Testing Remote Syslog Connectivity

Standard

Remote Syslog

Many large networks and companies will pass their syslog messages to a remote server. This serves 2 key purposes, saves resources on the local device, and allows them to correlate key performance indicators and events across multiple devices. In smaller environments, this usually is not needed.

One problem with remote syslog is that it uses UDP port 514. Since UDP is an unreliable protocol, many simple socket tests will return Successful, when in actuality connection to the remote socket failed. This can be a nightmare if you are trying to test deployment of syslog to your network or check firewall rules.

The only surefire way to test is to send actual syslogs. This sounds like a great idea, but if you are in a scenario where you don’t want to make the changes live, you’re out of luck. Until now.

The following code is written in Perl which allows you to test syslog connectivity without changing system configuration.

The Source Code

This source uses the Sys::Syslog class which can be found on CPAN: Sys::Syslog.

File: syslogtest

For the openlog command, it takes 3 parameters:

  • ndelay: Open the connection immediately (normally, the connection is opened when the first message is logged).
  • nowait: Don’t wait for child processes that may have been created while logging the message. (The GNU C library does not create a child process, so this option has no effect on Linux.)
  • pid: Include PID with each message.

Usage:

You can simply execute the file above. It will pass the message you defined in the syslog statement to the remote server. If you comment that line out, and uncomment the following line, you can pass a message to the file when you execute it, for better interoperability.

Example:

This would send the message, “Here is an example message” to the remote syslog server.

Here is a copy of a tcpdump showing the packet getting sent:

Summary

This script will save you time and headache, especially if you are in a crunch. It is easily configured and simple to run/execute. It is also the most reliable way to test syslog over UDP.

One thought on “Testing Remote Syslog Connectivity

  1. Steve Guzman

    The post is absolutely fantastic! Lots of great information and inspiration both of which we all need! Also like to admire the time and effort you put into your blog and detailed information you offer! I will bookmark your blog!

Leave a Reply