User Tools

Site Tools


docs:guide-user:perf_and_log:log.syslog-ng3

syslog-ng

Installation

Replacing Default Logging with syslog-ng -- 2018

As of February, 2019, version of syslog-ng in OpenWrt master is 3.19.1

As of March, 2018, https://openwrt.org/packages/pkgdata/syslog-ng is version 3.8.1

On master of April, 2018, the following steps will replace the default OpenWRT logging with syslog-ng

  • Install syslog-ng and its dependencies
  • Disable the default logging with /etc/init.d/log disable or by removing the symlink in /etc/rc.d
  • Confirm that syslog-ng is enabled; /etc/rc.d/S20syslog-ng → ../init.d/syslog-ng
  • reboot

FIXME Much of the following appears to be from Backfire, c. 2011

# opkg install syslog-ng

Configuration

Configuration is controlled by /etc/syslog-ng.conf The default configuration logs to /var/log/messages.

Below is a sample configuration for logging to a remote server via TCP (extended from default config file):

#############################################################################
# OpenWrt syslog-ng.conf specific file
# which collects all local logs into a single file called /var/log/messages.
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options

@version: 3.19
@include "scl.conf"
@include "/etc/syslog-ng.d/" # Put any customization files in this directory

options {
	chain_hostnames(no); # Enable or disable the chained hostname format.
	create_dirs(yes);
	keep_hostname(yes); # Enable or disable hostname rewriting.
	log_fifo_size(256); # The number of messages that the output queue can store.
	log_msg_size(1024); # Maximum length of a message in bytes.
	stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds.
	flush_lines(0); # How many lines are flushed to a destination at a time.
	use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};

filter notice_or_higher {
        level(notice..emerg)  # remove debug and info message
};

# syslog-ng gets messages from syslog-ng (internal) and from /dev/log
source src {
        internal();
        unix-dgram("/dev/log");
};
source kernel {
        file("/proc/kmsg" program_override("kernel"));
};
source net {
        tcp(ip(0.0.0.0) port(514));
};
destination messages {
        file("/var/log/messages");
};
destination syslogd_tcp {
        tcp("syslog." port(514));    # hostname is syslog, replace with your own loghost name or IP
};
log {
        source(src);
        source(kernel);
        filter(notice_or_higher);
        destination(messages);
        destination(syslogd_tcp);
};

Reconfiguration

To apply changes, it is not sufficient to simply restart the syslog-ng daemon. Instead, stop and start the daemon as follows (taken from http://baheyeldin.com/technology/linux/logging-with-syslog-ng-on-openwrt.html):

# killall syslog-ng
# /etc/init.d/syslog-ng start

IPv6 Logserver

To log to a logserver listening on an IPv6 address, use a udp6() destination in the configuration file:

...
destination d_udp6 { udp6("1234:5678:1011:1314::01" port(514)); };
...
log {
    source(src);
    source(kernel);
    destination(d_udp6);
};
...

Startup

# /etc/init.d/syslog-ng enable
# /etc/init.d/syslog-ng start
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/perf_and_log/log.syslog-ng3.txt · Last modified: 2019/02/18 21:14 by pepes