Python 兑现 Syslog 用于收集Cisco ASA Firewall 日志
Python 实现 Syslog 用于收集Cisco ASA Firewall 日志<br />
Python Syslog Server
Neo Chen (netkiller)
<>
版权 2011, 2012
摘要
本程序用于收集,防火墙,路由器,交换机等日志
下面是我多年积累下来的经验总结,整理成文档供大家参考:
| Netkiller Architect 手札 | Netkiller Linux 手札 | Netkiller Developer 手札 | Netkiller Database 手札 |
| Netkiller Debian 手札 | Netkiller CentOS 手札 | Netkiller FreeBSD 手札 | Netkiller Shell 手札 |
| Netkiller Web 手札 | Netkiller Monitoring 手札 | Netkiller Storage 手札 | Netkiller Mail 手札 |
| Netkiller Security 手札 | Netkiller MySQL 手札 | Netkiller LDAP 手札 | Netkiller Version 手札 |
| Netkiller Cryptography 手札 | Netkiller Intranet 手札 | Netkiller Cisco IOS 手札 | Netkiller Writer 手札 |
| Netkiller Studio Linux 手札 |
目录
1. 配置Cisco ASA 5550 Firewall
logging enable logging timestamp logging trap warnings logging host inside 172.16.0.5 logging facility local0
172.16.0.5 改为你的syslog服务器地址
2. syslog 服务器脚本
*注意:python版本必须3.0以上
chmod 700 syslogd
./syslogd
#!/srv/python/bin/python3 # -*- encoding: utf-8 -*- # Cisco ASA Firewall - Syslog Server by neo # Author: neo<> import logging import socketserver import threading LOG_FILE = '/var/log/asa5550.log' logging.basicConfig(level=logging.INFO, format='%(message)s', datefmt='', filename=LOG_FILE, filemode='a') class SyslogUDPHandler(socketserver.BaseRequestHandler): def handle(self): data = bytes.decode(self.request[0].strip()) socket = self.request[1] print( "%s : " % self.client_address[0], str(data)) logging.info(str(data)) # socket.sendto(data.upper(), self.client_address) if __name__ == "__main__": try: HOST, PORT = "0.0.0.0", 514 server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler) server.serve_forever(poll_interval=0.5) except (IOError, SystemExit): raise except KeyboardInterrupt: print ("Crtl+C Pressed. Shutting down.")
犬走椛丶天羽
10 years, 11 months ago
