Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Adding Ostiarius parser and enabling it
Browse files Browse the repository at this point in the history
  • Loading branch information
@Xoib
Xoib committed Apr 27, 2016
1 parent e3cc243 commit 3cef867
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
9 changes: 9 additions & 0 deletions parsers/ostiarius.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import re

#27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
OSTIARIUS_EVENT_FILTER = re.compile('OSTIARIUS: .+BLOCKING')

def parse(line, source=None):
if OSTIARIUS_EVENT_FILTER.findall(line):
return ('alert', 'Ostiarius', line.split('OSTIARIUS: ', 1)[-1])
return (None, '', '')
2 changes: 1 addition & 1 deletion settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
3306: 'connections', # MySQL
5432: 'connections', # PostgreSQL
5900: 'vnc', # VNC
'/var/log/system.log': ('sudo', 'ssh', 'portscan'),
'/var/log/system.log': ('sudo', 'ssh', 'portscan', 'ostiarius'),
}

# Enabled output/display methods
Expand Down

0 comments on commit 3cef867

Please sign in to comment.