Syslog Suite Data Sheet
Test Suite:
Syslog Suite
Direction:
Server

The Syslog protocol is a protocol used for the transmission of event notification messages. It is used widely in different kinds of systems to collect status and event information from both internal and external components. This test suite can be used to test Syslog server implementations for security flaws and robustness problems. Although Syslog was developed in the 1980s and it has since then been widely used, official documentation for it did not exist before 2001 when best practices were defined in RFC3164. Official specification for Syslog was approved as late as 2009 (RFC5424). Because of this there are several different implementations of Syslog and it is practically impossible to create a test suite that would work with all these different versions of Syslog. This test suite follows the official specification (RFC5424) and may or may not be suitable for testing Syslog implementation that doesn't follow this specification. Because Syslog is unidirectional protocol there is no way to implement valid case instrumentation. However external instrumentation is possible requiring a script in Syslog server end that checks syslog file for new messages and informs suite of their arrival.

Used specifications

Specification
Title
RFC5424

The Syslog Protocol

RFC5425

Transport Layer Security (TLS) Transport Mapping for Syslog

RFC5426

Transmission of Syslog Messages over UDP

RFC5674

Alarms in Syslog

RFC5675

Mapping Simple Network Management Protocol (SNMP) Notifications to SYSLOG Messages

Tool-specific information

Tested message elements
Specifications
Notes
SYSLOG-MSG
RFC5424
Alarm SD-ELEMENT
RFC5674
SSNMP SD-ELEMENT
RFC5675

Supported transport protocols
Specifications
Notes
Transport over TLS
RFC5425
Transport over UDP
RFC5426
Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis