def init_global_fsender(tag, host, port):
from fluent.sender import FluentSender
global fsender
if fsender is None:
fsender = FluentSender(tag, host, port)
linfo("init_global_fsender")
def __init__(
self,
mongos,
mongor_ssl=False,
cursor_timeout=600, #10 Minutes
fluentd="localhost:24224",
logtag="rabidmongoose"):
self.connections = {}
self.cursor_timeout = cursor_timeout
self.mongor_uri = "".join(mongos)
self.mongor_host = self.mongor_uri[10:].split(":")[0]
self.mongor_port = int(self.mongor_uri[10:].split(":")[1])
self.mongor_ssl = mongor_ssl
LOGGER.debug('INIT - URI: %s, Host: %s, Port: %s' %
(self.mongor_uri, self.mongor_host, self.mongor_port))
if HAS_FLUENT:
self.sender = FluentSender(host=fluentd.split(":")[0],
port=int(fluentd.split(":")[1]),
tag=logtag)
LOGGER.addHandler(
FluentHandler("%s.debug" % (logtag),
host=fluentd.split(":")[0],
port=int(fluentd.split(":")[1])))
else:
self.sender = FakeFluentSender()
def __init__(self, tag, pdir, stream_cfg, send_term,
max_send_fail, echo, encoding, lines_on_start,
max_between_data):
"""
Trailer common class initialization
Args:
tag: Classification tag for Fluentd
pdir: Position file directory
stream_cfg: Log streaming service config (Fluentd / Kinesis)
strem_cfg: Log transmission time interval
max_send_fail: Maximum number of retries in case of transmission
failure
echo: Whether to save sent messages
encoding: Original message encoding
lines_on_start: How many lines of existing log will be resent
at startup (for debugging)
max_between_data: When the service is restarted, unsent logs
smaller than this amount are sent.
"""
super(BaseTailer, self).__init__()
self.fsender = self.kclient = None
self.ksent_seqn = self.ksent_shid = None
self.linfo("__init__", "max_send_fail: '{}'".format(max_send_fail))
self.last_get_hinfo = 0
self.sname, self.saddr = self.get_host_info()
tag = "{}.{}".format(self.sname.lower() if self.sname is not None else
None, tag)
self.linfo(1, "tag: '{}'".format(tag))
self.tag = tag
self.send_term = send_term
self.last_send_try = 0
self.last_update = 0
self.kpk_cnt = 0 # count for kinesis partition key
self.pdir = pdir
max_send_fail = max_send_fail if max_send_fail else MAX_SEND_FAIL
tstc = type(stream_cfg)
if tstc == FluentCfg:
host, port = stream_cfg
self.fsender = FluentSender(tag, host, port,
max_send_fail=max_send_fail)
elif tstc == KinesisCfg:
stream_name, region, access_key, secret_key = stream_cfg
self.kstream_name = stream_name
self.ldebug('query_aws_client kinesis {}'.format(region))
self.kclient = query_aws_client('kinesis', region, access_key,
secret_key)
self.kagg = aggregator.RecordAggregator()
self.send_retry = 0
self.echo_file = StringIO() if echo else None
self.cache_sent_pos = {}
self.encoding = encoding
self.lines_on_start = lines_on_start if lines_on_start else 0
self.max_between_data = max_between_data if max_between_data else\
MAX_BETWEEN_DATA
async def test_fluentd_forward_source_events(elasticsearch, http_client,
docker_ip):
"""FluentD forwards "native" records to ElasticSearch."""
