Setting up a debian rsyslog server and OpenWrt rsyslog client

Since the Lenny release, rsyslog was the default way of logging things in debian. It's pretty useful, since it allows you to receive logs from other machines, and having all logs in one place makes debugging quite a bit easier. So, a quick guide on how to set this up.

We start with the server, running debian. We want to enable receiving UDP traffic, and to define a seperate logfile for our OpenWrt client.

First of, we open /etc/rsyslog.conf in our favourite editor, and find these lines, which should be located near the top of the file:

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

Uncomment the two last lines, so rsyslog loads the UDP module at startup, then save the file.

Next, we want to make a new file which will hold our configuration specific to the client running OpenWrt; nano /etc/rsyslog.d/10-accesspoint.conf.

:fromhost-ip, isequal, "" /var/log/accesspoint.log

The first line matches on the ip address that sent the log entry and saves it to /var/log/accesspoint.log. The second line indicates that no more processing should happen on this log entry.

Save the file and restart the rsyslog daemon with service rsyslog restart.

Next, we need to configure the OpenWrt client to send log entries to our server. Open /etc/config/system in an editor on the router. Add the following line under the config system section:

option log_ip   # adjust to your servers ip address

Save the file and reboot your router. Now, the router should send log messages to the central logging server you specified.

Written by Jannich Brendle søn 06 oktober 2013 In How to

tags: securitydebugging

Related posts