Using rsyslog with SSH license on EPIC PR1

Beno · July 22, 2020, 7:33pm

We have had a few customers ask about using rsyslog on the EPIC, so here is a quick write up to help get you going - or at least point you in the right direction.

Note that with all things SSH, this is unsupported by Opto. There are just too many variables, configurations and options for us to know what exact setup your situation requires.

Remember, with SSH comes great power and great responsibility.

rsyslog is already installed on the PR1. To enable remote logging, you just need to configure it.
So head over to your PuTTY session and log in.
Once at the command prompt, we need to set up the config file.
sudo nano /etc/rsyslog.conf to open up the configuration file and set up your remote server.
Scroll down to the section on remote logging. It looks like this;

# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spool/rsyslog # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 10m   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514

You are going to uncomment just the last line and edit it to match your remote host.
Some tips.
Enter either the IP address:port or fully qualified domain name and port.
You send the data using UDP with a single @ or via TCP with double @@
So for example, to send the logs to an IP address using UDP;
*.* @192.168.1.22:514
To send the logs to a hostname using TCP;
*.* @@logging.com:514

Once you have made the changes and saved the file, restart rsyslog to reread the config file with the following command;
sudo /etc/init.d/syslog restart
(Note that we use the command ‘syslog’ and not ‘rsyslog’).

With that, you should be up and running.

Beno · October 14, 2020, 10:55pm

Update to this thread. (Important update).

There are a lot of logs on EPIC that are not compatible with the rsyslog format… so they don’t show up.
The solution is pretty simple (and very powerful).
EPIC uses PM2 to monitor and manage all the services, so if we can get PM2 logs into rsyslog, then we have all the following;

All those services are monitored by PM2.

Here is how to set up PM2 for rsyslog to use…

sudo nano /etc/rsyslog.conf to open up the configuration file.

Add the following two lines at the bottom of the file;

module(load="imudp")
input(type="imudp" port="514")

Now restart the rsyslog;
sudo /etc/init.d/syslog restart

Next install the PM2 logger;

sudo pm2 install pm2-syslog

That’s it.
Now every time any of those services write to their respective log files, it will be sent to your rsyslog server that you set up in the first post of this thread.

Just to be clear, you need to do the instructions in the first post to enable logging and send the rsyslog to your logger. This will also enable and send the Linux kernel logs.
This second step is needed only if you want all the logs of the Opto 22 services as shown in the screenshot.

Beno · October 19, 2020, 2:45pm

Question for the Ignition users…
How do you get Ignition 7 or 8 (full or Edge) logs to show up in the rsyslog server?

I found this post (and only this post)… Wrapper Log Error Automated Notifications - Ignition - Inductive Automation Forum
But cant get it working… Help. Need a little help…