tls-syslog

Send syslog data over a TCP/TLS socket.


License
ISC
Install
pip install tls-syslog==0.2.0

Documentation

Python Syslog over TCP/TLS

This library allows sending syslog messages over TCP and TLS, similar to how Python's built-in SysLogHandler sends log lines over UDP. Since TCP isn't fire-and-forget like UDP, this library uses a daemon thread to send log-lines in the background without blocking the main application thread. Shutdown of the main process, however, is blocked until all log lines in the send-queue have been sent.

Installation

The documentation below assumes you're configuring the library to send logging to Papertrail, since Papertrail is a commonly used rsyslog provider that supports TCP/TLS connections. The same instructions should be applicable to any TCP/TLS syslog listener.

Obtain the TLS CA Certificates

Download the syslog listener's TLS certificates file in PEM format and save it somewhere. For example:

curl -o /path/to/papertrail-bundle.pem https://papertrailapp.com/tools/papertrail-bundle.pem

This step isn't needed is you aren't planning to validate the listener's certificate, but you should always validate the certificate. Otherwise, you might as well continue using syslog over UDP.

Setup: Django

The below sample code, when placed in your project's settings.py file, configures Django's logging framework.

import ssl

syslog_host = 'logsX.papertrailapp.com'
syslog_port = 55555
syslog_cert_path = '/path/to/papertrail-bundle.pem'

LOGGING = {
    'version': 1,
    'formatters': {
        'simple': {
            'format': '%(asctime)s django %(name)s: %(levelname)s %(message)s',
            'datefmt': '%Y-%m-%dT%H:%M:%S',
        },
    },
    'handlers': {
        'syslog': {
            'level': 'INFO',
            'class': 'tlssyslog.handlers.TLSSysLogHandler',
            'formatter': 'simple',
            'address': (syslog_host, syslog_port),
            'ssl_kwargs': {
                'cert_reqs': ssl.CERT_REQUIRED,
                'ssl_version': ssl.PROTOCOL_TLS,
                'ca_certs': syslog_cert_path,
            },
        },
    },
    'root': {
        'handlers': ['syslog'],
        'level': 'INFO',
    }
}

Setup: Generic Python Application

The below sample code configures Python's logging framework.

import logging.config
import ssl

syslog_host = 'logsX.papertrailapp.com'
syslog_port = 55555
syslog_cert_path = '/path/to/papertrail-bundle.pem'

logging.config.dictConfig({
    'version': 1,
    'formatters': {
        'simple': {
            'format': '%(asctime)s django %(name)s: %(levelname)s %(message)s',
            'datefmt': '%Y-%m-%dT%H:%M:%S',
        },
    },
    'handlers': {
        'syslog': {
            'level': 'INFO',
            'class': 'tlssyslog.handlers.TLSSysLogHandler',
            'formatter': 'simple',
            'address': (syslog_host, syslog_port),
            'ssl_kwargs': {
                'cert_reqs': ssl.CERT_REQUIRED,
                'ssl_version': ssl.PROTOCOL_TLS,
                'ca_certs': syslog_cert_path,
            },
        },
    },
    'root': {
        'handlers': ['syslog'],
        'level': 'INFO',
    }
})

Changelog

0.1.2

  • Fix issue where log lines weren't always completely sent over the socket connection, causing them to be lost.
  • Adds better error handling via [Raven/Sentry](https://docs.sentry.io/clients/python/) (if installed) upon error in the socket send worker thread.

0.1.1

  • Fix issue with forked processes not being able to log due to process copy-on-write behavior.
    • After a process fork occurs, the previously created queue and daemon thread are invalidated and recreated (for the child process only).
    • Uses the process PID to detect when a fork has occurred.

0.1.0

  • Initial release.