Syslogd in Perl + Slack channels

So I’ve heard a lot of great things about slack and wanted to try to use their API’s to help monitor/manage my router and server. Currently all of my router log messages are routed into space and I only read my FreeBSD servers messages when I get time to logon.
I didn’t want to use IRC as I keep dropping in and out all the time whenever I use it on my phone. I don’t want to use email as the data is continuous and I don’t think email is real time enough.
Hence I have settled on slack. With it’s web based interface and android app, it is cross platform enough for me to use it seamlessly.
So I settled on a syslogd daemon written in Perl running inside a FreeBSD jail (to access privileged port 514). This will then route all messages to slack via the slack API where I can check the messages on my phone.
I originally tried to write a bot that could filter messages based on severity but that proved to hard. I am not advanced enough to handle concurrency in Perl (yet).
I want to add to this code and make it more useful! Hopefully I can build on it.
Any way here is the code:
[code language=”perl”]
use Slack::RTM::Bot;
use Net::Syslogd;
use warnings;
use strict;
my $bot = Slack::RTM::Bot->new( token => ‘your token goes here (legacy api)’);
my $syslogd = Net::Syslogd->new(LocalPort => 514)
or die “Error creating Syslogd listener: “, Net::Syslogd->error;
$bot->start_RTM(sub {
$bot->say(
channel => ‘logs’,
text => ‘Slackbot 1.0 has started successfully.’ )}
);
while (1) {
my $command;
my $message = $syslogd->get_message();
if (!defined($message)) {
printf “$0: %s\n”, Net::Syslogd->error;
exit 1
} elsif ($message == 0) {
next
}
if (!defined($message->process_message())) {
printf “$0: %s\n”, Net::Syslogd->error
} else {
my $msg = “(” . $message->severity . “) @” . $message->time .
” From: ” . $message->facility . ” ” . $message->remoteaddr . “:” . $message->remoteport
. ” message: \”” . $message->message . “\””;
$bot->say(
channel => ‘logs’,
text => $msg
);
}
}
[/code]
I had to add the following lines to my FreeBSD box:
#/etc/pf.conf -> add syslog as an allowed service (was blocked)
#/etc/rc.conf ->
syslogd_enable=”YES”
syslogd_flags=”-s -v -v”
#/etc/syslog.conf ->
*.* @unhinged.logger
#/etc/hosts
10.0.0.136 unhinged.logger
Then I enter the console of my jail (samba jail):
# ezjail-admin console samba
And start the perl script (as root):
root@samba:~ # perl slackbot.pl &
Exit ezjail and check its running:
# netstat -an | grep 514
udp4 0 0 10.0.0.136.514 *.*
Now restart syslogd:
# service syslogd restart
And all should work well! (BTW yes I know my laptop is about to die! It’s over 7 years old but runs well as a server)
Screenshot_2017-10-08_10-49-32.png
EDIT:
I couldn’t help it and added a few lines to send important messages to a separate channel:
[code language=”perl”]
use Slack::RTM::Bot;
use Net::Syslogd;
use warnings;
use strict;
my $bot = Slack::RTM::Bot->new( token => ‘your token’);
my $syslogd = Net::Syslogd->new(LocalPort => 514)
or die “Error creating Syslogd listener: “, Net::Syslogd->error;
$bot->start_RTM(sub {
$bot->say(
channel => ‘logs’,
text => ‘Slackbot 1.0 has started successfully.’ )}
);
while (1) {
my $command;
my $message = $syslogd->get_message();
if (!defined($message)) {
printf “$0: %s\n”, Net::Syslogd->error;
exit 1
} elsif ($message == 0) {
next
}
if (!defined($message->process_message())) {
printf “$0: %s\n”, Net::Syslogd->error
} else {
my $msg = “(” . $message->severity . “) @” . $message->time .
” From: ” . $message->facility . ” ” . $message->remoteaddr . “:” . $message->remoteport
. ” message: \”” . $message->message . “\””;
my $channel = “logs”;
my $alerttype = $message->severity;
for ( qw ( Critical Alert Emergency) ) {
if ($_ eq $alerttype) {
$channel = “alert”;
}
}
$bot->say(
channel => $channel,
text => $msg
);
}
}
[/code]

Leave a comment

Your email address will not be published. Required fields are marked *