Syslog listener to python script possible??????

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Syslog listener to python script possible??????

L1 Bithead

Does anybody know how, or can offer some clues, as to how I could get the platform to call a python script to use an external API as a result of a syslog message. I know the syslog daemon passes the messages to Minemeld in JSON format, but what would be required to get minemeld to make an outbound call  - ideally via script. 

 

The use case is similar to the HTTP log forwarder on the firewall where you can use an external API on another product to trigger an action.

 

Alternate platform suggestionswelcome. 

 

End result - receive syslog event -> Minemeld does API call or fires Python script -> automated action on third party platform.

2 REPLIES 2

L4 Transporter

Late reply, but FYI

 

We send our logs to a Graylog logger then use the alerting functionality in there to trigger a HTTP call.  Its a bit more complex but we can use the aggregation functionality in Graylog for more complex scenarios, especially in conjuntion with their lookup tables.

 

For example to get round the IP limitation on EDL's in PA we keep a "buffer" on our imported lists and use MineMeld to send the 'overflow' IP's to Graylog.  We then do lookups against traffic and when we see traffic to one of these lower priority IP's we trigger a HTTP alert to post them back to MineMeld with a higher confidence level so then flow through to the output node that is used by EDL's (and DAG pushers etc).

 

Potentially a bit overkill for you, but scales up very well.

I dont suppose you can share how you have configure Graylog to push / post back into Minemeld? This the exact thing I'm trying to do now. 

  • 3645 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!