Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revisionBoth sides next revision
docs:user-guide:services:log.syslog-ng3 [2018/02/17 19:28] – ↷ Page moved from doc:howto:log.syslog-ng3 to docs:user-guide:services:log.syslog-ng3 bobafetthotmaildocs:guide-user:perf_and_log:log.syslog-ng3 [2024/06/02 06:39] – [logread] stokito
Line 1: Line 1:
-====== syslog-ng3 ======+====== syslog-ng ======
  
 ===== Installation ===== ===== Installation =====
  
-<code> +==== Replacing Default Logging with syslog-ng -- 2018 ==== 
-# opkg install syslog-ng3 + 
-</code>+As of February, 2019, version of syslog-ng in OpenWrt master is 3.19.1 
 + 
 +As of March, 2018, https://openwrt.org/packages/pkgdata/syslog-ng is version 3.8.1 
 + 
 +On ''master'' of April, 2018, the following steps will replace the default OpenWRT logging with ''syslog-ng'' 
 +  * Install ''syslog-ng'' and its dependencies 
 +  * Disable the default logging with ''/etc/init.d/log disable'' or by removing the symlink in ''/etc/rc.d'' 
 +  * Confirm that ''syslog-ng'' is enabled; ''/etc/rc.d/S20syslog-ng -../init.d/syslog-ng'' 
 +  * reboot 
 + 
 + 
 +----
  
-{{:meta:icons:tango:48px-dialog-warning.svg.png?nolink}} Do not install the ''syslog-ng'' package as it is very old and out-of-date. 
  
-In Backfire 10.3.1-rc4there are missing depenciesInstall with+FIXME Much of the following appears to be from Backfire, c2011
  
 <code> <code>
-# opkg install libdbi+# opkg install syslog-ng
 </code> </code>
  
Line 19: Line 29:
 Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''. Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''.
  
-Below is a sample configuration for logging to a remote server via UDP (from http://www.systemajik.com/blog/openwrt-syslog-ng-installation/):+Below is a sample configuration for logging to a remote server via TCP (extended from default config file):
  
 <code> <code>
 +#############################################################################
 +# OpenWrt syslog-ng.conf specific file
 +# which collects all local logs into a single file called /var/log/messages.
 +# More details about these settings can be found here:
 +# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options
 +
 +@version: 3.19
 +@include "scl.conf"
 +@include "/etc/syslog-ng.d/" # Put any customization files in this directory
 +
 options { options {
-    chain_hostnames(off); + chain_hostnames(no); # Enable or disable the chained hostname format. 
-    sync(0); + create_dirs(yes); 
-    stats(0);+ keep_hostname(yes); # Enable or disable hostname rewriting. 
 + log_fifo_size(256); # The number of messages that the output queue can store. 
 + log_msg_size(1024); # Maximum length of a message in bytes. 
 + stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. 
 + flush_lines(0); # How many lines are flushed to a destination at a time. 
 + use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
 }; };
  
-source src unix-stream("/dlog"); internal(); }; +filter notice_or_higher 
-source kernel { file("/proc/kmsg" log_prefix("kernel: ")); }; +        level(notice..emerg # remove debug and info message 
- +};
-destination messages { file("/var/log/messages" log_fifo_size(256)); }; +
-destination d_udp { udp("192.168.10.2" port(514)); };+
  
 +# syslog-ng gets messages from syslog-ng (internal) and from /dev/log
 +source src {
 +        internal();
 +        unix-dgram("/dev/log");
 +};
 +source kernel {
 +        file("/proc/kmsg" program_override("kernel"));
 +};
 +source net {
 +        tcp(ip(0.0.0.0) port(514));
 +};
 +destination messages {
 +        file("/var/log/messages");
 +};
 +destination syslogd_tcp {
 +        tcp("syslog." port(514));    # hostname is syslog, replace with your own loghost name or IP
 +};
 log { log {
-    source(src); +        source(src); 
-    source(kernel); +        source(kernel); 
-    destination(d_udp); +        filter(notice_or_higher); 
-#    destination(messages);+        destination(messages); 
 +        destination(syslogd_tcp);
 }; };
 </code> </code>
Line 71: Line 112:
 # /etc/init.d/syslog-ng start # /etc/init.d/syslog-ng start
 </code> </code>
 +
 +
 +===== logread =====
 +
 +The logread is an interface to read log messages.
 +When the syslog-ng installed then the default OpenWrt ''logread'' command from ubox package will be overridden with the ''/usr/sbin/logread'' script that reads ''/var/log/messages'' instead of ring buffer.
 +
 +To show all log messages that contains a specific text (like a daemon name) and follow (like in tail -f) use:
 +<code bash>
 +logread -fe firewall
 +</code>
 +
 +The script has less options than the ubox logread:
 +<code>
 +-l <count>   Got only the last 'count' messages
 +-e <pattern> Filter messages with a regexp
 +-f           Follow log messages
 +-h           Print this help message
 +</code>
 +
  • Last modified: 2024/06/02 06:40
  • by stokito