formatednicely

1 files changed, 13 insertions, 3 deletions

diff --git a/client_manager.py b/client_manager.py
index 84bf3df..ab29e16 100644
--- a/client_manager.py
+++ b/client_manager.py
@@ -15,6 +15,7 @@ import fcntl
 
 def get_ssh_port(pid):
     '''
+    /var/log/secure
     Jan 31 07:50:28 vultr sshd[43690]: Accepted publickey for root from 210.10.76.5 port 43730 ssh2: ED25519 SHA256:qz9ffMCb3vPlabn3ZHee00qIPBxkDiUiVSorcUkGdII
     Jan 31 07:50:28 vultr sshd[43690]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
     Jan 31 07:50:29 vultr sshd[43693]: Received disconnect from 210.10.76.5 port 43730:11: disconnected by user
@@ -22,6 +23,13 @@ def get_ssh_port(pid):
     Jan 31 07:50:29 vultr sshd[43690]: pam_unix(sshd:session): session closed for user root
     '''
     '''
+    lsof -i -n
+    sshd      1845   root    4u  IPv4  23137      0t0  TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
+    sshd      1848   root    4u  IPv4  23137      0t0  TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
+    sshd      1848   root    8u  IPv4  23259      0t0  TCP *:44699 (LISTEN)
+    sshd      1848   root    9u  IPv6  23260      0t0  TCP *:44699 (LISTEN)
+    '''
+    '''
     # less efficient but readable
     pid = '33216'
     pids = []
@@ -100,11 +108,13 @@ def handle_log_change(event):
                 keyname = get_keyname(line.split()[15]) 
                 srcip = line.split()[10]
                 #print(pid, port, keyname, srcip)
-                ssh_sessions[pid] = [srcip, keyname, port]
-                ssh_sessions[pid] = {
+                #ssh_sessions[pid] = [srcip, keyname, port]
+
+                ssh_sessions[srcip] = {
                     'srcip': srcip,
+                    'pid' : pid,
                     'key': keyname,
-                    'pubport': port
+                    'pubport': port,
                 }
                 write_data(ssh_sessions)
             if "pam_unix(sshd:session): session closed" in line: