def sendsyslog(teks):
SERVER = "34.101.221.107"
PORT = 21212
print("Sending to SYSLOG " + SERVER + ":" + str(PORT) + "....")
client = pysyslogclient.SyslogClientRFC5424(SERVER, PORT, proto="TCP")
client.maxMessageLength = 6000
# need to add error handling here - can not find a way how to error handling this module :(
client.log(teks,
facility=pysyslogclient.FAC_SYSTEM,
severity=pysyslogclient.SEV_EMERGENCY,
program="Logger",
pid=1)
client.close()
def __init__(self, AnalyseBaseObj):
super().__init__(AnalyseBaseObj)
self.PluginInit()
try:
TargetUrl = urllib.parse.urlparse(self._SettingItems.get('DefaultSyslogServerUrl', ""))
TargetProtocol = TargetUrl.scheme
TargetHost, TargetPort = urllib.parse.splitnport(TargetUrl.netloc, 0)
TargetProtocol = 'udp' if TargetProtocol not in {'tcp', 'udp'} else TargetProtocol
self.__SyslogClient = pysyslogclient.SyslogClientRFC5424(TargetHost, TargetPort, proto=TargetProtocol)
if self._SettingItems.get('LocalLog', False):
self._PluginLogger.info("Syslog sender started.")
except Exception as e:
raise e
sentdata['msisdn'] = str(msisdn)
try:
logging.info("POST : "+str(sentdata))
response = client.post(targetserver,json=sentdata)
print(response.text)
logging.info("SERVER: "+response.http_version+" "+str(response.status_code)+" - "+response.text)
except:
print("Can not reach "+targetserver)
logging.info("SERVER ERROR - Can not reach/post server !")
exit()
logging.info('Client2Nef App ended')
exit()
# no need syslog for this test
print("Sending to SYSLOG "+SERVER+":"+str(PORT)+"....")
client = pysyslogclient.SyslogClientRFC5424(SERVER, PORT, proto="TCP")
client.maxMessageLength = 6000
# need to add error handling here - can not find a way how to error handling this module :(
client.log(response.text,
facility=pysyslogclient.FAC_SYSTEM,
severity=pysyslogclient.SEV_EMERGENCY,
program="Logger",
pid=1)
client.close()
parser.add_argument('--host', type=str, help='destination host address')
parser.add_argument('--port', type=int, help='destination port')
parser.add_argument('--proto', type=str, help='Syslog protocol; UDP or TCP')
parser.add_argument('--number',
type=int,
help='Number of Syslog messages to be send')
args = parser.parse_args()
def get_mock_message(index):
c = CEFEvent()
c.set_field('name', 'Mock Event Name')
c.set_field('deviceVendor', 'MCPforLife')
c.set_field('deviceProduct', 'cefevent')
c.set_field('dvchost', 'www.mcpforlife.com')
message = "This is a test event (Answer=" + str(index) + ")"
c.set_field('message', message)
c.set_field('sourceAddress', '192.168.67.1')
c.set_field('sourcePort', 12345)
return c.build_cef()
client = pysyslogclient.SyslogClientRFC5424(args.host,
args.port,
proto=args.proto)
for index in range(0, args.number):
mymessage = get_mock_message(index)
client.log(message=mymessage, program="")
client.close()
def syslogclient(host, port, prot, count, message):
client = pysyslogclient.SyslogClientRFC5424(host, port, proto=prot)
for i in range(int(count)):
client.log(message)
print(f"sendcount:{str(i+1)}")
def RuleHit(self, InputData, InputRule, HitItem):
'数据分析方法接口,接收被分析的dict()类型数据和命中的规则作为参考数据,返回值定义同SingleRuleTest()函数'
# 该方法是唯一一个由分析引擎直接调用的方法。
repostOption = InputRule.get("Repost", 0)
if repostOption == 1: # JSON全文转发
LogContent = json.dumps(InputData)
elif repostOption == 2: # XML全文转发
def dict2xml(InputData, RootName):
from xml.dom.minidom import Document
import copy
if type(InputData) != dict:
raise TypeError("Invalid InputData type, expecting dict")
def build(father, structure):
if type(structure) == dict:
for k in structure:
tag = doc.createElement(str(k))
father.appendChild(tag)
build(tag, structure[k])
elif type(structure) == list:
grandFather = father.parentNode
tagName = father.tagName
grandFather.removeChild(father)
for l in structure:
tag = doc.createElement(tagName)
build(tag, l)
grandFather.appendChild(tag)
else:
father.appendChild(doc.createTextNode(str(structure)))
doc = Document()
root = doc.createElement(RootName)
doc.appendChild(root)
build(root, InputData)
return doc.toprettyxml()
LogContent = dict2xml(InputData, InputData['DataType'])
else:
LogContent =self.ReplaceSpaceHolder(InputData, InputRule.get('LogContent', ""))
Facility =int(self._SettingItems.get("Facility", 23))
LogPriority = int(InputRule.get("LogPriority", self._SettingItems.get("LogPriority", 7)))
SyslogServerUrl = InputRule.get('SyslogServerUrl', self._SettingItems.get("DefaultSyslogServerUrl", ""))
if SyslogServerUrl:
TargetUrl = urllib.parse.urlparse(SyslogServerUrl)
TargetProtocol = TargetUrl.scheme
TargetHost, TargetPort = urllib.parse.splitnport(TargetUrl.netloc, 0)
if TargetProtocol and TargetHost and TargetPort:
TargetProtocol = TargetProtocol.lower()
if TargetProtocol not in {'tcp', 'udp'}:
TargetProtocol = 'udp'
pysyslogclient.SyslogClientRFC5424(
server=TargetHost,
port=TargetPort,
proto=TargetProtocol
).log(
message=LogContent,
facility=Facility,
severity=LogPriority
)
else:
self.__SyslogClient.log(LogContent, Facility, LogPriority)
else:
self.__SyslogClient.log(LogContent, Facility, LogPriority)
if self._SettingItems.get('LocalLog'):
self._PluginLogger.info(LogContent)
return super().DataPreProcess(InputData, InputRule, HitItem)