Der Code ist nicht fertig und war mal ein Labor Versuch. Es lassen sich globale und Host Filter setzen wo diese zutreffen werden die Logs in ein extra File geschrieben.
Config file:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Config definition
class CFG:
def __init__(self):
# Path for logfiles
self.syslogpath = "/home/mthoma/_dev/syslog/log/"
# Listner Port
self.port = 3702
# Listner address
self.host = "0.0.0.0"
# Global Filter
self.global_filter = {
"filter": [
".*FOOBAR.*",
".*COFFEE.*"
]
}
# Host Filter
self.host_filter = {
"10.201.11.33": {
"filter": [
".*MACFLAP.*",
".*BUBU.*",
]
},
}
Syslog Server:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Load config class
from config import CFG
# Load common classes
import re
import logging
import SocketServer
import socket
import os
# Load configuration file
C = CFG()
formatter = logging.Formatter('%(message)s')
def setup_logger(name, log_file, level=logging.INFO):
handler = logging.FileHandler(log_file)
handler.setFormatter(formatter)
logger = logging.getLogger(name)
logger.setLevel(level)
logger.addHandler(handler)
return logger
class SyslogUDPHandler(SocketServer.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip())
sockets = self.request[1]
ip = str(self.client_address[0])
# Try to resolve reverse record via DNS
try:
name, alias, addresslist = socket.gethostbyaddr(ip)
except:
name = ip
# Set path
path = C.syslogpath+name+"/"
# Create path if not exist
try:
os.stat(path)
except:
os.mkdir(path)
logger = setup_logger('normal_log', path+"log")
logger.info(str(data))
logger_sp = setup_logger('special_log', path+"spec")
if ip in C.host_filter:
filters = options['filter'] + C.global_filter['filter']
filter_join = "|".join(filters)
if re.match(r"%s" % filter_join, str(data)):
logger_sp.info(str(data))
else:
filters = C.global_filter['filter']
filter_join = "|".join(filters)
if re.match(r"%s" % filter_join, str(data)):
logger_sp.info(str(data))
print "%s : " % self.client_address[0], str(data)
logging.info(str(data))
if __name__ == "__main__":
try:
server = SocketServer.UDPServer((C.host,C.port), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print "Crtl+C Pressed. Shutting down."