The aim of the payShield2Syslog project is to gather the Audit log via the host command Q2, interpreter the response of the appliance, and eventually send it to a Syslog facility.
The project is still in beta, and the current version is 0.3
A binary version, digitally signed, for Widows is available as well.
It requires Python 3. It was tested on Python 3.10
The tool is freely available, under AGPL 3.0 Affero license, on GitHub at https://github.com/mszeu/payShield2Syslog
Prerequisites
- Python 3.10 or later
- The payShield 10K needs to be in Online mode.
- The command Q2 needs to be enabled.
- At least one LNK needs to be loaded on the appliance.
Usage
payShieldToSyslog.py [-h] [--port PORT] [--header HEADER] [--forever]
[--decode] [--times TIMES][--proto {tcp,udp,tls}] [--keyfile KEYFILE]
[--crtfile CRTFILE] [--syslog SYSLOG][--syslogport SYSLOGPORT] host
Example
python.exe payShieldToSyslog.py 192.168.0.36 --decode PayShield Audit Log utility, version 0.1, by Marco S. Zuppone - msz@msz.eu - https://msz.eu To get more info about the usage invoke it with the -h option This software is open source and it is under the Affero AGPL 3.0 license Iteration: 1 of 1 Return code: 00 No error Command sent/received: Q2 ==> Q3 sent data (ASCII) : HEADQ2 sent data (HEX) : 0006484541445132 received data (ASCII): HEADQ3000000008E1228421409224F4ED0003030E33E14B46D6AE2270C57CD515A4C1BBF79ECAFAA60361A7D received data (HEX) : 005848454144513330303030303030303845313232383432313430393232344634454430303033303330453333453134423436443641453232373043353743443531354134433142424637394543414641413630333631413744 -----DECODING RESPONSE----- Message length: 88 Header: HEAD Command returned: Q3 Error returned: 00 Log Entry in Hex: 0000008E1228421409224F4ED0003030E33E14B46D6AE2270C57CD515A4C1BBF79ECAFAA60361A7D Audit Counter: 142 Date: 12:28:42 14/09/2022 Action Code ON Bit Mask 1101000000000000 Command code type: User Action Not Archived Retrieved Unused: 000000000000 Response Error Code: 00 Audit Record MAC: E33E14B46D6AE227 Random MAC Key: 0C57CD515A4C1BBF79ECAFAA60361A7D DONE
No Comments Yet