Syslog Bulk Uploader Tool

Syslog Bulk Uploader Tool

Introduction

One of the flagship products I’m working on is a SIEM-type software. It’s principal input are logs generated by network hardware, operating systems, applications, etc. Testing such a system often times consists of feeding it various selection of logs and checking generated outputs (databases, notifications, etc.) for expected values.

Inspired by internal utilities we’re using for this purpose, I’ve written an open source utility for doing the same thing - sending a bunch of logs in text files to syslog server.

Utility is available at https://github.com/zmarko/syslog-bulk-uploader; it is written in C++ and released under MIT license.

Usage

Input

Input files need to be in the following format: <timestamp> <facility.severity> <source> <message>. Individual fields are defined as:

timestamp
in format YYYY-MM-DD HH:MM:SS

facility
one of syslog facility strings: kern, user, mail, daemon, auth, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, logaudit, logalert, cron, local0, local1, local2, local3, local4, local5, local6, local7

severity
one of syslog severity strings: emergency, alert, critical, error, warning, notice, informational, debug

source
IP address or host name of message source

message
the text of the message itself

Command line

The program is invoked as syslog-bulk-uploader [option]... [file]..., with the following options:

-h –help
display help message, then exit

-v –version
display version information, then exit

-m –mps num
send messages at specified rate per second; default, if not specified, is 1000

-d –dest dest
destination host name

-p –port arg
destination port; default, if not specified, is 514

[-f –files] filename
one or more input files; option name (-f or –file) is optional, i.e. all non-named arguments will be interpreted as filenames

Building

Detailed information on building the utility from source is available on GitHub project page.

Conclusion

If you find this utility useful, have an issue to report or anything else to say on the subject feel free to comment here or file an issue here.