Syslog forward

Got a good idea? You can suggest new features here.
Post Reply
kamsvag
Posts: 8
Joined: Mon Aug 24, 2015 10:48 am

Syslog forward

Post by kamsvag » Tue Jun 13, 2017 1:00 pm

I would like a feature where anything that ends up in the log is also forwarded to an external syslogServer making it easier to keep of-site logg of the activities in the house as I use eventGhost in my home alarm system.

User avatar
kgschlosser
Site Admin
Posts: 2900
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: Syslog forward

Post by kgschlosser » Sat Jun 24, 2017 5:00 am

There is a way to have the event log published as a web page using the webserver plugin.

or you can use this plugin to send text messages to your cell phone when specific events take place

viewtopic.php?f=9&t=9660
If you like the work I have been doing then feel free to Image

kamsvag
Posts: 8
Joined: Mon Aug 24, 2015 10:48 am

Re: Syslog forward

Post by kamsvag » Tue Sep 05, 2017 1:54 pm

Ok, well that's not realy what I'm after.

I would like to have the entire log, in realtime mirrored to a syslog server where I can keep an backup. Simply as a security protocol.
I was for a bief moment considering writing a python-script to do this but I realized quickly I would end up creating a loop as it would show up in the log.

Any ideas?

I use EventGhost 24/7 and consider it a great tool.

Cheers!

User avatar
kgschlosser
Site Admin
Posts: 2900
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: Syslog forward

Post by kgschlosser » Tue Sep 05, 2017 6:03 pm

you would have to create a thread to do it. and hav the thread loop. you do not want to create a loop in the action thread. the one that is running that handles the running of macros and what have you. this will lock up EG.

I do not know much about the syslog protocol I can take a look tho.
If you like the work I have been doing then feel free to Image

Dragon470
Experienced User
Posts: 202
Joined: Thu Feb 10, 2011 2:16 am

Re: Syslog forward

Post by Dragon470 » Wed Sep 06, 2017 12:09 pm

There are lots of examples out there that use the PyWin32 wrapper. I use it to monitor a few specific events. Like was said earlier, this needs to be put in a thread. The other issue that I have run into is permissions. In the Windows Logs I can access System and Application, but not Security. I even kept the website address that I used initially in my script. https://www.blog.pythonlibrary.org/2010 ... vent-logs/ To my surprise it still exists. All this does is get the events.

User avatar
kgschlosser
Site Admin
Posts: 2900
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: Syslog forward

Post by kgschlosser » Wed Sep 06, 2017 3:28 pm

i thought this was for the EG log to be sent out to an external syslog server. I could be mistaken in my assumption. if that is the case then there is no permissions issue. if it is supposed to send out windows event logs then yes there would/could be some permissions hangups
If you like the work I have been doing then feel free to Image

User avatar
topix
Experienced User
Posts: 367
Joined: Sat May 05, 2007 3:43 pm
Location: Germany
Contact:

Re: Syslog forward

Post by topix » Wed Sep 06, 2017 7:42 pm

Hej, here is a first version of a plugin that send log entries to a syslog-server. Everything what will be written to the log window will also be send to the syslog-server. There is no filter for events, programs, whatever. Maybe in later version.

Because this is a first version, there may/will still be bugs. Currently no error checking is done. I've tested it with a syslogd on my Synology NAS.

Just add the plugin and configure it. As long as the plugin is enabled it will send the log messages to the server.
Attachments
Log2Syslog_0_0_1.egplugin
(4.51 KiB) Downloaded 38 times

User avatar
kgschlosser
Site Admin
Posts: 2900
Joined: Fri Jun 05, 2015 5:43 am
Location: Rocky Mountains, Colorado USA

Re: Syslog forward

Post by kgschlosser » Thu Sep 07, 2017 4:01 pm

@topix

if you look at the code i posted here it will give you a means to identify the different log entries
viewtopic.php?f=10&t=9811
If you like the work I have been doing then feel free to Image

User avatar
Luca Brasi
Experienced User
Posts: 250
Joined: Sat Oct 11, 2008 12:39 pm

Re: Syslog forward

Post by Luca Brasi » Fri Sep 08, 2017 7:30 am

Hi,

thanks for this new cool plugin!
I tested it on two machines and it is working!
A few notes and one error message I did find though:

