FAQ

Our Frequently Asked Questions section allows you to search for some addition / requested configuration for Remote Syslog.

1. How do I forward my local syslog to another syslog server?

Edit the following file:
“nano /opt/remotesyslog/syslog-ng”

#Add the following lines, where “IP or hostname” = your new remote syslog server:
destination remote_server {
tcp(“IP or hostname” port(514));
udp(“IP or hostname” port(514));
};
log { source(s_src); destination(remote_server); };

Run the Remote Syslog installer to apply the configuration:
“rsinstaller -r”

2. How do I include my local syslog to 1 file?

To include all local syslog to 1 file do:
“nano /etc/syslog-ng/syslog-ng.conf”

Add the following rules:
destination all_log { file(“/var/log/all_syslog.log”); };
log { source(“s_src”); destination(“all_log”); };

Then reload or restart the syslog-ng service:
“service syslog-ng reload” or “service syslog-ng restart”

3. How do I include my local syslog within the Remote Syslog viewer?

This option is included in version 1.1.2a. Run the following command to activate:
“rsinstaller -al”

To deactivated this function run:
“rsinstaller -rl”

If you run a version lower then 1.1.2a then you can activate this function manual. Just follow the instructions below.

Edit the rsview syslog-ng configuration file:
“nano /opt/remotesyslog/syslog-ng”

Add the following line:
log { source(“s_src”); destination(“Y”); };

Then run the rsinstaller to apply the configuration:
“rsinstaller -r”

4. How do I restore my default configuration?

You can restore the default configuration with the following command:
“rsinstaller -d”

5. How do I make my Remote Syslog server redundant?

Install 2 Remote Syslog Servers. Then add a primary and secondary host to your device configuration. If there is no option to add a secondary syslog server you could use option 2 of this section to forward the syslog messages.

6. How do I disable the loaddata.php messages in the apache 2 access.log?

Your log recieves the following messages:
172.168.29.251 – rsuser [25/May/2017:21:07:01 +0200] “GET /loaddata.php?randval=0.05259220201918463&_=1495738782510 HTTP/1.1” 200 548 “http://172.168.29.109/” “Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/6.0; rv:10.0) like Gecko”

This is the php page what request the realtime data. To disable this message do:

In this example we use ubuntu with the setenvif module enabled:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Add:

<VirtualHost *:80>
SetEnvIf Request_URI “^/loaddata.php” dontlog
</VirtualHost>

Change the CustomLog directive to:

<VirtualHost *:80>
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog
</VirtualHost>

If SSL is enabled create the following rules:
<VirtualHost *:443>
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog
SetEnvIf Request_URI “^/loaddata.php” dontlog
</VirtualHost>

7. How do i check my syslog-ng service?

You can check the status with:
“systemctl syslog-ng.service status”

Check for the text:
Active: active (running)

“If the service is running make sure it binds to TCP and/or UDP port 512. You can check it with:
“netstat -tuna”

Check for the text:
tcp 0 0 0.0.0.0:514
udp 0 0 0.0.0.0:514

8. How do i search for multiple strings of text?

Login as a regular user (root is not required) and run the following command:

grep -h “switch1\|switch2\|switch3” /var/log/remote_syslog/* | more

This will start a search for the text: switch1, switch2 or switch3  in the text files located in the /var/log/remote_syslog/ directory.

Lightweight and Responsive