Logging to Remote Machines HowTo

About

This document shows how to configure client devices to send logging messages it produces to a remote logging server. Two cases will be presented, one using a statically configured address to a logging server and another where the logging server address will be provided from a DHCP lease.

For more information on logging in the systems, refer to the configuration guide:

Logging Configuration Guide.

Introduction

The system produces a lot of useful information to the user in the form of syslog messages. Most networks contain many different devices and in order to monitor all devices it can be useful to send the log messages they produce to a remote logging server. Having all relevant messages sent to one receiver makes it a lot easier to observe certain information at one specific source in a distributed setup.

Case 1: Statically configured log server

In this case, logging sinks are configured on the hosts to log towards a remote syslog server located at an explicitly provided IP address.

                        .---------.
                        | Syslog  |
                        | Server  |
                        |         |
                        '----+----'
                             |.20
                             |
                             |
-------+----------+----------+------- 192.168.1.0/24
       |          |          |
       |          |          |
       |.31       |.32       |.33
    .--+--.    .--+--.    .--+--.
    | H1  |    | H2  |    | H3  |
    '-----'    '-----'    '-----'

Figure 1: Example of a network with a number of hosts configured to send syslog messages with a severity of notice or higher towards the remote syslog server.

Configuration

Configure the host devices in the network to send any log message with a severity of notice and higher towards the syslog server located at 192.168.1.20.

Host configurations

Configure logging sinks on the necessary hosts in the network:

Hx:/#> configure
Hx:/config/#> logging
Hx:/config/logging/#> logging
Hx:/config/logging/#> sink
Hx:/config/logging/sink-1/#> target udp address 192.168.1.20
Hx:/config/logging/sink-1/#> priority *.notice
Hx:/config/logging/sink-1/#> leave
Hx:/#>

Case 2: Dynamically configured log server

In this case, logging sinks are configured on the hosts to log towards a remote syslog server located at an IP address provided by a DHCP lease. If a sink is configured to receive its IP address using DHCP it will dynamically start to log towards to provided target, if DHCP option 7 (log server) is included, when a new lease is received.

  .---------.           .---------.
  |  DHCP   |           | Syslog  |
  | Server  |           | Server  |
  |         |           |         |
  '----+----'           '----+----'
       |.10                  |.20
       |                     |
       |                     |
-------+----------+----------+------- 192.168.1.0/24
       |          |          |
       |          |          |
       |          |          |
    .--+--.    .--+--.    .--+--.
    | H1  |    | H2  |    | H3  |
    '-----'    '-----'    '-----'

Figure 2: Example of a network with a number of hosts configured to send syslog messages with a severity of notice or higher towards the remote syslog server, that has been specified by DHCP.

Configuration

Configure the host devices in the network to send any log message with a severity of notice and higher towards the syslog server provided by the DHCP lease acquired by the host.

Host configurations

Configure logging sinks on the necessary hosts in the network:

Hx:/#> configure
Hx:/config/#> logging
Hx:/config/logging/#> logging
Hx:/config/logging/#> sink
Hx:/config/logging/sink-1/#> target udp dhcp
Hx:/config/logging/sink-1/#> priority *.notice
Hx:/config/logging/sink-1/#> leave
Hx:/#>

DHCP Server configuration

Configure the DHCP Server to provide DHCP option 7 (log server) in its lease, pointing out the syslog server located at 192.168.1.20.

server:/#> configure
server:/config/#> dhcp-server
server:/config/dhcp-server/#> logging
server:/config/dhcp-server/#> log-server 192.168.1.20
server:/config/dhcp-server/#> subnet 192.168.1.0
server:/config/dhcp-server/subnet-192.168.1.0/#> leave
server:/#>

Tip

It is also possible to configure log-server on the subnet level and for individual static leases.

Troubleshooting

All configured logging sinks will ultimately generate configuration files that is used by the systems syslog daemon. These configuration files are located at /etc/syslog.d/.

In order to see if logging sinks are generated correctly observe that folder, this is could be especially helpful when debugging issues with DHCP configured logging sinks, where the syslog configuration files are generated dynamically when leases are obtained.

example:/#> shell
Domain shell started.
admin@example:~ # ls /etc/syslog.d/
50-default.conf  70-sink-1.conf   70-sink-2.conf  70-sink-dhcp-vlan1-1.conf
admin@example:~ # cat /etc/syslog.d/70-sink-dhcp-vlan1-1.conf
# This file is automatically generated

*.notice   192.168.1.20  ;rfc3164
admin@example:~ #