Hi guys, I'm writing a simple syslog addin...It will be pretty simplistic for v1, but better than nothing imho....I've attached a screenshot of what it looks like right now (with sample data of course). One thing I need is some syslog samples from different devices. By default it will just display the entire syslog entry, which works but isnt very pretty...so I'd like to explicitly support as many devices/formats as possible....so if you guys feel like hooking me up with some sample lines from your syslogs I'd appreciate it....thx

Great idea for a addin. Below is an example of my router's syslog file showing dropped and accepted traffic. It would be nice to have the addin show some statistics and analysis info as well.

awesome, thanks....yeah I hope to eventually add stats/analysis but I don't think it'll make it into version 1 ....just for informational purposes, what make of router is that log from?

Router was a linksys WRT150N running DD-WRT which adds the logging features. Logs from any DD-WRT firmware based router would look the same.

beta 1 is available here if anyone's interested: http://www.virgeweb.com/redec/syslog/RedecSyslog0.1.msi

Bug reports/feature requests/suggestions are welcome

I gave this a go with data from my NetGear DG834PN router. The router sent a single message "2010-02-01 20:27:58 - Send E-mail Success!" to the WHS and RedecSyslog0.1 did pick this up but the console window I was using to view via RDP then ended unexpectedly. I tried this 3 or 4 times but it crashed out each time. The event log showed: -

.NET Runtime 2.0 Error Reporting EventID 5000 EventType clr20r3, P1 homeserverconsole.exe, P2 6.0.0.0, P3 4acceb5f, P4 whscommon, P5 6.0.0.0, P6 4accead8, P7 334, P8 1b, P9 system.argumentexception, P10 NIL.

and

HPAdminConsole:
Only one usage of each socket address (protocol/network address/port) is normally permitted
Exception:System.Net.Sockets.SocketException
Message:Only one usage of each socket address (protocol/network address/port) is normally permitted
Source:System
StackTrace:
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at System.Net.Sockets.TcpListener.Start()
at System.Runtime.Remoting.Channels.ExclusiveTcpListener.Start(Boolean exclusiveAddressUse)
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel.StartListening(Object data)
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel.SetupChannel()
at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, IAuthorizeRemotingConnection authorizeCallback)
at System.Runtime.Remoting.Channels.Tcp.TcpChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
at Microsoft.HomeServer.HomeServerConsoleTab.HPConsoleTab.HomeServerTabExtender.RegisterTcpChannel()

Hope this helps.

ooooh that ain't good. I know this sounds typical but have you tried rebooting? There are some known issue with HPAdminConsole crashing with socket-related excpetions (see http://tinyurl.com/yac4j9q)...altho I haven't seen your exact error before...
I'm really not sure how the syslog could be related to this error, because the stack trace shows it failing while trying to open a tcp socket, and the syslogger doesn't use any tcp sockets...it only uses udp.

Thanks for the suggestion. I reinstalled RedecSyslog0.1 and rebooted but ended up with the same:

NET Runtime 2.0 Error Reporting EventID 5000
EventType clr20r3, P1 homeserverconsole.exe, P2 6.0.0.0, P3 4acceb5f, P4 whscommon, P5 6.0.0.0, P6 4accead8, P7 334, P8 1b, P9 system.argumentexception, P10 NIL.

I uninstalled and reinstalled a couple of times but no luck. The add-in is stable when there is no data to display but as soon as it has some messages to display and I go to the Syslog tab - bang. The first time after install it shows two lines of syslog messages before it crashes but only displays one line with the first two fields on subsequent attempts.

Beta 2 is out: http://www.virgeweb.com/redec/syslog/RedecSyslog0.2.msi ...Now it's (hopefully) actually somewhat usable

WakeyWakey: I'm not sure I've fixed the crash you were seeing with Beta1, but I've added some more robust error reporting so hopefully if it's still there we should be able to track it down fairly easily

Thanks! I've loaded 0.2 and quickly tested and it looks good. 4 lines collected, no crash. I'll let it collect a bit more and send the sample.

RedecSyslog0.2 looks good. Here is a sample from my NetGear DG834PN router. As you can see, someone or thing in China wants to get at my MSS and won't give up!

Works nicely. Helps me spot attempts to hack wireless router without me having to trawl through daily status emails. Thank you. Left donation.

Good to hear, and thanks for the donation...you're my first one

Here is a screenshot from me, version 0.2. (And this is my first post here )

Source 10.72.0.1 is my router (D-Link DIR-825)
Source 10.72.0.2 is my switch (HP ProCurve 1810G-8)

Both were set to send "INFO" level to syslog, so there is plenty of logged lines (and uninteresting crap too). Some public IP addresses have been blurred to "protect the innocent".

This looks really promising!

Small donation is on it's way.

I've been looking for something to enable syslog monitoring on WHS and this looks pretty good. I can't find any indication that it's gone past beta 2 or anything for the past several months. Is there any sort of status update?

Thank you.

Peter