From PlugWiki

I've a number of devices on my network which I'd like to centrally monitor. The Syslog protocol is trivial to implement and easy to capture. I turned my Sheeva Plug into a central repository for these messages. This page describes the steps necessary to get this running. (I'm running Ubuntu on my Sheeva Plug.)

Contents 1 Understanding Syslog 2 Configuring the Sheeva Syslog Daemon 2.1 Same or separate file? 2.2 Enabling logging from other machines 2.3 Restarting the Daemon 3 Sources for Syslog Messages 4 Viewing the Sheeva Syslog files

Understanding Syslog

A great introduction can be found at Wikipedia [Syslog]
The syslog facility is described in detail in [RFC 3164] (and others.)

It's a long document. Here are the essential details I cared about:

• Transport is via UDP protocol at port 514
• UDP is not guaranteed delivery (for the moment, I don't care. There are, however, optional transports which do guarantee delivery should we need.)
• Each syslog message is comprised of Priority, Header and Message
• Facility and Severity are used to categorize messages. These are combined to form the Priority of a syslog message
• The Header contains the timestamp and the hostname of the originating machine
• We can't get too long in the message as the overall size must be 1024 bytes or less

Configuring the Sheeva Syslog Daemon

The syslog deamon is not setup as we need it to be for this effort. Here's what I had to do to make it work.

Same or separate file?

Once you've decided what facility you are using for your messages you may decide to route some of the traffic to separate files. The message destinations are controlled by /etc/syslog.conf. Edit the file:

vi /etc/syslog.conf

In my case i'm using local4 as my facility for XBee radio traffic (Generally, any of the local* facilities are a good choice) and I want the traffic sent to its own file. I added the following entry (near the bottom of the file):

local4.*      /var/log/local4.log  # this probably could be xbee-radio-trf.log

and save your file. I then had to create the empty log file and correct it's ownership to complete this part of things. I determined ownership needed simply by setting the new log file to the same ownership as the /var/log/syslog file since it must be correct. Here are the commands I used:

touch /var/log/local4.log
chown syslog:adm /var/log/local4.log

NOTE: Details on the format of entries in syslog.conf can be found in the man page:

man syslog.conf

Enabling logging from other machines

By default, accepting log entries from other systems is disabled on Ubuntu systems. There is a single environment variable you will need to set and then restart the daemon to get it accepting messages. The file /etc/default/syslogd is our file which contains the variable value we need to alter. Edit the file:

vi /etc/default/syslogd

find the line:

SYSLOGD=""

and add a -r option to enable listening for remote logging attempts, editing the line as follows:

SYSLOGD="-r"

and save your file.

Restarting the Daemon

Now that the configuration is set correctly, we need to restart the daemon with:

/etc/init.d/sysklogd restart 
 * Restarting the system log daemon...           [ok]

Sources for Syslog Messages

I've a number of machines on my network which can generate syslog traffic:

• My Linux machines
• My Linksys (wrt54g) access points
• Some of my Windows .NET applications (hey, it's amazing how quickly some of this can be cobbled together and used)
  • See: [a Low-Overhead Syslog Message Sender Class]
• Perl scripts using [Net::Syslog]
• and (for really quick testing) the test command on the Sheeva Plug itself

/usr/bin/logger -p local4.0 "testing"

Viewing the Sheeva Syslog files

Before I started creating any scripts or programs to process the data I wanted to make sure the syslog traffic was arriving as I expected. I used a number of techniques:

• watch the contents arrive in the file as it is written to:

tail -f /var/log/local4.log
Aug  3 01:29:57 sheeva root: testing
Aug  3 01:30:17 sheeva root: testing
Aug  3 01:30:17 sheeva root: testing
Aug  3 01:48:20 nxt nxt Xbee Tx (21) 7E 00 11 10 00 00 00 00 00 00 00 FF FF FF FE 00 08 A5 02 01 44
Aug  3 01:48:20 nxt nxt Xbee Rx (27) 7E 00 17 90 00 13 A2 00 40 30 D0 C0 62 D3 01 A5 03 02 CD EF 4B 5A 30 51 00 02 F6
Aug  3 01:50:12 nxt nxt Xbee Tx (21) 7E 00 11 10 00 00 13 A2 00 40 30 D0 C0 62 D3 00 00 A5 02 01 5D

• review the log formatted well and presented via the web server back end of the Sheeva Plug.
  • I used the free download ([PhpLogCon]