Please feel free to provide feedback or file bugs here.

Create a SendTo-SysLog cmdlet and include it by default

Please include by default a SendTo-Syslog cmdlet to send log messages to UNIX, Linux and SIEMs.

If you were to add a syslog service role to send or accept syslog messages in a scalable way which integrated with the Windows event logs, that would be great too, but a cmdlet to just send UDP packets is easy enough to include in PoSh 5.1 right now.

Thanks!

23 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Jason Fossen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Ilya Sazonov commented  ·   ·  Flag as inappropriate

    Send an event to Syslog as important as sending events to Eventlog.
    So I suppose it must be in OS.

  • Ilya Sazonov commented  ·   ·  Flag as inappropriate

    SendTo-Syslog is not appropriate name for native cmdlet.
    Modern cmdlet in Windows is New-WinEvent.
    So SendTo-Syslog would be renamed to New-SyslogEvent

  • Jason Fossen commented  ·   ·  Flag as inappropriate

    Hi J.Keith, thanks for the response:

    Requiring a script to be installed from the PSGallery discourages use of that script. It's a prerequisite that now has to be worried about, a requirement that might not be met, which then breaks something else.

    A SendTo-SysLog cmdlet would only be a few KB in size and would not likely need to be updated or maintained later by MS developers (sending syslog packets is very easy). There is already one in the PSGallery; I'm sure the author would happily donate his code to MS.

    Syslog is very widely used and every SIEM supports it.

    I think a SendTo-SysLog would be especially needed on Server Nano as a fast, lightweight way of getting alerts and log data off the Nano box ASAP, since the Nano VM's local log files would be lost when that VM is deleted and replaced with an updated VM for DevOps-style fast deployments. Supporting DevOps is a major goal of Jeffrey Snover and the PoSh Team.

    Now that Nadella is CEO, a major push at MS is to be more compatible with Linux and other popular open source projects, e.g. ssh for PowerShell, FreeBSD in Azure, Bash on Win10, Roslyn compiler, ASP.NET Core, Server Nano support for Node.js, etc. Syslog is universally used in Linux environments. Including a SendTo-SysLog client *by default* is another sign of cooperation and goodwill towards the Linux community, which is what Nadella wants. (Do you want to thwart the Will of the CEO and Jeffrey Snover both, incurring their Wrath for eternity? ;-)

    Thanks!

  • AdminJ. Keith Bankston [MSFT] (Admin, Windows Server) commented  ·   ·  Flag as inappropriate

    Balancing what is in Windows and what is in the Gallery is hard. It would help us to understand why having this in the OS is so much better than having it in the Gallery.

    What would help is to understand why installing the Posh-SYSLOG module from the Gallery is not meeting the need. Merging things into the Windows OS has some big implications, so we are trying to strike the balance. Additional information will help.

  • Jason Fossen commented  ·   ·  Flag as inappropriate

    Windows 10 will include bash, Server Nano will support node.js/nginx/mysql/etc, many MS apps are being ported to Android and iOS, and ssh is coming to PowerShell. Syslog logging is universally used outside of Microsoft, like with Cisco and SIEM monitoring products. Having a built-in SendTo-Syslog cmdlet would not just be useful, it's another goodwill gesture to extend to the Linux and open source communities, which is a major part of Nadella's long-term strategy for Microsoft as a whole. This strategy is part of the reason ssh is coming to PowerShell. PowerShell already has Write-EventLog, so writing to one type of log is within scope, why not write to another type of logging service too, a logging service used by all the rest of the world except Microsoft? Thank you for considering this request, there's still time to get it into PoSh 5.1 and the GA of Server 2016 because of how simple the code would be.

Feedback and Knowledge Base