In networks all over, many devices can send Syslogs to a syslog server. You can download Syslog Servers (like Kiwi) to capture and process the syslogs, or you can create your own server to catch all the syslogs on your . Then you can parse them to a database and write your own reports of them, having full control of everything.

First, in VB, you need to import some namespaces.

Imports System.IO
Imports System.Sockets
Imports System
Imports System.Text

Then, from you Main procedure, call a procedure called ListenForSyslogs

Private Sub ListenForSyslogs()

Dim ipeRemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0)
Dim udpcUDPClient As New UdpClient(514)
Dim sDataRecieve As String
Dim bBytesRecieved() As Byte
Dim sFromIP As String

Try
While True
bBytesRecieved = udpcUDPClient.Receive(ipeRemoteIpEndPoint)
sDataRecieve = Encoding.ASCII.GetString(bBytesRecieved)
sFromIP = ipeRemoteIpEndPoint.Address.ToString

FillLog(sDataRecieve, sFromIP)

Console.WriteLine(sDataRecieve)
sDataRecieve = “”
End While
Catch e As Exception
‘ just ignore for now
End Try
End Sub

If you analyze this code, it just sets up a endpoint on the IP you are running the program, and listens on port 514, the default syslog port. It will just run and run, and keep listening. Whenever you recieve data, then call FillLog procedure

Private Sub FillLog(ByVal sSyslog As String, ByVal sFromIp As String)

Dim sPriority As String
Dim sPath As String = System.Environment.CurrentDirectory & “\Unprocessed\”

sSyslog = sSyslog.Replace(vbCrLf, “”)
sSyslog = Mid(sSyslog, InStr(sSyslog, “>”) + 1, Len(sSyslog))
sSyslog = Trim(sSyslog)

sPriority = GetSyslogPriority(sSyslog)

Dim swWriter As New StreamWriter(sPath & “syslog” & Now.Month & Now.Day & Now.Year & Now.Minute & “.txt”, True)
swWriter.WriteLine(sFromIp & “,” & Now & “,” & sPriority & “,” & sSyslog)
swWriter.Flush()
swWriter.Close()

End Sub

What FillLog does it look at data recieved, and parses it out, removing line feeds, etc.

Then it gets the priority from a function GetSyslogPriority(). Then it writes out the info to a comma seperated txt file (for easy parsing later), that is named path\syslogmonthdayyearminute.txt so for example, c:\unprocessed\syslog0408200529.txt

It will append to that txt for for the minute it gets syslogs for. So you should probably have another process that will consume that txt file before the next hour rolls around.

Finally, the function that gets the priority:

Private Function GetSyslogPriority(ByVal sSyslog As String) As String
Dim sResult As String

If InStr(sSyslog, “-0-”) Then
sResult = “Emergency (0)”
End If

If InStr(sSyslog, “-1-”) Then
sResult = “Alert (1)”
End If

If InStr(sSyslog, “-2-”) Then
sResult = “Critical (2)”
End If

If InStr(sSyslog, “-3-”) Then
sResult = “Error (3)”
End If

If InStr(sSyslog, “-4-”) Then
sResult = “Warning (4)”
End If

If InStr(sSyslog, “-5-”) Then
sResult = “Notice (5)”
End If

If InStr(sSyslog, “-6-”) Then
sResult = “Info (6)”
End If

If InStr(sSyslog, “-7-”) Then
sResult = “Debug (7)”
End If

If sResult = “” Then
sResult = “UNKNOWN”
End If
Return sResult

End Function

To summarize, you can capture syslogs from your to text files, and then create another program to read in the text files to a database and write reports. Creating the UDP listener on port 514, you can setup your devices to dump syslogs to your box where you are running the syslog server you created. To troubleshoot issues, syslogs will give you a good idea of what is getting denied, etc, and you can create your own homegrown Syslog Server using VB in a few simple steps.

Enjoy!