Thanks for the reply. I was hoping to avoid doing it the hard way if at all possible. Setting up 24 separate facilities, one at a time, and checking my logs for recognizable output doesn't sound like a fun Friday night. I figured someone out there had a trick to do this. All the syslog message generation tools have the ability to set facility and severity. Somewhere along the way I figured someone would have created a tool to help test those tools. I may do this if I absolutely have to but I'm still going to hold out for a while on a script or tool that can do this for me. Thanks for the info Justin -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of G.W. Haywood Sent: Tuesday, December 05, 2006 6:07 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] Tool to determine facility and severity from syslogpackets Hi there, On Tue, 5 Dec 2006, "Justin Shore" wrote:

Does anyone know of a tool to read the facility and severity info from

inbound syslog packets? I have a number of devices that are sending me syslog info and I can't determine what facility they're using.

From your description I'm not sure exactly what your problems are, but _if_ you're using syslog-ng (if not, why not?!:) and _if_ I understand what you need then I think I would simply create two sets of temporary logfiles: one set would log everything at every severity and the other would log everything at every facility. Then I'd look in the logs to see if I recognized any of the output.

A lot simpler and, er, more deterministic than hacking C and/or Perl. -- 73, Ged. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html