Send test syslog message

< 1 min read

I’m trying to capture blocks on the firewall and would like to reproduce sending syslog messages to our Splunk Server so here are a few things you can do.

Test the firewall for blocks.  From the F5 (or linux box) that you would like to capture syslog messages from and the logging remote server (splunk or syslog-ng or whatever) has an ip address of and its using port 9514 (even though typical syslog remote servers run on port 514) you can run a netcat command like this to see if it says connected which would mean no FW block.

nc -v

You can also send a test syslog message

Over UDP port 9514

echo "<14>Test UDP syslog message" >> /dev/udp/<target_hostname_or_ip_address>/9514

Over TCP port 9514

echo "<14>Test TCP syslog message" >> /dev/tcp/<target_hostname_or_ip_address>/9514

Whichever way you choose, these should be enough to see the blocks in your FW logs

Leave a Reply