def __init__(self, config_file): print('[*] Getting config...') self.conf = dict() self.get_conf(config_file) print('[+] Done!\n') # Check if CEF_Syslog is enabled if self.conf['cef_syslog_enable']: print '[+] Syslog Enabled' self.syslog = syslog.Syslog(self.conf['cef_syslog_server']) # Check if Telegram is enabled if self.conf['telegram_enable']: print '[+] Telegram Enabled' self.bot = telepot.Bot(self.conf['api']) # Check if Zabbix is enabled if self.conf['zabbix_enable']: print '[+] Zabbix Enabled' print print('[*] Getting rules...') self.get_file_rules() print('[+] Done!\n') self.rules = json.loads(open(self.conf['rules']).read()) # List of all senders, enabled or not self.senders = [ self.send_zabbix, self.send_cef_syslog, self.send_telegram ] print('[*] A.R.T.L.A.S Started!\n')
def __init__(self, config_file): print('[*] Getting config...') self.conf = dict() self.get_conf(config_file) print('[+] Done!\n') # Check if CEF_Syslog is enabled if self.conf['cef_syslog_enable']: print('[+] Syslog Enabled') self.syslog = syslog.Syslog(self.conf['cef_syslog_server']) # Check if Telegram is enabled if self.conf['telegram_enable']: print('[+] Telegram Enabled') self.bot = telepot.Bot(self.conf['api']) # Check if Slack is enabled if self.conf['slack_enable']: print('[+] Slack Enabled') # Check if Zabbix is enabled if self.conf['zabbix_enable']: print('[+] Zabbix Enabled') print('Notifications ', self.conf['notifications']) print('Advanced ', self.conf['zabbix_advantage_keys']) print() print('[*] Getting rules...') self.get_file_rules() print('[+] Done!\n') self.rules = json.loads(open(self.conf['rules']).read()) self.white_rules = open( self.conf['whitelist']).read().strip().split(',') # List of all senders, enabled or not self.senders = [ self.send_zabbix, self.send_cef_syslog, self.send_telegram, self.send_slack ] print('[*] A.R.T.L.A.S Started!\n')
def sendlog_message(message, clientip, fullrequest, typ): str_from_time_now = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") if "on" in settings.SYSLOG_ACTIVATE: #send to syslog log = syslog_client.Syslog(settings.SYSLOG_IP) log.send( str_from_time_now + " " + str(clientip) + " " + message + " " + fullrequest + "\r\n", syslog_client.Level.WARNING) if 'info' in typ: print bcolors.OKGREEN + str_from_time_now + " " + str( clientip) + " " + message + bcolors.ENDC if 'warn' in typ: print bcolors.FAIL + str_from_time_now + " " + str( clientip) + " " + message + bcolors.ENDC f = open(settings.LOGFILE, 'a') f.write(str_from_time_now + " " + str(clientip) + " " + message + "\r\n") f.close()
def render(self, grid: interfaces.renderers.TreeGrid) -> None: """Renders each row to syslog server. Args: grid: The TreeGrid object to render """ log = syslog_client.Syslog(self.host, self.port) outfd = sys.stdout #line = ['"TreeDepth"'] #for column in grid.columns: # # Ignore the type because namedtuples don't realize they have accessible attributes # line.append("{}".format('"' + column.name + '"')) #outfd.write("{}".format(",".join(line))) buffer = [] def visitor(node, accumulator): #accumulator.write("\n") # Nodes always have a path value, giving them a path_depth of at least 1, we use max just in case #accumulator.write(str(max(0, node.path_depth - 1)) + ",") # line = [] for column_index in range(len(grid.columns)): column = grid.columns[column_index] renderer = self._type_renderers.get( column.type, self._type_renderers['default']) # line.append(renderer(node.values[column_index])) buffer.append(renderer(node.values[column_index])) #accumulator.write("{} ".format(",".join(line))) return accumulator if not grid.populated: grid.populate(visitor, log) else: grid.visit(node=None, function=visitor, initial_accumulator=log) log.write("{}".format(",".join(buffer))) outfd.write("\n")
