Difference between revisions of "Syslog"
| Line 76: | Line 76: | ||
-rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz | -rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz | ||
Issue commands below to copy logs on your desktop then add read | Issue commands below to copy logs on your desktop then add read permission to be able to attach to an email | ||
sudo cp /var/log/billion.log* ~/Desktop | sudo cp /var/log/billion.log* ~/Desktop | ||
sudo chmod a+ | sudo chmod a+r billion.log* | ||
[[Category:All]] | [[Category:All]] | ||
Revision as of 13:47, 3 August 2013
Configure Ubuntu syslog-ng to receive logs form specific host
I wanted to log messages from Billion BiPac 7800GZ router and Netgear to a specific file on my local Ubuntu 13.04 box. Unfortunately the regular syslog daemon will not allow this. Syslog-ng is a replacement and will remove legacy syslog packages like klogd, sysklogd, rsyslog and ubuntu-minimal.
# sudo apt-get install syslog-ng
Then edit /etc/syslog-ng/syslog-ng.conf to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.
source s_net { udp (); };
Add filter for my Billion router host I use its ip 192.168.1.254
filter f_billion { host( "192.168.1.254" ); };
Add destination logging file
destination d_billion { file("/var/log/billion.log"); };
Put all rules together source (s_net); filter (f_billion); destination file (d_billion) into logging rule
log { source ( s_net ); filter( f_billion); destination ( d_billion); };
Restart syslog-ng
# sudo /etc/init.d/syslog-ng restart
Verify that syslog-ng demon is listening
# netstat -lu | grep syslog udp 0 0 *:syslog *:* # netstat -ln | grep :514 udp 0 0 0.0.0.0:514 0.0.0.0:*
Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng to make sure our new logfile gets rolled. This entry below has to go in before the last one which restarts the syslog-ng daemon.
/var/log/billion.log {
rotate 7
weekly
missingok
notifempty
compress
}
Sending Netgear & Billion syslog messages to external host
Netgear
Navigate to web interface (default ip: 192.168.0.1) > Logs > Syslog section choose: Send to this Syslog server IP address [192.168.1.250] > apply
!Note: in this example our Ubuntu box is configured with static ip address 192.168.0.250
Billion
Please input your syslog Ubuntu box ip into 'Server IP Address' box. Then press apply. Router will restart.
Cradlepoint
Please navigate to System Settings -> System Logging tab > tick Enable Logging to a Syslog Server, input syslog server IP address (here: 192.168.0.250), press Apply. Router will not restart.
- Enable SNMP
Navigate to System Settings / SNMP Configuration -> tick: Enable SNMP, Enable SNMP on LAN, select SNMP v2, input 'public' at Get community string and at Set community string. Fill Contact details and press Apply. Router will not restart. Note! 'public' string is default snmpd string configured on Ubuntu box. I have not tested with different string.
Extract logs & email them
Below just for information are the orginal /var/log/billion.log* permissions
ll billion.log* -rw-r----- 1 root adm 79768 Jul 22 13:06 billion.log -rw-r----- 1 root adm 53096 Jul 21 07:51 billion.log.1.gz -rw-r----- 1 root adm 44947 Jul 14 07:19 billion.log.2.gz
Issue commands below to copy logs on your desktop then add read permission to be able to attach to an email
sudo cp /var/log/billion.log* ~/Desktop sudo chmod a+r billion.log*