How to setup rsyslogd to receive log messages form router

I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0   *                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
Jeff swicegoodTechnicianAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Jeff swicegoodConnect With a Mentor TechnicianAuthor Commented:
Got it! Had to set remote logging to default action. Thank you!
MazdajaiConnect With a Mentor Commented:
Does it create the file if you test it locally on the server?

logger -p " This is a info message from local 4"

Open in new window

Jeff swicegoodTechnicianAuthor Commented:
Yes it does. And it populates the file withe the message.
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

MazdajaiConnect With a Mentor Commented:
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
Shyis iptables running?
Jeff swicegoodTechnicianAuthor Commented:
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote                                    
 4   rsyslog          remote                                    
[badmin@MikroTik] /system logging

Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
Can you try to send syslog messages from another server(non router)?
Great, cheers!
Jeff swicegoodTechnicianAuthor Commented:
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
MazdajaiConnect With a Mentor Commented:
Or tmpwatch. If you don't need to retain them.
Mahesh YCommented:
Yes..Logrotate is the best one here.
Jeff swicegoodTechnicianAuthor Commented:
It was just that little element I found with the experts help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.