Receive logs from router

1. offizieller Beitrag

    Hi, I'm running omv 4 on a raspberry. My router can send log to syslog server.
    Checking logs in router gui is not so comfortable so I'm thinking of sending log to OMV instance to analyse them easily.


    Do I need some config on omv? Or just set "Send to this Syslog server IP address" in the router admin page?

    • Offizieller Beitrag

    rsyslog is not setup on OMV to receive messages. Easy to change though.


    Just put the following lines in a file named /etc/rsyslog.d/incoming.conf


    $ModLoad imudp
    $UDPServerRun 514
    $ModLoad imtcp
    $InputTCPServerRun 514


    systemctl restart rsyslog

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    create another file like /etc/rsyslog.d/10_router.conf with the following content:


    if $hostname == 'change_to_routerhostname' then /var/log/router.log
    & stop


    Then restart rsyslog again.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Einmal editiert, zuletzt von ryecoaaron ()

    Gefällt mir 1
    Code
    /etc/rsyslog.d/10_router.conf

    is the correct path, right?



    With these 2 settings now I have these lines in router.log





    Code
    Dec 28 16:24:01 raspberrypi CRON[387]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 28 16:24:01 raspberrypi CRON[392]: (root) CMD (for i in `pgrep "ftpd|nfsiod|smbd|afpd|cnid"` ; do ionice -c1 -p $i ; done >/dev/null 2>&1)
Dec 28 16:24:01 raspberrypi CRON[387]: pam_unix(cron:session): session closed for user root
Dec 28 16:24:28 raspberrypi sshd[481]: Accepted publickey for pi from 192.168.0.13 port 54127 ssh2: RSA SHA256:CJSxNfqs71QD0lRZzN9S11Kg66l7Q8huW5OOr0EBxFE
Dec 28 16:24:28 raspberrypi sshd[481]: pam_unix(sshd:session): session opened for user pi by (uid=0)
Dec 28 16:24:28 raspberrypi systemd-logind[810]: New session c8 of user pi.
Dec 28 16:24:28 raspberrypi systemd[1]: Started Session c8 of user pi.

    My desire is to have router log lines only in router.log file but now I have others log lines in router.log :(

    • Offizieller Beitrag
    Zitat von mcgyver83

    is the correct path, right?

    Yep. Typo of course. Corrected.


    Zitat von mcgyver83

    My desire is to have router log lines only in router.log file but now I have others log lines in router.log

    Ideally, the if statement should only put logs from that hostname in that file. I spend all day at work putting logs together on a remote server (splunk) not separating them into separate files. grep is easy to use. But I will look at why this is happening.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    It is working correctly on my system but the ordering of the conf files might be causing the issue. Change the name of the incoming.conf file to 10_incoming.conf and the router file to 20_router.conf. Then restart rsyslog.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    I changed conf files addig 10_ and 20_ but this is what happens when I log into router webGui




    As you can see the router message is written in more files :(


    And in router.log I have lines not coming from router :(



    Why don't you post the contents of the file you created for this, /etc/rsyslog.d/10_router.conf or /etc/rsyslog.d/20_router.conf, perhaps there is some error in them?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    Code
    pi@raspberrypi:/etc/rsyslog.d$ cat 10_incoming.conf
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514


    Code
    pi@raspberrypi:/etc/rsyslog.d$ cat 20_router.conf
if $hostname == 'raspberrypi' then /var/log/router.log
& stop
    Zitat von mcgyver83
    Code
    pi@raspberrypi:/etc/rsyslog.d$ cat 20_router.conf
if $hostname == 'raspberrypi' then /var/log/router.log
& stop

    For $hostname you should be using the router hostname, not the hostname of the machine accepting the logs.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    I believe an IP address would work, but $hostname might not be correct.


    Try:


    $fromhost-ip == 'a.b.c.d'

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    Gefällt mir 2

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden