forked from pwnlandia/hpfeeds-logger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
logger.py
111 lines (94 loc) · 3.46 KB
/
logger.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import json
import hpfeeds
import sys
import logging
from logging.handlers import RotatingFileHandler
import processors
import splunk
import arcsight
PROCESSORS = {
'amun.events': [processors.amun_events],
'glastopf.events': [processors.glastopf_event,],
'dionaea.capture': [processors.dionaea_capture,],
'dionaea.connections': [processors.dionaea_connections,],
'beeswarm.hive': [processors.beeswarm_hive,],
'kippo.sessions': [processors.kippo_sessions,],
'conpot.events': [processors.conpot_events,],
'snort.alerts': [processors.snort_alerts,],
'wordpot.events': [processors.wordpot_event,],
'shockpot.events': [processors.shockpot_event,],
'p0f.events': [processors.p0f_events,],
'suricata.events': [processors.suricata_events,],
}
FORMATTERS = {
'splunk': splunk.format,
'arcsight': arcsight.format,
}
handler = logging.StreamHandler()
handler.setFormatter(logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))
logger = logging.getLogger('logger')
logger.setLevel(logging.INFO)
logger.addHandler(handler)
def main():
if len(sys.argv) < 2:
logger.error('No config file found. Exiting')
return 1
logger.info('Parsing config file: %s', sys.argv[1])
config = json.load(file(sys.argv[1]))
host = config['host']
port = config['port']
# hpfeeds protocol has trouble with unicode, hence the utf-8 encoding here
channels = [c.encode('utf-8') for c in config['channels']]
ident = config['ident'].encode('utf-8')
secret = config['secret'].encode('utf-8')
logfile = config['log_file']
formatter = FORMATTERS.get(config['formatter_name'])
if not formatter:
logger.error('Unsupported data log formatter encountered: %s. Exiting.', config['formatter_name'])
return 1
handler = RotatingFileHandler(logfile, maxBytes=100*1024*1024, backupCount=3)
handler.setFormatter(logging.Formatter('%(asctime)s %(message)s'))
data_logger = logging.getLogger('data')
data_logger.setLevel(logging.INFO)
data_logger.addHandler(handler)
logger.info('Writing events to %s', logfile)
try:
hpc = hpfeeds.new(host, port, ident, secret)
except hpfeeds.FeedException, e:
logger.error('feed exception', e)
return 1
logger.info('connected to %s', hpc.brokername)
def on_message(identifier, channel, payload):
procs = PROCESSORS.get(channel, [])
for processor in procs:
try:
message = processor(identifier, payload)
except Exception, e:
logger.error('invalid message %s', payload)
logger.exception(e)
continue
if message:
data_logger.info(formatter(message))
def on_error(payload):
logger.error('Error message from server: %s', payload)
hpc.stop()
hpc.subscribe(channels)
try:
hpc.run(on_message, on_error)
except hpfeeds.FeedException, e:
logger.error('feed exception:')
logger.exception(e)
except KeyboardInterrupt:
logger.error('KeyboardInterrupt encountered, exiting ...')
except:
logger.error('Unknown error encountered, exiting ...')
logger.exception(e)
finally:
hpc.close()
return 0
if __name__ == '__main__':
try:
sys.exit(main())
except KeyboardInterrupt:
logger.error('KeyboardInterrupt encountered, exiting ...')
sys.exit(0)