1 (edited by forum2006 2007-08-02 16:19:13)

Topic: [Howto] Remote logging

Remote logging

1. Configure the Ubuntu syslog server to accept remote logging. Edit /etc/default/syslog and restart sysklogd.
/etc/default/syslog:

SYSLOGD="-u syslog -r"
sudo /etc/init.d/ksyslogd restart

2. On the router set log_ip. log_ip is the IP address of your remote syslog server

uci set system.cfg1.log_ip=192.168.1.1
uci commit && reboot

3. On the syslog server check if it's working. 192.168.178.3 is the IP address of the router. For Ubuntu run:

tail -f /var/log/syslog

ubuntu@ubuntu-laptop:~/openwrt/kamikaze_7.07_atheros$ tail -f /var/log/syslog
Aug  2 17:02:21 localhost syslogd 1.4.1#20ubuntu4: restart (remote reception).
Aug  2 17:02:21 localhost kernel: [13346.400000] process `syslogd' is using obsolete setsockopt SO_BSDCOMPAT
Aug  2 17:02:24 localhost gconfd (root-9685): Der GConf-Server wird nicht verwendet und daher beendet.
Aug  2 17:02:24 localhost gconfd (root-9685): Beenden
Aug  2 17:07:17 192.168.178.3 kernel: wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
Aug  2 17:07:22 192.168.178.3 kernel: wifi0: H/W encryption support: WEP AES AES_CCM TKIP
Aug  2 17:07:27 192.168.178.3 kernel: wifi0: mac 11.0 phy 4.8 radio 7.0
Aug  2 17:07:32 192.168.178.3 kernel: wifi0: Use hw queue 1 for WME_AC_BE traffic
Aug  2 17:07:37 192.168.178.3 kernel: wifi0: Use hw queue 0 for WME_AC_BK traffic
Aug  2 17:07:42 192.168.178.3 kernel: wifi0: Use hw queue 2 for WME_AC_VI traffic
Aug  2 17:07:47 192.168.178.3 kernel: wifi0: Use hw queue 3 for WME_AC_VO traffic
Aug  2 17:07:52 192.168.178.3 kernel: wifi0: Use hw queue 8 for CAB traffic
Aug  2 17:07:57 192.168.178.3 kernel: wifi0: Use hw queue 9 for beacons
Aug  2 17:08:02 192.168.178.3 kernel: wifi0: Atheros 2315 WiSoC: mem=0xb0000000, irq=3
Aug  2 17:08:07 192.168.178.3 kernel: device ath0 entered promiscuous mode
Aug  2 17:08:12 192.168.178.3 kernel: br-lan: port 2(ath0) entering learning state
Aug  2 17:08:17 192.168.178.3 kernel: br-lan: topology change detected, propagating
Aug  2 17:08:22 192.168.178.3 kernel: br-lan: port 2(ath0) entering forwarding state
Aug  2 17:08:27 192.168.178.3 kernel: device ath1 entered promiscuous mode
Aug  2 17:08:32 192.168.178.3 kernel: br-lan: port 3(ath1) entering learning state
Aug  2 17:08:37 192.168.178.3 kernel: br-lan: topology change detected, propagating
Aug  2 17:08:42 192.168.178.3 kernel: br-lan: port 3(ath1) entering forwarding state
Aug  2 17:08:47 192.168.178.3 crond[622]: crond 2.3.2 dillon, started, log level 8 
Aug  2 17:09:01 localhost /USR/SBIN/CRON[9866]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
1x ASUS WL-700g Encore (Kamikaze 7.09, BCM947xx//953xx [2.4])
1x ASUS WL-500g Premium with Wistron CM9 WiFi card (Kamikaze 7.09, BCM947xx//953xx [2.4])
1x Linksys WRT54GL v1.1 with 512MB MMC card mod, optimized MMC driver (Kamikaze trunk r9548, BCM947xx//953xx [2.4])
NO support via PM.

2 (edited by opotonil 2009-09-29 17:29:16)

Re: [Howto] Remote logging

Example configuration for OpenWrt 8.09.1 using config files:

root@openwrt:~# cat /etc/config/system
config 'system'
        ...
        option 'log_ip' '192.168.1.2'
        ...

