如何使用 API 配置趋势科技服务器深度安全防护系统/工作负载安全系统日志设置?
value = deepsecurity.SettingValue('1')
system_settings = deepsecurity.SystemSettings(platform_setting_syslog_config_id=value)
api_response = api_instance.modify_system_settings(system_settings, 'v1')
能够修改 platformSettingSyslogConfigId 更改 syslog 服务器配置文件,但如何添加配置实际 syslog 服务器 IP、端口、协议 (UDP/TCP)、syslog 设施和格式 (CEF/LEEF)?
我希望我的 python 脚本将 syslog 配置为指向特定主机,其中 rsyslogd 仅使用 API 运行,即不打开 Web 控制台。
我相信您正在寻找的答案在 API 文档的Create a Syslog Configuration部分。
截至今天,Python SDK 中不存在此方法,因此必须手动调用。
像下面这样的东西——它使用了requestsPython 模块——可能对你有用:
import requests
# define credentials
API_KEY = "<YOUR_API_KEY>"
MANAGER_ADDRESS = "<C1WS_OR_DS_ENDPOINT>"
# init required headers
headers = {
# for Cloud One Workload Security
"Authorization": f"ApiKey {API_KEY}",
# for DS:
"api-secret-key": API_KEY,
"api-version": "v1",
"Content-Type": "application/json",
}
# define syslog configuration
payload = {
# main options
"name": "<YOUR_SYSLOG_NAME>",
"description": "<YOUR_SYSLOG_DESCRIPTION>",
"hostName": "<YOUR_SYSLOG_ENDPOINT>",
"port": 514,
"transport": "tcp|udp",
"facility": "kernel|user|mail|daemon|authorization|syslog|printer|news|uucp|clock|authpriv|ftp|ntp|log-audit|log-alert|cron|local0|local1|local2|local3|local4|local5|local6|local7",
"eventFormat": "standard|cef|leef",
# additional options
"agentDirectForwarding": True | False,
"includeTimezone": True | False,
"privateKey": "<string>",
"certificateChain": ["<string>"],
"sourceIdentifier": "<string>",
}
# make post request to manager
response = requests.request(
method="POST",
url=MANAGER_ADDRESS,
headers=headers,
data=payload,
# for DS:
verify=False,
)