feat: parse RFC 5424 fields and msg directly in backend
This commit is contained in:
@@ -20,9 +20,19 @@ class SQLiteRepository(BaseRepository):
|
||||
service TEXT,
|
||||
event_type TEXT,
|
||||
attacker_ip TEXT,
|
||||
raw_line TEXT
|
||||
raw_line TEXT,
|
||||
fields TEXT,
|
||||
msg TEXT
|
||||
)
|
||||
""")
|
||||
try:
|
||||
await db.execute("ALTER TABLE logs ADD COLUMN fields TEXT")
|
||||
except aiosqlite.OperationalError:
|
||||
pass
|
||||
try:
|
||||
await db.execute("ALTER TABLE logs ADD COLUMN msg TEXT")
|
||||
except aiosqlite.OperationalError:
|
||||
pass
|
||||
# Users table (internal RBAC)
|
||||
await db.execute("""
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
@@ -44,25 +54,29 @@ class SQLiteRepository(BaseRepository):
|
||||
timestamp = log_data.get("timestamp")
|
||||
if timestamp:
|
||||
await db.execute(
|
||||
"INSERT INTO logs (timestamp, decky, service, event_type, attacker_ip, raw_line) VALUES (?, ?, ?, ?, ?, ?)",
|
||||
"INSERT INTO logs (timestamp, decky, service, event_type, attacker_ip, raw_line, fields, msg) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
|
||||
(
|
||||
timestamp,
|
||||
log_data.get("decky"),
|
||||
log_data.get("service"),
|
||||
log_data.get("event_type"),
|
||||
log_data.get("attacker_ip"),
|
||||
log_data.get("raw_line")
|
||||
log_data.get("raw_line"),
|
||||
log_data.get("fields"),
|
||||
log_data.get("msg")
|
||||
)
|
||||
)
|
||||
else:
|
||||
await db.execute(
|
||||
"INSERT INTO logs (decky, service, event_type, attacker_ip, raw_line) VALUES (?, ?, ?, ?, ?)",
|
||||
"INSERT INTO logs (decky, service, event_type, attacker_ip, raw_line, fields, msg) VALUES (?, ?, ?, ?, ?, ?, ?)",
|
||||
(
|
||||
log_data.get("decky"),
|
||||
log_data.get("service"),
|
||||
log_data.get("event_type"),
|
||||
log_data.get("attacker_ip"),
|
||||
log_data.get("raw_line")
|
||||
log_data.get("raw_line"),
|
||||
log_data.get("fields"),
|
||||
log_data.get("msg")
|
||||
)
|
||||
)
|
||||
await db.commit()
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
@@ -149,6 +149,7 @@ def _get_json_logger() -> logging.Logger:
|
||||
return _json_logger
|
||||
|
||||
|
||||
|
||||
def write_syslog_file(line: str) -> None:
|
||||
"""Append a syslog line to the rotating log file."""
|
||||
try:
|
||||
@@ -176,12 +177,24 @@ def write_syslog_file(line: str) -> None:
|
||||
if m:
|
||||
ts_raw, decky, service, event_type, sd_rest = m.groups()
|
||||
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
fields = {}
|
||||
msg = ""
|
||||
|
||||
if sd_rest.startswith("-"):
|
||||
msg = sd_rest[1:].lstrip()
|
||||
elif sd_rest.startswith("["):
|
||||
block = _SD_BLOCK_RE.search(sd_rest)
|
||||
if block:
|
||||
for k, v in _PARAM_RE.findall(block.group(1)):
|
||||
fields[k] = v.replace('\\"', '"').replace("\\\\", "\\").replace("\\]", "]")
|
||||
|
||||
# extract msg after the block
|
||||
msg_match = re.search(r'\]\s+(.+)$', sd_rest)
|
||||
if msg_match:
|
||||
msg = msg_match.group(1).strip()
|
||||
else:
|
||||
msg = sd_rest
|
||||
|
||||
attacker_ip = "Unknown"
|
||||
for fname in _IP_FIELDS:
|
||||
if fname in fields:
|
||||
@@ -200,6 +213,8 @@ def write_syslog_file(line: str) -> None:
|
||||
"service": service,
|
||||
"event_type": event_type,
|
||||
"attacker_ip": attacker_ip,
|
||||
"fields": json.dumps(fields),
|
||||
"msg": msg,
|
||||
"raw_line": line
|
||||
}
|
||||
_get_json_logger().info(json.dumps(payload))
|
||||
|
||||
Reference in New Issue
Block a user