diff options
author | nico <nico@magicbroccoli.de> | 2019-06-10 12:49:32 +0200 |
---|---|---|
committer | nico <nico@magicbroccoli.de> | 2019-06-10 12:56:01 +0200 |
commit | 243d48b92d82d15115b8d341649b405a11603c14 (patch) | |
tree | f131604385c6dd5a065d6c5e0ba1ac5c18554cee /README.md | |
parent | b5176fd5585262f11d1c5bc866b1cbe9d9b9fa9b (diff) | |
parent | 0d7e2f0c7cef6b7a853107bf37d44816244e7749 (diff) |
Merge branch 'report'0.1.0
Misc
+ add report directory
+ add template directory
+ add config.py loading user config
Feature Release
+ add report feature --report
+ add basic report template
+ add feature to use -d/ --domain flag multiple times
Optimization
* further code optimization
* update gitignore file
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 72 |
1 files changed, 65 insertions, 7 deletions
@@ -14,25 +14,83 @@ pip install -r requirements.txt modules: mod_spam_filter: ... - spam_dump_file: "/var/log/ejabberd/spam-example.de.txt" + spam_dump_file: "/var/log/ejabberd/spam-@HOST@.txt" ... ``` +### config.json +The `config.json` file is used to preserve date from possible updates to this script. `config.py` will load `config +.json` to extract the name, which is used to sign the report message with. In the future there might be other things +the `config.json` may contain. + +```json +$ cat config.json +{ + "name": "username" +} +``` + + ## usage main.py ``` -usage: main.py [-h] [-in INFILE] [-d DOMAIN] +usage: main.py [-h] [-in INFILE [INFILE ...]] [-d DOMAIN] [-r] optional arguments: -h, --help show this help message and exit - -in INFILE, --infile INFILE + -in INFILE [INFILE ...], --infile INFILE [INFILE ...] set path to input file -d DOMAIN, --domain DOMAIN specify report domain + -r, --report toggle report output to file +``` + +#### run with no argument +If `main.py` is run without any arguments attached, then the script will output a "top 10" table showing the amount +of messages/ bots for the most spammy domains in the database. + +##### example +```bash +$./main.py + +| messages | bots | domain | +|------------+--------+---------------| +| 42 | 1 | example.net | +| 17 | 9 | example.rs | +| 7 | 5 | example.cd | +| 5 | 3 | example.de | +| 4 | 4 | example.ru | +| 3 | 1 | example.co.uk | +| 3 | 3 | example.com | +| 3 | 1 | example.net | +| 3 | 1 | example.fr | +| 3 | 1 | example.com | +``` + +#### -in / --infile +The `--in` or `--infile` argument is designed to run automatically via the logrotate daemon. Therefore the script is +able to process gzip compressed files and also multiple files at once via shell expansion. + +##### example +If ejabberd is configured to create multiple spamdump files it is possible to ingest all files at once, following +this example. +```bash +$ ./main.py --in /var/log/ejabberd/spam-*.log ``` -The `--in` argument does only support a single log file at a time. +#### -d / --domain +If a domain is specifically defined to be processed, the script will only query the sqlite database for that domain. +It is possible to provide multiple domains at once via multiple `-d` or `--domain` arguments. -## usage abusereport-domain.sh +##### example ```bash -./abusereport-domain.sh domain.tld -```
\ No newline at end of file +$ ./main.py --d example.tld -d example.com + +| messages | bots | domain | first seen | last seen | +|------------+--------+-------------+-----------------------------+-----------------------------| +| 15 | 9 | example.tld | 2019-04-28T20:19:43.939926Z | 2019-05-22T13:59:53.339834Z | +| 23 | 7 | example.com | 2018-02-28T20:19:43.939926Z | 2019-05-22T13:59:53.339834Z | +``` + +#### -r / --report +This flag will only take effect if the `-d` or `--domain` argument is used. If that is the case, the script will +automatically gather information about the specified domain and write them to the `report` directory. |