What's new

Remote Log Server, RFC 5424

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

txcanuck

Occasional Visitor
Hi,

I would like to enable the remote log server, but need the messages sent in RFC 5424 format (the "newer" standard). I can't figure out what version of syslog is being used (sorry!), so not sure if this is possible ... and of course if it is, how to enable it.

Any pointers? FYI, from the local log I think the older format is being used, but syslog does have an option to enable RFC 5424 format (e.g. see --rfc5424 at http://man7.org/linux/man-pages/man1/logger.1.html).

Thanks!
 
I was going to try that, but had in the past (with a different machine) - and the non-compliant records messed up the server => had to purge everything. Was hoping to avoid that ... LOL!
 
Use scribe.
 
Asuswrt uses the barebone syslog daemon from Busybox, so it`s much more limited than full-featured daemons such as syslog-ng.
 
Hi,

Haven't gotten to scribe yet (but will!) ... however, I did try turning the current log forwarding feature on. The log list inside asuswrt-merlin goes away (no surprise there, it makes sense), but it seems that many of the items that were in that log before (like frequency changes) aren't being sent across to the remote server. That seems odd to me ... or is it expected?

Thanks!
 
The log list inside asuswrt-merlin goes away (no surprise there, it makes sense), but it seems that many of the items that were in that log before (like frequency changes) aren't being sent across to the remote server.

Even when forwarding to a remote log service the syslog in the Webgui should still show the logged messages. And what are your logging levels set to?

As for the formatting, I had a similar issue, not sure what your goal is....

I know old 374. Firmware called syslogd in a different way. 384 appears to now use the -H option and sets a hostname generated from your device name, part of the cfg_group variable in nvram and a ''-C" for good measure

I just created a script that kills the original syslogd process and restarts it with the proper hostname (ie, just the devicename, not the appended bits)

If it was just a hostname issue its an easy workaround.
 
Last edited:
Even when forwarding to a remote log service the syslog in the Webgui should still show the logged messages. And what are your logging levels set to?
Sorry! Nut behind the knob issue ... ;). I had changed the log level, and it removed them locally, but they were still being sent - so I fooled myself.

Thanks for the pointers (and script - as yes, that dang -C is causing me grief)!
 
Sorry! Nut behind the knob issue ... ;). I had changed the log level, and it removed them locally, but they were still being sent - so I fooled myself.
All good, thats why I asked, something seemed off.

Thanks for the pointers (and script - as yes, that dang -C is causing me grief)!

Ya just write up a script for services-start, I used ps and grep to find the PID of the running syslogd with the bad host name, kill it and restart it with the hostname you want.
 
Ya just write up a script for services-start, I used ps and grep to find the PID of the running syslogd with the bad host name, kill it and restart it with the hostname you want.

Yep, that makes sense. BTW, I have another script - add some info to snmpd (with a similar restart). Just in case this helps, this works quite well,
kill -9 `pidof snmpd`
 
And BTW, hopefully this helps others ... to replace that HOSTNAME-C, get the needed command back,
ps w | grep syslog | tr -s ' ' | cut -d ' ' -f5- | sed "s/$HOSTNAME-.*/$HOSTNAME/g"

ARRGH! Formatting messing with me. In grep syslog, enclose the s in [].
 
@txcanuck use the 'Code' format in the 'Insert...' command beside the Draft save (floppy icon) button when you're making the post. :)
 
You can get the arguments a program started with from /pr oc/$PID/cmdline (no space, thanks cloudflare), it's a little more reliable that way. For example to show the arguments (again no space in proc):

Code:
if [ -f /var/run/syslogd.pid ]; then
    read -r PID < /var/run/syslogd.pid
    xargs -r0 printf '%s\n' < "/pr oc/$PID/cmdline"
fi

Or something more useful like restarting with a different -H option:

Code:
SCRIPT='kill "$1"
shift 2
HOSTNAME="RT-WHATEVER"
for ARG in "$@"; do
   [ "$LASTARG" = "-H" ] && set -- "$@" "$HOSTNAME" || set -- "$@" "$ARG"
   LASTARG="$ARG"
   shift
done
syslogd "$@"'

if [ -f /var/run/syslogd.pid ]; then
    read -r PID < /var/run/syslogd.pid
    xargs -r0 sh -c "$SCRIPT" _ "$PID" < "/pr oc/$PID/cmdline"
fi
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top