diff options
Diffstat (limited to 'main.py')
| -rwxr-xr-x | main.py | 55 |
1 files changed, 40 insertions, 15 deletions
@@ -16,12 +16,14 @@ from report import ReportDomain class AbuseReport: - """Ingestation script for ejabberd spam logs""" + """ingestion script for ejabberd spam logs""" def __init__(self, arguments): self.infile = arguments.infile self.domain = arguments.domain self.report = arguments.report + self.start = arguments.start + self.stop = arguments.stop self.path = os.path.dirname(__file__) self.config = Config() @@ -67,39 +69,60 @@ class AbuseReport: # init result list result = list() - # if a domain is specified return only that info + # parse time values + if self.start is None: + # default timeperiod are 31 days calculated via the timedelta + default = dt.datetime.combine(dt.date.today(), dt.time()) - dt.timedelta(days=31) + self.start = dt.datetime.strftime(default, "%Y-%m-%dT%H:%M:%S") + + if self.stop is None: + # set stop value to now + self.stop = dt.datetime.strftime(dt.datetime.now(), '%Y-%m-%dT%H:%M:%S') + + # if one or more domains are specified return only their info if self.domain is not None: # iterate over all domains supplied for domain in self.domain: - sql_query = self.conn.execute('''SELECT COUNT(*) AS messages,COUNT(DISTINCT user) AS bots,domain, MIN(ts) - AS first,MAX(ts) AS last FROM spam WHERE ts BETWEEN DATE('now','-1 months') AND DATE('now') - and domain = :domain;''',{"domain": domain}).fetchall() + # build and execute + sql = '''SELECT COUNT(*) AS messages, COUNT(DISTINCT user) AS bots, domain, MIN(ts) AS first, MAX(ts) AS last \ + FROM spam \ + WHERE domain = :domain \ + AND ts > :start \ + AND ts < :stop;''' + parameter = { + "domain": domain, + "start": self.start, + "stop": self.stop + } + query = self.conn.execute(sql, parameter).fetchall() # if specified domain is not listed yet, the resulting table will not show the domain name # this ugly tuple 2 list swap prevents this - temp = list(sql_query[0]) + temp = list(query[0]) if temp[2] is None: temp[2] = domain - sql_query[0] = tuple(temp) + query[0] = tuple(temp) # extend result tables - result.extend(sql_query) + result.extend(query) # generate report if enabled if self.report: - self.gen_report(domain, sql_query) + self.gen_report(domain, query) else: - # in any other case return top 10 view - result = self.conn.execute('''SELECT COUNT(*) AS messages, COUNT(DISTINCT user) AS bots, domain AS - domain FROM spam WHERE ts BETWEEN DATE('now','-14 days') AND DATE('now') GROUP BY domain - ORDER BY 1 DESC LIMIT 10;''').fetchall() + # build and execute + sql = '''SELECT COUNT(*) AS messages, COUNT(DISTINCT user) AS bots, domain AS domain from spam \ + WHERE ts > :start \ + AND ts < :stop \ + GROUP BY domain ORDER BY 1 DESC LIMIT 10;''' + result = self.conn.execute(sql, {"start": self.start, "stop": self.stop}).fetchall() # tabelize data spam_table = tabulate.tabulate(result, headers=["messages", "bots", "domain", "first seen", "last seen"], - tablefmt="github") + tablefmt="github") # output to stdout output = "\n\n".join([spam_table]) @@ -168,7 +191,7 @@ class AbuseReport: # format sql try: self.conn.execute('''INSERT INTO spam VALUES(:user, :domain, :spam_time, :spam_body);''', - {"user": node, "domain": domain, "spam_time": spam_time, "spam_body": spam_body}) + {"user": node, "domain": domain, "spam_time": spam_time, "spam_body": spam_body}) except sqlite3.IntegrityError: pass finally: @@ -219,6 +242,8 @@ if __name__ == "__main__": parser.add_argument('-in', '--infile', nargs='+', help='set path to input file', dest='infile') parser.add_argument('-d', '--domain', action='append', help='specify report domain', dest='domain') parser.add_argument('-r', '--report', action='store_true', help='toggle report output to file', dest='report') + parser.add_argument('-f', '--from', help='ISO-8601 timestamp from where to search', dest='start') + parser.add_argument('-t', '--to', help='ISO-8601 timestamp up until where to search', dest='stop') args = parser.parse_args() # run |