Add option for remote syslog in WebGUI


Recommended Posts

32 minutes ago, dlandon said:

Ok.  It seems I did have an issue like this.  I changed the rule and we'll see how it works.

fingers crossed :)

32 minutes ago, dlandon said:

I'm extremely grateful for the syslog server capability and now with being able to filter a large number of extraneous messages from the router log

yes!  thank you very much @bonienl!

Link to comment
On 2/25/2019 at 5:54 AM, bonienl said:

The current implementation ensures the user selects a folder which does already exist. This is mandatory for the service to work.

I keep thinking about this. I can't think of a reason why anybody would want a bunch of log files at the root of any share, unless they create the share specifically for this purpose.

 

Would it make sense to automatically create and use a "logs" directory under whatever share the user chooses? That feels more organized out of the box.

Link to comment
  • 1 year later...

Does this method of log filtering still work?  I am not having any luck filtering out a message after closely following the instructions in this thread and others.

 

message I want to filter out:

Jul 19 16:19:32 TowerMediaServ kernel: 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85.

I have tried every possible combination of filter syntax that I can think of and applied them to /etc/rsyslog.d/01-blocklist.conf and also in /etc/rsyslog.d/02-blocklist-extra.conf:

:msg,contains,"Error: Nothing to do" stop
:msg,contains,"user \"logout\" was not found in \"/etc/nginx/htpasswd\", client" stop
:msg,contains,"ERROR: (0x03:0x0101)" stop
:msg,contains," ERROR: (0x03:0x0101)" stop
:msg,contains," 3w-9xxx: scsi1: ERROR: (0x03:0x0101)" stop
:msg,contains," 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop
:msg,contains," (0x03:0x0101)" stop
:msg,contains," (0x03:0x0101):" stop
:msg,contains," (0x03:0x0101): " stop
:msg,contains,"opcode=0x85" stop
:msg,contains,"opcode=0x85." stop
:msg,contains,"opcode:opcode=0x85." stop
:msg,isequal," 3w-9xxx: scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop
:msg,isequal," scsi1: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop
:msg,isequal," ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x85." stop
:msg,isequal," (0x03:0x0101): Invalid command opcode:opcode=0x85." stop
:msg,isequal," Invalid command opcode:opcode=0x85." stop
:msg,isequal,"opcode=0x85." stop
:msg,isequal,"  (0x03:0x0101)" stop
:msg,isequal,"  (0x03:0x0101):" stop
:msg,isequal,"  (0x03:0x0101): " stop
:msg,isequal," Invalid command opcode" stop

After any changes to the 01-blocklist.conf or 02-blocklist-extra.conf I've restarted rsyslog.d with this command:

/etc/rc.d/rc.rsyslogd restart

I've also tried rebooting after tweaking the blocklist files...but the message still persists...Do I have the filter syntax wrong?  Or has there been some sort of change recently that could explain why this isn't working for me?

Link to comment

Anyone have any thoughts? Would really appreciate some assistance with this because it's been plaguing me for years.  The root cause of the error has no apparent impact on performance but it is so prevalent in the syslog that it's obfuscating all the important information.  If I can get it automatically filtered out of the syslog that would be extremely helpful!!

Link to comment
47 minutes ago, tallguydirk said:

Anyone have any thoughts? Would really appreciate some assistance with this because it's been plaguing me for years.  The root cause of the error has no apparent impact on performance but it is so prevalent in the syslog that it's obfuscating all the important information.  If I can get it automatically filtered out of the syslog that would be extremely helpful!!

You might be better off with a separate topic with more specific details. Your query is quite a bit different from the topic title.

Link to comment
  • 10 months later...

Hello,

I got unraid's syslog server running and got some questions:

I created a new share named "syslog" - nothing fancy, but the logfile that appears hase this sign:

 

root@Tower:/mnt/user/syslog# ls
syslog-10.34.51.69.log

 

i rather have a hostname instead of the ip, since ip address could change since, you know, dhcp. Yes, this particular ip is from my workstation but that workstation also got virtualbox running with at least 2 vm's active... I want to set those vm's up to send there logs also to unraid - Checking configuration or denied errors on all those machines driving me nuts - so yeah syslog 🙂

 

* Sooo how can I tell unraid to create syslog-$hostname.log and

* How can I see the logs realtime on eg tower.local/logging.htm ?

 

Regards,

Sjoerd

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.