def test_remove_host(sendto, gethostname, localtime, sys_args):
"""Check host can be removed from list of those receiving messages"""
hostname = "localhost"
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.remove_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
assert sendto.call_count == 0
def test_remove_host(self):
"""Check host can be removed from list of those receiving messages"""
hostname = "localhost"
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.remove_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
self.mock_sock.verify()
def test_pid_not_included_by_default(sendto, gethostname, localtime, sys_args):
"""Check the program's pid is not included by default"""
packet = "<165>%s myhost program: hello" % DEFAULT_TIMESTAMP
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
sendto.assert_called_once_with(bytes(packet, encoding='ascii'), address)
def test_include_pid(self):
"""Check the program's pid can be included in a log message"""
packet = "<165>%s myhost program[1234]: hello" % DEFAULT_TIMESTAMP
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
self.mock_sock.expects(once()).sendto(eq(packet), eq(address))
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello", pid=True)
self.mock_sock.verify()
def test_pid_not_included_by_default(self):
"""Check the program's pid is not included by default"""
packet = "<165>%s myhost program: hello" % DEFAULT_TIMESTAMP
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
self.mock_sock.expects(once()).sendto(eq(packet), eq(address))
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
self.mock_sock.verify()
def test_include_pid_logger_test(sendto, gethostname, localtime, sys_args,
get_pid):
"""Check the program's pid can be included in a log message"""
packet = "<165>%s myhost program[1234]: hello" % DEFAULT_TIMESTAMP
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello", pid=True)
sendto.assert_called_once_with(bytes(packet, encoding='ascii'), address)
def test_send_message(sendto, gethostname, localtime, sys_args):
"""Check we can send a message via UDP"""
logger = netsyslog.Logger()
packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG)
hostname = "localhost"
address_1 = (hostname, netsyslog.Logger.PORT)
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
sendto.assert_called_once_with(bytes(str(packet), encoding='ascii'),
address_1)
def test_send_packets_by_hand(self):
"""Check we can send a hand crafted log packet"""
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
packet_text = "<165>Jan 1 10:00:00 myhost myprog: hello"
self.mock_sock.expects(once()).sendto(eq(packet_text), eq(address))
pri = netsyslog.PriPart(syslog.LOG_LOCAL4, syslog.LOG_NOTICE)
header = netsyslog.HeaderPart("Jan 1 10:00:00", "myhost")
msg = netsyslog.MsgPart("myprog", "hello")
packet = netsyslog.Packet(pri, header, msg)
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.send_packet(packet)
self.mock_sock.verify()
def test_send_packets_by_hand(sendto):
"""Check we can send a hand crafted log packet"""
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
packet_text = "<165>Jan 1 10:00:00 myhost myprog: hello"
pri = netsyslog.PriPart(syslog.LOG_LOCAL4, syslog.LOG_NOTICE)
header = netsyslog.HeaderPart("Jan 1 10:00:00", "myhost")
msg = netsyslog.MsgPart("myprog", "hello")
packet = netsyslog.Packet(pri, header, msg)
logger = netsyslog.Logger()
logger.add_host(hostname)
logger.send_packet(packet)
sendto.assert_called_once_with(bytes(packet_text, encoding='ascii'),
address)
def writeLog(attributes):
i = 0
buf = ""
for attr in attributes:
if i > 0:
buf += ","
buf += attr
i += 1
if syslogServer != "":
logger = netsyslog.Logger()
logger.add_host(syslogServer)
