External system log server (Hostname + Caching logs)

I have two questions regarding the External system log server
I am using OpenWrt 19.07.2
First, how to use a hostname instead of an ip for the External system log server address. The luci interface accepts the hostname but doesn't actually use it. As a workaround I resolve the hostname into an ip address and use it but lately I noticed that logs aren't being updated on the remote server and the reason was that the ip changed for the assigned hostname. So I need to use the hostname instead of the ip to avoid any future changes to the ip.
Second, how to preserve logs between reboots or internet connection downtime. like cache them for example then feed them to the remote server when the router back online.

If I am not mistaken the syslog uses IP to rule out DNS issues from:

  1. Not sending the logs to the syslog.
  2. Keep sending the logs to the wrong address.
    Any serious server must have a static IP. If you cannot change that, just set up a tunnel between the OpenWrt and the Syslog and use the tunnel IP.

By default logs are on tmpfs, to avoid wearing out the flash of the device. You could mount an external device and save the log there. As for saving the messages for when the connectivity is back on, your best bet is with TCP instead of traditional UDP.

1 Like

Actually I think you got it wrong, hostnames are used to avoid sending to the wrong ip like in my case.
Remote logging service provider can for example change his public addresses and it will transparent to the customers when they are using hostnames to reach the service.
And that's why ppl with dynamic ips use DDNS services to be able to connect to their networks even if the ip changes.
I have a DDWRT router and I can input hostname or ip for remote server logging with no problems.

I am using remote server logging and TCP but logs during reboots which happen before establishing the PPPoE connection or during the downtime of the PPPoE connection aren't being pushed to the remote logging server. so my question is, is there a way to check if the remote logging server is available (pingable for example) if not then keep logs in cache or buffer till it becomes available again then start pushing the cached logs.

On the contrary, I am well aware of what I say.
First of all any serious service provider won't change the IP address of its servers on a regular basis.
What you mean to say here is that the syslog server you have configured is at your home, which doesn't have static IP.
Second, depending on how fast DDNS will propagate the change and update the A/AAAA records you still have a window that logs will be sent to the old IP, which you don't know to whom it belongs.
I already suggested to use a tunnel if you cannot have a static IP.

Sounds lovely, good for them.

There are more syslog packages available to install, including syslog-ng, if the functionality of the lightweight doesn't cover your needs.

1 Like

Actually, I am using papertrail not a local server and they use hostnames. I was just giving an example on the benefits of using a hostname over using an ip.

nslookup yoursyslog.papertrail.com and use the IP you'll get.

1 Like

Like I said before.

Likewise, the logd used is lightweight and doesn't cover all needs. It is fine for sending the logs to a host. Feel free to experiment with other syslogs available in opkg since it doesn't cover you.

1 Like

Already did, thanks.
but nothing is perfect syslog-ng seemed a little big for some of my devices.
went with rsyslog, but it has it's own draw backs.
like for some reason logread cannot output anymore to the system log window under the status tab.
have to open the file directly from a terminal window or look at the remote server logs but that would be a problem if the remote server is down or router wan connection is down.

1 Like

That's ridiculous, pedantic and not helpful. Seems that the openwrt version of rsyslog doesn't support nameserver resolution, which is a pain because the last thing I want is another fixed IP on my network to remember.

Danielo feel free to write a patch, apart from reviving a year old topic to complain.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.