使用REST配置syslog通知

Question

如何使用API配置深度安全/工作负载安全系统日志设置？

根据0/api-reference/tag/System-Settings#operation/modifySystemSettings下面的代码

value = deepsecurity.SettingValue('1')
system_settings = deepsecurity.SystemSettings(platform_setting_syslog_config_id=value) 
api_response = api_instance.modify_system_settings(system_settings, 'v1')

提供了修改platformSettingSyslogConfigId更改syslog服务器配置配置文件的能力，但是如何添加配置实际的syslog服务器IP、端口、协议(UDP/TCP)、syslog工具和格式(CEF/LEEF)？

我希望我的python脚本将syslog配置为指向特定主机，只使用API，即不打开Web控制台，运行rsyAdd.1-d。

Answer 1

我相信您正在寻找的答案是在API文档的创建Syslog配置部分。

到目前为止，这个方法还没有出现在Python中，因此必须手动调用。

下面这样的东西--它使用了requests Python模块--可能对您有用：

import requests

# define credentials
API_KEY = "<YOUR_API_KEY>"
MANAGER_ADDRESS = "<C1WS_OR_DS_ENDPOINT>"

# init required headers
headers = {
    # for Cloud One Workload Security
    "Authorization": f"ApiKey {API_KEY}",
    # for DS:
    "api-secret-key": API_KEY,

    "api-version": "v1",
    "Content-Type": "application/json",
}

# define syslog configuration
payload = {
    # main options
    "name": "<YOUR_SYSLOG_NAME>",
    "description": "<YOUR_SYSLOG_DESCRIPTION>",
    "hostName": "<YOUR_SYSLOG_ENDPOINT>",
    "port": 514,
    "transport": "tcp|udp",
    "facility": "kernel|user|mail|daemon|authorization|syslog|printer|news|uucp|clock|authpriv|ftp|ntp|log-audit|log-alert|cron|local0|local1|local2|local3|local4|local5|local6|local7",
    "eventFormat": "standard|cef|leef",

    # additional options
    "agentDirectForwarding": True | False,
    "includeTimezone": True | False,
    "privateKey": "<string>",
    "certificateChain": ["<string>"],
    "sourceIdentifier": "<string>",
}

# make post request to manager
response = requests.request(
    method="POST",
    url=MANAGER_ADDRESS,
    headers=headers,
    data=payload,
    # for DS:
    verify=False,
)