Relaying Syslog


Enterprise networks managed by offshore Network operation centers often face issue of how to manage the alert in real time.

My idea:

Make a central Syslog Server – forward all logging from routers/pix/Vpn concentrators to Central Syslog. Make your syslog server in a way that it parse the incoming messages, cache’s them and then forward them to all of the NOC staff present in the office (or statically to a list of IP Addresses). NOC staff uses standalone Syslog application like Kiwi Syslog Deamon

Nice idea na ? what would you achieve – get rid of VNC or Web-based legacy syslog servers ; personal tick tick to an engineer when he’s sleeping at night duty with headphones on his head ; +++ way to low processing in control plane at router level.

how to do it: huh’ crash your head into the wall, try googling around ? okay not found – i have made an application code partially written in C++, partial code in Perl and attached with a DB of MySQL.

C++ :

(Listen to IF_INET, bind port 514 for reading syslog messages)

(Parse the incoming message, separate the IP address, Priority Code, text)

Perl:

(takes input of Priority Code, Text & IP Address of sender from C++ code)

(process a fake raw socket with a source IP of sender :: why – think about it)

(prepare the list of NOC staff IPs from DB/TXT)

(merge the fake ip,space,<pritority>message and send it to the destination syslog receiver on 514 destination).

there you go – relaying syslog server is ready – usually i don’t sell my idea but for you its free – need code too ? email me..

Advertisements

One Response to “Relaying Syslog”

  1. a s m a Says:

    Hmm accha 😛

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: