Search the Community
Showing results for tags 'syslog'.
-
Note: my first UDF. This allows sending (BSD) messages to a syslog server using UDP. It has been tested with SnmpSoft Syslog Watcher, Synology DSM 4.2 and DSM 6.0, Kiwi Syslog Server. Uses the BSD syslog protocol (https://tools.ietf.org/html/rfc3164), except for Facility and Severity levels, which incorporates the extended (newer) values as well. To the best of my knowledge, this is how most basic syslog senders do it today anyway. Target IP, Facility, Severity level, Tag, Hostname, Port can be specified. Also includes a ping feature to give an error if server doesn't respond. Feedback appreciated. #include-once Global $__SyslogSendPing ; this allows global access to the ping result (in ms) Global $__SyslogSendPacket ; this allows global access to the entire syslog packet: PRI, HEADER and MSG. ; #FUNCTION# ==================================================================================================================== ; Name ..........: SyslogSend v1.0.3 ; Modified ......: 2018.10.09 ; Changelog......: v1.0.2 fixed $MDAY formatting, leading zero would not be correctly replaced by a space ; v1.0.3 added debug console output when packet is sent. Set global variable $_D=True to show debug output. ; Description ...: Sends syslog messages to a syslog server using UDP ; Syntax ........: SyslogSend($_Message, $_Target, $_Port, $_Facility, $_Severity, $_Tag, $_HostName) ; Parameters ....: $_Message - Text message to send. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.4 ; $_Target - [optional] Target IP or host (IPv4 address or hostname). Default is "127.0.0.1". ; $_Facility - [optional] Facility value (integer 0..23). Default is 1. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.2.1 ; $_Severity - [optional] Severity level (integer 0..7). Default is 7. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.2.1 ; $_Tag - [optional] Name of program or process (a-zA-Z0-9). https://tools.ietf.org/html/rfc3164#section-4.1.3 ; $_HostName - [optional] Originator hostname. Default is @ComputerName. https://tools.ietf.org/html/rfc3164#section-4.1.2 ; $_Port - [optional] UDP port number (integer 0..65535). Default is 514. ; $_Ping - [optional] Ping the host before sending, with value as timeout. Function will exit and return an ; error message if host did not respond. Default is 0 (no ping). ; Return values .: 0 = Success ; Non-zero = error text message ; Author ........: Irios ; Remarks .......: Uses UDP only, and sticks to the BSD syslog protocol (https://tools.ietf.org/html/rfc3164), except for Facility ; and Severity levels, which incorporates the extended (newer) values as well. To the best of my knowledge, this ; is how most basic syslog senders do it today anyway. The syslog protocol does not provide acknowledgement of message ; delivery, the ping feature is for convenience only. Most syslog servers will use the first word in the MSG field as ; TAG if you do not specify a tag yourself. This is by design, and not a bug. ; Example .......: SyslogSend("A test message", "192.168.0.1", 514, 3, 5, "SyslogSend", "fooServer", 1000) ; This would send the text string "<29> Oct 1 00:36:23 fooServer SyslogSend: A test message" to host 192.168.0.1:514 (including a ping, 1000ms timeout). ; ; =============================================================================================================================== Func SyslogSend($_Message, $_Target = "127.0.0.1", $_Facility = 1, $_Severity = 7, $_Tag = "", $_HostName = @ComputerName, $_Port = 514, $_Ping = 0) Local $_UDPStartup = False If (StringStripWS($_Message, 8) = "") Then Return "Error. Nothing to send (no message content)." If ($_Target = "") Or (Int($_Port) < 0) Or (Int($_Port) > 65535) Or (Int($_Facility) < 0) Or (Int($_Facility) > 23) Or (Int($_Severity) < 0) Or (Int($_Severity) > 7) Then Return "Argument(s) error." ; quick check to make sure most of the parameters have valid values ; Strip accidental spaces from target IP, HOSTNAME, and TAG. Adding a colon and space to the TAG field (https://tools.ietf.org/html/rfc3164#section-4.1.3) $_Target = StringStripWS($_Target, 8) $_HostName = StringStripWS($_HostName, 8) If ($_Tag <> "") Then $_Tag = StringStripWS($_Tag, 8) & ": " ; Ping the target host, and return an error if not responding If (Int($_Ping) <> 0) Then $__SyslogSendPing = Ping($_Target, $_Ping) Switch @error Case 1 $__SyslogSendPing = "" Return "Ping error. Host is offline." Case 2 $__SyslogSendPing = "" Return "Ping error. Host is unreachable." Case 3 $__SyslogSendPing = "" Return "Ping error. Bad destination." Case 4 $__SyslogSendPing = "" Return "Ping error. Other error." EndSwitch EndIf ; Format the TIMESTAMP field. Month number converted to Mmm format (https://tools.ietf.org/html/rfc3164#section-4.1.2). Replace leading zero in day with a space. Switch @MON Case 1 $MON = "Jan" Case 2 $MON = "Feb" Case 3 $MON = "Mar" Case 4 $MON = "Apr" Case 5 $MON = "May" Case 6 $MON = "Jun" Case 7 $MON = "Jul" Case 8 $MON = "Aug" Case 9 $MON = "Sep" Case 10 $MON = "Oct" Case 11 $MON = "Nov" Case 12 $MON = "Dec" EndSwitch $MDAY = " " & @MDAY ; we add a leading space for easier processing/formatting... $MDAY = StringReplace($MDAY, " 0", " ", 1) ; ...here we make sure the MDAY variable always has the same length (incl. a trailing space). Value such as "03" is illegal, and must be formatted as " 3". Local $_TimeStampNow = $MON & $MDAY & " " & @HOUR & ":" & @MIN & ":" & @SEC ; the complete TIMESTAMP field (https://tools.ietf.org/html/rfc3339) Local $_Prival = Int(($_Facility * 8) + $_Severity) ; generating the <PRIVAL> for the PRI field. Multiply the Facility number by 8 and add the numerical value of the Severity (https://tools.ietf.org/html/rfc5424#section-6.2.1) $__SyslogSendPacket = "<" & $_Prival & "> " & $_TimeStampNow & " " & $_HostName & " " & $_Tag & $_Message ; the complete syslog packet (https://tools.ietf.org/html/rfc3164#section-4.1.3) If (Eval("_D")=True) Then ConsoleWrite('DEBUG SyslogSend(): "'& $__SyslogSendPacket & '"' & @CRLF) ; debug output, uses $_D as trigger UDPStartup() ; starting the UDP service If @error Then Return "Could not start UDP service. Error " & @error Else $_UDPStartup = True EndIf Local $_Socket = UDPOpen($_Target, $_Port) ; the socket for the UDP connection If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not connect. Error " & @error EndIf UDPSend($_Socket, $__SyslogSendPacket) ; sending the packet If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not send the data. Error " & @error EndIf UDPCloseSocket($_Socket) ; closing the socket If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not close socket. Error " & @error EndIf If $_UDPStartup Then UDPShutdown() ; Close the UDP service. EndFunc ;==>SyslogSend Changelog: v1.0.1 added #include-once v1.0.2 fixed $MDAY formatting, leading zero would not be correctly replaced by a space v1.0.3 added $_D option for debug output, see source comment for usage SyslogSend_udf.au3