LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-22-2004, 04:18 AM   #1
ec3042
LQ Newbie
 
Registered: Feb 2004
Posts: 13

Rep: Reputation: 0
Can't get syslog to record messages from my router


Hi there, bit of a newbie question probably so sorry, but here goes.

I've got a Netgear DG834 router, and I want its log messages to be logged by my Fedora box. So at the router end, I've set it to send syslog messages to the IP address of my linux box, nothing too difficult there.

In /etc/init.d, I've made sure that SYSLOGD_OPTIONS is set to '-r -m 0' (I assume this is correct?)

I haven't changed the default /etc/syslog.conf file (Do I need to?)

Don't get any of the messages logged in any of the log files.

Even if I can get this first stage to work, I assume the router logs would get logged in /var/log/messages under the default syslog.conf, I suppose a second question would be how do I get messages from the router to be logged under a separate router.log file?

Many, many thanks in advance for any help!

Spencer
 
Old 02-22-2004, 05:36 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405
Sending machine:

Don't know how you send the syslog messages to the receiving machine. If this modem has a syslog facility make sure that the following line is present:

*.* @<host> => where <host> is the name of the receiving machine. All messages (*.*) are send to <host>.
Do not forget to restart syslogd on the sending machine.

Receiving machine:
The SYSLOGD_OPTIONS should be: -r -s <domain>

The -m 0 can be included, this has nothing to do with this problem so I'm not going to mention this option any more.
Restart syslogd on the receiving machine.

For more detailed info take a look at:
man syslogd
man syslog.conf


The messages comming from the sending machine will have it's hostname in front of the message:

Feb 22 12:14:54 exile kernel: Kernel log daemon terminating.
Feb 22 12:14:55 exile exiting on signal 15
Feb 22 12:14:55 exile syslogd 1.4.1: restart (remote reception).
Feb 22 12:15:24 inferno root: testing

The sending machine is inferno.nemesis.nl (<host> would be exile)
Receiving machine is exile.nemesis.nl (<domain> nemesis.nl)
The messages file on exile shows the testmessage from inferno.

Hope this gets you going again.

Last edited by druuna; 02-22-2004 at 05:38 AM.
 
Old 02-24-2004, 05:07 AM   #3
ec3042
LQ Newbie
 
Registered: Feb 2004
Posts: 13

Original Poster
Rep: Reputation: 0
Question

Hmm, no this still doesn't work.

I've checked with Ethereal that the packet from the router is definitely arriving at the linux box, so its not at the router end. It's just that syslog is not recording any of the messages....

Any other ideas highly appreciated! Thx in advance
 
Old 02-24-2004, 12:10 PM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405Reputation: 2405
First thing that comes to mind: Is a 'rule' present in syslog.conf (receiving side) that sends all messages to a logfile?
Something like: *.* -/var/log/allmessages.

Another thing I was wondering about: Is your router actually sending the messages in a format that syslog (receiving side) understands? I.e. Is the router logging facility actually done by syslog, or some other program. Ethereal can help you here.

What does the received packet look like. Is it a UDP packet, source and destination port 514? Any followup error messages. An ICMP destination unreachable is what I get when the receiving side is not accepting foreign syslog messages (no -r -s <domain>).

I can also see the Facility and Level of the syslog message received, are yours correct?
If you wonder which are correct: see man syslog.conf

When all is working, you should only see the test message you are sending. Can you use logger (or a simular log test facility) on your router?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dnsmasq. syslog and console messages kevmccor Slackware 2 11-13-2005 06:46 AM
Syslog messages... stevemad Slackware 4 10-15-2005 03:45 PM
syslog messages on SLES9 console MrHPUX Linux - Software 0 10-13-2005 01:44 PM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM
SYSLOG not writing messages from my firewall. adamrau Linux - Security 15 01-10-2002 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration