Remote syslog not getting any firewall reject messages

remote syslog is not getting any firewall reject messages. I see reject messages logged in the web ui under system log, but those are not sent to remote syslog, even though I have it configured and working (as below)

The only messages shipped remotely appear to be like these:

<29>1 2024-05-26T14:37:40-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover
<29>1 2024-05-26T14:37:40-04:00 OpenWrt netifd - - - netifd: Network device 'lan1' link is up
<29>1 2024-05-26T14:37:43-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover
<30>1 2024-05-26T14:37:43-04:00 OpenWrt dnsmasq 1 - - dnsmasq[1]: exiting on receipt of SIGTERM
<29>1 2024-05-26T14:37:46-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover

Can I get some info on how to add in logging to a remote syslog server for a current version of openwrt?

I have tried to review all the posts and wiki info, but none of it clearly refers to remote syslog.

Increase log buffer size and use tcp for remote

I tried that (increased to 640 kiB) and this is all that has come in on syslog. I restarted services

service log restart
service system restart
<30>1 2024-05-27T09:27:23-04:00 OpenWrt logread 8426 - - logread[8426]: Logread connected to via tcp
<28>1 2024-05-27T09:27:24-04:00 OpenWrt odhcpd 1391 - - odhcpd[1391]: No default route present, overriding ra_lifetime!

Here is a sample message in logread:

Mon May 27 09:42:57 2024 kern.warn kernel: [68681.183689] reject wan out: IN=br-lan.2 OUT=wan MAC=e0:3f:49:f2:2a:d8:24:5e:be:51:6c:34:08:00 SRC= DST= LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=57238 DF PROTO=TCP SPT=39966 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0

Bear in mind, this is my first attempt at this, so there could be some config issue elsewhere , if plausible based on the above.

I'm running 23.05.03

config system
	option hostname 'OpenWrt'
	option ttylogin '0'
	option log_size '1400'
	option urandom_seed '0'
	option zonename 'America/New York'
	option log_ip ''
	option log_proto 'tcp'
	option conloglevel '8'
	option cronloglevel '0'
	option log_port '514'

It is supposed to forward every message no matter source
I think you have all the reasons to fill a bug report that klog does not get forwarded.

If that is you you can close discussion here, no config wonders can jump past the bug.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.