Windows Azure SMA SysLog Workflow

workflow LOG_SendSyslog
Facility Number Keyword Facility Description
0 kern kernel messages
1 user user-level messages
2 mail mail system
3 daemon system daemons
4 auth security/authorization messages
5 syslog messages generated internally by syslogd
6 lpr line printer subsystem
7 news network news subsystem
8 uucp UUCP subsystem
9 clock daemon
10 authpriv security/authorization messages
11 ftp FTP daemon
12 - NTP subsystem
13 - log audit
14 - log alert
15 cron clock daemon
16 local0 local use 0 (local0)
17 local1 local use 1 (local1)
18 local2 local use 2 (local2)
19 local3 local use 3 (local3)
20 local4 local use 4 (local4)
21 local5 local use 5 (local5)
22 local6 local use 6 (local6)
23 local7 local use 7 (local7)
Code Severity Keyword Description General Description
0 Emergency emerg (panic) System is unusable. A "panic" condition usually affecting multiple apps/servers/sites. At this level it would usually notify all tech staff on call.
1 Alert alert Action must be taken immediately. Should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a primary ISP connection.
2 Critical crit Critical conditions. Should be corrected immediately, but indicates failure in a secondary system, an example is a loss of a backup ISP connection.
3 Error err (error) Error conditions. Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time.
4 Warning warning (warn) Warning conditions. Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time.
5 Notice notice Normal but significant condition. Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6 Informational info Informational messages. Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required.
7 Debug debug Debug-level messages. Info useful to developers for debugging the application, not useful during operations.

        [Parameter(mandatory=$true)] [String] $Server,
        [Parameter(mandatory=$true)] [String] $Message,
        [Parameter(mandatory=$true)] [Int] $Severity,
        [Parameter(mandatory=$true)] [Int] $Facility,
        [String] $Hostname,
        [String] $Timestamp,
        [int] $UDPPort = 514
$con = Get-AutomationConnection -Name 'SCCM_Connection'
$securepassword = ConvertTo-SecureString -AsPlainText -String $con.Password -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $con.Username, $securepassword

$RetObject = InlineScript {
    # Create a UDP Client Object
    $Server = $Using:Server
    $UDPPort = $Using:UDPPort
    $UDPCLient = New-Object System.Net.Sockets.UdpClient
    $UDPCLient.Connect($Server, $UDPPort)
    # Evaluate the facility and severity based on the enum types
    $Facility = $Using:Facility
    $Severity = $UsingSeverity
    $Facility_Number = $Facility
    $Severity_Number = $Severity
    Write-Verbose "Syslog Facility, $Facility_Number, Severity is $Severity_Number"
    # Calculate the priority
    $Priority = ($Facility_Number * 8) + $Severity_Number
    Write-Verbose "Priority is $Priority"
    # If no hostname parameter specified, then set it
    $Hostname = $Using:Hostname
    if (($Hostname -eq "") -or ($Hostname -eq $null))
            $Hostname = Hostname
    # I the hostname hasn't been specified, then we will use the current date and time
    $Timestamp = $Using:Timestamp
    if (($Timestamp -eq "") -or ($Timestamp -eq $null))
            $Timestamp = Get-Date -Format "yyyy:MM:dd:-HH:mm:ss zzz"
    # Assemble the full syslog formatted message
    $Message = $Using:Message
    $FullSyslogMessage = "<{0}> {1} {2} {3}" -f $Priority, $Timestamp, $Hostname, $Message
    # create an ASCII Encoding object
    $Encoding = [System.Text.Encoding]::ASCII
    # Convert into byte array representation
    $ByteSyslogMessage = $Encoding.GetBytes($FullSyslogMessage)
    # If the message is too long, shorten it
    if ($ByteSyslogMessage.Length -gt 1024)
        $ByteSyslogMessage = $ByteSyslogMessage.SubString(0, 1024)
    # Send the Message
    $UDPCLient.Send($ByteSyslogMessage, $ByteSyslogMessage.Length)
} -PSComputerName $con.ComputerName -PSCredential $cred -PSConfigurationName Microsoft.PowerShell32


Jeremy Tirrell

Read more posts by this author.