Difference between revisions of "Syslog"
From Bashlinux
(→syslog) |
|||
Line 1: | Line 1: | ||
__NOTOC__ |
__NOTOC__ |
||
+ | == Remote logging == |
||
− | == How to enable remote logs come in from remote hosts |
+ | === How to enable remote logs come in from remote hosts === |
⚫ | |||
+ | ''Settings described here are for Fedora as syslog server'' |
||
⚫ | |||
− | + | * Enable UDP syslog reception in <tt>/etc/rsyslog.conf</tt> and uncomment the following lines: |
|
− | |||
− | <pre><nowiki> |
||
$ModLoad imudp |
$ModLoad imudp |
||
$UDPServerRun 514 |
$UDPServerRun 514 |
||
⚫ | |||
− | </nowiki></pre> |
||
⚫ | |||
− | |||
⚫ | |||
− | |||
⚫ | |||
− | |||
− | <pre><nowiki> |
||
systemctl restart rsyslog.service |
systemctl restart rsyslog.service |
||
− | </nowiki></pre> |
||
− | |||
+ | === How to send logs to a remote log server from a home router === |
||
− | # In OpenWRT UI go to System tab, System subtab, Logging sub-subtab. Put the IP of the Fedora server there. Web-based UI in Backfire is powerful and easy to use, but you can confirm that the changes are saved in `/etc/config/system` as option 'log_ip' '192.168.m.n' |
||
+ | * In OpenWRT UI go to System tab, System subtab, Logging sub-subtab. |
||
− | # Here you need to restart syslogd on the router. I admit, I couldn't figure out how to do that mad so I ended up just rebooting the router. Whatever you do, your ps output should show syslogd -R 192.168.m.n:514 (maybe some other switches like -C or -L). |
||
+ | * Put the IP of the syslog server there. |
||
− | # Now look in `/var/log/messages` on Fedora server. You should see messages from the router. If your router is not busy, try to log in or log out - it should get recorded. You will also see the name that the router reports to syslog |
||
+ | ** Confirm that the changes are saved in <tt>/etc/config/system</tt> as option <code>log_ip 192.168.m.n</code> |
||
⚫ | |||
+ | * Here you need to restart syslogd on the router. Just reboot the router :) |
||
− | |||
+ | * Look in <tt>/var/log/messages</tt> on the syslog server. You should see messages from the router. |
||
− | <pre><nowiki> |
||
⚫ | |||
:source, isequal, "server.ip" /var/log/mylogfile.log |
:source, isequal, "server.ip" /var/log/mylogfile.log |
||
:source, isequal, "server.ip" ~ |
:source, isequal, "server.ip" ~ |
||
− | </nowiki></pre> |
Latest revision as of 22:16, 11 June 2015
Remote logging
How to enable remote logs come in from remote hosts
Settings described here are for Fedora as syslog server Useful for small embedded devices like routers, DSL modems and access points.
- Enable UDP syslog reception in /etc/rsyslog.conf and uncomment the following lines:
$ModLoad imudp $UDPServerRun 514
- Ensure TCP syslog is either disabled or running on a different port.
- Restart rsyslog:
systemctl restart rsyslog.service
How to send logs to a remote log server from a home router
- In OpenWRT UI go to System tab, System subtab, Logging sub-subtab.
- Put the IP of the syslog server there.
- Confirm that the changes are saved in /etc/config/system as option
log_ip 192.168.m.n
- Confirm that the changes are saved in /etc/config/system as option
- Here you need to restart syslogd on the router. Just reboot the router :)
- Look in /var/log/messages on the syslog server. You should see messages from the router.
- To log all router-based messages into single file create the file etc/rsyslogd.d/openwrt.conf with the following contents:
:source, isequal, "server.ip" /var/log/mylogfile.log :source, isequal, "server.ip" ~