-
Notifications
You must be signed in to change notification settings - Fork 34
/
syslog_logger.py
69 lines (63 loc) · 2.42 KB
/
syslog_logger.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
###
# MTPot is a simple open source honeypot, released under the MIT license for the use of the community.
#
# Cymmetria Research, 2016.
# http://www.cymmetria.com/
#
# Please consider trying out the MazeRunner Community Edition, the free version of our cyber deception platform.
#
# Written by: Itamar Sher (@itamar_sher), Dean Sysman (@DeanSysman), Imri Goldberg (@lorgandon)
# Contact: research@cymmetria.com
###
import logging
import logging.handlers
import socket
class InvalidSyslogSocktype(Exception):
pass
class MySysLogHandler(logging.handlers.SysLogHandler):
def emit(self, record):
"""
Emit a record.
The record is formatted, and then sent to the syslog server. If
exception information is present, it is NOT sent to the server.
"""
msg = self.format(record) + '\n'
# We need to convert record level to lowercase, maybe this will
# change in the future.
prio = '<%d>' % self.encodePriority(self.facility,
self.mapPriority(record.levelname))
# Message is a string. Convert to bytes as required by RFC 5424
if isinstance(msg, unicode):
msg = msg.encode('utf-8')
msg = prio + msg
try:
if self.unixsocket:
try:
self.socket.send(msg)
except socket.error:
self.socket.close() # See issue 17981
self._connect_unixsocket(self.address)
self.socket.send(msg)
elif self.socktype == socket.SOCK_DGRAM:
self.socket.sendto(msg, self.address)
else:
self.socket.sendall(msg)
except (KeyboardInterrupt, SystemExit):
raise
except:
self.handleError(record)
def get_syslog_logger(syslog_address, syslog_port, sock_type):
if sock_type == "TCP":
syslog_handler_tcp = MySysLogHandler(
address=(syslog_address, syslog_port),
socktype=socket.SOCK_STREAM)
elif sock_type == "UDP":
syslog_handler = MySysLogHandler(
address=(syslog_address, syslog_port),
socktype=socket.SOCK_DGRAM)
else:
raise InvalidSyslogSocktype("Invalid socktype={} (TCP/UDP)".format(sock_type))
syslogger = logging.getLogger("HoneySyslog")
syslogger.setLevel(logging.INFO)
syslogger.addHandler(syslog_handler)
return syslogger