#-*- coding: UTF-8-*
#!/usr/bin/python
# 
# Development script (not a final version)
import sys, os
import socket
import argparse
import xml.etree.ElementTree as ET
import logging
from shutil import copyfile
reload(sys)
sys.setdefaultencoding('utf-8')
Type = sys.getfilesystemencoding()

## Variables

Environment = "<Define envoirment>"
phCustId = "<Destination organization id Exmaple 3000"
organization = "<Organization Name>"
level=5
facility=3
host='<IP of destination host>'
port=514

# note at the end of the script put destination IP, this is a development script!


try:
   tree = ET.parse(sys.argv[1])
except Exception as e:
   logging.error(sys.argv[1])
   directory = "/opt/scripts/incidents/"
   copyfile(sys.argv[1], directory+os.path.basename(sys.argv[1]))
   raise e

root = tree.getroot()

### Assingning incident.xml values to variable
ruleType = root.attrib.get("ruleType") if root.attrib.get("ruleType") is not None else ""
severity = root.attrib.get("severity") if root.attrib.get("severity") is not None else ""
try:
   severity = int(severity)
except:
   pass
if severity <= 1:
   exit()

if severity == 2:
    severityCat = "LOW"

if severity == 3:
    severityCat = "LOW"

if severity == 4: 
    severityCat = "LOW"

if severity == 5:
    severityCat = "MEDIUM"

if severity == 6:
    severityCat = "MEDIUM"

if severity == 7:
    severityCat = "MEDIUM"

if severity == 8:
    severityCat = "MEDIUM"

if severity >= 9:
    severityCat = "HIGH"

#organization = root.attrib.get("organization") if root.attrib.get("organization") is not None else ""
incidentId = root.attrib.get("incidentId") if root.attrib.get("incidentId") is not None else ""
rawEvents = root.findtext('rawEvents') if root.findtext("rawEvents") is not None else ""
name = root.findtext('name') if root.findtext("name") is not None else ""


new_raw_message = str(rawEvents).splitlines()

messages = []

for line in new_raw_message:
    line = line.strip()
    if line != "":
        messages.append("phCustId=" + str(phCustId) + ", RAW=" + str(line))


def syslog(messages, level=5, facility=3, host='<IP of Destination Host>', port=514): 
    """
    Send syslog UDP packet to given host and port.
    """
    for m in messages[1:]:
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        data = '<%d>%s' % (5 + 3*8, m)
        sock.sendto(data.encode(), ('<IP of Destination Host>', 514))
        sock.close()


if __name__=="__main__":
    syslog(messages,level,host,port)