Following up the last project, I created another function so that my syslog server can post slack upon rejection of client request due to the content filtering.
Output Example:
Here is the new modified syslog_server.py with new function and some rearrangement of the function:
## Reference https://gist.github.com/marcelom/4218010 ## Tiny Syslog Server in Python. ## ## This is a tiny syslog server that is able to receive UDP based syslog ## entries on a specified port and save them to a file. ## That's it... it does nothing else... ## There are a few configuration parameters. HOST, PORT = "0.0.0.0", 514 PRINT_LOG = True # SYSLOG Notification parameter CONTENT_FILTERING_NOTIFY = True # # NO USER SERVICEABLE PARTS BELOW HERE... # import logging import re import socketserver import sys import custom_helper.slack class SyslogUDPHandler(socketserver.BaseRequestHandler): def handle(self): data = bytes.decode(self.request[0].strip(), encoding="utf-8") socket = self.request[1] if PRINT_LOG: print("%s : " % self.client_address[0], str(data.encode("utf-8"))) if CONTENT_FILTERING_NOTIFY: cf_notify(data) logging.info(str(data.encode("utf-8"))) def cf_notify(log): log_match = re.search(r'log_type="(.*?)".*log_subtype="(.*?)".*category="(.*?)".*url="(.*?)"', log) if log_match[1] == "Content Filtering" and log_match[2] == "Denied": category, url = log_match[3], log_match[4] custom_helper.slack.post(f"Content Filtering Denied: {category} - {url}", "security_logs", "HOME_SOPHOS") if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: {sys.argv[0]} log_file_name") sys.exit(0) try: LOG_FILE = sys.argv[1] logging.basicConfig(level=logging.INFO, format='%(message)s', datefmt='', filename=LOG_FILE, filemode='a') server = socketserver.UDPServer((HOST,PORT), SyslogUDPHandler) server.serve_forever(poll_interval=0.5) except (IOError, SystemExit): raise except KeyboardInterrupt: print ("Crtl+C Pressed. Shutting down.")