# Grab the current date (we'll need to use it several times and we don't
# want to get flakey results when we execute the tests around midnight).
today = datetime.date.today()
# Clear the index.
url = urljoin(elasticsearch, 'events-%s' % (today.isoformat(), ))
async with http_client.delete(url) as resp:
# May get 404 if we're the first test to run, but we'll get 200 if we
# successfully delete the index.
assert resp.status in (200, 404)
# Post an event with a tag that matches `events.**` rule in `fluent.conf`.
fluent = FluentSender('events.test', host=docker_ip, port=24224)
fluent.emit('an-event', {
'some-field': 'some-value',
})
# Wait until the record shows up in search results.
await asyncio.sleep(datetime.timedelta(seconds=3).total_seconds())
# Grab the record.
url = urljoin(
elasticsearch, 'events-%04d-%02d-%02d/events/_search' % (
today.year,
today.month,
today.day,
))
async with http_client.get(url) as resp:
assert resp.status == 200
body = await resp.json()
assert body['hits']['total'] == 1
assert body['hits']['hits'][0]['_source'] == {
'service': 'test',
'event': 'an-event',
'some-field': 'some-value',
'@timestamp': mock.ANY,
}
# Grab index stats, check that index exists and that we have our data.
url = urljoin(elasticsearch, '_cat/indices?v')
async with http_client.get(url) as resp:
assert resp.status == 200
body = await resp.text()
print('STATS:')
print(body)
print('------')
lines = body.split('\n')
lines = [line.split() for line in lines if line.strip()]
assert len(lines) >= 2
stats = [dict(zip(lines[0], line)) for line in lines[1:]]
stats = {index['index']: index for index in stats}
index = stats.pop('events-%04d-%02d-%02d' %
(today.year, today.month, today.day))
assert int(index['docs.count']) >= 1
def __init__(self, name, host='localhost', port=24224):
if FluentSender is None:
raise Exception(
"Attempted to use FluentTraceLogger with not Fluent dependency available."
)
self.lock = threading.Lock()
self.thread_local = threading.local()
self.name = name
self.sender = FluentSender(self.name, host=host, port=port)
def connect(self, tag=None):
"""
Connect to a fluentd logger
"""
if not tag:
tag = self.tag
timeout = float(self.timeout)
port = int(self.port)
buffer_max = int(self.buffer_max)
self.sender = FluentSender(tag, self.host, port, buffer_max, timeout)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-i",
"--ident",
help="Unique identifier of the honeypot.")
parser.add_argument("-n", "--hostname", help="Hostname of the honeypot.")
parser.add_argument("-t", "--type", help="Honeypot type.")
parser.add_argument("-a", "--address", help="IP address of the honeypot.")
parser.add_argument("--fluent-host",
default="fluentbit",
help="Hostname of Fluent Bit server")
parser.add_argument("--fluent-port",
type=int,
default=24284,
help="Port of Fluent Bit server")
parser.add_argument("--fluent-app",
default="stingar",
help="Application name for Fluent Bit server")
parser.add_argument("--tags", help="Comma separated tags for honeypot.")
args = parser.parse_args()
dt = datetime.datetime.now()
data = {
"identifier": args.ident,
"hostname": args.hostname,
"honeypot": args.type,
"ip": args.address,
"created": dt.strftime("%Y/%m/%d %H:%M:%S"),
"updated": dt.strftime("%Y/%m/%d %H:%M:%S"),
"tags": args.tags
}
sender = FluentSender(args.fluent_app,
host=args.fluent_host,
port=args.fluent_port)
sender.emit(SENSOR_TOPIC, data)
return 0
def _get_sender(self, tag, host, port, bufmax, timeout):
"""
Get the Fluentd sender for the given arguments.
Arguments:
tag -- The base tag of the log event, representing the
application.
host -- The host name or IP address of the fluentd server.
port -- The port number the fluentd server is listeneing on.
bufmax -- The size of the buffer.
timeout -- The timeout
Returns:
A FluentSender with the given configuration.
