Using pyinotify to Monitor a Website and send alarms

Hello there now i will teach you how to monitor a website files to track and react to any type of events like a MOD or a DELETE or WRITE event in those files you can expand  the python code to make it better for example you can create a routine that writes the log into a file this way the tutorial wont require stdbuf for sending output to the log anyways here we go hope it helps you:

[root@localhost rafael]# dnf install python-pip
Last metadata expiration check: 2:29:38 ago on Thu 16 Aug 2018 09:18:22 AM EDT.
Package python2-pip-9.0.3-2.fc26.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

Proceed now as regular user
[rafael@localhost ~]$ pip install pyinotify
Collecting pyinotify
Downloading https://files.pythonhosted.org/packages/e3/c0/fd5b18dde17c1249658521f69598f3252f11d9d7a980c5be8619970646e1/pyinotify-0.9.6.tar.gz (60kB)
100% |████████████████████████████████| 61kB 390kB/s

Installing collected packages: pyinotify
Running setup.py install for pyinotify … done
Successfully installed pyinotify-0.9.6
[rafael@localhost ~]$


Now we do some python coding also check that some events are not needed for example
import sys
import pyinotify
from datetime import datetime

#find “$PWD” | grep -v logs
#copy paste XLS
#delete whitespaces
#sed -r ‘s/\s+//g’ files_to_monitor.txt > final.txt
#copy paste to this code.
#stdbuf -oL python monitor.py > FSmonitor.log &

class MyEventHandler(pyinotify.ProcessEvent):
def process_IN_ACCESS(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”ACCESS event:”, event.pathname

def process_IN_ATTRIB(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”ATTRIB event:”, event.pathname

def process_IN_CLOSE_WRITE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”CLOSE_WRITE event:”, event.pathname

def process_IN_CREATE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”CREATE event:”, event.pathname

def process_IN_DELETE(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”DELETE event:”, event.pathname

def process_IN_MODIFY(self, event):
date = datetime.now().strftime(“%y-%m-%d %H-%M-%S”)
print date,”MODIFY event:”, event.pathname

def main():
# watch manager
wm = pyinotify.WatchManager()

wm.add_watch([‘/var/log/messages’, ‘/var/log/lastlog’, ‘/var/log/cron’, ‘/var/log/secure’, ‘/var/log/dnf.librepo.log’, ‘/var/log/dnf.log’ ],
pyinotify.ALL_EVENTS, rec=True)

# event handler
eh = MyEventHandler()

# notifier
notifier = pyinotify.Notifier(wm, eh)
notifier.loop()

if __name__ == ‘__main__’:
main()

We would need to connect to the mail server by CLI  for the alarm sending set the following at:

[root@localhost rafael]# tail /etc/mail.rc
# Configuration for sending ALARMS
set smtp=smtp://mail.xxxxxx.com
set smtp-auth=login
set smtp-auth-user=xxxxxx@xxxx.com
set smtp-auth-password=xxxxxxxxxxxxxxx

Now we can do a bash script sending email trigger alert:

#!/bin/bash
#monitor script
#Author: Rafael E Rumbos S

unset line_counter_of_filesystem_log
unset application_modification_tracker

line_counter_of_filesystem_log=`wc -l /home/italerts/FSmonitor.log | awk ‘{ print $1 }’`
application_modification_tracker=0

if [ $line_counter_of_filesystem_log -gt $application_modification_tracker ]; then
web_app=”/Website_to_monitor/”
content1=`date`
content2=`hostname`
logfile=”/home/italerts/permanent_FS_LOG.log”
cat /home/italerts/FSmonitor.log >> /home/italerts/permanent_FS_LOG.log
>/home/italerts/FSmonitor.log
echo $content1 ” — ” $content2 ” — ” $line_counter_of_filesystem_log lines in the Web application tracker outside of the limit Please check “—>” $web_app “—” check the log at $logfile | mail -v -s “ALARM from Filesystem Integrity system” your_account@somedomain.com

else
echo nada que hacer
fi

Also notice that we are using a 2 LOGS logic, this to avoid spamming the emails accounts with unnecessary alerts, when the event trigger it send the alert then at the script the routine cleans the log so when you set this in Cron table it wont trigger every time.

rers

Acerca de rers

Rafael es TSU en Informática / Ing de Sistemas / Autor de El Gran libro de Debian GNU/Linux en 2015 fundo EnjoySistemas y actualmente se desempeña como Consultor Freelance.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *