用于处理Linux的audit.log的Python库? [英] Python library for handling linux's audit.log?

问题描述

我正在寻找一个python(3 ^)库来简化audit.log的处理(在/ent/var/log/audit/audit.log上的CentOS6上).我正在考虑一个库，该库可以捕获到python的日志行并以人工方式启用查询/过滤.

I'm searching for a python (3^) library to ease the processing of audit.log (on CentOS6 that is at /var/log/audit/audit.log). I'm thinking about a library that grabs the log lines to python and enables the querying/filtering in a human way.

有痕迹称为 audit-python (不在pip列表中)看起来并不乐观.到目前为止，没有希望图书馆能够处理这种广泛的审计日志.

There are traces of a tool called audit-python, not in pip list, doesn't really look promising. So far no hope of a library handling this widespread audit log.

也许有些人会分享他们如何处理audit.log的代码?

Maybe some would share their code of how they did process the audit.log?

推荐答案

由于我没有找到一个库，也没有人建议一个库，因此我使用了审计软件包提供的二进制文件来提出此功能:

As I didn't found a library nor did anyone suggest one, so I have come up with this function using a binary provided by the audit's package:

def read_audit(before,now,user):
    auparam = " -sc EXECVE"
    cmd = "ausearch -ts " + before.strftime('%H:%M:%S') + " -te " + now.strftime('%H:%M:%S') + " -ua " + user + auparam
    p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
    res = p.stdout.read().decode()
    return res

我通过子流程模块调用二进制文件，因此代码的标题中需要一个import subprocess.该功能通过ausearch工具在提供的时间之间获取程序执行的日志.

I call the binary by the subprocess module, so an import subprocess is needed in the header of the code. The function grabs logs of program executions between the provided times via the ausearch tool.

这篇关于用于处理Linux的audit.log的Python库?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！