-
Notifications
You must be signed in to change notification settings - Fork 0
/
logscan.py
executable file
·85 lines (71 loc) · 2.73 KB
/
logscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/env python3
from argparse import ArgumentParser
from parsers import ShibbolethLog
import os
def help(args):
argp.print_help()
def scan(args):
kwargs = {
'principal': args.principal,
'requester': args.requester,
# 'sso': args.sso,
'daily': args.daily,
'output': args.output,
}
log = ShibbolethLog(**kwargs)
for filename in args.filename:
log.load(filename)
log.command_scan()
def main(args):
if args.output:
# If we specified an output directory, make sure it exists.
output_dir = os.path.join(os.getcwd(), args.output)
if not os.path.exists(output_dir):
os.mkdir(output_dir)
args.output = output_dir
scan(args)
if __name__ == '__main__':
argp = ArgumentParser(
description='''
Scans Shib logs for instances of specified (or all) usernames
logging into specified (or all) service providers, and returns
counts as CSV of either totals or daily traffic.
''',
epilog='''
Specify neither -n nor -r to show all usernames and service
providers. Specify both to see IP address and timestamp of
all logins.''',
)
subject = argp.add_argument_group('Subjects to scan for')
subject.add_argument(
'-n', '--principal', default=None, nargs='+',
help='Limit scan to the username(s) provided')
subject.add_argument(
'-r', '--requester', default=None, nargs='+',
help='Limit scan to the service provider(s) provided')
# subject.add_argument(
# '-s', '--sso', action='store_true',
# help='Determine if SSO was used within above limits')
output = argp.add_argument_group('Output options')
# TODO: -d needs exactly one of -n or -r.
output.add_argument(
'-d', '--daily', action='store_true',
help='Provide daily usage as CSV for exactly one of -n or -r')
output.add_argument(
'-o', '--output', default=None, nargs='?',
help='Create logs of results in this output directory')
# output.add_argument(
# '-v', '--verbose', action='store_true',
# help='Provide verbose output')
targets = argp.add_argument_group('Which log files to scan')
targets.add_argument(
'-f', '--filename', type=str, nargs='*',
default=['/opt/shibboleth-idp/logs/idp-process.log'],
help='Log filename(s) to process, accepts wildcards')
args = argp.parse_args()
if args.daily:
if ((args.principal and args.requester)
or (not args.principal and not args.requester)):
print('The -d/--daily option requires exactly one of -n/--principal or -r/--requester')
exit(1)
main(args)