Koozali.org: home of the SME Server

Remote Syslog Problem

Offline Merv

  • 9
  • +0/-0
Remote Syslog Problem
« on: April 18, 2021, 10:38:33 AM »
Hi there, Over the weekend I've installed Ver 10 RC candidate on an I7 with 16G together with a restore from version 9.2 and I'd just like to report that with initial testing everything seems to be working. Email/Horde/Clam/Updates/Web Server etc. running great.

My only hiccup at present is the remote syslog - I've followed the HOW-To from the 9.2 version -

mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
cd /etc/e-smith/templates-custom/etc/sysconfig/rsyslog

Using for favourite editor, create the file 90AllowRemoteSyslog and add the following lines:

# Enable the syslog to capture remote messages from the network
SYSLOGD_OPTIONS="-r514 -m 0"

Now expand the template and restart the SYSLOG service.

expand-template /etc/sysconfig/rsyslog
service rsyslog restart

You can now use:

tail -f /var/log/messages

... but no messages coming thru from my net equipment, just wondering if remote syslog is still under development at present?

Many thanks, Merv


Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Remote Syslog Problem
« Reply #1 on: April 18, 2021, 04:02:45 PM »
sme 10 uses systemd , no sysvinit anymore. service command is deprecated.

you should use

Code: [Select]
systemctl restart rsyslog.service
You will think, yes but it did restart the service using my old command, because it will be redirected to systemd, but you need to be aware of that to understand that old how to might brake because the startup script is different

now what is in this script

Code: [Select]

 systemctl cat rsyslog.service
# /usr/lib/systemd/system/rsyslog.service
[Unit]
Description=System Logging Service
;Requires=syslog.socket
Wants=network.target network-online.target
After=network.target network-online.target
Documentation=man:rsyslogd(8)
Documentation=http://www.rsyslog.com/doc/

[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/rsyslog
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
Restart=on-failure
UMask=0066
StandardOutput=null
Restart=on-failure

[Install]
WantedBy=multi-user.target
;Alias=syslog.service

# /usr/lib/systemd/system/rsyslog.service.d/51koozali.conf
[Install]
WantedBy=sme-server.target

so /etc/sysconfig/rsyslog is still in use

$SYSLOGD_OPTIONS is still in use but looking at both the man rsyslogd pages of sme 9 and 10 i can not find reference to -r and -m options



i see two things..

is your server trying to log something on its local interface or external? if external rhe firewall is preventing that.

other wise this is simply that now you should use the config file to do that. seems that it was a deprecated option still working in centos 6 but not documented and removed on centos 7

see https://linuxhint.com/send_linux_logs_remote_server/. this is written for debian ,  but options should be similar and you just have to template the changes

and update the wiki

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Remote Syslog Problem
« Reply #2 on: April 18, 2021, 04:06:04 PM »
according to man rsyslog.conf



Quote
        imudp  Input plugin for UDP  syslog.  Replaces  the  deprecated  -r
              option. Can be used like this:

              $ModLoad imudp

              $UDPServerRun 514

       imtcp  Input  plugin  for plain TCP syslog. Replaces the deprecated
              -t option. Can be used like this:

              $ModLoad imtcp

              $InputTCPServerRun 514

Offline Merv

  • 9
  • +0/-0
Re: Remote Syslog Problem
« Reply #3 on: April 19, 2021, 04:32:25 AM »
Thanks Jean-Philippe, I'll have a look at the above and see if I can get the logging back - I'm only logging equipment on the local net so no firewall involved - it's been handy all these years just running an SSH term and tail on the syslog - soon spot any problems around the place!!

cheers, Merv

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Remote Syslog Problem
« Reply #4 on: April 19, 2021, 07:21:43 AM »
Thanks Jean-Philippe, I'll have a look at the above and see if I can get the logging back - I'm only logging equipment on the local net so no firewall involved - it's been handy all these years just running an SSH term and tail on the syslog - soon spot any problems around the place!!

cheers, Merv

so your best bet would be
Code: [Select]
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
vim /etc/e-smith/templates-custom/etc/sysconfig/rsyslog/20GetRemoteLogs

add this
Code: [Select]

# enable remote logging
$ModLoad imudp
$UDPServerRun 514



and you could even follwo the last bit of the page
https://wiki.koozali.org/Syslog#SME_9.0_Server_redirect_to_another_syslog_file

so you can put all the external devices in one log out of SME

if ( $programname == 'grandstream' OR $programname == 'device2' )  then                 /var/log/remotedevices.log
& stop

Offline Merv

  • 9
  • +0/-0
Re: Remote Syslog Problem
« Reply #5 on: April 20, 2021, 01:52:32 AM »
Thanks again Jean-Philippe for your info but for some reason I still cannot seem to receive any device traffic when I issue the "tail -f /var/log/messages" command - just system messages, none from my radio controller/ups/etc. equipment. (btw thanks again for the unsecured ftp access - working great!!)

So I am stuck - but I'll keep on reading and get there one day - luckily its no show stopper.

cheers, Merv


Offline sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: Remote Syslog Problem
« Reply #6 on: April 27, 2021, 07:59:40 AM »
FWIW I have remote syslog working to my sme10 server on local network. I originally followed the howto for sme9 but migrated configs from sme9 - sme10 and haven't made anychanges. It just kept working as before.

[edit] ok, had another look and maybe I didn't follow the sme9 howto.

My use case, sme10 receiving syslog info from other devices on the local lan.

In /etc/e-smith/templates-custom/etc/rsyslog.conf

in that folder create a file 12remotelog
and put the following into it:

{
# provides support for remote
}
$ModLoad imudp

$UDPServerRun 514



Pretty much what JP said above.


« Last Edit: April 27, 2021, 08:11:28 AM by sages »
...

Offline Merv

  • 9
  • +0/-0
Re: Remote Syslog Problem
« Reply #7 on: April 28, 2021, 03:27:00 AM »
Hi there and thanks again for your help, but currently still cannot get the remote logs to come thru - lacking Linux/Unix knowledge!!! With JP's entry above, I ended up with -

[root@rigel rsyslog]# pwd
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog
[root@rigel rsyslog]# ls
20GetRemoteLogs
[root@rigel rsyslog]# cat 20GetRemoteLogs
# enable remote logging
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514

and after a server restart, still no go - your directory path looks different - maybe that's my problem??? Since it's no a show stopper I was just waiting on the side until 10 is bedded in and a new faq for remote syslog might come out for me to follow.

cheers, Merv

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Remote Syslog Problem
« Reply #8 on: April 28, 2021, 04:20:17 AM »
Code: [Select]
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog
why ?



when you said just before
Quote
/etc/e-smith/templates-custom/etc/rsyslog.conf

in that folder create a file 12remotelog
and put the following into it:

{
# provides support for remote
}
$ModLoad imudp

$UDPServerRun 514


rsyslog config is in /etc/rsyslog.conf
so your fragment should go to  /etc/e-smith/templates-custom/etc/rsyslog.conf

then
Code: [Select]
expand-template /etc/rsyslog.conf
systemctl restart rsyslogd

Offline Merv

  • 9
  • +0/-0
Re: Remote Syslog Problem
« Reply #9 on: April 28, 2021, 04:53:27 AM »
Thanks again fella's - and a good question Jean-Phillipe!! why????

- I just entered properly this time and I now have console logs coming thru to the SME server - excellent - so far with a restore from 9.2 to the 10rc - all looks good now - www server/email/dhcp/horde/backup/ftp and now the syslog

thanks, Merv