Sending test messages to Syslog-ng Premium Edition and Syslog-ng Store Box (4278392)

The loggen application is a tool to test and stress-test your syslog server and the connection to the server. It can send syslog messages to the server at a specified rate, using a number of connection types and protocols, including TCP, UDP, and unix domain sockets. The messages can be generated automatically (repeating the PADD string over and over), or read from a file or the standard input.

Example message generated by loggen:

Dec  4 12:13:04 syslog-ng prg00000[1234]: seq: 0000000000, thread: 0000, runid: 1543921984, stamp: 2018-12-04T12:13:04 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPAD

Examples

The following section will show some example use-cases. For more options and details see section "Additional information".

Note that all options have a short and a long name. For better understanding longer names will be used.

• No options - default values

loggen 10.10.10.10 514

average rate = 1028.94 msg/sec, count=10291, time=10.001, (average) msg size=256, bandwidth=257.09 kB/sec

If running loggen only with the destination host and port the defaults are the following.

• Running time (-I, --interval=): 10 seconds
• Message rate (-r, --rate=): 1000 msg/s
• BSD-syslog protocol over TCP

• IETF format (-P, --syslog-proto)

loggen --syslog-proto 10.10.10.10 601

• Sending messages to a unix domain-socket

loggen --unix --stream /opt/syslog-ng/var/run/syslog-ng.sock

• Sending messages via UDP (-D, --dgram)

loggen --dgram 10.10.10.10 514

• Specifying message rate (2000 msg/s) and size (4096 bytes)

loggen  --rate 2000 --size 4096 10.10.10.10 514

• Specifying running time (100s) and the number of messages (20000)

loggen  --interval 100 --number 20000 10.10.10.10 514

Note that when the --interval (-I) and --number (-n) are used together, loggen will send messages until the period set in --interval expires or the amount of messages set in --number is reached, whichever happens first.

• Sending a single IETF log with SDATA (-p, --sdata)

loggen --syslog-proto --number 1 --sdata '[example@0 class="high"]' 10.10.10.10 601

• Sending TLS encrypted messages

loggen --use-ssl 10.10.10.10 601

Note that it is not possible to check the certificate of the target, or to perform mutual authentication.

• Reading messages from file

loggen --read-file /path/to/log 10.10.10.10 514

• Reading BSD-syslog messages from standard input

echo "`date '+%b %e %H:%M:%S'` $HOSTNAME loggen test message" | /opt/syslog-ng/bin/loggen 10.10.10.10 514 --read-file -

Warning! To read from standard input the dash (-) character at the end of the command line must be used.

• Sending IETF-syslog messages from standard input

HEADER="1 `date -Iseconds` $HOSTNAME loggen - - -" MSG="test message" MESSAGE="$HEADER $MSG" MSGLENGTH=`echo $MESSAGE | wc -c` echo "$MSGLENGTH $MESSAGE" | /opt/syslog-ng/bin/loggen 10.21.10.10 1000 -P -d -R -

• Sending IETF-syslog messages from standard input (UTF-8 encoded)

HEADER="1 `date -Iseconds` $HOSTNAME loggen - - -" MSG="test message" BOM=`printf '\xEF\xBB\xBF'` MESSAGE="$HEADER $BOM $MSG" MSGLENGTH=`echo $MESSAGE | wc -c` echo "$MSGLENGTH $MESSAGE" | /opt/syslog-ng/bin/loggen 10.21.10.10 1000 -P -d -R -

• Sending non-syslog formatted messages from file

loggen --read-file /path/to/log --dont-parse 10.10.10.10 514

• Sending logs without time limit (only in syslog-ng PE 7)

loggen --permanent 10.10.10.10 514

Check the administration guide of syslog-ng for available options and more detailed description of loggen.