What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Scribe Additional logging to external server

XIII

XIII

Very Senior Member
If I use Scribe and the firmware built-in logging to an external server, what will be logged on that external server?
  • Everything?
  • /tmp/syslog.log entries after Scribe filtering?
In case it's the second, how can I log entries filtered by Scribe as well? (Can I use multiple destinations in Scribe? How to configure an external server destination?)
 
RTFM... :oops:

Uncomment/correct (hostname "pi") this in /opt/etc/syslog-ng.conf:

Code: 
destination log_server { udp("pi" port(514)); };

And use this as additional destination in any desired file in /opt/etc/syslog-ng.d:

Code: 
destination(log_server);
 
XIII said:
RTFM... :oops:

Uncomment/correct (hostname "pi") this in /opt/etc/syslog-ng.conf:

Code: 
destination log_server { udp("pi" port(514)); };

And use this as additional destination in any desired file in /opt/etc/syslog-ng.d:

Code: 
destination(log_server);
Click to expand...
Nope, obsolete. Use network() instead.
 
XIII said:
If I use Scribe and the firmware built-in logging to an external server, what will be logged on that external server?
  • Everything?
  • /tmp/syslog.log entries after Scribe filtering?
In case it's the second, how can I log entries filtered by Scribe as well? (Can I use multiple destinations in Scribe? How to configure an external server destination?)
Click to expand...
Nothing. Scribe will terminate the firmware build-in logging, so that doesn't go anywhere.

Scribe does away with /tmp/syslog.log, so not that either.

You need to define the external server destination within syslog-ng, and then use that destination in your logging statements for syslog-ng to send messages to that destination. You could send everything to the remote destination, which would be like the built in logging, but then not much point.
 
elorimer said:
Nope, obsolete. Use network() instead.
Click to expand...
So that comment in the file is outdated?

EDIT 1: while it does work with "udp", the documentation indeed mentions "network" so I changed it. Thanks!

EDIT 2: and indeed; I don't forward all logs (I keep the Skynet logs on the router only)
 
Last edited:
XIII said:
So that comment in the file is outdated?
Click to expand...
Yes. There is a Scribe thread here about it. I think it is on the SME's todo list to update to network().

Syslog-ng development is very active, and it isn't so much that deprecated modules are removed (although that seems to happen) and stop working, as work on them stops and proceeds with the new modules. The One Identity OSE documentation is now up to 3.30, while the github stuff is at 3.31.2. Entware is keeping pace. While scribe hasn't updated in almost a year, fortunately, since the great time-reap fiasco there hasn't been a critical problem.
 
I have a question about what log format is scribe sending when it is configured to forward log data to a central syslog server?
Is it RFC 5424 and if not can it be configured to send log data in RFC 5424 format?
 
Scribe uses syslog-ng. Have a read

syslog-ng - Log Management Solutions

syslog-ng is the foundation of log collection and management. Optimize your SIEM, meet compliance requirements, and deliver data from a variety of sources.
www.syslog-ng.com
Apparently, by default RFC5424.
 
Last edited:
Ripshod said:
Scribe uses syslog-ng. Have a read

syslog-ng - Log Management Solutions

syslog-ng is the foundation of log collection and management. Optimize your SIEM, meet compliance requirements, and deliver data from a variety of sources.
www.syslog-ng.com
Click to expand...
Thanks, I am searching there now. Just haven't found a straight up solution.
All all my other systems I am using rsyslog and can just add a config to change format. ( module(load="builtin:omfile" Template="RSYSLOG_SyslogProtocol23Format")
 
XIII said:
RTFM... :oops:

Uncomment/correct (hostname "pi") this in /opt/etc/syslog-ng.conf:

Code: 
destination log_server { udp("pi" port(514)); };

And use this as additional destination in any desired file in /opt/etc/syslog-ng.d:

Code: 
destination(log_server);
Click to expand...
Thanks! Appears to work like a champ! I'm actually logging to Synology NAS.
 
Last edited:
visortgw said:
Thanks! Appears to work like a champ! I'm actually logging to Synology NAS.
elorimer said:
The syslog-ng documentation has moved : https://syslog-ng.github.io/admin-guide/README
Click to expand...
Thank You.
Click to expand...
I have been spending quite a bit of time on OSE reading the friendly manual.
As usual I dove in head first and switched an ax92u and 3 xt8 to ASUS Merlin. Syslog-ng is running on all four but
I want to fine tune the format. Currently pushing the router logs to Grafana loki using alloy for the syslog listener
and transport into loki. Loki is a bit picky on how the logs are formatted.
 
You must log in or register to reply here.

Similar threads

Tarek Yag
Scribe [SOLVED] syslog-ng intermittent failure to shutdown which messes all logging
Replies
15
Views
1K
Tarek Yag
Tarek Yag
MegaMango
XrayUI – A Simple Way to Manage Xray-Core on the ASUS Router
Replies
4
Views
1K
Tech9
Tech9
Viktor Jaep
BACKUPMON BACKUPMON v1.8.22 -Nov 28, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! CIFS/SMB/NFS! (Now available in AMTM!)
2
Replies
37
Views
3K
Ripshod
Ripshod
aex.perez
Solved Hacked or not, doubtful but making sure
Replies
3
Views
577
aex.perez
aex.perez
tRiFFiD
GT-AX6000 randomly rebooting daily
Replies
5
Views
437
ItspronouncedNuclear
I
Similar threads
Thread starter Title Forum Replies Date
Tarek Yag Scribe [SOLVED] syslog-ng intermittent failure to shutdown which messes all logging Asuswrt-Merlin AddOns 15
B Skynet Logging level Asuswrt-Merlin AddOns 1
K Skynet reduces write speeds to an external HDD. Asuswrt-Merlin AddOns 4
Viktor Jaep BACKUPMON BACKUPMON v1.8.22 -Nov 28, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! CIFS/SMB/NFS! (Now available in AMTM!) Asuswrt-Merlin AddOns 37
Q Unbound external Domain exclude Asuswrt-Merlin AddOns 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 931 (members: 26, guests: 905)
Back
Top