#!/usr/bin/python3 import timefrom datetime import datetimeimport smtplibfro

1. #!/usr/bin/python3
2. import time
3. from datetime import datetime
4. import smtplib
5. from email.mime.multipart import MIMEMultipart
6. from email.mime.text import MIMEText
7. from pathlib import Path
8.  
9. '''
10. Not very user friendly at this point....
11. Run this as a cron to monitor log files for certain activity.
12. */4 * * * * /usr/bin/python3 /scripts/logmonitor.py
13. '''
14.  
15. def Get_Current_Time():
16. day = time.strftime("%Y%m%d_")
17. clock = time.strftime("%H%M%S")
18. timestamp = day+clock
19. time_obj = datetime.strptime(timestamp[:19], "%Y%m%d_%H%M%S")
20. return time_obj
21.  
22. def sendnotificationmail(subject,email_contents):
23. gmail_user = ''
24. gmail_password = ''
25. to_email = ''
26. # create message object
27. msg = MIMEMultipart()
28. # fill in all the normal email parts
29. msg['Subject'] = subject
30. msg['From'] = gmail_user
31. msg['To'] = to_email
32. SERVER = "smtp.gmail.com:465"
33. body = email_contents
34. msg.attach(MIMEText(body))
35. server = smtplib.SMTP_SSL(SERVER)
36. server.ehlo()
37. server.login(gmail_user , gmail_password)
38. server.sendmail(msg['From'], msg['To'], msg.as_string())
39. server.quit()
40.  
41.  
42. def Log_File_Search(log_file,search_term):
43. search_results = []
44. file_to_search = Path(log_file)
45. if file_to_search.is_file():
46. with open(file_to_search) as log_to_search:
47. for line in log_to_search:
48. if search_term in line:
49. search_results.append(line)
50. else:
51. # If the log file doesn't exist, note that in the results
52. search_results.append(log_file + ' not found!')
53. return search_results
54.  
55. # Function for parsing through Ubuntu auth.log and syslog timestamps
56. # Sep 13 11:13:59 kali-pontiac sshd[4835]: Accepted password for root from 10.0.0.100 port 63208 ssh2
57.  
58. def Get_Events_in_Hour(search_results):
59. events_dict = {}
60. for result in search_results:
61. year = time.strftime("%Y")
62. month = time.strftime("%m")
63. day = result.split(" ")[1]
64. hourminute = result.split(" ")[2].replace(':','')
65. log_timestamp = year + month + day + '_' + hourminute
66. time_key = datetime.strptime(log_timestamp[:19], "%Y%m%d_%H%M%S")
67. time_diff = current_time - time_key
68. time_diff_mins = int(round(time_diff.total_seconds() / 60))
69. if time_diff_mins < 5:
70. events_dict[time_key] = result
71. else:
72. pass
73. return events_dict
74.  
75. #log_file = '/var/log/auth.log'
76. #search_term = 'Accepted'
77.  
78. current_time = Get_Current_Time()
79. search_dictionary = {}
80. search_dictionary['/var/log/auth.log'] = 'Accepted'
81. search_dictionary['/var/log/syslog'] = 'SENT CONTROL'
82.  
83. for log_file in search_dictionary:
84. search_term = search_dictionary[log_file]
85. search_results = Log_File_Search(log_file,search_term)
86. if len(search_results) == 0:
87. pass
88. else:
89. last_hour = Get_Events_in_Hour(search_results)
90. if len(last_hour) > 0:
91. subject = 'Activity for \"' + search_term + '\" in ' + log_file + ' - ' + str(current_time)
92. email_contents = ''
93. for log_entry in last_hour.values():
94. email_contents += log_entry
95. sendnotificationmail(subject,email_contents)