Python 100 project #41: Syslog Post to Slack – Content Filtering

Following up the last project, I created another function so that my syslog server can post slack upon rejection of client request due to the content filtering.

Output Example:

Here is the new modified syslog_server.py with new function and some rearrangement of the function:

## Reference https://gist.github.com/marcelom/4218010

## Tiny Syslog Server in Python.
##
## This is a tiny syslog server that is able to receive UDP based syslog
## entries on a specified port and save them to a file.
## That's it... it does nothing else...
## There are a few configuration parameters.

HOST, PORT = "0.0.0.0", 514
PRINT_LOG = True

# SYSLOG Notification parameter
CONTENT_FILTERING_NOTIFY = True

#
# NO USER SERVICEABLE PARTS BELOW HERE...
#

import logging
import re
import socketserver
import sys

import custom_helper.slack


class SyslogUDPHandler(socketserver.BaseRequestHandler):

    def handle(self):
        data = bytes.decode(self.request[0].strip(), encoding="utf-8")
        socket = self.request[1]
        if PRINT_LOG:
            print("%s : " % self.client_address[0], str(data.encode("utf-8")))
        if CONTENT_FILTERING_NOTIFY:
            cf_notify(data)
        logging.info(str(data.encode("utf-8")))


def cf_notify(log):
    log_match = re.search(r'log_type="(.*?)".*log_subtype="(.*?)".*category="(.*?)".*url="(.*?)"', log)
    if log_match[1] == "Content Filtering" and log_match[2] == "Denied":
        category, url = log_match[3], log_match[4]
        custom_helper.slack.post(f"Content Filtering Denied: {category} - {url}", "security_logs", "HOME_SOPHOS")


if __name__ == "__main__":

    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} log_file_name")
        sys.exit(0)

    try:
        LOG_FILE = sys.argv[1]
        logging.basicConfig(level=logging.INFO, format='%(message)s', datefmt='', filename=LOG_FILE, filemode='a')
        server = socketserver.UDPServer((HOST,PORT), SyslogUDPHandler)
        server.serve_forever(poll_interval=0.5)
    except (IOError, SystemExit):
        raise
    except KeyboardInterrupt:
        print ("Crtl+C Pressed. Shutting down.")

## Reference https://gist.github.com/marcelom/4218010

## Tiny Syslog Server in Python.

## This is a tiny syslog server that is able to receive UDP based syslog

## entries on a specified port and save them to a file.

## That's it... it does nothing else...

## There are a few configuration parameters.

HOST, PORT = "0.0.0.0", 514

PRINT_LOG = True

# SYSLOG Notification parameter

CONTENT_FILTERING_NOTIFY = True

# NO USER SERVICEABLE PARTS BELOW HERE...

import logging

import re

import socketserver

import sys

import custom_helper.slack

class SyslogUDPHandler(socketserver.BaseRequestHandler):

def handle(self):

data = bytes.decode(self.request[0].strip(), encoding="utf-8")

socket = self.request[1]

if PRINT_LOG:

print("%s : " % self.client_address[0], str(data.encode("utf-8")))

if CONTENT_FILTERING_NOTIFY:

cf_notify(data)

logging.info(str(data.encode("utf-8")))

def cf_notify(log):

log_match = re.search(r'log_type="(.*?)".*log_subtype="(.*?)".*category="(.*?)".*url="(.*?)"', log)

if log_match[1] == "Content Filtering" and log_match[2] == "Denied":

category, url = log_match[3], log_match[4]

custom_helper.slack.post(f"Content Filtering Denied: {category} - {url}", "security_logs", "HOME_SOPHOS")

if __name__ == "__main__":

if len(sys.argv) != 2:

print(f"Usage: {sys.argv[0]} log_file_name")

sys.exit(0)

try:

LOG_FILE = sys.argv[1]

logging.basicConfig(level=logging.INFO, format='%(message)s', datefmt='', filename=LOG_FILE, filemode='a')

server = socketserver.UDPServer((HOST,PORT), SyslogUDPHandler)

server.serve_forever(poll_interval=0.5)

except (IOError, SystemExit):

raise

except KeyboardInterrupt:

print ("Crtl+C Pressed. Shutting down.")

Share this:

Related