How to configure syslog for Leostream

Modified on Fri, 15 Dec 2023 at 10:01 AM

Release Date: 03/13/23
Modified Date: 12/13/23


Define the Syslog Server in System > Log Settings


To configure syslog for the Leostream Connection Broker, the first step is to define the syslog server in System>Log.  This can be done by navigating to System>Log - Settings in the top left, then select ‘Enable syslog to remote host’ and enter the IP of the Syslog server. Example below:




Testing syslog

 

Any message that gets logged to the System > Log page should route to the syslog server.   Use the following steps to identify the issue if the Connection Broker messages are not logged to the remote server


Step 1: Check the rsyslog.conf File


Next, check the rsyslog.conf file on the syslog server to ensure that it is configured to receive logs from the Broker (The default path for the rsyslog.conf file is /etc/rsyslog.conf)



Step 2: Test Connectivity to the Syslog Server


To test connectivity to the Syslog server, use the ncat command to send a test message from the Broker to the Syslog server. To send a test message from the Broker, you can use the following command:


echo "Test message from Connection Broker" | ncat <IP address> <port> -u


This command sends a UDP message to the specified IP address and port. If the message is received by the Syslog server, it should appear in the logs.



Step 4: Test if Messages are Received


For Linux


use the tcpdump command on the syslog server to test if messages are being received by the syslog server. Use the following command to make sure packets are being sent on port 514:


tcpdump -Qin udp port 514


This command verifies UDP packets are being sent/received on port 514 and displays them on the screen. If messages are being received by the Syslog server, they should appear in the output of the tcpdump command.


For Windows


Use the windump command on the syslog server to see if messages are bereceived by the syslog server. Use the following command to make sure packets are being sent on port 514:


windump -i <interface> port 514


Replace interface with the name of the network interface that the syslog is listening on i.e. 'Ethernet' or 'Wi-Fi'


After running the above command, generate log messages on the Broker and to see if they are being captured correctly on the syslog.




© Copyright 2023 Leostream Corporation