Syslog
Configure Ubuntu syslog-ng to receive logs form specific host
I wanted to log messages from Billion BiPac 7800GZ router and Netgear to a specific file on my local Ubuntu 13.04 box. Unfortunately the regular syslog daemon will not allow this. Syslog-ng is a replacement and will remove legacy syslog packages like klogd, sysklogd, rsyslog and ubuntu-minimal.
# sudo apt-get install syslog-ng
Then edit /etc/syslog-ng/syslog-ng.conf to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.
source s_net { udp (); };
Add filter for my Billion router host I use its ip 192.168.1.254
filter f_billion { host( "192.168.1.254" ); };
Add destination logging file
destination d_billion { file("/var/log/billion.log"); };
Put all rules together source (s_net); filter (f_billion); destination file (d_billion) into logging rule
log { source ( s_net ); filter( f_billion); destination ( d_billion); };
Restart syslog-ng
# sudo /etc/init.d/syslog-ng restart
Verify that syslog-ng demon is listening
# netstat -lu | grep syslog udp 0 0 *:syslog *:* # netstat -ln | grep :514 udp 0 0 0.0.0.0:514 0.0.0.0:*
Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng to make sure our new logfile gets rolled. This entry below has to go in before the last one which restarts the syslog-ng daemon.
/var/log/billion.log { rotate 7 weekly missingok notifempty compress }
Sending Netgear & Billion syslog messages to external host
Netgear
Navigate to web interface (default ip: 192.168.0.1) > Logs > Syslog section choose: Send to this Syslog server IP address [192.168.1.250] > apply
!Note: in this example our Ubuntu box is configured with static ip address 192.168.0.250
Billion
wip ...