-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhelptext.ts
123 lines (94 loc) · 2.61 KB
/
helptext.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
export function fmtHelp(
txt: string,
appName: string,
version: string,
releaseDate: string,
releaseHash: string,
): string {
return txt.replaceAll("{app_name}", appName).replaceAll("{version}", version)
.replaceAll("{release_date}", releaseDate).replaceAll(
"{release_hash}",
releaseHash,
);
}
export const helpText =
`%{app_name}(1) user manual | version {version} {release_hash}
% R. S. Doiel
% {release_date}
# NAME
{app_name}
# SYNOPSIS
{app_name} [OPTIONS]
{app_name} YAML_FILE LOG_FILE [OPTIONS]
# DESCRIPTION
Log agent reads input line by line. If checks if a tag (explicit sub string)
is contained in that line. If a match is found then the agent extracts any
IP addresses identified before applying a rule associated with the tag.
The log agent requires a configuration file written in yaml. The configuration
holds an array of object where each object is an agent configuration. The
object has the following attributes.
tag
: The explicit string to search for
action
: The command to execute if tag is found
Here's an example configuration YAML file.
~~~yaml
- tag: BadBot
action: |
sudo iptables
-p tcp -m multiport
--dports http,https
-j DROP
-s {ipaddress}
~~~
If the text "BadBot" is found in the log line. and the IP address "156.59.198.136" was found in the log line then the following command would be executed.
~~~shell
sudo iptables \\
-p tcp -m multiport \\
--dports http,https \\
-j DROP \\
-s 156.59.198.136
~~~
# OPTIONS
Options come as the last parameter(s) on the command line.
-h, --help
: display help
-v, --version
: display version
-l, --license
: display license
-d, --dry_run
: display the commands for matching tags in the configuration. Nice
for generating bash or Powershell scripts.
# EXAMPLES
In example we're looking for log lines that have the text "BadBot"
or "BadSpider". We'll use iptables to ban them.
Here's the YAML config called "badbots.yaml"
~~~
- tag: BadBot
action: |
sudo iptables
-p tcp -m multiport
--dports http,https
-j DROP
-s {ipaddress}
- tag: BadSpider
action: |
sudo iptables
-I logagent_badbot
-p tcp -m multiport
--dports http,https
-j DROP
-s {ipaddress}
~~~
When you run '{app_name}' with the '--dry_run' option it
will show you the commends that will be executed for log lines
with tags. Here's an example using the YAML config on "access.log"
~~~
{app_name} badbots.yaml access.log --dry_run
~~~
If this looks OK then you can apply the tags and actions like this.
~~~
{app_name} badbots.yaml access.log
~~~
`;