This tool is intended to import mod_security's incident logs into one or more database. Multiple simple analysis tool will try to extract data to support ongoing support work on the deployed mod_security rule set.
I haven't written Python code in a couple of months, so please cope with included rubyisms.
- repository auschecken
- virtualenv env
- source env/bin/activate
- python setup.py install
(requirements are mostly down to sqlalchemy and noste)
CREATE USER modsec WITH PASSWORD 'modsec'; CREATE DATABASE modsec; GRANT ALL PRIVILEGES ON DATABASE modsec to modsec; \q
(env)[~/workspace/testproject]$ nosetests
Ran 15 tests in 0.201s
OK(env)[~/workspace/testproject]$ bin/import
usage: import [-h] [--import-parts] database File [File ...]
import: error: too few arguments
(env)[~/workspace/testproject]$ bin/import --import-parts testme.sqlite /home/andy/Downloads/Mod_Security_Logs/*
also adding parts!
parsing /home/andy/Downloads/Mod_Security_Logs/20150330-230822-VRm7Rgr5AlMAACss5wwAAABE.txt
adding /home/andy/Downloads/Mod_Security_Logs/20150330-230822-VRm7Rgr5AlMAACss5wwAAABE.txt to db
parsing /home/andy/Downloads/Mod_Security_Logs/20150330-231038-VRm7zgr5AlMAAClwIZoAAAAU.txt
adding /home/andy/Downloads/Mod_Security_Logs/20150330-231038-VRm7zgr5AlMAAClwIZoAAAAU.txt to db
parsing /home/andy/Downloads/Mod_Security_Logs/20150509-175403-VU4tmwr5AlMAABZIdvcAAAEW.txt
adding /home/andy/Downloads/Mod_Security_Logs/20150509-175403-VU4tmwr5AlMAABZIdvcAAAEW.txt to db
parsing /home/andy/Downloads/Mod_Security_Logs/20150509-175413-VU4tpQr5AlMAABOvDLQAAAJM.txt
adding /home/andy/Downloads/Mod_Security_Logs/20150509-175413-VU4tpQr5AlMAABOvDLQAAAJM.txt to db- bin/analyze_destinations
- bin/analyze_simple