-
Notifications
You must be signed in to change notification settings - Fork 0
/
seclook.py
47 lines (40 loc) · 1.69 KB
/
seclook.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/python
import json
import re
# Set up Storage
trans = []
audit_data = []
with open('/var/log/httpd/modsec_audit.log') as f:
for jsonObj in f:
# Parse The JSON Data for the two types of data input
# Lets send the data to the transaction array
transDict = json.loads(jsonObj)
trans.append(transDict)
# Fixng JSON Formatting and Syntax
trans_audit_data = json.dumps(transDict["audit_data"]).replace("tre", "\"tre\"")
# The log is still hard to read, lets fix this with some regex
# Line 21: Adds a line Break Before any [
# Line 22 Removes Non Needed Slashes
dataParsePretty = re.sub(r'\[', '\n[', trans_audit_data)
dataParseNoSlash = re.sub(r'\\', '', dataParsePretty)
# Sending the Audit Log to the audit_data storage
audit_data.append(dataParseNoSlash)
# We have Data, now we need to loop through it
for event in trans:
for log in audit_data:
# More attempts to make things a bit more pretty
transactionDump = json.dumps(event["transaction"])
transactionDumpParsed = json.loads(transactionDump)
# Print Our DATA!
print ("\n")
print ("--")
print ("Transaction ID: " + str(transactionDumpParsed["transaction_id"]))
print ("Time: " + str(transactionDumpParsed["time"]))
print ("Local Address: " + str(transactionDumpParsed["local_address"]))
print ("Local Port: " + str(transactionDumpParsed["local_port"]))
print ("Remote Address: " + str(transactionDumpParsed["remote_address"]))
print ("Remote Port: " + str(transactionDumpParsed["remote_port"]))
print ("--\n")
print ("--")
print (log)
print ("--")