Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to setup rsyslogd to receive log messages form router

Posted on 2014-12-22
12
Medium Priority
?
459 Views
Last Modified: 2014-12-29
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:

I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.

I have set my router up to log to my server, 192.168.0.142 with the facility local4.

I have added th line:
local4.*         /var/log/mikrotik_router.log
to  /etc/rsyslog.d/50-default.conf

I have done sudo service rsyslog restart

And verified with sudo netstat -nulp |grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5226/rsyslogd  
udp6       0      0 :::514                  :::*                                5226/rsyslogd

But rsyslog does not even create the log file.

I have tried cd /var && sudo chown syslog:syslog log
0
Comment
Question by:Jeff swicegood
  • 6
  • 5
12 Comments
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40516590
Does it create the file if you test it locally on the server?

logger -p local4.info " This is a info message from local 4"

Open in new window

0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40516996
Yes it does. And it populates the file withe the message.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40517007
That's mean rsyslog is working. Can you provide the conf line for syslog  in the router?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517010
Shyis iptables running?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517020
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
 #    TOPICS                          ACTION                         PREFIX    
 0  * info                            memory                                  
 1  * error                           memory                                  
 2  * warning                         memory                                  
 3  * critical                        echo                                    
 4    critical                        remote                                  
      info                          
      error                          
      warning                        
[badmin@MikroTik] /system logging> action
add  comment  edit  export  find  print  remove  set
[badmin@MikroTik] /system logging> action print
Flags: * - default
 #   NAME             TARGET REMOTE                                            
 0 * memory           memory
 1 * disk             disk  
 2 * echo             echo  
 3 * remote           remote 192.168.0.142                                    
 4   rsyslog          remote 192.168.0.142                                    
[badmin@MikroTik] /system logging


Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 40517047
Got it! Had to set remote logging to default action. Thank you!
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517048
Can you try to send syslog messages from another server(non router)?
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 40517049
Great, cheers!
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 40517059
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 2000 total points
ID: 40517082
Or tmpwatch. If you don't need to retain them.
0
 
LVL 1

Expert Comment

by:Mahesh Y
ID: 40517360
Yes..Logrotate is the best one here.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 40521510
It was just that little element I found with the experts help.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month13 days, 6 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question