def run(self): if not self.runable: print 'Process not runable, returning' return False # Drop privileges os.setgroups([]) os.setgid(self.gid) os.setuid(self.uid) ppid = os.getppid() while True: try: line = self.work_queue.get(timeout=0.5) if not line: 'Parent process is asking us to exit' return True line = line.decode('utf-8').encode('ASCII', 'ignore') except KeyboardInterrupt: return False except UnicodeDecodeError: print 'Unicode Error, skipping entry' continue except QueueEmpty: if os.getppid() != ppid: return False continue try: entry = SyslogEntry.from_line(line) except pyparsing.exceptions.Exception: continue self.process_entry(entry)
def handle(self): if self.server.use_tls: return self.handle_tls() while True: line = self.connection.readline() if not line: break syslog_entry = SyslogEntry.from_line(line) if syslog_entry: self.handle_entry(syslog_entry) else: self.handle_error(line)
def _process_request(self, request): """Processing of the log entry. Later this will do more work""" syslog_dict = {} try: logging.debug("INCOMING REQ: %s" % request) syslog_entry = SyslogEntry.from_line(request) syslog_dict = syslog_entry.__dict__ syslog_dict = get_severity_and_facility(syslog_dict) except Exception as out: logging.error(out) logging.debug("Processing request...") self.send_to_amqp(syslog_dict)
def create_test_entry(proto): hostname = "test.example.com" app_name = "app_name" y = SyslogEntry( prival=165, timestamp=datetime.utcnow(), hostname=hostname, app_name=app_name, procid=os.getpid(), msgid='ID47', structured_data=[ SDElement('exampleSDID@32473', [('iut', '3'), ('eventSource', 'Application'), ('eventID', '1011'), ('eventID', '1012')]) ], msg='An application event log entry through ' + proto + '...') return y
def test_tcp_msg_handle(self): """A functional test that emits a syslog message to an assumed-running bevis instance at localhost:6514. """ y = SyslogEntry( prival=165, timestamp=datetime.datetime.utcnow(), hostname='myhost', app_name='my_app', procid=os.getpid(), msgid='ID42', structured_data=[SDElement('exampleSDID@32473', [('iut','3'), ('eventSource','Application'), ('eventID','1011'), ('eventID','1012')] )], msg='An application event log entry through TCP' ) client = TCPSyslogEmitter(address=('127.0.0.1', 6514), octet_based_framing=False) client.emit(y)
def handle_tls(self): buf = '' while True: r = self.request.recv(1) if not r: break # EOF if r != ' ': buf += r else: try: msg_len = int(buf) except: # Protocol error return buf = '' for i in xrange(msg_len): buf += self.request.recv(1) syslog_entry = SyslogEntry.from_line(buf) buf = '' if syslog_entry is None: self.handle_error(buf) self.handle_entry(syslog_entry)
def log(self, msg=None, msgid=None, structured_data=None, prival=DEFAULT_PRIVAL, timestamp=None): """ Log a message. Example: >>> logger.log("test", prival=LOG_DEBUG|LOG_MAIL) **Arguments** *msg* Human readable message to log *msgid* Message identifier *structured_data* Structured data to attach to log message *prival* Priority and facility of message (defaults to INFO|USER) *timestamp* UTC time of log message (default to current time) """ if timestamp is None: timestamp = datetime.utcnow() msg = SyslogEntry(prival=prival, timestamp=datetime.utcnow(), hostname=self.hostname, app_name=self.app_name, procid=self.procid, msgid=msgid, structured_data=structured_data, msg=msg) self.emitter.emit(msg)
def test_details(self): se = SyslogEntry.from_line(valids[0]) self.assertEqual(se.msg, """'su root' failed for lonvick on /dev/pts/8""") self.assertEqual(se.timestamp.year, 2003) self.assertEqual(se.hostname, 'mymachine.example.com') self.assertEqual(se.msgid, 'ID47') se = SyslogEntry.from_line(valids[3]) self.assertEqual(len(se.structured_data.elements), 2) self.assertEqual(len(se.structured_data.elements[0].sd_params), 3) self.assertEqual(len(se.structured_data.elements[1].sd_params), 1) se = SyslogEntry.from_line(valids[4]) self.assertEqual(len(se.structured_data.elements), 1) self.assertEqual( len(list(se.structured_data.elements[0].sd_params.allitems())), 6) self.assertEqual( len(list(se.structured_data.elements[0].sd_params.getall("file"))), 2) se = SyslogEntry.from_line(valids[5]) self.assertEqual(str(se), valids[5]) se = SyslogEntry(prival=165, version=1, timestamp=datetime(2003, 10, 11, 22, 14, 15, 3000), hostname='mymachine.example.com', app_name='evntslog', procid=None, msgid='ID47', structured_data=StructuredData([ SDElement('exampleSDID@32473', [('iut', '3'), ('eventSource', 'Application'), ('eventID', '1011')]) ]), msg=u'An application event log entry...') self.assertEqual(str(se), valids[6]) se = SyslogEntry.from_line(valids[7]) self.assertEqual(se.timestamp.year, 2011)
def _message_read(self, data): logger.debug("read %i bytes for message" % len(data)) r = syslog_msg.parseString(data) message = SyslogEntry.parse(r) logger.debug("parsed syslog message: %s" % message) self.read_frame()
def test_class(self): for v in valids: se = SyslogEntry.from_line(v) self.assertTrue(se is not None)
def test_float_timestamp(self): se = SyslogEntry(timestamp=datetime(2003, 10, 11, 22, 14, 15, 3000)) self.assertEqual('<14>1 2003-10-11T22:14:15.003000Z - - - - -', str(se)) se.timestamp_as_float = True self.assertEqual('<14>1 1065910455.003 - - - - -', str(se))