Bye.

3

Re: [Howto] Remote logging

For recent UCI versions run:

uci set system.@system[0].log_ip=192.168.1.1
uci commit
reboot

Re: [Howto] Remote logging

the use config files is best or more standard that direct use of uci?

For me work ok, using config that I posted before.

Sorry for my english. Bye.

Re: [Howto] Remote logging

the use config files is best or more standard that direct use of uci?

From my understanding, while the final effect is the same (ie /etc/config/system gets modified), the use of UCI is preferred since it provides some sort of unified API for setting the different parameters for the router. I hope a more experienced user (I have openwrt installed since a few months, but only started playing seriously with it recently) or developer can confirm this statement.

Regarding the setting of the logging in Ubuntu, the initial post instructions are valid for the syslogd daemon, that has now been replaced with the rsyslogd daemon as the default log daemon for the distribution. In recent Ubuntu (or Debian) systems, the first step would be:

1.1 Edit the /etc/rsyslogd.conffile for allowing the rsyslog server to accept logs from UDP (port 514), by uncommenting the following lines:

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

By default, rsyslogd will treat the remote logs as if they were local ones (meaning, among other things, the entries will end up in the same logfiles where the local logs are stored). In my setup, I found convenient to override that behaviour and instead place all the logs from my router in a different file:

1.2 (Optional) Create the file /etc/rsyslogd.d/openwrt.conf with the following contents:

:source, isequal, "myrouter.mydomain" /var/log/mylogfile.log
:source, isequal, "myrouter.mydomain" ~

The first line logs the entries coming from "myrouter.mydomain" (can be expressed as an IP as well) into /varlog/mylogfile.log, while the second one prevents any further processing of the entry by discarding it (note the final tilde ~). A more complete description of the different configuration options [1] and example configurations [2] can be found on the rsyslogd man pages and wiki.

Hope it helps someone.

[1] http://www.rsyslog.com/doc-rsyslog_conf.html
[2] http://wiki.rsyslog.com/index.php/Configuration_Samples

Re: [Howto] Remote logging

Editing the config directly or using UCI to set it is pretty much identical. The only real difference is that editing the config file directly is more like doing an immediate uci commit.


For some things I prefer to edit the file directly, especially when it involves the awkward array syntax or does that cfg23422 crap.

Re: [Howto] Remote logging

nicolezhu85 wrote:

http://www.tradeshoes9.com/

Hey, cool spam broseph.

Re: [Howto] Remote logging

To enable remote logging from Backfire (10.03.1-RC6) to Fedora (15):

0. Backfire comes with syslog preinstalled, and Fedora comes with rsyslog. There are probably situations when you need other packages (eg, syslog-ng), but these are good for me.

1. On Fedora enable UDP syslog reception. In /etc/rsyslog.conf uncomment the following lines:

$ModLoad imudp
$UDPServerRun 514

Make sure that TCP syslog is either disabled or running on a different port.
Restart rsyslog:

systemctl restart rsyslog.service

2. In OpenWRT UI go to System tab, System subtab, Logging sub-subtab. Put the IP of the Fedora server there. Web-based UI in Backfire is powerful and easy to use, but you can confirm that the changes are saved in /etc/config/system as option 'log_ip' '192.168.m.n'

3. Here you need to restart syslogd on the router. I admit, I couldn't figure out how to do that mad so I ended up just rebooting the router. Whatever you do, your ps output should show syslogd -R 192.168.m.n:514 (maybe some other switches like -C or -L).

3. Now look in /var/log/messages on Fedora server. You should see messages from the router. If your router is not busy, try to log in or log out - it should get recorded. You will also see the name that the router reports to syslog

4. if you want to combine router-based messages into single file, follow the advice from diego.misc above: Create the file /etc/rsyslogd.d/openwrt.conf with the following contents:

:source, isequal, "myrouter.mydomain" /var/log/mylogfile.log
:source, isequal, "myrouter.mydomain" ~