jbrooks Posted November 5, 2018 Share Posted November 5, 2018 Hi all, I'd love to be able to log programs to remote syslog. I've come across several posts by member here Xathros, but I haven't been able to replicate this.. For example, https://forum.universal-devices.com/topic/16861-isy-log-on-ios-or-web/. I see the syslog packets being received at the remote server, but syslog (rsyslogd to be more precise) seems to just ignore these messages, even though tcpdump identifies them as syslog content. Here's a verbose example of what tcpdump sees: Quote 02:05:03.873665 IP (tos 0x0, ttl 2, id 41580, offset 0, flags [none], proto UDP (17), length 93) 192.168.0.12.514 > 192.168.3.109.514: [udp sum ok] [|syslog] 0x0000: 4500 005d a26c 0000 0211 915a c0a8 000c E..].l.....Z.... 0x0010: c0a8 036d 0202 0202 0049 5e23 3230 3138 ...m.....I^#2018 0x0020: 2f31 312f 3035 2030 323a 3035 3a30 3520 /11/05.02:05:05. 0x0030: 3139 322e 3136 382e 302e 3132 203c 3132 192.168.0.12.<12 0x0040: 3e20 6973 796c 6f67 6765 7220 2d20 4953 >.isylogger.-.IS 0x0050: 5920 4d41 524b 202d 2054 4553 54 Y.MARK.-.TEST and an excerpt from my rsyslog.conf file: if $rawmsg contains "ISY" then /var/log/isy.log and here's how my network resource is defined. Protocol: udp Host: 192.168.3.109 (syslog server) Port: 514 Timeout: 1000 ms Mode: Raw Text Body: ${sys.date} ${sys.time} 192.168.0.12 <12> isylogger - ISY MARK - TEST I'm probably missing something obvious. I did catch in one of Xathros' posts that he removed a date/time stamp and IP address from his examples, so I probably just have that wrong. Tips greatly appreciated! cheers, Joel Link to comment
rodgetk Posted January 14, 2019 Share Posted January 14, 2019 Joel, No sure is this is to late... But I had same issue, but then it turned out I was missing LF (\n) in the end of the message. Try to hit ENTER after you message ending with TEST Thanks, /Roger Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.