Results 1 to 8 of 8

Thread: Receiving router log information in journald?

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    1,037

    Default Receiving router log information in journald?

    hello.
    After reading this thread :
    Receiving router log information in rsyslog? http://forums.opensuse.org/showthread.php/494959

    On router side you just configure "the IP adress of a remote syslog server"

    Is there a way to do that with journald ?
    If yes, can you give me some direction.

    Should journald understand syslog format ?
    If not, I suppose that I have to install rsyslog on the server to catch router information ?
    In that case how to resend logs to journald ?

    Any help is welcome.
    Thanks for helping. JCD
    __________
    server leap 15.0 -- ASUS g75vw KDE leap 15.0 -- ASUS g750JZ Optimus KDE leap 15.1 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Receiving router log information in journald?

    On 2015-07-10 18:46, jcdole wrote:
    >
    > hello.
    > After reading this thread :
    > Receiving router log information in rsyslog?
    > http://forums.opensuse.org/showthread.php/494959
    >
    > On router side you just configure "the IP adress of a remote syslog
    > server"


    Yes. IP, and sometimes the port, if it is not the standard one.

    > Is there a way to do that with journald ?


    You mean, receive the log entries in journald, instead of in a syslog
    daemon service? I'm not aware that it is possible at all. But I might be
    mistaken.

    > If not, I suppose that I have to install rsyslog on the server to catch
    > router information ?


    I guess so, yes. You can use rsyslog, syslog-ng, and maybe another one I
    forget. You have some choices.

    > In that case how to resend logs to journald ?


    I wouldn't have the foggiest idea... If I wanted to do that, I'd
    starting reading journal manuals ;-)

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,293
    Blog Entries
    2

    Default Re: Receiving router log information in journald?

    I don't know if anyone has published all the sources that pass data to the journal (at least I can't find anything), but in general <everything> is in the journal.

    So, you should be able to query for router log events directly from the journal. To some degree, it should be easier to query for specific data with the capabilities of journalctl.
    The online link to the journalctl MAN pages is at
    http://www.freedesktop.org/software/...ournalctl.html
    Note the examples at the end which suggest how you can query for router log data if it's in there.

    And, if you prefer another format or a store that contains only specific data, then you can extract that information using any of many tools including what has already been described.

    TSU

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Receiving router log information in journald?

    On 2015-07-12 02:56, tsu2 wrote:
    >
    > I don't know if anyone has published all the sources that pass data to
    > the journal (at least I can't find anything), but in general
    > <everything> is in the journal.
    >
    > So, you should be able to query for router log events directly from the
    > journal. To some degree, it should be easier to query for specific data
    > with the capabilities of journalctl.
    > The online link to the journalctl MAN pages is at
    > http://www.freedesktop.org/software/...ournalctl.html
    > Note the examples at the end which suggest how you can query for router
    > log data if it's in there.


    But you need the messages from the external host, a router in this case,
    to gets its messages included in the journal first. Sure that you can
    query the data if it is there, but you have to put it there first,
    somehow...

    I would have a look at these:

    journal-remote.conf(5) -- Journal remote service configuration files
    journal-remote.conf.d(5) -- Journal remote service configuration files
    journald.conf(5) -- Journal service configuration files
    journald.conf.d(5) -- Journal service configuration files

    In particular, this one:

    systemd-journal-remote — Receive journal messages over the network

    It says: «systemd-journal-remote is a command to receive serialized
    journal events and store them to the journal. Input streams are in the
    Journal Export Format , i.e. like the output from journalctl
    --output=export. For transport over the network, this serialized stream
    is usually carried over an HTTPS connection.»

    That doesn't look to me like syslog messages, which is what the router
    will send :-?

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,293
    Blog Entries
    2

    Default Re: Receiving router log information in journald?

    The OP needs to clarify if the log data is from the openSUSE machine itself configured as a router or a remote device.

    TSU

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Receiving router log information in journald?

    On 2015-07-13 03:16, tsu2 wrote:
    >
    > The OP needs to clarify if the log data is from the openSUSE machine
    > itself configured as a router or a remote device.


    I assumed it is a stand alone router machine, that sends the log entries
    to an openSUSE machine over the network, using the standard syslog
    method, same as in the thread he linked to.

    But he wants the entries stored in systemd journal, not in syslog files.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,293
    Blog Entries
    2

    Default Re: Receiving router log information in journald?

    I see I was mistaken and overlooked the OP was describing logs from a remote routing device.

    Initially, I'd probably ask... Why?
    The system's own logging database (journald) would be the last place I'd consider, and just to verify I did a quick search whether anyone had described doing this and didn't get any hits.

    But,
    There are plenty of "enterprise" systems that do set up a "Log Server" on the network, and for that you deploy just about any kind of database you prefer depending on your skillset and objectives. This is because for most major types of databases there are off the shelf importing and if necessary conversion tools that support common log formats. Once logs have been collected in your Log Server, you can even consider purging logfiles to save space.

    Popular choices include MySQL (because so many people know how to query in SQL) and noSQL databases (because of their extreme flexibility in supporting new datatypes, unlimited store limit and non-fixed data relationships). There should also be complete off the shelf solutions which might include a User frontend.

    TSU

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Receiving router log information in journald?

    On 2015-07-13 17:56, tsu2 wrote:

    > But,
    > There are plenty of "enterprise" systems that do set up a "Log Server"
    > on the network, and for that you deploy just about any kind of database
    > you prefer depending on your skillset and objectives. This is because


    At least one, probably more, of the available syslog daemons in Linux
    can write to a database if you wish. The default is plain text, but
    that's not the only method.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •