Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| docs:guide-user:troubleshooting:log.essentials [2018/03/04 02:21] – [Network Logging] add notes on networking logging guifipedro | docs:guide-user:base-system:log.essentials [2024/07/27 17:26] (current) – [Local file logging] stokito | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== |
| + | {{section> | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | In Unix it is common to use centralized | + | The OpenWrt system logging facility |
| + | The standard | ||
| + | This is implemented as a [[wp> | ||
| + | The ring buffer records can be read using '' | ||
| - | While many normal distributions use Syslog (with its '' | + | <code bash> |
| + | # List syslog | ||
| + | logread | ||
| + | |||
| + | # Write a message | ||
| + | logger -t TAG MESSAGE | ||
| + | |||
| + | # List syslog filtered by tag | ||
| + | logread -e TAG | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | Usage: logger [OPTIONS] [MESSAGE] | ||
| + | |||
| + | Write MESSAGE | ||
| + | |||
| + | -s Log to stderr as well as the system log | ||
| + | -t TAG Log using the specified tag (defaults to user name) | ||
| + | -p PRIO Priority | ||
| + | </ | ||
| + | |||
| + | Examples of using priority and tag values: | ||
| + | <code bash> | ||
| + | logger " | ||
| + | logger -p notice -t example_tag " | ||
| + | logger -p err -t example_tag " | ||
| + | # Fri May 8 00:23:26 2020 user.notice root: example | ||
| + | # Fri May 8 00:23:31 2020 user.notice example_tag: | ||
| + | # Fri May 8 00:23:40 2020 user.err example_tag: | ||
| + | </ | ||
| ===== Messages format ===== | ===== Messages format ===== | ||
| - | An example | + | The message |
| + | Roughly it can be viewed as: | ||
| + | |||
| < | < | ||
| - | Feb 28 23: | + | <time stamp> <router |
| </ | </ | ||
| - | The format includes date, hostname, facility & severity (both defined in [[http:// | ||
| - | For some common OpenWrt messages | + | The logging message facility and priority are roughly equivalent to syslog implementations (see linux ''/ |
| + | The local ' | ||
| + | Logging to a remote socket puts a numeric value before the time stamp. | ||
| - | ===== ubox ===== | + | For some common |
| - | As said earlier, | + | FIXME - the log.messages reference is way out of date but a useful placeholder. |
| - | - '' | + | |
| - | - '' | + | |
| - | ===== BusyBox | + | ===== logd ===== |
| - | So far the vanilla firmwares offered on OpenWrt utilize the '' | + | '' |
| + | It listens on ''/ | ||
| + | It's configured | ||
| - | ^ Name ^ | + | <code bash> |
| - | | busybox klogd | 242620 | Kernel logger | + | service log restart |
| - | | busybox syslogd | + | service system restart |
| + | </ | ||
| - | < | + | to read in the new configuration and restart the service. |
| - | | + | |
| - | klogd [-c n] [-n] | + | |
| - | | + | There are three basic destinations for log messages: the RAM ring buffer (the default), a local persistent file, a remote destination listening for messages on a TCP or UDP port. |
| - | -c n Sets the default log level of console | + | The full set of '' |
| - | -n Run as a foreground process | + | [[docs: |
| + | |||
| + | Additionally it sends log messsages to UBUS and you can listen them with '' | ||
| + | |||
| + | |||
| + | ==== logread ==== | ||
| + | This is the default | ||
| + | |||
| + | It is a local executable in ''/ | ||
| + | |||
| + | To show all log messages that contains a specific text (like a daemon name) and follow (like in '' | ||
| + | <code bash> | ||
| + | logread -fe firewall | ||
| </ | </ | ||
| + | Options: | ||
| < | < | ||
| - | syslogd | + | -s < |
| - | | + | -l < |
| - | | + | -e < |
| - | | + | -r < |
| - | -n Run in foreground | + | -F < |
| - | -O FILE Log to given file (default:/ | + | -S < |
| - | -l n Set local log level | + | -p < |
| - | -S Smaller logging output | + | -h < |
| - | -s SIZE Max size (KB) before rotate (default: | + | -P < |
| - | -b NUM Number of rotated logs to keep (default:1, max=99, | + | -z < |
| - | -R HOST[: | + | -Z < |
| - | -L Log locally and via network (default is network only if -R) | + | -f Follow log messages |
| - | -D Drop duplicates | + | -u Use UDP as the protocol |
| - | -C[size(KiB)] | + | -t Add an extra timestamp |
| + | -0 Use \0 instead of \n as trailer when using TCP | ||
| </ | </ | ||
| - | The " | + | The '' |
| - | you probably have syslogd running | + | It's used internally by the '' |
| - | '' | + | Please note that if you install the [[: |
| - | 16KB is a busybox default value. To change it, set '' | ||
| - | Who logs? The syslogd acts as the server and any program can act as the client and send log messages to it. For example '' | ||
| - | Any program can act as the client and the syslogd acts as the server. Communication is prone to the //syslog communications protocol//. | + | ==== Local file logging ==== |
