chg: [sshd] wip - not functional

Author: gallypette

logparser/parser.go

@@ -6,7 +6,7 @@ type (
 	//  Parse to parse a line of log
 	//  GetAttributes to get list of attributes (map keys)
 	Parser interface {
-		Parse() error
+		Parse(string) error
 		Push() error
 		Pop() map[string]string
 	}

logparser/sshd.go

@@ -1,6 +1,14 @@
 package logparser
 
-import "github.com/gomodule/redigo/redis"
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"strconv"
+	"time"
+
+	"github.com/gomodule/redigo/redis"
+)
 
 // Sshd is a struct that corresponds to a line
 type Sshd struct {
@@ -26,8 +34,52 @@ func New(rconn *redis.Conn) *SshdParser {
 }
 
 // Parse parses a line of sshd log
-func (s *SshdParser) Parse() error {
-	//TODO
+func (s *SshdParser) Parse(logline string) error {
+	r := *s.r
+	re := regexp.MustCompile(`^(?P<date>[[:alpha:]]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) (?P<host>[^ ]+) sshd\[[[:alnum:]]+\]: Invalid user (?P<username>[^ ]+) from (?P<src>.*$)`)
+	n1 := re.SubexpNames()
+	r2 := re.FindAllStringSubmatch(logline, -1)[0]
+
+	// Build the group map for the line
+	md := map[string]string{}
+	for i, n := range r2 {
+		// fmt.Printf("%d. match='%s'\tname='%s'\n", i, n, n1[i])
+		md[n1[i]] = n
+	}
+
+	// Assumes the system parses logs recorded during the current year
+	md["date"] = fmt.Sprintf("%v %v", md["date"], time.Now().Year())
+	// Make this automatic or a config parameter
+	loc, _ := time.LoadLocation("Europe/Luxembourg")
+	parsedTime, _ := time.ParseInLocation("Jan 02 15:04:05 2006", md["date"], loc)
+	md["date"] = string(strconv.FormatInt(parsedTime.Unix(), 10))
+
+	// Pushing logline in redis
+	redislog := fmt.Sprintf("HMSET %v:%v username \"%v\" src \"%v\"", md["date"], md["host"], md["username"], md["src"])
+	a, err := r.Do(redislog)
+	fmt.Println(a)
+	if err != nil {
+		log.Fatal("Could connect to the Redis database")
+	}
+	today := time.Now()
+	// Statistics
+	dailysrc := fmt.Sprintf("ZINCBY %v%v%v:statssrc 1 %v", today.Year(), int(today.Month()), today.Day(), md["src"])
+	_, err = r.Do(dailysrc)
+	if err != nil {
+		log.Fatal("Could connect to the Redis database")
+	}
+	dailyusername := fmt.Sprintf("ZINCBY %v%v%v:statsusername 1 %v", today.Year(), int(today.Month()), today.Day(), md["username"])
+	fmt.Println(dailyusername)
+	_, err = r.Do(dailyusername)
+	if err != nil {
+		log.Fatal("Could connect to the Redis database")
+	}
+	dailyhost := fmt.Sprintf("ZINCBY %v%v%v:statshost 1 %v", today.Year(), int(today.Month()), today.Day(), md["host"])
+	_, err = r.Do(dailyhost)
+	if err != nil {
+		log.Fatal("Could connect to the Redis database")
+	}
+
 	return nil
 }
 

main.go

@@ -10,6 +10,8 @@ import (
 	"strings"
 	"time"
 
+	"bufio"
+
 	"github.com/D4-project/analyzer-d4-log/logparser"
 	config "github.com/D4-project/d4-golang-utils/config"
 	"github.com/gomodule/redigo/redis"
@@ -122,7 +124,7 @@ func main() {
 		log.Fatal("Missing Database Count in Redis config: should be host:port/max number of DB")
 	}
 	rp.redisDBCount, _ = strconv.Atoi(ss[1])
-	ret, ss[0] = config.IsNet(string(tmp))
+	ret, ss[0] = config.IsNet(ss[0])
 	if !ret {
 		sss := strings.Split(string(ss[0]), ":")
 		rp.redisHost = sss[0]
@@ -132,17 +134,21 @@ func main() {
 	// Create a connection Pool
 	redisParsers = newPool(rp.redisHost+":"+rp.redisPort, rp.redisDBCount)
 
+	var torun = []logparser.Parser{}
 	// Init parser depending on the parser flags:
 	if *all {
 		// Init all parsers
-		var torun = []logparser.Parser{}
 		for _, v := range parsers {
 			switch v {
 			case "sshd":
 				var sshdrcon, err = redisParsers.Dial()
 				if err != nil {
 					log.Fatal("Could not connect to Parser Redis")
 				}
+				_, err = sshdrcon.Do("PING")
+				if err != nil {
+					log.Fatal("Could connect to the Redis database")
+				}
 				sshd := logparser.New(&sshdrcon)
 				torun = append(torun, sshd)
 			}
@@ -151,8 +157,31 @@ func main() {
 		log.Println("TODO should run specific parser here")
 	}
 
-	// Run the parsers
-	log.Println("TODO should run the parsers here")
+	f, err = os.Open("./test_seed.log")
+	if err != nil {
+		log.Fatalf("Error opening test file: %v", err)
+	}
+	defer f.Close()
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+
+		// Pop D4 redis queue
+		//for {
+
+		// err := errors.New("")
+		// logline, err := redis.String(redisD4.Do("LPOP", "analyzer:3:"+rd4.redisQueue))
+		logline := scanner.Text()
+		// if err != nil {
+		// log.Fatal(err)
+		// }
+		// fmt.Println(logline)
+
+		// Run the parsers
+		for _, v := range torun {
+			v.Parse(logline)
+		}
+
+	}
 
 	log.Println("Exit")
 }