How to setup rsyslogd to receive log messages form router

I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
LVL 1
Jeff swicegoodTechnicianAsked:
Who is Participating?
 
Jeff swicegoodTechnicianAuthor Commented:
Got it! Had to set remote logging to default action. Thank you!
0
 
MazdajaiCommented:
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
Jeff swicegoodTechnicianAuthor Commented:
Yes it does. And it populates the file withe the message.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
MazdajaiCommented:
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
 
MazdajaiCommented:
Shyis iptables running?
0
 
Jeff swicegoodTechnicianAuthor Commented:
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
MazdajaiCommented:
Can you try to send syslog messages from another server(non router)?
0
 
MazdajaiCommented:
Great, cheers!
0
 
Jeff swicegoodTechnicianAuthor Commented:
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
MazdajaiCommented:
Or tmpwatch. If you don't need to retain them.
0
 
Mahesh YCommented:
Yes..Logrotate is the best one here.
0
 
Jeff swicegoodTechnicianAuthor Commented:
It was just that little element I found with the experts help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.