Solved

How to setup rsyslogd to receive log messages form router

Posted on 2014-12-22
12
331 Views
Last Modified: 2014-12-29
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
0
Comment
Question by:Jeff swicegood
  • 6
  • 5
12 Comments
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40516590
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40516996
Yes it does. And it populates the file withe the message.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517007
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517010
Shyis iptables running?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517020
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 40517047
Got it! Had to set remote logging to default action. Thank you!
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517048
Can you try to send syslog messages from another server(non router)?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517049
Great, cheers!
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517059
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517082
Or tmpwatch. If you don't need to retain them.
0
 
LVL 1

Expert Comment

by:Mahesh Y
ID: 40517360
Yes..Logrotate is the best one here.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 40521510
It was just that little element I found with the experts help.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question