2

I try to remote log my OpenWRT system. For that i set /etc/config/system like: 

config system
        option hostname 'MySystem'
        option timezone 'UTC'
        option log_file '/var/log/messages'
        option log_type 'file'
        option log_size '64'
        option log_rotated '10'
        option log_ip '192.168.1.200'

On my Ubuntu system i try to receive those log messages. syslog-ng is installed. /etc/syslog-ng/syslog-ng.conf looks like: 

@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"

# First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
          owner("root"); group("adm"); perm(0640); stats_freq(0);
          bad_hostname("^gconfd$");
};

source s_net { udp();  };
destination s_messages { file("/var/log/my_test/remote.log");};
log { source(s_net); destination(s_messages);};
@include "/etc/syslog-ng/conf.d/*.conf"

Whenever a log message is logged on OpenWRT in /var/log/messages the file says:

Mon Dec 19 15:11:18 2016 daemon.emerg logread[1021]: Logread connected to 192.168.1.200:514                                                                   
Mon Dec 19 15:11:27 2016 local0.info my_service[1348]: My logging message
Mon Dec 19 15:11:27 2016 daemon.emerg logread[1021]: failed to send log data to 192.168.1.200:514 via udp

What could be the problem? Ping from OpenWRT to 192.168.1.200 is successful. I guess OpenWRT is workling fine. Problem is the syslog-ng configuration right?

Thx for any help!

Farley
  • 179
  • 1
  • 13
  • Hi, try using wireshark/tcpdump on your Ubuntu system to check if the messages reach the server. But since udp is a fire-and-forget protocol, and your openwrt notes that something is wrong, I'd say that the problem is on the openwrt side. (Maybe a local firewall?) – Robert Fekete Dec 20 '16 at 10:36
  • You are right. UDP is not tracked so OpenWRT system is the problem. I'll take a closer look to the OpenWRT configuration. – Farley Dec 21 '16 at 09:43

2 Answers2

2

Finally it worked. Problem was on my ubuntu system (firewall). OpenWRT worked fine.

Farley
  • 179
  • 1
  • 13
  • Hi @Farley. Can you please look at my problem with openwrt. Not able to figure out. Even can I do the same for logging all the networks https://stackoverflow.com/q/46152149/1696621 – Channaveer Hakari Sep 11 '17 at 10:05
2

I just used the config system part of this question and the server configuration instructions on this page and it worked like a charm.

I created a /etc/rsyslog.d/10-openwrt-remote-logread.conf file with this content (no iptables needed):

$ModLoad imudp  
$UDPServerRun 514  
:fromhost-ip, isequal, "192.168.0.1" /var/log/openwrt.log  
& ~

Now I have a nice openwrt.log file on my Raspberry.

Avio
  • 2,700
  • 6
  • 30
  • 50