Wiki
Syslog is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.
Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as printers and routers, and message receivers across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository. Implementations of syslog exist for many operating systems.
Each message is labeled with a facility code, and assigned a severity label. The facility code indicates the software type of the application that generated the message.
The destination of messages may be directed to various destinations, tuned by facility and severity, including console, files, remote syslog servers, or relays.
Most implementations provide a command line utility, often called logger, as well as a link library, to send messages to the log.
In this post, I creates and returns a socket resource use PHP socket_create function to send remot UDP Syslog.
$remote_ip = '127.0.0.1';
$remote_port = 514;
$severity_level = 3;
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
$syslog_content = ['info' => md5(time())];
$syslog_message = "<{$severity_level}>" . json_encode($syslog_content);
socket_sendto($sock, $syslog_message, strlen($syslog_message), 0, $remote_ip, (int)$remote_port);
socket_close($sock);
Severity Level Code
0 - Emergency: system is unusable. A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...
1 - Alert: action must be taken immediately. Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection.
2 - Critical: critical conditions. Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection.
3 - Error: error conditions. Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time.
4 - Warning: warning conditions. Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time.
5 - Notice: normal but significant condition. Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6 - Informational: informational messages. Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required.
7 - Debug: debug-level messages. Info useful to developers for debugging the app, not useful during operations.
Setup Syslog Server on Windows
Install Kiwi Syslog Server on Windows, this application can be receives, logs, displays, alerts on, and forwards syslog, SNMP trap, and Windows event log messages from routers, switches, firewalls, Linux and UNIX hosts, and Windows machines.
Test Send Remot UDP Syslog
