now() _, err := redis.Bool(r.Do("HSET", fmt.Sprintf("%v:%v", md["date"], md["host"]), "username", md["username"], "src", md["src"]))
// Statistics
dailysrc := fmt.Sprintf("ZINCBY %v%v%v:statssrc 1 %v", today.Year(), int(today.Month()), today.Day(), md["src"])
_, err = r.Do(dailysrc)
if err != nil { if err != nil {
log.Fatal("Could connect to the Redis database") r.Close()
return err
} }
dailyusername := fmt.Sprintf("ZINCBY %v%v%v:statsusername 1 %v", today.Year(), int(today.Month()), today.Day(), md["username"])
fmt.Println(dailyusername) // Pushing statistics in database 1
_, err = r.Do(dailyusername) if _, err := r.Do("SELECT", 1); err != nil {
if err != nil { r.Close()
log.Fatal("Could connect to the Redis database") return err
} }
dailyhost := fmt.Sprintf("ZINCBY %v%v%v:statshost 1 %v", today.Year(), int(today.Month()), today.Day(), md["host"]) _, err = redis.String(r.Do("ZINCRBY", fmt.Sprintf("%v%v%v:statssrc", parsedTime.Year(), int(parsedTime.Month()), parsedTime.Day()), 1, md["src"]))
_, err = r.Do(dailyhost)
if err != nil { if err != nil {
log.Fatal("Could connect to the Redis database") r.Close()
return err
}
_, err = redis.String(r.Do("ZINCRBY", fmt.Sprintf("%v%v%v:statsusername", parsedTime.Year(), int(parsedTime.Month()), parsedTime.Day()), 1, md["username"]))
if err != nil {
r.Close()
return err
}
_, err = redis.String(r.Do("ZINCRBY", fmt.Sprintf("%v%v%v:statshost", parsedTime.Year(), int(parsedTime.Month()), parsedTime.Day()), 1, md["host"]))
if err != nil {
r.Close()
return err
} }
return nil return nil
} }
// Push pushed the parsed line into redis
func (s *SshdParser) Push() error {
//TODO
return nil
}
// Pop returns the list of attributes
func (s *SshdParser) Pop() map[string]string {
//TODO
return nil
}

11
main.go
View File

@ -111,6 +111,7 @@ func main() {
} }
rd4.redisQueue = string(config.ReadConfigFile(*confdir, "redis_queue")) rd4.redisQueue = string(config.ReadConfigFile(*confdir, "redis_queue"))
// Connect to D4 Redis // Connect to D4 Redis
// TODO use DialOptions to Dial with a timeout
redisD4, err = redis.Dial("tcp", rd4.redisHost+":"+rd4.redisPort, redis.DialDatabase(rd4.redisDB)) redisD4, err = redis.Dial("tcp", rd4.redisHost+":"+rd4.redisPort, redis.DialDatabase(rd4.redisDB))
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -149,8 +150,9 @@ func main() {
if err != nil { if err != nil {
log.Fatal("Could connect to the Redis database") log.Fatal("Could connect to the Redis database")
} }
sshd := logparser.New(&sshdrcon) sshd := logparser.SshdParser{}
torun = append(torun, sshd) sshd.Set(&sshdrcon)
torun = append(torun, &sshd)
} }
} }
} else if *specific != "" { } else if *specific != "" {
@ -178,7 +180,10 @@ func main() {
// Run the parsers // Run the parsers
for _, v := range torun { for _, v := range torun {
v.Parse(logline) err := v.Parse(logline)
if err != nil {
log.Fatal(err)
}
} }
} }