@Butterfly Bones: you still have a problem. In your log excerpt, there should be no "BLOCKED" messages above the hourly roll-up. Go into skynet and point its log setting to the skynet-0 log. You'll have to go back and redo the symlink too.
You were right, Skynet log was as "Default", and I changed it to /opt/var/log/skynet-0.log. I forget what files need to be linked with the symlink. Is it@Butterfly Bones: you still have a problem. In your log excerpt, there should be no "BLOCKED" messages above the hourly roll-up. Go into skynet and point its log setting to the skynet-0 log. You'll have to go back and redo the symlink too.
ln -s /opt/var/log/skynet-0.log /tmp/mnt/USB_name/skynet/skynet.log
No, directory links are for setting ups /tmp/syslog.log and /tmp/syslog.log-1 and making their /jffs counterparts directories.You were right, Skynet log was as "Default", and I changed it to /opt/var/log/skynet-0.log. I forget what files need to be linked with the symlink. Is it
Code:ln -s /opt/var/log/skynet-0.log /tmp/mnt/USB_name/skynet/skynet.log
EDIT - I think it is ok now. I ran "(s)how scribe status" and got "checking directory links - updated", so looks like cmkelley has some code magic in there too. If I run "(s)how scribe status" now I get "checking directory links - present"
Just to confirm, it was fixed without me issuing that direct command, maybe in manually changing the Skynet log output(?) dunno, but all good now.The GUI displays /tmp/syslog.log. So scribe creates a symlink for that that points to /opt/var/log/messages. You can do that yourself with that command. You don't really need to do anything with log-1 or the /jffs files. That is just to stop writing the log to /jffs, and you already have a permanent copy of the log on the USB drive.
user@RT-AC86U-4608:/tmp/home/root# ln -s /opt/var/log/skynet-0.log /tmp/syslog.log
ln: /tmp/syslog.log: File exists
-rw------- 1 user_name root 30287 Oct 20 06:29 skynet-0.log
If the -f option is not specified, ln shall write a diagnostic message to standard error, do nothing more with the current source_file
user@RT-AC86U-4608:/tmp/home/root# ls -al /tmp/
%< (snipped)
lrwxrwxrwx 1 user_name root 21 Oct 19 16:47 syslog.log -> /opt/var/log/messages
If you have Diversion installed, do not touch the dnsmasq.log files. Diversion covers rolling those.Any pointers on creating a filter for my dnsmasq.log?
Thanks much, yes using Diversion so these will stay put.If you have Diversion installed, do not touch the dnsmasq.log files. Diversion covers rolling those.
What does your filter file have in it, like this?Did a clean installation of everything yesterday and my skynet logs dont work properly anymore:
# this MUST BE the file configured in Skynet as the syslog.log location
# DO NOT use /tmp/syslog.log or /opt/var/log/messages here!
destination d_skynet {
file("/opt/var/log/skynet-0.log");
};
# logs everything from Skynet to /opt/var/log/skynet-0.log
filter f_skynet {
program("Skynet") or
message("BLOCKED -") or
message("DROP IN=");
};
# final flag stops processing of messages matching the f_skynet filter
log {
source(src);
filter(f_skynet);
destination(d_skynet);
flags(final);
};
#eof
Oct 26 14:34:44 Skynet: [#] 130264 IPs (+0) -- 40232 Ranges Banned (+0) || 49 Inbound -- 0 Outbound Connections Blocked! [save] [8s]
################################################
## Generated By Skynet - Do Not Manually Edit ##
## Oct 26 21:00:14 ##
## Installer ##
model="RT-AC5300"
localver="v6.9.1"
autoupdate="enabled"
banmalwareupdate="daily"
forcebanmalwareupdate=""
logmode="enabled"
filtertraffic="all"
swaplocation="/tmp/mnt/sda1/myswap.swp"
swappartition=""
## Counters / Lists ##
blacklist1count="130264"
blacklist2count="40232"
customlisturl=""
customlist2url=""
countrylist="cn tw ve br vn id in ru ua ar bd bg hk lv es tr dz uz kp"
excludelists=""
## Settings ##
unbanprivateip="enabled"
loginvalid="disabled"
banaiprotect="enabled"
securemode="enabled"
extendedstats="enabled"
fastswitch="disabled"
syslogloc="/opt/var/log/skynet-0.log"
syslog1loc="/tmp/syslog.log-1"
iotblocked="disabled"
iotports=""
iotproto="udp"
lookupcountry="enabled"
cdnwhitelist="enabled"
################################################
# this MUST BE the file configured in Skynet as the syslog.log location
# DO NOT use /tmp/syslog.log or /opt/var/log/messages here!
destination d_skynet {
file("/opt/var/log/skynet-0.log");
};
# logs everything from Skynet to /opt/var/log/skynet-0.log
filter f_skynet {
program("Skynet") or
message("BLOCKED -") or
message("DROP IN=");
};
# final flag stops processing of messages matching the f_skynet filter
log {
source(src);
filter(f_skynet);
destination(d_skynet);
flags(final);
};
#eof
#############################################################################
# OpenWrt syslog-ng.conf specific file
# which collects all local logs into a single file called /var/log/messages.
# More details about these settings can be found here:
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/release-notes/global-options
#
# non-scl version with "@include "scl.conf"" and call to default-network-drivers function (part of scl) removed
# moved sourcing /proc/kmsg from "source kernel" to "source src" and added directives to /proc/kmsg and /dev/log sourcing
# log_msg_size increased to 16K to ensure even large messages are completely captured
# stats_freq changed to every 6 hours
# source net function to get udp log messages from local network commented out
# destination log_server function added (commented out) to illustrate sending udp log messages to server on local network
@version: 3.23
@include "/opt/etc/syslog-ng.d/" # Put any customization files in this directory
options {
chain_hostnames(no); # Enable or disable the chained hostname format.
