Contents
In StreamBase Studio, import this sample with the following steps:
-
From the top-level menu, click
> . -
Enter
sysl
to narrow the list of options. -
Select Syslog input adapter from the StreamBase Standard Adapters category.
-
Click
.
StreamBase Studio creates a project for this sample.
-
In the Project Explorer view, open the sample you just loaded.
If you see red marks on a project folder, wait a moment for the project to load its features.
If the red marks do not resolve themselves after a minute, select the project, right-click, and select
> from the context menu. -
Open the
src/main/eventflow/
folder.packageName
-
Open the
syslog.sbapp
file and click the Run button. This opens the SB Test/Debug perspective and starts the module. -
In the Test/Debug Perspective, open the Output Streams view. Look for a tuple emitted on the Status stream with its
action
value set toConnected
, indicating that the adapter has established a connection to the configured port and is listening for traps. -
In the Manual Input view, select the
Commands
stream. Enterdisconnect
in thecommand
field. Click and observe that a tuple has been emitted on theStatus
stream, and a message has been printed to the console to indicate the adapter has disconnected from the configured port. -
In the Manual Input view, select the
Commands
stream again. Enterconnect
in thecommand
field. Click and observe that a tuple has been emitted on theStatus
stream, and a message has been printed to the console to indicate the adapter has reconnected to the port and is again listening for traps. -
To see syslog messages emitted by the adapter, refer to the Receiving Syslog Messages section below.
-
As syslog messages are received by the adapter you will see a tuple emitted on the SyslogMessages stream describing its contents.
-
When done, press F9 or click the Terminate EventFlow Fragment button.
This sample is meant to receive syslog messages and pass them on to the StreamBase application. Once the sample is up and running, you will need a means to send it some syslog messages to demonstrate its use. To do so, you can either set up an existing machine on your network to send its syslog events to the IP address of the machine running the sample, or for testing purposes you can simply generate simulated syslog messages on the machine's UDP port 514.
Devices and programs generating syslog messages do so by sending them to the
system's Syslog daemon (syslogd). This daemon is the program responsible for
properly routing the messages to local logs file and/or collectors such as the
adapter. The syslogd daemon needs to be explicitly told to forward messages to your
StreamBase application in order for the adapter to receive them. This is done by
modifying the /etc/syslog.conf
configuration file. To
forward all syslog messages to your application, ensure the following line is
included (replacing the host name by that of the machine running StreamBase):
*.* @logserv.example.com
(This change requires root access.)
Afterwards, restart syslogd with the command:
service syslogd restart
From then on the client machine will forward all syslog entries to your StreamBase application. Refer to syslogd(8) and syslog.conf(5) documentation for instructions on configuring finer-grained forwarding rules (e.g. only forwarding messages of a certain priority).
For a quick test run of the sample, if you do not wish to set up a Linux box to send its syslog events to the adapter, you can simply send strings to UDP port 514 and they will be interpreted by the adapter as syslog messages. An easy way to do so is to use the nc Linux command (substituting the correct IP address to reach your running StreamBase application):
nc -u 127.0.0.1 514
This command waits for input to send on the port. Type the following and click Enter:
<165>1 2013-05-01T12:00:00.000Z mymachine.example.com
fakeevent - ID00 [exampleSDID@32767 iut="3" eventSource="Application"
eventID="1011"] This is a fake syslog event conforming to RFC 5424
When you load the sample into StreamBase Studio, Studio copies the sample project's files to your Studio workspace, which is normally part of your home directory, with full access rights.
Important
Load this sample in StreamBase Studio, and thereafter use the Studio workspace copy of the sample to run and test it, even when running from the command prompt.
Using the workspace copy of the sample avoids permission problems. The default workspace location for this sample is:
studio-workspace
/sample_adapter_embedded_syslog
See Default Installation
Directories for the default location of studio-workspace
on your system.