automateyournetwork/syslog-receiver
workspace/skills/syslog-receiver/SKILL.md
Receive and query syslog messages from network devices via UDP.
$ install --global
skillsauthnpx skillsauth add automateyournetwork/netclaw syslog-receiverInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:30 AM4.4s1 file scanned
SKILL.md
- name:
- syslog-receiver
- description:
- Receive and query syslog messages from network devices via UDP.
- version:
- 1.0.0
- license:
- Apache-2.0
- author:
- netclaw
- tags:
- []
Syslog Receiver Skill
Receive and query syslog messages from network devices via UDP.
Skill ID
syslog-receiver
Description
This skill enables NetClaw to receive syslog messages from network devices (routers, switches, firewalls) and query the collected data. It supports both RFC 5424 (modern) and RFC 3164 (BSD/Cisco) syslog formats.
When to Use
- Monitoring network device events in real-time
- Investigating incidents by querying historical syslog data
- Aggregating logs from multiple network devices
- Filtering messages by severity, facility, hostname, or content
- Analyzing error patterns across the network
Required MCP Server
syslog-mcp
Available Tools
| Tool | Purpose |
|------|---------|
| syslog_start_receiver | Start listening for syslog messages |
| syslog_stop_receiver | Stop the receiver |
| syslog_get_status | Check receiver status and statistics |
| syslog_query | Search messages with filters |
| syslog_get_message | Get full details of a specific message |
| syslog_get_severity_counts | Get message counts by severity |
Example Workflows
Start Monitoring
1. Use syslog_start_receiver with port 10514
2. Configure network devices to send syslog to this port
3. Use syslog_get_status to verify messages are being received
Investigate Errors
1. Use syslog_query with severity_max=3 to find ERROR and above
2. Filter by hostname or source_ip if investigating specific device
3. Use message_contains to search for specific keywords
4. Use syslog_get_message for full details of interesting entries
Daily Summary
1. Use syslog_get_severity_counts to see distribution
2. Focus on CRITICAL, ERROR, WARNING counts
3. Query high-severity messages for details
Sample Prompts
- "Start the syslog receiver on port 10514"
- "Show me all error messages from the last hour"
- "How many critical alerts have we received today?"
- "Find all syslog messages containing 'interface down'"
- "What's the syslog receiver status?"
- "Query syslog for messages from 192.168.1.1"
Configuration
The syslog-mcp server is configured via environment variables:
SYSLOG_PORT: UDP listening port (default: 514)SYSLOG_BIND_ADDRESS: Bind address (default: 0.0.0.0)SYSLOG_RETENTION_HOURS: Message retention (default: 24)SYSLOG_RATE_LIMIT: Max messages/second (default: 1000)SYSLOG_DEDUP_WINDOW: Dedup window in seconds (default: 5)
Limitations
- In-memory storage only (data lost on restart)
- Single instance per port
- No persistent storage or export
- UDP only (no TCP syslog support)
Related Skills
snmptrap-receiver- SNMP trap collectionipfix-receiver- Flow data collectiongnmi-telemetry- Streaming telemetry
Related Skills
automateyournetwork/humanrail-escalation
testing
VerifiedTrustedCommunity
Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-node-operations
testing
VerifiedTrustedCommunity
Manage EVE-NG node lifecycle. Use when listing nodes, checking runtime state, creating or deleting nodes, starting or stopping nodes or whole labs, verifying node details, or wiping node NVRAM back to factory defaults.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-lab-management
development
VerifiedTrustedCommunity
Manage EVE-NG labs and platform inventory. Use when listing labs, checking lab metadata, creating or deleting labs, importing or exporting lab archives, checking EVE-NG health or auth, or verifying available node images before build work.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-console-ops
tools
VerifiedTrustedCommunity
Execute live CLI commands on running EVE-NG nodes over telnet console. Use when running show commands, making live config changes, verifying protocol state, testing connectivity, checking console readiness, or interacting with IOS, Junos, VPCS, EOS, or NX-OS nodes.
491SKILL.mdUpdated May 12, 2026