Syslog client?

I have the ability for a device to record it’s events to a syslog on a Linux machine which I would like to do. The device is asking for an IP address of the syslog client and port number. But how do I setup OpenSuSe to do this?

Which openSUSE version do you have available there to implement this?

13.1 - The latest and greatest!

I always use the IP address of my linux box. The default port is 514, and should work.

That said, you will need to configure rsyslogd to listen on the network.

Here’s a unified diff of the changes that I made to “/etc/rsyslog.d”:


@@ -44,10 +44,10 @@
 #$InputTCPServerRun <port> # Starts a TCP server on selected port
 
 # UDP Syslog Server:
-#$ModLoad imudp.so         # provides UDP syslog reception
+$ModLoad imudp.so         # provides UDP syslog reception
 ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only,
 ##                            # needs SYSLOG_REQUIRES_NETWORK=yes.
-#$UDPServerRun 514         # start a UDP syslog server at standard port 514
+$UDPServerRun 514         # start a UDP syslog server at standard port 514

If you are not familiar with the format, the “-” lines are the old version and the “+” lines are the new version. The other lines are there for context. All lines are indented by one, to allow space for the “+” and “-”.

You will also need to open port 514-udp in your firewall.

Thank you for this.

Noticed that you did not turn on TCP Syslog server. Why is this?

Also, noticed that you made no mention of WorkDirectory and items like: ActionQueueFileName, and such. I take it you do not use these or let them default?

Just started diving into the documentation.

Thanks again!

I noticed that rsyslog is not started/stopped by doing /etc/init.d/syslog stop | start anymore. What is the new way?

# systemctl restart rsyslog.service

(or you can use “start” or “stop” or “enable” or “disable”).

And yes, I just took the defaults for everything log-related that I did not mention in my earlier post. I’ve been using this to handle router logging.

Used to the init.d/… way of doing things and forgot about the systemctl

OK. I will see what happens in the log. Got some reading to do.

Thanks!

On 2014-06-13 23:46, svetter88 wrote:
>
> Used to the init.d/… way of doing things and forgot about the
> systemctl

The log is normally already running. You just restart it to read the
config changes. Notice that a config error means it does not start and
can not even log the error on itself (ie, systemctl status says nought)


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Is it still the case? I think we had this when systemd logging depended on syslog; but now it does not really need it, so as long as (r)syslogd says something on stderr, it should go into journal and be displayed by systemctl.

On 2014-06-15 07:06, arvidjaar wrote:
>
> robin_listas;2648888 Wrote:
>> Notice that a config error means it does not start and
>> can not even log the error on itself (ie, systemctl status says nought)
>
> Is it still the case? I think we had this when systemd logging depended
> on syslog; but now it does not really need it, so as long as (r)syslogd
> says something on stderr, it should go into journal and be displayed by
> systemctl.

Dunno :-?

I would have to check, I had a bad problem with it some time ago. I
think there was a bugzilla… Yep, Bug 825135, on oS 12.3. It was closed
as “WONTFIX”, so I really have no reason to think it has changed, right?

If it has changed, a new comment on the bug report itself would be nice :wink:


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Ah, OK, now I remember. So the reason you do not see errors from syslogd is to avoid infinite loop (syslog emits errors which are forwarded to syslog which emits errors …)

So what we actually want is to prevent output from syslog being forwarded to syslog, while retaining it for everything else. I think the following should work:

  1. Disable forwarding to syslog by default in journald (ForwardToSyslog=no in journald.conf)
  2. Set default syslog forwarding for systemd units instead (DefaultStandardOutput=syslog in system.conf)
  3. Explicitly avoid syslog in syslog.service (StandardInput=journal)

For all I can tell, 1+2 is 100% equivalent to current defaults, while allowing 3 which solves your problem in above bug. You are welcome to test it and add comments to bug report :slight_smile:

On 2014-06-15 17:36, arvidjaar wrote:
>
> robin_listas;2649037 Wrote:
>> Yep, Bug 825135
> Ah, OK, now I remember. So the reason you do not see errors from syslogd
> is to avoid infinite loop (syslog emits errors which are forwarded to
> syslog which emits errors …)
>
> So what we actually want is to prevent output from syslog being
> forwarded to syslog, while retaining it for everything else. I think the
> following should work:
>
> - Disable forwarding to syslog by default in journald
> (ForwardToSyslog=no in journald.conf)
> - Set default syslog forwarding for systemd units instead
> (DefaultStandardOutput=syslog in system.conf)
> - Explicitly avoid syslog in syslog.service (StandardInput=journal)
>
> For all I can tell, 1+2 is 100% equivalent to current defaults, while
> allowing 3 which solves your problem in above bug. You are welcome to
> test it and add comments to bug report :slight_smile:

I have too many things in my plate, but I’ll write a note about it in my
To-Do list :wink:


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)