Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
docs:user-guide:services:log.syslog-ng3 [2018/02/17 19:28] – ↷ Page moved from doc:howto:log.syslog-ng3 to docs:user-guide:services:log.syslog-ng3 bobafetthotmaildocs:guide-user:perf_and_log:log.syslog-ng3 [2024/06/02 06:40] (current) – [logread] stokito
Line 1: Line 1:
-====== syslog-ng3 ======+====== syslog-ng ======
  
 ===== Installation ===== ===== Installation =====
  
-<code> +==== Replacing Default Logging with syslog-ng -- 2018 ==== 
-# opkg install syslog-ng3 + 
-</code>+As of February, 2019, version of syslog-ng in OpenWrt master is 3.19.1 
 + 
 +As of March, 2018, https://openwrt.org/packages/pkgdata/syslog-ng is version 3.8.1 
 + 
 +On ''master'' of April, 2018, the following steps will replace the default OpenWRT logging with ''syslog-ng'' 
 +  * Install ''syslog-ng'' and its dependencies 
 +  * Disable the default logging with ''/etc/init.d/log disable'' or by removing the symlink in ''/etc/rc.d'' 
 +  * Confirm that ''syslog-ng'' is enabled; ''/etc/rc.d/S20syslog-ng -../init.d/syslog-ng'' 
 +  * reboot 
 + 
 + 
 +----
  
-{{:meta:icons:tango:48px-dialog-warning.svg.png?nolink}} Do not install the ''syslog-ng'' package as it is very old and out-of-date. 
  
-In Backfire 10.3.1-rc4there are missing depenciesInstall with+FIXME Much of the following appears to be from Backfire, c2011
  
 <code> <code>
-# opkg install libdbi+# opkg install syslog-ng
 </code> </code>
  
Line 19: Line 29:
 Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''. Configuration is controlled by ''/etc/syslog-ng.conf'' The default configuration logs to ''/var/log/messages''.
  
-Below is a sample configuration for logging to a remote server via UDP (from http://www.systemajik.com/blog/openwrt-syslog-ng-installation/):+Below is a sample configuration for logging to a remote server via TCP (extended from default config file):
  
 <code> <code>
 +#############################################################################
 +# OpenWrt syslog-ng.conf specific file
 +# which collects all local logs into a single file called /var/log/messages.
 +# More details about these settings can be found here:
 +# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options
 +
 +@version: 3.19
 +@include "scl.conf"
 +@include "/etc/syslog-ng.d/" # Put any customization files in this directory
 +
 options { options {
-    chain_hostnames(off); + chain_hostnames(no); # Enable or disable the chained hostname format. 
-    sync(0); + create_dirs(yes); 
-    stats(0);+ keep_hostname(yes); # Enable or disable hostname rewriting. 
 + log_fifo_size(256); # The number of messages that the output queue can store. 
 + log_msg_size(1024); # Maximum length of a message in bytes. 
 + stats_freq(0); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. 
 + flush_lines(0); # How many lines are flushed to a destination at a time. 
 + use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
 }; };
  
-source src unix-stream("/dlog"); internal(); }; +filter notice_or_higher 
-source kernel { file("/proc/kmsg" log_prefix("kernel: ")); }; +        level(notice..emerg # remove debug and info message 
- +};
-destination messages { file("/var/log/messages" log_fifo_size(256)); }; +
-destination d_udp { udp("192.168.10.2" port(514)); };+
  
 +# syslog-ng gets messages from syslog-ng (internal) and from /dev/log
 +source src {
 +        internal();
 +        unix-dgram("/dev/log");
 +};
 +source kernel {
 +        file("/proc/kmsg" program_override("kernel"));
 +};
 +source net {
 +        tcp(ip(0.0.0.0) port(514));
 +};
 +destination messages {
 +        file("/var/log/messages");
 +};
 +destination syslogd_tcp {
 +        tcp("syslog." port(514));    # hostname is syslog, replace with your own loghost name or IP
 +};
 log { log {
-    source(src); +        source(src); 
-    source(kernel); +        source(kernel); 
-    destination(d_udp); +        filter(notice_or_higher); 
-#    destination(messages);+        destination(messages); 
 +        destination(syslogd_tcp);
 }; };
 </code> </code>
Line 71: Line 112:
 # /etc/init.d/syslog-ng start # /etc/init.d/syslog-ng start
 </code> </code>
 +
 +
 +===== logread =====
 +
 +The logread is an interface to read log messages.
 +When the ''syslog-ng'' installed then the default OpenWrt [[:docs:guide-user:base-system:log.essentials#logread|logread]] command from ubox package will be overridden with the ''/usr/sbin/logread'' script that reads ''/var/log/messages'' instead of ring buffer.
 +
 +To show all log messages that contains a specific text (like a daemon name) and follow (like in tail -f) use:
 +<code bash>
 +logread -fe firewall
 +</code>
 +
 +The script has less options than the ubox logread:
 +<code>
 +-l <count>   Got only the last 'count' messages
 +-e <pattern> Filter messages with a regexp
 +-f           Follow log messages
 +-h           Print this help message
 +</code>
 +
  • Last modified: 2024/06/02 06:40
  • by stokito