better logline parsing

This commit is contained in:
root 2017-12-03 20:23:01 +00:00
parent 0a8194b941
commit 5e1fbb2266

View file

@ -33,11 +33,15 @@ def parse_logstr(string):
# '2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 # '2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679
# tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK' # tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK'
# I really need to parse the uid, cwd and the command out of that. # I really need to parse the uid, cwd and the command out of that.
# '[uid:123 sid:440 tty:/dev/pts/4 cwd:/root filename:/bin/chmod]: AAAA BBBBBB CCCCCCCC'
# THIS IS WHAT WE PARSE NOW.
splitted = string.split(':') splitted = string.split(':')
command = splitted[-1].strip() command = splitted[-1].strip()
k = string.find('[') k = string.find('[')
important = string[string.find('[', k + 1):] important = string[k:]
lst = important.replace('[', '').replace(']', '').split() lst = important.replace('[', '').replace(']', '').split()
@ -46,7 +50,7 @@ def parse_logstr(string):
uid = [e[1] for e in s if e[0] == 'uid'][0] uid = [e[1] for e in s if e[0] == 'uid'][0]
cwd = [e[1] for e in s if e[0] == 'cwd'][0] cwd = [e[1] for e in s if e[0] == 'cwd'][0]
return uid, cwd, command return int(uid), cwd, command
async def read_msg(reader): async def read_msg(reader):