The best place to *find* answers to programming/development questions, imo, however it's the *worst* place to *ask* questions (if your first question/comment doesn't get any up-rating/response, then u can't ask anymore questions--ridiculously unrealistic), but again, a great reference for *finding* answers.

My Music (Nickleus)

20120920

how to setup a syslog (rsyslog) server on an ubuntu machine to log d-link DIR-655 router logs

SETTING UP SYSLOG FOR ROUTER LOGS ON AN EXTERNAL SERVER

enable sending router syslogs to myserver (Tools > Syslog):
http://192.168.0.1/Tools/SysLog.shtml

put a checkmark next to Enable Logging To Syslog Server

Syslog Server IP Address is currently myserver: 192.168.0.19

// on the syslog server

install rsyslog:
sudo apt-get install rsyslog

edit the main rsyslog config file:
sudo nano -w /etc/rsyslog.conf
make sure the following lines are uncommented:
$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

in order to get dynamic log file naming to work, make sure these lines are commented out:
#$PrivDropToUser syslog
#$PrivDropToGroup syslog

before i figured out that last tip, dynamic file names using template was not working. if those 2 lines aren't commented out, then there becomes a permissions issue, and use of template won't work (see below)

edit the default rsyslog config file:
sudo nano -w /etc/rsyslog.d/50-default.conf

add the following lines at the very top:
$template DynFile,"/var/log/myrouter/%$year%%$month%%$day%.log"
:fromhost-ip, isequal, "192.168.0.1" ?DynFile
:fromhost-ip, isequal, "192.168.0.1" ~

192.168.0.1 is the router ip address

the bottom line means log nothing (~) after this line for any messages from host ip 192.168.0.1 (i.e. the logging rules specified after this line only apply to messages from the localhost)

then restart the rsyslog service:
sudo service rsyslog restart

you will shortly begin to see router log files appearing here:
/var/log/myrouter/

with filenames in the following format:
yyyymmdd.log

e.g.:
/var/log/myrouter/20120920.log
Posted by Nickleus at 08:58:00

7 comments:

  1. Steve Koch22 April 2013 at 01:10

    Great instructions, thank you!

    ReplyDelete
  2. Unknown26 September 2013 at 14:36

    Hi

    What if I want logs from more than one device?

    ReplyDelete
    Replies
    1. Unknown25 May 2014 at 13:02

      Just need to add
      $template DynFile,"/var/log/myrouter/%$year%%$month%%$day%.log"
      :fromhost-ip, isequal, "192.168.0.1" ?DynFile
      :fromhost-ip, isequal, "192.168.0.1" ~

      For different server configure the different ip address

      Delete
    2. KarthikG22 September 2014 at 10:31

      For More than one device use the config below

      $template DynFile,"/var/log/rsyslog/%HOSTNAME%/%$year%%$month%%$day%.log"

      if $fromhost-ip startswith 'x.x.x.x' then ?DynFile

      & ~

      if $fromhost-ip startswith 'x.x.x.x' then ?DynFile

      Delete
  3. Unknown25 May 2014 at 12:56

    It is really working............but need to give the command said MiaM 30 January 2013 17:51

    sudo chown syslog:adm /var/log/myrouter/

    ReplyDelete
  4. Unknown3 June 2014 at 00:25

    Kenneth, I think you can use this format to log multiple devices. I'm testing now...

    $template AnotherDynFile,"/var/log/myrouter/%$year%%$month%%$day%.log"
    :fromhost-ip, isequal, "192.168.1.1" ?AnotherDynFile
    :fromhost-ip, isequal, "192.168.1.1" ~

    ReplyDelete
  5. Kennybobs3 February 2015 at 18:41

    Excellent, thank you. The documentation for rsyslog is appalling.

    ReplyDelete

Subscribe to: Post Comments (Atom)