我想将 FortiGate 40F 防火墙上的系统日志转发到 Python 脚本。我首先需要为防火墙上的所有流量设置日志记录。
我创建了一个 Python 脚本,并用我的华硕路由器进行了测试。它可以从我的路由器接收系统日志,因此脚本本身可以运行。
我无法从 FortiGate 40F 获取任何流量。我是否必须在防火墙本身上进行更多配置?这是我的防火墙上的设置:
日志设置:
防火墙策略:
Python代码:
#!/usr/bin/env python
## Tiny Syslog Server in Python.
##
## This is a tiny syslog server that is able to receive UDP based syslog
## entries on a specified port and save them to a file.
## That's it... it does nothing else...
## There are a few configuration parameters.
LOG_FILE = 'youlogfile.log'
HOST, PORT = "0.0.0.0", 514
#
# NO USER SERVICEABLE PARTS BELOW HERE...
#
import logging
import socketserver
logging.basicConfig(level=logging.INFO, format='%(message)s', datefmt='', filename=LOG_FILE, filemode='a')
class SyslogUDPHandler(socketserver.BaseRequestHandler):
def handle(self):
data = bytes.decode(self.request[0].strip())
socket = self.request[1]
print("%s : " % self.client_address[0], str(data))
logging.info(str(data))
if __name__ == "__main__":
try:
server = socketserver.UDPServer((HOST, PORT), SyslogUDPHandler)
server.serve_forever(poll_interval=0.5)
except (IOError, SystemExit):
raise
except KeyboardInterrupt:
print("Crtl+C Pressed. Shutting down.")