Solved

How to setup rsyslogd to receive log messages form router

Posted on 2014-12-22
12
323 Views
Last Modified: 2014-12-29
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
0
Comment
Question by:Jeff swicegood
  • 6
  • 5
12 Comments
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40516590
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40516996
Yes it does. And it populates the file withe the message.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517007
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517010
Shyis iptables running?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517020
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 40517047
Got it! Had to set remote logging to default action. Thank you!
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517048
Can you try to send syslog messages from another server(non router)?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517049
Great, cheers!
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517059
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517082
Or tmpwatch. If you don't need to retain them.
0
 
LVL 1

Expert Comment

by:Mahesh Y
ID: 40517360
Yes..Logrotate is the best one here.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 40521510
It was just that little element I found with the experts help.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now