In networks all over, many devices can send Syslogs to a syslog server. You can download Syslog Servers (like Kiwi) to capture and process the syslogs, or you can create your own server to catch all the syslogs on your network. Then you can parse them to a database and write your own reports of them, having full control of everything.
First, in VB.Net, you need to import some namespaces.
Imports System.IO
Imports System.Net.Sockets
Imports System.Net
Imports System.Text
Then, from you Main procedure, call a procedure called ListenForSyslogs
Private Sub ListenForSyslogs()
Dim ipeRemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0)
Dim udpcUDPClient As New UdpClient(514)
Dim sDataRecieve As String
Dim bBytesRecieved() As Byte
Dim sFromIP As String
Try
While True
bBytesRecieved = udpcUDPClient.Receive(ipeRemoteIpEndPoint)
sDataRecieve = Encoding.ASCII.GetString(bBytesRecieved)
sFromIP = ipeRemoteIpEndPoint.Address.ToString
FillLog(sDataRecieve, sFromIP)
Console.WriteLine(sDataRecieve)
sDataRecieve = ""
End While
Catch e As Exception
' just ignore for now
End Try
End Sub
If you analyze this code, it just sets up a endpoint on the IP you are running the program, and listens on port 514, the default syslog port. It will just run and run, and keep listening. Whenever you recieve data, then call FillLog procedure
Private Sub FillLog(ByVal sSyslog As String, ByVal sFromIp As String)
Dim sPriority As String
Dim sPath As String = System.Environment.CurrentDirectory & "Unprocessed"
sSyslog = sSyslog.Replace(vbCrLf, "")
sSyslog = Mid(sSyslog, InStr(sSyslog, ">") + 1, Len(sSyslog))
sSyslog = Trim(sSyslog)
sPriority = GetSyslogPriority(sSyslog)
Dim swWriter As New StreamWriter(sPath & "syslog" & Now.Month & Now.Day & Now.Year & Now.Minute & ".txt", True)
swWriter.WriteLine(sFromIp & "," & Now & "," & sPriority & "," & sSyslog)
swWriter.Flush()
swWriter.Close()
End Sub
What FillLog does it look at data recieved, and parses it out, removing line feeds, etc.
Then it gets the priority from a function GetSyslogPriority(). Then it writes out the info to a comma seperated txt file (for easy parsing later), that is named pathsyslogmonthdayyearminute.txt so for example, c:unprocessedsyslog0408200529.txt
It will append to that txt for for the minute it gets syslogs for. So you should probably have another process that will consume that txt file before the next hour rolls around.
Finally, the function that gets the priority:
Private Function GetSyslogPriority(ByVal sSyslog As String) As String
Dim sResult As String
If InStr(sSyslog, "-0-") Then
sResult = "Emergency (0)"
End If
If InStr(sSyslog, "-1-") Then
sResult = "Alert (1)"
End If
If InStr(sSyslog, "-2-") Then
sResult = "Critical (2)"
End If
If InStr(sSyslog, "-3-") Then
sResult = "Error (3)"
End If
If InStr(sSyslog, "-4-") Then
sResult = "Warning (4)"
End If
If InStr(sSyslog, "-5-") Then
sResult = "Notice (5)"
End If
If InStr(sSyslog, "-6-") Then
sResult = "Info (6)"
End If
If InStr(sSyslog, "-7-") Then
sResult = "Debug (7)"
End If
If sResult = "" Then
sResult = "UNKNOWN"
End If
Return sResult
End Function
To summarize, you can capture syslogs from your network to text files, and then create another program to read in the text files to a database and write reports. Creating the UDP listener on port 514, you can setup your network devices to dump syslogs to your box where you are running the syslog server you created. To troubleshoot network issues, syslogs will give you a good idea of what is getting denied, etc, and you can create your own homegrown Syslog Server using VB.NET in a few simple steps.
Enjoy!
Steve Novoselac's Blog 
21 replies on “How To Make Your Own Syslog Sever in VB.NET”
Fantastic job,
where I could download for testing your application?
Regards
Carlo
LikeLike
thanks a lot for your sourcecode
kenny g.-thailand
LikeLike
Could you share your project files?
Tks,
Ricardo
LikeLike
all the code is in the post. you just need to create a vb.net console app and pretty much copy the code over.
LikeLike
Howde. I copied this code and all compiled fine but I’m recieving no data from my local Netgear router with my firewall turned off. Am I missing something or can I test to see if any syslog traffic is coming through?
LikeLike
Howde. I copied this code and all compiled fine but Iβm recieving no data from my local Netgear router with my firewall turned off. Am I missing something or can I test to see if any syslog traffic is coming through?
