Initial commit: DECNET honeypot/deception network framework
Core CLI, service plugins (SSH/SMB/FTP/HTTP/RDP), Docker Compose orchestration, MACVLAN networking, and Logstash log forwarding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
36
decnet/logging/forwarder.py
Normal file
36
decnet/logging/forwarder.py
Normal file
@@ -0,0 +1,36 @@
|
||||
"""
|
||||
Log forwarding helpers.
|
||||
|
||||
DECNET is agnostic to what receives logs — any TCP/UDP listener works
|
||||
(Logstash, Splunk, Graylog, netcat, etc.).
|
||||
|
||||
Each service plugin handles the actual forwarding by injecting the
|
||||
LOG_TARGET environment variable into its container. This module provides
|
||||
shared utilities for validating and parsing the log_target string.
|
||||
"""
|
||||
|
||||
import socket
|
||||
|
||||
|
||||
def parse_log_target(log_target: str) -> tuple[str, int]:
|
||||
"""
|
||||
Parse "ip:port" into (host, port).
|
||||
Raises ValueError on bad format.
|
||||
"""
|
||||
parts = log_target.rsplit(":", 1)
|
||||
if len(parts) != 2 or not parts[1].isdigit():
|
||||
raise ValueError(f"Invalid log_target '{log_target}'. Expected format: ip:port")
|
||||
return parts[0], int(parts[1])
|
||||
|
||||
|
||||
def probe_log_target(log_target: str, timeout: float = 2.0) -> bool:
|
||||
"""
|
||||
Return True if the log target is reachable (TCP connect succeeds).
|
||||
Non-fatal — just used to warn the user before deployment.
|
||||
"""
|
||||
try:
|
||||
host, port = parse_log_target(log_target)
|
||||
with socket.create_connection((host, port), timeout=timeout):
|
||||
return True
|
||||
except (OSError, ValueError):
|
||||
return False
|
||||
Reference in New Issue
Block a user