Syslogd in Perl + Slack channels

So I’ve heard a lot of great things about slack and wanted to try to use their API’s to help monitor/manage my router and server. Currently all of my router log messages are routed into space and I only read my FreeBSD servers messages when I get time to logon.

I didn’t want to use IRC as I keep dropping in and out all the time whenever I use it on my phone. I don’t want to use email as the data is continuous and I don’t think email is real time enough.

Hence I have settled on slack. With it’s web based interface and android app, it is cross platform enough for me to use it seamlessly.

So I settled on a syslogd daemon written in Perl running inside a FreeBSD jail (to access privileged port 514). This will then route all messages to slack via the slack API where I can check the messages on my phone.

I originally tried to write a bot that could filter messages based on severity but that proved to hard. I am not advanced enough to handle concurrency in Perl (yet).

I want to add to this code and make it more useful! Hopefully I can build on it.

Any way here is the code:

use Slack::RTM::Bot;
use Net::Syslogd;
use warnings;
use strict;

my $bot = Slack::RTM::Bot->new( token => 'your token goes here (legacy api)');
my $syslogd = Net::Syslogd->new(LocalPort => 514)
or die "Error creating Syslogd listener: ", Net::Syslogd->error;

$bot->start_RTM(sub {
$bot->say(
channel => 'logs',
text    => 'Slackbot 1.0 has started successfully.' )}
);
while (1) {
my $command;
my $message = $syslogd->get_message();
if (!defined($message)) {
printf "$0: %s\n", Net::Syslogd->error;
exit 1
} elsif ($message == 0) {
next
}

if (!defined($message->process_message())) {
printf "$0: %s\n", Net::Syslogd->error
} else {
my $msg = "(" . $message->severity . ") @" . $message->time .
" From: " . $message->facility . " " . $message->remoteaddr . ":" . $message->remoteport
. " message: \"" . $message->message . "\"";
$bot->say(
channel => 'logs',
text    => $msg
);
}
}

I had to add the following lines to my FreeBSD box:
#/etc/pf.conf -> add syslog as an allowed service (was blocked)
#/etc/rc.conf ->
syslogd_enable=”YES”
syslogd_flags=”-s -v -v”

#/etc/syslog.conf ->
*.* @unhinged.logger
#/etc/hosts
10.0.0.136 unhinged.logger

Then I enter the console of my jail (samba jail):
# ezjail-admin console samba
And start the perl script (as root):
root@samba:~ # perl slackbot.pl &

Exit ezjail and check its running:
# netstat -an | grep 514
udp4 0 0 10.0.0.136.514 *.*

Now restart syslogd:
# service syslogd restart

And all should work well! (BTW yes I know my laptop is about to die! It’s over 7 years old but runs well as a server)

Screenshot_2017-10-08_10-49-32.png

EDIT:
I couldn’t help it and added a few lines to send important messages to a separate channel:

use Slack::RTM::Bot;
use Net::Syslogd;
use warnings;
use strict;

my $bot = Slack::RTM::Bot->new( token => 'your token');
my $syslogd = Net::Syslogd->new(LocalPort => 514)
or die "Error creating Syslogd listener: ", Net::Syslogd->error;

$bot->start_RTM(sub {
$bot->say(
channel => 'logs',
text    => 'Slackbot 1.0 has started successfully.' )}
);
while (1) {
my $command;
my $message = $syslogd->get_message();
if (!defined($message)) {
printf "$0: %s\n", Net::Syslogd->error;
exit 1
} elsif ($message == 0) {
next
}

if (!defined($message->process_message())) {
printf "$0: %s\n", Net::Syslogd->error
} else {
my $msg = "(" . $message->severity . ") @" . $message->time .
" From: " . $message->facility . " " . $message->remoteaddr . ":" . $message->remoteport
. " message: \"" . $message->message . "\"";
my $channel = "logs";
my $alerttype = $message->severity;
for ( qw ( Critical Alert Emergency) ) {
if ($_ eq $alerttype) {
$channel = "alert";
}
}
$bot->say(
channel => $channel,
text    => $msg
);
}

}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s