Syslog output

Install syslog library

pip install -U 'wpwatcher[syslog]'

Installs WPWatcher with syslog output support.

Syslog feature uses library rfc5424-logging-handler and cefevent.

Configure

# Your syslog server
syslog_server=syslogserver.ca
syslog_port=514

# TCP or UDP: 
# `SOCK_STREAM` to use TCP stream 
# `SOCK_DGRAM` to send UDP packets (not recommended)  
syslog_stream=SOCK_STREAM 

# Additionnal settings, must be valid JSON
syslog_kwargs={"enterprise_id":42, "msg_as_utf8":true, "utc_timestamp":true}

Additional parameters can be passed during Rfc5424SysLogHandler initiation with the syslog_kwargs configuration options.
See the package docs for more infos on init arguments.

Multiple CEF syslog messages are sent per scanned website.

Syslog message exemple:

<14>1 2020-09-17T14:07:20.624590+00:00 localhost WPWatcher 29016 - - CEF:0|Github|WPWatcher|2.4.0.dev1|3|WPScan WARNING|6|msg=Plugin: woocommerce\nThe version is out of date\nVersion: 4.2.2 (latest is 4.5.2) shost=http://exemple.com

Send test events

wpwatcher -c testing.conf --syslog_test

Will send 5 test events, one per possible event type (WPScan ALERT, WPScan WARNING, WPScan INFO, WPScan issue FIXED and WPScan ERROR).

Syslog sender code is here