Link to home
Start Free TrialLog in
Avatar of Jeff swicegood
Jeff swicegood

asked on

How to setup rsyslogd to receive log messages form router

I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
SOLUTION
Avatar of Mazdajai
Mazdajai
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jeff swicegood
Jeff swicegood

ASKER

Yes it does. And it populates the file withe the message.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Shyis iptables running?
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Can you try to send syslog messages from another server(non router)?
Great, cheers!
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes..Logrotate is the best one here.
It was just that little element I found with the experts help.