Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import sys
- import os
- import time
- import subprocess
- class pythonSnortLogWatcher:
- def __init__(self,path):
- self.f = open(path)
- self.f.read()
- self.priorityTwoColorBegin = "<span color='#FF6600'>"
- self.priorityOneColorBegin = "<span color='#FF0000'>"
- self.colorEnd = "</span>"
- self.welcomeMessage()
- def welcomeMessage(self):
- subprocess.call(['notify-send','-t','5000',
- 'Intrusion Detection System Activated'])
- def run(self):
- while True:
- line = self.f.read()
- if len(line) != 0:
- self.processLine(line)
- time.sleep(0.2)
- def processLine(self,line):
- newLine = self.parseLine(line)
- if len(newLine) != 0:
- subprocess.call(['notify-send','-t','5000',newLine.strip()])
- def parseLine(self,line):
- if line.rfind('BLEEDING-EDGE SCAN') != -1:
- return self.parseScanLine(line)
- elif line.rfind('http_inspect') != -1:
- return self.parseHttpInspectLine(line)
- elif line.rfind('TCP Timestamp') != -1:
- return ""
- else:
- return self.parseDefaultLine(line)
- def parseScanLine(self,line):
- sliceOfString = line.split('BLEEDING-EDGE')[1]
- newString = sliceOfString.replace('[**]','')
- newString = newString.replace('[Classification: Attempted Information Leak]','')
- newString = newString.replace('[Priority: 2]','')
- return self.checkPriority(line,newString)
- def parseHttpInspectLine(self,line):
- sliceOfString = line.split('(')[1]
- newString = sliceOfString.replace(')','')
- newString = newString.replace('[Priority: 3]','')
- newString = newString.replace('[**]','')
- return self.checkPriority(line,newString)
- def parseDefaultLine(self,line):
- return self.checkPriority(line,line)
- def checkPriority(self,originalLine,newLine):
- if originalLine.rfind("Priority: 3") != -1:
- return newLine
- if originalLine.rfind("Priority: 2") != -1:
- return self.priorityTwoColorBegin + newLine + self.colorEnd
- if originalLine.rfind("Priority: 1") != -1:
- return self.priorityOneColorBegin + newLine + self.colorEnd
- #-- [ Main ] --------------------------------------------------#
- if __name__ == '__main__':
- logger = pythonSnortLogWatcher('/var/log/snort/alert')
- logger.run()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement