Send test syslog message

< 1 min read

I’m trying to capture blocks on the firewall and would like to reproduce sending syslog messages to our Splunk Server so here are a few things you can do.

Test the firewall for blocks.  From the F5 (or linux box) that you would like to capture syslog messages from and the logging remote server (splunk or syslog-ng or whatever) has an ip address of 10.44.69.175 and its using port 9514 (even though typical syslog remote servers run on port 514) you can run a netcat command like this to see if it says connected which would mean no FW block.

ShellScript
nc -v 10.44.69.175:9514

You can also send a test syslog message

Over UDP port 9514

ShellScript
echo "<14>Test UDP syslog message" >> /dev/udp/<target_hostname_or_ip_address>/9514

Over TCP port 9514

ShellScript
echo "<14>Test TCP syslog message" >> /dev/tcp/<target_hostname_or_ip_address>/9514

Whichever way you choose, these should be enough to see the blocks in your FW logs

Leave a Reply