{"id":9094,"date":"2022-06-22T14:27:11","date_gmt":"2022-06-22T19:27:11","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=9094"},"modified":"2022-06-22T14:27:12","modified_gmt":"2022-06-22T19:27:12","slug":"simulating-syslog-data","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=9094","title":{"rendered":"Simulating Syslog Data"},"content":{"rendered":"\n<p>After creating a syslog pipeline, it is convenient to be able to <em>test<\/em> that data is being received and parsed as expected. You can use the logger utility (from the util-linux package) using &#8220;-n&#8221; to specify the target server, -P to specify the target port, either -d for udp or -T for tcp, -i with the process name, -p with the log priority, and the message content in quotes.<\/p>\n\n\n\n<p>As an example, this command sends a sample log record to the logstash server. If the pipeline is working properly, the document will appear in ElasticSearch. <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nlogger -n logstash.example.com -P 5101 -d -i ljrtest -p user.notice &#039;&lt;date=2022-06-22 time=09:09:28 devname=&quot;fcd01&quot; \\\n      devid=&quot;AB123DEF45601874&quot; eventtime=1655914168555429048 tz=&quot;-0700&quot; logid=&quot;0001000014&quot; type=&quot;traffic&quot; subtype=&quot;local&quot; \\ \n      level=&quot;notice&quot; vd=&quot;EXAMPLE-CORP&quot; srcip=10.4.5.10 srcport=56317 srcintf=&quot;VLAN1&quot; srcintfrole=&quot;wan&quot; dstip=10.2.3.212 \\ \n      dstport=61234 dstintf=&quot;EXAMPLE-CORP&quot; dstintfrole=&quot;undefined&quot; srccountry=&quot;United States&quot; dstcountry=&quot;United States&quot; sessionid=3322792 \\ \n      proto=6 action=&quot;deny&quot; policyid=0 policytype=&quot;local-in-policy&quot; service=&quot;tcp\/61234&quot; trandisp=&quot;noop&quot; app=&quot;tcp\/61234&quot; duration=0 \\ \n      sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0&#039;\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>After creating a syslog pipeline, it is convenient to be able to test that data is being received and parsed as expected. You can use the logger utility (from the util-linux package) using &#8220;-n&#8221; to specify the target server, -P to specify the target port, either -d for udp or -T for tcp, -i with &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1588],"tags":[1663,1643,1662],"class_list":["post-9094","post","type-post","status-publish","format-standard","hentry","category-elk","tag-logger","tag-logstash","tag-syslog"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9094"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9094\/revisions"}],"predecessor-version":[{"id":9095,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9094\/revisions\/9095"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}