Using A Raspberry Pi As A Syslog-ng Server (Raspberry Pi)

After many years of using my ISPs provided router I have finally upgraded to a higher spec router which has several features the ISP provided one did not. One of these features is the option to send logs from the router to a syslog server. For this project I am going to use this router setting to send log messages from my router to my Raspberry Pi which will have syslog-ng installed.

What is Syslog-ng

syslog-ng uses the BSD syslog protocol to send messages containing host detail, date/time and some message contents (e.g. event details). For more details check out the Wikipedia page.

Installing Syslog-ng

sudo apt-get update

sudo apt-get install syslog-ng

This may take a few minutes depending on connectivity.

sudo apt-get install syslog-ng
sudo apt-get install syslog-ng

Once syslog-ng is installed, navigate to /etc/syslog-ng using:

cd /etc/syslog-ng
geektechstuff_pi_syslogng_2
cd /etc/syslog-ng

Before making any adjustments I recommend taking a back up of the syslog-ng.conf file:

sudo cp syslog-ng.conf syslog-ng_original_conf

will create a copy of syslog-ng.conf called “syslog-ng_original_conf“, so if anything goes wrong it can be copied back.

To open syslog-ng.conf for editing type:

sudo nano syslog-ng.conf
sudo nano syslog-ng.conf
sudo nano syslog-ng.conf

The syslog-ng.conf file may look a little complicated as it has multiple lines within it.

Inside syslog-ng.conf
Inside syslog-ng.conf

The syslog-ng.conf files is made up of four sections:

  • sources
  • destinations
  • filters
  • log paths

If you are only following along for this project, everything in the four above section of syslog-ng.conf can be commented (#) out, and then adding in:

Sources

source s_net { udp(ip(0.0.0.0) port(514)); };

This tells syslog-ng to allow UDP traffic from any network source on port 514, and calls it s_net.

Destinations

destination d_router { file("/var/log/router.log"); };

This tells syslog-ng to send anything that is marked for d_router to the file router.log, which I am placing under /var/log/.

Log Path

log { source(s_net); destination(d_router); };

This tells syslog-ng to log the messages coming into s_net to the destination d_router i.e. it uses the source and saves it to the destination.

Restarting Syslog-ng

After making a change to the .conf file, syslog-ng will need restarting:

sudo service syslog-ng restart

Sending Messages

My new router has a setting for sending it’s logs to a syslog server, as such it just needed the IP address of the Pi.

geektechstuff_pi_syslogng_8
Router – send to syslog server

Testing It works

To test that syslog-ng is receiving log messages and saving them to router.log, navigate to /var/log/ use tail to follow the router.log file:

cd /var/log/

tail -f router.log

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.