Powershell: Syslog Module
From Mike Beane's Blog
Purpose
Scratching a syslog itch with this one. It heavily uses the entry here and then builds in some specific things that I'm looking for.
- Default severity and facility if not given
- This one is for script driven items where outcomes should go out to syslog (audit trail) and will include $User and $Hostname
- Intended for re-use among many scripts.
Note: Example has copious write-hosts, remove as needed.
Code
#We'd want to pass syslog($Message,$Severity,$Facility) for processing # Reference: https://thwack.solarwinds.com/docs/DOC-194243 function hu_syslog ($Message,$Severity,$Facility){ Write-Host $Message "-" $Severity "-" $Facility If (!$Facility) {$Facility=22} #(16-23)=LOCAL0-LOCAL7 If (!$Severity) {$Severity=6} #0=EMERG 1=Alert 2=CRIT 3=ERR 4=WARNING 5=NOTICE 6=INFO 7=DEBUG $Server = 'syslog' $User=$env:USERNAME $Hostname= $env:COMPUTERNAME # Create a UDP Client Object $UDPCLient = New-Object System.Net.Sockets.UdpClient $UDPCLient.Connect($Server, 514) # Calculate the priority $Priority = ([int]$Facility * 8) + [int]$Severity #Time format the SW syslog understands $Timestamp = Get-Date -Format "MMM dd HH:mm:ss" # Assemble the full syslog formatted message $FullSyslogMessage = "<{0}>{1} {2} {3} {4}" -f $Priority, $Timestamp, $Hostname, $User, $Message # create an ASCII Encoding object $Encoding = [System.Text.Encoding]::ASCII # Convert into byte array representation $ByteSyslogMessage = $Encoding.GetBytes($FullSyslogMessage) Write-Host $Message "-" $severity "-" $Facility # Send the Message #####-----#### $UDPCLient.Send($ByteSyslogMessage, $ByteSyslogMessage.Length) #write-host $FullSyslogMessage }
Usage
- save as syslog.psm1 (or whatever name)
- Import into ps1 script via
Import-Module .\syslog.psm1
- Invoke by calling the function
syslog "dfasdf asdfadsfa" 3 1 syslog "dfasdf asdfadsfa" 6 syslog "dfasdf asdfadsfa" 4 7 syslog "dfasdf asdfadsfa"
Results
With the write-hosts enable, you should see that it returns the "quoted entry" and also the facility and severity. If no facility or severity were given, it will default to values in the module.
dfasdf asdfadsfa - 3 - 1 dfasdf asdfadsfa - 3 - 1 dfasdf asdfadsfa - 6 - dfasdf asdfadsfa - 6 - 22 dfasdf asdfadsfa - 4 - 7 dfasdf asdfadsfa - 4 - 7 dfasdf asdfadsfa - - dfasdf asdfadsfa - 6 - 22