Using rsyslog with SSH license on EPIC PR1

We have had a few customers ask about using rsyslog on the EPIC, so here is a quick write up to help get you going - or at least point you in the right direction.

Note that with all things SSH, this is unsupported by Opto. There are just too many variables, configurations and options for us to know what exact setup your situation requires.

Remember, with SSH comes great power and great responsibility.

rsyslog is already installed on the PR1. To enable remote logging, you just need to configure it.
So head over to your PuTTY session and log in.
Once at the command prompt, we need to set up the config file.
sudo nano /etc/rsyslog.conf to open up the configuration file and set up your remote server.
Scroll down to the section on remote logging. It looks like this;

# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spool/rsyslog # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 10m   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514

You are going to uncomment just the last line and edit it to match your remote host.
Some tips.
Enter either the IP address:port or fully qualified domain name and port.
You send the data using UDP with a single @ or via TCP with double @@
So for example, to send the logs to an IP address using UDP;
*.* @192.168.1.22:514
To send the logs to a hostname using TCP;
*.* @@logging.com:514

Once you have made the changes and saved the file, restart rsyslog to reread the config file with the following command;
sudo /etc/init.d/syslog restart
(Note that we use the command ‘syslog’ and not ‘rsyslog’).

With that, you should be up and running.

2 Likes