在Juniper NetScreen防火墙上设置
SSG520-> set syslog config "10.10.14.20"
SSG520-> set syslog enable
SSG520-> get syslog
Syslog Configuration: Hostname: 10.10.14.20 Host port: 514 Security Facility: local0 Facility: local0 Traffic log: disabled Event log: enabled Transport: udp Socket number: 265 module=system: emer, alert, crit, error, warn, notif, info, debug Traffic/IDP logs on backup device: disabled
Syslog is enabled.
监控端python
import logging
import socketserver
import threading
import re
LOG_FILE = 'pysyslog.log'
logging.basicConfig(level=logging.INFO,
format='%(message)s',
datefmt='',
filename=LOG_FILE, # log文件
filemode='a') # 追加模式
class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip()) # 读取数据
date = re.match('.*<\d+>(\w+\s+\d+\s+\d+:\d+:\d+)\s+QYTISE.*', data)
print("%s : " % self.client_address[0], str(data)) # 打印syslog信息
logging.info(str(data)) # 把信息logging到本地
if name == "main":
try:
HOST, PORT = "0.0.0.0", 514 # 本地地址与端口
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler) # 绑定本地地址,端口和syslog处理方法
print("Syslog 服务已启用, 写入日志到文本文件!!!")
server.serve_forever(poll_interval=0.5) # 运行服务器,和轮询间隔
except (IOError, SystemExit):
raise
except KeyboardInterrupt: # 捕获Ctrl+C,打印信息并退出
print("Crtl+C Pressed. Shutting down.")
运行后可以获取log记录
来源:51CTO
作者:normanjin
链接:https://blog.51cto.com/2290153/2461318