Strict Standards: Redefining already defined constructor for class wpdb in /home/fantail/public_html/wordpress/wp-includes/wp-db.php on line 52

Deprecated: Assigning the return value of new by reference is deprecated in /home/fantail/public_html/wordpress/wp-includes/cache.php on line 36

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /home/fantail/public_html/wordpress/wp-includes/cache.php on line 389

Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 556

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el($output) in /home/fantail/public_html/wordpress/wp-includes/classes.php on line 678

Deprecated: Assigning the return value of new by reference is deprecated in /home/fantail/public_html/wordpress/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /home/fantail/public_html/wordpress/wp-includes/theme.php on line 508
C# .NET Syslog Server with SQL at Fantail Technology Ltd

« Using the FileSystemWatcher class | Home | How to make shiny buttons in The GIMP »

C# .NET Syslog Server with SQL

By chrisg | September 16, 2007

So often, code gets written to ’scratch an itch’. In this case, I had a little VPN/Firewall appliance, a Cyberguard Snapgear device. This little Linux based device can send events such as when a VPN client connects, or Packet Filter firewall messages to a Syslog server.At first I used a free syslog service that recorded messages to a text file, but I felt it would be better for there to be a .NET service that recorded to an SQL database, and that the source should be available under a BSD style license.

David Husselmann and I sat down to work out the basic design and requirements, then it did not take David more than a few hours to write the code.

There are 3 core classes, incorporated into a Windows Service application.

The SyslogListener class implements an RFC3164 compliant syslog listener which parses syslog messages sent to any interface the class is bound to.

The MemoryBuffer class class takes care of buffering incoming syslog messages in memory and submitting them to the SqlUpdater in batches, rather than keeping the database occupied with drip-fed messages.

The SqlUpdater class simply takes care of inserting SyslogMessage records into an SQL database.

The SyslogService Windows Service application class brings it all together:

  1. create the SqlUpdater class and establishes a connection to the SQL server
  2. create the MemoryBuffer class, and let it know about the SqlUpdater for which it will act as a buffer
  3. establish an event handler for the SyslogListener message-received event, to save messages into the memory-buffer

Warning! Some assembly required. Bring your own C# Compiler.

This code is a bit rough and ready, and is not yet suitable for a turn-key application. Its not that far away, though, so if anyone requests it, I will tidy it up and move the hard-coded SQL database connection details into a config-file and thus allow the creation of an exe that can be downloaded and run anywhere.

In the meantime, the code is available for download from here as a Visual Studio 2005 project to allow anyone to build it for their own purposes.

Configuration and Installation

1) extract the ZIP file to :

C:\Projects\Fantail\SyslogServer\SyslogServer

If you want to stick it elsewhere, feel free to, but the solution files and such probably need to be updated.

2) Setup an SQL database

2a) If you don’t already have a Microsoft SQL Server handy, you may want to download MSDE or SQLExpress

http://www.microsoft.com/sql/prodinfo/previousversions/msde/prodinfo.mspx
or
http://msdn2.microsoft.com/en-us/express/aa718378.aspx

Note that I haven’t actually tested this code against SQLExpress, but since
it is all simple stuff, it should just work…

2b) Create a database, if you can’t think of a name for it, called it “FantailSysLog”

2c) Create a table. Run the following SQL Statement to create the one table (just one!) that you need:

CREATE TABLE FantailSysLog (

Id int identity(1,1),
Facility int,
Severity int,
Timestamp datetime,
Hostname varchar(255),
Message varchar(1024)

)

(change “FantailSysLog” to a different table name if you wish)

2d) Create a database user, and grant that user full permissions on your database and table

3) edit the file: C:\Projects\Fantail\SyslogServer\SyslogServer\Fantail.SyslogServer\SyslogService.cs

and change the line:

sqlUpdater = new SqlUpdater(”server=<your-server>;user=<db-user>;password=<db-password>;initial catalog=<db-name>”, “<your-table-name>”);

as follows:

<your-server> this should be the network name or IP address of the machine that hosts your MS SQL Server
- if you are going to install the Fantail.SyslogService on the same machine as the SQL Server then you can simply set this to “.” or “(local)”<db-user> this is the sql database user you created in step 2d) above

<db-password> the password you assigned to above user

<db-name> the database you created in step 2b)

<your-table-name> the name of the table you created in step 2c) above

4) build the project. This was written using Visual Studio 2005. If you don’t have VS2005, you could probably use SharpDevelop without a great deal of modification. I haven’t tested this with SharpDevelop, but seeing that the code is straightforward, it should just work…

5) install the Windows Service:

You will need a .NET 2 Utility called “InstallUtil”.
Since the machine that you want to run this service on must already have the .NET2 framework installed, all you simply need do is5a) copy your newly built executable “Fantail.SyslogServer.exe” to a location where you want to run it from. I recommend you create the folder: C:\Program Files\Fantail and copy it there

5b) open a Command Prompt (click Start menu, click on “Run…”, then enter “CMD” and click the OK button)

5c) change directory to the location where you copied your executable to, ie:

CD “\Program Files\Fantail”

5d) use InstallUtil to install the executable as a Windows Service:

“C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe” Fantail.SyslogServer.exe

you should get a message to the effect that the service has been installed successfully.

5f) time to test it out! type:

NET START “Fantail Syslog Server”

5g) if you get an error message, check the eventlog for clues as to what went wrong…

EVENTVWR

Thats it.

The SyslogListener class is the most interesting class. Although the aim of this project was to create a service that recorded messages to SQL, you can of course use just use the SyslogListener class directly in your own projects without having to use to the memory buffer and record to SQL.

To use, instantiate the class:

SyslogListener sl = new SyslogListener(IPAddress.Any);

Attach a suitable event handler using the MessageReceived event:

sl.MessageReceived += new MessageReceivedEventHandler(delegate(object sender, MessageReceivedEventArgs e) {
Console.WriteLine(”Got a message: ————\n” + e.SyslogMessage.ToString());
});

And finally call the Start() and Stop() methods to control the class:

sl.Start();
Console.ReadLine();
sl.Stop();

Feel free to leave any questions or comments , or if you wish to email me directly you can do so here.

Topics: .NET, SQL |

Comments

You must be logged in to post a comment.