def process_event(helper, *args, **kwargs): """ # IMPORTANT # Do not remove the anchor macro:start and macro:end lines. # These lines are used to generate sample code. If they are # removed, the sample code will not be updated when configurations # are updated. [sample_code_macro:start] # The following example gets the alert action parameters and prints them to the log ata_server_ip = helper.get_param("ata_server_ip") helper.log_info("ata_server_ip={}".format(ata_server_ip)) ata_server_port = helper.get_param("ata_server_port") helper.log_info("ata_server_port={}".format(ata_server_port)) hostname = helper.get_param("hostname") helper.log_info("hostname={}".format(hostname)) # The following example adds two sample events ("hello", "world") # and writes them to Splunk # NOTE: Call helper.writeevents() only once after all events # have been added helper.addevent("hello", sourcetype="sample_sourcetype") helper.addevent("world", sourcetype="sample_sourcetype") helper.writeevents(index="summary", host="localhost", source="localhost") # The following example gets the events that trigger the alert events = helper.get_events() for event in events: helper.log_info("event={}".format(event)) # helper.settings is a dict that includes environment configuration # Example usage: helper.settings["server_uri"] helper.log_info("server_uri={}".format(helper.settings["server_uri"])) [sample_code_macro:end] """ helper.log_info( "Alert action microsoft_ata_syslog_alert_for_splunk started.") # The following example gets and sets the log level helper.set_log_level(helper.log_level) # The following example gets the alert action parameters and prints them to the log ata_server_ip = helper.get_param("ata_server_ip") #helper.log_info("ata_server_ip={}".format(ata_server_ip)) ata_server_port = helper.get_param("ata_server_port") #helper.log_info("ata_server_port={}".format(ata_server_port)) hostname = helper.get_param("hostname") # helper.log_info("hostname={}".format(hostname)) syslogClient = syslog_client.Syslog(host=str(ata_server_ip), port=int(ata_server_port)) syslogFields = OrderedDict() #get Search results searchResults = helper.get_events() for entry in searchResults: if hostname: header_host = str(hostname) else: header_host = entry.get('host') #time_zone = time.strftime('%z',gmtime(float(entry.get('_time')))) time_zone = "-000" base_time = datetime.datetime.fromtimestamp(float( entry.get('_time'))).strftime('%Y%m%d%H%M%S.%f') event_time = base_time + time_zone header = header_host + " " + event_time + "\r\n" syslogFields['Logfile'] = entry.get('LogName', "-") syslogFields['SourceName'] = entry.get('SourceName', "-") syslogFields['EventCode'] = entry.get('EventCode', "-") syslogFields['TimeGenerated'] = event_time syslogFields['Type'] = entry.get('Type', "-") syslogFields['ComputerName'] = entry.get('ComputerName', "-") syslogFields['TaskCategory'] = entry.get('TaskCategory', "-") syslogFields['OpCode'] = entry.get('OpCode', "-") syslogFields['RecordNumber'] = entry.get('RecordNumber', "-") syslogFields['Keywords'] = entry.get('Keywords', "-") syslogFields['Message'] = entry.get('Message', "-") toSend = header for k, v in syslogFields.items(): toSend = toSend + k + "=" + v + "\r\n" logs = syslogClient.send(str(toSend), syslog_client.Level.WARNING) helper.log_info(logs) return 0
