Thursday, March 14, 2019

python syslog script

useful python syslog i found online
https://github.com/cloudpassage/splunk-halo-python/blob/master/remote_syslog.py

sample usage

syslog('Apr 23 07:36:52 10.2.108.181 EventName=[], SourceIP=[], SourcePort=[], DestinationIP=[], DestinationPort=[], UserName=[], SourceWorkstation=[], Url=[], FilePath=[], MD5=[], LogSource=[], MacAddress=[], LogSourceTime=[], Notes=[]', host='10.xx.xx.xx', facility=FACILITY['local0'], level=LEVEL['info'])

---------------

#!/usr/bin/python

"""
Python syslog client.

This code is placed in the public domain by the author.
Written by Christian Stigen Larsen.

This is especially neat for Windows users, who (I think) don't
get any syslog module in the default python installation.

See RFC3164 for more info -- http://tools.ietf.org/html/rfc3164

Note that if you intend to send messages to remote servers, their
syslogd must be started with -r to allow to receive UDP from
the network.
"""

import socket

# I'm a python novice, so I don't know of better ways to define enums

FACILITY = {
'kern': 0, 'user': 1, 'mail': 2, 'daemon': 3,
'auth': 4, 'syslog': 5, 'lpr': 6, 'news': 7,
'uucp': 8, 'cron': 9, 'authpriv': 10, 'ftp': 11,
'local0': 16, 'local1': 17, 'local2': 18, 'local3': 19,
'local4': 20, 'local5': 21, 'local6': 22, 'local7': 23,
}

LEVEL = {
'emerg': 0, 'alert':1, 'crit': 2, 'err': 3,
'warning': 4, 'notice': 5, 'info': 6, 'debug': 7
}

def syslog(message, level=LEVEL['notice'], facility=FACILITY['daemon'],
host='localhost', port=514):

"""
Send syslog UDP packet to given host and port.
"""

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
data = '<%d>%s' % (level + facility*8, message)
sock.sendto(data, (host, port))
sock.close()

No comments:

Post a Comment