Home :: Blogs :: randomsample's blog

Custom article treatment in Gnus: Make Samhain mails more readable

By randomsample - Posted on April 20th, 2009
Tagged:  
There are already dozens of functions in Gnus which do all kinds of stuff with article display , my favourite being gnus-summary-morse-message, which is incredibly helpful if you regularly receive messages in morse code.
I use Samhain as a tool for intrusion detection on Linux and Mac servers, and it's really great. However, Samhain will send you mails which are so densely packed with information that it's hard to get a quick overview of how serious the changes on the server are. Therefore, I made a little treatment function which just displays the most important stuff in this mails - if I see that this might be suspicious, I can still switch to the raw mail view by pressing 'C-u g'. Here's the treatment function: 

(defun DE-article-treat-samhain ()
  (let ((samhainreg "^\\([A-Z]+\\)\\s-*:"))
    (when (looking-at "-----BEGIN MESSAGE-----")
      (add-text-properties (point) (progn (while (not (looking-at samhainreg)) (forward-line 1)) (point))
			   '(invisible t))
      (while (not (eobp))
	(cond
	 ((looking-at (concat samhainreg ".*.*path=<\\(.*?\\)>"))
		      (insert (format "%s: %s %s (%s)" (match-string 1) (propertize (match-string 4) 'face 'bold)
				      (match-string 2) (match-string 3))))
	  ((looking-at (concat samhainreg ".*.*path=<\\(.*?\\)>"))
	   (insert (format "%s: %s %s (%s)" (match-string 1) (propertize (match-string 3) 'face 'bold)
			   (match-string 2) (match-string 4))))
	  ((looking-at (concat samhainreg ".*msg=.*path=<\\(.*?\\)>"))
	   (insert (format "%s: %s %s" (match-string 1) (propertize (match-string 3) 'face 'bold)
			   (match-string 2))))
	  ((looking-at (concat samhainreg ".*msg="))
	   (insert (format "%s: %s %s" (match-string 1) (propertize (match-string 3) 'face 'bold)
			   (match-string 2))))
	  ((looking-at (concat samhainreg ".*msg=<\\(.*?\\)>[, ]*\\(.*\\)"))
	   (insert (format "%s: %s (%s)" (match-string 1) (propertize (match-string 2) 'face 'bold)
			   (match-string 3))))
	  ((looking-at "-----BEGIN SIGNATURE-----")
	   (add-text-properties (point) (progn (search-forward "-----END MESSAGE-----" nil t) (point))
				'(invisible t))))
	(unless (bolp)
	  (add-text-properties (point) (progn (end-of-line) (point))
			       '(invisible t)))
	(forward-line 1)))))

To activate this function, just use 

(add-hook 'gnus-part-display-hook 'DE-article-treat-samhain)

For example, using this treat function, instead of

CRIT : [2009-04-01T01:34:39+0200] msg=POLICY ADDED, path=/var/lib/awstats/awstats042009.txt, mode_new=-rw-r--r--, attr_new=------------, imode_new=33188, iattr_new=0, hardlinks_new=1, idevice_new=0, inode_new=819377, owner_new=www-data, iowner_new=33, group_new=www-data, igroup_new=33, size_old=0, size_new=6626, ctime_new=2009-03-31T23:30:04, atime_new=2009-03-31T23:30:04, mtime_new=2009-03-31T23:30:04, chksum_new=000000000000000000000000000000000000000000000000

you will just see

CRIT: /var/lib/awstats/awstats042009.txt ADDED