把history傳至ELK

把history傳至ELK

#!/usr/bin/env python
# -*- coding:utf-8 -*-

__author__ = "jihongrui@jsqix.com"

# import subprocess
import time
import socket
# import shlex
import os
import shutil


#def bash(cmd):
#        """
#            run a bash shell command
#            執(zhí)行bash命令
#        """
#        return shlex.os.system(cmd)
#
#def return_bash(cmd):
#    """
#    執(zhí)行CMD or bash 命令,返回結(jié)果
#    """
#    return_command = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
#    return return_command.stdout.read().strip().split()

# def read_file_get_data(history_file):
#     """
#       傳入history記錄文件,轉(zhuǎn)換為列表,可直接批量插入mysql
#       [(root,192.168.1.2,ls-l),(...)]
#      """    
#     f = open(history_file, "r")
#     lines = f.readlines()  # 讀取全部內(nèi)容
#     Lists = []
#     for line in lines:
#         line = line.replace('#', '')
#         line = line.replace('\n', '')
#         Lists.append(line)
#
#     data = zip(Lists[::2], Lists[1::2])
#     return data


def get_hist_cmds(user,ip,date,history_file):
    "傳入一個history文件,返回命令列表"
    f = open(history_file, "r")
    lines = f.readlines()  # 讀取全部內(nèi)容
    hist_cmds = []
    while len(lines):
        hist_time = time.localtime(int(lines.pop(0).replace('#', '').replace('\n', '')))
        timeStr = time.strftime("%Y%m%d%H%M%S", hist_time)
        hist = timeStr + '    ' + lines.pop(0)
        hist_cmds.append(hist)
    for hist_msg in hist_cmds:
        msg = "user: %s ,user_login_ip: %s ,login_time: %s ,[ %s ]" % (user,ip,date,hist_msg)
        s.sendto(msg, address) # 通過UDP傳送至logstash




if __name__ == '__main__':
    ""
    address = ('192.168.80.80', 50514)
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

    bak_dir = "/var/log/hist_bak/"
    
    dir = "/var/log/.hist/"
    users = os.listdir(dir)
    for user in users:
        user_bak_dir = "%s%s" % (bak_dir,user)
        if not os.path.exists(user_bak_dir):
            os.makedirs(user_bak_dir)
        user_dir = dir + user
        hist_files = os.listdir(user_dir)
        for hist in hist_files:
            List_hist = hist.split('.hist.')
            user_ip = List_hist[0]
            user_date = List_hist[-1][0:8] + List_hist[-1][9:]
            hist_file = "%s%s/%s" % (dir, user, hist)
            bak_hist_file = "%s/%s" % (user_bak_dir,hist)
            get_hist_cmds(user,user_ip,user_date,hist_file)
            shutil.move(hist_file,bak_hist_file)
    s.close()
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容