new_functions #2
@@ -1,5 +1,6 @@
|
|||||||
import re
|
import re
|
||||||
|
|
||||||
|
|
||||||
def parse_log_file(log_file_path):
|
def parse_log_file(log_file_path):
|
||||||
"""
|
"""
|
||||||
Parse HAProxy syslog format and identify security threats.
|
Parse HAProxy syslog format and identify security threats.
|
||||||
@@ -78,7 +79,7 @@ def parse_log_file(log_file_path):
|
|||||||
|
|
||||||
ip_address = ip_match.group(1)
|
ip_address = ip_match.group(1)
|
||||||
|
|
||||||
# Extract date/time in brackets
|
# Extract date/time in brackets (preferred format)
|
||||||
datetime_match = re.search(r'\[(\d{2}/\w+/\d{4}:\d{2}:\d{2}:\d{2})', line)
|
datetime_match = re.search(r'\[(\d{2}/\w+/\d{4}:\d{2}:\d{2}:\d{2})', line)
|
||||||
if datetime_match:
|
if datetime_match:
|
||||||
timestamp = datetime_match.group(1)
|
timestamp = datetime_match.group(1)
|
||||||
@@ -95,8 +96,15 @@ def parse_log_file(log_file_path):
|
|||||||
# Extract HTTP method and URL
|
# Extract HTTP method and URL
|
||||||
http_match = re.search(r'"(\w+)\s+([^\s]+)\s+HTTP', line)
|
http_match = re.search(r'"(\w+)\s+([^\s]+)\s+HTTP', line)
|
||||||
if not http_match:
|
if not http_match:
|
||||||
|
# Fallback: extract entire request line
|
||||||
|
request_match = re.search(r'"([^"]*)"', line)
|
||||||
|
if request_match:
|
||||||
|
request_line = request_match.group(1).split()
|
||||||
|
http_method = request_line[0] if len(request_line) > 0 else 'UNKNOWN'
|
||||||
|
requested_url = request_line[1] if len(request_line) > 1 else '/'
|
||||||
|
else:
|
||||||
continue
|
continue
|
||||||
|
else:
|
||||||
http_method = http_match.group(1)
|
http_method = http_match.group(1)
|
||||||
requested_url = http_match.group(2)
|
requested_url = http_match.group(2)
|
||||||
|
|
||||||
@@ -107,6 +115,24 @@ def parse_log_file(log_file_path):
|
|||||||
put_method = http_method == 'PUT'
|
put_method = http_method == 'PUT'
|
||||||
illegal_resource = status_code == '403'
|
illegal_resource = status_code == '403'
|
||||||
|
|
||||||
|
# Determine status class for UI coloring
|
||||||
|
status_class = 'secondary'
|
||||||
|
if status_code.startswith('2'):
|
||||||
|
status_class = 'success'
|
||||||
|
elif status_code.startswith('3'):
|
||||||
|
status_class = 'info'
|
||||||
|
elif status_code.startswith('4'):
|
||||||
|
status_class = 'warning'
|
||||||
|
if illegal_resource:
|
||||||
|
status_class = 'warning'
|
||||||
|
elif status_code.startswith('5'):
|
||||||
|
status_class = 'danger'
|
||||||
|
|
||||||
|
# Add threat flag if any security issue detected
|
||||||
|
has_threat = xss_alert or sql_alert or webshell_alert or put_method or illegal_resource
|
||||||
|
if has_threat:
|
||||||
|
status_class = 'danger'
|
||||||
|
|
||||||
parsed_entries.append({
|
parsed_entries.append({
|
||||||
'timestamp': timestamp,
|
'timestamp': timestamp,
|
||||||
'ip_address': ip_address,
|
'ip_address': ip_address,
|
||||||
@@ -120,16 +146,20 @@ def parse_log_file(log_file_path):
|
|||||||
'put_method': put_method,
|
'put_method': put_method,
|
||||||
'illegal_resource': illegal_resource,
|
'illegal_resource': illegal_resource,
|
||||||
'webshell_alert': webshell_alert,
|
'webshell_alert': webshell_alert,
|
||||||
|
'status_class': status_class,
|
||||||
|
'has_threat': has_threat,
|
||||||
|
'message': f"{frontend}~ {backend} [{status_code}] {http_method} {requested_url}"
|
||||||
})
|
})
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"Error parsing line: {e}")
|
print(f"[LOG_PARSER] Error parsing line: {e}", flush=True)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
except FileNotFoundError:
|
except FileNotFoundError:
|
||||||
print(f"Log file not found: {log_file_path}")
|
print(f"[LOG_PARSER] Log file not found: {log_file_path}", flush=True)
|
||||||
return []
|
return []
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f"Error reading log file: {e}")
|
print(f"[LOG_PARSER] Error reading log file: {e}", flush=True)
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
print(f"[LOG_PARSER] Parsed {len(parsed_entries)} log entries", flush=True)
|
||||||
return parsed_entries
|
return parsed_entries
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
/**
|
/**
|
||||||
* HAProxy Logs Management
|
* HAProxy Logs Management with Security Alerts
|
||||||
* Pagination, filtering, and proper formatting
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
document.addEventListener('DOMContentLoaded', function() {
|
document.addEventListener('DOMContentLoaded', function() {
|
||||||
@@ -115,8 +114,8 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: { 'Content-Type': 'application/json' },
|
headers: { 'Content-Type': 'application/json' },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
page: currentPage,
|
page: 1,
|
||||||
per_page: perPage
|
per_page: 200 // Load initial 200
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
.then(r => r.json())
|
.then(r => r.json())
