Skip to content

Instantly share code, notes, and snippets.

@troy
Last active April 6, 2023 18:19
Show Gist options
  • Save troy/2220679 to your computer and use it in GitHub Desktop.
Save troy/2220679 to your computer and use it in GitHub Desktop.
Send UDP remote syslog message from PHP (RFC 3164)
# replace PAPERTRAIL_HOSTNAME and PAPERTRAIL_PORT
# see http://help.papertrailapp.com/ for additional PHP syslog options
function send_remote_syslog($message, $component = "web", $program = "next_big_thing") {
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
foreach(explode("\n", $message) as $line) {
$syslog_message = "<22>" . date('M d H:i:s ') . $program . ' ' . $component . ': ' . $line;
socket_sendto($sock, $syslog_message, strlen($syslog_message), 0, PAPERTRAIL_HOSTNAME, PAPERTRAIL_PORT);
}
socket_close($sock);
}
send_remote_syslog("Test");
# send_remote_syslog("Any log message");
# send_remote_syslog("Something just happened", "other-component");
# send_remote_syslog("Something just happened", "a-background-job-name", "whatever-app-name");
?>
@troy
Copy link
Author

troy commented Sep 5, 2015

@fbm-static: Yes, that's a numeric code for the facility and severity. This example uses a single static value for both, and thus a static number, but it could also be calculated according to https://tools.ietf.org/html/rfc3164#section-4.1.1.

@tenaciousRas: Not that I've heard of from users. This is emitting a UDP packet, which is typically 1ms or less, so you'd need tens of thousands of concurrent requests happening at exactly the same time (and thus probably hundreds of thousands or millions of typical concurrent sessions) in order to consume the ~60k ephemeral ports. Nothing special required that I know of.

@zajca
Copy link

zajca commented Aug 25, 2020

Hi is there way how to use this behind application proxy, I can't access internet from app different way than use proxy.

@troy
Copy link
Author

troy commented Aug 25, 2020

Hi is there way how to use this behind application proxy, I can't access internet from app different way than use proxy.

Not as-is. You might be able to make it work with a UDP-friendly SOCKS server like https://github.com/clue/php-socks, but it's way beyond the scope of anything that's in the code now or practical to discuss here.

@AdzRayner
Copy link

I know this is an old snippet however it works for me in a basic IP Bot. However the <22> which is the facility and severity, I get from this grid
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/reference/messages-and-log-formats/syslog-message-formats/syslog-priority-facility-severity-grid.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment