Being honest David, I have never really worked with rsyslog before and did not think of that. For the JSON thing I am using 2.8.1 and isn't JSON logging only available in 2.9 ?
On Tuesday, June 9, 2015 at 2:51:40 PM UTC-4, David Lang wrote: > > On Tue, 9 Jun 2015, [email protected] <javascript:> wrote: > > > So After a few days of research I have figured out a way to write my own > > custom OSSEC Syslog client, its not the greatest possible solution but > it > > works. > > > > So first I used the python gevent lib and created a "UNIX tail command" > > python function called follow: > > > > def follow(filename): > > try: > > list_of_lines = [] > > fd = os.open(filename, os.O_RDONLY|os.O_NONBLOCK) > > os.lseek(fd, 0, os.SEEK_END) > > while True: > > lines = os.read(fd, 4096).splitlines() > > if not lines: > > continue > > else: > > for line in lines: > > list_of_lines.append(line) > > length_of_line = len(list_of_lines) - 1 > > list_of_lines.pop(length_of_line) > > log_to_syslog(list_of_lines[len(list_of_lines) - 1]) > > del list_of_lines[:] > > os.close(fd) > > except(KeyboardInterrupt): > > print("[*] Ctrl-C Pressed") > > > > > > Then using the logging module in python I found a way to parse and send > the > > logs to my syslog server, here is a quick example: > > > > logger = logging.getLogger() > > logger.setLevel(logging.INFO) > > handler = logging.handlers.SysLogHandler(address=(<server name goes > here>, 514), > > socktype=socket.SOCK_DGRAM) > > formatter = logging.Formatter('ossec: %(message)s') > > handler.setFormatter(formatter) > > logger.addHandler(handler) > > > > > > then using logging.info(<MESSAGE>) I could format my own syslog > messages. > > This is not the full code of course but a start if anybody else has this > > problem. > > silly question, but why don't you just log in JSON format and then use the > syslog daemon to format things however you want? (a custom template in > rsyslog, > since that's probably your default syslog daemon) > > David Lang > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