"""
sender = None
key = "%s%s%d%d%f" % (tag, host, port, bufmax, timeout)
if key in self._senders:
sender = self._senders[key]
else:
sender = FluentSender(tag, host, port, bufmax, timeout)
self._senders[key] = sender
return sender
def __init__(self,
logsense_token=None,
tag='python',
meta={},
logsense_host=None,
logsense_port=None,
verbose=False,
nanosecond_precision=False):
internal_logger = logging.getLogger('logsense.sender')
self._logsense_token = logsense_token
if logsense_host:
self._logsense_host = logsense_host
else:
self._logsense_host = getenv('LOGSENSE_HOST', 'logs.logsense.com')
if logsense_port:
self._logsense_port = logsense_port
else:
self._logsense_port = int(getenv('LOGSENSE_PORT', '32714'))
if self._logsense_token is None:
self._logger = None
print("LOGSENSE_TOKEN not set - skipping handler")
else:
self._verbose = verbose
self._logger = FluentSender(
tag,
host=self._logsense_host,
ssl_server_hostname=self._logsense_host,
port=self._logsense_port,
use_ssl=True,
verbose=self._verbose)
self._base_dict = self.update_meta(meta)
self.nanosecond_precision = nanosecond_precision
def __init__( self, name, host='localhost', port=24224 ):
assert FluentSender is not None, FLUENT_IMPORT_MESSAGE
self.lock = threading.Lock()
self.thread_local = threading.local()
self.name = name
self.sender = FluentSender( self.name, host=host, port=port )
def __init__(self, name, host='localhost', port=24224):
self.lock = threading.Lock()
self.thread_local = threading.local()
self.name = name
self.sender = FluentSender(self.name, host=host, port=port)
def main():
parser = argparse.ArgumentParser(
add_help=False,
formatter_class=argparse.ArgumentDefaultsHelpFormatter
)
parser.add_argument(
'--help',
action='help',
default=argparse.SUPPRESS,
help=argparse._('show this help message and exit')
)
parser.add_argument(
'-v', '--verbose', action='store_true', help='Display debug messages'
)
parser.add_argument('-h', '--host', type=str, default='127.0.0.1',
help='Listen host')
parser.add_argument('-p', '--port', type=int, default=8080,
help='Listen port')
parser.add_argument('-w', '--workers', type=int,
default=max(1, multiprocessing.cpu_count() - 1),
help='Number of workers')
parser.add_argument('--sentry-dsn', type=str, help='Sentry DSN')
parser.add_argument('--redis-host', type=str, default='127.0.0.1',
help='Redis host')
parser.add_argument('--redis-port', type=str, default=6379,
help='Redis port')
parser.add_argument('--redis-password', type=str, default=None,
help='Redis password')
parser.add_argument('--disable-fluent', action='store_true', default=False,
help='If set, do not send logs to fluent')
parser.add_argument('--fluent-host', type=str, default='127.0.0.1',
help='Fluentd host')
parser.add_argument('--fluent-port', type=int, default=24224,
help='Fluentd port')
parser.add_argument('--auth-enabled', action='store_true', default=False,
help='Enable authentication')
parser.add_argument('--api-url', type=str, default='http://127.0.0.1:5000',
help='APITaxi URL, used when authentication is enabled to retrieve users')
args = parser.parse_args()
if args.sentry_dsn:
sentry_sdk.init(args.sentry_dsn, traces_sample_rate=1.0)
loglevel = logging.DEBUG if args.verbose else logging.INFO
logging.config.dictConfig({
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'default': {
'()': FormatWithPID,
'format': '%(asctime)s (pid %(pid)s) %(message)s'
}
},
'handlers': {
'console': {
'level': loglevel,
'class': 'logging.StreamHandler',
'formatter': 'default',
}
},
'loggers': {
'': {
'handlers': ['console'],
'level': loglevel,
}
}
})
if not args.auth_enabled:
logger.warning('Authentication is not enabled')
api_key = os.getenv('API_KEY')
if args.auth_enabled and not api_key:
parser.error('--enable-auth is set but API_KEY environment variable is not set')
if args.disable_fluent:
fluent = None
else:
fluent = FluentSender('geotaxi', host=args.fluent_host, port=args.fluent_port)
redis = Redis(
host=args.redis_host,
port=args.redis_port,
password=args.redis_password,
socket_keepalive=True,
)
worker = Worker(
redis,
fluent=fluent,
auth_enabled=args.auth_enabled, api_url=args.api_url, api_key=api_key
)
run_server(args.workers, args.host, args.port, worker)
from fluent.sender import FluentSender
logger = FluentSender("app", host="localhost", port=24224)
logger.emit("follow", {"from": "userA", "to": "userB"})
logger.emit("bof", dict(beuha="aussi", age=42))
logger.close()
