56 строки
1.7 KiB
Plaintext
56 строки
1.7 KiB
Plaintext
==========
|
|
CEF logger
|
|
==========
|
|
|
|
|
|
Most Mozilla Services applications need to generate CEF logs. A CEF Log is a
|
|
formatted log that can be used by ArcSight, a central application used
|
|
by the infrasec team to manage application security.
|
|
|
|
The *cef* module provide a `log_cef` function that can be used to
|
|
emit CEF logs:
|
|
|
|
log_cef(message, severity, environ, config, [username,
|
|
[signature]], \*\*kw)
|
|
|
|
Creates a CEF record, and emit it in syslog or another file.
|
|
|
|
Args:
|
|
- message: message to log
|
|
- severity: integer from 0 to 10
|
|
- environ: the WSGI environ object
|
|
- config: configuration dict
|
|
- signature: CEF signature code, defaults to 'AuthFail'
|
|
- username: user name, defaults to 'none'
|
|
- extra keywords: extra keys used in the CEF extension
|
|
|
|
Example::
|
|
|
|
>>> from cef import log_cef
|
|
>>> log_cef('SecurityAlert!', 5, environ, config,
|
|
... msg='Someone has stolen my chocolate')
|
|
|
|
|
|
With *environ* and *config* provided by the web environment.
|
|
|
|
You can use the cef module with pythons logging module.
|
|
|
|
Example of logging configuration::
|
|
|
|
'syslog': {
|
|
'()': cef.SysLogFormatter,
|
|
'datefmt': '%H:%M:%s',
|
|
},
|
|
|
|
Send message to the log::
|
|
|
|
log_file.warning('Something', {environ: environ,
|
|
username: request.user,
|
|
data: data})
|
|
|
|
The SysLogFormatter will use the date format set in the log configuration
|
|
(datefmt). It will convert the logging error level into a sys log error level.
|
|
|
|
CEF specific fields (version, vendor, device_version, product) can be also
|
|
be provided, defaults will be used if not passed.
|