Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to setup rsyslogd to receive log messages form router

Posted on 2014-12-22
12
Medium Priority
?
423 Views
Last Modified: 2014-12-29
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
0
Comment
Question by:Jeff swicegood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40516590
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40516996
Yes it does. And it populates the file withe the message.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40517007
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517010
Shyis iptables running?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517020
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 40517047
Got it! Had to set remote logging to default action. Thank you!
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517048
Can you try to send syslog messages from another server(non router)?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517049
Great, cheers!
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517059
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40517082
Or tmpwatch. If you don't need to retain them.
0
 
LVL 1

Expert Comment

by:Mahesh Y
ID: 40517360
Yes..Logrotate is the best one here.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 40521510
It was just that little element I found with the experts help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question