In networks all over, many devices can send Syslogs to a syslog server. You can download Syslog Servers (like Kiwi) to capture and process the syslogs, or you can create your own server to catch all the syslogs on your network. Then you can parse them to a database and write your own reports of them, having full control of everything.
First, in VB.Net, you need to import some namespaces.
Imports System.IO
Imports System.Net.Sockets
Imports System.Net
Imports System.Text
Then, from you Main procedure, call a procedure called ListenForSyslogs
Private Sub ListenForSyslogs()
Dim ipeRemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0)
Dim udpcUDPClient As New UdpClient(514)
Dim sDataRecieve As String
Dim bBytesRecieved() As Byte
Dim sFromIP As String
Try
While True
bBytesRecieved = udpcUDPClient.Receive(ipeRemoteIpEndPoint)
sDataRecieve = Encoding.ASCII.GetString(bBytesRecieved)
sFromIP = ipeRemoteIpEndPoint.Address.ToString
FillLog(sDataRecieve, sFromIP)
Console.WriteLine(sDataRecieve)
sDataRecieve = ""
End While
Catch e As Exception
' just ignore for now
End Try
End Sub
If you analyze this code, it just sets up a endpoint on the IP you are running the program, and listens on port 514, the default syslog port. It will just run and run, and keep listening. Whenever you recieve data, then call FillLog procedure
Private Sub FillLog(ByVal sSyslog As String, ByVal sFromIp As String)
Dim sPriority As String
Dim sPath As String = System.Environment.CurrentDirectory & "Unprocessed"
sSyslog = sSyslog.Replace(vbCrLf, "")
sSyslog = Mid(sSyslog, InStr(sSyslog, ">") + 1, Len(sSyslog))
sSyslog = Trim(sSyslog)
sPriority = GetSyslogPriority(sSyslog)
Dim swWriter As New StreamWriter(sPath & "syslog" & Now.Month & Now.Day & Now.Year & Now.Minute & ".txt", True)
swWriter.WriteLine(sFromIp & "," & Now & "," & sPriority & "," & sSyslog)
swWriter.Flush()
swWriter.Close()
End Sub
What FillLog does it look at data recieved, and parses it out, removing line feeds, etc.
Then it gets the priority from a function GetSyslogPriority(). Then it writes out the info to a comma seperated txt file (for easy parsing later), that is named pathsyslogmonthdayyearminute.txt so for example, c:unprocessedsyslog0408200529.txt
It will append to that txt for for the minute it gets syslogs for. So you should probably have another process that will consume that txt file before the next hour rolls around.
Finally, the function that gets the priority:
Private Function GetSyslogPriority(ByVal sSyslog As String) As String
Dim sResult As String
If InStr(sSyslog, "-0-") Then
sResult = "Emergency (0)"
End If
If InStr(sSyslog, "-1-") Then
sResult = "Alert (1)"
End If
If InStr(sSyslog, "-2-") Then
sResult = "Critical (2)"
End If
If InStr(sSyslog, "-3-") Then
sResult = "Error (3)"
End If
If InStr(sSyslog, "-4-") Then
sResult = "Warning (4)"
End If
If InStr(sSyslog, "-5-") Then
sResult = "Notice (5)"
End If
If InStr(sSyslog, "-6-") Then
sResult = "Info (6)"
End If
If InStr(sSyslog, "-7-") Then
sResult = "Debug (7)"
End If
If sResult = "" Then
sResult = "UNKNOWN"
End If
Return sResult
End Function
To summarize, you can capture syslogs from your network to text files, and then create another program to read in the text files to a database and write reports. Creating the UDP listener on port 514, you can setup your network devices to dump syslogs to your box where you are running the syslog server you created. To troubleshoot network issues, syslogs will give you a good idea of what is getting denied, etc, and you can create your own homegrown Syslog Server using VB.NET in a few simple steps.
Enjoy!
, and I thought it was totally cool when he took his fax apart, hooked it up to his Ipod and then used it to steal the bank account #’s. Mad hack, not sure if it would work though, I guess if you had some software to power it. – Pretty cool!
Steve Novoselac's Blog 