journal-watcher.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

#!/bin/python

from systemd import journal
import re
from time import sleep
from email.mime.text import MIMEText
from subprocess import Popen, PIPE

j = journal.Reader()
j.this_boot()
j.add_match(_SYSTEMD_UNIT='courier-esmtpd.service')

regexes = {
   re.compile('.*msg="534 SIZE=Message too big\.",cmd: MAIL FROM:[^<]*<([^>]+)> SIZE=([0-9]+)'),
   re.compile('.*,from=[^<]*<([^>]+)>: 523 Message length \(([0-9]+) bytes\) exceeds administrative limit.*')
}

while True:
   item=j.get_next()
   while item!={}:
      for regex in regexes:
         match = regex.match(item['MESSAGE'])
         if match:
            msg = MIMEText("Hi,\n\n{} hat eine zu grosze Email ({}) geschickt ({}).".format(match.group(1),match.group(2),item['SYSLOG_TIMESTAMP']))
            msg["From"] = "journal-watcher@eckner.net"
            msg["To"] = "logs@eckner.net"
            msg["Subject"] = "zu grosze Email von {}".format(match.group(1))
            p = Popen(["/usr/sbin/sendmailadvanced", "-t"], stdin=PIPE)
            p.communicate(msg.as_bytes())
      item=j.get_next()
   sleep(10)