Announcement

Collapse
No announcement yet.

[SOLVED] rsyslog restarts every 5 minutes -- how do I enable network logging?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    [SOLVED] rsyslog restarts every 5 minutes -- how do I enable network logging?

    Hello all,

    Two part question:
    1) How did my changes below break rsyslog?
    2) How do I activate logging from the network, specifically for my router (D-Link DIR-655)?

    On Feb 2 something went wrong with rsyslog:

    Code:
    Feb 2 05:12:58 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
Feb 2 05:12:58 camelot rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="20252" x-info="[url]http://www.rsyslog.com"][/url] (re)start
Feb 2 05:12:58 camelot rsyslogd: rsyslogd's groupid changed to 102
Feb 2 05:12:58 camelot rsyslogd: rsyslogd's userid changed to 101
Feb 2 05:44:17 camelot kernel: Kernel logging (proc) stopped.
Feb 2 05:44:17 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
Feb 2 05:44:17 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
Feb 2 05:47:26 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
Feb 2 05:47:35 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
Feb 2 05:47:35 camelot kernel: imklog 4.2.0, log source = /var/run/rsyslog/kmsg started.
.....
    Since then, *nothing* has showed in /var/log/messages other than the above.

    I found the change I made on Feb 2 that caused this. I modified /etc/rsyslog.conf to enable remote logging support by uncommenting as follows:

    Code:
    # provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
    I then added /etc/rsyslog.d/60-router.conf to enable logging from my router:

    Code:
    # Router logging
:source, isequal, 192.168.0.1 /var/log/router.log
& ~
    Admittedly, I don't really understand that (although it *looks* reasonable) and I simply copied it off somewhere on the Internet.

    By undoing all the above, rsyslog is happy again
    Tags: None
    • Top
    • Bottom
    #2
    Re: rsyslog restarts every 5 minutes -- how do I enable network logging?

    I believe I have found the answer: http://ubuntuforums.org/showthread.php?p=8730126

    Seems to be working, using the lines
    Code:
    :fromhost-ip, isequal, "192.168.0.1" /var/log/router.log
& ~
    in a file I created as /etc/rsyslog.d/40-router.conf aong with the /etc/rsyslog.conf changes I listed above and repeat here:
    Code:
    # provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
    Well, at least it works to the point that rsyslog behaves politely. It is yet to be seen if anything actually gets logged. I can't find anything in my router to force a log to be sent.
    • Top
    • Bottom

    Comment

    Previous template Next
    Working...
    X