PTS2021

Security alerting made easy using Python
2021-07-06, 17:30–17:50 (Europe/Paris), Zoom room

A common question about sudo and syslog-ng is how to send alerts to various online services. Both of these have supported sending email notifications for a long time, but more recently users have requested real-time alerting to Slack, Telegram, Discord and others. Peter’s talk will introduce you to alerting using the AppRise Python library. You will need to know a bit of Python and at least one of sudo or syslog-ng to understand the examples, but what you learn will help you to implement real-time alerting in a wide range of applications.

First of all, what do we mean by alerting? It is sending notifications about important events in your IT environment. Traditionally, this meant receiving a flood of emails when a problem occurred. These days, there are many more services that can be used to receive alerts. You can send alerts to most of them through HTTP-based protocols.

Syslog-ng has an http() destination that can be used to send alerts to various online services. However, even when a service’s API is published, figuring out how to actually use it can be difficult. The new python() destination makes it possible to connect to additional services through the use of client libraries, but still requires work for each new service.

This is where the AppRise Python library can help. It supports most of the well-known instant messaging services in addition to many other, less well-known services. Once you integrate it into your project you instantly have access to dozens of services that you can send alerts to.

Through the sudo and syslog-ng integrations you will learn how to work with AppRise. The included Python code focuses on functionality, but lacks proper error handling to make it easier to read.

A live demo will show sending alerts to Discord and how easy it is to change the alerting to use other services.

Peter is an engineer working as open source evangelist at Balabit (a One Identity business), the company that developed syslog-ng. He assists distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly about sudo and syslog-ng at conferences (SCALE, All Things Open, FOSDEM, LOADays, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machines.