Skip to content

Commit

Permalink
Improve ngBot's login.log parsing.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Skeddie
Skeddie committed Jun 10, 2016
1 parent bd95f02 commit 2d13312
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Expand Up @@ -2,6 +2,7 @@ PZS-NG CHANGELOG
----------------

v1.2.0 --> 1.2.x :
- Improve ngBot's login.log parsing for bad usernames.
- Add option to disable specified announces caused by triggers. See ngBot.conf.defaults.
- Refactor Blow.tcl, remove topic trigger binds if unwanted, add Blow.zpt for *TOPIC.
- Fix ngBot reloading on userfile reloads caused by botnet userfile sharing.
Expand Down
10 changes: 6 additions & 4 deletions sitebot/ngBot.tcl
View file
Expand Up @@ -503,13 +503,15 @@ namespace eval ::ngBot {
upvar $eventvar event $datavar data
## The data in login.log is not at all consistent,
## which makes it fun for us to parse.
## The BADUSERNAME's $user can even hold ANY char as it's completely usercrafted,
## luckily with a 23char limit
if {[regexp {^'(.+)' killed a ghost with PID (\d+)\.$} $line result user pid]} {
set event "KILLGHOST"
set data [list $user $pid]
} elseif {[regexp {^(.+@.+) \((.+)\): connection refused: .+$} $line result hostmask ip]} {
set event "IPNOTADDED"
set data [list $hostmask $ip]
} elseif {[regexp {^(\S+): (.+@.+) \((.+)\): (.+)} $line result user hostmask ip error]} {
} elseif {[regexp {^(.+): (.+@.+) \(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\): (.+)} $line result user hostmask ip error]} {
switch -exact -- $error {
"Bad user@host." {set event "BADHOSTMASK"}
"Banned user@host." {set event "BANNEDHOST"}
Expand All @@ -520,9 +522,9 @@ namespace eval ::ngBot {
default {return 0}
}
set data [list $user $hostmask $ip]
} elseif {[regexp {^(\S+): user expired.$} $line result user]} {
set event "EXPIRED"
set data [list $user]
} elseif {[regexp {^(\S+): user expired.$} $line result user]} {
set event "EXPIRED"
set data [list $user]
} elseif {![regexp {^(\S+): (.+)$} $line result event data]} {
return 0
}
Expand Down

0 comments on commit 2d13312

Please sign in to comment.