User Tools

Site Tools


docs:guide-user:perf_and_log:log.syslog-ng3

syslog-ng

Installation

Replacing Default Logging with syslog-ng -- 2018

As of March, 2018, https://openwrt.org/packages/pkgdata/syslog-ng is version 3.8.1

As of July, 2018, version 3.16 is being supplied. Restart of syslog-ng may give the self-explanatory log message

WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. 
Please update it to use the syslog-ng 3.16 format at your time of convenience. 
To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, 
and once completed change the @version header at the top of the configuration file.;

On master of April, 2018, the following steps will replace the default OpenWRT logging with syslog-ng

  • Install syslog-ng and its dependencies
  • Disable the default logging with /etc/init.d/log disable or by removing the symlink in /etc/rc.d
  • Confirm that syslog-ng is enabled; /etc/rc.d/S20syslog-ng → ../init.d/syslog-ng
  • reboot

FIXME Much of the following appears to be from Backfire, c. 2011

# opkg install syslog-ng3

Do not install the syslog-ng package as it is very old and out-of-date.

In Backfire 10.3.1-rc4, there are missing depencies. Install with

# opkg install libdbi

Configuration

Configuration is controlled by /etc/syslog-ng.conf The default configuration logs to /var/log/messages.

Below is a sample configuration for logging to a remote server via TCP (extended from default config file):

@version:3.9
options {
        chain_hostnames(no);
        create_dirs(yes);
        flush_lines(0);
        keep_hostname(yes);
        log_fifo_size(256);
        log_msg_size(8192);
        stats_freq(0);
        flush_lines(0);
        use_fqdn(no);
        # Do not add "--MARK--" entries to the log
        mark_freq(0);
};
filter notice_or_higher {
        level(notice..emerg)  # remove debug and info message
};
source src {
        internal();
        unix-dgram("/dev/log");
};
source kernel {
        file("/proc/kmsg" program_override("kernel"));
};
source net {
        tcp(ip(0.0.0.0) port(514));
};
destination messages {
        file("/var/log/messages");
};
destination syslogd_tcp {
        tcp("syslog." port(514));    # hostname is syslog, replace with your own loghost name or IP
};
log {
        source(src);
        source(kernel);
        filter(notice_or_higher);
        destination(messages);
        destination(syslogd_tcp);
};
# put any customization files in this directory
@include "/etc/syslog-ng.d/“

Reconfiguration

To apply changes, it is not sufficient to simply restart the syslog-ng daemon. Instead, stop and start the daemon as follows (taken from http://baheyeldin.com/technology/linux/logging-with-syslog-ng-on-openwrt.html):

# killall syslog-ng
# /etc/init.d/syslog-ng start

IPv6 Logserver

To log to a logserver listening on an IPv6 address, use a udp6() destination in the configuration file:

...
destination d_udp6 { udp6("1234:5678:1011:1314::01" port(514)); };
...
log {
    source(src);
    source(kernel);
    destination(d_udp6);
};
...

Startup

# /etc/init.d/syslog-ng enable
# /etc/init.d/syslog-ng start
docs/guide-user/perf_and_log/log.syslog-ng3.txt · Last modified: 2018/09/18 18:15 by jeff