(Solved) Syslog server not working?


je82

Recommended Posts

Hi,

 

I've setup syslogging both remote and to a share, it appears not to be doing any logging at all, have i missed anything? Im on unraid version 6.7.2

 

image.png.b6696e2921cafa801855b46013efa43d.png

 

No log files appears in the syslog share, no remote logging is being received from unraid system either.

 

Do i have to restart the syslog service via cli? Or restart the entire system?

 

The temporary syslog in /logging.html seems to be getting messages:

 

Quote

Feb 1 05:24:40 NAS sSMTP[2731]: Sent mail for [email protected] (221 2.0.0 closing connection y2sm5558643ljm.28 - gsmtp) uid=0 username=root outbytes=452
Feb 1 06:00:43 NAS ool www[21297]: /usr/local/emhttp/plugins/dynamix/scripts/rsyslog_config
Feb 1 06:00:45 NAS rsyslogd: [origin software="rsyslogd" swVersion="8.1903.0" x-pid="21580" x-info="https://www.rsyslog.com"] start
Feb 1 06:00:48 NAS ool www[21297]: /usr/local/emhttp/plugins/dynamix/scripts/rsyslog_config
Feb 1 06:00:50 NAS rsyslogd: [origin software="rsyslogd" swVersion="8.1903.0" x-pid="21633" x-info="https://www.rsyslog.com"] start
Feb 1 08:22:45 NAS kernel: mdcmd (501): spindown 7
Feb 1 08:23:09 NAS kernel: mdcmd (502): spindown 5
Feb 1 08:23:42 NAS kernel: mdcmd (503): spindown 10
Feb 1 08:23:45 NAS kernel: mdcmd (504): spindown 9
Feb 1 08:23:51 NAS kernel: mdcmd (505): spindown 8
Feb 1 08:24:07 NAS kernel: mdcmd (506): spindown 1

 

Edited by je82
Link to comment
1 minute ago, testdasi said:

If you want Unraid to write syslog to a local file on the Unraid server then the remote syslog server line should be the IP address of that same Unraid server.

thanks, i though you could have a remote syslog + logging to a share at the same time to create some kind of backup of the logs in case unraid goes down and you cannot access content on the shares.

 

i will setup a job on a server that mirrors the logfile created in the share essentailly giving me the same feature, thanks for the help!

Link to comment
  • 5 months later...
  • 2 weeks later...

I just turned on syslog on my UNRAID, I set the remote logging to the IP address of my unraid system, I stopped the array and rebooted (because I was not getting any logs). I did a diagnostic dump and saw error messages stating that there was possibly network connectivity on udp port (though the port is not listed but since the syslog is set for 514 that is what I figured isn't open on the unraid server).

 

Aug  3 18:53:54 Shark-Dive rsyslogd: omfwd/udp: socket 5: sendto() error: Network is unreachable [v8.2002.0 try https://www.rsyslog.com/e/2354 ]

 

I ran an nmap against my unraid server IP and it shows the server is not listening on UDP port 514.

 

How can I get udp 514 listening on my unraid server?

nmap-unraid-server.png

shark-dive-diagnostics-20200803-2009.zip

syslog-settings.png

Edited by SharkDiverToo
updated text and added syslog settings screenshot
Link to comment

Something has gone wrong in the syslog assignment. Did you make any manual changes?

rsyslogd  16070  root    5u  IPv4  29802      0t0  UDP 127.0.0.1:514 
rsyslogd  16070  root    6u  IPv4  29803      0t0  UDP 127.0.0.1:514 
rsyslogd  16070  root    8u  IPv4  30876      0t0  UDP *:44122 

Do the following actions to restore a default configuration and start from scratch.

  1. Delete the files "rsyslog.cfg" and "rsyslog.conf" in the /config folder on your flash device
  2. Reboot your server
  3. Configure the syslog server settings
Link to comment

I have not made any chages to the system. Was reading about the syslog and possibly using Splunk Docker to review logs (haven't set that up yet). All I did was turn on the syslog base on the information from teh forum and then wasn't seeing anything getting logged from teh server or my UniFi UDM (pointed the syslog of that to the unraid server IP as well).

 

7 hours ago, bonienl said:

Something has gone wrong in the syslog assignment. Did you make any manual changes?


rsyslogd  16070  root    5u  IPv4  29802      0t0  UDP 127.0.0.1:514 
rsyslogd  16070  root    6u  IPv4  29803      0t0  UDP 127.0.0.1:514 
rsyslogd  16070  root    8u  IPv4  30876      0t0  UDP *:44122 

Do the following actions to restore a default configuration and start from scratch.

  1. Delete the files "rsyslog.cfg" and "rsyslog.conf" in the /config folder on your flash device
  2. Reboot your server
  3. Configure the syslog server settings

I Just performed the:

 

  1. Delete the files "rsyslog.cfg" and "rsyslog.conf" in the /config folder on your flash device
  2. Reboot your server
  3. Configure the syslog server settings

I am still not seeing anything getting written to the syslog folder. I rebooted again after configuring the syslog. 

 

unraid is still not listening on port 514:

 

PS C:\Windows\system32> nmap -sU -p 514 10.0.10.30
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-04 10:20 Eastern Daylight Time
Nmap scan report for 10.0.10.30
Host is up (0.00013s latency).

PORT    STATE  SERVICE
514/udp closed syslog
MAC Address: 0C:C4:7A:DE:D8:A8 (Super Micro Computer)

Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds


 

Link to comment

I restarted in Safe Mode, port 514 is still shwoing as closed:

 

PS C:\Windows\system32> nmap -sU -p 514 10.0.10.30
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-05 10:14 Eastern Daylight Time
Nmap scan report for 10.0.10.30
Host is up (0.0010s latency).

PORT    STATE  SERVICE
514/udp closed syslog
MAC Address: 0C:C4:7A:DE:D8:A8 (Super Micro Computer)

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

 

Next I deleted the rsyslog.cfg & the rsyslog.conf again, rebooted back into Safe Mode again, still not listening on UDP 514:

 

PS C:\Windows\system32> nmap -sU -p 514 10.0.10.30
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-05 10:24 Eastern Daylight Time
Nmap scan report for 10.0.10.30
Host is up (0.00s latency).

PORT    STATE  SERVICE
514/udp closed syslog
MAC Address: 0C:C4:7A:DE:D8:A8 (Super Micro Computer)

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

 

Does rsyslog startup in Safe Mode? I went back to my Flash Drive and looking in the config directory, the rsyslog.cfg & rsyslog.conf were not recreated after deleting them and rebooting in Safe Mode. Should I be remvoing the rsyslog.local file as well? I see it contains the settings from the syslog GUI settings.

 

Thanks for your time and assistance with this.

 

 

Link to comment
  • 3 years later...

I had this same problem today on my UnRaid server.  When looking into the config file of rsyslog located in /boot/config/rsyslog.conf i noticed that the lines for the remote logging were not correct.

I removed the above config file. Went into Settings > SysLog Server and activated the local and remote logging.

The config file is recreated automatically with the right settings (rulesets remote ...)

And it works.

One remark:  if you check the system log you will see that rsyslogd is not able to start (rsyslogd: omfwd: could not get addrinfo for hostname ...).  rsyslogd will retry and resume a bit later. Probably because it starts too soon and DNS lookup is not working yet. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.