Difference between revisions of "Syslog"

From Bashlinux
Jump to: navigation, search
(syslog)
 
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
  +
== Remote logging ==
== How to enable remote logs come in from remote hosts in Fedora ==
+
=== How to enable remote logs come in from remote hosts ===
Useful from small embedded devides like routers, DSL modems and access points.
 
  +
''Settings described here are for Fedora as syslog server''
 
Useful for small embedded devices like routers, DSL modems and access points.
   
1. Enable UDP syslog reception in `/etc/rsyslog.conf` and uncomment the following lines:
+
* Enable UDP syslog reception in <tt>/etc/rsyslog.conf</tt> and uncomment the following lines:
 
<pre><nowiki>
 
 
$ModLoad imudp
 
$ModLoad imudp
 
$UDPServerRun 514
 
$UDPServerRun 514
 
* Ensure TCP syslog is either disabled or running on a different port.
</nowiki></pre>
 
 
* Restart rsyslog:
 
Ensure TCP syslog is either disabled or running on a different port.
 
 
1. Restart rsyslog:
 
 
<pre><nowiki>
 
 
systemctl restart rsyslog.service
 
systemctl restart rsyslog.service
</nowiki></pre>
 
 
   
  +
=== How to send logs to a remote log server from a home router ===
# In OpenWRT UI go to System tab, System subtab, Logging sub-subtab. Put the IP of the Fedora server there. Web-based UI in Backfire is powerful and easy to use, but you can confirm that the changes are saved in `/etc/config/system` as option 'log_ip' '192.168.m.n'
 
  +
* In OpenWRT UI go to System tab, System subtab, Logging sub-subtab.
# Here you need to restart syslogd on the router. I admit, I couldn't figure out how to do that mad so I ended up just rebooting the router. Whatever you do, your ps output should show syslogd -R 192.168.m.n:514 (maybe some other switches like -C or -L).
 
  +
* Put the IP of the syslog server there.
# Now look in `/var/log/messages` on Fedora server. You should see messages from the router. If your router is not busy, try to log in or log out - it should get recorded. You will also see the name that the router reports to syslog
 
  +
** Confirm that the changes are saved in <tt>/etc/config/system</tt> as option <code>log_ip 192.168.m.n</code>
# if you want to combine router-based messages into single file, follow the advice from diego.misc above: Create the file `etc/rsyslogd.d/openwrt.conf` with the following contents:
 
  +
* Here you need to restart syslogd on the router. Just reboot the router :)
 
  +
* Look in <tt>/var/log/messages</tt> on the syslog server. You should see messages from the router.
<pre><nowiki>
 
 
* To log all router-based messages into single file create the file <tt>etc/rsyslogd.d/openwrt.conf</tt> with the following contents:
 
:source, isequal, "server.ip" /var/log/mylogfile.log
 
:source, isequal, "server.ip" /var/log/mylogfile.log
 
:source, isequal, "server.ip" ~
 
:source, isequal, "server.ip" ~
</nowiki></pre>
 

Latest revision as of 22:16, 11 June 2015

Remote logging

How to enable remote logs come in from remote hosts

Settings described here are for Fedora as syslog server Useful for small embedded devices like routers, DSL modems and access points.

  • Enable UDP syslog reception in /etc/rsyslog.conf and uncomment the following lines:
$ModLoad imudp
$UDPServerRun 514
  • Ensure TCP syslog is either disabled or running on a different port.
  • Restart rsyslog:
systemctl restart rsyslog.service

How to send logs to a remote log server from a home router

  • In OpenWRT UI go to System tab, System subtab, Logging sub-subtab.
  • Put the IP of the syslog server there.
    • Confirm that the changes are saved in /etc/config/system as option log_ip 192.168.m.n
  • Here you need to restart syslogd on the router. Just reboot the router :)
  • Look in /var/log/messages on the syslog server. You should see messages from the router.
  • To log all router-based messages into single file create the file etc/rsyslogd.d/openwrt.conf with the following contents:
:source, isequal, "server.ip" /var/log/mylogfile.log
:source, isequal, "server.ip" ~