Saving system event logs to a Syslog server

How do I collect logs from my router to a Syslog server installed on one of the computers on my LAN?


Keenetic routers can send system logs containing warnings, system messages, etc. to a special Syslog server designed to receive and store system messages. The log is sent in 'bsd' format over UDP, port 514.

In this article, we will give examples of how to send logs from the Keenetic router to Kiwi Syslog Server Free Edition and Tftpd32 on a local home network. But you can also use some other Syslog server (e.g. Visual Syslog Server for Windows, PRTG, Syslog-ng for Unix systems, etc.).

Example 1. Setting up a Kiwi Syslog Server

1.1 Download the Kiwi Syslog Server Free Edition software to your computer.

1.2 Run the software installer. Select Install Kiwi Syslog Server as an Application.

1.3 Next, select the components you wish to install and the folder in which the software will be installed.

Then click Install to install the software on your computer and wait for the installation process to complete.

1.4 Next, tick Run Kiwi Syslog Server to start the software and click Finish.

1.5 The Kiwi Syslog Server software window opens. Go to the File > Setup menu to continue with the software setup.

1.6. In the Rules > Default > Actions menu, click on Log to file. Here you can specify the path to the folder where the log files will be stored and the name of the file. Select the file format %DateISO.txt for easy logging by date.

1.7. Next, go to the Inputs menu and add the IP address of the router in your home network here (in our example, the router has the IP address 192.168.1.1). Click OK to save the settings.

Then exit the program by selecting File > Exit.

1.8. Now, move on to configuring the router. Connect to the web interface, and go to the 'Diagnostics' page. Under 'System Log' enable the 'Use Syslog' option, and then under 'Server address', enter the IP address of the computer where the Kiwi Syslog Server is installed and running (in our example, the computer with the Syslog Server has an IP address of 192.168.1.33). Click 'Save'.

Syslog

1.9. Start the Kiwi Syslog Server software again. If the Windows Firewall or other firewall software is enabled on your computer, you may see a message saying that the firewall has blocked the application:

Syslog

Click on the Allow access button for the software to work correctly.

1.10. Then the software window will appear, displaying the system logs from your Keenetic router.

1.11. Now on your computer, navigate to the folder where the log files should be saved (the path to the folder you specified in point 1.6. of this guide). You will see a log file of format [date].txt, which you can view in any text editor (e.g. Notepad).

Syslog
 


Example 2. Setting up a Tftpd32 syslog server

2.1 Download the Tftpd32 software to your computer.
Despite its name, Tftpd32 includes an easy-to-set-up syslog server.

2.2 Install the software and run it. If the Windows Firewall or another firewall program is enabled on your computer, you may see a message saying that the firewall has blocked the application:

Syslog

Click on the Allow access button for the software to work correctly.

2.3 You will see the Tftpd32 program window. In the Server interfaces field, enter the IP address of the computer where the Syslog server will be running.

2.4 Then click the Settings button. Make sure that in the GLOBAL tab under Start Services the Syslog Server box is checked. Next, go to the SYSLOG tab, check the Save syslog message box and specify the name of the log file (e.g. syslog.txt).

2.5. Now, move on to configuring the router. Connect to the web interface, and go to the 'Diagnostics' page. Under 'System Log' enable the 'Use Syslog' option, and then under 'Server address', enter the IP address of the computer where the Kiwi Syslog Server is installed and running (in our example, the computer with the Syslog Server has an IP address of 192.168.1.33). Click 'Save'.

Syslog

2.6. In the Tftpd32 program window on the Syslog server tab, you should see the system messages (logs) coming from the Keenetic router.

Tftpd32 will also save your router's system log to a specified file (syslog.txt in our example). This file can be viewed with any text editor (e.g. Notepad).

 

Note

1. Priority levels (local0 - local7) on the external Syslog server cannot be changed.

2. If required, you can change the port number to work with the Syslog server with the following command:

(config)> system log server {address[:port]}


Once this command is executed, another server is added (identical to the previous one) but with a different port number. To change the port, you must delete the old entry entirely and set a new one.
The web interface deletes all existing entries and adds a new one when changing the settings.

 

Was this article helpful?

33 out of 36 found this helpful