Not Logged In
loggerglue 1.0
Syslog protocol (rfc5424 and rfc5425) utilities
Downloads ↓ | Package Documentation
loggerglue is intended to be a general purpose glue layer for the syslog protocol as decribed in rfc5424 and rfc5425.
This package includes:
- a pyparsing parser for rfc5424
- a wrapper class for rfc5424 syslog entries
- an emitter for syslog messages, and associated convenience classes
- a SyslogServer class supporting TLS (rcf5425)
A client example
Log a simple message with structured data to the local syslog daemon:
from loggerglue import logger
from loggerglue.rfc5424 import SDElement
from loggerglue.constants import *
l = logger.Logger()
l.log(prival=LOG_INFO|LOG_USER,
msg="Test message",
structured_data=[
SDElement("origin",
[("software","test script"), ("swVersion","0.0.1")])
])
A trivial server example
A simple TLS enabled server can be built as follows:
from loggerglue.server import SyslogServer, SyslogHandler
class SimpleHandler(SyslogHandler):
def handle_entry(self, entry):
print 'On %s from %s: %s' % \
(entry.timestamp, entry.hostname, entry.msg)
s = SyslogServer(('127.0.0.1', 6514), SimpleHandler,
keyfile='loggerglue-key.pem',
certfile='loggerglue-cert.pem')
s.serve_forever()
Here's an example rsyslog configuration:
$IncludeConfig /etc/rsyslog.d/*.conf $DefaultNetstreamDriverCAFile /path/to/loggerglue-ca-cert.pem $DefaultNetstreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode anon *.* @@(o)localhost:6514;RSYSLOG_SyslogProtocol23Format
A more advanced server example
In this exemple we index the log data as it comes using Whoosh.
from loggerglue.server import SyslogServer, SyslogHandler
from whoosh import index
from whoosh.fields import *
import os.path
schema = Schema(prio=ID(stored=True),
timestamp=DATETIME(stored=True),
hostname=ID(stored=True),
app_name=ID(stored=True),
procid=ID(stored=True),
msgid=ID(stored=True),
msg=TEXT(stored=True)
)
if os.path.exists('indexdir'):
ix = index.open_dir('indexdir')
else:
os.mkdir('indexdir')
ix = index.create_in('indexdir', schema)
class SimpleHandler(SyslogHandler):
def handle_entry(self, entry):
writer = ix.writer()
writer.add_document(prio=entry.prival,
timestamp=entry.timestamp,
hostname=entry.hostname,
app_name=entry.app_name,
procid=entry.procid,
msgid=entry.msgid,
msg=entry.msg)
writer.commit()
s = SyslogServer(('127.0.0.1', 6514), SimpleHandler,
keyfile='loggerglue-key.pem',
certfile='loggerglue-cert.pem')
s.serve_forever()
And now a small search tool:
from whoosh import index
from whoosh.qparser import QueryParser
import sys
if len(sys.argv) == 1:
print 'usage: %s <search terms>' % sys.argv[0]
sys.exit(1)
ix = index.open_dir('indexdir')
searcher = ix.searcher()
query = QueryParser('msg').parse(' '.join(sys.argv[1:]))
results = searcher.search(query)
print '%d results\n' % len(results)
for r in results:
print '%s\n' % str(r)
searcher.close()
1.0 (25/03/2011)
- Wladimir van der Laan <laanwj@gmail.com>
- Add Sphinx-based documentation and docstrings
- Emitter for syslog messages, and associated convenience classes
- Fixes for RFC 5424 edge cases
- Allow multiple of the same key in STRUCTURED-DATA by representing the parameters using a multidict
0.9 (28/01/2011)
- Initial release.
| File | Type | Py Version | Uploaded on | Size | # downloads |
|---|---|---|---|---|---|
| loggerglue-1.0.tar.gz (md5) | Source | 2011-03-25 | 18KB | 360 | |
- Author: Evax Software
- Documentation: loggerglue package documentation
- Home Page: http://www.evax.fr/
- Keywords: syslog,rfc5424,rfc5425,TLS
- License: MIT License
- Categories
- Package Index Owner: EvaxSoftware
- DOAP record: loggerglue-1.0.xml