VectorLinux
October 24, 2014, 10:53:25 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: How do I get syslog to listen to UDP port 514 to watch my router  (Read 8076 times)
msymmes
Member
*
Posts: 3


« on: October 03, 2011, 08:57:28 am »

First of all, I would like to say that Vector Linux 6 Light has been an incredible way to make use of my old Acer Ferrari 3200 Laptop.   The install process was very comprehensive and almost every device worked first shot.

So,  I have killed the syslogd service and restarted it with the '-r' option but I am not getting my router syslog messages.   I used to run WinXP with Wallwatcher and had that working.

Any help for a Linux newbie would be greatly appreciated.
Logged
hata_ph
Packager
Vectorian
****
Posts: 3258


-- Just being myself --


« Reply #1 on: October 03, 2011, 04:29:25 pm »

try this?Huh

http://harts.net/reece/2011/02/12/monitor-your-router-with-rsyslogd/
Logged
pierce.jason
Packager
Vectorite
****
Posts: 250



« Reply #2 on: October 03, 2011, 06:50:00 pm »

As root modify your /etc/rc.syslog file.

Change these two lines:
Code:
echo -n "/usr/sbin/syslogd "
/usr/sbin/syslogd

so that they will be:
Code:
echo -n "/usr/sbin/syslogd -r"
/usr/sbin/syslogd -r

Now syslogd on your Vector system is listening for remote connections. By default these will go into /var/log/messages. If you would like them in a separate file such as /var/log/route, you can add the next two lines to your /etc/syslog.conf file, substituting in the appropriate IP address of your router:
Code:
+192.168.1.1
*.* /var/log/router

At this point /var/log/router will be readable by anyone on your system, if this undesirable then be sure to chmod 640 or 600.
Logged

pierce.jason
Email: $(echo -e "moc\x2eliamg\x40nosaj.ecreip" | rev)
msymmes
Member
*
Posts: 3


« Reply #3 on: October 04, 2011, 07:49:39 am »


Thanks folks for your help!

I modified the syslogd startup config as suggested by adding the configuration lines at the very end of syslog.conf and I am now collecting messages from my router now but I do get the following during bootup of VL:

"syslogd: unknown facility name +192"

(my router IP is 192.168.1.1)

I also get other messages in /var/log/router such as stuff that also gets logged to /var/log/messages.

Did I place the lines in the wrong place in the file?

I will also try Rsyslogd for interest and learning.
Logged
pierce.jason
Packager
Vectorite
****
Posts: 250



« Reply #4 on: October 04, 2011, 12:35:58 pm »

I do get the following during bootup of VL:

"syslogd: unknown facility name +192"

(my router IP is 192.168.1.1)

I also get other messages in /var/log/router such as stuff that also gets logged to /var/log/messages.

Did I place the lines in the wrong place in the file?

No, it seems that our version of syslogd doesn't understand this syntax entirely. I'm guessing that we don't have the ability for per-host log files here. rsyslog or syslog-ng would probably have better features for remote logging.

If you find that rsyslog or syslog-ng (or some other system logger) works better as a daemon for accepting remote connections, please post back and let us known. It might be worthwhile to have a more feature-full logger available in the repos.
Logged

pierce.jason
Email: $(echo -e "moc\x2eliamg\x40nosaj.ecreip" | rev)
msymmes
Member
*
Posts: 3


« Reply #5 on: October 04, 2011, 12:43:26 pm »

Thanks for that update.   I will try to install one of the other loggers.  Don't quite know where to start because I don't know how to get and install packages yet.  The only so called add-on for me so far was the successful download, make, and make install of 'joe' - a Wordstar like programmers editor.  Smiley   Can you tell how old I must be?
Logged
pierce.jason
Packager
Vectorite
****
Posts: 250



« Reply #6 on: November 02, 2011, 08:27:46 pm »

I have made a preliminary (unofficial) syslog-ng package, but the syslog-ng.conf seems to need quite a bit of tweaking. It is far from production ready. I would appreciate your help in configuring and debugging the package though if you would be interested.
Logged

pierce.jason
Email: $(echo -e "moc\x2eliamg\x40nosaj.ecreip" | rev)
brig001
Member
*
Posts: 31


« Reply #7 on: March 02, 2012, 11:08:47 am »

In case anyone finds this (through google etc.) I have a partial solution.

As stated above, edit the lines in /etc/rc.d/rc.syslog to add the -r switches.

The lines
Code:
+192.168.1.1
*.* /var/log/router
should be added to the file /etc/syslog.conf not /etc/rc.d/rc.syslog as stated.
so mine looks like:
Code:
# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux.  Note the '-' prefixing some
# of these entries;  this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.

# 2012-02-25 Added for router
+192.168.16.1
        *.*;authpriv.none;cron.none;mail.none;news.none         -/var/log/router

# Uncomment this to see kernel messages on the console.
#kern.*                                                 /dev/console

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
*.info;*.!warn;\
        +192.168.16.1.none;authpriv.none;cron.none;mail.none;news.none  -/var/log/messages

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
*.warn;\
        +192.168.16.1.none;authpriv.none;cron.none;mail.none;news.none  -/var/log/syslog

# Debugging information is logged here.
*.=debug                                                -/var/log/debug

# Private authentication message logging:
authpriv.*                                              -/var/log/secure

# Cron related logs:
cron.*                                                  -/var/log/cron

# Mail related logs:
mail.*                                                  -/var/log/maillog

# Emergency level messages go to all users:
*.emerg;\
        +192.168.16.1.none                              *

# This log is for news and uucp errors:
uucp,news.crit                                          -/var/log/spooler

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit                                     -/var/log/news/news.crit
#news.=err                                      -/var/log/news/news.err
#news.notice                                    -/var/log/news/news.notice
and you will get router messages to the file /var/log/router

Unfortunately I get mail messages (from bincimap) and some system messages (USB and ReiserFS) messages in there too, but I'll keep trying to get rid of these.

Hope this is useful to someone,
Regards,
Brian.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!