in src/main/java/com/googlesource/gerrit/plugins/auditsl4j/logsource/SSHLog.java [64:131]
public static Optional<SSHLog> createFromLog(String line) {
Matcher authCommand =
Pattern.compile(
"^\\[(?<timestamp>.*?)\\]\\s(?<session>.*?)\\s"
+ "(?<user>.*?)\\s(?<accountId>.*?)\\s(?<command>LOGOUT|LOGIN)(:?\\sFROM.*?)?$")
.matcher(line);
Matcher authFailure =
Pattern.compile(
"^\\[(?<timestamp>.*?)\\]\\s(?<session>.*?)\\s(?<user>.*?)\\s(?<command>AUTH FAILURE)(:?\\sFROM.*?)?$")
.matcher(line);
Matcher nonAuthCommand =
Pattern.compile(
"^\\[(?<timestamp>.*?)\\]\\s(?<session>.*?)\\s(?<user>.*?)\\s(?<accountId>.*?)\\s(?<command>.*?)(\\s(?<waitTime>\\d+ms)\\s(?<execTime>\\d+ms)\\s(?<result>.*?))?$")
.matcher(line);
if (authCommand.matches()) {
try {
return Optional.of(
new SSHLog(
authCommand.group("timestamp"),
authCommand.group("session"),
authCommand.group("user"),
authCommand.group("accountId"),
authCommand.group("command"),
null,
null,
"0"));
} catch (Exception e) {
log.error("Auth command match, but something wrong while parsing line: " + line);
}
} else if (authFailure.matches()) {
try {
return Optional.of(
new SSHLog(
authFailure.group("timestamp"),
authFailure.group("session"),
authFailure.group("user"),
null,
authFailure.group("command"),
null,
null,
"0"));
} catch (Exception e) {
log.error("Auth failure command match, but something wrong while parsing line: " + line);
}
} else if (nonAuthCommand.matches()) {
try {
return Optional.of(
new SSHLog(
nonAuthCommand.group("timestamp"),
nonAuthCommand.group("session"),
nonAuthCommand.group("user"),
nonAuthCommand.group("accountId"),
nonAuthCommand.group("command"),
nonAuthCommand.group("waitTime"),
nonAuthCommand.group("execTime"),
nonAuthCommand.group("result") != null ? nonAuthCommand.group("result") : "0"));
} catch (Exception e) {
log.error("Non Auth command match, but something wrong while parsing line: " + line);
}
} else {
log.error("Can't extract any info from line: " + line);
}
return Optional.empty();
}