Python 实现 Syslog 用于收集Cisco ASA Firewall 日志
Python Syslog Server
Neo Chen (netkiller)
<openunix@163.com>
版权 © 2011, 2012 http://netkiller.github.com
摘要
本程序用于收集,防火墙,路由器,交换机等日志
下面是我多年积累下来的经验总结,整理成文档供大家参考:
Netkiller Architect 手札
Netkiller Linux 手札
Netkiller Developer 手札
Netkiller Database 手札
Netkiller Debian 手札
Netkiller CentOS 手札
Netkiller FreeBSD 手札
Netkiller Shell 手札
Netkiller Web 手札
Netkiller Monitoring 手札
Netkiller Storage 手札
Netkiller Mail 手札
Netkiller Security 手札
Netkiller MySQL 手札
Netkiller LDAP 手札
Netkiller Version 手札
Netkiller Cryptography 手札
Netkiller Intranet 手札
Netkiller Cisco IOS 手札
Netkiller Writer 手札
Netkiller Studio Linux 手札
目录
1. 配置Cisco ASA 5550 Firewall
2. syslog 服务器脚本
1. 配置Cisco ASA 5550 Firewall
logging enable
logging timestamp
logging trap warnings
logging host inside 172.16.0.5
logging facility local0
172.16.0.5 改为你的syslog服务器地址
2. syslog 服务器脚本
*注意:python版本必须3.0以上
chmod 700 syslogd
./syslogd
#!/srv/python/bin/python3
# -*- encoding: utf-8 -*-
# Cisco ASA Firewall - Syslog Server by neo
# Author: neo<openunix@163.com>
import logging
import socketserver
import threading
LOG_FILE = '/var/log/asa5550.log'
logging.basicConfig(level=logging.INFO,
format='%(message)s',
datefmt='',
filename=LOG_FILE,
filemode='a')
class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request.strip())
socket = self.request
print( "%s : " % self.client_address, str(data))
logging.info(str(data))
# socket.sendto(data.upper(), self.client_address)
if __name__ == "__main__":
try:
HOST, PORT = "0.0.0.0", 514
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print ("Crtl+C Pressed. Shutting down.")
页:
[1]