logdata-anomaly-miner 0.0.7-1 / etc / aminer / conf-available / generic / RsyslogParsingModel.py

This file is indexed.

/etc/aminer/conf-available/generic/RsyslogParsingModel.py is in logdata-anomaly-miner 0.0.7-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from aminer.parsing import DecimalIntegerValueModelElement
from aminer.parsing import DelimitedDataModelElement
from aminer.parsing import FirstMatchModelElement
from aminer.parsing import FixedDataModelElement
from aminer.parsing import SequenceModelElement

def getModel(userNameModel=None):
  """This function defines how to parse a su session information message
after any standard logging preamble, e.g. from syslog."""

  typeChildren=[]
  typeChildren.append(SequenceModelElement('gidchange', [
      FixedDataModelElement('s0', 'rsyslogd\'s groupid changed to '),
      DecimalIntegerValueModelElement('gid')
  ]))

  typeChildren.append(SequenceModelElement('statechange', [
      FixedDataModelElement('s0', '[origin software="rsyslogd" swVersion="'),
      DelimitedDataModelElement('version', '"'),
      FixedDataModelElement('s1', '" x-pid="'),
      DecimalIntegerValueModelElement('pid'),
      FixedDataModelElement('s2', '" x-info="http://www.rsyslog.com"] '),
      FirstMatchModelElement('type', [
          FixedDataModelElement('HUPed', 'rsyslogd was HUPed'),
          FixedDataModelElement('start', 'start')
      ])
  ]))

  typeChildren.append(SequenceModelElement('uidchange', [
      FixedDataModelElement('s0', 'rsyslogd\'s userid changed to '),
      DecimalIntegerValueModelElement('uid')
  ]))

  model=SequenceModelElement('rsyslog', [
      FixedDataModelElement('sname', 'rsyslogd: '),
      FirstMatchModelElement('msg', typeChildren)])
  return(model)

APT Browse - Built by Thomas Orozco.