Secure - file /var/log/secure
- class insights.parsers.secure.Secure(context)[source]
Bases:
Syslog
Class for parsing the
/var/log/secure
file.Sample log text:
Aug 24 09:31:39 localhost polkitd[822]: Finished loading, compiling and executing 6 rules Aug 24 09:31:39 localhost polkitd[822]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Aug 25 13:52:54 localhost sshd[23085]: pam_unix(sshd:session): session opened for user zjj by (uid=0) Aug 25 13:52:54 localhost sshd[23085]: error: openpty: No such file or directory
Note
Please refer to its super-class
insights.core.Syslog
Note
Because timestamps in the secure log by default have no year, the year of the logs will be inferred from the year in your timestamp. This will also work around December/January crossovers.
Examples
>>> secure = shared[Secure] >>> secure.get('session opened') [{'timestamp':'Aug 25 13:52:54', 'hostname':'localhost', 'procname': 'sshd[23085]', 'message': 'pam_unix(sshd:session): session opened for user zjj by (uid=0)', 'raw_message': 'Aug 25 13:52:54 localhost sshd[23085]: pam_unix(sshd:session): session opened for user zjj by (uid=0)' }] >>> len(list(secure.get_after(datetime(2017, 8, 25, 0, 0, 0)))) 2
- time_format = '%b %d %H:%M:%S'
The timestamp format assumed for the log files. A subclass can override this for files that have a different timestamp format. This can be:
A string in strptime() format.
A list of strptime() strings.
A dictionary with each item’s value being a strptime() string. This allows the item keys to provide some form of documentation.
A None value when there is no timestamp info in the log file