| + | In order to log to a local file on the router, one needs to set the following options: | ||
| + | <code bash> | ||
| + | config system | ||
| + | ... | ||
| + | | ||
| + | | ||
| + | </ | ||
| - | ==== Output ==== | + | The '' |
| - | Syslogd writes the log messages it receives into a file or into the RAM ringbuffer (option '' | + | ==== Network logging ==== |
| + | In order to log remotely one needs to set the following options in ''/ | ||
| - | ==== Aufbau einer Syslog-Meldung (max 1024 bytes) ==== | + | <code bash> |
| - | === The Header (?? Byte)=== | + | config system |
| - | The header contains a [[wp>timestamp]] and a hostname (max 64 Byte) or an ip address. | + | ... |
| + | | ||
| + | | ||
| + | | ||
| + | </ | ||
| - | The timestamp is set by the receiver of the log-message, the syslogd, not by the sender | + | For the destination port, if you'll be manually reading |
| - | The hostname or the ip address belong | + | |
| - | ====== logd and logread ====== | + | Additionally, |
| - | In Chaos Calmer 15.01, | + | <code bash> |
| + | config rule | ||
| + | option target | ||
| + | option dest 'lan' | ||
| + | option proto 'tcp udp' | ||
| + | option dest_port | ||
| + | option name ' | ||
| + | </ | ||
| - | If you want to test the logging out, just run a command like | + | and then reload |
| - | '' | + | For the LAN-side station/ |
| + | One of the simplest is ncat: | ||
| - | And it should appear in memory (run '' | + | <code bash> |
| + | # TCP | ||
| + | ncat -4 -l 5555 | ||
| - | Both of these (logd and logread) are started, stopped and restarted from /etc/init.d/log and are configured from / | + | # Read UDP logs with ncat or python3 |
| + | ncat -u -4 -l 5555 | ||
| + | python3 -c " | ||
| + | s = socket.socket(socket.AF_INET, | ||
| + | s.bind((' | ||
| + | while True: | ||
| + | | ||
| + | </code> | ||
| - | ==== File Logging ===== | + | Log messages are in [[https:// |
| + | The above netcat method will therefore yield somewhat messy output. The python log reader above will most of the time get the line breaks into the right spots. A cleaner solution is to send messages to a remote machine' | ||
| + | See [[https:// | ||
| - | Note that if you are file logging locally [[https:// | + | The advantage |
| + | The disadvantage | ||
| + | There is a section on iptable event logging which can cause a noticable latency in traffic throughput using TCP socket logging. | ||
| - | config system | + | ===== Test runtime |
| - | option hostname ' | + | If you want to test the logging out, just run a command like |
| - | option zonename ' | + | |
| - | option timezone ' | + | |
| - | option conloglevel ' | + | |
| - | option cronloglevel ' | + | |
| - | option log_file '/mnt/logging/ | + | |
| - | | + | |
| - | option log_size 100000 | + | |
| - | option log_buffer_size 2048 | + | |
| - | option log_remote ' | + | |
| - | ==== Network Logging ==== | + | < |
| - | config system | + | and it should be written to the configured destination. |
| - | (...) | + | If an event is not logged, check: |
| - | | + | |
| - | more log_* options https://openwrt.org/docs/guide-user/base-system/system_configuration | + | * '' |
| + | * '' | ||
| + | * restart it using '' | ||
| - | general guide http://bredsaal.dk/debian-rsyslog-server-with-openwrt-rsyslog-client | + | ===== Logrotate ===== |
| + | To automatically manage large collections of daily, weekly, or monthly logs, you may want to use [[packages:pkgdata: | ||
| + | Here's an example that rotates a persistent log on a USB storage each night keeping it for 1 week. | ||
| + | |||
| + | <code bash> | ||
| + | # Install packages | ||
| + | opkg update | ||
| + | opkg install logrotate | ||
| + | |||
| + | # Configure logging | ||
| + | uci set system.@system[0].log_file=" | ||
| + | uci set system.@system[0].log_remote=" | ||
| + | uci commit system | ||
| + | service system restart | ||
| + | |||
| + | # Configure logrotate | ||
| + | cat << " | ||
| + | include / | ||
| + | / | ||
| + | daily | ||
| + | rotate 1 | ||
| + | missingok | ||
| + | notifempty | ||
| + | postrotate | ||
| + | service log restart | ||
| + | sleep 1 | ||
| + | logger | ||
| + | endscript | ||
| + | } | ||
| + | EOF | ||
| + | |||
| + | # Configure cron | ||
| + | cat << " | ||
| + | 58 23 * * * logrotate / | ||
| + | EOF | ||
| + | service cron restart | ||
| + | |||
| + | # Debugging | ||
| + | logrotate | ||
| + | </ | ||
| - | note: I recommend adding this line in / | + | ===== Alternative implementations ===== |
| + | The logging mechanism discussed here uses '' | ||
| + | There are other packages that provide the same functionality: | ||
| - | # separate log files by host name of sending device | + | * [[: |
| - | # src http:// | + | * [[: |
| - | $template DynaFile,"/ | + | |
| - | *.* -?DynaFile | + | |
| - | ==== RAM Logging ==== | ||
| - | TODO | ||