The aim of the payShield2Syslog project is to gather the Audit log via the host command Q2, interpreter the response of the appliance, and eventually send it to a Syslog facility.

The project is still in beta, and the current version is 0.3

A binary version, digitally signed, for Widows is available as well.

It requires Python 3. It was tested on Python 3.10

The tool is freely available, under AGPL 3.0 Affero license, on GitHub at https://github.com/mszeu/payShield2Syslog

Prerequisites

  • Python 3.10 or later
  • The payShield 10K needs to be in Online mode.
  • The command Q2 needs to be enabled.
  • At least one LNK needs to be loaded on the appliance.

Usage

payShieldToSyslog.py [-h] [--port PORT] [--header HEADER] [--forever] 
[--decode] [--times TIMES][--proto {tcp,udp,tls}] [--keyfile KEYFILE] 
[--crtfile CRTFILE] [--syslog SYSLOG][--syslogport SYSLOGPORT] host

Example

python.exe payShieldToSyslog.py 192.168.0.36 --decode 
PayShield Audit Log utility, version 0.1, by Marco S. Zuppone - msz@msz.eu - https://msz.eu
To get more info about the usage invoke it with the -h option
This software is open source and it is under the Affero AGPL 3.0 license

Iteration:  1  of  1

Return code: 00 No error
Command sent/received: Q2 ==> Q3
sent data (ASCII) : HEADQ2
sent data (HEX) : 0006484541445132
received data (ASCII): HEADQ3000000008E1228421409224F4ED0003030E33E14B46D6AE2270C57CD515A4C1BBF79ECAFAA60361A7D
received data (HEX) : 005848454144513330303030303030303845313232383432313430393232344634454430303033303330453333453134423436443641453232373043353743443531354134433142424637394543414641413630333631413744

-----DECODING RESPONSE-----
Message length:  88
Header:  HEAD
Command returned:  Q3
Error returned:  00
Log Entry in Hex:  0000008E1228421409224F4ED0003030E33E14B46D6AE2270C57CD515A4C1BBF79ECAFAA60361A7D
Audit Counter:  142
Date:  12:28:42 14/09/2022
Action Code ON
Bit Mask 1101000000000000
    Command code type: User Action
    Not Archived
    Retrieved
    Unused: 000000000000
Response Error Code: 00
Audit Record MAC: E33E14B46D6AE227
Random MAC Key: 0C57CD515A4C1BBF79ECAFAA60361A7D

DONE