mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
Merge branch 'cboltz-logparser-simplify-prefilter' into 'master'
Simplify log prefilter in logparser.py See merge request apparmor/apparmor!400 Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
@@ -24,22 +24,9 @@ from apparmor.translations import init_translation
|
||||
_ = init_translation()
|
||||
|
||||
class ReadLog:
|
||||
RE_audit_time_id = '(msg=)?audit\([\d\.\:]+\):\s+' # 'audit(1282626827.320:411): '
|
||||
RE_kernel_time = '\[[\d\.\s]+\]' # '[ 1612.746129]'
|
||||
RE_type_num = '1[45][0-9][0-9]' # 1400..1599
|
||||
RE_aa_or_op = '(apparmor=|operation=)'
|
||||
|
||||
RE_log_parts = [
|
||||
'kernel:\s+(' + RE_kernel_time + '\s+)?(audit:\s+)?type=' + RE_type_num + '\s+' + RE_audit_time_id + RE_aa_or_op, # v2_6 syslog
|
||||
'kernel:\s+(' + RE_kernel_time + '\s+)?' + RE_audit_time_id + 'type=' + RE_type_num + '\s+' + RE_aa_or_op,
|
||||
'type=(AVC|APPARMOR[_A-Z]*|' + RE_type_num + ')\s+' + RE_audit_time_id + '(type=' + RE_type_num + '\s+)?' + RE_aa_or_op, # v2_6 audit and dmesg
|
||||
'type=(USER_AVC|1107)\s+' + RE_audit_time_id + '.*apparmor=', # dbus
|
||||
'type=UNKNOWN\[' + RE_type_num + '\]\s+' + RE_audit_time_id + RE_aa_or_op,
|
||||
'dbus\[[0-9]+\]:\s+apparmor=', # dbus
|
||||
]
|
||||
|
||||
# used to pre-filter log lines so that we hand over only relevant lines to LibAppArmor parsing
|
||||
RE_LOG_ALL = re.compile('(' + '|'.join(RE_log_parts) + ')')
|
||||
RE_LOG_ALL = re.compile('apparmor=|operation=|type=AVC')
|
||||
|
||||
def __init__(self, filename, active_profiles, profile_dir):
|
||||
self.filename = filename
|
||||
|
Reference in New Issue
Block a user