From time to time it is helpful to be able to send a syslog message to confirm that things are working correctly — firewall ports are open, nothing is filtering out the traffic in line, including a timestamp in the message body to show times are being received correctly, etc. I recently saw a post on Twitter showing a way to send a syslog message from the command line (https://twitter.com/nickrusso42518/status/1756711901088698584). The tweet showed the following syntax:
echo "<14>Test UDP syslog message" >> /dev/udp/10.0.0.1/514
Unfortunately, when I tested this on an ESXi host I found the /dev/udp
target is not present. However, knowing sending the message like this was possible, I remembered that ESXi hosts do provide netcat (nc
) and I wanted to see if using the same type of syntax with that command would work. A quick search and I found an example that did exactly what I wanted:
echo '<14>bwuchner-test-syslog sent at 2024-02-15 9:38:05 EST' | nc -v -u -w 0 192.168.45.80 514
The above worked great, even from an ESXi host. To round out my notes, I wanted to try and find a similar way of doing this from Windows boxes as well. My go-to shell of choice on Windows is PowerShell, since it comes out of the box on all supported Windows versions. A quick search and I found a function that did exactly what I was hoping: https://gist.github.com/PeteGoo/21a5ab7636786670e47c. I’ll include the function below, for reference, along with the syntax to use it to send a syslog message.
function Send-UdpDatagram
{
Param ([string] $EndPoint,
[int] $Port,
[string] $Message)
$IP = [System.Net.Dns]::GetHostAddresses($EndPoint)
$Address = [System.Net.IPAddress]::Parse($IP)
$EndPoints = New-Object System.Net.IPEndPoint($Address, $Port)
$Socket = New-Object System.Net.Sockets.UDPClient
$EncodedText = [Text.Encoding]::ASCII.GetBytes($Message)
$SendMessage = $Socket.Send($EncodedText, $EncodedText.Length, $EndPoints)
$Socket.Close()
}
Send-UdpDatagram -EndPoint 192.168.45.80 -Port 514 -Message '<14>bwuchner-test-syslog from powershell 2024-02-15 9:41:52 EST'
I was able to confirm each of these methods worked to send a test syslog message to Aria Operations for Logs (formerly known as vRealize Log Insight).