Gkc1dZdZdZddlZddlZddlmZddlmZm Z m Z dd l m Z e e Zejd Zejd d fZejd ZejdZejdZejdZejdZejdZejdZejddfZejdZejdZejdZejdej:ZGddeZ Gdde Z!Gdde Z"Gd d!e Z#y)"z Cyril Jaquierz Copyright (c) 2004 Cyril JaquierGPLN)abstractmethod)reGroupDictStrptimetimeREgetTimePatternRE) getLoggerz(?/usr/lib/python3/dist-packages/fail2ban/server/datetemplate.pyr/sqwwy00r:z(^(?:\(\?\w+\))?(?:\^|\((?:\?:)?\^(?!\|))z(?077>>(   5 ! A;??8A; .5$*::I,@((lF]F]]:7 U "E u $E 99   ,tyy(TY ::&&&:N5 **|.. .4E4L4LU4S::(((: **|,, ,2C2J2J52Q::&&&: A  " "#4Q#7 ?% 88A; 5$+**Q(%0$,rz!Regex used to search for date. )docc|js& tj|j|_yy#t$r2}t j d|j|j|d}~wwxYw)z Compile regex by first usage. z Compile %r failed, expression %rN)rrecompiler: Exceptionr8errorr)r es r _compileRegexzDateTemplate._compileRegexsY  ::djj)DL    LL3TYY K G s$4 A/-A**A/c|js|jtjdd|j|jj |g|}|r|xj dz c_|S)z1Check if regex for date matches on a log line. rz search %sr)rrHr8r9r:r*r)r lineargs dateMatchs r matchDatezDateTemplate.matchDates\ **Q +!dll!!$..)99>9 rNctd)aQAbstract method, which should return the date for a log line This should return the date for a log line, typically taking the date from the part of the line which matched the templates regex. This requires abstraction, therefore just raises exception. Parameters ---------- line : str Log line, of which the date should be extracted from. default_tz: if no explicit time zone is present in the line passing this will interpret it as in that time zone. Raises ------ NotImplementedError Abstract method, therefore always returns this. zgetDate() is abstract)NotImplementedErrorr rJrL default_tzs rgetDatezDateTemplate.getDates( 344rc tjdtjdtjdtjd|S)Nr )RE_EXEANC_BOUND_BEGr+RE_EXSANC_BOUND_BEGRE_EXLINE_BOUND_BEGRE_EXLINE_NO_BOUNDS)patterns runboundPatternzDateTemplate.unboundPatternsE  2B 3 7 7G DE rTTNN)__name__ __module__ __qualname____doc__r1r5r0r3r!r$r@propertyr:rHrMrrR staticmethodrYrrrr9st >@ (H    55*rrc eZdZdZddZddZy) DateEpochzA date template which searches for Unix timestamps. This includes Unix timestamps which appear at start of a line, optionally within square braces (nsd), or on SELinux audit log lines. Attributes ---------- name regex Nc`tj||sdn||_||_d|_d|r |sdn||_d|r8dt j fd|zdz}d |_|j|y|sd z}|j|d yd z}|j|ddy)NEpochrz\d{10,11}\b(?:\.\d{3,6})? LongEpochz'\d{10,11}(?:\d{3}(?:\.\d{1,6}|\d{3})?)?(cdzS)Nz(%s)rb)vepochREs rrz$DateEpoch.__init__..s 0@r)r zf((?:^|(?P(?<=^\[))|(?P(?<=\baudit\()))%s)(?:(?(selinux)(?=:\d+\)))|(?(square)(?=\])))Fr;z*((?P(?<=^\[))?%s)(?(square)(?=\]))r'T)r;r<)rr!r_longFrm_grpIdxRE_EPOCH_PATTERNr+r@)r lineBeginOnlyrXlongFrmr:rks @rr!zDateEpoch.__init__s$g'$)$-$, (' "){w49 77 !