DGN2000 to RPI Syslog Server

[Kymru]

I am having some issues with my internet connection, disconnects and reconnects every minute or 2, instead of me relying on the not so good memory of the router, i was hoping to send the logs to a syslog server on one of my Pi's, then if need be i can send those logs to my ISP if i needed to

my router is a Netgear DGN2000 and i can send logs to a single IP address or i broadcast on LAN, which what would be the best way of setting up a syslog server on my Pi to store the router logs?

thanks

[DougieLawson]

Raspbian comes with rsyslogd installed.

So it's a case of configuring it for remote syslogging from your router/switch

http://www.rsyslog.com/guides/ is the home page for the docs.

http://www.rsyslog.com/receiving-messag ... te-system/ looks like what you want to do and the arcane incantations you'll need to add to /etc/rsyslog.conf to get it listening to port 514.

I updated these lines in /etc/rsyslog.conf

Code: Select all

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Once it's listening you can test it with telnet.

Code: Select all

telnet localhost 514
hello logger log this
warn:log this as warn
>>>> then press CTRL+] followed by quit to exit from telnet

And this turned up in the bottom of /var/log/messages

Code: Select all

Dec 21 17:43:30 pi rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="4771" x-info="http://www.rsyslog.com"] start
Dec 21 17:44:03 hello logger log this#015
Dec 21 17:44:20 localhost warn: log this as warn#015

You may need to look more deeply at what your router sends, you may be able to create a log just for the router.

[Kymru]

Thank you DougieLawson, i had a quick read and got a headache, i tried the Telnet to the Pi and what i wrote did appear in /var/log/messages but i am still waiting for anything from the router, ill investigate some more

[DougieLawson]

If you reboot your router it should at least log it's "Good Morning" message

Code: Select all

Sun, 2013-12-22 hh:mm:ss - NETGEAR activated

And some more if you login to the admin panels.

Although I wouldn't trust the plonkers @ NETGEAR as far as I could spit them to get this stuff right.
http://pages.cs.wisc.edu/~plonka/netgear-sntp/

[Kymru]

If you reboot your router it should at least log it's "Good Morning" message

Code: Select all

Sun, 2013-12-22 hh:mm:ss - NETGEAR activated

And some more if you login to the admin panels.

Although I wouldn't trust the plonkers @ NETGEAR as far as I could spit them to get this stuff right.
http://pages.cs.wisc.edu/~plonka/netgear-sntp/

yay it works, as of just now, this is what is being logged

Code: Select all

Dec 23 12:46:14 192.168.0.1 <DDNS>HTTP cannot connected
Dec 23 12:46:19 LCP down. 
Dec 23 12:46:28 Initialize LCP. 
Dec 23 12:46:28 LCP is allowed to come up.
Dec 23 12:46:34 CHAP authentication success
Dec 23 12:46:47 192.168.0.1 <DDNS>Update OK: good
Dec 23 12:48:04 LCP down. 
Dec 23 12:48:12 Initialize LCP. 
Dec 23 12:48:12 LCP is allowed to come up.
Dec 23 12:48:18 CHAP authentication success
Dec 23 12:49:27 192.168.0.1 <DDNS>HTTP cannot connected
Dec 23 12:49:38 LCP down. 
Dec 23 12:49:45 Initialize LCP. 
Dec 23 12:49:46 LCP is allowed to come up.
Dec 23 12:49:48 CHAP authentication success
Dec 23 12:50:18 192.168.0.1 <DDNS>Update OK: good
Dec 23 12:52:29 LCP down. 
Dec 23 12:52:36 Initialize LCP. 
Dec 23 12:52:36 LCP is allowed to come up.
Dec 23 12:53:36 Initialize LCP. 
Dec 23 12:53:36 LCP is allowed to come up.
Dec 23 12:54:36 Initialize LCP. 
Dec 23 12:54:36 LCP is allowed to come up.
Dec 23 12:55:36 Initialize LCP. 
Dec 23 12:55:36 LCP is allowed to come up.
Dec 23 12:56:36 Initialize LCP. 
Dec 23 12:56:36 LCP is allowed to come up.
Dec 23 12:57:36 Initialize LCP. 
Dec 23 12:57:36 LCP is allowed to come up.
Dec 23 12:58:37 Initialize LCP. 
Dec 23 12:58:37 LCP is allowed to come up.
Dec 23 12:59:37 Initialize LCP. 
Dec 23 12:59:37 LCP is allowed to come up.
Dec 23 13:00:37 Initialize LCP. 
Dec 23 13:00:37 LCP is allowed to come up.
Dec 23 13:01:04 CHAP authentication success
Dec 23 13:01:14 192.168.0.1 <DDNS>Update OK: good
Dec 23 13:02:31 Send out NTP request to 194.35.252.7
Dec 23 13:03:44 LCP down. 
Dec 23 13:03:57 Initialize LCP. 
Dec 23 13:03:57 LCP is allowed to come up.
Dec 23 13:04:58 Initialize LCP. 
Dec 23 13:04:58 LCP is allowed to come up.
Dec 23 13:05:26 Initialize LCP. 
Dec 23 13:05:26 LCP is allowed to come up.
Dec 23 13:06:26 Initialize LCP. 
Dec 23 13:06:26 LCP is allowed to come up.
Dec 23 13:06:35 CHAP authentication success
Dec 23 13:07:49 192.168.0.1 <DDNS>HTTP cannot connected
Dec 23 13:08:09 LCP down. 
Dec 23 13:08:18 Initialize LCP. 
Dec 23 13:08:18 LCP is allowed to come up.
Dec 23 13:08:18 CHAP authentication success
Dec 23 13:09:30 192.168.0.1 <DDNS>HTTP cannot connected
Dec 23 13:09:38 LCP down. 
Dec 23 13:09:46 Initialize LCP. 
Dec 23 13:09:46 LCP is allowed to come up.
Dec 23 13:09:46 CHAP authentication success
Dec 23 13:09:55 192.168.0.1 <DDNS>Update OK: good
Dec 23 13:11:56 LCP down. 
Dec 23 13:12:40 Initialize LCP. 
Dec 23 13:12:40 LCP is allowed to come up.
Dec 23 13:13:40 Initialize LCP. 
Dec 23 13:13:40 LCP is allowed to come up.
Dec 23 13:13:50 CHAP authentication success
Dec 23 13:14:19 192.168.0.1 <DDNS>Update OK: good
Dec 23 13:14:45 Send out NTP request to time-g.netgear.com
Dec 23 13:17:23 Send out NTP request to 194.35.252.7
Dec 23 13:17:40 LCP down. 
Dec 23 13:18:02 Initialize LCP. 
Dec 23 13:18:02 LCP is allowed to come up.
Dec 23 13:18:08 CHAP authentication success
Dec 23 13:18:17 192.168.0.1 <DDNS>Update OK: good

[Kymru]

trying to follow this to get the logs into their own file http://www.rsyslog.com/storing-messages ... ific-file/ but not having much luck

this doesnt seem to work

Code: Select all

$ModLoad imtcp
$InputTCPServerRun 514
# do this in FRONT of the local/regular rules
if $fromhost-ip startswith '192.168.0.' then /var/log/router.log
& ~
# local/regular rules, like
*.* /var/log/syslog.log

my router's IP is 192.168.0.1

[DougieLawson]

Trace the TCP or UDP traffic coming in to you RPi and you may be able to see what log stream it is written on.

Else you'd need to ask on a Netgear forum.

Tracing with tcpdump is easy. The trace files can be formatted with Wireshark on Windows. Or for masochists with tcpdump on your RPi.