This is the fourth episode of the Indusol network equipment article, where we expand on the PROmesh P10+’s ability to send to a syslog server, this time installing a syslog server on SeeedStudio’s recomputer1025 to receive syslogs from Indusol. We will receive the syslog from Indusol, Inc.

Reference Link

http://soup01.com/en/category/indusol_en/

syslog server?

The syslog server is a network server that receives, processes, and stores log messages from various devices, applications, and systems in a network. The Syslog protocol, defined in IETF RFC 5424, provides a standard for message logging that allows the collection of events from different sources. Systems and network devices (routers, switches, firewalls, servers, etc.) can send logs to a centralized Syslog server.

RFC 5424？

RFC 5424 is a standard document that defines the structure and format of Syslog messages, which are used to collect and send logs from various devices and applications in a network environment. Syslog is commonly employed in system and network management to centralize logging and It enables the centralization of logging.

What can a syslog server Do?

The syslog server has various roles in the network system.

Centralized Logging

Syslog Server collects log messages from multiple sources and provides a single view for administrators and operators to analyze system and application logs.

Real-time Monitoring

Syslog Server can be configured to alert administrators in real time when certain log messages are received, helping to identify problems and security events.

Log Management

Many Syslog Servers provide efficient log searching, filtering, archiving, and management capabilities over time.

Support for Various Log Levels

The Syslog protocol supports different severity levels of messages, from debug information to critical alerts, and allows customized logging settings based on importance.

Compatibility

The Syslog Server conforms to the standardized Syslog protocol, allowing it to work with a wide range of network devices and software applications.

Implementation

Indusol Side

First set up Indusol’s PROmesh P10+.

Access the Indusol PROmesh P10+ web server and open the Notifications Menu.

In the Settings tab, select the “Use syslog server” checkbox, set the Server IP to the IP address of Seeed Studio, Media Type to File, Filename to Finally, click “Apply” to apply the settings.

Seeed Studio Side

Next, let’s build the reComputer R1025-10 side of Seeed Studio.

Configure syslog server

A common way to set up a Raspberry Pi as a Syslog server is to use a program called rsyslog. rsyslog is a powerful tool for aggregating, analyzing and storing log messages. Below are the steps to set up a Syslog server on a Raspberry Pi.

Update the OS and install the rsyslog Package.

sudo apt update
sudo apt install rsyslog

Next, edit the rsyslog configuration file to configure rsyslog to receive logs from remote locations.

sudo nano /etc/rsyslog.conf

Uncomment the next two lines to allow logs to be received over UDP and TCP.

# Provides UDP syslog reception
module(load=”imudp”)
input(type=”imudp” port=”514″)

# Provides TCP syslog reception
module(load=”imtcp”)
input(type=”imtcp” port=”514″)

In some cases, you may need to configure your firewall to allow the Raspberry Pi to accept Syslog traffic from outside. Use the following command to open the required ports

sudo ufw allow 514/udp
sudo ufw allow 514/tcp

Finally, restart rsyslog to apply the settings.

sudo systemctl restart rsyslog