Last active
March 15, 2019 20:56
-
-
Save lopes/81b90d86b30e2730df241c90cc323837 to your computer and use it in GitHub Desktop.
Parses honeyd logfiles to syslog and sends them to a SIEM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/ksh | |
#honeyd-syslogger.sh | |
# | |
# Parses honeyd logfiles to syslog and sends them to a SIEM. | |
# This script is compatible with OpenBSD 6.4 and ksh. If | |
# you're running in Linux/Bash, the commands below should help: | |
# | |
# YESTERDAY="$(date -u +"%Y-%m-%d" -d "yesterday")" | |
# | |
# Deploy: simply edit global variables according to your | |
# environment, give this file 0755 permissions, and | |
# edit crontab to run it periodicaly. Then, add these | |
# lines to /etc/syslog.conf (change x.x.x.x for your | |
# SIEM address): | |
# | |
# !!logger | |
# *.* @tls://x.x.x.x | |
# !* | |
# | |
# Author: Jose Lopes <joselopes@cemig.com.br> | |
# License: MIT | |
# Date: 2019-03-15 | |
## | |
INPATH="/path/to/log" | |
OUTPATH="/path/to/aux/dir" | |
YESTERDAY="$(date -r "$(expr $(date +%s) - 86400)" "+%Y-%m-%d")" | |
YEAR="$(echo $YESTERDAY | cut -d"-" -f 1)" | |
syslogger() { | |
# $1: listener subdirectory | |
# $2: listener prefix | |
# $3: file filter | |
in="$INPATH/$1/$YEAR/$2.$YESTERDAY" | |
out="$OUTPATH/$2.$YESTERDAY" | |
test -e "$in" && \ | |
egrep "$3" "$in" > "$out" && \ | |
logger -i -t logger -f "$out" && \ | |
rm -f "$out" | |
} | |
syslogger "directory_1" "file_prefix_a" "" | |
syslogger "directory_2" "file_prefix_b" "(regex|optional)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment