OpenWrt Forum Archive

Topic: Use Openwrt as Syslog-server

The content of this topic has been archived on 10 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
rossini
10 Oct 2012, 21:20

Hi, maybe it's a simple stupid question, but i didn't find an answer on google or forum: Is it possible to use an Openwrt-Device as a syslog-server.
If yes, how would i do that? If yes, would this be a clever solution?

Every tutorial/docu i found was about logging from openwrt to a remote-server.
As i have two openwrt devices at home running nearly 24/7, one of them should log everything from the other devices (real servers, other openwrt boxes, itself, ....) and write it on a persistant memory (usb-stick/drive).
So i can read on a rainy saturday all my logs from all my devices.

Can anybody help me, put me in the right direction?

Thank you.

Post #2
changeway
7 Dec 2012, 10:20

syslogd support -r option to be a syslog server
http://linux.about.com/od/commands/l/bl … yslogd.htm

-r
This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see services(5)). The default is to not receive any messages from the network.
This option is introduced in version 1.3 of the sysklogd package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on.

But OpenWRT use busybox build-in syslogd not support this option.
You may find other package for syslog server.

Post #3
sivanov
22 May 2014, 20:25

Hi,

use syslog-ng3, its has all options inside

http://redhat-club.org/2011/%D0%BD%D0%B … 0%B8%D0%B9


here syslog-ng.conf -

options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };

# Local sources
source s_local { unix-dgram("/dev/log");};

# Local destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_ppp { facility(local2); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

log { source(s_local); filter(f_authpriv); destination(authlog); };
log { source(s_local); filter(f_syslog); destination(syslog); };
log { source(s_local); filter(f_cron); destination(cron); };
log { source(s_local); filter(f_daemon); destination(daemon); };
log { source(s_local); filter(f_kern); destination(kern); };
log { source(s_local); filter(f_lpr); destination(lpr); };
log { source(s_local); filter(f_mail); destination(mail); };
log { source(s_local); filter(f_user); destination(user); };
log { source(s_local); filter(f_uucp); destination(uucp); };
log { source(s_local); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(s_local); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(s_local); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(s_local); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(s_local); filter(f_news); filter(f_err); destination(newserr); };
log { source(s_local); filter(f_news); filter(f_notice); destination(newsnotice); };
log { source(s_local); filter(f_debug); destination(debug); };
log { source(s_local); filter(f_messages); destination(messages); };
log { source(s_local); filter(f_emergency); destination(console); };
log { source(s_local); filter(f_ppp); destination(ppp); };
log { source(s_local); destination(console_all); };

# Remote logging
source s_remote {
    udp(ip(10.0.0.1) port(514));
};

# Remote destinations
destination r_authlog {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/authlog.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_syslog {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/syslog"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_cron {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/cron.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_daemon {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_kern {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/kern.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_lpr {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_user {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/user.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_uucp {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_ppp {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/ppp.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_mail {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.log"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_mailinfo {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.info"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_mailwarn {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.warn"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_mailerr {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.err"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_newscrit {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.crit"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_newserr {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.err"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_newsnotice {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.notice"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_debug {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/debug"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

destination r_messages {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/messages"
    owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); filter(f_authpriv); destination(r_authlog); };
log { source(s_remote); filter(f_syslog); destination(r_syslog); };
log { source(s_remote); filter(f_cron); destination(r_cron); };
log { source(s_remote); filter(f_daemon); destination(r_daemon); };
log { source(s_remote); filter(f_kern); destination(r_kern); };
log { source(s_remote); filter(f_lpr); destination(r_lpr); };
log { source(s_remote); filter(f_mail); destination(r_mail); };
log { source(s_remote); filter(f_user); destination(r_user); };
log { source(s_remote); filter(f_uucp); destination(r_uucp); };
log { source(s_remote); filter(f_mail); filter(f_info); destination(r_mailinfo); };
log { source(s_remote); filter(f_mail); filter(f_warn); destination(r_mailwarn); };
log { source(s_remote); filter(f_mail); filter(f_err); destination(r_mailerr); };
log { source(s_remote); filter(f_news); filter(f_crit); destination(r_newscrit); };
log { source(s_remote); filter(f_news); filter(f_err); destination(r_newserr); };
log { source(s_remote); filter(f_news); filter(f_notice); destination(r_newsnotice); };
log { source(s_remote); filter(f_debug); destination(r_debug); };
log { source(s_remote); filter(f_messages); destination(r_messages); };
log { source(s_remote); filter(f_ppp); destination(r_ppp); };

(Last edited by sivanov on 19 Jul 2014, 19:39)

The discussion might have continued from here.