Having an number of issues with some wireless access points. I decided that it would be a good idea to enable the remote syslog utility on them.
The next question was to which server would they send there syslog details to, well for me it had to be one of the linux servers we have on site, so I chose out ubuntu utility server running Ubuntu 10.04.3 LTS.
First I made sure that the server was up to date
1. I know I shouldn't by I sudo su -
Then
2. apt-get update
3. apt-get upgrade
4. Back up the server
5. The server was running the ubuntu default of rsyslog daemon, I could have chosen syslog-ng - but I am more comfortable with sysklogd.
# apt-get install syslogd
so then I made a copy of the syslog.conf file
cp /etc/syslog.conf /etc/syslog.conf.b4change
and added the line
# Access Point Logging
local7.debug /var/log/wap.log
The sends all the messages from facility local7, having the priority of debug or greater
to the above file.
I started with the facility local7 as I often found it to be the default on some comms kit.
Later I planned to add;
*.*;local7.none;
auth,authpriv.none -/var/log/syslog
to filter out the WAP entries from the syslog.
now to create the log file
touch /var/log/wap.log
Now to make syslog listen to messages from remote machines:
edit /etc/default/syslogd to include the -r option:
SYSLOGD=”-r”
and restart the syslog daemon.
# service sysklogd restart
Needed to open the port on the fire wall and as I using ufw it was;
# ufw allow from 192.168.3.107 to any port 514
Now on the Wireless Access point - as we were using a Netgear WG102 - it was just a couple
of settings to enable in the menu.
Now testing, nothing was being added to the log from local7 - however log entries were being placed in the syslog and user.log
Using logger I tested as follows
logger -p local7.debug "is this working?"
That worked as it should
So I checked the WAPs docs but nothing about the facility it uses.
so on the server using tcpdump
# tcpdump -s 0 -v -X port 514
I checked and found it was using both User and Auth.
After a bit of round and round the mulberry bush - I got to speak to netgear support and found that the facility could not be changed.
So I writing a shell script to sort the filtering out !