|
||||||
@@ -124,6 +123,9 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
if (data.success) {
|
if (data.success) {
|
||||||
allLoadedLogs = data.logs;
|
allLoadedLogs = data.logs;
|
||||||
loadedSpan.textContent = data.logs.length;
|
loadedSpan.textContent = data.logs.length;
|
||||||
|
totalLogs = data.total;
|
||||||
|
document.getElementById('total_count').textContent = data.total;
|
||||||
|
console.log(`[Logs] Loaded ${data.logs.length}/${data.total}`, flush=true);
|
||||||
applyFilters();
|
applyFilters();
|
||||||
} else {
|
} else {
|
||||||
showError(data.error);
|
showError(data.error);
|
||||||
@@ -145,7 +147,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
if (searchFilter.value.trim()) {
|
if (searchFilter.value.trim()) {
|
||||||
const query = searchFilter.value.toLowerCase();
|
const query = searchFilter.value.toLowerCase();
|
||||||
filtered = filtered.filter(log => {
|
filtered = filtered.filter(log => {
|
||||||
const text = `${log.timestamp || ''} ${log.source || ''} ${log.message || ''}`.toLowerCase();
|
const text = `${log.timestamp} ${log.ip_address} ${log.http_method} ${log.requested_url} ${log.frontend} ${log.backend}`.toLowerCase();
|
||||||
return text.includes(query);
|
return text.includes(query);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -153,7 +155,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
// Apply exclude phrases
|
// Apply exclude phrases
|
||||||
if (excludePhrases.length > 0) {
|
if (excludePhrases.length > 0) {
|
||||||
filtered = filtered.filter(log => {
|
filtered = filtered.filter(log => {
|
||||||
const text = `${log.timestamp || ''} ${log.source || ''} ${log.message || ''}`;
|
const text = `${log.timestamp} ${log.ip_address} ${log.message}`;
|
||||||
return !excludePhrases.some(phrase => text.includes(phrase));
|
return !excludePhrases.some(phrase => text.includes(phrase));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -190,23 +192,27 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
logsContainer.innerHTML = logs.map((entry, idx) => {
|
logsContainer.innerHTML = logs.map((entry) => {
|
||||||
const timestamp = entry.timestamp || '-';
|
const threat_badges = [];
|
||||||
const source = entry.source || '-';
|
if (entry.xss_alert) threat_badges.push('<span class="badge bg-danger me-1">XSS</span>');
|
||||||
const message = entry.message || '-';
|
if (entry.sql_alert) threat_badges.push('<span class="badge bg-danger me-1">SQL</span>');
|
||||||
|
if (entry.webshell_alert) threat_badges.push('<span class="badge bg-danger me-1">SHELL</span>');
|
||||||
|
if (entry.put_method) threat_badges.push('<span class="badge bg-warning me-1">PUT</span>');
|
||||||
|
if (entry.illegal_resource) threat_badges.push('<span class="badge bg-warning me-1">403</span>');
|
||||||
|
|
||||||
// Color code by status code if present
|
const threat_html = threat_badges.length > 0 ? `<div class="mb-2">${threat_badges.join('')}</div>` : '';
|
||||||
let statusClass = '';
|
|
||||||
if (message.includes('200')) statusClass = 'table-success';
|
|
||||||
else if (message.includes('404')) statusClass = 'table-warning';
|
|
||||||
else if (message.includes('500')) statusClass = 'table-danger';
|
|
||||||
|
|
||||||
return `
|
return `
|
||||||
<tr class="${statusClass}" style="font-family: monospace; font-size: 11px;">
|
<tr class="table-${entry.status_class}" style="font-family: monospace; font-size: 11px;">
|
||||||
<td>
|
<td>
|
||||||
<small class="text-info">${escapeHtml(timestamp)}</small><br>
|
${threat_html}
|
||||||
<small class="text-warning">${escapeHtml(source)}</small><br>
|
<small class="text-info">${escapeHtml(entry.timestamp)}</small><br>
|
||||||
<small style="color: #ddd; word-break: break-all;">${escapeHtml(message)}</small>
|
<small class="text-warning">${escapeHtml(entry.ip_address)}</small><br>
|
||||||
|
<strong>${escapeHtml(entry.http_method)}</strong>
|
||||||
|
<code>${escapeHtml(entry.requested_url)}</code>
|
||||||
|
<span class="badge bg-secondary ms-2">${escapeHtml(entry.status_code)}</span>
|
||||||
|
<br>
|
||||||
|
<small style="color: #aaa;">${escapeHtml(entry.frontend)}~ ${escapeHtml(entry.backend)}</small>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
`;
|
`;
|
||||||
@@ -214,7 +220,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Update exclude UI to show active filters
|
* Update exclude UI
|
||||||
*/
|
*/
|
||||||
function updateExcludeUI() {
|
function updateExcludeUI() {
|
||||||
if (excludePhrases.length > 0) {
|
if (excludePhrases.length > 0) {
|
||||||
@@ -240,7 +246,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Global function to remove exclude phrase
|
* Remove exclude phrase
|
||||||
*/
|
*/
|
||||||
window.removeExcludePhrase = function(idx) {
|
window.removeExcludePhrase = function(idx) {
|
||||||
excludePhrases.splice(idx, 1);
|
excludePhrases.splice(idx, 1);
|
||||||
|
|||||||
Reference in New Issue
Block a user