I bumped into a requirement to run a SysLog relay on one of my Windows 2008 R2 systems. After poking around on Google, and after getting a bit bored with the third-party offerings, I threw together a simple server of my own.

There is plenty of room for improvement here, but it works (for me at least) as it stands.

Written for and tested under PowerShell 2.0. The script could probably use some error handling.

5 Comments

  1. sometimes it works, sometimes it doesn’t. i get this error most of the times i try to run it.

    Exception calling “ReceiveFrom” with “2” argument(s): “You must call the Bind method before performing this operation.”
    At C:Syslogsyslogserver.ps1:78 char:41
    + $BytesReceived = $Socket.ReceiveFrom <<<< ($Buffer, [Ref]$SenderEndPoint)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    i have disabled message validation, that didn't help. my main goal was to not do a DNS lookup on the sending device. but i can't seem to figure out what the above error means or how to fix it. i've done a ton of Google searches.

    thanks.

    Reply

    • I’ve added in an option to prevent hostname lookup entirely. With this the script will write in the connecting IP address if generating a new Header.

      The error message is perhaps most likely caused by the script being run more than once in the same PowerShell session. It needs a Stop-SysLog type command to flush out all the existing network sockets. At the moment the only way to flush those is by closing and re-opening the PS window. I’ll have a look at making that aspect more robust (it’s part of the error handling it needs).

      Chris

      Reply

  2. This script was very useful for me!
    Thanks.

    Bert

    Reply

  3. Very cool script, Thanks!

    Reply

  4. Two little issues ..

    1) line 181 ” $Format,” should read ” [ref]$Format,”
    and line 184 ” [Ref]$Date)” should read ” $Date)”

    2) the strings in line 176 should be “MMM d HH:mm:ss”, “MMM dd HH:mm:ss” not “MMM d hh:mm:ss”, “MMM dd hh:mm:ss” (24 hour clock – not 12)

    Otherwise – excellent – thanks.

    BTW: $host
    Name : ConsoleHost
    Version : 2.0
    InstanceId : xxx
    UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
    CurrentCulture : en-GB
    CurrentUICulture : en-US
    PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
    IsRunspacePushed : False
    Runspace : System.Management.Automation.Runspaces.LocalRunspace

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *