GithubHelp home page GithubHelp logo

torstenk / cef_logger Goto Github PK

View Code? Open in Web Editor NEW

This project forked from delatars/cef_logger

0.0 0.0 0.0 14 KB

Simple ArcSight logger with full support Common Event Format

License: MIT License

Python 100.00%

cef_logger's Introduction

CEF Logger

Simple ArcSight logger with full support Common Event Format.

Features

  • Runtime fields validation of Mandatory and Extensions fields.
  • No need to configure template.
  • Compared with logging handlers
  • A Dynamic fields support.
  • Changing field's values on fly.
  • Custom Extensions fields support.

Install

Install from pypi:

pip install cef_logger

Usage

Usage of cef_logger is a pretty simple.

First of all creating our events.

"""events.py"""
from datetime import datetime

from cef_logger import Event


# Create a dynamic field
class GetCurrentUnixTimestamp:
    
    # Generating timestamp on render log message
    def __repr__(self):
        return f'{int(datetime.utcnow().timestamp())}'


# Creating Base event with mandatory fields
class BaseEvent(Event):
    SYSLOG_HEADER = True  # if you need syslog header in messages turn it on

    Version = 1
    DeviceProduct = "MyProduct"
    DeviceVersion = '1.0'
    DeviceVendor = 'MyCompany'
    DeviceEventClassID = 'base'
    Name = 'base'
    Severity = 1

class LoginEvent(BaseEvent):    
    DeviceEventClassID = 'Login'
    Name = 'System Login'
    severity = 9
    msg = 'Signed in system'
    
    end = GetCurrentUnixTimestamp()


class LogouEvent(BaseEvent):    
    DeviceEventClassID = 'Logout'
    Name = 'System Logout'
    severity = 9
    msg = 'Signed out system'
    
    end = GetCurrentUnixTimestamp()

Then attaching them to your arbitrary container.

"""logger.py"""
from .events import LoginEvent, LogoutEvent


class ArcSightLogger:
    # attaching events
    login_event = LoginEvent()
    logout_event = LogoutEvent()

Now we can easy to logging our events

from .logger import ArcSightLogger


ArcSightLogger.login_event()
# 2021-01-26T11:46:26.620649+00:00|Login|9|Signed in system|end=1618908511
ArcSightLogger.logout_event()
# 2021-01-26T11:46:26.620649+00:00|Logout|9|Signed out system|end=1618908525

# Change fields on fly
MyArcSightLogger.login_event(severity='Medium', msg='Signed in system again')
# 2021-01-26T11:46:26.620649+00:00|Login|Medium|Signed in system again|end=1618908543

Other cases

Add additional handlers

import logging.handlers

from cef_logger import Event


class BaseEvent(Event):
    EMITTERS = (
        *Event.EMITTERS,
        logging.handlers.SysLogHandler(address='/dev/log'),
    )
    Version = 1
    DeviceProduct = "MyProduct"
    DeviceVersion = '1.0'
    DeviceVendor = 'MyCompany'
    DeviceEventClassID = 'base'
    Name = 'base'
    Severity = 1

If you want syslog header but use console handler

from cef_logger import Event


class BaseEvent(Event):
    SYSLOG_HEADER = True
    
    Version = 1
    DeviceProduct = "MyProduct"
    DeviceVersion = '1.0'
    DeviceVendor = 'MyCompany'
    DeviceEventClassID = 'base'
    Name = 'base'
    Severity = 1

    
base_event = BaseEvent()
base_event()
# output will be:
# 2021-07-22T12:40:36.733389+00:00 127.0.1.1 CEF:1|MyCompany|MyProduct|1.0|base|base|1|

Ordering extensions

Notes:

  • Extension and Custom Extension fields can accept None as a value. It's useful when you need order on fly fields.
  • Note that the Custom Extensions will be ordering after Specification Extensions
from cef_logger import Event


# Set mandatory fields
class BaseEvent(Event):
    Version = 1
    DeviceProduct = "MyProduct"
    DeviceVersion = '1.0'
    DeviceVendor = 'MyCompany'
    DeviceEventClassID = 'base'
    Name = 'base'
    Severity = 1
    

class NewEvent(BaseEvent):
    # Specification Extensions
    src = '127.0.0.1'
    # set on fly field (value will be set on call)
    msg = None
    
    # Custom Extensions
    my_field = 'field'
    
my_new_event = NewEvent()
my_new_event(msg='I love python')
# output will be:
# CEF:1|MyCompany|MyProduct|1.0|base|base|1|src=127.0.0.1 msg=I love python my_field=field

cef_logger's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.