import syslog_client log = syslog_client.Syslog(host="<your-test-host>", port=514) # some old simulation data from Wildfire msg1 = "<134>1 2018-03-11T08:02:22.00Z-04:00 10.0.1.20 - - - Mar 11 2018 08:02:22,Traps Agent,4.1.3.33176,Threat,Prevention Event,w10,W10\Demo,New prevention event. Prevention Key: cc9cc24e-06a9-4e72-905f-1e76df05e859,9,WildFire,wildfire-test-pe-file.exe,0a752ca47654a3e8ccd2babedecc6e7c7dbd52acbb0f0177e2efe8bf3678414c,36-2416,10.0.1.51,,Mar 11 2018 08:02:22," msg2 = "<134>1 2018-03-11T08:02:22.00Z-04:00 10.0.1.20 - - - Mar 11 2018 08:02:22,Traps Agent,4.1.3.33176,Threat,Prevention Event,w10,W10\Demo,New prevention event. Prevention Key: cc9cc24e-06a9-4e72-905f-1e76df05e859,9,WildFire,wildfire-test-pe-file1.exe,0a752ca47654a3e8ccd2babedecc6e7c7dbd52acbb0f0177e2efe8bf3678414c,36-2416,10.0.1.54,,Mar 11 2018 08:02:22," msg3 = "<134>1 2018-03-11T08:02:22.00Z-04:00 10.0.1.20 - - - Mar 11 2018 08:02:22,Traps Agent,4.1.3.33176,Threat,Prevention Event,w10,W10\Demo,New prevention event. Prevention Key: cc9cc24e-06a9-4e72-905f-1e76df05e859,9,WildFire,wildfire-test-pe-file2.exe,0a752ca47654a3e8ccd2babedecc6e7c7dbd52acbb0f0177e2efe8bf3678414c,36-2416,10.0.1.58,,Mar 11 2018 08:02:22," msgs = [msg1, msg2, msg3] for _msg in msgs: log.send(_msg, syslog_client.Level.WARNING)
:return: """ if not request.json: log.error('received non-json data') abort(400) log.debug(request.json) handle_alert(request.json) return 'OK' @app.route("/health", methods=['GET']) def health(): """ health check endpoint for external service to monitor :return: """ return 'OK' if __name__ == "__main__": log = init_logger() sclient = syslog_client.Syslog(host=SYSLOG_HOST) # read user's config to get desired alert targets setup_alert_targets() log.info('Starting server') http_server = HTTPServer(WSGIContainer(app)) http_server.listen(BIND_PORT) IOLoop.instance().start()
def output_graylog(msg): graylog = syslog_client.Syslog("127.0.0.1") graylog.send(json.dumps(msg), syslog_client.Level.INFO)
import syslog_client from random import randint log = syslog_client.Syslog("202.55.91.162") log.facility = syslog_client.Facility.SYSLOG log.port = 10514 longstr1000 = "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" log.send("this is short syslog", 1) log.send("this is short syslog", 1) for x in range(0, 20): log.send("Uji coba kirim syslog " + str(x), randint(0, 8)) # log.send ( longstr1000+longstr1000+longstr1000+longstr1000, randint(0,8) ) print(x) print('long syslog now') log.send("this is now long syslog 1000", 1) log.send("AAA " + longstr1000, randint(0, 8)) log.send("this is now long syslog 2000", 1) log.send("FFF " + longstr1000 + longstr1000, randint(0, 8)) log.send("this is now long syslog 3000", 1) log.send("ZZZZ " + longstr1000 + longstr1000 + longstr1000, randint(0, 8)) #for x in range(0,20): # log.send ("Uji coba kirim syslog "+str(x), randint(0,8) ) # log.send ( longstr1000, randint(0,8) )
import syslog_client if __name__ == "__main__": print("Start testing syslog") log = syslog_client.Syslog() log.send("Ciao mondo", syslog_client.Level.WARNING) print("Stopping test syslog")
import syslog_client log_level_text = ["WARNING", "NOTICE", "ERROR"] log_message = input("Enter the message you want to send to the server: ") log_level_choice = int( input( "Enter the log level you want to test, 0 - warning, 1 - notification, or 2 - error: " )) log_level = log_level_text[log_level_choice] print(log_level) log = syslog_client.Syslog('10.2.1.4') log.send(log_message, syslog_client.Level.log_level)