| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
本程序用於收集,防火牆,路由器,交換機等日誌
配置 Cisco ASA 5550 Firewall 防火牆,路由器和交換機操作方法大同小異。
logging enable logging timestamp logging trap warnings logging host inside 172.16.0.5 logging facility local0
172.16.0.5 改為你的syslogd伺服器地址
*注意:python版本必須3.0以上
chmod 700 syslogd
./syslogd
#!/srv/python/bin/python3
# -*- encoding: utf-8 -*-
# Cisco ASA Firewall - Syslog Server by neo
# Author: neo<neo.chen@live.com>
import logging
import socketserver
import threading
LOG_FILE = '/var/log/asa5550.log'
logging.basicConfig(level=logging.INFO,
format='%(message)s',
datefmt='',
filename=LOG_FILE,
filemode='a')
class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip())
socket = self.request[1]
print( "%s : " % self.client_address[0], str(data))
logging.info(str(data))
# socket.sendto(data.upper(), self.client_address)
if __name__ == "__main__":
try:
HOST, PORT = "0.0.0.0", 514
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print ("Crtl+C Pressed. Shutting down.")