capture messages from linksys router
please forgive me, I'm fairly new in this and don't understand much of syslog-ng. I am trying to log messages from my linksys router (192.168.1.1) The port that linksys mentions is (514), but when I run ethereal, the destination port seems to be [snmptrap (162)] (the origin port on the router varies) this is the ethereal output of 3 messages (each "line" with its IP# and UDP ports including the "packet size" of the message): --------------------------- No. Time Source Destination Protocol Info 1 0.000000 192.168.1.1 192.168.1.150 SNMP TRAP-V1 1.3.6.1.4.1.3955.1.1.0 Frame 1 (179 bytes on wire, 179 bytes captured) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150 (192.168.1.150) User Datagram Protocol, Src Port: adobeserver-1 (1102), Dst Port: snmptrap (162) No. Time Source Destination Protocol Info 2 4.000204 192.168.1.1 192.168.1.150 SNMP TRAP-V1 1.3.6.1.4.1.3955.1.1.0 Frame 2 (187 bytes on wire, 187 bytes captured) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150 (192.168.1.150) User Datagram Protocol, Src Port: adobeserver-2 (1103), Dst Port: snmptrap (162) No. Time Source Destination Protocol Info 3 8.000308 192.168.1.1 192.168.1.150 SNMP TRAP-V1 1.3.6.1.4.1.3955.1.1.0 Frame 3 (181 bytes on wire, 181 bytes captured) Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150 (192.168.1.150) User Datagram Protocol, Src Port: xrl (1104), Dst Port: snmptrap (162) --------------------------- syslog-ng (1.6.8) is running on IP 192.168.1.150 (SUSE 10.0 linux, 2.6.13-15.15-smp kernel). from different sources, I got the following lines in the syslog-ng.conf file: ####################################### source src-linksys { internal(); unix-dgram("/dev/log"); unix-dgram("/var/lib/named/dev/log"); udp(ip("192.168.1.150") port(162)); udp(ip("192.168.1.150") port(514)); }; filter f_user { facility(user); }; destination linksys { file("/var/log/linksys.log"); }; log { source(src-linksys); filter(f_user); destination(linksys); }; ####################################### unfortunately /var/log/linksys.log doesn't exist and/or is never written can somebody help? thx, Robi
Hi, Robert Buecheler <rf.buecheler@gmail.com> [20070407 14:30:45 -0500]:
please forgive me, I'm fairly new in this and don't understand much of syslog-ng. I am trying to log messages from my linksys router (192.168.1.1) The port that linksys mentions is (514), but when I run ethereal, the destination port seems to be [snmptrap (162)] (the origin port on the router varies)
[snipped]
can somebody help?
SNMP TRAP messages are not syslog messages. SNMP is a 'simple' system used to get data such as byte counters and memory usage values on remote systems, such as routers and even servers. SNMP trap messages are configured on the remote system to alert/inform (usually) a central system that some event has occurred; for example a disk has neared capacity or a CPU is overheating. Sorry but what you are trying to do is not going to work, syslog-ng will not read SNMP trap information.
From looking on the Internet I can see why you are getting confused. Seems Linksys have decided in their infinite wisdom to use SNMP trap messages for logging :-/
Have a look at the following: http://freshmeat.net/projects/linksysd/ Using this on your system instead (or to the relay onto syslog-ng after converting the snmp trap alerts to syslog messages) should help you along. Have fun Alex [1] http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#SNMPv2_and_S...
participants (2)
-
Alexander Clouter
-
Robert Buecheler