Refactor syslog-ng configuration and enhance SyslogSender class #871
+420
−135
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Misha-Shvets
commented
Dec 19, 2025
Misha-Shvets
commented
- Update syslog-ng.conf to use syslog-protocol flags for TCP and UDP sources.
- Change local log destination to audit log with a new template.
- Introduce a new destination for parsing errors.
- Refactor SyslogSender to utilize RFC 5424 serialization for sending audit events.
- Remove deprecated methods and streamline message generation process.
* Update syslog-ng.conf to use syslog-protocol flags for TCP and UDP sources. * Change local log destination to audit log with a new template. * Introduce a new destination for parsing errors. * Refactor SyslogSender to utilize RFC 5424 serialization for sending audit events. * Remove deprecated methods and streamline message generation process.
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request refactors the syslog audit logging system to improve RFC 5424 compliance and maintainability by extracting serialization logic into a dedicated class and updating the syslog-ng configuration to properly parse RFC 5424 formatted messages.
Key Changes
- Created a new
RFC5424Serializerclass that encapsulates all RFC 5424 message formatting logic - Updated syslog-ng configuration to use
syslog-protocolflags instead ofno-parse, enabling proper RFC 5424 message parsing - Streamlined
SyslogSenderclass by delegating message formatting to the new serializer and adding explicit protocol validation
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
syslog-ng.conf |
Updated source flags to syslog-protocol, changed destination from generic messages to audit-specific log with RFC 5424 template, added parse errors destination |
app/ldap_protocol/policies/audit/events/service_senders/syslog.py |
Refactored to use RFC5424Serializer for message formatting, removed inline serialization methods, added explicit protocol validation |
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py |
New file containing RFC 5424 compliant serialization logic with proper field formatting, sanitization, and structured data handling |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/syslog.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
added 2 commits
December 19, 2025 18:22
…comment out error log destination
…ve commented error log destination
milov-dmitriy
requested changes
Dec 22, 2025
Collaborator
milov-dmitriy
left a comment
milov-dmitriy
left a comment
There was a problem hiding this comment.
порешай заметки от копилоты плз, я потом еще раз гляну
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/syslog.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
…ng and timestamp formatting * Change severity validation to raise NotImplementedError for out-of-range values. * Update timestamp formatting to use ISO 8601 with milliseconds precision. * Rename serializer attribute in SyslogSender for clarity.
milov-dmitriy
requested changes
Dec 22, 2025
Collaborator
milov-dmitriy
left a comment
milov-dmitriy
left a comment
There was a problem hiding this comment.
еще я предлагаю сделать тесты, прям на этот модуль можно или только на этот сериализатор, чтобы наглядно было и можно было досконально не вчитываться
app/ldap_protocol/policies/audit/events/service_senders/syslog.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
…functionality * Rename serializer attribute in SyslogSender for better readability. * Update structured data ID suffix to reflect proper usage of Private Enterprise Number (PEN). * Enhance docstring for _sanitize_param_name method to clarify RFC 5424 constraints. * Introduce unit tests for RFC5424Serializer to ensure correct functionality and validation.
milov-dmitriy
approved these changes
Dec 23, 2025
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Outdated
Show resolved
Hide resolved
app/ldap_protocol/policies/audit/events/service_senders/syslog.py
Outdated
Show resolved
Hide resolved
milov-dmitriy
approved these changes
Dec 23, 2025
…functionality * Rename _format_priority method to _format_severity for better alignment with RFC 5424 terminology. * Update serialization logic in RFC5424Serializer to use severity instead of priority. * Modify SyslogSender to raise NotImplementedError for unsupported protocols. * Adjust unit tests to reflect changes in method names and expected values.
milov-dmitriy
approved these changes
Dec 23, 2025
Naksen
reviewed
Dec 23, 2025
app/ldap_protocol/policies/audit/events/service_senders/rfc5424_serializer.py
Show resolved
Hide resolved
Naksen
approved these changes
Dec 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.