Syslog Logging for Devices?

Hello!

Trying to figure out the logging mechanisms for our Teltonika RUTM51 and TSW202 devices.
I have enabled logging and receiving logs on my syslog server(Elastic) and getting for example Firewall REJECT logs, but no other traffic logs.
Also getting DHCP, DNS, etc. logs and other activities from the RUTM devices and auth information from the TSW202 switch, but not from the RUTM devices.

The logging confgurations are a bit confusing, where to enabled what and what actually is enabled?

  • How to get ALL possible logs sent via syslog?
  • Authentication logs, Firewall logs, Traffic logs, system events, etc.

Anybody got some good pointers or advice on how to get more logs out of the devices?



Hi there,

To receive all of the logs you’ve mentioned would require a custom script in order to collect & send all of these logs to your FTP server. For more information on custom scripts, you can look into this Wiki we have: https://wiki.teltonika-networks.com/view/User_Scripts_examples

For logging actually to work in the first place, you need to set up the Logging settings found under System → Maintenance → Troubleshoot → Logging settings:

After configuring & saving these settings, logs should start being pushed to your server.

Alternatively, if you are familiar with the use of APIs, you can look into our Developer Portal for the Events log calls here: https://developers.teltonika-networks.com/reference/rutm51/7.13.4/v1.5.1/events-log#get-events_log-config

Regards,
M.

OK. I have the logging settings enabled with syslog. But seems I am not getting all the logs I would expect. Like traffic logs, etc.

So only FTP is supported for all those logs, not sending to a centralized syslog server?
I guess a script that sends those logs to somewhere using API(Elastic) instead of having to have a age-old-technology like FTP in between would be desireable..
Have to look into those custom scripts and also the API endpoints for the devices to see what can be done.

When trying to enable FTP for Traffic Logging, I get an error that does not say anything…weird…

Hi there,

Thanks for providing the screenshots. I’ve tested configuring these settings on my own RUTM51 and had no issues at all. Looking at your screenshot, however, I can see that you are missing the “Traffic logging settings”, which, in your case, are blank for some reason.

I would suggest trying to reset the device via the Bootloader menu to see if they re-appear. They should look like this:

For the bootloader process, kindly follow this Wiki: https://wiki.teltonika-networks.com/view/Bootloader_menu

Regards,
M.

OK. Hmm, will doing the bootloader reset wipe all configurations?
What is the best way to restore the configs that are currently in use after the bootloader reset?

Beware, the previous post contains a promotional link to <redacted>
@MatasR please delete it.

Using external syslog does send all logs (which are sent to internal syslog) to your server. If you need firewall logs you must first enable them in firewall settings.

Go to firewall zones, edit zone for example lan go to Advanced Settings and enable Enable logging on this zone