pSyslog Syslog Server/Client and UDP Relay based on .NET Framework Class System.Net.Sockets to Background Job mode. ?? Sources ?? Install ?? Server ?? Client ?? rSyslog ?? Encryption ?? UDP Relay ?? Metrics ?? Search ?? Rotation ?? Linux Client ?? Sources Documentation used (udp socket): metanit.com Documentation used (syslog message): devconnected.com Source code refactoring syslog server: spiderip.com Source udp client: cloudbrothers.info ?? Install Install module from NuGet repository : Install-Module pSyslog - Repository NuGet ?? You must have a NuGet repository registered: Register-PSRepository - Name " NuGet " - SourceLocation " https://www.nuget.org/api/v2 " - InstallationPolicy Trusted Or used install or update module from the GitHub repository (used the script Deploy-pSyslog.ps1 ) use the command in the powershell console : Invoke-Expression(New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/Lifailon/pSyslog/rsa/Module/Deploy-pSyslog.ps1") Supported PSVersion: 5.1 and 7.3 Import module and get command list: PS C:\Users\Lifailon> Import-Module pSyslog PS C:\Users\Lifailon> Get-Command -Module pSyslog CommandType Name Version Source ----------- ---- ------- ------ Function Get-pSyslog 0.6 pSyslog Function Send-pSyslog 0.6 pSyslog Function Show-pSyslog 0.6 pSyslog Function Start-pSyslog 0.6 pSyslog Function Start-UDPRelay 0.6 pSyslog Function Stop-pSyslog 0.6 pSyslog ?? pSyslog Server PS C:\Users\Lifailon> Start-pSyslog -Port 514 PS C:\Users\Lifailon> Get-pSyslog -Status | Format-List Status : Running StartTime : 06.06.2023 1:09:47 StopTime : PS C:\Users\Lifailon> Get-pSyslog PS C:\Users\Lifailon> Get-pSyslog Jun 6 01:11:01 zabbix-01 Informational authpriv CRON[3052]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 6 01:11:01 zabbix-01 Informational cron CRON[3053]: (root) CMD (date >> /dump/zabbix/cron-test-date.txt) Jun 6 01:11:01 zabbix-01 Informational authpriv CRON[3052]: pam_unix(cron:session): session closed for user root Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: add missing path Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get udev uid: Invalid argument Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get sysfs uid: Invalid argument Jun 6 01:11:03 zabbix-01 Informational daemon multipathd[784]: sda: failed to get sgio uid: No such file or directory Jun 6 01:11:01 plex-01 Informational user Service[WinRM] Running ... PS C:\Users\Lifailon> Stop-pSyslog PS C:\Users\Lifailon> Get-pSyslog -Status | Format-List Status : Stopped StartTime : 06.06.2023 1:09:47 StopTime : 06.06.2023 1:13:43 ?? pSyslog Client Send-pSyslog -Content "Test" -Server 192.168.3.99 Send-pSyslog -Content "Test" -Server 192.168.3.99 -Type Informational -PortServer 514 -PortClient 55514 ?? rSyslog compatibility Use pipeline and sending to rSyslog server: (Get-Service -Name WinRM).Status | Send-pSyslog -Server 192.168.3.102 -Tag Service[WinRM] ?? Encryption Base64 Send-pSyslog -Content "test" -Server 192.168.3.99 -PortServer 514 Send-pSyslog -Content "test" -Server 192.168.3.99 -PortServer 514 -Base64 Wireshark filter: udp.dstport == 514 && ip.src == 192.168.3.100 && !icmp ?? UDP Relay Server (192.168.3.102): Start-pSyslog -Port 514 Relay (192.168.3.99): Start-UDPRelay -inPort 515 -outIP 192.168.3.102 -outPort 514 Client (192.168.3.100): Send-pSyslog -Server 192.168.3.99 -PortServer 515 -Content $(Get-Date) ?? Metrics Out logfile to Object for collecting metrics PS C:\Users\Lifailon> Show-pSyslog -Type Warning -Count 2917 PS C:\Users\Lifailon> Show-pSyslog -Type Alert -Count 36 PS C:\Users\Lifailon> Show-pSyslog -Type Critical -Count 5 PS C:\Users\Lifailon> Show-pSyslog -Type Error -Count 5 PS C:\Users\Lifailon> Show-pSyslog -Type Emergency -Count 0 PS C:\Users\Lifailon> Show-pSyslog -Type Informational -Count 15491 ?? Search Show-pSyslog | Out-GridView Or view old journal by wildcard file name: Show-pSyslog -LogFile 05-06 | Out-GridView Example logfile system reboot: 06-06-2023_reboot.log ?? Rotation Logfile rotation and show all log files in 24 hours: Start-pSyslog -RotationSize 500 Show-pSyslog -Count Show-pSyslog -Count -LogFile 10-06 ?? Linux Client: Example output local syslog (using tail): Example pSyslog server output to console powershell:
