-
Notifications
You must be signed in to change notification settings - Fork 115
/
ssh_adapter.go
78 lines (68 loc) · 2.01 KB
/
ssh_adapter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package alert
import (
"regexp"
boshsettings "github.com/cloudfoundry/bosh-agent/settings"
boshsyslog "github.com/cloudfoundry/bosh-agent/syslog"
bosherr "github.com/cloudfoundry/bosh-utils/errors"
boshlog "github.com/cloudfoundry/bosh-utils/logger"
boshuuid "github.com/cloudfoundry/bosh-utils/uuid"
"github.com/pivotal-golang/clock"
)
var syslogMessageExpressions = map[*regexp.Regexp]string{
regexp.MustCompile("disconnected by user"): "SSH Logout",
regexp.MustCompile("Accepted publickey for"): "SSH Login",
regexp.MustCompile("Accepted password for"): "SSH Login",
regexp.MustCompile("Failed password for"): "SSH Access Denied",
regexp.MustCompile("Connection closed by .* \\[preauth\\]"): "SSH Access Denied",
}
type sshAdapter struct {
message boshsyslog.Msg
settingsService boshsettings.Service
uuidGenerator boshuuid.Generator
timeService clock.Clock
logger boshlog.Logger
}
func NewSSHAdapter(
message boshsyslog.Msg,
settingsService boshsettings.Service,
uuidGenerator boshuuid.Generator,
timeService clock.Clock,
logger boshlog.Logger,
) Adapter {
return &sshAdapter{
message: message,
settingsService: settingsService,
uuidGenerator: uuidGenerator,
timeService: timeService,
logger: logger,
}
}
func (m *sshAdapter) IsIgnorable() bool {
_, found := m.title()
return !found
}
func (m *sshAdapter) Alert() (Alert, error) {
title, found := m.title()
if !found {
return Alert{}, nil
}
uuid, err := m.uuidGenerator.Generate()
if err != nil {
return Alert{}, bosherr.WrapError(err, "Generating uuid")
}
return Alert{
ID: uuid,
Severity: SeverityWarning,
Title: title,
Summary: m.message.Content,
CreatedAt: m.timeService.Now().Unix(),
}, nil
}
func (m *sshAdapter) title() (title string, found bool) {
for expression, title := range syslogMessageExpressions {
if expression.MatchString(m.message.Content) {
return title, true
}
}
return "", false
}