Difference between revisions of "Syslog"
Line 54: | Line 54: | ||
=== Billion === | === Billion === | ||
Please input your syslog Ubuntu box ip into 'Server IP Address' box. Then press apply. Router will restart. | |||
[[File:Billion-syslog.PNG|none|200px|thumb|left|Billion-syslog]] | |||
== Extract logs & email them == | == Extract logs & email them == |
Revision as of 16:58, 24 July 2013
Configure Ubuntu syslog-ng to receive logs form specific host
I wanted to log messages from Billion BiPac 7800GZ router and Netgear to a specific file on my local Ubuntu 13.04 box. Unfortunately the regular syslog daemon will not allow this. Syslog-ng is a replacement and will remove legacy syslog packages like klogd, sysklogd, rsyslog and ubuntu-minimal.
# sudo apt-get install syslog-ng
Then edit /etc/syslog-ng/syslog-ng.conf to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.
source s_net { udp (); };
Add filter for my Billion router host I use its ip 192.168.1.254
filter f_billion { host( "192.168.1.254" ); };
Add destination logging file
destination d_billion { file("/var/log/billion.log"); };
Put all rules together source (s_net); filter (f_billion); destination file (d_billion) into logging rule
log { source ( s_net ); filter( f_billion); destination ( d_billion); };
Restart syslog-ng
# sudo /etc/init.d/syslog-ng restart
Verify that syslog-ng demon is listening
# netstat -lu | grep syslog udp 0 0 *:syslog *:* # netstat -ln | grep :514 udp 0 0 0.0.0.0:514 0.0.0.0:*
Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng to make sure our new logfile gets rolled. This entry below has to go in before the last one which restarts the syslog-ng daemon.
/var/log/billion.log { rotate 7 weekly missingok notifempty compress }
Sending Netgear & Billion syslog messages to external host
Netgear
Navigate to web interface (default ip: 192.168.0.1) > Logs > Syslog section choose: Send to this Syslog server IP address [192.168.1.250] > apply
!Note: in this example our Ubuntu box is configured with static ip address 192.168.0.250
Billion
Please input your syslog Ubuntu box ip into 'Server IP Address' box. Then press apply. Router will restart.
Extract logs & email them
Below just for information are the orginal /var/log/billion.log* permissions
ll billion.log* -rw-r----- 1 root adm 79768 Jul 22 13:06 billion.log -rw-r----- 1 root adm 53096 Jul 21 07:51 billion.log.1.gz -rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz
Issue commands below to copy logs on your desktop then add read & write permission to be able to attach to an email
sudo cp /var/log/billion.log* ~/Desktop sudo chmod a+rw billion.log*