Windows Azure SMA SysLog Workflow
workflow LOG_SendSyslog
{
<#
Facility Number Keyword Facility Description
0 kern kernel messages
1 user user-level messages
2 mail mail system
3 daemon system daemons
4 auth security/authorization messages
5 syslog messages generated internally by syslogd
6 lpr line printer subsystem
7 news network news subsystem
8 uucp UUCP subsystem
9 clock daemon
10 authpriv security/authorization messages
11 ftp FTP daemon
12 - NTP subsystem
13 - log audit
14 - log alert
15 cron clock daemon
16 local0 local use 0 (local0)
17 local1 local use 1 (local1)
18 local2 local use 2 (local2)
19 local3 local use 3 (local3)
20 local4 local use 4 (local4)
21 local5 local use 5 (local5)
22 local6 local use 6 (local6)
23 local7 local use 7 (local7)
and
Code Severity Keyword Description General Description
0 Emergency emerg (panic) System is unusable. A "panic" condition usually affecting multiple apps/servers/sites. At this level it would usually notify all tech staff on call.
1 Alert alert Action must be taken immediately. Should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a primary ISP connection.
2 Critical crit Critical conditions. Should be corrected immediately, but indicates failure in a secondary system, an example is a loss of a backup ISP connection.
3 Error err (error) Error conditions. Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time.
4 Warning warning (warn) Warning conditions. Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time.
5 Notice notice Normal but significant condition. Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6 Informational info Informational messages. Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required.
7 Debug debug Debug-level messages. Info useful to developers for debugging the application, not useful during operations.
#>
Param
(
[Parameter(mandatory=$true)] [String] $Server,
[Parameter(mandatory=$true)] [String] $Message,
[Parameter(mandatory=$true)] [Int] $Severity,
[Parameter(mandatory=$true)] [Int] $Facility,
[String] $Hostname,
[String] $Timestamp,
[int] $UDPPort = 514
)
$con = Get-AutomationConnection -Name 'SCCM_Connection'
$securepassword = ConvertTo-SecureString -AsPlainText -String $con.Password -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $con.Username, $securepassword
$RetObject = InlineScript {
# Create a UDP Client Object
$Server = $Using:Server
$UDPPort = $Using:UDPPort
$UDPCLient = New-Object System.Net.Sockets.UdpClient
$UDPCLient.Connect($Server, $UDPPort)
# Evaluate the facility and severity based on the enum types
$Facility = $Using:Facility
$Severity = $UsingSeverity
$Facility_Number = $Facility
$Severity_Number = $Severity
Write-Verbose "Syslog Facility, $Facility_Number, Severity is $Severity_Number"
# Calculate the priority
$Priority = ($Facility_Number * 8) + $Severity_Number
Write-Verbose "Priority is $Priority"
# If no hostname parameter specified, then set it
$Hostname = $Using:Hostname
if (($Hostname -eq "") -or ($Hostname -eq $null))
{
$Hostname = Hostname
}
# I the hostname hasn't been specified, then we will use the current date and time
$Timestamp = $Using:Timestamp
if (($Timestamp -eq "") -or ($Timestamp -eq $null))
{
$Timestamp = Get-Date -Format "yyyy:MM:dd:-HH:mm:ss zzz"
}
# Assemble the full syslog formatted message
$Message = $Using:Message
$FullSyslogMessage = "<{0}> {1} {2} {3}" -f $Priority, $Timestamp, $Hostname, $Message
# create an ASCII Encoding object
$Encoding = [System.Text.Encoding]::ASCII
# Convert into byte array representation
$ByteSyslogMessage = $Encoding.GetBytes($FullSyslogMessage)
# If the message is too long, shorten it
if ($ByteSyslogMessage.Length -gt 1024)
{
$ByteSyslogMessage = $ByteSyslogMessage.SubString(0, 1024)
}
# Send the Message
$UDPCLient.Send($ByteSyslogMessage, $ByteSyslogMessage.Length)
} -PSComputerName $con.ComputerName -PSCredential $cred -PSConfigurationName Microsoft.PowerShell32
}