Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:user-guide:services:log.syslog-ng3 [2018/02/17 19:28] – ↷ Page moved from doc:howto:log.syslog-ng3 to docs:user-guide:services:log.syslog-ng3 bobafetthotmaildocs:guide-user:perf_and_log:log.syslog-ng3 [2019/02/18 21:14] – Update it a little bit pepes
Line 1: Line 1:
-====== syslog-ng3 ======+====== syslog-ng ======
  
 ===== Installation ===== ===== Installation =====
  
-<code> +==== Replacing Default Logging with syslog-ng -- 2018 ====
-# opkg install syslog-ng3 +
-</code>+
  
-{{:meta:icons:tango:48px-dialog-warning.svg.png?nolink}} Do not install the ''syslog-ng'' package as it is very old and out-of-date.+As of February, 2019, version of syslog-ng in OpenWrt master is 3.19.1
  
-In Backfire 10.3.1-rc4there are missing depencies. Install with+As of March, 2018, https://openwrt.org/packages/pkgdata/syslog-ng is version 3.8.1 
 + 
 +On ''master'' of April2018, the following steps will replace the default OpenWRT logging with ''syslog-ng'' 
 +  * Install ''syslog-ng'' and its dependencies 
 +  * Disable the default logging with ''/etc/init.d/log disable'' or by removing the symlink in ''/etc/rc.d'' 
 +  * Confirm that ''syslog-ng'' is enabled; ''/etc/rc.d/S20syslog-ng -> ../init.d/syslog-ng'' 
 +  * reboot 
 + 
 + 
 +---- 
 + 
 + 
 +FIXME Much of the following appears to be from Backfire, c. 2011
  
 <code> <code>
-# opkg install libdbi+# opkg install syslog-ng
 </code> </code>
  
Line 19: Line 29:
 Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''. Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''.
  
-Below is a sample configuration for logging to a remote server via UDP (from http://www.systemajik.com/blog/openwrt-syslog-ng-installation/):+Below is a sample configuration for logging to a remote server via TCP (extended from default config file):
  
 <code> <code>
 +#############################################################################
 +# OpenWrt syslog-ng.conf specific file
 +# which collects all local logs into a single file called /var/log/messages.
 +# More details about these settings can be found here:
 +# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options
 +
 +@version: 3.19
 +@include "scl.conf"
 +@include "/etc/syslog-ng.d/" # Put any customization files in this directory
 +
 options { options {
-    chain_hostnames(off); + chain_hostnames(no); # Enable or disable the chained hostname format. 
-    sync(0); + create_dirs(yes); 
-    stats(0);+ keep_hostname(yes); # Enable or disable hostname rewriting. 
 + log_fifo_size(256); # The number of messages that the output queue can store. 
 + log_msg_size(1024); # Maximum length of a message in bytes. 
 + stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. 
 + flush_lines(0); # How many lines are flushed to a destination at a time. 
 + use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
 }; };
  
-source src unix-stream("/dlog"); internal(); }; +filter notice_or_higher 
-source kernel { file("/proc/kmsg" log_prefix("kernel: ")); }; +        level(notice..emerg # remove debug and info message 
- +};
-destination messages { file("/var/log/messages" log_fifo_size(256)); }; +
-destination d_udp { udp("192.168.10.2" port(514)); };+
  
 +# syslog-ng gets messages from syslog-ng (internal) and from /dev/log
 +source src {
 +        internal();
 +        unix-dgram("/dev/log");
 +};
 +source kernel {
 +        file("/proc/kmsg" program_override("kernel"));
 +};
 +source net {
 +        tcp(ip(0.0.0.0) port(514));
 +};
 +destination messages {
 +        file("/var/log/messages");
 +};
 +destination syslogd_tcp {
 +        tcp("syslog." port(514));    # hostname is syslog, replace with your own loghost name or IP
 +};
 log { log {
-    source(src); +        source(src); 
-    source(kernel); +        source(kernel); 
-    destination(d_udp); +        filter(notice_or_higher); 
-#    destination(messages);+        destination(messages); 
 +        destination(syslogd_tcp);
 }; };
 </code> </code>
  • Last modified: 2024/06/02 06:40
  • by stokito