This is a description of how I setup the syslog feature of the Speedstream 4200 router to log messages to one of my FreeBSD v7-STABLE machines. It should be equally applicabale to any Unix or Unix-like remote log host.
Telnet to the router to access its command line interface. This cannot be setup using the router's graphical web interface.
At the login prompt, log in as admin (password may be blank or "admin").
At the xsh> prompt type cfg slog{ip#0=192.168.1.25 where 192.168.1.25 is the IP address of your remote log host.
Check the entry by typing cfg slog{ip#0. You should see something like this:
ip#0 = 192.168.1.25 ip#1 = 0.0.0.0 ip#2 = 0.0.0.0 ip#3 = 0.0.0.0 ip#4 = 0.0.0.0 ip#5 = 0.0.0.0 ip#6 = 0.0.0.0
Now save the settings by typing: cfg save.
Now reboot the router by typing: do reboot.
Edit your /etc/syslog.conf file to direct the router's syslog messages
to a separate log file. For example:
!*
+router
*.* /var/log/router.log
Do not forget that (1) you must use tabs to separate tokens in the syslog.conf file;
(2) you need to specify the hostname without the domain name (at least under FreeBSD); and (3)
failure to include the !* line above will result in all log entries from the immediately
preceding program block being logged only when they originate from the router - which is not
what you want! Please check the syntax of your syslog.conf file by checking its man page
on your system carefully.
Check the configuration of your syslog daemon. It may not accept syslog messages from remote machines in its default configuration. By default, FreeBSD runs its syslog daemon in secure mode. To override this, you will need to edit the /etc/rc.conf file and add the following line:
syslogd_flags="-a router.sentry.org:*"
Do not forget to replace router.sentry.org with the fully qualified name of your own router :) You can setup a fully qualified hostname for your router via the web interface: Setup -> Host and fill in the "Host Name" field. (Note that I've used a wildcard (ie *) for the port number in the above example.)
Create the required log file by touching the appropriate filename in your /var/log directory or wherever else you have specified (eg touch /var/log/router.log).
If the hostname of your router is not in your local DNS server's records, you will need to edit the log host's /etc/hosts file to add it. For example, add the following line:
192.168.1.1 router router.sentry.orgwhere 192.168.1.254 is the IP address of your router, router is its hostname and router.sentry.org is its fully qualified domain name.
Find the PID of your running syslog daemon process (eg ps -ax | grep syslog) and kill it (eg kill <pid>).
Manually start the syslog daemon as follows: syslogd -a "*domainname:*".
To check that it all works, you will need to again use telnet to access the router's command line interface. Once you are at the xsh> prompt:
Aug 17 17:43:51 router User: Testing syslog setup
Enjoy!
| All queries to: Trev | |