LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Can't get syslog to record messages from my router (http://www.linuxquestions.org/questions/linux-networking-3/can%27t-get-syslog-to-record-messages-from-my-router-149064/)

ec3042 02-22-2004 05:18 AM

Can't get syslog to record messages from my router
 
Hi there, bit of a newbie question probably so sorry, but here goes.

I've got a Netgear DG834 router, and I want its log messages to be logged by my Fedora box. So at the router end, I've set it to send syslog messages to the IP address of my linux box, nothing too difficult there.

In /etc/init.d, I've made sure that SYSLOGD_OPTIONS is set to '-r -m 0' (I assume this is correct?)

I haven't changed the default /etc/syslog.conf file (Do I need to?)

Don't get any of the messages logged in any of the log files.

Even if I can get this first stage to work, I assume the router logs would get logged in /var/log/messages under the default syslog.conf, I suppose a second question would be how do I get messages from the router to be logged under a separate router.log file?

Many, many thanks in advance for any help!

Spencer

druuna 02-22-2004 06:36 AM

Sending machine:

Don't know how you send the syslog messages to the receiving machine. If this modem has a syslog facility make sure that the following line is present:

*.* @<host> => where <host> is the name of the receiving machine. All messages (*.*) are send to <host>.
Do not forget to restart syslogd on the sending machine.

Receiving machine:
The SYSLOGD_OPTIONS should be: -r -s <domain>

The -m 0 can be included, this has nothing to do with this problem so I'm not going to mention this option any more.
Restart syslogd on the receiving machine.

For more detailed info take a look at:
man syslogd
man syslog.conf


The messages comming from the sending machine will have it's hostname in front of the message:

Feb 22 12:14:54 exile kernel: Kernel log daemon terminating.
Feb 22 12:14:55 exile exiting on signal 15
Feb 22 12:14:55 exile syslogd 1.4.1: restart (remote reception).
Feb 22 12:15:24 inferno root: testing

The sending machine is inferno.nemesis.nl (<host> would be exile)
Receiving machine is exile.nemesis.nl (<domain> nemesis.nl)
The messages file on exile shows the testmessage from inferno.

Hope this gets you going again.

ec3042 02-24-2004 06:07 AM

Hmm, no this still doesn't work.

I've checked with Ethereal that the packet from the router is definitely arriving at the linux box, so its not at the router end. It's just that syslog is not recording any of the messages....

Any other ideas highly appreciated! Thx in advance

druuna 02-24-2004 01:10 PM

First thing that comes to mind: Is a 'rule' present in syslog.conf (receiving side) that sends all messages to a logfile?
Something like: *.* -/var/log/allmessages.

Another thing I was wondering about: Is your router actually sending the messages in a format that syslog (receiving side) understands? I.e. Is the router logging facility actually done by syslog, or some other program. Ethereal can help you here.

What does the received packet look like. Is it a UDP packet, source and destination port 514? Any followup error messages. An ICMP destination unreachable is what I get when the receiving side is not accepting foreign syslog messages (no -r -s <domain>).

I can also see the Facility and Level of the syslog message received, are yours correct?
If you wonder which are correct: see man syslog.conf

When all is working, you should only see the test message you are sending. Can you use logger (or a simular log test facility) on your router?


All times are GMT -5. The time now is 01:41 AM.