Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How to configure syslog for Leostream

            Modified on Fri, 15 Dec, 2023 at 10:01 AM

            Release Date: 03/13/23
            Modified Date: 12/13/23


            Define the Syslog Server in System > Log Settings


            To configure syslog for the Leostream Connection Broker, the first step is to define the syslog server in System>Log.  This can be done by navigating to System>Log - Settings in the top left, then select ‘Enable syslog to remote host’ and enter the IP of the Syslog server. Example below:




            Testing syslog

             

            Any message that gets logged to the System > Log page should route to the syslog server.   Use the following steps to identify the issue if the Connection Broker messages are not logged to the remote server


            Step 1: Check the rsyslog.conf File


            Next, check the rsyslog.conf file on the syslog server to ensure that it is configured to receive logs from the Broker (The default path for the rsyslog.conf file is /etc/rsyslog.conf)



            Step 2: Test Connectivity to the Syslog Server


            To test connectivity to the Syslog server, use the ncat command to send a test message from the Broker to the Syslog server. To send a test message from the Broker, you can use the following command:


            echo "Test message from Connection Broker" | ncat <IP address> <port> -u


            This command sends a UDP message to the specified IP address and port. If the message is received by the Syslog server, it should appear in the logs.



            Step 4: Test if Messages are Received


            For Linux


            use the tcpdump command on the syslog server to test if messages are being received by the syslog server. Use the following command to make sure packets are being sent on port 514:


            tcpdump -Qin udp port 514


            This command verifies UDP packets are being sent/received on port 514 and displays them on the screen. If messages are being received by the Syslog server, they should appear in the output of the tcpdump command.


            For Windows


            Use the windump command on the syslog server to see if messages are bereceived by the syslog server. Use the following command to make sure packets are being sent on port 514:


            windump -i <interface> port 514


            Replace interface with the name of the network interface that the syslog is listening on i.e. 'Ethernet' or 'Wi-Fi'


            After running the above command, generate log messages on the Broker and to see if they are being captured correctly on the syslog.



            © Copyright 2023 Leostream Corporation



            Preview
            0 of 0