Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: Merv on April 18, 2021, 10:38:33 AM
-
Hi there, Over the weekend I've installed Ver 10 RC candidate on an I7 with 16G together with a restore from version 9.2 and I'd just like to report that with initial testing everything seems to be working. Email/Horde/Clam/Updates/Web Server etc. running great.
My only hiccup at present is the remote syslog - I've followed the HOW-To from the 9.2 version -
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
cd /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
Using for favourite editor, create the file 90AllowRemoteSyslog and add the following lines:
# Enable the syslog to capture remote messages from the network
SYSLOGD_OPTIONS="-r514 -m 0"
Now expand the template and restart the SYSLOG service.
expand-template /etc/sysconfig/rsyslog
service rsyslog restart
You can now use:
tail -f /var/log/messages
... but no messages coming thru from my net equipment, just wondering if remote syslog is still under development at present?
Many thanks, Merv
-
sme 10 uses systemd , no sysvinit anymore. service command is deprecated.
you should use
systemctl restart rsyslog.service
You will think, yes but it did restart the service using my old command, because it will be redirected to systemd, but you need to be aware of that to understand that old how to might brake because the startup script is different
now what is in this script
systemctl cat rsyslog.service
# /usr/lib/systemd/system/rsyslog.service
[Unit]
Description=System Logging Service
;Requires=syslog.socket
Wants=network.target network-online.target
After=network.target network-online.target
Documentation=man:rsyslogd(8)
Documentation=http://www.rsyslog.com/doc/
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/rsyslog
ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS
Restart=on-failure
UMask=0066
StandardOutput=null
Restart=on-failure
[Install]
WantedBy=multi-user.target
;Alias=syslog.service
# /usr/lib/systemd/system/rsyslog.service.d/51koozali.conf
[Install]
WantedBy=sme-server.target
so /etc/sysconfig/rsyslog is still in use
$SYSLOGD_OPTIONS is still in use but looking at both the man rsyslogd pages of sme 9 and 10 i can not find reference to -r and -m options
i see two things..
is your server trying to log something on its local interface or external? if external rhe firewall is preventing that.
other wise this is simply that now you should use the config file to do that. seems that it was a deprecated option still working in centos 6 but not documented and removed on centos 7
see https://linuxhint.com/send_linux_logs_remote_server/. this is written for debian , but options should be similar and you just have to template the changes
and update the wiki
-
according to man rsyslog.conf
imudp Input plugin for UDP syslog. Replaces the deprecated -r
option. Can be used like this:
$ModLoad imudp
$UDPServerRun 514
imtcp Input plugin for plain TCP syslog. Replaces the deprecated
-t option. Can be used like this:
$ModLoad imtcp
$InputTCPServerRun 514
-
Thanks Jean-Philippe, I'll have a look at the above and see if I can get the logging back - I'm only logging equipment on the local net so no firewall involved - it's been handy all these years just running an SSH term and tail on the syslog - soon spot any problems around the place!!
cheers, Merv
-
Thanks Jean-Philippe, I'll have a look at the above and see if I can get the logging back - I'm only logging equipment on the local net so no firewall involved - it's been handy all these years just running an SSH term and tail on the syslog - soon spot any problems around the place!!
cheers, Merv
so your best bet would be
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
vim /etc/e-smith/templates-custom/etc/sysconfig/rsyslog/20GetRemoteLogs
add this
# enable remote logging
$ModLoad imudp
$UDPServerRun 514
and you could even follwo the last bit of the page
https://wiki.koozali.org/Syslog#SME_9.0_Server_redirect_to_another_syslog_file
so you can put all the external devices in one log out of SME
if ( $programname == 'grandstream' OR $programname == 'device2' ) then /var/log/remotedevices.log
& stop
-
Thanks again Jean-Philippe for your info but for some reason I still cannot seem to receive any device traffic when I issue the "tail -f /var/log/messages" command - just system messages, none from my radio controller/ups/etc. equipment. (btw thanks again for the unsecured ftp access - working great!!)
So I am stuck - but I'll keep on reading and get there one day - luckily its no show stopper.
cheers, Merv
-
FWIW I have remote syslog working to my sme10 server on local network. I originally followed the howto for sme9 but migrated configs from sme9 - sme10 and haven't made anychanges. It just kept working as before.
[edit] ok, had another look and maybe I didn't follow the sme9 howto.
My use case, sme10 receiving syslog info from other devices on the local lan.
In /etc/e-smith/templates-custom/etc/rsyslog.conf
in that folder create a file 12remotelog
and put the following into it:
{
# provides support for remote
}
$ModLoad imudp
$UDPServerRun 514
Pretty much what JP said above.
-
Hi there and thanks again for your help, but currently still cannot get the remote logs to come thru - lacking Linux/Unix knowledge!!! With JP's entry above, I ended up with -
[root@rigel rsyslog]# pwd
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog
[root@rigel rsyslog]# ls
20GetRemoteLogs
[root@rigel rsyslog]# cat 20GetRemoteLogs
# enable remote logging
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
and after a server restart, still no go - your directory path looks different - maybe that's my problem??? Since it's no a show stopper I was just waiting on the side until 10 is bedded in and a new faq for remote syslog might come out for me to follow.
cheers, Merv
-
/etc/e-smith/templates-custom/etc/sysconfig/rsyslog
why ?
when you said just before
/etc/e-smith/templates-custom/etc/rsyslog.conf
in that folder create a file 12remotelog
and put the following into it:
{
# provides support for remote
}
$ModLoad imudp
$UDPServerRun 514
rsyslog config is in /etc/rsyslog.conf
so your fragment should go to /etc/e-smith/templates-custom/etc/rsyslog.conf
then
expand-template /etc/rsyslog.conf
systemctl restart rsyslogd
-
Thanks again fella's - and a good question Jean-Phillipe!! why????
- I just entered properly this time and I now have console logs coming thru to the SME server - excellent - so far with a restore from 9.2 to the 10rc - all looks good now - www server/email/dhcp/horde/backup/ftp and now the syslog
thanks, Merv