Syslog listener to python script possible??????

Reply
L1 Bithead

Syslog listener to python script possible??????

Does anybody know how, or can offer some clues, as to how I could get the platform to call a python script to use an external API as a result of a syslog message. I know the syslog daemon passes the messages to Minemeld in JSON format, but what would be required to get minemeld to make an outbound call  - ideally via script. 

 

The use case is similar to the HTTP log forwarder on the firewall where you can use an external API on another product to trigger an action.

 

Alternate platform suggestionswelcome. 

 

End result - receive syslog event -> Minemeld does API call or fires Python script -> automated action on third party platform.

L4 Transporter

Re: Syslog listener to python script possible??????

Late reply, but FYI

 

We send our logs to a Graylog logger then use the alerting functionality in there to trigger a HTTP call.  Its a bit more complex but we can use the aggregation functionality in Graylog for more complex scenarios, especially in conjuntion with their lookup tables.

 

For example to get round the IP limitation on EDL's in PA we keep a "buffer" on our imported lists and use MineMeld to send the 'overflow' IP's to Graylog.  We then do lookups against traffic and when we see traffic to one of these lower priority IP's we trigger a HTTP alert to post them back to MineMeld with a higher confidence level so then flow through to the output node that is used by EDL's (and DAG pushers etc).

 

Potentially a bit overkill for you, but scales up very well.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!