Testing Syslog from the command line

Posted on February 15, 2024 by brian.wuchner

From time to time it is helpful to be able to send a syslog message to confirm that things are working correctly — firewall ports are open, nothing is filtering out the traffic in line, including a timestamp in the message body to show times are being received correctly, etc. I recently saw a post on Twitter showing a way to send a syslog message from the command line (https://twitter.com/nickrusso42518/status/1756711901088698584). The tweet showed the following syntax:

echo "<14>Test UDP syslog message" >> /dev/udp/10.0.0.1/514

Unfortunately, when I tested this on an ESXi host I found the /dev/udp target is not present. However, knowing sending the message like this was possible, I remembered that ESXi hosts do provide netcat (nc) and I wanted to see if using the same type of syntax with that command would work. A quick search and I found an example that did exactly what I wanted:

echo '<14>bwuchner-test-syslog sent at 2024-02-15 9:38:05 EST' | nc -v -u -w 0 192.168.45.80 514

The above worked great, even from an ESXi host. To round out my notes, I wanted to try and find a similar way of doing this from Windows boxes as well. My go-to shell of choice on Windows is PowerShell, since it comes out of the box on all supported Windows versions. A quick search and I found a function that did exactly what I was hoping: https://gist.github.com/PeteGoo/21a5ab7636786670e47c. I’ll include the function below, for reference, along with the syntax to use it to send a syslog message.

function Send-UdpDatagram
{
      Param ([string] $EndPoint, 
      [int] $Port, 
      [string] $Message)

      $IP = [System.Net.Dns]::GetHostAddresses($EndPoint) 
      $Address = [System.Net.IPAddress]::Parse($IP) 
      $EndPoints = New-Object System.Net.IPEndPoint($Address, $Port) 
      $Socket = New-Object System.Net.Sockets.UDPClient 
      $EncodedText = [Text.Encoding]::ASCII.GetBytes($Message) 
      $SendMessage = $Socket.Send($EncodedText, $EncodedText.Length, $EndPoints) 
      $Socket.Close() 
} 

Send-UdpDatagram -EndPoint 192.168.45.80 -Port 514 -Message '<14>bwuchner-test-syslog from powershell 2024-02-15 9:41:52 EST'

I was able to confirm each of these methods worked to send a test syslog message to Aria Operations for Logs (formerly known as vRealize Log Insight).

This entry was posted in Scripting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

Notify me of followup comments via e-mail. You can also subscribe without commenting.