mod/project/ssh/journalctlMod.py

import os
import sys
from datetime import datetime
if "/www/server/panel/class" not in sys.path:
    sys.path.insert(0, "/www/server/panel/class")

os.chdir("/www/server/panel")
import public

from mod.project.ssh.base import SSHbase


class JournalctlManage(SSHbase):
    def __init__(self):
        super(JournalctlManage, self).__init__()

    def get_journalctl_logs(self, file_positions):
        '''
        获取 systemd journalctl 的 SSH 登录日志
        return  日志,游标位置
        '''
        new_logins = []
        current_positions = ""

        command_list = [
                "journalctl -u ssh --no-pager --show-cursor --grep='Accepted|Failed password for|Accepted publickey'",  # 全量获取
                "journalctl -u ssh --since '30 days ago' --no-pager --show-cursor --grep='Accepted|Failed password for|Accepted publickey'",  # 30天
                "journalctl -u ssh --no-pager --show-cursor --grep='Accepted|Failed password for|Accepted publickey' --cursor='{}'".format(file_positions)  # 从记录的游标开始读取
            ]

        if not file_positions:
            # 获取systemd日志所占用的空间
            res, err = public.ExecShell("journalctl --disk-usage")
            total_bytes = public.parse_journal_disk_usage(res)
            limit_bytes = 5 * 1024 * 1024 * 1024
            # 大于5G 取30天的数据量
            command = command_list[1] if total_bytes > limit_bytes else command_list[0]
            content = public.ExecShell(command)[0].strip()
        else:
            content = public.ExecShell(command_list[2])[0].strip()

        lines = content.split('\n')
        if lines:
             # 处理去除多余游标字符
            current_positions = lines[-1].replace("-- cursor: ", "")

        for line in lines[:-1]:
            if "No entries" in line:break

            if any(keyword in line for keyword in ["Accepted password", "Failed password", "Accepted publickey"]):
                parts = line.split()
                year = datetime.now().year
                entry = self.parse_login_entry(parts, year)
                if entry:
                    entry["log_file"] = "journalctl"
                    new_logins.append(entry)
        return new_logins, current_positions
Initial YakPanel commit 2026-04-07 02:04:22 +05:30			`import os`
			`import sys`
			`from datetime import datetime`
			`if "/www/server/panel/class" not in sys.path:`
			`sys.path.insert(0, "/www/server/panel/class")`

			`os.chdir("/www/server/panel")`
			`import public`

			`from mod.project.ssh.base import SSHbase`


			`class JournalctlManage(SSHbase):`
			`def __init__(self):`
			`super(JournalctlManage, self).__init__()`

			`def get_journalctl_logs(self, file_positions):`
			`'''`
			`获取 systemd journalctl 的 SSH 登录日志`
			`return 日志,游标位置`
			`'''`
			`new_logins = []`
			`current_positions = ""`

			`command_list = [`
			`"journalctl -u ssh --no-pager --show-cursor --grep='Accepted\|Failed password for\|Accepted publickey'", # 全量获取`
			`"journalctl -u ssh --since '30 days ago' --no-pager --show-cursor --grep='Accepted\|Failed password for\|Accepted publickey'", # 30天`
			`"journalctl -u ssh --no-pager --show-cursor --grep='Accepted\|Failed password for\|Accepted publickey' --cursor='{}'".format(file_positions) # 从记录的游标开始读取`
			`]`

			`if not file_positions:`
			`# 获取systemd日志所占用的空间`
			`res, err = public.ExecShell("journalctl --disk-usage")`
			`total_bytes = public.parse_journal_disk_usage(res)`
			`limit_bytes = 5 * 1024 * 1024 * 1024`
			`# 大于5G 取30天的数据量`
			`command = command_list[1] if total_bytes > limit_bytes else command_list[0]`
			`content = public.ExecShell(command)[0].strip()`
			`else:`
			`content = public.ExecShell(command_list[2])[0].strip()`

			`lines = content.split('\n')`
			`if lines:`
			`# 处理去除多余游标字符`
			`current_positions = lines[-1].replace("-- cursor: ", "")`

			`for line in lines[:-1]:`
			`if "No entries" in line:break`

			`if any(keyword in line for keyword in ["Accepted password", "Failed password", "Accepted publickey"]):`
			`parts = line.split()`
			`year = datetime.now().year`
			`entry = self.parse_login_entry(parts, year)`
			`if entry:`
			`entry["log_file"] = "journalctl"`
			`new_logins.append(entry)`
			`return new_logins, current_positions`