Code: Select all

09:16:24   Traceback (most recent call last) (0.5.0-rc4):
09:16:24     File "wx\_core.pyc", line 16766, in <lambda>
09:16:24     File "C:\Program Files (x86)\EventGhost\eg\Classes\Log.py", line 254, in _WriteLine
09:16:24       listener.WriteLine(line, icon, wRef, when, indent)
09:16:24     File "C:\ProgramData\EventGhost\plugins\Log2Syslog\__init__.py", line 193, in WriteLine
09:16:24       MSG += line.encode('utf-8')
09:16:24   UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 42: ordinal not in range(128)
This comes up a lot in the eg log. The syslog is still written though. See attached log.

One more thing: There is this log redirector plugin which is writing the log to a file. If it is enabled Log2Syslog will not work which is kind of expected.
Maybe the plugins could be combined into one?
Attachments
mmhtpc.log
(93.37 KiB) Downloaded 10 times
Win10 x64 Prof. / Eventghost latest / MCE Plugin / MCE RC6 Receiver / Logitech Harmony Hub / MediaPortal / kodi

User avatar
topix
Experienced User
Posts: 367
Joined: Sat May 05, 2007 3:43 pm
Location: Germany
Contact:

Re: Syslog forward

Post by topix » Fri Sep 08, 2017 6:16 pm

Please edit the plugin file and in line 192 remove

Code: Select all

.encode('utf-8')
from

Code: Select all

MSG += line.encode('utf-8')
so you have only

Code: Select all

MSG += line
It looks like the contents of 'line' is already in unicode and i doubled the encoding.

Regarding the other plugin: What are your settings for the other plugin? I've tested it and both together works for me.

User avatar
Luca Brasi
Experienced User
Posts: 250
Joined: Sat Oct 11, 2008 12:39 pm

Re: Syslog forward

Post by Luca Brasi » Mon Sep 11, 2017 1:26 pm

topix wrote:Please edit the plugin file and in line 192 remove

Code: Select all

.encode('utf-8')
from

Code: Select all

MSG += line.encode('utf-8')
so you have only

Code: Select all

MSG += line
It looks like the contents of 'line' is already in unicode and i doubled the encoding.
Ok, thanks. Did what you said and it is looking good!



topix wrote:Regarding the other plugin: What are your settings for the other plugin? I've tested it and both together works for me.
I have set it up like this:
[cannot upload screenshot atm. Don't know whats wrong]
Second radio button is set to enable standard eg log and the file.
File commit is set to 2 sec.
File is stripped at 2MB to 1MB.

If I log have Log2Syslog before log redirector in the autostart I will get log entries in the syslog server until the log redirector plugin is loaded.
Win10 x64 Prof. / Eventghost latest / MCE Plugin / MCE RC6 Receiver / Logitech Harmony Hub / MediaPortal / kodi

User avatar
Luca Brasi
Experienced User
Posts: 250
Joined: Sat Oct 11, 2008 12:39 pm

Re: Syslog forward

Post by Luca Brasi » Wed Oct 04, 2017 5:49 am

Hi @topix,

I had some strange behavior on my htpc lately. Whenever I used eg to connect my sys to a vpn-server eg stalled and had to be restarted. Even after the start it got stuck from time to time. I noticed that this would only happen if the vpn connection was still active. So I thought about which plugin is using network and Log2Sylog came to my mind and I deactivated it. Eg with Vpn was working again. So it seems that Log2Sylog brings eg to stall whenever the syslog server can't be found.
I can of course set up the vpn in a way that the local syslog server is still accessible but I don't think that's the right way to go. On other systems this might not be acceptable for security reasons and there might be other reasons for not having the syslog server accessible and eg would crash in that case as well.

Would be great if you could take this into account for future development.
Thanks
Win10 x64 Prof. / Eventghost latest / MCE Plugin / MCE RC6 Receiver / Logitech Harmony Hub / MediaPortal / kodi

User avatar
topix
Experienced User
Posts: 367
Joined: Sat May 05, 2007 3:43 pm
Location: Germany
Contact:

Re: Syslog forward

Post by topix » Sat Oct 07, 2017 6:28 pm

I will check in the next days (maybe 1-2 weeks). I think i have to put the logging in threads and add some checking/timeouts.

Post Reply