在Juniper NetScreen防火墙上设置

SSG520-> set syslog config "10.10.14.20"
SSG520-> set syslog enable
SSG520-> get syslog
Syslog Configuration: Hostname: 10.10.14.20 Host port: 514 Security Facility: local0 Facility: local0 Traffic log: disabled Event log: enabled Transport: udp Socket number: 265 module=system: emer, alert, crit, error, warn, notif, info, debug Traffic/IDP logs on backup device: disabled
Syslog is enabled.

监控端python
import logging
import socketserver
import threading
import re

LOG_FILE = 'pysyslog.log'

logging.basicConfig(level=logging.INFO,
format='%(message)s',
datefmt='',
filename=LOG_FILE, # log文件
filemode='a') # 追加模式

class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):

    data = bytes.decode(self.request[0].strip())  # 读取数据
    date = re.match('.*<\d+>(\w+\s+\d+\s+\d+:\d+:\d+)\s+QYTISE.*', data)
    print("%s : " % self.client_address[0], str(data))  # 打印syslog信息
    logging.info(str(data))  # 把信息logging到本地

if name == "main":
try:
HOST, PORT = "0.0.0.0", 514 # 本地地址与端口
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler) # 绑定本地地址,端口和syslog处理方法
print("Syslog 服务已启用, 写入日志到文本文件!!!")
server.serve_forever(poll_interval=0.5) # 运行服务器,和轮询间隔

except (IOError, SystemExit):
    raise
except KeyboardInterrupt:  # 捕获Ctrl+C,打印信息并退出
    print("Crtl+C Pressed. Shutting down.")

运行后可以获取log记录