Testing your Syslogd Remote config
Test, test, test; right?
So you've configured syslogd or, increasingly, rsyslogd . How do you trivially test?
It's really simple.
Hey, look! Our logger box is happily forwarding stuff out, too. Double-win!
So you've configured syslogd or, increasingly, rsyslogd . How do you trivially test?
It's really simple.
- make sure nc or ncat (netcat) are installed. It's a common tool, but maybe you don't have it on this host. It's with nmap on my EL6 host, but a standalone on EH5. Because EL7 has to reinvent everything, nc is in mnap-ncat. So here's your install:
yum install {/usr,}/bin/{nc,ncat}
Honestly, that's the easiest way. - Launch tshark on the log forwarder:
# tshark -plni any udp and port 514 - Now hit it. Here's your nc invocation:
# ncat -u loghost 514 <<< "test logger receipt" - And here's how it looks:
# tshark -plni any udp and port 514 Running as user "root" and group "root". This could be dangerous. Capturing on Pseudo-device that captures on all interfaces 0.000000 192.168.112.6 -> 192.168.10.251 Syslog 64 test logger receipt\n 0.000301 192.168.10.251 -> 192.168.16.133 Syslog 83 USER.NOTICE: Jun 3 22:25:07 test logger receipt 0.000389 192.168.10.251 -> 192.168.10.250 Syslog 83 USER.NOTICE: Jun 3 22:25:07 test logger receipt ^C
Hey, look! Our logger box is happily forwarding stuff out, too. Double-win!
<< Home