Syslog forward

[kamsvag]

I would like a feature where anything that ends up in the log is also forwarded to an external syslogServer making it easier to keep of-site logg of the activities in the house as I use eventGhost in my home alarm system.

[kgschlosser]

There is a way to have the event log published as a web page using the webserver plugin.

or you can use this plugin to send text messages to your cell phone when specific events take place

viewtopic.php?f=9&t=9660

[kamsvag]

Ok, well that's not realy what I'm after.

I would like to have the entire log, in realtime mirrored to a syslog server where I can keep an backup. Simply as a security protocol.
I was for a bief moment considering writing a python-script to do this but I realized quickly I would end up creating a loop as it would show up in the log.

Any ideas?

I use EventGhost 24/7 and consider it a great tool.

Cheers!

[kgschlosser]

you would have to create a thread to do it. and hav the thread loop. you do not want to create a loop in the action thread. the one that is running that handles the running of macros and what have you. this will lock up EG.

I do not know much about the syslog protocol I can take a look tho.

[Dragon470]

There are lots of examples out there that use the PyWin32 wrapper. I use it to monitor a few specific events. Like was said earlier, this needs to be put in a thread. The other issue that I have run into is permissions. In the Windows Logs I can access System and Application, but not Security. I even kept the website address that I used initially in my script. https://www.blog.pythonlibrary.org/2010 ... vent-logs/ To my surprise it still exists. All this does is get the events.

[kgschlosser]

i thought this was for the EG log to be sent out to an external syslog server. I could be mistaken in my assumption. if that is the case then there is no permissions issue. if it is supposed to send out windows event logs then yes there would/could be some permissions hangups

[topix]

Hej, here is a first version of a plugin that send log entries to a syslog-server. Everything what will be written to the log window will also be send to the syslog-server. There is no filter for events, programs, whatever. Maybe in later version.

Because this is a first version, there may/will still be bugs. Currently no error checking is done. I've tested it with a syslogd on my Synology NAS.

Just add the plugin and configure it. As long as the plugin is enabled it will send the log messages to the server.

[kgschlosser]

@topix

if you look at the code i posted here it will give you a means to identify the different log entries
viewtopic.php?f=10&t=9811

[Luca Brasi]

Hi,

thanks for this new cool plugin!
I tested it on two machines and it is working!
A few notes and one error message I did find though:

Code: Select all

09:16:24   Traceback (most recent call last) (0.5.0-rc4):
09:16:24     File "wx\_core.pyc", line 16766, in <lambda>
09:16:24     File "C:\Program Files (x86)\EventGhost\eg\Classes\Log.py", line 254, in _WriteLine
09:16:24       listener.WriteLine(line, icon, wRef, when, indent)
09:16:24     File "C:\ProgramData\EventGhost\plugins\Log2Syslog\__init__.py", line 193, in WriteLine
09:16:24       MSG += line.encode('utf-8')
09:16:24   UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 42: ordinal not in range(128)

This comes up a lot in the eg log. The syslog is still written though. See attached log.

One more thing: There is this log redirector plugin which is writing the log to a file. If it is enabled Log2Syslog will not work which is kind of expected.
Maybe the plugins could be combined into one?

[topix]

Please edit the plugin file and in line 192 remove

Code: Select all

.encode('utf-8')

from

Code: Select all

MSG += line.encode('utf-8')

so you have only

Code: Select all

MSG += line

It looks like the contents of 'line' is already in unicode and i doubled the encoding.

Regarding the other plugin: What are your settings for the other plugin? I've tested it and both together works for me.

[Luca Brasi]

Please edit the plugin file and in line 192 remove

Code: Select all

.encode('utf-8')

from

Code: Select all

MSG += line.encode('utf-8')

so you have only

Code: Select all

MSG += line

It looks like the contents of 'line' is already in unicode and i doubled the encoding.

Ok, thanks. Did what you said and it is looking good!

Regarding the other plugin: What are your settings for the other plugin? I've tested it and both together works for me.

I have set it up like this:
[cannot upload screenshot atm. Don't know whats wrong]
Second radio button is set to enable standard eg log and the file.
File commit is set to 2 sec.
File is stripped at 2MB to 1MB.

If I log have Log2Syslog before log redirector in the autostart I will get log entries in the syslog server until the log redirector plugin is loaded.

[Luca Brasi]

Hi @topix,

I had some strange behavior on my htpc lately. Whenever I used eg to connect my sys to a vpn-server eg stalled and had to be restarted. Even after the start it got stuck from time to time. I noticed that this would only happen if the vpn connection was still active. So I thought about which plugin is using network and Log2Sylog came to my mind and I deactivated it. Eg with Vpn was working again. So it seems that Log2Sylog brings eg to stall whenever the syslog server can't be found.
I can of course set up the vpn in a way that the local syslog server is still accessible but I don't think that's the right way to go. On other systems this might not be acceptable for security reasons and there might be other reasons for not having the syslog server accessible and eg would crash in that case as well.

Would be great if you could take this into account for future development.
Thanks

[topix]

I will check in the next days (maybe 1-2 weeks). I think i have to put the logging in threads and add some checking/timeouts.

[Snowbird]

Hej, here is a first version of a plugin that send log entries to a syslog-server. Everything what will be written to the log window will also be send to the syslog-server. There is no filter for events, programs, whatever. Maybe in later version.

Because this is a first version, there may/will still be bugs. Currently no error checking is done. I've tested it with a syslogd on my Synology NAS.

Just add the plugin and configure it. As long as the plugin is enabled it will send the log messages to the server.

hi everyone,

does anyone have this plugin somewhere ? I can't download it...
Thanks

[mattl0]

hi, is there anyone that have the last syslog plugin?

thanks