So After a few days of research I have figured out a way to write my own
custom OSSEC Syslog client, its not the greatest possible solution but it
works.
So first I used the python gevent lib and created a "UNIX tail command"
python function called follow:
def follow(filename):
try:
list_of_lines = []
fd = os.open(filename, os.O_RDONLY|os.O_NONBLOCK)
os.lseek(fd, 0, os.SEEK_END)
while True:
lines = os.read(fd, 4096).splitlines()
if not lines:
continue
else:
for line in lines:
list_of_lines.append(line)
length_of_line = len(list_of_lines) - 1
list_of_lines.pop(length_of_line)
log_to_syslog(list_of_lines[len(list_of_lines) - 1])
del list_of_lines[:]
os.close(fd)
except(KeyboardInterrupt):
print("[*] Ctrl-C Pressed")
Then using the logging module in python I found a way to parse and send the
logs to my syslog server, here is a quick example:
logger = logging.getLogger()
logger.setLevel(logging.INFO)
handler = logging.handlers.SysLogHandler(address=(<server name goes here>,
514),
socktype=socket.SOCK_DGRAM)
formatter = logging.Formatter('ossec: %(message)s')
handler.setFormatter(formatter)
logger.addHandler(handler)
then using logging.info(<MESSAGE>) I could format my own syslog messages.
This is not the full code of course but a start if anybody else has this
problem.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
