Powershell script to send syslog messages to syslog server - Priority does not display in syslog log - Host is also being duplicated
I wrote a powershell script to send syslog messages to a Linux syslog server (rsyslog). The message is logged but the priority doesn't appear to be logged with the rest of the message.
The message I am sending is below
The rsyslog template that I'm using is:
Message logged:
It also appears that after reaching a certain number of messages, the syslog server has started to log the hostname of the computer I'm running the script from. I need the syslog server to treat the hostname being sent by powershell as part of the syslog message as the actual sender. Is there a way to accomplish this?
Any ideas are appreciated!
The message I am sending is below
$SyslogMessage = '<165>1', 'TestHost', 'Powershell', 'This is a test from Powershell'The rsyslog template that I'm using is:
$template TraditionalFormatWithPRI,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%"Message logged:
2016-09-23T12:49:07.337914-07:00 TestHost Powershell This is a test from PowershellIt also appears that after reaching a certain number of messages, the syslog server has started to log the hostname of the computer I'm running the script from. I need the syslog server to treat the hostname being sent by powershell as part of the syslog message as the actual sender. Is there a way to accomplish this?
Any ideas are appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That does make sense. I'll take a closer look at the config. My main concern is that it is not being received. I supposed I could test that by configuring a separate log file for that particular facility and see if the file gets written to the correct log.
Is there a way to as part of the syslog message to notify the syslog server that I am forwarding the syslog messages and to not log the machine sending the message as the host?
Thank you for your response!
Is there a way to as part of the syslog message to notify the syslog server that I am forwarding the syslog messages and to not log the machine sending the message as the host?
Thank you for your response!
Not sure I understand.
You are on windowshost with powershell send the message
You do not want windowshost reflected in the syslog record on the remote machine? That would defeat the purpose of centralized syslog/events. The purpose of which is maintain the data in central location while being able to differentiate the message to the system that sent it.
You are on windowshost with powershell send the message
You do not want windowshost reflected in the syslog record on the remote machine? That would defeat the purpose of centralized syslog/events. The purpose of which is maintain the data in central location while being able to differentiate the message to the system that sent it.
ASKER
I understand the confusion. I am actually using powershell to pull in and parse a csv with alerts from multiple devices on the network and send the messages to the syslog server. I want the machine running the powershell script to act more as a forwarder if that is the right term. Does that make sense and is this possible?
Have you considered enabling SNMP and using evntwin to configure eventlog to snmptrap to achieve the same goal.
All your systems will transmit the configured events to one or several snmptrap destination. Where you would have snmptrap will add the received entry into the local syslog/file based .....
All your systems will transmit the configured events to one or several snmptrap destination. Where you would have snmptrap will add the received entry into the local syslog/file based .....
App.<minimal priority> /path/to/log
When you send an event, if your priority is lower then the minimum in the configuration, the event will not be recorded. If it is higher it will be.
Check your rsyslog.conf noting what the configuration for an entry is, it might be that your rsyslog entry format does not include priority as an entry to ve recorded/reflected.