/// <summary>
/// Create a log file scanner
/// </summary>
/// <param name="options">Options</param>
public IPBanLogFileScanner(IPBanIPAddressLogFileScannerOptions options) : base(options.PathAndMask, options.MaxFileSizeBytes, options.PingIntervalMilliseconds)
{
options.ThrowIfNull(nameof(options));
options.LoginHandler.ThrowIfNull(nameof(options.LoginHandler));
options.Dns.ThrowIfNull(nameof(options.Dns));
Source = options.Source;
this.loginHandler = options.LoginHandler;
this.dns = options.Dns;
this.regexFailure = IPBanConfig.ParseRegex(options.RegexFailure, true);
this.regexFailureTimestampFormat = options.RegexFailureTimestampFormat;
this.regexSuccess = IPBanConfig.ParseRegex(options.RegexSuccess, true);
this.regexSuccessTimestampFormat = options.RegexSuccessTimestampFormat;
}
/// <summary>
/// Create a log file scanner
/// </summary>
/// <param name="loginHandler">Interface for handling logins</param>
/// <param name="dns">Interface for dns lookup</param>
/// <param name="source">The source, i.e. SSH or SMTP, etc.</param>
/// <param name="pathAndMask">File path and mask (i.e. /var/log/auth*.log)</param>
/// <param name="recursive">Whether to parse all sub directories of path and mask recursively</param>
/// <param name="regexFailure">Regex to parse file lines to pull out failed login ipaddress and username</param>
/// <param name="regexSuccess">Regex to parse file lines to pull out successful login ipaddress and username</param>
/// <param name="maxFileSizeBytes">Max size of file (in bytes) before it is deleted or 0 for unlimited</param>
/// <param name="pingIntervalMilliseconds">Ping interval in milliseconds, less than 1 for manual ping required</param>
public IPBanIPAddressLogFileScanner
(
IIPAddressEventHandler loginHandler,
IDnsLookup dns,
string source,
string pathAndMask,
bool recursive,
string regexFailure,
string regexSuccess,
long maxFileSizeBytes = 0,
int pingIntervalMilliseconds = 0
) : base(pathAndMask, recursive, maxFileSizeBytes, pingIntervalMilliseconds)
{
loginHandler.ThrowIfNull(nameof(loginHandler));
dns.ThrowIfNull(nameof(dns));
Source = source;
this.loginHandler = loginHandler;
this.dns = dns;
this.regexFailure = IPBanConfig.ParseRegex(regexFailure);
this.regexSuccess = IPBanConfig.ParseRegex(regexSuccess);
}
/// <summary>
/// Test a log file
/// </summary>
/// <param name="fileName">Log file</param>
public static void RunLogFileTest(string fileName,
string regexFailureFile,
string regexFailureTimestampFormat,
string regexSuccessFile,
string regexSuccessTimestampFormat)
{
IPBanLogFileScanner scanner = new(new()
{
Dns = new DefaultDnsLookup(),
FailedLoginThreshold = 3,
FailedLogLevel = LogLevel.Warning,
LoginHandler = new LogFileWriter(),
MaxFileSizeBytes = 0,
PathAndMask = fileName.Trim(),
PingIntervalMilliseconds = 0,
RegexFailure = (File.Exists(regexFailureFile) && regexFailureFile.Length > 2 ? IPBanConfig.ParseRegex(File.ReadAllText(regexFailureFile)) : null),
RegexFailureTimestampFormat = regexFailureTimestampFormat.Trim('.'),
RegexSuccess = (File.Exists(regexSuccessFile) && regexSuccessFile.Length > 2 ? IPBanConfig.ParseRegex(File.ReadAllText(regexSuccessFile)) : null),
RegexSuccessTimestampFormat = regexSuccessTimestampFormat.Trim('.'),
Source = "test",
SuccessfulLogLevel = LogLevel.Warning
});
// start with empty file
File.Move(fileName, fileName + ".temp");
File.WriteAllText(fileName, string.Empty);
// read the empty file
scanner.ProcessFiles();
// get rid of the empty file
File.Delete(fileName);
// put the full file back
File.Move(fileName + ".temp", fileName);
// now the scanner will process the entire file
scanner.ProcessFiles();
}