LikeLike
Hi Steve,Your tutorial will save me lots of time in building my project. But for some reason I couldn't yet figure it out, it doesn't work (I don't get and log file in C:/Unprocessed). Here is the code I'm using in my console app:Imports System.IOImports System.Net.SocketsImports System.NetImports System.TextModule Module1 Sub Main() Call ListenForSyslogs() End Sub Private Sub ListenForSyslogs() Dim ipeRemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0) Dim udpcUDPClient As New UdpClient(514) Dim sDataRecieve As String Dim bBytesRecieved() As Byte Dim sFromIP As String Try While True bBytesRecieved = udpcUDPClient.Receive(ipeRemoteIpEndPoint) sDataRecieve = Encoding.ASCII.GetString(bBytesRecieved) sFromIP = ipeRemoteIpEndPoint.Address.ToString FillLog(sDataRecieve, sFromIP) Console.WriteLine(sDataRecieve) sDataRecieve = “” End While Catch e As Exception ' just ignore for now End Try End Sub Private Sub FillLog(ByVal sSyslog As String, ByVal sFromIp As String) Dim sPriority As String Dim sPath As String = System.Environment.CurrentDirectory & “Unprocessed” sSyslog = sSyslog.Replace(vbCrLf, “”) sSyslog = Mid(sSyslog, InStr(sSyslog, “>”) + 1, Len(sSyslog)) sSyslog = Trim(sSyslog) sPriority = GetSyslogPriority(sSyslog) Dim swWriter As New StreamWriter(sPath & “syslog” & Now.Month & Now.Day & Now.Year & Now.Minute & “.txt”, True) swWriter.WriteLine(sFromIp & “,” & Now & “,” & sPriority & “,” & sSyslog) swWriter.Flush() swWriter.Close() End Sub Private Function GetSyslogPriority(ByVal sSyslog As String) As String Dim sResult As String If InStr(sSyslog, “-0-“) Then sResult = “Emergency (0)” End If If InStr(sSyslog, “-1-“) Then sResult = “Alert (1)” End If If InStr(sSyslog, “-2-“) Then sResult = “Critical (2)” End If If InStr(sSyslog, “-3-“) Then sResult = “Error (3)” End If If InStr(sSyslog, “-4-“) Then sResult = “Warning (4)” End If If InStr(sSyslog, “-5-“) Then sResult = “Notice (5)” End If If InStr(sSyslog, “-6-“) Then sResult = “Info (6)” End If If InStr(sSyslog, “-7-“) Then sResult = “Debug (7)” End If If sResult = “” Then sResult = “UNKNOWN” End If Return sResult End FunctionEnd ModuleI also did an windows app and used the same code but calling the ListenForSyslogs() procedure from a button click event or from a form load event. The result is the same. Can you help me with figuring out what am I doing wrong here?Thank you!
LikeLike
are you sure you are sending syslogs to the ip where you are running the app?
LikeLike
Hi Steve,Yes, I am sure. I have installed in my PC a trial version of Kiwi Syslog Server and i get the syslogs.
LikeLike
Hi Steve,I am not sure if you received my last post. Yes, the syslogs are sent to my PC. When using Kiwi I have no issues. I still try to figure out wherer is the issues but so for I had no luck.Thank you!
LikeLike
Hi Steve,I git it working. The folder Unprocessed needs to be created in the same directory from where the application is executed. Otherwise the txt log files won't show. :-)Thank you for such an excellen tutorial!
LikeLike
This happens to be an awesome work for knowing the log details.But i'm unable to see it in action. can anybody help me out. I'm using the same as described but unable to listen. I'm using Linksys RV016.Thanks in advance
LikeLike
Many thanks, this save my time to develop a new one….
LikeLike
GetSyslogPriority not work π¦
LikeLike
Did you create the second function i have listed in code?
LikeLike
Thanks, Steve. Saved me a bit of time.
Think you might want to change Sub FillLog not to discard the number in the angel brackets as this is the Priority value (0-191) and is what should be processed. My devices don’t communicate β-4-β, for example but could send which is Facility=3, Severity=4.
sPriority = Mid(sSyslog, InStr(sSyslog, ββ) – InStr(sSyslog, β<β) – 1)
sFacility = sPriority / 8)
sSeverity = sPriority Mod 8)
LikeLike
oops. ANGLE brackets. Angel brackets is a completely different concept π
LikeLike
Hmmm, at your blog strips stuff in angle brackets so it removed the example I gave, which was 28 inside the angled brackets
LikeLike
sorry about that. my blog has moved umpteen times π I wrapped it in “code” tags now so i think it’s fixed
LikeLike
I don’t think this code is going to take a lot of connections at once. definitely not hundreds of simultaneous connections. needs to be multi-threaded and the file should remain open for writing instead of opening and closing it repeatedly.
LikeLike
I don’t think this code is going to take a lot of connections at once. definitely not hundreds of simultaneous connections. needs to be multi-threaded and the file should remain open for writing instead of opening and closing it repeatedly.
LikeLike