search

chenbekor / Rest2Syslog

Rest2Syslog collects data via REST APIs and sends it to any Syslog Destination
Apache License 2.0
4 stars 2 forks source link

Error initializing Python driver object, init() returned FALSE; driver='s_r2s#0' #2

Open mjknoxie opened 4 years ago

mjknoxie commented 4 years ago

Hi, I seem to be unable to get this working. I followed the instructions, but syslog-ng won't start. 

Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: [2020-07-05T14:29:53.777859] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: REST2Syslog Source init
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: running python version:3.6
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: found extension: pcasb_alerts
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: init Extension pcasb_alerts
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: about to load paginator for extension pcasb_alerts
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: about to load api_paginator class...
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: configuration of REST2Syslog Source (R2S) is incomplete or malformed. Please reffer to the R2S Wiki for more details.
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: [2020-07-05T14:29:53.784234] Error initializing Python driver object, init() returned FALSE; driver='s_r2s#0', class='r2s.source.REST2SyslogSource'
Jul 05 14:29:53 log-scrapper-dev syslog-ng[1738]: [2020-07-05T14:29:53.784248] Error initializing message pipeline; plugin_name='python', location='/etc/syslog-ng/conf.d/r2s.conf:2:5'
Jul 05 14:29:53 log-scrapper-dev systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jul 05 14:29:53 log-scrapper-dev systemd[1]: Failed to start System Logger Daemon.

config is pretty simple:

source s_r2s {
    python(
      class("r2s.source.REST2SyslogSource")
      options("interval",60)
      options("auth_url","https://api.opsgenie.com/v2/logs/")
      options("alerts_url","https://api.opsgenie.com/v2/logs/")
      options("api_key","XXXXXXXXX")
    );
};

destination d_tcp { syslog("127.0.0.1" transport("tcp") port(514) ); };

log {source(s_r2s); destination(d_tcp); };
chenbekor commented 4 years ago

@mjknoxie in order to work with R2S you will need to implement 3 classes: a class that inherits from R2SAPIAdaptor - responsible for constructing the URLs and calling the REST endpoints a class that inherits from R2SItemFormatter - responsible for parsing the response (each of the returned items) and a class that inherits from R2SAPIPaginator - responsible for implementing the pagination strategy (usually, the REST API will provide a limited set of items per page, hence there is a need to paginate through all pages)

you can review the base classes under: r2s/extensions/abstract.py

You can see example for each of this custom class under: r2s/extensions/proofpoint/pcasb where we have 2 extensions: one that fetched alerts (using a page num pagination strategy) and another extension which fetch system events (using a next_page token strategy).

also you will need to add the extension name and class paths in the syslong config file (the readme shows and example of that)