Testing the Syslog Sever Configuration

Testing the Syslog Sever Configuration

Problem

You want to test the configuration of your syslog server to ensure that the log messages are stored in their correct location.

Solution

The Bourne shell script in Example 18-2 emulates syslog messages at various severity levels to ensure that your server routes them to the correct location. By default, the script will emulate syslog messages to the local7 syslog facility, since Cisco routers default to local7, but the logging facility is completely configurable. No arguments are required or expected.

Example 18-2. testlog.sh

#!/bin/sh
#
# testlog.sh -- a script to test the syslog facility to ensure that
# messages, at various levels, are being forwarded
# to the correct file(s)
#
# Set Behavior
FACILITY=local7
LOGGER="/usr/bin/logger"
#
$LOGGER -p $FACILITY.emerg "This meassage was sent to $FACILITY.emerg (0)"
$LOGGER -p $FACILITY.alert "This meassage was sent to $FACILITY.alert (1)"
$LOGGER -p $FACILITY.crit "This meassage was sent to $FACILITY.crit (2)"
$LOGGER -p $FACILITY.err "This meassage was sent to $FACILITY.err (3)"
$LOGGER -p $FACILITY.warning "This meassage was sent to $FACILITY.warning (4)"
$LOGGER -p $FACILITY.notice "This meassage was sent to $FACILITY.notice (5)"
$LOGGER -p $FACILITY.info "This meassage was sent to $FACILITY.info (6)"
$LOGGER -p $FACILITY.debug "This meassage was sent to $FACILITY.debug (7)"

Discussion

This script is designed to test the syslog server configuration to ensure that router log messages forward to the correct file(s). Basically, the script emulates router log messages at the various severity levels to verify how the syslog daemon handles them.

We use the Unix logger command to generate log messages and forward them to the syslog daemon. The server should route these log messages to same location as the router log messages. If the test log messages either do not show up in the expected file or show up in undesirable locations, then there must be configuration problems in your syslog.conf file.

As noted above, the script's default syslog facility is set to local7, but this is completely configurable. For instance, if your routers are set to use local6, then the variable FACILITY needs to be local6:

FACILITY=local6

If your syslog.conf file includes an entry to forward local7.info log messages to a file called /var/log/rtrlog, then the output from the script would look like the following:

Freebsd# ./testsyslog.sh

Message from syslogd@localhost at Sun Mar 31 22:44:09 2002 ...
localhost This message was sent to local7.emerg (0)
Freebsd# tail /var/log/rtrlog
Mar 31 22:44:09 localhost This message was sent to local7.emerg (0)
Mar 31 22:44:09 localhost This message was sent to local7.alert (1)
Mar 31 22:44:09 localhost This message was sent to local7.crit (2)
Mar 31 22:44:09 localhost This message was sent to local7.err (3)
Mar 31 22:44:09 localhost This message was sent to local7.warning (4)
Mar 31 22:44:09 localhost This message was sent to local7.notice (5)
Mar 31 22:44:09 localhost This message was sent to local7.info (6)
Freebsd#

Notice that one of the messages produced by the script was sent directly to the screen. This is because the test server's syslog.conf file is configured to forward all emergency level syslog messages to all TTY terminals, as is a commonly done on Unix machines. Although this message will not cause any system problems, it can strike fear into other active users, so be aware.

The second part of the output shows the contents of the /var/log/rtrlog file. You will notice that the output shows seven lines of progressively decreasing priority log messages, but it does not display a severity 7 (debugging) message. This is because the syslog.conf configuration included a line for local7.info, which does not include debug level messages.

Finally, with a minor modification to your syslog.conf file, you can utilize this script to test remote syslog servers:

local7.info                    @nms.oreilly.com

This example would forward all local7 log messages to a remote syslog server called nms.oreilly.com. Notice the syntax of this line introduces the @ sign to signify that a server name follows. Running the script again would forward local7 log messages to the remote server, which would effectively emulate router log messages and test the server's syslog configuration. When testing is completed, make sure to remove or comment out the above configuration line; otherwise, incoming local7 log messages will also be forwarded to the remote syslog server.