ArcEvent -- Class for creating events for logging.
Project description
CEF Logger
Simple ArcSight logger with full support Common Event Format.
Features
- Runtime fields validation of Mandatory and Extensions fields.
- No need to configure template.
- Compared with logging handlers
- A Dynamic fields support.
- Changing field's values on fly.
- Custom Extensions fields support.
Usage
Usage of cef_logger is a pretty simple.
First of all creating our events.
"""events.py"""
from datetime import datetime
from cef_logger import Event
# Create a dynamic field
class GetCurrentUnixTimestamp:
# Generating timestamp on render log message
def __repr__(self):
return f'{int(datetime.utcnow().timestamp())}'
# Creating Base event with mandatory fields
class BaseEvent(Event):
SYSLOG_HEADER = True # if you need syslog header in messages turn it on
Version = 1
DeviceProduct = "MyProduct"
DeviceVersion = '1.0'
DeviceVendor = 'MyCompany'
DeviceEventClassID = 'base'
Name = 'base'
Severity = 1
class LoginEvent(BaseEvent):
DeviceEventClassID = 'Login'
Name = 'System Login'
severity = 9
msg = 'Signed in system'
end = GetCurrentUnixTimestamp()
class LogouEvent(BaseEvent):
DeviceEventClassID = 'Logout'
Name = 'System Logout'
severity = 9
msg = 'Signed out system'
end = GetCurrentUnixTimestamp()
Then attaching them to your arbitrary container.
"""logger.py"""
from .events import LoginEvent, LogoutEvent
class ArcSightLogger:
# attaching events
login_event = LoginEvent()
logout_event = LogoutEvent()
Now we can easy to logging our events
from .logger import MyArcSightLogger
MyArcSightLogger.login_event()
# 2021-01-26T11:46:26.620649+00:00|Login|9|Выполнен вход в систему|end=1618908511
MyArcSightLogger.logout_event()
# 2021-01-26T11:46:26.620649+00:00|Logout|9|Выполнен выход из системы|end=1618908525
# Change fields on fly
MyArcSightLogger.login_event(severity='Medium', msg='Повторный вход в систему')
# 2021-01-26T11:46:26.620649+00:00|Login|Medium|Повторный вход в систему|end=1618908543
Other cases
Add additional handlers
import logging.handlers
from cef_logger import ArcEvent
class BaseEvent(ArcEvent):
EMITTERS = (
*ArcEvent.EMITTERS,
logging.handlers.SysLogHandler(address='/dev/log'),
)
Version = 1
DeviceProduct = "MyProduct"
DeviceVersion = '1.0'
DeviceVendor = 'MyCompany'
DeviceEventClassID = 'base'
Name = 'base'
Severity = 1
If you want syslog header but use console handler
from cef_logger import ArcEvent
class BaseEvent(ArcEvent):
SYSLOG_HEADER = True
Version = 1
DeviceProduct = "MyProduct"
DeviceVersion = '1.0'
DeviceVendor = 'MyCompany'
DeviceEventClassID = 'base'
Name = 'base'
Severity = 1
base_event = BaseEvent()
base_event()
# output will be:
# 2021-07-22T12:40:36.733389+00:00 127.0.1.1 CEF:1|MyCompany|MyProduct|1.0|base|base|1|
Ordering extensions
Notes:
- Extension and Custom Extension fields can accept None as a value. It's useful when you need order on fly fields.
- Note that the Custom Extensions will be ordering after Specification Extensions
from cef_logger import Event
# Set mandatory fields
class BaseEvent(Event):
Version = 1
DeviceProduct = "MyProduct"
DeviceVersion = '1.0'
DeviceVendor = 'MyCompany'
DeviceEventClassID = 'base'
Name = 'base'
Severity = 1
class NewEvent(BaseEvent):
# Specification Extensions
src = '127.0.0.1'
# set on fly field (value will be set on call)
msg = None
# Custom Extensions
my_field = 'field'
my_new_event = NewEvent()
my_new_event(msg='I love python')
# output will be:
# CEF:1|MyCompany|MyProduct|1.0|base|base|1|src=127.0.0.1 msg=I love python my_field=field
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cef_logger-1.0.0.tar.gz
(11.0 kB
view hashes)
Built Distribution
Close
Hashes for cef_logger-1.0.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0e7360c62e68e3c9198fe0119b924eb8d69149a364653843e93038a885fbb148 |
|
| MD5 | 84e40121e057aea4e4f9504b9c1294d2 |
|
| BLAKE2b-256 | 7253c0ede772c69ab912a2f312d5085c1cdb1bd5903fcf944942adde15604d54 |
