Syslog-Slogger

Download

 

 

Syslog-Slogger is a syslog generator. Slogger can be used to generate huge number of 'controlled', 'random' syslog messages. This can be useful in testing out your syslog server setup. The list of syslog messages is specified in an external file . The messages can contain variable sections like "interface <<outside,inside>> is down" and the tool would randomly use one of the values enclosed between "<<" & ">>" to create the message.

·         Feature list

·         Specifying the list of messages

·         Sample properties file

 

 

Feature List

·         Randomly generate from a list of syslogs(includes severity, facility etc) and generate syslogs with the specified attributes. The messages can contain option and tool would randomly choose one of the options. (Details in the message format section)

·         Send Syslogs to a server or log to a file.

·         Can generate about 10,000 syslogs per second. (on a P4)

·         Support for adding original address header to simulate syslog forwarding behavior.

·         Real time display of number of messages sent and the rate at which it is being sent.

·         Users can specify the maximum event rate (EPS . Events per second) to send out messages (experimental)

·         Send messages in EMBLEM format if needed.

·         Display stats about the number of various kinds of messages sent if needed.

·         User can specify the number of messages to be generated. .0. would mean infinite.

 

Specifying the list of messages

The tool allows the user to specify the list of message texts in an external file. The tool would randomly choose one of the messages to generate the syslogs. Users can also specify other syslog attributes like the source address, facility, severity . again a list of values for these can be provided and the tool would randomly use one of these values. These values can be specified at a global level (i.e for all messages) or can be over ridden for specific messages.

Example

Global options for all messages are specified as follows.

rmp.sources=10.1.1.1,10.1.1.2,10.1.1.3 (Source will be randomly chosen from these values)

rmp.levels=7 (level for all messages will be 7, unless overridden by the message)

rmp.facility=PIX (facility will be PIX unless overridden by the message)

rmp.sourcePort=5555 (value not used, but need to be present - bug)

rmp.targetHost=2.2.2.2 (value not used, but need to be present - bug)

rmp.targetPort=targetPort (value not used, but need to be present - bug)

rmp.timeStamp=timeStamps (value not used, but need to be present - bug)

Specifying the messages

###Messages to be generated

rmp.message.1.levels=3 (severity being overridden for this message)

rmp.message.1.messageText= Link status <<up,down>> on interface <<inside,outside>>

( One of the values in between the double angle braces is randomly chosen to create the syslogs. The above statement can result in any of the following every time this message is generated.

Link status up on interface inside

Link status up on interface outside

Link status down on interface inside

Link status up on interface outside)

 

 

Sample properties file

## slogger Properties file

## configure slogger options.

## Program options. 

syslogProvider=org.slogger.provider.randomMessageProvider.RandomSyslogProvider

## Use File publisher to send syslogs to file. ConfigureFilePublisher options

#syslogPublisher=org.slogger.publisher.FilePublisher

## Use network publisher to send syslogs to syslog server. Configure NetworkPublisher options

syslogPublisher=org.slogger.publisher.NetworkPublisher

## Control the rate at which messages are sent. 

##Delay added between messages in millis. 0 means no delay.

## If maxEpsRate is specfied, this value is ignored.

#delayBetweenMessages=0

maxEpsRate=3000

## Will prompt users to press enter before syslog generation. 

promptForStart=TRUE

## Display sent message stats

displayCounters=TRUE

displaySentMessages=TRUE

## FilePublisher options. 

FilePublisher.file=c:/tmp/test.log

## Network publisher options

NetworkPublisher.host=local-host

NetworkPublisher.port=514

NetworkPublisher.sourceAddressEncapString=

NetworkPublisher.keepMessageCounters=TRUE

## RandomMessageProvider options. 

## Global message options

## Message Count

rmp.messageCount=700

rmp.useEmblem=true

rmp.sources=10.1.1.1,10.1.1.2,10.1.1.3

rmp.levels=7

rmp.facility=PIX

rmp.sourcePort=5555

rmp.targetHost=2.2.2.2

rmp.targetPort=targetPort

rmp.timeStamp=timeStamps    

###Messages to be generated

rmp.message.1.levels=3

rmp.message.1.messageText=105006: (Primary) Link status <<up,down>> on interface <<inside,outside>>

rmp.message.2.levels=5

rmp.message.2.messageText=106100: access-list acl-inside permitted udp inside/<<100.1.1.1,100.1.1.2>>(<<100,101>>) -> outside/<<<200.1.1.1,200.1.1.2>>(137) hit-cnt <<1,5,10>> (first hit)