Last active
May 23, 2022 11:26
-
-
Save idlethreat/223ea5abf470a7c1c632 to your computer and use it in GitHub Desktop.
Gelf Log Listener in Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ############### // gelfListener 0.2 // ############### | |
| # | |
| # Listens on UDP 12201 for Gelf messages | |
| # Extracts the event data and writes the message to disk | |
| # updated to handle both zlib (nxlog) and gzip (graylog server) compressed events | |
| # not perfect, but works okay | |
| # | |
| # Bugs: | |
| # | |
| # decodeGzip() blows up a lot. Take out the try: finally to see all | |
| # the pretty error messages | |
| # | |
| ###################################################### | |
| import gzip | |
| import json | |
| import socket | |
| import StringIO | |
| HOST = '' # Symbolic name meaning all available interfaces | |
| PORT = 12201 # Default port for Gelf UDP | |
| s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # this creates UDP socket | |
| print 'Socket created' # debug | |
| #Bind socket to local host and port | |
| try: | |
| s.bind((HOST, PORT)) | |
| except socket.error as msg: | |
| print 'Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1] | |
| sys.exit() | |
| print 'Socket bind complete' # debug | |
| ############### // fileWriter // ############### | |
| def fileWriter(myHostName, myMessage): | |
| with open(myHostName, 'a') as fileWriteOperation: | |
| fileWriteOperation.write(myMessage) | |
| fileWriteOperation.close() | |
| ################################################ | |
| ############### // Zlib // ############### | |
| def decodeZlib(zData): | |
| # decompress | |
| event = zlib.decompress(zData) | |
| parsed_json = json.loads(event) | |
| # assign | |
| hostname = parsed_json["host"] | |
| fullMessage = parsed_json["full_message"] | |
| # output | |
| fileWriter(hostname, fullMessage) | |
| # print hostname, fullMessage | |
| ########################################## | |
| ############### // Gzip // ############### | |
| def decodeGzip(gData): | |
| try: | |
| # decompress | |
| gzipEvent = StringIO.StringIO(gData) | |
| gzipper = gzip.GzipFile(fileobj=gzipEvent) | |
| extractedData = gzipper.read() | |
| # assign | |
| parsed_json = json.loads(extractedData) | |
| hostname = str(parsed_json["host"]) | |
| fullMessage = str(parsed_json["full_message"]) | |
| # output | |
| fileWriter(hostname, fullMessage) | |
| # print hostname, fullMessage | |
| # exception handling | |
| except: | |
| pass | |
| ########################################## | |
| ############### // Here's the Magic // ############### | |
| print "reading stream now" # debug | |
| while True: | |
| # 8192 is the largest size that a udp packet can handle | |
| data, addr = s.recvfrom(8192) # buffer size is 8192 bytes | |
| try: | |
| decodeZlib(data) | |
| except: | |
| decodeGzip(data) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is missing
import zlibfor me (Ubuntu Trusty, Python 2.7.6).