Create and Send a Demo Syslog Message
To create messages of a more realistic style, the code download includes the form frmSyslogDemoSend
(see Figure 6
), which features options to select Facility
(from which the resulting Priority
is calculated). You can enter a Tag
and edit the message. Also, you can change the receiving remote hostname or address to allow you to send messages to another machine.
|Figure 6. Form to Send Customized Messages: Adjust the parts of the syslog message you send and who you send it to.|
The code behind the form is pretty basic. The click event of the send button demonstrates a simple method to retransmit a message three times. Also, the error handler that takes over if a hostname or address cannot be reached is entered for the receiver. This is because errors of this kind are not handled by the OnError event of the WinSock control itself.
Storing a Syslog Message
To create and send, as well as receive and read, a syslog message, the next task is to save a message in your syslog table. This is what the UDF SyslogEntrySave
Public Function SyslogEntrySave( _
Optional ByVal strRemoteAddress As String, _
Optional ByVal bytFacility As slFacility = slFacilityDefault, _
Optional ByVal bytSeverity As slSeverity = slSeverityDefault, _
Optional ByVal datTimestamp As Date, _
Optional ByVal strHostname As String, _
Optional ByVal strTag As String, _
Optional ByVal lngPid As Long, _
Optional ByVal strContent As String) _
Note that all parameters are optional, meaning that just calling the function with no parameters will create a very basic, though a completely valid, entry like this:
<13>Jun 29 20:15:57 localhost Test: <no message>
This is fine for storing a message now and then, but it is not well suited for intense traffic because it opens and closes the table for every message. It is relatively easy to expand the function with parameters to open and close the table, or to turn it into a class with similar methods. However, the following section shows a third option: creating a form bound to your syslog table.
Storing Series of Syslog Message
The form frmSyslogReceive
(see Figure 7
), is capable of receiving syslog messages by itself, and when bound to the syslog table it can save these directly even at a high incoming rate.
|Figure 7. Form to Log Large Amounts of Received Messages: Bound to the syslog table, frmSyslogReceive can receive massive batches of syslog messages.|
There isn't much code behind because you, of course, use the function SyslogPackageDecode to decode a received package. But a small feature has been added to the DataArrival event of the WinSock Control. As shown in Listing 2, the feature checks if the received package is identical to the previous one. The purpose is to store only unique messages if the sender should retransmit messages, as the demo form does. Duplicate packages are ignored, while those carrying new information are saved by a call to the subfunction SaveEntry.
Whenever you receive a syslog message, the form will display the full package in the bottom textbox and the decoded parts in the table fields above.
Log Viewer and Further Refinements
You can browse the complete log, but if a new message arrives, the form will move the displayed records instantly to make the new record visible. Thus, for a form to browse, study, and search the messages, you will need a similar form without the WinSock Control and the receiver code, bound only to the syslog table.
Further, the syslog table contains an AutoNumber field as ID. As is, the view will be sorted in the sequence they arrive, not by the timestamp they should include. Also, the syslog specification does not include time zone information. This may cause trouble if some sender is not in time sync or you receive packages from other time zones. If so, you may choose to add a new field to the table, TimeReceived, which you stamp with the current time by making a small modification to the function SyslogEntrySave and the subfunction SaveEntry.
Browse the code modules for all the helper functions, which are fully documented via in-line comments.