create_dirs(yes);
keep_hostname(yes); # Enable or disable hostname rewriting.
log_fifo_size(256); # The number of messages that the output queue can store.
log_msg_size(16384); # Maximum length of a message in bytes.
stats_freq(21600); # The period between two STATS messages (sent by syslog-ng, containing statistics about dropped logs) in seconds. (21,600 seconds = 6 hours)
flush_lines(0); # How many lines are flushed to a destination at a time.
use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};
# syslog-ng gets messages from the system, kernel, and syslog-ng (internal)
# DO NOT use system() source; causes issues on HND routers
# so_rcvbuf = maximum number of messages per second * 1024
source src {
unix-dgram("/dev/log" so_rcvbuf(65536) flags(syslog-protocol));
file("/proc/kmsg" program_override("kernel") flags(kernel));
internal();
};
# uncomment these three lines to get udp log messages from local network
# must also uncomment "source(net);" below
#source net {
# udp(ip(192.168.x.y) port(514));
#};
destination messages {
file("/opt/var/log/messages");
};
# uncomment these three lines to send udp log messages to local network
# must also uncomment "destination(log_server);" below
#destination log_server {
# udp("192.168.x.y" port(514));
#};
log {
source(src);
# source(net); # uncomment this and "source net" function above to get udp log messages from local network
destination(messages);
# destination(log_server); # uncomment this and "destination log_server" function above to send udp log messages to local network
};
What does your filter file have in it, like this?
Code:# this MUST BE the file configured in Skynet as the syslog.log location # DO NOT use /tmp/syslog.log or /opt/var/log/messages here! destination d_skynet { file("/opt/var/log/skynet-0.log"); }; # logs everything from Skynet to /opt/var/log/skynet-0.log filter f_skynet { program("Skynet") or message("BLOCKED -") or message("DROP IN="); }; # final flag stops processing of messages matching the f_skynet filter log { source(src); filter(f_skynet); destination(d_skynet); flags(final); }; #eof
# this MUST BE the file configured in Skynet as the syslog.log location
# DO NOT use /tmp/syslog.log or /opt/var/log/messages here!
destination d_skynet {
file("/opt/var/log/skynet-0.log");
};
# logs everything from Skynet to /opt/var/log/skynet-0.log
filter f_skynet {
program("Skynet") or
message("BLOCKED -") or
message("DROP IN=");
};
# final flag stops processing of messages matching the f_skynet filter
log {
source(src);
filter(f_skynet);
destination(d_skynet);
flags(final);
};
#eof
I vaguely remember having the same or similar issue way back in the early days of testing and configuring Scribe. I just spent considerable time searching this thread and find nothing about that, darn.Code:# this MUST BE the file configured in Skynet as the syslog.log location # DO NOT use /tmp/syslog.log or /opt/var/log/messages here! destination d_skynet { file("/opt/var/log/skynet-0.log"); }; # logs everything from Skynet to /opt/var/log/skynet-0.log filter f_skynet { program("Skynet") or message("BLOCKED -") or message("DROP IN="); }; # final flag stops processing of messages matching the f_skynet filter log { source(src); filter(f_skynet); destination(d_skynet); flags(final); }; #eof
It stoped working after last update from skynet and scribe... thats why i did a clean install since it was also due time, so i though why not but then it did not fix the issue!
I think that version change might have something to do with this issue. I just checked and am on syslog-ng - 3.20.1-1. Sorry @cmkelley that this is an inconvenient time.So, I apologize for not having an answer, life has gotten in the way of fun lately.
I don't generally look much at the logs, but after reading here, I noticed a separate problem, EVERYTHING stopped logging for me late the night of the 19th. Not sure what caused that. I updated syslog-ng to 3.23 on the 17th, so it doesn't seem like that is the issue. Maybe it's file permissions thing? I need to investigate what changed between 3.20 and 3.23.
Sadly, life is still "interesting" (nobody is sick or hurt or anything, just everything happening at once it seems), and I don't know when it will let up. If I get a chance I'll see what I can dig up.
opkg list-installed | grep syslog
There's some weird stuff going on here ... I tried re-starting Skynet but now I get the lock file detected message and that won't go away even after several minutes. I see a couple people have tried M&M to no avail, so it would seem not to be one of those that goes away with that. Past my bedtime already ...I think that version change might have something to do with this issue. I just checked and am on syslog-ng - 3.20.1-1. Sorry @cmkelley that this is an inconvenient time.
I see others on 3.23 like @shark and @Ayitaka that might be it. Can you two run this in a shell and report the result?
I'll do some research on downgrading to 3.20 if that resolves this until scribe can be updated.Code:opkg list-installed | grep syslog
user@router:/# opkg list-installed | grep syslog
syslog-ng - 3.23.1-1
user@router:/tmp/mnt/sda1/entware/var/log# opkg list-installed | grep syslog
syslog-ng - 3.20.1-1
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!