Remote logging iptables/rsyslogd

Dear all,

First, I would like to congratulate you for the hard work around LEDE project. Previously I used OpenWRT but was worried about the quality of compilation and support.

I am running LEDE on TP-Link WDR-3600 and could upgrade smoothly. I see a nice and updated 4.4 kernel. And I hope that you will soon provide full reproducible builds, as stated

My question is very general : I would like to log all activities using iptables and rsyslog and send logging to a remote system.

Are you aware of a working solution with LEDE? Which packages should I install ? What (free) logging services are available?

Kind regards,
French Fries

Answering myself: works like a charm.
I installed rsyslogd and was able to send logging to loggly very easily.

opkg install rsyslod and then paster loggly recommended settings in /etc/rsyslogd.conf:

$MaxMessageSize 64k
# Setup disk assisted queues
$WorkDirectory /var/log/spool # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down

template(name="LogglyFormat" type="string"
string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [xxxxxxxxxxxxxxxxxxxxx tag="TAG"] %msg%\n")

# Send messages to Loggly over TCP using the template.
action(type="omfwd" protocol="tcp" target="" port="514" template="LogglyFormat")

The only difference with loggly default settings are that LEDE does not preserve /var/spool/log
over reboots therefore, I used /var/log/spool

Then I modified /etc/config/firewall
with option log '1'
whenever needed.

Kind regards,

Hope this helps!