Following on from my previous post on the Pi, I thought I’d quickly document the process to use it as a log forwarder (well, a syslog forwarder).
The Rasbian distribution already comes with rsyslogd installed, so we only need to make a few tweaks to the /etc/rsyslog.conf file.
First was to uncomment the lines at the start of the file to enable remote reception of events:
# provides UDP syslog reception
# provides TCP syslog reception
Then to add some additional global configuration to enable the caching (in memory, and only resorting to disk when absolutely necessary) of messages:
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
Then to add a rule to forward the entries I’m interested in (IP’s are not real):
if $fromhost-ip == '192.0.0.0' then @192.0.0.0
And that's it. One syslog forwarder. Next I’ll probably post about the app I’ve written to receive, index and allow easy access to the syslog data
The whole reason I did this was to capture data from my router, and move it to a database on my desktop – when it’s on. I don’t want to leave my desktop on all the time, as that’s a massive waste of electricity, and the Pi solves it with a neat and tidy, low power solution.