Jeff swicegood
asked on
How to setup rsyslogd to receive log messages form router
I just want to log messages from my router to my Ubuntu 14.04 (server). I am a little stuck however. Here is what I have done:
I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.
I have set my router up to log to my server, 192.168.0.142 with the facility local4.
I have added th line:
local4.* /var/log/mikrotik_router.l og
to /etc/rsyslog.d/50-default. conf
I have done sudo service rsyslog restart
And verified with sudo netstat -nulp |grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 5226/rsyslogd
udp6 0 0 :::514 :::* 5226/rsyslogd
But rsyslog does not even create the log file.
I have tried cd /var && sudo chown syslog:syslog log
I have uncommented the lines in /ect/rsyslog.conf to allow listening on UDP 514. My router only supports UDP remote syslogging.
I have set my router up to log to my server, 192.168.0.142 with the facility local4.
I have added th line:
local4.* /var/log/mikrotik_router.l
to /etc/rsyslog.d/50-default.
I have done sudo service rsyslog restart
And verified with sudo netstat -nulp |grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 5226/rsyslogd
udp6 0 0 :::514 :::* 5226/rsyslogd
But rsyslog does not even create the log file.
I have tried cd /var && sudo chown syslog:syslog log
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Shyis iptables running?
ASKER
[badmin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid, * - default
# TOPICS ACTION PREFIX
0 * info memory
1 * error memory
2 * warning memory
3 * critical echo
4 critical remote
info
error
warning
[badmin@MikroTik] /system logging> action
add comment edit export find print remove set
[badmin@MikroTik] /system logging> action print
Flags: * - default
# NAME TARGET REMOTE
0 * memory memory
1 * disk disk
2 * echo echo
3 * remote remote 192.168.0.142
4 rsyslog remote 192.168.0.142
[badmin@MikroTik] /system logging
Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
Flags: X - disabled, I - invalid, * - default
# TOPICS ACTION PREFIX
0 * info memory
1 * error memory
2 * warning memory
3 * critical echo
4 critical remote
info
error
warning
[badmin@MikroTik] /system logging> action
add comment edit export find print remove set
[badmin@MikroTik] /system logging> action print
Flags: * - default
# NAME TARGET REMOTE
0 * memory memory
1 * disk disk
2 * echo echo
3 * remote remote 192.168.0.142
4 rsyslog remote 192.168.0.142
[badmin@MikroTik] /system logging
Iptables is not running on the server, but I do have quite a few ferwall rules on the router.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you try to send syslog messages from another server(non router)?
Great, cheers!
ASKER
But its growing very fast--5k per minute. What's the best way to handle this, logrotate?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes..Logrotate is the best one here.
ASKER
It was just that little element I found with the experts help.
ASKER