Using syslog-ng to receive logs files from a router [SOLVED]

MrBackhand · 2006-09-05 14:56:47

I have a router with a built in firewall that can forward connection and access logs via syslog-ng to a server. I have entered the IP address of the client to receive the logs into the router. On the client to receive the logs I edited /etc/syslog-ng/syslog-ng.conf and tried the following:

 udp(ip("[router ip here]") port(514));

and when syslog-ng starts I receive the error that the port can not be found (or was it bound?). I checked /etc/services and the port is there and available for udp. netstat -an | grep 514 does not list the client listening on that port.

Has anyone tried the remote logging via syslog-ng or have a router with similiar functionality that you were able to get this working?

Any help is appreciated.

Thank you.

zen_guerrilla · 2006-09-05 15:35:59

MrBackhand wrote:

 udp(ip("[router ip here]") port(514));

This line should be

udp(ip([server ip here]));

assuming of course that syslog-ng runs on the 'server' box.

MrBackhand · 2006-09-05 22:58:32

I made the change to my /etc/syslog-ng/syslog-ng.conf file and received the following when I restarted syslog-ng:

io.c: bind_inet_socket() bind failed 192.168.0.1:514 Cannot assign requested address
Error initializing configuration, exiting.

Any ideas?

zen_guerrilla · 2006-09-06 10:26:15

Could you pls provide some more information like the IPs of your router & server ? I can send you my syslog-ng.conf via pm if you want (although it's tailored for a Debian system).

MrBackhand · 2006-09-06 18:07:44

The router IP is 192.168.0.1, the machine to receive the log from the router is 192.168.0.200. I added:

udp(ip(192.168.0.1));

to my /etc/syslog-ng/syslog-ng.conf under source src { }. I found this http://gentoo-wiki.com/HOWTO_Cisco_device_logging which is exactly what I want to do. I added all that in to my syslog-ng.conf file except substituting the router IP as noted above. I can not seem to get beyond the binding error.

Thank you.

zen_guerrilla · 2006-09-06 18:25:19

I assume you run syslog-ng on 192.168.0.200 so it should be:

udp(ip(192.168.0.200));

this is the IP address syslog-ng should bind to not. If you want the logs from your router to reside on specific directory, ie. /var/log/router you should add the following lines to your syslog-ng.conf:

source s_udp {
        udp ( ip(192.168.0.200) );
};

destination df_udp { 
        file ("/var/log/$HOST/$FACILITY");
};

log { 
        source(s_udp); 
        destination (df_udp); 
};

assuming you've got DNS working.

MrBackhand · 2006-09-06 20:10:55

That worked! I'm in business, thank you!

Arch Linux

#1 2006-09-05 14:56:47

Using syslog-ng to receive logs files from a router [SOLVED]

#2 2006-09-05 15:35:59

Re: Using syslog-ng to receive logs files from a router [SOLVED]

#3 2006-09-05 22:58:32

Re: Using syslog-ng to receive logs files from a router [SOLVED]

#4 2006-09-06 10:26:15

Re: Using syslog-ng to receive logs files from a router [SOLVED]

#5 2006-09-06 18:07:44

Re: Using syslog-ng to receive logs files from a router [SOLVED]

#6 2006-09-06 18:25:19

Re: Using syslog-ng to receive logs files from a router [SOLVED]

#7 2006-09-06 20:10:55

Re: Using syslog-ng to receive logs files from a router [SOLVED]

Board footer