This Python script implements a simple Syslog server that listens to incoming Syslog messages on port 514 and logs them to a MongoDB database. In addition, the script sends a notification to a Discord channel for Syslog messages with a severity level of 0-3 (Emergency, Alert, Critical, and Error). This server is part of a larger project, which includes several microservices and other components that collectively provide tools to manage on-premise networking devices. The view the cluster architecture and the CI/CD pipeline for deployment, refer to the Cluster Manifest Repository.
- Python 3.7 or later
- A MongoDB database
- A Discord channel
To run this application, follow these steps:
- Clone this repository
- Install the required packages using
pip install -r requirements.txt
- Run the application using
python server.py
- The application will listen on port 514 for syslog messages
Send a Syslog message to the server by running the following command in a separate terminal window:
echo "<13>Feb 5 17:32:18 mymachine myproc[10]: %% It's time to make the do-nuts." | nc -w 1 -u localhost 514
The server is designed to handle SIGTERM signals. When the server receives a SIGTERM signal, it will shut down gracefully.
Each incoming syslog message is stored in its own collection within the syslogs database, with the following format:
{
"level": <severity_level>,
"severity": <trap_severity>,
"message": <trap_message>,
"client_ip": <client_ip>,
"created_at": datetime.utcnow(),
}
If the severity level of an incoming message is critical (severity <= 3), an alert will be sent to the Discord channel specified in the DISCORDURL environment variable. The alert will include the device IP address, severity level, and the message.
Create a .env file in the root directory of the project and set the following environment variables:
MONGOURL=<MongoDB URL>
DISCORDURL=https://discord.com/api/webhooks/<Webhook URL>