Using TCL to capture SYSlog (port 514) UDP/TCP?

Question

I'm looking for the best way to capture network generated syslog on port 514 to a TCL variable list (using something like lappend mysyslist $newsyslogentry), or just append to a file (i.e., open "syslog.txt" a)

I suspect it would need to be triggered via an event with every new (port 514) entry (i.e., fileevent $$ readable...) and if possible allow other programs to access the syslog port?

I believe network syslog traffic is UDP based (not 100% sure), but I've seed UDP + TCP syslog capture apps around.

There are a few SYSlog client apps available, but I need a simple port 514 recorder in TCL.

I have some ideas but any suggestions would be appreciated.

Answer 1

For anyone who's interested, I've created a UDP version here:

#!/usr/local/bin/tclsh
package require udp ; # load the required UDP Package

set port 514 ; # default SYSlog port
set logfile "udp_syslog.txt" ; # set the log filename to log data to

# Capture the UDP data here
proc udp_triggered {} {
    global dg logfile ; # ensure the global variables work in this procedure
    set rcdata [read $dg(udp)] ; # grab the UDP data within rcdata
    set udp_log [open $logfile a] ; # open the specified logfile to append to (auto-creates if does not exist)
    puts $udp_log $rcdata ; # place the UDP data line into the log file
    close $udp_log ; # close the log file
    return
}

set dg(udp) [udp_open $port] ; # setup the UDP capture port
fileevent $dg(udp) readable udp_triggered ; # setup the event trigger when the UDP port becomes readable and execute the procedure to capture the data
vwait forever ; # activates the (fileevent) trigger to wait for UDP data