{"id":1908,"date":"2024-02-15T09:45:42","date_gmt":"2024-02-15T14:45:42","guid":{"rendered":"https:\/\/enterpriseadmins.org\/blog\/?p=1908"},"modified":"2024-02-15T09:45:42","modified_gmt":"2024-02-15T14:45:42","slug":"testing-syslog-from-the-command-line","status":"publish","type":"post","link":"https:\/\/enterpriseadmins.org\/blog\/scripting\/testing-syslog-from-the-command-line\/","title":{"rendered":"Testing Syslog from the command line"},"content":{"rendered":"\n<p>From time to time it is helpful to be able to send a syslog message to confirm that things are working correctly &#8212; firewall ports are open, nothing is filtering out the traffic in line, including a timestamp in the message body to show times are being received correctly, etc.  I recently saw a post on Twitter showing a way to send a syslog message from the command line (<a href=\"https:\/\/twitter.com\/nickrusso42518\/status\/1756711901088698584\">https:\/\/twitter.com\/nickrusso42518\/status\/1756711901088698584<\/a>).  The tweet showed the following syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"&lt;14>Test UDP syslog message\" >> \/dev\/udp\/10.0.0.1\/514<\/code><\/pre>\n\n\n\n<p>Unfortunately, when I tested this on an ESXi host I found the <code>\/dev\/udp<\/code> target is not present.  However, knowing sending the message like this was possible, I remembered that ESXi hosts do provide netcat (<code>nc<\/code>) and I wanted to see if using the same type of syntax with that command would work.  A quick search and I found an example that did exactly what I wanted:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo '&lt;14>bwuchner-test-syslog sent at 2024-02-15 9:38:05 EST' | nc -v -u -w 0 192.168.45.80 514<\/code><\/pre>\n\n\n\n<p>The above worked great, even from an ESXi host.  To round out my notes, I wanted to try and find a similar way of doing this from Windows boxes as well.  My go-to shell of choice on Windows is PowerShell, since it comes out of the box on all supported Windows versions.  A quick search and I found a function that did exactly what I was hoping: <a href=\"https:\/\/gist.github.com\/PeteGoo\/21a5ab7636786670e47c\">https:\/\/gist.github.com\/PeteGoo\/21a5ab7636786670e47c<\/a>.  I&#8217;ll include the function below, for reference, along with the syntax to use it to send a syslog message.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>function Send-UdpDatagram\r\n{\r\n      Param (&#91;string] $EndPoint, \r\n      &#91;int] $Port, \r\n      &#91;string] $Message)\r\n\r\n      $IP = &#91;System.Net.Dns]::GetHostAddresses($EndPoint) \r\n      $Address = &#91;System.Net.IPAddress]::Parse($IP) \r\n      $EndPoints = New-Object System.Net.IPEndPoint($Address, $Port) \r\n      $Socket = New-Object System.Net.Sockets.UDPClient \r\n      $EncodedText = &#91;Text.Encoding]::ASCII.GetBytes($Message) \r\n      $SendMessage = $Socket.Send($EncodedText, $EncodedText.Length, $EndPoints) \r\n      $Socket.Close() \r\n} \n\nSend-UdpDatagram -EndPoint 192.168.45.80 -Port 514 -Message '&lt;14>bwuchner-test-syslog from powershell 2024-02-15 9:41:52 EST'<\/code><\/pre>\n\n\n\n<p>I was able to confirm each of these methods worked to send a test syslog message to Aria Operations for Logs (formerly known as vRealize Log Insight).  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>From time to time it is helpful to be able to send a syslog message to confirm that things are working correctly &#8212; firewall ports are open, nothing is filtering out the traffic in line, including a timestamp in the &hellip; <a href=\"https:\/\/enterpriseadmins.org\/blog\/scripting\/testing-syslog-from-the-command-line\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1908","post","type-post","status-publish","format-standard","hentry","category-scripting"],"_links":{"self":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/1908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/comments?post=1908"}],"version-history":[{"count":2,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/1908\/revisions"}],"predecessor-version":[{"id":1911,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/1908\/revisions\/1911"}],"wp:attachment":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/media?parent=1908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/categories?post=1908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/tags?post=1908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}