Remote syslog not getting any firewall reject messages

remote syslog is not getting any firewall reject messages. I see reject messages logged in the web ui under system log, but those are not sent to remote syslog, even though I have it configured and working (as below)

The only messages shipped remotely appear to be like these:

<29>1 2024-05-26T14:37:40-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover
<29>1 2024-05-26T14:37:40-04:00 OpenWrt netifd - - - netifd: Network device 'lan1' link is up
<29>1 2024-05-26T14:37:43-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover
<30>1 2024-05-26T14:37:43-04:00 OpenWrt dnsmasq 1 - - dnsmasq[1]: exiting on receipt of SIGTERM
<29>1 2024-05-26T14:37:46-04:00 OpenWrt netifd - - - netifd: wan (2201): udhcpc: broadcasting discover

Can I get some info on how to add in logging to a remote syslog server for a current version of openwrt?

I have tried to review all the posts and wiki info, but none of it clearly refers to remote syslog.

Increase log buffer size and use tcp for remote

I tried that (increased to 640 kiB) and this is all that has come in on syslog. I restarted services

service log restart
service system restart
<30>1 2024-05-27T09:27:23-04:00 OpenWrt logread 8426 - - logread[8426]: Logread connected to 192.168.1.11:514 via tcp
<28>1 2024-05-27T09:27:24-04:00 OpenWrt odhcpd 1391 - - odhcpd[1391]: No default route present, overriding ra_lifetime!

Here is a sample message in logread:

Mon May 27 09:42:57 2024 kern.warn kernel: [68681.183689] reject wan out: IN=br-lan.2 OUT=wan MAC=e0:3f:49:f2:2a:d8:24:5e:be:51:6c:34:08:00 SRC=192.168.1.11 DST=52.44.227.212 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=57238 DF PROTO=TCP SPT=39966 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0

Bear in mind, this is my first attempt at this, so there could be some config issue elsewhere , if plausible based on the above.

I'm running 23.05.03

config system
	option hostname 'OpenWrt'
	option ttylogin '0'
	option log_size '1400'
	option urandom_seed '0'
	option zonename 'America/New York'
	option log_ip '192.168.1.11'
	option log_proto 'tcp'
	option conloglevel '8'
	option cronloglevel '0'
	option log_port '514'

It is supposed to forward every message no matter source
https://openwrt.org/docs/guide-user/base-system/system_configuration
I think you have all the reasons to fill a bug report that klog does not get forwarded.

If that is you you can close discussion here, no config wonders can jump past the bug.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.