Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:base-system:log.essentials [2023/09/23 13:19] – [Logrotate] update vgaeteradocs:guide-user:base-system:log.essentials [2024/06/02 06:30] – [logread] stokito
Line 55: Line 55:
  
 ===== logd ===== ===== logd =====
-''logd'' is configured in ''/etc/config/system''. After changing the file, run +''logd'' is a default OpenWrt logging daemon provided by [[https://github.com/openwrt/ubox|ubox]] package. 
 +It also listens for ''/dev/log'' and records syslog messages. 
 +It'configured in ''/etc/config/system''. After changing the file, run 
  
-<code> +<code bash
-/etc/init.d/log restart +service log restart 
-/etc/init.d/system restart+service system restart
 </code> </code>
  
Line 70: Line 72:
  
 ==== logread ==== ==== logread ====
-This is the default interface and the simplest+This is the default interface to read log messages. It's provided by the [[https://github.com/openwrt/ubox|ubox]] package. 
-It is a local executable that will read the ring buffer records and display them chronologically.+ 
 +It is a local executable in ''/sbin/logread'' that will read the ring buffer records and display them chronologically. 
 + 
 +To show all log messages that contains a specific text (like a daemon name) and follow (like in ''tail -f'') use: 
 +<code bash> 
 +logread -fe firewall 
 +</code> 
 + 
 +Options: 
 +<code> 
 +-s <path> Path to ubus socket 
 +-l <count> Got only the last 'count' messages 
 +-e <pattern> Filter messages with a regexp 
 +-r <server> <port> Stream message to a server 
 +-F <file> Log file 
 +-S <bytes> Log size 
 +-p <file> PID file 
 +-h <hostname> Add hostname to the message 
 +-P <prefix> Prefix custom text to streamed messages 
 +-z <facility> handle only messages with given facility (0-23), repeatable 
 +-Z <facility> ignore messages with given facility (0-23), repeatable 
 +-f Follow log messages 
 +-u Use UDP as the protocol 
 +-t Add an extra timestamp 
 +-0 Use \0 instead of \n as trailer when using TCP 
 +</code> 
 + 
 +Please note that if you install the [[:docs:guide-user:perf_and_log:log.syslog-ng3|syslog-ng]] then the logread command will be overridden with it's own ''/usr/sbin/logread'' that has less options. 
 + 
  
 ==== Local file logging ==== ==== Local file logging ====
Line 107: Line 138:
 </code> </code>
  
-and then reload the rules using ''/etc/init.d/firewall restart''.+and then reload the rules using ''service firewall restart''.
  
 For the LAN-side station/client, there are a large number of mechanisms to listen for log messages. For the LAN-side station/client, there are a large number of mechanisms to listen for log messages.
Line 143: Line 174:
  * ''/sbin/logd'' is running; it should have an argument of ''-S <log_size>'' indicating the size of the ring buffer,    * ''/sbin/logd'' is running; it should have an argument of ''-S <log_size>'' indicating the size of the ring buffer,  
  * ''logd'' is configured correctly in ''/etc/config/system'',  * ''logd'' is configured correctly in ''/etc/config/system'',
- * restart it using ''/etc/init.d/log restart'' and check for warnings/errors+ * restart it using ''service log restart'' and check for warnings/errors
  
 ===== Logrotate ===== ===== Logrotate =====
-To automatically manage large collections of daily, weekly, or monthly logs, you may want to use [[:packages:pkgdata:logrotate]]. +To automatically manage large collections of daily, weekly, or monthly logs, you may want to use [[packages:pkgdata:logrotate]]. 
-Here'a working example that rotates a persistent log to a USB mount each night.+Here'an example that rotates a persistent log on a USB storage each night keeping it for 1 week.
  
 <code bash> <code bash>
Line 158: Line 189:
 uci set system.@system[0].log_remote="0" uci set system.@system[0].log_remote="0"
 uci commit system uci commit system
-/etc/init.d/system restart +service system restart 
  
 # Configure logrotate # Configure logrotate
 cat << "EOF" > /etc/logrotate.conf cat << "EOF" > /etc/logrotate.conf
 include /etc/logrotate.d include /etc/logrotate.d
- 
 /mnt/sda1/logs/system.log { /mnt/sda1/logs/system.log {
-    # Rotate log files daily. 
     daily     daily
-     
-    # Keep 1 week worth of logs. 
     rotate 1     rotate 1
-     
     missingok     missingok
     notifempty     notifempty
Line 176: Line 202:
         service log restart         service log restart
         sleep 1         sleep 1
-        logger -p warn -s "Log rotation complete."+        logger -p warn -s "Log rotation complete"
     endscript     endscript
 } }
Line 185: Line 211:
 58 23 * * * logrotate /etc/logrotate.conf 58 23 * * * logrotate /etc/logrotate.conf
 EOF EOF
-/etc/init.d/cron restart+service cron restart
  
 # Debugging # Debugging
Line 206: Line 232:
 </code> </code>
  
 +If you add to the rsyslog receiver's /etc/rsyslog.conf e.g. this template:
 +
 +<code>
 +$template DynamicFile,"/mnt/sda1/logs/%HOSTNAME%/forwarded-logs.log"
 +*.* -?DynamicFile
 +</code>
 +you get the messages separated from every sender in a own folder.
 ===== rsyslog and Logz.io ===== ===== rsyslog and Logz.io =====
 You can support logging direct to a cloud ELK provider like Logz.io by adding a few lines to your ''rsyslog.conf''. You can support logging direct to a cloud ELK provider like Logz.io by adding a few lines to your ''rsyslog.conf''.
  • Last modified: 2024/07/27 17:26
  • by stokito