Python 实现 Syslog 用于收集Cisco ASA Firewall 日志

 

1. 配置Cisco ASA 5550 Firewall

logging enable 
logging timestamp 
logging trap warnings 
logging host inside 172.16.0.5
logging facility local0 
		

172.16.0.5 改为你的syslog服务器地址

2. syslog 服务器脚本

*注意:python版本必须3.0以上

chmod 700 syslogd

./syslogd

		
#!/srv/python/bin/python3
# -*- encoding: utf-8 -*-
# Cisco ASA Firewall - Syslog Server by neo
# Author: neo<openunix@163.com>

import logging
import socketserver
import threading

LOG_FILE = '/var/log/asa5550.log'

logging.basicConfig(level=logging.INFO,
                    format='%(message)s',
                    datefmt='',
                    filename=LOG_FILE,
                    filemode='a')

class SyslogUDPHandler(socketserver.BaseRequestHandler):

    def handle(self):
        data = bytes.decode(self.request[0].strip())
        socket = self.request[1]
        print( "%s : " % self.client_address[0], str(data))
        logging.info(str(data))
#        socket.sendto(data.upper(), self.client_address)

if __name__ == "__main__":
    try:
        HOST, PORT = "0.0.0.0", 514
        server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler)
        server.serve_forever(poll_interval=0.5)
    except (IOError, SystemExit):
        raise
    except KeyboardInterrupt:
        print ("Crtl+C Pressed. Shutting down.")
		
		

你可能感兴趣的:(python,Cisco,firewall,asa,asa5550)