Check your Certs

Check your SSL certs.

Okay, not just for fun because you're a party animal. I needed to confirm the validity of a cert on a host and I had to look it up.  Here's the one-step command:

openssl x509 -text -noout -in <(openssl s_client -connect HOSTNAME:443 <<<"" 2>/dev/null \
| sed -ne '/BEGIN/,/END/p') | grep Not
            Not Before: Mar 28 11:16:36 2014 GMT
            Not After : Nov  1 19:32:08 2015 GMT

And that's the output.  My cert's still good.  Yay!

That's it.

Testing your Syslogd Remote config

Test, test, test; right?

So you've configured syslogd or, increasingly, rsyslogd .  How do you trivially test?

It's really simple.

1. make sure nc or ncat (netcat) are installed.  It's a common tool, but maybe you don't have it on this host.  It's with nmap on my EL6 host, but a standalone on EH5.  Because EL7 has to reinvent everything, nc is in mnap-ncat.  So here's your install:
   
   yum install {/usr,}/bin/{nc,ncat}
   
   Honestly, that's the easiest way.
2. Launch tshark on the log forwarder:
   
   # tshark -plni any udp and port 514
   
3. Now hit it.  Here's your nc invocation:
   
   # ncat -u loghost 514 <<< "test logger receipt"
   
4. And here's how it looks:

   # tshark -plni any udp and port 514
   Running as user "root" and group "root". This could be dangerous.
   Capturing on Pseudo-device that captures on all interfaces
     0.000000 192.168.112.6 -> 192.168.10.251 Syslog 64 test logger receipt\n
     0.000301 192.168.10.251 -> 192.168.16.133 Syslog 83 USER.NOTICE: Jun  3 22:25:07 test logger receipt
     0.000389 192.168.10.251 -> 192.168.10.250 Syslog 83 USER.NOTICE: Jun  3 22:25:07 test logger receipt
   ^C
   

Fun fun?

Hey, look!  Our logger box is happily forwarding stuff out, too.  Double-win!