adiroiban/txsyslogd.py

## txsyslogd.py
#!/usr/bin/python
#
# Simple syslog collector used for testing.
#
from twisted.internet import address, reactor, stdio, defer
from twisted.internet.protocol import DatagramProtocol, Protocol, Factory
from twisted.protocols.basic import LineReceiver
import time, re, math, json

#<22>Nov  1 00:12:04 gleicon-vm1 postfix/smtpd[4880]: connect from localhost[127.0.0.1]
severity = [
    'emerg',
    'alert',
    'crit',
    'err',
    'warn',
    'notice',
    'info',
    'debug',
    ]

facility = [
    'kern',
    'user',
    'mail',
    'daemon',
    'auth',
    'syslog',
    'lpr',
    'news',
    'uucp',
    'cron',
    'authpriv',
    'ftp',
    'ntp',
    'audit',
    'alert',
    'at',
    'local0',
    'local1',
    'local2',
    'local3',
    'local4',
    'local5',
    'local6',
    'local7',
    ]

fs_match = re.compile("<(.+)>(.*)", re.I)


class SyslogMixin(object):
    """
    Shared code for handling Syslog received lines.
    """

    def lineReceived(self, line):
        k = {}
        k['line'] = line.strip()
        (fac, sev) = self._calc_lvl(k['line'])

        peer = self.transport.getHost()
        if isinstance(peer, address.UNIXAddress):
            k['host'] = peer.name
        else:
            k['host'] = peer.host

        k['tstamp'] = time.time()
        k['facility'] = fac
        k['severity'] = sev
        print json.dumps(k)

    def _calc_lvl(self, line):
        lvl = fs_match.split(line)
        if lvl and len(lvl) > 1:
            i = int(lvl[1])
            fac = int(math.floor(i / 8))
            sev = i - (fac * 8)
            return (facility[fac], severity[sev])
        return (None, None)


class SyslogdUDPProtocol(DatagramProtocol, SyslogMixin):
    """
    Simple Syslog handler over UDP.
    It assumes full message is received in the same datagram.
    """

    def datagramReceived(self, data, peer):
        print 'UDP connection from %s' % (peer,)
        lines = data.split('\x00')
        for line in lines:
            if not line:
                continue
            self.lineReceived(line)


# SyslogMixin need to come first.
class SyslogdStreamProtocol(SyslogMixin, LineReceiver):
    """
    Handle Syslog over stream protocols TCP/Unix socket.
    """
    delimiter = '\x00'

    def connectionMade(self):
        print 'Stream connection from %r' % self.transport.getHost()


class SyslogdFactory(Factory):
    protocol = SyslogdStreamProtocol

def main():
    reactor.listenUDP(10514, SyslogdUDPProtocol())
    # reactor.listenTCP(10415, SyslogdTCPFactory())
    # reactor.listenUNIX('/tmp/syslog', SyslogdFactory())
    reactor.run()

if __name__ == '__main__':
    main()
	#!/usr/bin/python
	#
	# Simple syslog collector used for testing.
	#
	from twisted.internet import address, reactor, stdio, defer
	from twisted.internet.protocol import DatagramProtocol, Protocol, Factory
	from twisted.protocols.basic import LineReceiver
	import time, re, math, json

	#<22>Nov 1 00:12:04 gleicon-vm1 postfix/smtpd[4880]: connect from localhost[127.0.0.1]
	severity = [
	'emerg',
	'alert',
	'crit',
	'err',
	'warn',
	'notice',
	'info',
	'debug',
	]

	facility = [
	'kern',
	'user',
	'mail',
	'daemon',
	'auth',
	'syslog',
	'lpr',
	'news',
	'uucp',
	'cron',
	'authpriv',
	'ftp',
	'ntp',
	'audit',
	'alert',
	'at',
	'local0',
	'local1',
	'local2',
	'local3',
	'local4',
	'local5',
	'local6',
	'local7',
	]

	fs_match = re.compile("<(.+)>(.*)", re.I)


	class SyslogMixin(object):
	"""
	Shared code for handling Syslog received lines.
	"""

	def lineReceived(self, line):
	k = {}
	k['line'] = line.strip()
	(fac, sev) = self._calc_lvl(k['line'])

	peer = self.transport.getHost()
	if isinstance(peer, address.UNIXAddress):
	k['host'] = peer.name
	else:
	k['host'] = peer.host

	k['tstamp'] = time.time()
	k['facility'] = fac
	k['severity'] = sev
	print json.dumps(k)

	def _calc_lvl(self, line):
	lvl = fs_match.split(line)
	if lvl and len(lvl) > 1:
	i = int(lvl[1])
	fac = int(math.floor(i / 8))
	sev = i - (fac * 8)
	return (facility[fac], severity[sev])
	return (None, None)


	class SyslogdUDPProtocol(DatagramProtocol, SyslogMixin):
	"""
	Simple Syslog handler over UDP.
	It assumes full message is received in the same datagram.
	"""

	def datagramReceived(self, data, peer):
	print 'UDP connection from %s' % (peer,)
	lines = data.split('\x00')
	for line in lines:
	if not line:
	continue
	self.lineReceived(line)


	# SyslogMixin need to come first.
	class SyslogdStreamProtocol(SyslogMixin, LineReceiver):
	"""
	Handle Syslog over stream protocols TCP/Unix socket.
	"""
	delimiter = '\x00'

	def connectionMade(self):
	print 'Stream connection from %r' % self.transport.getHost()


	class SyslogdFactory(Factory):
	protocol = SyslogdStreamProtocol

	def main():
	reactor.listenUDP(10514, SyslogdUDPProtocol())
	# reactor.listenTCP(10415, SyslogdTCPFactory())
	# reactor.listenUNIX('/tmp/syslog', SyslogdFactory())
	reactor.run()

	if __name__ == '__main__':
	main()