def run(self):
if not self.runable:
print 'Process not runable, returning'
return False
# Drop privileges
os.setgroups([])
os.setgid(self.gid)
os.setuid(self.uid)
ppid = os.getppid()
while True:
try:
line = self.work_queue.get(timeout=0.5)
if not line:
'Parent process is asking us to exit'
return True
line = line.decode('utf-8').encode('ASCII', 'ignore')
except KeyboardInterrupt:
return False
except UnicodeDecodeError:
print 'Unicode Error, skipping entry'
continue
except QueueEmpty:
if os.getppid() != ppid:
return False
continue
try:
entry = SyslogEntry.from_line(line)
except pyparsing.exceptions.Exception:
continue
self.process_entry(entry)
def handle(self):
if self.server.use_tls:
return self.handle_tls()
while True:
line = self.connection.readline()
if not line:
break
syslog_entry = SyslogEntry.from_line(line)
if syslog_entry:
self.handle_entry(syslog_entry)
else:
self.handle_error(line)
def handle(self):
if self.server.use_tls:
return self.handle_tls()
while True:
line = self.connection.readline()
if not line:
break
syslog_entry = SyslogEntry.from_line(line)
if syslog_entry:
self.handle_entry(syslog_entry)
else:
self.handle_error(line)
def _process_request(self, request):
"""Processing of the log entry. Later this will do more work"""
syslog_dict = {}
try:
logging.debug("INCOMING REQ: %s" % request)
syslog_entry = SyslogEntry.from_line(request)
syslog_dict = syslog_entry.__dict__
syslog_dict = get_severity_and_facility(syslog_dict)
except Exception as out:
logging.error(out)
logging.debug("Processing request...")
self.send_to_amqp(syslog_dict)
def _process_request(self, request):
"""Processing of the log entry. Later this will do more work"""
syslog_dict = {}
try:
logging.debug("INCOMING REQ: %s" % request)
syslog_entry = SyslogEntry.from_line(request)
syslog_dict = syslog_entry.__dict__
syslog_dict = get_severity_and_facility(syslog_dict)
except Exception as out:
logging.error(out)
logging.debug("Processing request...")
self.send_to_amqp(syslog_dict)
def create_test_entry(proto):
hostname = "test.example.com"
app_name = "app_name"
y = SyslogEntry(
prival=165,
timestamp=datetime.utcnow(),
hostname=hostname,
app_name=app_name,
procid=os.getpid(),
msgid='ID47',
structured_data=[
SDElement('exampleSDID@32473', [('iut', '3'),
('eventSource', 'Application'),
('eventID', '1011'),
('eventID', '1012')])
],
msg='An application event log entry through ' + proto + '...')
return y
def test_tcp_msg_handle(self):
"""A functional test that emits a syslog message to an
assumed-running bevis instance at localhost:6514.
"""
y = SyslogEntry( prival=165,
timestamp=datetime.datetime.utcnow(),
hostname='myhost',
app_name='my_app',
procid=os.getpid(),
msgid='ID42',
structured_data=[SDElement('exampleSDID@32473',
[('iut','3'),
('eventSource','Application'),
('eventID','1011'),
('eventID','1012')]
)],
msg='An application event log entry through TCP'
)
client = TCPSyslogEmitter(address=('127.0.0.1', 6514), octet_based_framing=False)
client.emit(y)
def handle_tls(self):
buf = ''
while True:
r = self.request.recv(1)
if not r:
break # EOF
if r != ' ':
buf += r
else:
try:
msg_len = int(buf)
except:
# Protocol error
return
buf = ''
for i in xrange(msg_len):
buf += self.request.recv(1)
syslog_entry = SyslogEntry.from_line(buf)
buf = ''
if syslog_entry is None:
self.handle_error(buf)
self.handle_entry(syslog_entry)
def handle_tls(self):
buf = ''
while True:
r = self.request.recv(1)
if not r:
break # EOF
if r != ' ':
buf += r
else:
try:
msg_len = int(buf)
except:
# Protocol error
return
buf = ''
for i in xrange(msg_len):
buf += self.request.recv(1)
syslog_entry = SyslogEntry.from_line(buf)
buf = ''
if syslog_entry is None:
self.handle_error(buf)
self.handle_entry(syslog_entry)
def log(self,
msg=None,
msgid=None,
structured_data=None,
prival=DEFAULT_PRIVAL,
timestamp=None):
"""
Log a message.
Example:
>>> logger.log("test", prival=LOG_DEBUG|LOG_MAIL)
**Arguments**
*msg*
Human readable message to log
*msgid*
Message identifier
*structured_data*
Structured data to attach to log message
*prival*
Priority and facility of message (defaults to INFO|USER)
*timestamp*
UTC time of log message (default to current time)
"""
if timestamp is None:
timestamp = datetime.utcnow()
msg = SyslogEntry(prival=prival,
timestamp=datetime.utcnow(),
hostname=self.hostname,
app_name=self.app_name,
procid=self.procid,
msgid=msgid,
structured_data=structured_data,
msg=msg)
self.emitter.emit(msg)
def test_details(self):
se = SyslogEntry.from_line(valids[0])
self.assertEqual(se.msg,
"""'su root' failed for lonvick on /dev/pts/8""")
self.assertEqual(se.timestamp.year, 2003)
self.assertEqual(se.hostname, 'mymachine.example.com')
self.assertEqual(se.msgid, 'ID47')
se = SyslogEntry.from_line(valids[3])
self.assertEqual(len(se.structured_data.elements), 2)
self.assertEqual(len(se.structured_data.elements[0].sd_params), 3)
self.assertEqual(len(se.structured_data.elements[1].sd_params), 1)
se = SyslogEntry.from_line(valids[4])
self.assertEqual(len(se.structured_data.elements), 1)
self.assertEqual(
len(list(se.structured_data.elements[0].sd_params.allitems())), 6)
self.assertEqual(
len(list(se.structured_data.elements[0].sd_params.getall("file"))),
2)
se = SyslogEntry.from_line(valids[5])
self.assertEqual(str(se), valids[5])
se = SyslogEntry(prival=165,
version=1,
timestamp=datetime(2003, 10, 11, 22, 14, 15, 3000),
hostname='mymachine.example.com',
app_name='evntslog',
procid=None,
msgid='ID47',
structured_data=StructuredData([
SDElement('exampleSDID@32473',
[('iut', '3'),
('eventSource', 'Application'),
('eventID', '1011')])
]),
msg=u'An application event log entry...')
self.assertEqual(str(se), valids[6])
se = SyslogEntry.from_line(valids[7])
self.assertEqual(se.timestamp.year, 2011)
def _message_read(self, data):
logger.debug("read %i bytes for message" % len(data))
r = syslog_msg.parseString(data)
message = SyslogEntry.parse(r)
logger.debug("parsed syslog message: %s" % message)
self.read_frame()
def test_class(self):
for v in valids:
se = SyslogEntry.from_line(v)
self.assertTrue(se is not None)
def test_float_timestamp(self):
se = SyslogEntry(timestamp=datetime(2003, 10, 11, 22, 14, 15, 3000))
self.assertEqual('<14>1 2003-10-11T22:14:15.003000Z - - - - -',
str(se))
se.timestamp_as_float = True
self.assertEqual('<14>1 1065910455.003 - - - - -', str(se))
