Randomly corrupt the data being sent
This option will randomly change a character of the message to a random value. This is used to test the ability of the Syslog Daemon to handle unexpected data. In real life, if the data is corrupted the UDP or TCP checksum would fail the test and the packet would be dropped by Winsock before it ever reached the Syslog Daemon.
Send message with no priority code
The BSD Unix Syslog RFC states that each message must start with a valid priority code delimited by '<>'. Some network devices do not obey this rule and simply send the messages on UDP port 514 without a priority code.
This option can be used to see how the Syslog Daemon handles illegal messages.
Send oversize packets
Normally, Syslog messages must not exceed 1024 bytes in total length. This option pads the end of the message with 4096 space characters to see how the Syslog Daemon handles it.
Messages should be either dropped or truncated.
Add CR and LF to end of message
Normally Syslog messages don't contain carriage return or line feed characters. Some network devices such as the Cisco PIX firewall terminate the message text with a CR and LF. This option allows you to simulate this type of device by adding a CR and LF to the end of each message.
Use Syslog RFC header
This option ensures that the correct BSD Syslog header is used for the message.
More info about the format of the header can be found in the BSD Syslog RFC.
The HEADER part contains a timestamp and an indication of the host name or IP address of the device.
The HEADER contains two fields called the TIMESTAMP and the HOSTNAME.
The TIMESTAMP will immediately follow the trailing ">" from the PRI part and single space characters MUST follow each of the TIMESTAMP and HOSTNAME fields.
HOSTNAME will contain the host name, as it knows itself. If it does not have a host name, then it will contain its own IP address.
The TIMESTAMP field is the local time and is in the format of:
"Mmm dd hh:mm:ss" (without the quote marks).
The MSG part has two fields known as the TAG field and the CONTENT field. The value in the TAG field will be the name of the program or process that generated the message. The CONTENT contains the details of the message. This has traditionally been a free form message that gives some detailed information of the event. The TAG is a string of ABNF alphanumeric characters that MUST NOT exceed 32 characters. Any non-alphanumeric character will terminate the TAG field and will be assumed to be the starting character of the CONTENT field. Most commonly, the first character of the CONTENT field that signifies the conclusion of the TAG field has been seen to be the left square bracket character ("["), a colon character (":"), or a space character
Kiwi SyslogGen uses the following format for its messages:
<PRI>Jul 10 12:00:00 192.168.1.1 SyslogGen MESSAGE TEXT
The TAG field is "SyslogGen"
The host name is specified as an IP address