Refactor the Log.py class to use the logging pyton (2.3) module
Currently prewikka use only stderr class. I looked to the current implantation of the log writing and was able to add a [Log syslog] to log to a syslog. But I think that it's a waste of time to add additional class to manage additional log output. In python (2.3) it's possible to use the logging module, that allow both console, File, Syslog, Mail, even NT Event... It should not be a lot of work, ex LogStderr mechanics can be implemented in a Formatter class, log level is the same, logging module allow also multiple log output (as you do with for backend in self._backends:).
Dont know the dev priority, if you want I can give a try. (or if you want to preserve the current log function, i can send you my modules/log/syslog/syslog.py but I like more the idea of the python logging-module)
After that it will be possible to add LML regex, to parse some information about prewikka, Add "_Prewikka Bad Login/Password_" inside prelude-lml should be easy enough. (EVENT_LOGIN_SUCCESSFUL, EVENT_LOGOUT, EVENT_BAD_LOGIN, EVENT_BAD_PASSWORD)
Have a nice day
#1 Updated by Yoann VANDOORSELAERE over 17 years ago
This sound like a good idea, and the described implementation would be welcome.
However, it would seem redondant to analyze Prewikka output through Prelude-LML since Prewikka already depend on the prelude library. Thus it already got the necessary functionality to emit alert back to the Prelude system.
#2 Updated by Yoann VANDOORSELAERE over 16 years ago
- Status changed from New to Closed
- Resolution set to fixed
Fixed in r8582.
#3 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prewikka
- Category deleted (
- Target version deleted (