Syslog Server/Client and UDP Relay based on .NET Framework Class System.Net.Sockets to Background Job mode.
- 📚 Sources
- 🚀 Install
- 📭 Server
- ✉️ Client
- 🔌 rSyslog
- 🚧 Encryption
- ♻️ UDP Relay
- 📊 Metrics
- 🔍 Search
- 📑 Rotation
- 🐧 Linux Client
Documentation used (udp socket): metanit.com
Documentation used (syslog message): devconnected.com
Source code refactoring syslog server: spiderip.com
Source udp client: cloudbrothers.info
Install module from NuGet repository:
Install-Module pSyslog -Repository NuGet💡 You must have a NuGet repository registered:
Register-PSRepository -Name "NuGet" -SourceLocation "https://www.nuget.org/api/v2" -InstallationPolicy TrustedOr used install or update module from the GitHub repository (used the script Deploy-pSyslog.ps1) use the command in the powershell console:
Invoke-Expression(New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/Lifailon/pSyslog/rsa/Module/Deploy-pSyslog.ps1")
Supported PSVersion: 5.1 and 7.3
Import module and get command list:
PS C:\Users\Lifailon> Import-Module pSyslog
PS C:\Users\Lifailon> Get-Command -Module pSyslog
CommandType Name Version Source
----------- ---- ------- ------
Function Get-pSyslog 0.6 pSyslog
Function Send-pSyslog 0.6 pSyslog
Function Show-pSyslog 0.6 pSyslog
Function Start-pSyslog 0.6 pSyslog
Function Start-UDPRelay 0.6 pSyslog
Function Stop-pSyslog 0.6 pSyslog
PS C:\Users\Lifailon> Start-pSyslog -Port 514
PS C:\Users\Lifailon> Get-pSyslog -Status | Format-List
Status : Running
StartTime : 06.06.2023 1:09:47
StopTime :
PS C:\Users\Lifailon> Get-pSyslog
PS C:\Users\Lifailon> Get-pSyslog
Jun 6 01:11:01 zabbix-01 Informational authpriv CRON[3052]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 6 01:11:01 zabbix-01 Informational cron CRON[3053]: (root) CMD (date >> /dump/zabbix/cron-test-date.txt)
Jun 6 01:11:01 zabbix-01 Informational authpriv CRON[3052]: pam_unix(cron:session): session closed for user root
Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: add missing path
Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get udev uid: Invalid argument
Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get sysfs uid: Invalid argument
Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get sgio uid: No such file or directory
Jun 6 01:11:01 plex-01 Informational user Service[WinRM] Running
...
PS C:\Users\Lifailon> Stop-pSyslog
PS C:\Users\Lifailon> Get-pSyslog -Status | Format-List
Status : Stopped
StartTime : 06.06.2023 1:09:47
StopTime : 06.06.2023 1:13:43
Send-pSyslog -Content "Test" -Server 192.168.3.99
Send-pSyslog -Content "Test" -Server 192.168.3.99 -Type Informational -PortServer 514 -PortClient 55514
Use pipeline and sending to rSyslog server:
(Get-Service -Name WinRM).Status | Send-pSyslog -Server 192.168.3.102 -Tag Service[WinRM]
Send-pSyslog -Content "test" -Server 192.168.3.99 -PortServer 514
Send-pSyslog -Content "test" -Server 192.168.3.99 -PortServer 514 -Base64
Wireshark filter: udp.dstport == 514 && ip.src == 192.168.3.100 && !icmp
Server (192.168.3.102): Start-pSyslog -Port 514
Relay (192.168.3.99): Start-UDPRelay -inPort 515 -outIP 192.168.3.102 -outPort 514
Client (192.168.3.100): Send-pSyslog -Server 192.168.3.99 -PortServer 515 -Content $(Get-Date)
Out logfile to Object for collecting metrics
PS C:\Users\Lifailon> Show-pSyslog -Type Warning -Count
2917
PS C:\Users\Lifailon> Show-pSyslog -Type Alert -Count
36
PS C:\Users\Lifailon> Show-pSyslog -Type Critical -Count
5
PS C:\Users\Lifailon> Show-pSyslog -Type Error -Count
5
PS C:\Users\Lifailon> Show-pSyslog -Type Emergency -Count
0
PS C:\Users\Lifailon> Show-pSyslog -Type Informational -Count
15491
Show-pSyslog | Out-GridView
Or view old journal by wildcard file name:
Show-pSyslog -LogFile 05-06 | Out-GridView
Example logfile system reboot: 06-06-2023_reboot.log
Logfile rotation and show all log files in 24 hours:
Start-pSyslog -RotationSize 500
Show-pSyslog -Count
Show-pSyslog -Count -LogFile 10-06
Example output local syslog (using tail):
Example pSyslog server output to console powershell:
