Solved

How to setup rsyslogd to receive log messages form router

Posted on 2014-12-22
12
334 Views
Last Modified: 2014-12-29
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
0
Comment
Question by:Jeff swicegood
  • 6
  • 5
12 Comments
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40516590
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40516996
Yes it does. And it populates the file withe the message.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517007
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517010
Shyis iptables running?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517020
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 40517047
Got it! Had to set remote logging to default action. Thank you!
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517048
Can you try to send syslog messages from another server(non router)?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517049
Great, cheers!
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517059
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 500 total points
ID: 40517082
Or tmpwatch. If you don't need to retain them.
0
 
LVL 1

Expert Comment

by:Mahesh Y
ID: 40517360
Yes..Logrotate is the best one here.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 40521510
It was just that little element I found with the experts help.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Coding C# in Linux 8 119
what do I need to host my own web sites? 13 50
HOw To Install Docker on VMware Workstation 19 143
RHEL installation problems on HP Proliant DL 360 G6 server 20 54
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question