Menu
What's new
By:
Filters Better Search

Scribe scribe - syslog-ng and logrotate installer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jumpstarter said:
has anyone reported this effecting the network map?
Click to expand...
No. If you have an 87U and tried 12A2, that does affect the network map and you need to go back to A1.
 
kernol said:
Why do I ask? - because, aside from testing issues, that same routine would be usefully auto-invoked when the USB is ejected. Right now when the USB is ejected ... "### Top of Log File ###" gets written to System Log [Webgui] and nothing appears after it - no matter how long you wait.
Click to expand...
I think this is because syslog-ng can't run when the USB is ejected, and nothing has restarted syslogd. So no logging is going on.

I wonder whether ejecting the USB is better left to amtm, which might call a stop sequence in scribe--I forget how that discussion went. But you are suggesting that the scribe stop would restart syslogd, which would destroy the symlink and start up a new /tmp/syslog.log; then on scribe restart it would see the file, copy it to messages, reform the symlink, kill syslogd and start syslog-ng. I guess that could work ok.
 
joe scian said:
cmkelly

OK - I restarted QOS by going to QOS page and hitting apply which calls firewall-start and nat-start and I lost /tmp/syslog.log. After doing a ps | grep log this is what i got
Code: 
joescian@RT-AC5300:/jffs/scripts# ps | grep log
 3107 nobody   42320 D    dnsmasq --log-async
 3108 joescian  1332 S    dnsmasq --log-async
 8383 joescian  8452 S    {syslog-ng} supervising syslog-ng
 8384 joescian 15324 S    syslog-ng
Click to expand...
So much for that idea. I thought maybe it was re-starting syslogd or klogd somehow.

Next thing to do is see if it's even sylsog related. Can you create a dummy file called '/opt/var/log/dummy', and then create a symlink 'ln -s /opt/var/log/dummy /tmp/dummy-link', and then do whatever it is that kills the symlink between /opt/var/log/messages and /tmp/syslog.log? If it kills the link between dummy and dummy-link. then it's a separate issue form syslog/syslog-ng.
 
elorimer said:
I think this is because syslog-ng can't run when the USB is ejected, and nothing has restarted syslogd. So no logging is going on.

I wonder whether ejecting the USB is better left to amtm, which might call a stop sequence in scribe--I forget how that discussion went. But you are suggesting that the scribe stop would restart syslogd, which would destroy the symlink and start up a new /tmp/syslog.log; then on scribe restart it would see the file, copy it to messages, reform the symlink, kill syslogd and start syslog-ng. I guess that could work ok.
Click to expand...

My VERY basic understanding is that Syslog-ng cats syslog to "messages" on startup - so presumably it can push the content of that back to syslog.log when temporarily disabled? When you restart syslog-ng it can push back the syslog.log content to "messages"? To avoid duplication of log entries - perhaps it should overright the content both ways?

Like I said at the top of my post - not a coder [anymore anyway] ... but have a naive belief that one can achieve pretty much anything you want programmatically - just depends on the volume of code and practicality of the concept.
 
cmkelley said:
Good idea. Hopefully can implement no later than this coming weekend, my weeknights are looking iffy for the rest of the week.
Click to expand...
No rush - FULLY enjoying what you have done so far - in a mind boggling field, where you have done a massive amount to simplify an impossible task for us non-coders {Thumbs-Up} :D
 
Butterfly Bones said:
Like this?
screenshot-timsaw-loggly-com-2019-06-03-21-17-07.png
Click to expand...
I did not catch the name of the software that you use to display the logs. Would you repeat that for me?
 
Its a loggly screen.
 
I have looked at collectd, and I have it running (at this point in my travels, pointlessly). I can report that if y'all thought syslog-ng had a steep learning curve, watch out below!

If I am following, collectd is a way of collecting data about the router, like CPU usage, at intervals and sending it someplace. From that something else can present that data. To be more specific, it can send it to an /rrd directory on the USB drive in rrd format (round robin data). Then luci can use that to present a graph of CPU usage over a defined period (or memory usage, etc.) The syslog-ng implementation is basically a source definition that reads the collectd source, and a collectd destination. I haven't quite figured out the utility of that.

I haven't figured out the utility of collectd yet either, as there is no luci entware pkg, so I'm not sure what can make sense of the /rrd info.
 
thelonelycoder said:
I was hoping this is a free and open source software that I could install on my local CentOS server.
Click to expand...
Run syslog-ng on the CentOS server and send the router logs there.

Also: lnav.org
 
Last edited:
I've read most of this thread's pages. I am struggling to figure out what value I can get for using syslog-ng to me personally. What's motivating you guys to deploy and use this? Laymen's terms would be super! TY
 
gattaca said:
I've read most of this thread's pages. I am struggling to figure out what value I can get for using syslog-ng to me personally. What's motivating you guys to deploy and use this? Laymen's terms would be super! TY
Click to expand...
For me it simplifies log viewing to monitor events. Because each service is sorted to a separate log, it makes trouble shooting much, much easier.

