-
Notifications
You must be signed in to change notification settings - Fork 1
/
syslog.xml
84 lines (77 loc) · 2.59 KB
/
syslog.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V5.0//EN"
"http://www.oasis-open.org/docbook/xml/5.0b5/dtd/docbook.dtd" [
<!ENTITY article.author.xml SYSTEM "../common/article.author.xml">
<!ENTITY book.info.legalnotice.xml SYSTEM "../common/book.info.legalnotice.xml">
<!ENTITY book.info.abstract.xml SYSTEM "../common/book.info.abstract.xml">
]>
<article xml:base="http://netkiller.sourceforge.net/article/syslog.html"
xmlns="http://docbook.org/ns/docbook" xml:lang="zh-cn">
<articleinfo>
<title>Python Syslog Server</title>
<subtitle>http://netkiller.github.io/journal/syslog.html</subtitle>
&article.author.xml;
&book.info.legalnotice.xml;
<abstract>
<para>本程序用于收集,防火墙,路由器,交换机等日志</para>
</abstract>
&book.info.abstract.xml;
<keywordset>
<keyword>cisco, asa 5550, firewall</keyword>
<keyword>python</keyword>
<keyword>syslog, rsyslog, syslog-ng</keyword>
</keywordset>
</articleinfo>
<section>
<title>配置Cisco ASA 5550 Firewall</title>
<screen>
<![CDATA[
logging enable
logging timestamp
logging trap warnings
logging host inside 172.16.0.5
logging facility local0
]]>
</screen>
<para>172.16.0.5 改为你的syslog服务器地址</para>
</section>
<section>
<title>syslog 服务器脚本</title>
<para>*注意:python版本必须3.0以上</para>
<para>chmod 700 syslogd</para>
<para>./syslogd</para>
<screen>
<![CDATA[
#!/srv/python/bin/python3
# -*- encoding: utf-8 -*-
# Cisco ASA Firewall - Syslog Server by neo
# Author: neo<[email protected]>
import logging
import socketserver
import threading
LOG_FILE = '/var/log/asa5550.log'
logging.basicConfig(level=logging.INFO,
format='%(message)s',
datefmt='',
filename=LOG_FILE,
filemode='a')
class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip())
socket = self.request[1]
print( "%s : " % self.client_address[0], str(data))
logging.info(str(data))
# socket.sendto(data.upper(), self.client_address)
if __name__ == "__main__":
try:
HOST, PORT = "0.0.0.0", 514
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print ("Crtl+C Pressed. Shutting down.")
]]>
</screen>
</section>
</article>