From cac624743ad29f6135a25215504217c41f338ba1 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Thu, 28 Nov 2024 17:07:44 +0100 Subject: [PATCH] Rsyslog: Update the engineblock authentication parse script * python3 compatability * Update lastseen table in stead of a seperate php script --- roles/rsyslog/tasks/process_auth_logs.yml | 38 ------------------- .../templates/parse_ebauth_to_mysql.py.j2 | 13 ++++++- 2 files changed, 12 insertions(+), 39 deletions(-) diff --git a/roles/rsyslog/tasks/process_auth_logs.yml b/roles/rsyslog/tasks/process_auth_logs.yml index 8754ce2c3..02ce8aedb 100644 --- a/roles/rsyslog/tasks/process_auth_logs.yml +++ b/roles/rsyslog/tasks/process_auth_logs.yml @@ -1,12 +1,4 @@ --- -- name: Install PHP - yum: - name: - - php - - php-pdo - - php-mysql - state: present - - name: Copy the log_logins and lastseen database table definitions copy: src: "{{ item }}" @@ -51,36 +43,6 @@ with_items: "{{ rsyslog_environments }}" when: item.db_loglogins_name is defined -- name: Create last_login PHP script - template: - src: process_lastseen.php.j2 - dest: /usr/local/sbin/process_lastseen_{{ item.name }}.php - mode: 0740 - owner: root - group: root - with_items: "{{ rsyslog_environments }}" - when: item.db_loglogins_name is defined - -- name: Create logdir for lastseen cronjob output - file: - path: "{{ rsyslog_dir }}/apps/{{ item.name }}/lastseen" - state: directory - owner: root - group: root - mode: 0775 - with_items: "{{ rsyslog_environments }}" - when: item.db_loglogins_name is defined - -- name: Create cronjobs for proecessing lastseen script - template: - src: cron_update_lastseen.j2 - dest: /etc/cron.daily/update_lastseen_{{ item.name }} - owner: root - group: root - mode: 0774 - with_items: "{{ rsyslog_environments }}" - when: item.db_loglogins_name is defined - - name: Put log_logins logrotate scripts template: src: logrotate_ebauth.j2 diff --git a/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2 b/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2 index a8f03eba1..b37f4720c 100644 --- a/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2 +++ b/roles/rsyslog/templates/parse_ebauth_to_mysql.py.j2 @@ -1,4 +1,4 @@ -#!/usr/bin/python2 +#!/usr/bin/python3 # This script parses the files produced by engineblock and inserts them into a mySQL table where the SURFconext stats module will analyse the data further # This script is intended to be used during logrotate # It picks up all files starting with ebauth- (all rotated files) and parses them @@ -18,6 +18,15 @@ workdir="{{ rsyslog_dir }}/log_logins/{{ item.name}}/" db = MySQLdb.connect(mysql_host,mysql_user,mysql_password,mysql_db ) cursor = db.cursor() + +def update_lastseen(user_id, date): + query = """ + REPLACE INTO last_login (userid, lastseen) + VALUES (%s, %s) + """ + cursor.execute(query, (user_id, date)) + db.commit() + def load_in_mysql(a,b,c,d,e,f,g,h): sql = """insert into log_logins(idpentityid,spentityid,loginstamp,userid,keyid,sessionid,requestid,trustedproxyentityid) values(%s,%s,%s,%s,%s,%s,%s,%s)""" try: @@ -46,11 +55,13 @@ def parse_lines(a): proxied_sp_entity_ids_list = data["context"]["proxied_sp_entity_ids"] proxied_sp_entity_ids = ''.join(proxied_sp_entity_ids_list) loginstamp=parse(timestamp).strftime("%Y-%m-%d %H:%M:%S") + last_login_date = parse(timestamp).strftime("%Y-%m-%d") null = 'NULL' if proxied_sp_entity_ids: load_in_mysql(idp,proxied_sp_entity_ids,loginstamp,user_id,key_id,session_id,request_id,sp) else: load_in_mysql(idp,sp,loginstamp,user_id,key_id,session_id,request_id,null) + update_lastseen(user_id, last_login_date) ## Loop over the files and parse them one by one for filename in os.listdir(workdir):