Difference between revisions of "Syslog"

From Ever changing code
Jump to navigation Jump to search
Line 55: Line 55:


wip ...
wip ...
== Extract logs & email them ==
Below just for information are the orginal /var/log/billion.log* permissions
ll billion.log*
-rw-r----- 1 root adm 79768 Jul 22 13:06 billion.log
-rw-r----- 1 root adm 53096 Jul 21 07:51 billion.log.1.gz
-rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz
Issue commands below to copy logs on your desktop then add read & write permission to be able to attach to an email
sudo cp /var/log/billion.log* ~/Desktop
sudo chmod a+rw billion.log*

Revision as of 13:08, 22 July 2013

Configure Ubuntu syslog-ng to receive logs form specific host

I wanted to log messages from Billion BiPac 7800GZ router and Netgear to a specific file on my local Ubuntu 13.04 box. Unfortunately the regular syslog daemon will not allow this. Syslog-ng is a replacement and will remove legacy syslog packages like klogd, sysklogd, rsyslog and ubuntu-minimal.

# sudo apt-get install syslog-ng

Then edit /etc/syslog-ng/syslog-ng.conf to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.

source s_net { udp (); };

Add filter for my Billion router host I use its ip 192.168.1.254

filter f_billion { host( "192.168.1.254" ); };

Add destination logging file

destination d_billion { file("/var/log/billion.log"); };

Put all rules together source (s_net); filter (f_billion); destination file (d_billion) into logging rule

log { source ( s_net ); filter( f_billion); destination ( d_billion); };

Restart syslog-ng

# sudo /etc/init.d/syslog-ng restart

Verify that syslog-ng demon is listening

# netstat -lu | grep syslog
udp        0      0 *:syslog                *:*
# netstat -ln | grep :514
udp        0      0 0.0.0.0:514             0.0.0.0:*

Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng to make sure our new logfile gets rolled. This entry below has to go in before the last one which restarts the syslog-ng daemon.

/var/log/billion.log {
   rotate 7
   weekly
   missingok
   notifempty
   compress
}

Sending Netgear & Billion syslog messages to external host

Netgear

Navigate to web interface (default ip: 192.168.0.1) > Logs > Syslog section choose: Send to this Syslog server IP address [192.168.1.250] > apply

!Note: in this example our Ubuntu box is configured with static ip address 192.168.0.250

Netgear router MBRN3000


Billion

wip ...

Extract logs & email them

Below just for information are the orginal /var/log/billion.log* permissions

ll billion.log*
-rw-r----- 1 root adm 79768 Jul 22 13:06 billion.log
-rw-r----- 1 root adm 53096 Jul 21 07:51 billion.log.1.gz
-rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz

Issue commands below to copy logs on your desktop then add read & write permission to be able to attach to an email

sudo cp /var/log/billion.log* ~/Desktop
sudo chmod a+rw billion.log*