Download:
rlogger.zip 1.0.0.
It’s freeware. Use it at your own risk.
Usage:
perl rlogger.pl -h hostname -p port message
rlogger.pl sends a log message to a remote host:port where syslogd (or simmilar) is assumed to be listening. The UDP pachet sent has to conform to BSD Syslog Protocol (RFC 3164).
Make sure to give the proper command line arguments, as I didn’t have enough time to add complex checks.
Reasons for coding it:
I had to build this tool to help me debug a syslog-ng which stopped receiving messages on UDP port 514. Everything was set up properly, the firewall-A was sending the logs to the syslog-ng machine (protected by firewall-B) – however – no logs were written down the disk. It had worked flawlessly for a year and then stopped working in a day. I was sure that it has to do with some firewall-B settings, and that syslog-ng was OK, but i had to prove it. (syslog-ng is a much better syslogd – check out it’s homepage).
The context was:
1. /usr/sbin/logger which shippes with util-linux package (I’m running on a RedHat 7.3) was able to only send logs locally to syslog-ng.
2. I didn’t know any existing tool which would help me send a UDP packet to a remote host / port.
There were three possible causes to this:
1. firewall-A somehow failed to send the logs – i wasn’t able to check this unless setting up another syslog-ng machine.
2. firewall-B didn’t allow UDP traffic – i wasn’t able to check this either – i didn’t have access to firewall-B’s configs.
3. syslog-ng configuration was broken – this was not changed for a year, how can it be broken now ?
Using rlogger.pl, I was then able to track down the problem to the firewall-B protecting the syslog-ng machine, which didn’t allow UDP traffic to pass through, only TCP packets.
Here’s how I did it:
1. I’ve made rlogger.pl send a log message locally (on the syslog-ng machine internal interface) and message got logged (so syslog-ng was properly reveinving messages from the UDP 514 port).
2. I’ve then tried to send a message to external interface of syslog-ng machine (now the message had to pass firewall-B to get to destination) and the message failed to deliver. I was firewall-B stopping the traffic.
Simple now, huh 🙂 ?
Comments
If you have any comments, please send them using the forum. Thank you!
Leave a Reply