def test_remove_host(sendto, gethostname, localtime, sys_args): """Check host can be removed from list of those receiving messages""" hostname = "localhost" logger = netsyslog.Logger() logger.add_host(hostname) logger.remove_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") assert sendto.call_count == 0
def test_remove_host(self): """Check host can be removed from list of those receiving messages""" hostname = "localhost" logger = netsyslog.Logger() logger.add_host(hostname) logger.remove_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") self.mock_sock.verify()
def test_pid_not_included_by_default(sendto, gethostname, localtime, sys_args): """Check the program's pid is not included by default""" packet = "<165>%s myhost program: hello" % DEFAULT_TIMESTAMP hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) logger = netsyslog.Logger() logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") sendto.assert_called_once_with(bytes(packet, encoding='ascii'), address)
def test_include_pid(self): """Check the program's pid can be included in a log message""" packet = "<165>%s myhost program[1234]: hello" % DEFAULT_TIMESTAMP hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) self.mock_sock.expects(once()).sendto(eq(packet), eq(address)) logger = netsyslog.Logger() logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello", pid=True) self.mock_sock.verify()
def test_pid_not_included_by_default(self): """Check the program's pid is not included by default""" packet = "<165>%s myhost program: hello" % DEFAULT_TIMESTAMP hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) self.mock_sock.expects(once()).sendto(eq(packet), eq(address)) logger = netsyslog.Logger() logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") self.mock_sock.verify()
def test_include_pid_logger_test(sendto, gethostname, localtime, sys_args, get_pid): """Check the program's pid can be included in a log message""" packet = "<165>%s myhost program[1234]: hello" % DEFAULT_TIMESTAMP hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) logger = netsyslog.Logger() logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello", pid=True) sendto.assert_called_once_with(bytes(packet, encoding='ascii'), address)
def test_send_message(sendto, gethostname, localtime, sys_args): """Check we can send a message via UDP""" logger = netsyslog.Logger() packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG) hostname = "localhost" address_1 = (hostname, netsyslog.Logger.PORT) logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") sendto.assert_called_once_with(bytes(str(packet), encoding='ascii'), address_1)
def test_send_packets_by_hand(self): """Check we can send a hand crafted log packet""" hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) packet_text = "<165>Jan 1 10:00:00 myhost myprog: hello" self.mock_sock.expects(once()).sendto(eq(packet_text), eq(address)) pri = netsyslog.PriPart(syslog.LOG_LOCAL4, syslog.LOG_NOTICE) header = netsyslog.HeaderPart("Jan 1 10:00:00", "myhost") msg = netsyslog.MsgPart("myprog", "hello") packet = netsyslog.Packet(pri, header, msg) logger = netsyslog.Logger() logger.add_host(hostname) logger.send_packet(packet) self.mock_sock.verify()
def test_send_packets_by_hand(sendto): """Check we can send a hand crafted log packet""" hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) packet_text = "<165>Jan 1 10:00:00 myhost myprog: hello" pri = netsyslog.PriPart(syslog.LOG_LOCAL4, syslog.LOG_NOTICE) header = netsyslog.HeaderPart("Jan 1 10:00:00", "myhost") msg = netsyslog.MsgPart("myprog", "hello") packet = netsyslog.Packet(pri, header, msg) logger = netsyslog.Logger() logger.add_host(hostname) logger.send_packet(packet) sendto.assert_called_once_with(bytes(packet_text, encoding='ascii'), address)
def writeLog(attributes): i = 0 buf = "" for attr in attributes: if i > 0: buf += "," buf += attr i += 1 if syslogServer != "": logger = netsyslog.Logger() logger.add_host(syslogServer) # Bug in netsyslog? buf = ": " + buf logger.log(syslog.LOG_USER, syslog.LOG_NOTICE, buf, pid=True) else: print buf
def test_send_message(self): """Check we can send a message via UDP""" logger = netsyslog.Logger() packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG) hostname = "localhost" address = (hostname, netsyslog.Logger.PORT) self.mock_sock.expects(once()).sendto(eq(str(packet)), eq(address)) logger.add_host(hostname) hostname = "remotehost" address = (hostname, netsyslog.Logger.PORT) self.mock_sock.expects(once()).sendto(eq(str(packet)), eq(address)) logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") self.mock_sock.verify()
