Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:base-system:log.essentials [2022/10/28 04:11] – [rsyslog and Logz.io] vgaeteradocs:guide-user:base-system:log.essentials [2024/06/02 06:30] – [logread] stokito
Line 55: Line 55:
  
 ===== logd ===== ===== logd =====
-''logd'' is configured in ''/etc/config/system''. After changing the file, run +''logd'' is a default OpenWrt logging daemon provided by [[https://github.com/openwrt/ubox|ubox]] package. 
 +It also listens for ''/dev/log'' and records syslog messages. 
 +It'configured in ''/etc/config/system''. After changing the file, run 
  
-<code> +<code bash
-/etc/init.d/log restart +service log restart 
-/etc/init.d/system restart+service system restart
 </code> </code>
  
Line 70: Line 72:
  
 ==== logread ==== ==== logread ====
-This is the default interface and the simplest+This is the default interface to read log messages. It's provided by the [[https://github.com/openwrt/ubox|ubox]] package. 
-It is a local executable that will read the ring buffer records and display them chronologically.+ 
 +It is a local executable in ''/sbin/logread'' that will read the ring buffer records and display them chronologically. 
 + 
 +To show all log messages that contains a specific text (like a daemon name) and follow (like in ''tail -f'') use: 
 +<code bash> 
 +logread -fe firewall 
 +</code> 
 + 
 +Options: 
 +<code> 
 +-s <path> Path to ubus socket 
 +-l <count> Got only the last 'count' messages 
 +-e <pattern> Filter messages with a regexp 
 +-r <server> <port> Stream message to a server 
 +-F <file> Log file 
 +-S <bytes> Log size 
 +-p <file> PID file 
 +-h <hostname> Add hostname to the message 
 +-P <prefix> Prefix custom text to streamed messages 
 +-z <facility> handle only messages with given facility (0-23), repeatable 
 +-Z <facility> ignore messages with given facility (0-23), repeatable 
 +-f Follow log messages 
 +-u Use UDP as the protocol 
 +-t Add an extra timestamp 
 +-0 Use \0 instead of \n as trailer when using TCP 
 +</code> 
 + 
 +Please note that if you install the [[:docs:guide-user:perf_and_log:log.syslog-ng3|syslog-ng]] then the logread command will be overridden with it's own ''/usr/sbin/logread'' that has less options. 
 + 
  
 ==== Local file logging ==== ==== Local file logging ====
Line 107: Line 138:
 </code> </code>
  
-and then reload the rules using ''/etc/init.d/firewall restart''.+and then reload the rules using ''service firewall restart''.
  
 For the LAN-side station/client, there are a large number of mechanisms to listen for log messages. For the LAN-side station/client, there are a large number of mechanisms to listen for log messages.
Line 136: Line 167:
 If you want to test the logging out, just run a command like  If you want to test the logging out, just run a command like 
  
-''logger testLog "Blah1"''+<code>logger testLog "Blah1"</code>
  
 and it should be written to the configured destination. and it should be written to the configured destination.
Line 143: Line 174:
  * ''/sbin/logd'' is running; it should have an argument of ''-S <log_size>'' indicating the size of the ring buffer,    * ''/sbin/logd'' is running; it should have an argument of ''-S <log_size>'' indicating the size of the ring buffer,  
  * ''logd'' is configured correctly in ''/etc/config/system'',  * ''logd'' is configured correctly in ''/etc/config/system'',
- * restart it using ''/etc/init.d/log restart'' and check for warnings/errors+ * restart it using ''service log restart'' and check for warnings/errors 
 + 
 +===== Logrotate ===== 
 +To automatically manage large collections of daily, weekly, or monthly logs, you may want to use [[packages:pkgdata:logrotate]]. 
 +Here's an example that rotates a persistent log on a USB storage each night keeping it for 1 week. 
 + 
 +<code bash> 
 +# Install packages 
 +opkg update 
 +opkg install logrotate 
 + 
 +# Configure logging 
 +uci set system.@system[0].log_file="/mnt/sda1/logs/system.log" 
 +uci set system.@system[0].log_remote="0" 
 +uci commit system 
 +service system restart  
 + 
 +# Configure logrotate 
 +cat << "EOF" > /etc/logrotate.conf 
 +include /etc/logrotate.d 
 +/mnt/sda1/logs/system.log { 
 +    daily 
 +    rotate 1 
 +    missingok 
 +    notifempty 
 +    postrotate 
 +        service log restart 
 +        sleep 1 
 +        logger -p warn -s "Log rotation complete" 
 +    endscript 
 +
 +EOF 
 + 
 +# Configure cron 
 +cat << "EOF" >> /etc/crontabs/root 
 +58 23 * * * logrotate /etc/logrotate.conf 
 +EOF 
 +service cron restart 
 + 
 +# Debugging 
 +logrotate --verbose --debug /etc/logrotate.conf 
 +</code>
  
 ===== Alternative implementations ===== ===== Alternative implementations =====
-See **rsyslog** - to e.g. rout all or specific logs to a (central) rsyslog receiver+See **rsyslog** - to e.g. route all or specific logs to a (central) rsyslog receiver
  
 <code bash> <code bash>
Line 160: Line 232:
 </code> </code>
  
 +If you add to the rsyslog receiver's /etc/rsyslog.conf e.g. this template:
 +
 +<code>
 +$template DynamicFile,"/mnt/sda1/logs/%HOSTNAME%/forwarded-logs.log"
 +*.* -?DynamicFile
 +</code>
 +you get the messages separated from every sender in a own folder.
 ===== rsyslog and Logz.io ===== ===== rsyslog and Logz.io =====
 You can support logging direct to a cloud ELK provider like Logz.io by adding a few lines to your ''rsyslog.conf''. You can support logging direct to a cloud ELK provider like Logz.io by adding a few lines to your ''rsyslog.conf''.
  • Last modified: 2024/07/27 17:26
  • by stokito