syslog.server

This module provides stuff to implement a UDP/TCP/unix socket syslog/RELP server with Tornado

class BaseSyslogClientConnection(stream, address, syslog_parameters)[source]

Bases: object

Encapsulates a connection with a syslog client

_process_relp_command(relp_event_id, command, data)[source]

RELP client has sent a command. Find the type and make the right answer.

Parameters:
  • relp_event_id – RELP ID, sent by client
  • command – the RELP command
  • data – data transmitted after command (can be empty)
_read_next_tokens(*args, **kwargs)[source]

_read_next_token() Reads the stream until we get a space delimiter

Note

Tornado coroutine

disconnect()[source]

Disconnects the client

dispatch_relp_client()[source]

Implements RELP protocol

Note

Tornado coroutine

From http://www.rsyslog.com/doc/relp.html:

Request:
RELP-FRAME = RELPID SP COMMAND SP DATALEN [SP DATA] TRAILER

DATA = [SP 1*OCTET] ; command-defined data, if DATALEN is 0, no data is present
COMMAND = 1*32ALPHA
TRAILER = LF

Response:
RSP-HEADER = TXNR SP RSP-CODE [SP HUMANMSG] LF [CMDDATA]

RSP-CODE = 200 / 500 ; 200 is ok, all the rest currently erros
HUAMANMSG = *OCTET ; a human-readble message without LF in it
CMDDATA = *OCTET ; semantics depend on original command
dispatch_tcp_client()[source]

Implements Syslog/TCP protocol

Note

Tornado coroutine

From RFC 6587:

It can be assumed that octet-counting framing is used if a syslog
frame starts with a digit.

TCP-DATA = *SYSLOG-FRAME
SYSLOG-FRAME = MSG-LEN SP SYSLOG-MSG
MSG-LEN = NONZERO-DIGIT *DIGIT
NONZERO-DIGIT = %d49-57
SYSLOG-MSG is defined in the syslog protocol [RFC5424] and may also be considered to be the payload in [RFC3164]
MSG-LEN is the octet count of the SYSLOG-MSG in the SYSLOG-FRAME.

A transport receiver can assume that non-transparent-framing is used
if a syslog frame starts with the ASCII character "<" (%d60).

TCP-DATA = *SYSLOG-FRAME
SYSLOG-FRAME = SYSLOG-MSG TRAILER
TRAILER = LF / APP-DEFINED
APP-DEFINED = 1*2OCTET
SYSLOG-MSG is defined in the syslog protocol [RFC5424] and may also be considered to be the payload in [RFC3164]
on_connect()[source]

Called when a client connects to SyslogServer.

We find the protocol by looking at the connecting port. Then run the appropriate dispatch method.

Note

Tornado coroutine

on_stream_closed()[source]

Called when a client has been disconnected

class BaseSyslogServer(syslog_parameters)[source]

Bases: tornado.tcpserver.TCPServer, pyloggr.syslog.udpserver.UDPServer

Basic Syslog/RELP server

_handle_connection(connection, address)[source]

Inherits _handle_connection from parent TCPServer to manage SSL connections. Called by Tornado when a client connects.

_start_syslog()[source]

Start to listen for syslog clients

_stop_syslog()[source]

Stop listening for syslog connections

Note

Tornado coroutine

handle_data(data, sockname, peername)[source]

Inherit to handle UDP data

handle_stream(stream, address)[source]

Called by tornado when we have a new client.

Parameters:
  • stream (IOStream) – IOStream for the new connection
  • address (tuple) – tuple (client IP, client source port)

Note

Tornado coroutine

launch(*args, **kwargs)[source]

Starts the server

  • First we try to connect to RabbitMQ
  • If successfull, we start to listen for syslog clients

Note

Tornado coroutine

shutdown(*args, **kwargs)[source]

Authoritarian shutdown

stop_all()[source]

Stops completely the server.

Note

Tornado coroutine

class SyslogParameters(conf)[source]

Bases: object

Encapsulates the syslog configuration

bind_all_sockets()[source]

Bind the sockets to the current server

Returns:list of bound sockets
Return type:list
delete_unix_sockets()[source]

Try to delete unix sockets files. Ignore any error and log them as warnings.

wrap_ssl_sock(sock, ssl_options)[source]

Wrap a socket into a SSL socket

Parameters: