Kieran Jacobsen

Kieran Jacobsen

He/Him. Microsoft MVP and GitKraken Ambassador. 🌏 Poshsecurity.com. 🏳‍🌈 Gay. 🐱 Cat owner.

Posh-SYSLOG version 4 is now available

The Posh-SYSLOG PowerShell module continues to surprise me. I originally developed the module in early 2012, making it available on GitHub in 2013. Since then I've continued to maintain the module, even though I don’t directly use the module.

Early this year, usage of the module skyrocketed. Growing from a few hundred downloads a year to an average of 10 thousand downloads each month. I don’t know what’s driven this growth, but it's been incredible.

Today is another milestone for Posh-SYSLOG. I'm happy to announce that version 4.0 has been released. This release adds support for sending SYSLOG messages over TLS. Sending messages over TLS

Switching to TLS is super easy!

With previous versions, the Transport parameter allowed you to specify UDP and TCP transport options, in version 4.0, we now have the TCPwithTLS option. To send a message with TLS:

PS> Send-SyslogMessage -Server ‘myserver.local’ -Message ‘My Message’ -Severity Alert -Facility kern -Transport TCPwithTLS

Default behaviours

There are some default behaviours that you should be aware of:

  1. TLS 1.2 is used by default when connecting to the server. If your server doesn’t support this, you can use the SslProtocols parameter to change the behaviour. This parameter uses the type System.Security.Authentication.SSLProtocols, and supports specifying TLS 1.0, TLS 1.1, SSL 2 and SSL 3.
  2. By default, the value specified for the Server parameter is validated against the server’s certificate. This means that the certificate will need to contain this value for validation to be successful. Currently, you can't change this logic, but I'll look at including this in version 4.1.
  3. Sometimes we can’t validate the server’s certificate, we can ignore any validation errors by including the DoNotValidateTLSCertificate parameter. If this parameter is used, a warning will be displayed to the user.

Any potential breaking issues?

I don’t believe there are any breaking changes, but there's a minor change to one of the parameter types.

Before the Transport parameter was a string, this has been changed to an enum, Syslog_Protocol. PowerShell should be able to cast between the strings TCP and UDP to the enum without any issues. If this assumption turns out to cause any significant issues, I'll revert this change.

What else is fixed?

This release also fixes more issues caused on older PowerShell versions due to the use of OutputType([null])]. These have now been fully removed. I want to thank athelu for reporting the issue.

Getting the Module

If you have never used the module before, the easiest way to get Posh-SYSLOG is through the PowerShell Gallery:

PS> Install-Module -Name Posh-SYSLOG

If you already have the module installed, you can update the module from the PowerShell Gallery with:

PS> Update-Module -Name Posh-SYSLOG

You can also download the release from the module’s GitHub Releases page.

Found an issue? Then raise any bugs or feature requests via GitHub Issues.

Azure Automation State Configuration – Installing Common DSC Modules

Content from The Boring Security Talk now available