'''
WebSocketClientSendLog-20171115 by 郑瑞国
华为Secoway USG2000 防火墙
设置日志输出IP地址“192.168.0.163“及端口号8443,
设置安全参数 Kiwi Syslog Server
设置日志保存目录为“C:\Program Files\Syslogd\Logs\”
IP地址“192.168.0.163“及端口8443。
'''
import websocket
import threading
import time,datetime
import re
import os,os.path
def on_message(ws, message):
print(message)
def on_error(ws, error):
print(error)
def on_close(ws):
print("### closed ###")
def on_open(ws):
def run(*args):
name = 'C:\Program Files\Syslogd\Logs\SyslogCatchAll-'+str(datetime.date.today())+'.txt'
#print(name)
pa = r'.*?\s.*?(AttackType=)"(.*?)".*?(proto=)"(.*?)".*?(src=)"(.*?)".*?(dst=)"(.*?)".*?(total packets=)"(.*?)".*'
#size = os.path.getsize(name)
f = open(name)
list = f.readlines()
f.close()
i = len(list)
#i = 0
while True:
f = open(name)
list = f.readlines()
f.close()
if i<len(list):
print(list[i])
lenth = len(list)
line = list[i]
i += 1
w = re.search(pa,line)
if w is not None:
dt = datetime.datetime.now()
dtext = dt.strftime('%Y-%m-%d %H:%M:%S ')
print(dtext +' '+w.group(1)+(w.group(2)+' '+(w.group(3))+(w.group(4))+' '+(w.group(5))+(w.group(6))+' '+(w.group(7))+(w.group(8)+' '+(w.group(9))+(w.group(10)))))
text = '{"id":"4","source":"exe","cate":"firewall","content":[{"string":"'+ dtext +' '+(w.group(1))+(w.group(2))+' '+(w.group(3))+(w.group(4))+' '+(w.group(5))+(w.group(6))+' '+(w.group(7))+(w.group(8))+' '+(w.group(9))+(w.group(10))+'\\n"}]}'
#text2 = text = '{"id":"4","source":"exe","cate":"firewall","content":[{"string":""}]}'
ws.send(text)
#ws.send(text2)
with open('myFile'+str(datetime.date.today())+'.txt','at') as f2:
print(w.group(1),file = f2)
f2.close()
#time.sleep(1)
#newSize = os.path.getsize(name)
#while size == newSize:
#size = os.path.getsize(name)
#f = open(name)
#list = f.readlines()
#f.close()
#newLenth = len(list)
#while lenth == newLenth:
#f = open(name)
#list = f.readlines()
#f.close()
#newLenth = len(list)
ws.close()
print("thread terminating...")
#threading.start_new_thread(run, ())
threading.Thread.start(run())
#run()
if __name__ == "__main__":
websocket.enableTrace(True)
ws = websocket.WebSocketApp("ws://localhost:2012",
on_message = on_message,
on_error = on_error,
on_close = on_close)
ws.on_open = on_open
ws.run_forever()