Hello!
New Teltonika device user here.
I am trying to find out if and how I can configure devices(RUTMs and TSW switches) to send logs to a syslog-server? I can find how to, for example, send traffic logs via periodic FTP transfers to a FTP server, but nothing that shows how to setup basic syslog logging to a remote syslog server on the device!
Is this even possible? I would like to get all the system events, as well as the traffic logging(firewall logs, connection logs, etc.) sent to our syslog server…
All logs are sent. Firewall logs are not enabled by default change the setting via Network->Firewall->Zones edit the zone and go to the advanced settings tab.
The logs are very verbose. I’ve got 3 units shipping logs to a Graylog server and together they account for 80% of the daily message volume, over 500,000 messages per day. Every DNS query is logged, for example.
I checked the command that’s used to ship the log, and it’s just /sbin/logread -f -r your.log.server 514 -p /var/run/logread.2.pid -u -h your-device-hostname
Checking the help, it seems like some GUI knobs to control the -z or -Z options could help cut down on the verbosity. Would be nice to see this…
Usage: logread [options]
Options:
-s <path> Path to ubus socket
-l <count> Got only the last 'count' messages
-e <pattern> Filter messages with a regexp
-r <server> <port> Stream message to a server
-F <file> Log file
-S <bytes> Log size
-p <file> PID file
-h <hostname> Add hostname to the message
-P <prefix> Prefix custom text to streamed messages
>> -z <facility> handle only messages with given facility (0-23), repeatable
>> -Z <facility> ignore messages with given facility (0-23), repeatable
-f Follow log messages
-u Use UDP as the protocol
-t Add an extra timestamp
-0 Use \0 instead of \n as trailer when using TCP
