Logging /var/log/messages to CIFS

Discussion in 'Tomato Firmware' started by RobNC, Oct 21, 2007.

  1. RobNC

    RobNC Network Guru Member

    Is there a way to log the /var/log/messages to CIFS to my CentOS server instead of the router's RAM or SNMP? I don't want to use syslog because last time I did that, it seemed that the linux machine's logs and the router's logs were overlapping and it's not so easy to "tail -f" that.

    I saw one way to possibly do this here:

    but that's for bandwidth monitoring, not the messages. Mainly, I want to use this for iptables logging. I also don't want to use JFFS for obvious reasons (one of them being lack of space).
  2. mstombs

    mstombs Network Guru Member

    The best way is to use the remote log function - but you have to run something on your router to file the messages that are sent. I recently confirmed in this thread the old windoze Linksys linklogger utility still functions http://www.linksysinfo.org/forums/showthread.php?t=54963
  3. RobNC

    RobNC Network Guru Member

    Want to use existing Linux server

    Thanks, but I don't necessarily want to use the Linksys tool. I have syslogd running on CentOS but the router logs get interspersed with the CentOS server logs. Perhaps the best way to work around this would be to figure out how to have external devices log to a different file than /var/log/messages but right now that's beyond me. I thought about SNMP but I might not have any hair left or a job after I get that working. :)
  4. sauce

    sauce Network Guru Member

    if you search i'm sure the answer is here.

    syslogd is simple, its not able to act as a remote logging service. you want to check out syslog-ng as an alternative. a few extra lines in the config to catch UDP packets from the router on the logging daemon port, and you're good to go. mine logs to /var/log/linksys.
  5. RobNC

    RobNC Network Guru Member


    Yup I think you're right...

    FWIW, for CentOS 5 and Fedora (presumably), you have to modify /etc/syslog.conf and don't forget to create the output file (i.e., "touch /var/log/router"). Also, need to edit /etc/sysconfig/syslog to specify:
    SYSLOGD_OPTIONS="-m 0 -r" and then either "/etc/init.d/syslog restart" or "service syslog restart".

    EDIT: note that the page mentioned above does NOT work as expected. It does not just log stuff from your router's IP but also your Linux box. So consider the above instructions *BROKEN* for CentOS and perhaps all RedHat-type distributions. Syslog doesn't seem to allow JUST the WRT logs to go to the file /var/log/router as specified above. See "man syslog.conf".
  6. hpsmartyz

    hpsmartyz LI Guru Member

    Hi RobNC,

    it is quite straight forward to get the wrt logs.
    You have to log externally (tick the option in tomato)
    and, using syslog-ng, in the .cong file set:

    source wrt { udp(ip(yourCentOSIP) port (514));};

    destination wrtlog { file("/path/to/wrt.log"); };

    log { source(wrt); destination(wrtlog); };

    all logs from the router will then be sent to the file /path/to/wrt.log

    I strongly then suggest to refine the filtering and destination files
    because logs get quite heavy.
    If you need further support do not hesitate, hopping that I can help
  7. RobNC

    RobNC Network Guru Member

    syslog-ng - seems not available via repository?

    Seems like syslog-ng is not available via repository, unfortunately. Is that because of the restrictive licensing?
  8. HennieM

    HennieM Network Guru Member

    How about a startup script (or maybe the CIFS start script) that deletes /var/log/messages on the router, and then makes a symlink /var/log/messages to some file on CIFS?
  9. roadkill

    roadkill Super Moderator Staff Member Member

    this looks like a good idea...
    and syslog-ng is avaiable on Ubuntu via Universe repository
  10. hpsmartyz

    hpsmartyz LI Guru Member


    could you clarify what do you mean by not available via repository?

  11. mstombs

    mstombs Network Guru Member

    and watch the poor little router die with "Error - can't write to system log" messages!
  12. RobNC

    RobNC Network Guru Member

    syslog-ng not avail via repository explained

    Not available here:

    or here:
    ... I'm just getting tired of listing repositories for which syslog-ng is not found.:mad:

    I found it here: http://rpm.pbone.net but of course dependencies failed and I don't want to go down that dependency h*ll hole.

    I could probably do it manually but experience shows it's best to use a repository that is maintained and reliable.
  13. hpsmartyz

    hpsmartyz LI Guru Member

  14. RobNC

    RobNC Network Guru Member

    EL4 but not EL5

    Thanks, but that's for "el4" which means CentOS4. I'm running CentOS5 (EL5). I already have that repository in my list, and if you try to install it manually, it tells of a bunch of dependencies needed.
  15. HennieM

    HennieM Network Guru Member

    Scripted a SymLink for /var/log/messages

    @mstombs: Why would the little router die,.... or did you just want me to sort the script out for you ;-)

    Well, here it is:-
    (I mount a CIFS share on /cifs1 as guest, allowing any file on this share to be executed)

    Execute When Mounted: /cifs1/msg2cifsmsg

    # HennieM's cifs1 startup script to pipe Tomato /var/log/messages to /cifs1/GLmessages
    cd /var/log
    cat messages >> /cifs1/GLmessages
    rm messages;ln -s /cifs1/GLmessages messages
    And here's what the /var/log directory looks like:
    # pwd
    # ls -al
    drwxr-xr-x    1 root     root            0 Jan  1 01:59 .
    drwxr-xr-x    1 root     root            0 Jan  1 01:59 ..
    lrwxrwxrwx    1 root     root           17 Jan  1 02:00 messages -> /cifs1/GLmessages
    And it works like a charm. You even retain your previous logs...
  16. mstombs

    mstombs Network Guru Member

    Well, perhaps I should have added a smiley- but what happens when the cifs connection or server fails? Remote syslog is udp so doesn't care if message gets through or not, where does the router send the message "can't write to system log file"?.
  17. dakotageek

    dakotageek LI Guru Member

    I tried using the logging script mentioned by 'HennieM' on Tomato 1.15, but it seems that the system log is rotating the logs which causes it to rotate the symbolically linked file as well. Any thoughts if remote logging would be a better way of doing this in Tomato 1.15.

    Also, how can I find lost connections in the logs as I am tracking down issues with my router connected to a wireless modem that does not occur when attached directly to my Linux box. I get the feeling that it is not renewing the lease correctly, and so the connection is lost.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice