How to Test Syslog Configuration: Tools and Script Examples for Sending Test Messages


2 views

When debugging syslog configurations, engineers often need to verify whether messages are being properly captured and routed. The challenge is finding an efficient way to generate test messages with specific facilities and priorities without modifying application code.

Most Unix-like systems include the logger command, which is perfect for this purpose:

# Basic message
logger "Test message"

# With specific facility
logger -p local0.notice "Testing facility local0"

# With custom tag
logger -t MYAPP "Application test message"

For more control, here's a Python script that uses the syslog module:

#!/usr/bin/env python3
import syslog
import argparse

parser = argparse.ArgumentParser()
parser.add_argument('-f', '--facility', help='Syslog facility')
parser.add_argument('message', help='Message to send')
args = parser.parse_args()

facility_map = {
    'kern': syslog.LOG_KERN,
    'user': syslog.LOG_USER,
    'mail': syslog.LOG_MAIL,
    'local0': syslog.LOG_LOCAL0,
    # Add other facilities as needed
}

facility = facility_map.get(args.facility.lower(), syslog.LOG_USER)
syslog.openlog(facility=facility)
syslog.syslog(args.message)

For quick testing, Perl offers a concise solution:

perl -e 'use Sys::Syslog; openlog("test", "ndelay", "local0"); syslog("notice", "Test message");'

To test remote syslog servers:

echo "<14>$(date '+%b %d %H:%M:%S') hostname app: Test message" | nc -u -w1 syslog.server 514

For comprehensive testing, consider these specialized tools:

  • syslog-ng's loggen for performance testing
  • rsyslog's omstdout module for debugging
  • socat for complex network testing scenarios

After sending test messages:

  1. Check /var/log/syslog or facility-specific log files
  2. Verify logrotate isn't interfering with your tests
  3. Ensure sufficient permissions exist for the logging process

When debugging syslog configurations, manually verifying message routing becomes tedious. The ideal solution should allow:

  • Precise control over facility and priority levels
  • Local machine testing without network dependencies
  • Scriptable interface for automation
  • Minimal dependencies

The simplest approach uses built-in system utilities:

# BSD/Linux logger command
logger -p local0.notice "Test message"
logger -t MYTAG -p auth.warning "Auth failure test"

# Windows alternative (requires Sysmon or similar):
eventcreate /ID 1 /L APPLICATION /T INFORMATION /SO "MyApp" /D "Test event"

For advanced testing, this Python 3 script provides full parameter control:

#!/usr/bin/env python3
import sys
import syslog
import argparse

def send_syslog(message, facility='user', priority='notice'):
    facility_map = {
        'kern': syslog.LOG_KERN,
        'user': syslog.LOG_USER,
        'mail': syslog.LOG_MAIL,
        'daemon': syslog.LOG_DAEMON,
        'auth': syslog.LOG_AUTH,
        'local0': syslog.LOG_LOCAL0,
        'local7': syslog.LOG_LOCAL7
    }
    
    priority_map = {
        'emerg': syslog.LOG_EMERG,
        'alert': syslog.LOG_ALERT,
        'crit': syslog.LOG_CRIT,
        'err': syslog.LOG_ERR,
        'warning': syslog.LOG_WARNING,
        'notice': syslog.LOG_NOTICE,
        'info': syslog.LOG_INFO,
        'debug': syslog.LOG_DEBUG
    }
    
    syslog.openlog(facility=facility_map[facility])
    syslog.syslog(priority_map[priority], message)

if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', '--facility', default='user')
    parser.add_argument('-p', '--priority', default='notice')
    parser.add_argument('message', nargs='+')
    args = parser.parse_args()
    
    send_syslog(' '.join(args.message), args.facility, args.priority)

Windows administrators can use this PowerShell function:

function Send-SyslogMessage {
    param(
        [string]$Message,
        [ValidateSet('Kernel','User','Mail','System','Security','Local0','Local7')]
        [string]$Facility = 'User',
        [ValidateSet('Emergency','Alert','Critical','Error','Warning','Notice','Info','Debug')]
        [string]$Severity = 'Info',
        [string]$Server = 'localhost',
        [int]$Port = 514
    )
    
    $priorityMap = @{
        'Emergency' = 0
        'Alert'     = 1
        'Critical'  = 2
        'Error'     = 3
        'Warning'   = 4
        'Notice'    = 5
        'Info'      = 6
        'Debug'     = 7
    }
    
    $facilityMap = @{
        'Kernel'  = 0
        'User'    = 1
        'Mail'    = 2
        'System'  = 3
        'Security'= 4
        'Local0'  = 16
        'Local7'  = 23
    }
    
    $priority = $facilityMap[$Facility] * 8 + $priorityMap[$Severity]
    $timestamp = Get-Date -Format "MMM dd HH:mm:ss"
    $hostname = $env:COMPUTERNAME
    $message = "<{0}>{1} {2} {3}" -f $priority, $timestamp, $hostname, $Message
    
    $udpClient = New-Object System.Net.Sockets.UdpClient
    $udpClient.Connect($Server, $Port)
    $bytes = [Text.Encoding]::ASCII.GetBytes($message)
    $udpClient.Send($bytes, $bytes.Length) | Out-Null
    $udpClient.Close()
}

For enterprise environments, consider these dedicated solutions:

  • syslog-ng: Includes a built-in test message generator
  • rsyslog: Offers omstdout module for debugging
  • LogAnalyzer: Visual testing tool with message injection
  • Netcat: Raw UDP/TCP testing with nc -u localhost 514

After sending test messages, verify reception using:

# Linux real-time monitoring
tail -f /var/log/syslog
journalctl -f

# Windows Event Viewer filtering
Get-WinEvent -LogName "Application" -MaxEvents 10 | Format-List