Raspberry PI: Ubuntu rsyslog server

I decided a while back that my home network needed some kind of centralised system logging mechanism. Actually, I was rummaging around in some old junk and found my old Raspberry PI version 2 and it got me thinking that it was just going to waste doing nothing sitting there and what a wonderful idea it would be to actually set up the home office syslog server that has been a long time coming.

I did a quick format of the SD card and install of Ubuntu 18.04.2 LTS.
At the time of writing you can download the OS from here https://www.ubuntu.com/download/iot/raspberry-pi-2-3 selecting the appropriate image for your PI. I set about eagerly getting all the basics in place, network connectivity, host-name etc. I had to look at some of the guides online as admittedly it had been some time and I had never exactly set up a syslog server before. But hey, how hard can it be!

Rsyslog Setup

My version of Ubuntu came with the rsyslog component already installed. I added a new dynamic configuration file under /etc/rsyslog.d/10-remote.conf any .conf files under this directory are automatically loaded on service startup.

My personal preference is nano but user whichever editor you prefer

sudo nano /etc/rsyslog.d/10-remote.conf

then I added the following lines

 $ModLoad imudp  
 $UDPServerRun 514 
#$AllowedSender UDP, 192.0.2.0/24 
 $template RemoteStore, "/var/log/remote/%HOSTNAME%/%programname%/%timegenerated:1:10:date-rfc3339%.log"
 :source, !isequal, "localhost" -?RemoteStore 
 :source, isequal, "last" ~  

I commented out the allowed sender command, as in may case access is only permitted from within the internal network enforced by ACLs on the router. But I have left it in case it comes in use. You can also configure the server to receive over TCP however syslog is typically used over UDP and I will only be using UDP. You can mess with the $template line to get the logs to output into the file system almost however you would like. %variables% are dynamic.

After restarting the service using the following command I proceeded to test the setup.

sudo service rsyslog restart

Testing

I used a simple PHP script on my Windows machine to send a syslog message to my newly configured syslog server.

function send_remote_syslog($message, $component = "TestComponent", $program = "TestProg") {
    $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
    foreach(explode("\n", $message) as $line) {
        $syslog_message = "<22>" . date('M d H:i:s ') . $program . ' ' . $component . ': ' . $line;
        socket_sendto($sock, $syslog_message, strlen($syslog_message), 0, '192.168.10.150', 514);
    }
    socket_close($sock);
}

 send_remote_syslog("Test"); 

The resulting log file can be found under /var/log/remote/TestProg/TestComponent/[date].log file

4 thoughts on “Raspberry PI: Ubuntu rsyslog server”

  1. Hi Dan, this is great. I’ve been looking for an easy solution to have all my ESP8266/ESP32 devices log system messages too and knew about SysLog but wasn’t sure where to host the service. Did you find any open source tools with a web-UI where you can view and cleanup logs too? Prometheus, Grafana Loki are too overkill. Also adding a cron job to logrotate the log files would be a good addition. Thanks for sharing!

  2. Wow, awesome blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your website is wonderful, let alone the content!

    Keep on working, great job!

  3. Excellent post. I was checking continuously this weblog and I’m inspired! Extremely useful info specifically the last section 🙂 I maintain such information much. I was seeking this certain info for a long time. Thanks and good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *