[syslog-ng] Tool to determine facility and severity from syslogpackets

[Justin Shore]

Thanks for the reply.  I was hoping to avoid doing it the hard way if at
all possible.  Setting up 24 separate facilities, one at a time, and
checking my logs for recognizable output doesn't sound like a fun Friday
night.  I figured someone out there had a trick to do this.  All the
syslog message generation tools have the ability to set facility and
severity.  Somewhere along the way I figured someone would have created
a tool to help test those tools.  I may do this if I absolutely have to
but I'm still going to hold out for a while on a script or tool that can
do this for me.

Thanks for the info
  Justin

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of G.W. Haywood
Sent: Tuesday, December 05, 2006 6:07 AM
To: syslog-ng at lists.balabit.hu
Subject: Re: [syslog-ng] Tool to determine facility and severity from
syslogpackets

Hi there,

On Tue, 5 Dec 2006, "Justin Shore" wrote:

> Does anyone know of a tool to read the facility and severity info from

> inbound syslog packets?  I have a number of devices that are sending 
> me syslog info and I can't determine what facility they're using.

>From your description I'm not sure exactly what your problems are, but
_if_ you're using syslog-ng (if not, why not?!:) and _if_ I understand
what you need then I think I would simply create two sets of temporary
logfiles: one set would log everything at every severity and the other
would log everything at every facility.  Then I'd look in the logs to
see if I recognized any of the output.

A lot simpler and, er, more deterministic than hacking C and/or Perl.

--

73,
Ged.
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html