class SyslogUDPHandler(socketserver.BaseRequestHandler): count = 0 nslogger = netsyslog.Logger() nslogger.add_host(DST_HOST) def handle(self): data = bytes.decode(self.request[0].strip()) #socket = self.request[1] #print( "%s : " % self.client_address[0], str(data)) #logging.info(str(data)) SyslogUDPHandler.nslogger.log(syslog.LOG_USER, syslog.LOG_INFO, str(data), pid=False) SyslogUDPHandler.count = SyslogUDPHandler.count + 1
def test_send_message_to_multiple(sendto, gethostname, localtime, sys_args): logger = netsyslog.Logger() packet = netsyslog.Packet(DEFAULT_PRI, DEFAULT_HEADER, DEFAULT_MSG) hostname = "localhost" address_1 = (hostname, netsyslog.Logger.PORT) logger.add_host(hostname) hostname = "remotehost" address_2 = (hostname, netsyslog.Logger.PORT) logger.add_host(hostname) logger.log(syslog.LOG_LOCAL4, syslog.LOG_NOTICE, "hello") assert sendto.call_count == 2 sendto.assert_has_calls( (mock.call(bytes(str(packet), encoding='ascii'), address_1), mock.call(bytes(str(packet), encoding='ascii'), address_2)), any_order=True)
help='send syslog count', default=1000, type=int) parser.add_argument('--interval', help='send syslog interval', default=0.001, type=float) args = parser.parse_args() if args.host: HOST = args.host if args.count: COUNT = args.count if args.interval: INTERVAL = args.interval logger = netsyslog.Logger() logger.add_host(HOST) start = time.time() for i in range(0, COUNT): time.sleep(INTERVAL) msg = "Hey, it works " + str(i) logger.log(syslog.LOG_USER, syslog.LOG_NOTICE, msg, pid=True) elapsed_time = time.time() - start print("elapsed_time:{0}".format(elapsed_time) + "[sec]")
'LaunchOnlyOnce', 'Sockets', 'OSAXHandlers', 'LSEnvironment', 'CFBundleVersion', ] config['plist_check_keys_hash'] = ['Program', 'ProgramArguments'] config['firewall_keys'] = [ 'allowsignedenabled', 'firewallunload', 'globalstate', 'loggingenabled', 'previousonstate', 'stealthenabled', 'version', ] # AlienVault configuration import netsyslog config['alienvault_instance'] = "" config['netsyslogger'] = netsyslog.Logger() config['netsyslogger'].add_host(config['alienvault_instance']) # Set this to False to use ./midas/log/*.log config['use_netsyslogger'] = True # Maintain backwards compatibility Config = config
def send_syslog(): global src loggers = netsyslog.Logger() loggers.add_host("192.168.1.175") loggers.log(syslog.LOG_USER, syslog.LOG_NOTICE, "Alert! Attack from %s" % src)
def StartLogging(): global messages, args smoothEPS = args.eps maxTime = 1 # We need to smooth out the EPS, if we chuck all the logs as fast as we # can, we end up filling up the buffers and packets get dropped. So we # limit the output if args.eps > 100: smoothEPS = args.eps / 100 maxTime = 0.01 logger = netsyslog.Logger() for server in args.server: if ':' in server: host, port = server.split(":") if host: print "Adding host: " + host logger.add_host(host) if port: print "Adding port: " + port logger.PORT = int(port) else: logger.add_host(server) for server in _SERVERS: host = server port = 514 if ":" in server: host, port = server.split(":") if host: print "Adding host: " + host logger.add_host(host) if port: print "Adding port: " + str(port) logger.PORT = int(port) else: logger.add_host(server) packetsSent = 0 eps_time_start = time.time() facility = SyslogFacility(args.facility) priority = SyslogPriority(args.priority) while 1: smooth_time_start = time.time() messages_sent = 0 for x in range(0, smoothEPS): messages_sent +=1 message = messages[random.randrange(0, len(messages))] pri = netsyslog.PriPart(facility, priority) header = netsyslog.HeaderPart(message["Date"], message["Host"]) msg = netsyslog.MsgPart(tag="", content=message["Msg"]) packet = netsyslog.Packet(pri, header, msg) logger.send_packet(packet) time_taken = time.time() - smooth_time_start if time_taken < maxTime: time.sleep(maxTime - time_taken) time_taken = time.time() - eps_time_start if time_taken > 1: if _EPS > 100: print "Current EPS=" + str(messages_sent * 100) else: print "Current EPS=" + str(messages_sent) eps_time_start = time.time() packetsSent += messages_sent if args.once and packetsSent > args.eps: break