syslogcef
Python library to easily send CEF formatted messages to syslog server.
It uses cefevent to format message payloads and offer two strategies to send syslogs over the network: RFC 5424 or RFC 3164. RFC 5424 is the default.
Install:
pip install syslogcefTest sending a few messages with:
python3 -m syslogcef.testmessages --host <host> --port <port> --proto [TCP|UDP]Usage:
from syslogcef import SyslogCEFSender, Rfc3164SyslogSender
# Create syslog sender.
syslog = SyslogCEFSender(
# Syslog server settings:
host='10.1.2.3',
port='514',
protocol='TCP',
# Hopefully the above names does not clash with any CEF field name.
# CEF fields applied to all events:
deviceProduct='MyProgram',
deviceVendor='MyCompany',
deviceVersion='1.0.2',
# Overriding the default strategy to send syslog over the network with RFC 3164 format.
# Do not specify this argument to use RFC 5424.
syslog_sender_class=Rfc3164SyslogSender)
# Register CEF events.
syslog.register_event('100', name='CPU temp is OK', severity=0)
syslog.register_event('101', name='CPU temp is rising', severity=5)
syslog.register_event('102', name='CPU temp is too high', severity=9,
# CEF fields applied to all '102' events:
reason="Exceeds 70 degres celsius")
# Send one syslog message.
syslog.send('102', message="The CPU temp is 88 degres celsius.",
# CEF fields applied only to this event:
sourceHostName="mydevice.mydomain.com",
sourceMacAddress="00:00:ee:00:52:bb")See cefevent for complete list of fields.
Read the full ArcSight CEF format for more informations.
