| 18 |
# |
# |
| 19 |
|
|
| 20 |
__author__ = "Andrew Pollock <me@andrew.net.au>" |
__author__ = "Andrew Pollock <me@andrew.net.au>" |
| 21 |
__licence__ = "GPLv2" |
__license__ = "GPLv2" |
| 22 |
|
|
| 23 |
HOSTNAME_FIELD=3 |
HOSTNAME_FIELD=3 |
| 24 |
PREFIX_FIELD_START=4 |
PREFIX_FIELD_START=4 |
| 100 |
return options |
return options |
| 101 |
|
|
| 102 |
|
|
| 103 |
def get_prefix(ulogentry): |
def get_field_after_prefix(ulogentry): |
| 104 |
""" |
""" |
| 105 |
Return the prefix component of a ulog entry |
Return the index of the field after the prefix |
| 106 |
|
|
| 107 |
Args: |
Args: |
| 108 |
ulogentry: a list of strings representing one line of a ulog entry |
ulogentry: a list of strings representing one line of a ulog entry |
| 109 |
|
|
| 110 |
Returns: |
Returns: |
| 111 |
A list consisting of the prefix and the number of the field after the |
the index of the first field after the prefix |
|
prefix |
|
| 112 |
""" |
""" |
| 113 |
|
|
|
prefix=[] |
|
|
|
|
| 114 |
for component in xrange(PREFIX_FIELD_START, len(ulogentry)): |
for component in xrange(PREFIX_FIELD_START, len(ulogentry)): |
| 115 |
if not ulogentry[component].startswith(FIELD_AFTER_PREFIX): |
if not ulogentry[component].startswith(FIELD_AFTER_PREFIX): |
| 116 |
prefix.append(ulogentry[component]) |
continue |
| 117 |
else: |
else: |
| 118 |
break |
break |
| 119 |
|
|
| 121 |
# FIELD_AFTER_PREFIX, something is probably wrong |
# FIELD_AFTER_PREFIX, something is probably wrong |
| 122 |
|
|
| 123 |
if component == len(ulogentry): |
if component == len(ulogentry): |
| 124 |
return None |
return 0 |
| 125 |
else: |
else: |
| 126 |
return (" ".join(prefix), component) |
return component |
| 127 |
|
|
| 128 |
|
|
| 129 |
def process_log(options): |
def process_log(options): |
| 150 |
that. |
that. |
| 151 |
""" |
""" |
| 152 |
|
|
|
# TODO(apollock): This needs refactoring, there's too much duplication |
|
|
|
|
| 153 |
ips = set() |
ips = set() |
| 154 |
|
|
|
# TODO(apollock): exception handling! |
|
| 155 |
try: |
try: |
| 156 |
log = open(options.log) |
log = open(options.log) |
| 157 |
except IOError, e: |
except IOError, e: |
| 162 |
if not log_entry: |
if not log_entry: |
| 163 |
logging.debug("Reached the end of the file") |
logging.debug("Reached the end of the file") |
| 164 |
break |
break |
| 165 |
|
if len(log_entry) < PREFIX_FIELD_START + SRC_FIELD_OFFSET: |
| 166 |
|
# We've got a unexpected log entry |
| 167 |
|
# This should avoid any IndexError exceptions |
| 168 |
|
logging.critical("Ignoring unexpected log entry: %s" % (" ".join(log_entry))) |
| 169 |
|
continue |
| 170 |
if options.hostname and log_entry[HOSTNAME_FIELD] != options.hostname: |
if options.hostname and log_entry[HOSTNAME_FIELD] != options.hostname: |
| 171 |
logging.debug("Entry not for the host we're looking for") |
logging.debug("Entry not for the host we're looking for") |
| 172 |
continue |
continue |
| 173 |
# We know where the prefix starts (if there is one) |
# We know where the prefix starts (if there is one) |
| 174 |
if log_entry[PREFIX_FIELD_START].startswith(FIELD_AFTER_PREFIX): |
if options.prefix and log_entry[PREFIX_FIELD_START].startswith(FIELD_AFTER_PREFIX): |
| 175 |
# We have an entry with no prefix at all |
# We have an entry with no prefix at all, but we're looking for entries |
| 176 |
|
# with a prefix so therefore this entry is automatically not what we're |
| 177 |
|
# looking for |
| 178 |
logging.debug("Entry has no prefix") |
logging.debug("Entry has no prefix") |
| 179 |
if options.prefix: |
continue |
|
continue |
|
|
else: |
|
|
# We need to build the prefix and check |
|
|
(prefix, next_field) = get_prefix(log_entry) |
|
|
if prefix and prefix == options.prefix: |
|
|
# We have a valid line to work with |
|
|
ips.add(log_entry[next_field + SRC_FIELD_OFFSET].split("SRC=")[1]) |
|
|
else: |
|
|
logging.debug("(1) Entry not for the prefix we're looking for") |
|
|
continue |
|
| 180 |
else: |
else: |
| 181 |
# We have part of the prefix and need to build it |
# We have a prefixed entry, or we're looking for one |
| 182 |
(prefix, next_field) = get_prefix(log_entry) |
next_field = get_field_after_prefix(log_entry) |
| 183 |
if prefix and prefix == options.prefix: |
if next_field and \ |
| 184 |
|
" ".join(log_entry[PREFIX_FIELD_START:next_field]) == options.prefix: |
| 185 |
# We have a valid line to work with |
# We have a valid line to work with |
| 186 |
ips.add(log_entry[next_field + SRC_FIELD_OFFSET].split("SRC=")[1]) |
ips.add(log_entry[next_field + SRC_FIELD_OFFSET].split("SRC=")[1]) |
| 187 |
else: |
else: |
| 202 |
ips: set of IP addresses to report |
ips: set of IP addresses to report |
| 203 |
""" |
""" |
| 204 |
|
|
| 205 |
|
# TODO(apollock): exception handling |
| 206 |
|
|
| 207 |
SUBMISSION_URL="http://blacklist.steve.org.uk/cgi-bin/report.cgi?src=%s" |
SUBMISSION_URL="http://blacklist.steve.org.uk/cgi-bin/report.cgi?src=%s" |
| 208 |
#SUBMISSION_URL="http://www.andrew.net.au/cgi-bin/report.cgi?src=%s" |
#SUBMISSION_URL="http://www.andrew.net.au/cgi-bin/report.cgi?src=%s" |
| 209 |
|
|
| 210 |
for ip in ips: |
for ip in ips: |
| 211 |
if not options.dryrun: |
if not options.dryrun: |
| 212 |
result = urllib.urlopen(SUBMISSION_URL % (ip)) |
result = urllib.urlopen(SUBMISSION_URL % (ip)) |
| 213 |
logging.info("%s: %s" % (ip, "".join(result.readlines()).rstrip())) |
logging.info("%16s: %s" % (ip, "".join(result.readlines()).rstrip())) |
| 214 |
result.close() |
result.close() |
| 215 |
else: |
else: |
| 216 |
print SUBMISSION_URL % (ip) |
print SUBMISSION_URL % (ip) |
| 217 |
|
|
| 218 |
|
|
| 219 |
def main(): |
def main(): |
| 220 |
options = process_options() |
options = process_options() |
| 221 |
|
|
Parent Directory
| 
Revision Log
| 
Patch