NetCmdlets 2016
NetCmdlets 2016
Questions / Feedback?

IncomingSyslog Output Object (Get-Syslog Cmdlet)

Created whenever a system log packet is received.

Syntax

Object IncomingSyslog {
   string Server;
   string Facility;
   string Severity;
   string Message;
   int SeverityCode;
   string Timestamp;
   bool Conforms;
   string Packet;
   string SourceAddress;
   int SourcePort;
}

Remarks

System log packets are composed of three main sections, each of which can be broken down into two smaller pieces.

The first section is the PRI, which contains the originating FacilityCode and SeverityCode of the Message. FacilityCode is a value from 0 to 23, with each value being a different part of the system. Facility is a string representation of FacilityCode based on the following convention:

0Kernel messages
1User-level messages
2Mail system
3System daemons
4Security/authorization messages
5Messages generated internally by syslogd
6Line printer subsystem
7Network news subsystem
8UUCP subsystem
9Clock daemon
10Security/authorization messages
11FTP daemon
12NTP subsystem
13Log audit
14Log alert
15Clock daemon
16Local use
17Local use
18Local use
19Local use
20Local use
21Local use
22Local use
23Local use

SeverityCode is a value from 0 to 7. Severity is a string representation of SeverityCode using the following convention:

0Emergency - the system is unusable.
1Alert - action must be taken immediately.
2Critical - critical conditions exist.
3Error - error conditions exist.
4Warning - warning conditions exist.
5Notice - normal but significant condition.
6Informational - informative message.
7Debug - debug-level messages.

The second section contains the Timestamp and Hostname. Timestamp is a string that should conform to the standard structure "MMM DD, HH:MM:SS". The cmdlet will search for the Timestamp and verify that it conforms. If it conforms, the cmdlet will set Hostname, otherwise, everything after the PRI will be placed in Message.

If Conforms is TRUE, then the original syslog packet conforms to the syslog RFC and Timestamp, Hostname, and Message will all have valid values. Otherwise, you should parse the contents of Packet to verify the fields manually.

SourceAddress and SourcePort are the address and port from which Packet was sent. This can be an intermediate syslog server that is simply forwarding packets from the original host.

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
NetCmdlets 2016 - Version 16.0 [Build 6335]
 

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
NetCmdlets 2016 - Version 16.0 [Build 6335]