#include-once Global $__SyslogSendPing ; this allows global access to the ping result (in ms) Global $__SyslogSendPacket ; this allows global access to the entire syslog packet: PRI, HEADER and MSG. ; #FUNCTION# ==================================================================================================================== ; Name ..........: SyslogSend v1.0.3 ; Modified ......: 2018.10.09 ; Changelog......: v1.0.2 fixed $MDAY formatting, leading zero would not be correctly replaced by a space ; v1.0.3 added debug console output when packet is sent. Set global variable $_D=True to show debug output. ; Description ...: Sends syslog messages to a syslog server using UDP ; Syntax ........: SyslogSend($_Message, $_Target, $_Port, $_Facility, $_Severity, $_Tag, $_HostName) ; Parameters ....: $_Message - Text message to send. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.4 ; $_Target - [optional] Target IP or host (IPv4 address or hostname). Default is "127.0.0.1". ; $_Facility - [optional] Facility value (integer 0..23). Default is 1. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.2.1 ; $_Severity - [optional] Severity level (integer 0..7). Default is 7. https://tools.ietf.org/html/draft-ietf-syslog-protocol-23#section-6.2.1 ; $_Tag - [optional] Name of program or process (a-zA-Z0-9). https://tools.ietf.org/html/rfc3164#section-4.1.3 ; $_HostName - [optional] Originator hostname. Default is @ComputerName. https://tools.ietf.org/html/rfc3164#section-4.1.2 ; $_Port - [optional] UDP port number (integer 0..65535). Default is 514. ; $_Ping - [optional] Ping the host before sending, with value as timeout. Function will exit and return an ; error message if host did not respond. Default is 0 (no ping). ; Return values .: 0 = Success ; Non-zero = error text message ; Author ........: Irios ; Remarks .......: Uses UDP only, and sticks to the BSD syslog protocol (https://tools.ietf.org/html/rfc3164), except for Facility ; and Severity levels, which incorporates the extended (newer) values as well. To the best of my knowledge, this ; is how most basic syslog senders do it today anyway. The syslog protocol does not provide acknowledgement of message ; delivery, the ping feature is for convenience only. Most syslog servers will use the first word in the MSG field as ; TAG if you do not specify a tag yourself. This is by design, and not a bug. ; Example .......: SyslogSend("A test message", "192.168.0.1", 514, 3, 5, "SyslogSend", "fooServer", 1000) ; This would send the text string "<29> Oct 1 00:36:23 fooServer SyslogSend: A test message" to host 192.168.0.1:514 (including a ping, 1000ms timeout). ; ; =============================================================================================================================== Func SyslogSend($_Message, $_Target = "127.0.0.1", $_Facility = 1, $_Severity = 7, $_Tag = "", $_HostName = @ComputerName, $_Port = 514, $_Ping = 0) Local $_UDPStartup = False If (StringStripWS($_Message, 8) = "") Then Return "Error. Nothing to send (no message content)." If ($_Target = "") Or (Int($_Port) < 0) Or (Int($_Port) > 65535) Or (Int($_Facility) < 0) Or (Int($_Facility) > 23) Or (Int($_Severity) < 0) Or (Int($_Severity) > 7) Then Return "Argument(s) error." ; quick check to make sure most of the parameters have valid values ; Strip accidental spaces from target IP, HOSTNAME, and TAG. Adding a colon and space to the TAG field (https://tools.ietf.org/html/rfc3164#section-4.1.3) $_Target = StringStripWS($_Target, 8) $_HostName = StringStripWS($_HostName, 8) If ($_Tag <> "") Then $_Tag = StringStripWS($_Tag, 8) & ": " ; Ping the target host, and return an error if not responding If (Int($_Ping) <> 0) Then $__SyslogSendPing = Ping($_Target, $_Ping) Switch @error Case 1 $__SyslogSendPing = "" Return "Ping error. Host is offline." Case 2 $__SyslogSendPing = "" Return "Ping error. Host is unreachable." Case 3 $__SyslogSendPing = "" Return "Ping error. Bad destination." Case 4 $__SyslogSendPing = "" Return "Ping error. Other error." EndSwitch EndIf ; Format the TIMESTAMP field. Month number converted to Mmm format (https://tools.ietf.org/html/rfc3164#section-4.1.2). Replace leading zero in day with a space. Switch @MON Case 1 $MON = "Jan" Case 2 $MON = "Feb" Case 3 $MON = "Mar" Case 4 $MON = "Apr" Case 5 $MON = "May" Case 6 $MON = "Jun" Case 7 $MON = "Jul" Case 8 $MON = "Aug" Case 9 $MON = "Sep" Case 10 $MON = "Oct" Case 11 $MON = "Nov" Case 12 $MON = "Dec" EndSwitch $MDAY = " " & @MDAY ; we add a leading space for easier processing/formatting... $MDAY = StringReplace($MDAY, " 0", " ", 1) ; ...here we make sure the MDAY variable always has the same length (incl. a trailing space). Value such as "03" is illegal, and must be formatted as " 3". Local $_TimeStampNow = $MON & $MDAY & " " & @HOUR & ":" & @MIN & ":" & @SEC ; the complete TIMESTAMP field (https://tools.ietf.org/html/rfc3339) Local $_Prival = Int(($_Facility * 8) + $_Severity) ; generating the for the PRI field. Multiply the Facility number by 8 and add the numerical value of the Severity (https://tools.ietf.org/html/rfc5424#section-6.2.1) $__SyslogSendPacket = "<" & $_Prival & "> " & $_TimeStampNow & " " & $_HostName & " " & $_Tag & $_Message ; the complete syslog packet (https://tools.ietf.org/html/rfc3164#section-4.1.3) If (Eval("_D")=True) Then ConsoleWrite('DEBUG SyslogSend(): "'& $__SyslogSendPacket & '"' & @CRLF) ; debug output, uses $_D as trigger UDPStartup() ; starting the UDP service If @error Then Return "Could not start UDP service. Error " & @error Else $_UDPStartup = True EndIf Local $_Socket = UDPOpen($_Target, $_Port) ; the socket for the UDP connection If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not connect. Error " & @error EndIf UDPSend($_Socket, $__SyslogSendPacket) ; sending the packet If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not send the data. Error " & @error EndIf UDPCloseSocket($_Socket) ; closing the socket If @error Then If $_UDPStartup Then UDPShutdown() Return "Could not close socket. Error " & @error EndIf If $_UDPStartup Then UDPShutdown() ; Close the UDP service. EndFunc ;==>SyslogSend