diff options
author | David Sommerseth <dazo@eurephia.org> | 2020-07-30 21:50:56 +0200 |
---|---|---|
committer | David Sommerseth <dazo@eurephia.org> | 2020-07-30 21:54:27 +0200 |
commit | 6e5f225464496b655d4cb6a2189a89fc70dc329f (patch) | |
tree | 08edd745f6f47523d6a0a1cb0a9a10dbd6f4cbc6 | |
parent | 1d457e9677847c22df02096b6c59c7873451916d (diff) | |
download | logactio-6e5f225464496b655d4cb6a2189a89fc70dc329f.tar.gz logactio-6e5f225464496b655d4cb6a2189a89fc70dc329f.tar.xz logactio-6e5f225464496b655d4cb6a2189a89fc70dc329f.zip |
reporters: Improve log events in IPTipset and SMTPreporter
The information sent to the logs was unstructured and less ideal.
This unifies the log events to be similar and provide more useful
details and less static text.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
-rw-r--r-- | LogActio/Reporters/IPTipset.py | 9 | ||||
-rw-r--r-- | LogActio/Reporters/SMTPreporter.py | 14 |
2 files changed, 17 insertions, 6 deletions
diff --git a/LogActio/Reporters/IPTipset.py b/LogActio/Reporters/IPTipset.py index a628574..7c499aa 100644 --- a/LogActio/Reporters/IPTipset.py +++ b/LogActio/Reporters/IPTipset.py @@ -92,6 +92,7 @@ class IPTipset(LogActio.ReporterQueue.ReporterQueue): self.__iptchainsjump = False self.__iptchaininserts = False self.__ipset_save = False + self.__idx = 0 if "ipset-name" not in config: raise Exception("IPTipset is missing in ipset name") @@ -302,8 +303,12 @@ class IPTipset(LogActio.ReporterQueue.ReporterQueue): raise ValueError except ValueError: - self.__log(2, "[IPTipset] {Rule %s} Adding IP address %s to ipset '%s' based on entry in log file '%s' with the threshold %i after %i hits" % - (m["rulename"], m["ipaddress"], self.__ipsetname, m["logfile"], m["threshold"], m["count"])) + self.__idx += 1 + + self.__log(2, "[IPTipset] {%i} {Rule %s} Logfile: %s, Threshold: %i, Count: %i -- Adding IP address %s to ipset '%s'" % + (self.__idx, m["rulename"], m["logfile"], m["threshold"], m["count"], + m["ipaddress"], self.__ipsetname)) + self.__call_ipset("add", m["ipaddress"]) registered.append(m["ipaddress"]) diff --git a/LogActio/Reporters/SMTPreporter.py b/LogActio/Reporters/SMTPreporter.py index 3438dc0..5781bff 100644 --- a/LogActio/Reporters/SMTPreporter.py +++ b/LogActio/Reporters/SMTPreporter.py @@ -64,6 +64,7 @@ class SMTPreporter(ReporterQueue.ReporterQueue): self.__smtpuser = "smtp_username" in config and config["smtp_username"] or None self.__smtppass = "smtp_password" in config and config["smtp_password"] or None self.__sslmode = "sslmode" in config and config["sslmode"] or None + self.__idx = 0; if (self.__smtpuser and not self.__smtppass) or (not self.__smtpuser and self.__smtppass): raise Exception("SMTPreporter must have both smtp_username and smtp_password") @@ -120,15 +121,20 @@ class SMTPreporter(ReporterQueue.ReporterQueue): smtp.login(self.__smtpuser, self.__smtppass) smtp.sendmail(self.__sender, self.__recipients, msg.as_string()) - self.__log(1, "Report sent to: %s" % ", ".join(self.__recipients)) + self.__idx += 1 + self.__log(1, "[SMTPReporter] {%i} {Rule %s} Logfile: %s, Threshold: %i, Count: %i -- Report sent to: %s" % + (self.__idx, m["rulename"], m["logfile"], m["threshold"], m["count"], ", ".join(self.__recipients))) + self.__log(2, "[SMTPReporter] {%i} Details: %s" % (self.__idx, str(m["msg"]))) smtp.quit() except Exception as e: - self.__log(0, "** ERROR ** SMTPreporter failed: %s" % str(e)) + self.__log(0, "** ERROR ** SMTPreporter failed: {%i} %s" % (self.__idx, str(e))) - def ProcessEvent(self, logfile, prefix, msg, count, threshold): + def ProcessEvent(self, logfile, rulename, msg, count, threshold): # Format the report message - msg = {"subject": "Alerts from %s" % logfile, + msg = {"rulename": rulename, "threshold": threshold, + "count": count, "logfile": logfile, "msg": msg, + "subject": "Alerts from %s" % logfile, "body": """ LogActio have detected %s events in the %s log file since it started running.\n The following information was extracted:\n |