# Bug in netsyslog?
buf = ": " + buf
logger.log(syslog.LOG_USER, syslog.LOG_NOTICE, buf, pid=True)
else:
print buf
def test_send_message(self):
"""Check we can send a message via UDP"""
logger = netsyslog.Logger()
packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG)
hostname = "localhost"
address = (hostname, netsyslog.Logger.PORT)
self.mock_sock.expects(once()).sendto(eq(str(packet)), eq(address))
logger.add_host(hostname)
hostname = "remotehost"
address = (hostname, netsyslog.Logger.PORT)
self.mock_sock.expects(once()).sendto(eq(str(packet)), eq(address))
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
self.mock_sock.verify()
class SyslogUDPHandler(socketserver.BaseRequestHandler):
count = 0
nslogger = netsyslog.Logger()
nslogger.add_host(DST_HOST)
def handle(self):
data = bytes.decode(self.request[0].strip())
#socket = self.request[1]
#print( "%s : " % self.client_address[0], str(data))
#logging.info(str(data))
SyslogUDPHandler.nslogger.log(syslog.LOG_USER,
syslog.LOG_INFO,
str(data),
pid=False)
SyslogUDPHandler.count = SyslogUDPHandler.count + 1
def test_send_message_to_multiple(sendto, gethostname, localtime, sys_args):
logger = netsyslog.Logger()
packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG)
hostname = "localhost"
address_1 = (hostname, netsyslog.Logger.PORT)
logger.add_host(hostname)
hostname = "remotehost"
address_2 = (hostname, netsyslog.Logger.PORT)
logger.add_host(hostname)
logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello")
assert sendto.call_count == 2
sendto.assert_has_calls(
(mock.call(bytes(str(packet), encoding='ascii'), address_1),
mock.call(bytes(str(packet), encoding='ascii'), address_2)),
any_order=True)
help='send syslog count',
default=1000,
type=int)
parser.add_argument('--interval',
help='send syslog interval',
default=0.001,
type=float)
args = parser.parse_args()
if args.host:
HOST = args.host
if args.count:
COUNT = args.count
if args.interval:
INTERVAL = args.interval
logger = netsyslog.Logger()
logger.add_host(HOST)
start = time.time()
for i in range(0, COUNT):
time.sleep(INTERVAL)
msg = "Hey, it works " + str(i)
logger.log(syslog.LOG_USER, syslog.LOG_NOTICE, msg, pid=True)
elapsed_time = time.time() - start
print("elapsed_time:{0}".format(elapsed_time) + "[sec]")
'LaunchOnlyOnce',
'Sockets',
'OSAXHandlers',
'LSEnvironment',
'CFBundleVersion',
]
config['plist_check_keys_hash'] = ['Program', 'ProgramArguments']
config['firewall_keys'] = [
'allowsignedenabled',
'firewallunload',
'globalstate',
'loggingenabled',
'previousonstate',
'stealthenabled',
'version',
]
# AlienVault configuration
import netsyslog
config['alienvault_instance'] = ""
config['netsyslogger'] = netsyslog.Logger()
config['netsyslogger'].add_host(config['alienvault_instance'])
# Set this to False to use ./midas/log/*.log
config['use_netsyslogger'] = True
# Maintain backwards compatibility
Config = config
def send_syslog():
global src
loggers = netsyslog.Logger()
loggers.add_host("192.168.1.175")
loggers.log(syslog.LOG_USER, syslog.LOG_NOTICE, "Alert! Attack from %s" % src)
def StartLogging():
global messages, args
smoothEPS = args.eps
maxTime = 1
# We need to smooth out the EPS, if we chuck all the logs as fast as we
# can, we end up filling up the buffers and packets get dropped. So we
# limit the output
if args.eps > 100:
smoothEPS = args.eps / 100
maxTime = 0.01
logger = netsyslog.Logger()
for server in args.server:
if ':' in server:
host, port = server.split(":")
if host:
print "Adding host: " + host
logger.add_host(host)
if port:
print "Adding port: " + port
logger.PORT = int(port)
else:
logger.add_host(server)
for server in _SERVERS:
host = server
port = 514
if ":" in server:
host, port = server.split(":")
if host:
print "Adding host: " + host
logger.add_host(host)
if port:
print "Adding port: " + str(port)
logger.PORT = int(port)
else:
logger.add_host(server)
packetsSent = 0
eps_time_start = time.time()
facility = SyslogFacility(args.facility)
priority = SyslogPriority(args.priority)
while 1:
smooth_time_start = time.time()
messages_sent = 0
for x in range(0, smoothEPS):
messages_sent +=1
message = messages[random.randrange(0, len(messages))]
pri = netsyslog.PriPart(facility, priority)
header = netsyslog.HeaderPart(message["Date"], message["Host"])
msg = netsyslog.MsgPart(tag="", content=message["Msg"])
packet = netsyslog.Packet(pri, header, msg)
logger.send_packet(packet)
time_taken = time.time() - smooth_time_start
if time_taken < maxTime:
time.sleep(maxTime - time_taken)
time_taken = time.time() - eps_time_start
if time_taken > 1:
if _EPS > 100:
print "Current EPS=" + str(messages_sent * 100)
else:
print "Current EPS=" + str(messages_sent)
eps_time_start = time.time()
packetsSent += messages_sent
if args.once and packetsSent > args.eps:
break
