How to send a syslog message with logger and verify the connection with tcpdump

Jul 15, 2022 - 3 min read

Introduction

It is very easy to send a syslog test message to a syslog server using logger and to check the connection between syslog client and server with tcpdump.

Requirements

Ensure your Linux distribution includes the logger and tcpdump packages. These packages are not always pre-installed.

How To

1. Listen for incoming connections with tcpdump:

   Run the following command:

   Linux

   # Open your terminal application
   sudo tcpdump -i any dst port 6514

   In this instance, I’m monitoring port 6514 (UDP) on my Docker host as I conducted this test with my Telegraf Syslog Receiver plugin installation.

2. Open another session and send a syslog message with logger:

   Run the following command:

   Linux

   # Open your terminal application
   sudo logger -n <IP address> -d -P 6514 <message>
   # IMPORTANT: Please read the instructions below

   Instructions:

   • Required Replace <IP address> with the IP address of your Syslog server. In my case it is the IP address of the docker host which is running Telegraf
   • Required Replace <message> with a message, for example test

3. Now tcpdump should see an incoming connection and the syslog server should have received the message as well. If not then there is probably a problem with the syslog server configuration

Comments

No comments found for this note.

Join the discussion for this note on Github. Comments appear on this page instantly.

Tags:

• Linux

Telegraf container setup with syslog receiver input plugin

Jellyfin container setup