Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- import time
- from datetime import datetime
- import smtplib
- from email.mime.multipart import MIMEMultipart
- from email.mime.text import MIMEText
- from pathlib import Path
- '''
- Not very user friendly at this point....
- Run this as a cron to monitor log files for certain activity.
- */4 * * * * /usr/bin/python3 /scripts/logmonitor.py
- '''
- def Get_Current_Time():
- day = time.strftime("%Y%m%d_")
- clock = time.strftime("%H%M%S")
- timestamp = day+clock
- time_obj = datetime.strptime(timestamp[:19], "%Y%m%d_%H%M%S")
- return time_obj
- def sendnotificationmail(subject,email_contents):
- gmail_user = ''
- gmail_password = ''
- to_email = ''
- # create message object
- msg = MIMEMultipart()
- # fill in all the normal email parts
- msg['Subject'] = subject
- msg['From'] = gmail_user
- msg['To'] = to_email
- SERVER = "smtp.gmail.com:465"
- body = email_contents
- msg.attach(MIMEText(body))
- server = smtplib.SMTP_SSL(SERVER)
- server.ehlo()
- server.login(gmail_user , gmail_password)
- server.sendmail(msg['From'], msg['To'], msg.as_string())
- server.quit()
- def Log_File_Search(log_file,search_term):
- search_results = []
- file_to_search = Path(log_file)
- if file_to_search.is_file():
- with open(file_to_search) as log_to_search:
- for line in log_to_search:
- if search_term in line:
- search_results.append(line)
- else:
- # If the log file doesn't exist, note that in the results
- search_results.append(log_file + ' not found!')
- return search_results
- # Function for parsing through Ubuntu auth.log and syslog timestamps
- # Sep 13 11:13:59 kali-pontiac sshd[4835]: Accepted password for root from 10.0.0.100 port 63208 ssh2
- def Get_Events_in_Hour(search_results):
- events_dict = {}
- for result in search_results:
- year = time.strftime("%Y")
- month = time.strftime("%m")
- day = result.split(" ")[1]
- hourminute = result.split(" ")[2].replace(':','')
- log_timestamp = year + month + day + '_' + hourminute
- time_key = datetime.strptime(log_timestamp[:19], "%Y%m%d_%H%M%S")
- time_diff = current_time - time_key
- time_diff_mins = int(round(time_diff.total_seconds() / 60))
- if time_diff_mins < 5:
- events_dict[time_key] = result
- else:
- pass
- return events_dict
- #log_file = '/var/log/auth.log'
- #search_term = 'Accepted'
- current_time = Get_Current_Time()
- search_dictionary = {}
- search_dictionary['/var/log/auth.log'] = 'Accepted'
- search_dictionary['/var/log/syslog'] = 'SENT CONTROL'
- for log_file in search_dictionary:
- search_term = search_dictionary[log_file]
- search_results = Log_File_Search(log_file,search_term)
- if len(search_results) == 0:
- pass
- else:
- last_hour = Get_Events_in_Hour(search_results)
- if len(last_hour) > 0:
- subject = 'Activity for \"' + search_term + '\" in ' + log_file + ' - ' + str(current_time)
- email_contents = ''
- for log_entry in last_hour.values():
- email_contents += log_entry
- sendnotificationmail(subject,email_contents)
Add Comment
Please, Sign In to add comment