logger — CySA+ Tools — Thiago Teixeira

logger

POSIX command-line utility to send messages directly to syslog.

Logging & SIEM Built-in OS CLI Learning Linux macOS

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

logger is the POSIX one-liner that injects a message into the local syslog stream (and therefore into whatever forwarder is shipping it onward — rsyslog, syslog-ng, journald, Beats).

Why it matters to a SOC analyst:

Smoke-testing the pipeline (“does my detection rule fire when this message lands?”) without waiting for an organic event.
Letting shell scripts and cron jobs emit auditable events with arbitrary facility/severity.
Generating training data and SIEM dashboard QA samples.

Use cases

Triggering a SIEM detection during rule development
Emitting auditable events from shell scripts and cron jobs
Generating canary log lines to test forwarder health

Example

logger -p auth.warning -t soc-test "test alert from analyst-jane"
logger --rfc5424 --tag deploy "release v1.4.2 completed"