[How-to] use OpenWRT as a syslog server
Links:
https://openwrt.org/docs/guide-user/base-system/log.essentials
https://github.com/gSpotx2f/luci-app-log
https://superuser.com/questions/1008348/netcat-keep-listening-for-connection-in-debian
ncat -4 -l -k 5555 | logger
https://winscp.net/eng/index.php
Packages to install via opkg
luci-i18n-commands-en
ncat
In my home lab I required a syslog remote viewer, to check the remote logs of a openWRT box.
This post will show the steps I used to create a local syslog veiwer in a openWRT machine.
I used two virtual openWRT machines in PROXMOX, with a physical openWRT box for dhcp.
Naming convention.
SYSLOG machine : syslog-OpenWrt with static IP via DHCP server
REMOTE machine : openwrt-41
Spin up the SYSLOG machine
Using winscp and putty to access the cli.
Installed
opkg install luci-i18n-commands-en
opkg install ncat
From https://github.com/gSpotx2f/luci-app-log
wget --no-check-certificate -O /tmp/luci-app-log_0.6-2_all.ipk https://github.com/gSpotx2f/packages-openwrt/raw/master/current/luci-app-log_0.6-2_all.ipk
opkg install /tmp/luci-app-log_0.6-2_all.ipk
rm /tmp/luci-app-log_0.6-2_all.ipk
/etc/init.d/rpcd restart
Using LUCI commands
created command to reset logs
Require ncat to start with machine and continuously monitor port 5555
Using startup command via LuCI
Start netcat session and pass to logfile
REBOOT
Using LUCI check log file and the ability to clear the logs via LuCI
Check process to confirm netcat has started
Spin up the REMOTE machine.
From https://openwrt.org/docs/guide-user/base-system/log.essentials
Using LUCI set ip 192.168.10.189 and port 555 of remote server using TCP
REBOOT
Check the logs from remote machine via LUCI on the SYSLOG machine
Using message filter I can choose the name of the REMOTE machine : openwrt-41
With this setup I can monitor many REMOTE machine logs, quickly. I do not require to keep a copy of the logs. My setup is for real time monitoring during remote installation.