%%&@'J JS P54<==  tw~ ~5==%=( 87 B5=='4=8rc|s|j|}|rq|j|j}|jr=t |dk\r/t |dk\rd|vrt |dz }nt |dz }t ||fSy)axMethod to return the date for a log line. Parameters ---------- line : str Log line, of which the date should be extracted from. default_tz: ignored, Unix timestamps are time zone independent Returns ------- (float, str) Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp. .i@BiN)rMr rornlenfloat)r rJrLrQrjs rrRzDateEpoch.getDates{ ~~d#9t||$1 mmA"  1v|1 qG Q qDQ 8Y r)FNFr[r\r]r^r_r!rRrbrrrdrds 9* rrdceZdZdZe\ZZejeZdfd Z e dZ e jdZ dfd Z d dZxZS) DatePatternRegexzDate template, with regex/pattern Parameters ---------- pattern : str Sets the date templates pattern. Attributes ---------- name regex pattern c dtt| d|_||j|fi|yyr#)superr{r!_patternr@)r rXkwargs __class__s rr!zDatePatternRegex.__init__s6$(*$- 4==#F#rc|jS)aVThe pattern used for regex with strptime "%" time fields. This should be a valid regular expression, of which matching string will be extracted from the log line. strptime style "%" fields will be replaced by appropriate regular expressions, or custom regex groups with names as per the strptime fields can also be used instead. )r~rs rrXzDatePatternRegex.pattern%s rc&|j|yr#)r@)r rXs rrXzDatePatternRegex.pattern1s--rc||_tj|rtjd|}dx}}|r-tj|rtjd|}d} |j jd|}||j z|_|tz}tj|rd|z}tt|3|||y#t$r}td|d|d}~wwxYw)Nr Fr'z%(\1)sz(?iu)zFailed to set datepattern 'z8' (may be an invalid format or unescaped percent char): )r~rWr*r+rV _patternRE _patternNamerrRE_ALPHA_PATTERNr}r{r@rE TypeError)r rXr;r<fmtr:rGrs rr@zDatePatternRegex.setRegex5s$-( $ $R 179w&--g6 $ $R 179 }   Y 03T&&&49 <5g& u E 4)%GD } pwyz{ ||}s(A(C C0C++C0ch|s|j|}|rt|j||fSy)aMethod to return the date for a log line. This uses a custom version of strptime, using the named groups from the instances `pattern` property. Parameters ---------- line : str Log line, of which the date should be extracted from. default_tz: optionally used to correct timezone Returns ------- (float, str) Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp. )rQN)rMr groupdictrPs rrRzDatePatternRegex.getDateLs=$ ~~d#9 y224 L  rr#rZr[)r\r]r^r_rrrrCrDr!r`rXsetterr@rR __classcell__)rs@rr{r{ sc -.\bjj$$      ..}.rr{c eZdZdZddZddZy) DateTai64nz`A date template which matches TAI64N formate timestamps. Attributes ---------- name regex cbtj|d|_|jd|y)NTAI64Nz @[0-9a-f]{24}rm)rr!rr@)r r;s rr!zDateTai64n.__init__ns'$)--9-5rNcv|s|j|}|r$|jd}|dd}t|d|fSy)aqMethod to return the date for a log line. Parameters ---------- line : str Log line, of which the date should be extracted from. default_tz: ignored, since TAI is time zone independent Returns ------- (float, str) Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp. rr ruN)rMr int)r rJrLrQvalueseconds_since_epochs rrRzDateTai64n.getDatetsJ ~~d#9 ??1 5q "B ' 33 r)Fr[ryrbrrrres6 4rr)$ __author__ __copyright__ __license__rCrabcrstrptimerrrhelpersr r\r8rDr.r/r)rWrVrUrTr,r-r7r4r6r IGNORECASErpobjectrrdr{rrbrrrsu. 2  CC 8 RZZ7 8 RZZH I; X:; bjj- bjj!12 bjj!=> bjj!89 bjj!QR bjj!EF bjj!MN:=BJJJKBJJ782::232::3R]]CT6Tn: : zU|Up%4%4r