For example, I was having VPN disconnections, so making changes in the VPN client configuration, restart VPN, check log, stop VPN client, make changes, restart VPN, check log, ad nauseum. Having just one log with openvpn events logged is so much easier.

I only see about 10 events each day in the webgui syslog, things like dropbear, LEDS off and on with timed scripts, and so on.

Trouble shooting pixelserv-tls with logging at level higher than 2 generates hundreds of lines each hour! Having those separate and not scrolling the webgui up and down, back and forth, up and down is better for me.

Since you don't see the value now, maybe there is no good reason to use it. It is a geek convenience / analysis tool more than a safety / security feature, or nice graphical displays.
 
Last edited:
gattaca said:
I've read most of this thread's pages. I am struggling to figure out what value I can get for using syslog-ng to me personally. What's motivating you guys to deploy and use this? Laymen's terms would be super! TY
Click to expand...
Everyone has different reasons. For me personally it's to de-clutter the dcd crash, wlceventd, and iptables entries from the main log. Others might be using their routers in an office environment and need to monitor the logs for security, and it helps to break them out.

BB is right though, usually, people come looking for a way to install syslog-ng to solve a particular problem, rather than installing syslog-ng and trying to figure out what use it is. And as you use more features of your router (e.g. VPN) having the various logs separated makes it easier to troubleshoot.
 
Minor bug-squashing update v2.0_1 posted
  • firewall-start might not be present, particularly if Skynet is not running. Check for firewall-start existing before searching it to see if Skynet is installed. Thanks TLC for catching that one.
 
cmkelley said:
So much for that idea. I thought maybe it was re-starting syslogd or klogd somehow.

Next thing to do is see if it's even sylsog related. Can you create a dummy file called '/opt/var/log/dummy', and then create a symlink 'ln -s /opt/var/log/dummy /tmp/dummy-link', and then do whatever it is that kills the symlink between /opt/var/log/messages and /tmp/syslog.log? If it kills the link between dummy and dummy-link. then it's a separate issue form syslog/syslog-ng.
Click to expand...

OK - I think I am much closer to the problem root cause. I performed the above experiment and the symbolic link to dummy-link sticks - its always there but /tmp/syslog.log disappears. AND I can make it dissapear at will whenever I press <CLEAR> on General Log page of the GUI. Does that give you a clue?
 
Last edited:
cmkelley said:
...For me personally it's to de-clutter the dcd crash, wlceventd, and iptables entries from the main log. Others might be using their routers in an office environment and need to monitor the logs for security, and it helps to break them out.
Click to expand...

Ah, OK! It's de-cluttering and organizing the router's logs.

Funny, I never got why the linux default practice of dumping all messages and events into a single main system log other than "well that's best practice..." when then the first thing developers do is sort/search/organize it using tools like this! LOL.

BLUF: This package is helping teams develop and debug the router. It is sorting messages, which are generated and dumped into the main system logs (/var/log or where ever it really lives) by different services running on the router, into distinct files based on that service. In one case, BB is streaming these to loggly to advance that one step further into a nice GUI sorted by tabs!.. I'm not a developer or running a business today to need to do that. Got it. Thank You. Have a good one!
 
gattaca said:
Funny, I never got why the linux default practice of dumping all messages and events into a single main system log other than "well that's best practice..." when then the first thing developers do is sort/search/organize it using tools like this! LOL.
Click to expand...
When did you last look at /var/log on your *NIX box? I'm sure you'll find more than one log file there.
 
You must log in or register to reply here.

Similar threads

Tarek Yag
Scribe [SOLVED] syslog-ng intermittent failure to shutdown which messes all logging
Replies
15
Views
671
Tarek Yag
Tarek Yag
SomeWhereOverTheRainBow
Scribe Issues with scribe.... Errors all over the place after restarting scribe!
Replies
8
Views
2K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
S
Scribe Strange Issue with Scribe / Syslog-NG after Reboot
Replies
7
Views
1K
Ripshod
Ripshod
cmkelley
Scribe scribe 3.x_y - syslog-ng and logrotate installer
10 11 12
Replies
234
Views
21K
matthew_eli
matthew_eli
Davidncali001
Skynet Message on SKYNET I havent seen before
Replies
1
Views
321
Davidncali001
Davidncali001
Similar threads
Thread starter Title Forum Replies Date
S Scribe Strange Issue with Scribe / Syslog-NG after Reboot Asuswrt-Merlin AddOns 7
V Scribe Scribe nvram log_path - what should it be? Asuswrt-Merlin AddOns 4
SomeWhereOverTheRainBow Scribe Issues with scribe.... Errors all over the place after restarting scribe! Asuswrt-Merlin AddOns 8
Tarek Yag Scribe [SOLVED] syslog-ng intermittent failure to shutdown which messes all logging Asuswrt-Merlin AddOns 15
J AdGuardHome There are tons of dnsproxy error messages occuring on syslog. Asuswrt-Merlin AddOns 2
T Updated scMerlin to 2.5.5 - syslog stops at 'syslogd exiting' Asuswrt-Merlin AddOns 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 749 (members: 13, guests: 736)
Top