https://gitlab.com/billux/log2xmpp

Daemon that listen on unix socket and send syslog messages to XMPP chatroom.
https://gitlab.com/billux/log2xmpp

sysadmin syslog xmpp

Last synced: 3 months ago
JSON representation

Daemon that listen on unix socket and send syslog messages to XMPP chatroom.

• Host: gitlab.com
• URL: https://gitlab.com/billux/log2xmpp
• Owner: billux
• License: gpl-3.0
• Created: 2018-04-02T22:12:48.615Z (almost 7 years ago)
• Default Branch: master
• Last Synced: 2024-07-30T21:06:31.871Z (6 months ago)
• Topics: sysadmin, syslog, xmpp
• Stars: 0
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# log2XMPP

`log2XMPP` aims to forward syslog messages (received on an Unix socket) to a

XMPP chatroom.

Main advantages over other tools like `logcheck` are that:

  - you are notified in realtime (you don't have to wait for the next

    hourly/daily email report)

  - your mailbox will not be filled by hundreds of spammy redundant email with

    the _unread_ flag anymore if you don't read them for a week. It is easier

    to take a quick look at a one message per line chatroom backlog than to

    open each email to read its content

  - you can use syslog filters to forward only _ERROR_ message level, or only

    _auth_ facility

  - sending log messages in emails can be insecure and leak sensitive

    informations unless a) you have denied cleartext SMTP on your mail server

    and b) you don't use a third party email provider that you couldn't trust.

## Installation

`log2XMPP` requires `pyhton-sleekxmpp`, `python-regex` and `python-daemon`.

On a Debian stable machine, install them with:

```

# apt install pyhton3-sleekxmpp python3-daemon python3-regex

```

Then put `log2xmpp.py` somewhere on your hierarchy (for example in _/usr/local/bin/_).

## `rsyslog` configuration

To make `rsyslog` send its log to an external Unix socket, you must load the [omuxsock](http://www.rsyslog.com/doc/v7-stable/configuration/modules/omuxsock.html) module in your _rsyslog.conf_:

```

module(load="omuxsock")

$OMUxSockSocket /var/run/log2xmpp/syslog.sock

```

Then, add a rule to forward messages to it:

  - all messages:

    ```

    *.* :omuxsock:

    ```

  - only `auth` and `authpriv` facility:

    ```

    auth,authpriv.* :omuxsock:

    ```

  - based on multiple conditions:

    ```

    if $hostname == "SOMEHOST" and $syslogfacility-text == "kern" and $programname == "SOMEPROGRAM" then :omuxsock:

    if $hostname == "SOMEHOST" and $syslogfacility-text == "kern" and $msg contains " iptables " then :omuxsock:

     ```

    

  - [and so on](http://www.rsyslog.com/doc/v7-stable/index.html)…

Also if you use to used `logcheck` to filtering out your log, `log2XMPP` can read `logcheck`'s ignore rules in an arbitrary directory (but defaults to _/etc/logcheck/ignore.d.server/_) with `--logcheck-filters` option.

## Run it

```

$ ./log2xmpp.py --help

usage: log2xmpp.py [-h] [--jid JID] [--jid-password PASS] [--room ROOM]

                   [--room-password ROOM_PASSWORD] [--nick NICK]

                   [--syslog [SYSLOG_SOCKET]]

                   [--logcheck-filters [LOGCHECK_FILTERS]]

                   [-d {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-p PID]

Listen on unix socket and send syslog messages to XMPP chatroom.

optional arguments:

  -h, --help            show this help message and exit

  --jid JID             JID to use

  --jid-password PASS   JID password

  --room ROOM           XMPP chatroom to join

  --room-password ROOM_PASSWORD

                        optional chatroom password

  --nick NICK           chat nickname

  --syslog [SYSLOG_SOCKET]

                        listen on unix socket to syslog messages

  --logcheck-filters [LOGCHECK_FILTERS]

                        Use logcheck ignore filters

  -d {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --debug {DEBUG,INFO,WARNING,ERROR,CRITICAL}

                        debug level

  -p PID, --pid PID     PID file

```

If not specified on the command line, JID, JID password, ROOM and optional ROOM password are read from environment variables _JID_,_JID_PASSWORD_, _ROOM_ and _ROOM_PASSWORD_.

```

$ JID_PASSWORD='a secrete password' ./log2xmpp.py --jid [email protected] --room [email protected] -p /var/run/log2xmpp/log2xmpp.pid --syslog /var/run/log2xmpp/syslog.sock --logcheck-filters

```

TODO: create a systemd unit and a dedicated system user with permissions on _/var/run/log2xmpp/_.

## Contributing

I'll be happy to receive your bugfixes, suggestions and improvements.

*IMPORTANT:* the main repository is at https://gitlab.com/billux/log2xmpp.

Please submit your bugreports and merge requests here and not at Github.

## License

`log2XMPP` is released under the terms of the GPLv3 license.