Define the Syslog Server in System > Log Settings
To configure syslog for the Leostream Connection Broker, the first step is to define the syslog server in System>Log. This can be done by navigating to System>Log - Settings in the top left, then select ‘Enable syslog to remote host’ and enter the IP of the Syslog server. Example below:
Any message that gets logged to the System > Log page should route to the syslog server. Use the following steps to identify the issue if the Connection Broker messages are not logged to the remote server
Step 1: Check the rsyslog.conf File
Next, check the rsyslog.conf file on the syslog server to ensure that it is configured to receive logs from the Broker (The default path for the rsyslog.conf file is /etc/rsyslog.conf)
Step 2: Test Connectivity to the Syslog Server
To test connectivity to the Syslog server, use the ncat command to send a test message from the Broker to the Syslog server. To send a test message from the Broker, you can use the following command:
echo "Test message from Connection Broker" | ncat <IP address> <port> -u
This command sends a UDP message to the specified IP address and port. If the message is received by the Syslog server, it should appear in the logs.
Step 4: Test if Messages are Received
use the tcpdump command on the syslog server to test if messages are being received by the syslog server. Use the following command to make sure packets are being sent on port 514:
tcpdump -Qin udp port 514
This command verifies UDP packets are being sent/received on port 514 and displays them on the screen. If messages are being received by the Syslog server, they should appear in the output of the tcpdump command.
Use the windump command on the syslog server to see if messages are bereceived by the syslog server. Use the following command to make sure packets are being sent on port 514:
windump -i <interface> port 514
Replace interface with the name of the network interface that the syslog is listening on i.e. 'Ethernet' or 'Wi-Fi'
After running the above command, generate log messages on the Broker and to see if they are being captured correctly on the syslog.