How to send OpenWrt logs to elasticsearch?

Can someone tell me how can i send my router (openwrt) logs to the elasticsearch ?

Put in the IP of the desitnation.

1 Like

in the logging section, I put in the destination ip of elaticsearch and port of 514, but still it is not displaying me the logs. Do I have to perform some other settings as well like firewall or any?

  • Have you verified the OpenWrt is sending (e.g. via tcpdump)?
  • To be clear, "elaticsearch" is capable of receiving/processing syslog, correct?
  • I find it odd that you merely have to put in an IP and port...
    • do you have to give elaticsearch the SRC IP of the traffic - or otherwise inform it the traffic is yours (and syslog)??? :thinking:
  • and yes, of course the firewall of the DST machine must allow the traffic

(What do their instructions say, and can you provide a link?)

Well, according to first point of yours, the only logs I have is in web , didn't get it dump anywhere uptil now.
and yes, elasticsearch do receive logs

I'm not sure what this means. Are you able to observe the traffic from the OpenWrt to the elastisearch machine by running the tcpdump tool?

nope right now

Please use full sentences, it is unclear if that means yes or no. I assume you're saying no - that you are unable to see traffic from your OpenWrt to 514/udp with a DST of your server or "not right now".

(The phrasing made me think it worked previously; if you haven't mentioned that, let us know.)

OK...then you won't see logs appear on the server until this is fixed. tcpdump is an easy way to verify the logs are actually transmitting.

  • Do you allow outbound traffic from the OpenWrt to the Interface/Firewall zone in which the server is located?
  • Did you Save/Apply, reload the system config or reboot the OpenWrt since you added this logging config?
  • Did this work previously?
  • Have you successfully sent syslog data from another device to the elasticsearch before?
  • Please verify you checked the firewall on the server

(Kinda need more information to assist you, full sentences and more details will help.)

I was just able to dump the logs in my OpenWRT local system in some particular log file, and I want to know the settings that I have to do to store in some remote machine. What changes will be required? and I haven't done it before so trying to make it work for the first time

How is this related to syslog protocol to a remote machine?

Perhaps we're having a language barrier?

I have put it in, but still, remote machine is not showing me the logs

:man_facepalming: I know this.

I am happy to translate to your native language if it's easier.