GeekTechStuff

,

Using A Raspberry Pi As A Syslog-ng Server (Raspberry Pi)

Published by

Geek_Dude

on

Using A Raspberry Pi As A Syslog-ng Server (Raspberry Pi)

After many years of using my ISPs provided router I have finally upgraded to a higher spec router which has several features the ISP provided one did not. One of these features is the option to send logs from the router to a syslog server. For this project I am going to use this router setting to send log messages from my router to my Raspberry Pi which will have syslog-ng installed.

What is Syslog-ng

syslog-ng uses the BSD syslog protocol to send messages containing host detail, date/time and some message contents (e.g. event details). For more details check out the Wikipedia page.

Installing Syslog-ng

sudo apt-get update

sudo apt-get install syslog-ng

This may take a few minutes depending on connectivity.

sudo apt-get install syslog-ng
sudo apt-get install syslog-ng

Once syslog-ng is installed, navigate to /etc/syslog-ng using:

cd /etc/syslog-ng
geektechstuff_pi_syslogng_2
cd /etc/syslog-ng

Before making any adjustments I recommend taking a back up of the syslog-ng.conf file:

sudo cp syslog-ng.conf syslog-ng_original_conf

will create a copy of syslog-ng.conf called “syslog-ng_original_conf“, so if anything goes wrong it can be copied back.

To open syslog-ng.conf for editing type:

sudo nano syslog-ng.conf
sudo nano syslog-ng.conf
sudo nano syslog-ng.conf

The syslog-ng.conf file may look a little complicated as it has multiple lines within it.

Inside syslog-ng.conf
Inside syslog-ng.conf

The syslog-ng.conf files is made up of four sections:

  • sources
  • destinations
  • filters
  • log paths

If you are only following along for this project, everything in the four above section of syslog-ng.conf can be commented (#) out, and then adding in:

Sources

source s_net { udp(ip(0.0.0.0) port(514)); };

This tells syslog-ng to allow UDP traffic from any network source on port 514, and calls it s_net.

Destinations

destination d_router { file("/var/log/router.log"); };

This tells syslog-ng to send anything that is marked for d_router to the file router.log, which I am placing under /var/log/.

Log Path

log { source(s_net); destination(d_router); };

This tells syslog-ng to log the messages coming into s_net to the destination d_router i.e. it uses the source and saves it to the destination.

Restarting Syslog-ng

After making a change to the .conf file, syslog-ng will need restarting:

sudo service syslog-ng restart

Sending Messages

My new router has a setting for sending it’s logs to a syslog server, as such it just needed the IP address of the Pi.

geektechstuff_pi_syslogng_8
Router – send to syslog server

Testing It works

To test that syslog-ng is receiving log messages and saving them to router.log, navigate to /var/log/ use tail to follow the router.log file:

cd /var/log/

tail -f router.log

 

 

Hello,

Welcome to GeekTechStuff

my home away from home and where I will be sharing my adventures in the world of technology and all things geek.

The technology subjects have varied over the years from Python code to handle ciphers and Pig Latin, to IoT sensors in Azure and Python handling Bluetooth, to Ansible and Terraform and material around DevOps.

Let’s connect

Join the fun!

Stay updated with the sites latest blog posts by joining the newsletter.

Recent posts