/// <summary> /// Create a log file scanner /// </summary> /// <param name="options">Options</param> public IPBanLogFileScanner(IPBanIPAddressLogFileScannerOptions options) : base(options.PathAndMask, options.MaxFileSizeBytes, options.PingIntervalMilliseconds) { options.ThrowIfNull(nameof(options)); options.LoginHandler.ThrowIfNull(nameof(options.LoginHandler)); options.Dns.ThrowIfNull(nameof(options.Dns)); Source = options.Source; this.loginHandler = options.LoginHandler; this.dns = options.Dns; this.regexFailure = IPBanConfig.ParseRegex(options.RegexFailure, true); this.regexFailureTimestampFormat = options.RegexFailureTimestampFormat; this.regexSuccess = IPBanConfig.ParseRegex(options.RegexSuccess, true); this.regexSuccessTimestampFormat = options.RegexSuccessTimestampFormat; }
/// <summary> /// Create a log file scanner /// </summary> /// <param name="loginHandler">Interface for handling logins</param> /// <param name="dns">Interface for dns lookup</param> /// <param name="source">The source, i.e. SSH or SMTP, etc.</param> /// <param name="pathAndMask">File path and mask (i.e. /var/log/auth*.log)</param> /// <param name="recursive">Whether to parse all sub directories of path and mask recursively</param> /// <param name="regexFailure">Regex to parse file lines to pull out failed login ipaddress and username</param> /// <param name="regexSuccess">Regex to parse file lines to pull out successful login ipaddress and username</param> /// <param name="maxFileSizeBytes">Max size of file (in bytes) before it is deleted or 0 for unlimited</param> /// <param name="pingIntervalMilliseconds">Ping interval in milliseconds, less than 1 for manual ping required</param> public IPBanIPAddressLogFileScanner ( IIPAddressEventHandler loginHandler, IDnsLookup dns, string source, string pathAndMask, bool recursive, string regexFailure, string regexSuccess, long maxFileSizeBytes = 0, int pingIntervalMilliseconds = 0 ) : base(pathAndMask, recursive, maxFileSizeBytes, pingIntervalMilliseconds) { loginHandler.ThrowIfNull(nameof(loginHandler)); dns.ThrowIfNull(nameof(dns)); Source = source; this.loginHandler = loginHandler; this.dns = dns; this.regexFailure = IPBanConfig.ParseRegex(regexFailure); this.regexSuccess = IPBanConfig.ParseRegex(regexSuccess); }
/// <summary> /// Test a log file /// </summary> /// <param name="fileName">Log file</param> public static void RunLogFileTest(string fileName, string regexFailureFile, string regexFailureTimestampFormat, string regexSuccessFile, string regexSuccessTimestampFormat) { IPBanLogFileScanner scanner = new(new() { Dns = new DefaultDnsLookup(), FailedLoginThreshold = 3, FailedLogLevel = LogLevel.Warning, LoginHandler = new LogFileWriter(), MaxFileSizeBytes = 0, PathAndMask = fileName.Trim(), PingIntervalMilliseconds = 0, RegexFailure = (File.Exists(regexFailureFile) && regexFailureFile.Length > 2 ? IPBanConfig.ParseRegex(File.ReadAllText(regexFailureFile)) : null), RegexFailureTimestampFormat = regexFailureTimestampFormat.Trim('.'), RegexSuccess = (File.Exists(regexSuccessFile) && regexSuccessFile.Length > 2 ? IPBanConfig.ParseRegex(File.ReadAllText(regexSuccessFile)) : null), RegexSuccessTimestampFormat = regexSuccessTimestampFormat.Trim('.'), Source = "test", SuccessfulLogLevel = LogLevel.Warning }); // start with empty file File.Move(fileName, fileName + ".temp"); File.WriteAllText(fileName, string.Empty); // read the empty file scanner.ProcessFiles(); // get rid of the empty file File.Delete(fileName); // put the full file back File.Move(fileName + ".temp", fileName); // now the scanner will process the entire file scanner.ProcessFiles(); }