I'm looking for the best way to capture network generated syslog on port 514 to a TCL variable list (using something like lappend mysyslist $newsyslogentry), or just append to a file (i.e., open "syslog.txt" a)
I suspect it would need to be triggered via an event with every new (port 514) entry (i.e., fileevent $$ readable...) and if possible allow other programs to access the syslog port?
I believe network syslog traffic is UDP based (not 100% sure), but I've seed UDP + TCP syslog capture apps around.
There are a few SYSlog client apps available, but I need a simple port 514 recorder in TCL.
I have some ideas but any suggestions would be appreciated.
For anyone who's interested, I've created a UDP version here:
#!/usr/local/bin/tclsh
package require udp ; # load the required UDP Package
set port 514 ; # default SYSlog port
set logfile "udp_syslog.txt" ; # set the log filename to log data to
# Capture the UDP data here
proc udp_triggered {} {
global dg logfile ; # ensure the global variables work in this procedure
set rcdata [read $dg(udp)] ; # grab the UDP data within rcdata
set udp_log [open $logfile a] ; # open the specified logfile to append to (auto-creates if does not exist)
puts $udp_log $rcdata ; # place the UDP data line into the log file
close $udp_log ; # close the log file
return
}
set dg(udp) [udp_open $port] ; # setup the UDP capture port
fileevent $dg(udp) readable udp_triggered ; # setup the event trigger when the UDP port becomes readable and execute the procedure to capture the data
vwait forever ; # activates the (fileevent) trigger to wait for UDP data