ClearOS Feature Request
View External Syslog Sources in Log Viewer
I am able to manually add an external Syslog source to ClearOS v7 using the following process:
1) Edit /etc/rsyslog.conf:
In the "###MODULES###" section, enable UDP and TCP syslog reception by uncommenting the lines as follows:
2) Create a RULES file in the /etc/rsyslog.d to capture results and write them to a file. In this example, I am capturing the logs for a Wireless Access Point at 192.168.1.99:
File Contents:
3) Create a logrotate configuration to keep the file from getting too big:
File Contents:
4) Restart rsyslog service:
Using these steps, I was able to see logs flow into the log file in real time using tail:
I can also see the file listed in the ClearOS Log Viewer's list of available files.
I'd like to request that this process be automated and wrapped in a GUI on the website. The GUI would accept a source IP address or source name (at minimum) and would create a rotated log file for each source. It would be even cooler if it were possible to add more advanced rsyslog filters in addition.
NOTE: Updated based on feedback from Tony Ellis to work with both v6 and v7.
1) Edit /etc/rsyslog.conf:
vi /etc/rsyslog.conf
In the "###MODULES###" section, enable UDP and TCP syslog reception by uncommenting the lines as follows:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
2) Create a RULES file in the /etc/rsyslog.d to capture results and write them to a file. In this example, I am capturing the logs for a Wireless Access Point at 192.168.1.99:
vi /etc/rsyslog.d/DLinkRouter.conf
File Contents:
if $fromhost-ip == '192.168.1.99' then /var/log/DLinkRouter.log
3) Create a logrotate configuration to keep the file from getting too big:
vi /etc/logrotate.d/DLinkRouter
File Contents:
/var/log/DLinkRouter.log
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
4) Restart rsyslog service:
service rsyslog restart
Using these steps, I was able to see logs flow into the log file in real time using tail:
tail -n50 -f /var/log/DLinkRouter.log
I can also see the file listed in the ClearOS Log Viewer's list of available files.
I'd like to request that this process be automated and wrapped in a GUI on the website. The GUI would accept a source IP address or source name (at minimum) and would create a rotated log file for each source. It would be even cooler if it were possible to add more advanced rsyslog filters in addition.
NOTE: Updated based on feedback from Tony Ellis to work with both v6 and v7.
In Log Viewer
Share this post:
Responses (2)
-
Accepted Answer
-
Accepted Answer
Useful info there Vince...
A couple of nits for ClearOS 7.x, but crucial for ClearOS 6.x...
1) Quoting from the rsyslog doc at http://www.rsyslog.com/doc/master/configuration/filters.html (page down to the Expression-Based Filters section)
Expression based filters are indicated by the keyword “if” in column 1 of a new line. They have this format:
if expr then action-part-of-selector-line
“if” and “then” are fixed keywords that must
Should be "if" - i.e. all lower case - NOT "If" with an Uppercase "I" as you provided. "If" works on ClearOS 7.x - but errors on ClearOS 6.x - Best to follow the doc exactly so it works on both platforms...
2) The ip address should be in single quotes as in the examples (just below the section quoted above. Double quotes works in ClearOS 7.x, but again on ClearOS 6.x will give this error...
the last error occured in /etc/rsyslog.d/TPLinkADSL.conf, line 1:"if $fromhost-ip == "192.168.4.1" then /var/log/TPLinkADSL.log"
Tony http://www.sraellis.tk
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »