diff options
-rw-r--r-- | LogActio/Reporters/IPTipset.py | 9 | ||||
-rw-r--r-- | LogActio/Reporters/SMTPreporter.py | 14 |
2 files changed, 17 insertions, 6 deletions
diff --git a/LogActio/Reporters/IPTipset.py b/LogActio/Reporters/IPTipset.py index a628574..7c499aa 100644 --- a/LogActio/Reporters/IPTipset.py +++ b/LogActio/Reporters/IPTipset.py @@ -92,6 +92,7 @@ class IPTipset(LogActio.ReporterQueue.ReporterQueue): self.__iptchainsjump = False self.__iptchaininserts = False self.__ipset_save = False + self.__idx = 0 if "ipset-name" not in config: raise Exception("IPTipset is missing in ipset name") @@ -302,8 +303,12 @@ class IPTipset(LogActio.ReporterQueue.ReporterQueue): raise ValueError except ValueError: - self.__log(2, "[IPTipset] {Rule %s} Adding IP address %s to ipset '%s' based on entry in log file '%s' with the threshold %i after %i hits" % - (m["rulename"], m["ipaddress"], self.__ipsetname, m["logfile"], m["threshold"], m["count"])) + self.__idx += 1 + + self.__log(2, "[IPTipset] {%i} {Rule %s} Logfile: %s, Threshold: %i, Count: %i -- Adding IP address %s to ipset '%s'" % + (self.__idx, m["rulename"], m["logfile"], m["threshold"], m["count"], + m["ipaddress"], self.__ipsetname)) + self.__call_ipset("add", m["ipaddress"]) registered.append(m["ipaddress"]) diff --git a/LogActio/Reporters/SMTPreporter.py b/LogActio/Reporters/SMTPreporter.py index 3438dc0..5781bff 100644 --- a/LogActio/Reporters/SMTPreporter.py +++ b/LogActio/Reporters/SMTPreporter.py @@ -64,6 +64,7 @@ class SMTPreporter(ReporterQueue.ReporterQueue): self.__smtpuser = "smtp_username" in config and config["smtp_username"] or None self.__smtppass = "smtp_password" in config and config["smtp_password"] or None self.__sslmode = "sslmode" in config and config["sslmode"] or None + self.__idx = 0; if (self.__smtpuser and not self.__smtppass) or (not self.__smtpuser and self.__smtppass): raise Exception("SMTPreporter must have both smtp_username and smtp_password") @@ -120,15 +121,20 @@ class SMTPreporter(ReporterQueue.ReporterQueue): smtp.login(self.__smtpuser, self.__smtppass) smtp.sendmail(self.__sender, self.__recipients, msg.as_string()) - self.__log(1, "Report sent to: %s" % ", ".join(self.__recipients)) + self.__idx += 1 + self.__log(1, "[SMTPReporter] {%i} {Rule %s} Logfile: %s, Threshold: %i, Count: %i -- Report sent to: %s" % + (self.__idx, m["rulename"], m["logfile"], m["threshold"], m["count"], ", ".join(self.__recipients))) + self.__log(2, "[SMTPReporter] {%i} Details: %s" % (self.__idx, str(m["msg"]))) smtp.quit() except Exception as e: - self.__log(0, "** ERROR ** SMTPreporter failed: %s" % str(e)) + self.__log(0, "** ERROR ** SMTPreporter failed: {%i} %s" % (self.__idx, str(e))) - def ProcessEvent(self, logfile, prefix, msg, count, threshold): + def ProcessEvent(self, logfile, rulename, msg, count, threshold): # Format the report message - msg = {"subject": "Alerts from %s" % logfile, + msg = {"rulename": rulename, "threshold": threshold, + "count": count, "logfile": logfile, "msg": msg, + "subject": "Alerts from %s" % logfile, "body": """ LogActio have detected %s events in the %s log file since it started running.\n The following information was extracted:\n |