[syslog-ng] capture messages from linksys router

Robert Buecheler rf.buecheler at gmail.com
Sat Apr 7 21:30:45 CEST 2007 

please forgive me, I'm fairly new in this and don't understand much of
syslog-ng.
I am trying to log messages from my linksys router (192.168.1.1)
The port that linksys mentions is (514), but when I run ethereal, the
destination port seems to be [snmptrap (162)] (the origin port on the
router varies)
this is the ethereal output of 3 messages (each "line" with its IP#
and UDP ports including the "packet size" of the message):
---------------------------
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.1           192.168.1.150         SNMP
  TRAP-V1 1.3.6.1.4.1.3955.1.1.0
Frame 1 (179 bytes on wire, 179 bytes captured)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150
(192.168.1.150)
User Datagram Protocol, Src Port: adobeserver-1 (1102), Dst Port: snmptrap (162)

No.     Time        Source                Destination           Protocol Info
      2 4.000204    192.168.1.1           192.168.1.150         SNMP
  TRAP-V1 1.3.6.1.4.1.3955.1.1.0
Frame 2 (187 bytes on wire, 187 bytes captured)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150
(192.168.1.150)
User Datagram Protocol, Src Port: adobeserver-2 (1103), Dst Port: snmptrap (162)

No.     Time        Source                Destination           Protocol Info
      3 8.000308    192.168.1.1           192.168.1.150         SNMP
  TRAP-V1 1.3.6.1.4.1.3955.1.1.0
Frame 3 (181 bytes on wire, 181 bytes captured)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.1.150
(192.168.1.150)
User Datagram Protocol, Src Port: xrl (1104), Dst Port: snmptrap (162)
---------------------------

syslog-ng (1.6.8) is running on IP 192.168.1.150 (SUSE 10.0 linux,
2.6.13-15.15-smp kernel).
from different sources, I got the following lines in the  syslog-ng.conf file:

#######################################
source src-linksys {
   internal();
   unix-dgram("/dev/log");
  	unix-dgram("/var/lib/named/dev/log");
   udp(ip("192.168.1.150") port(162));
  	udp(ip("192.168.1.150") port(514));
};

filter f_user { facility(user); };

destination linksys  { file("/var/log/linksys.log"); };
log { source(src-linksys); filter(f_user); destination(linksys); };
#######################################


unfortunately /var/log/linksys.log doesn't exist and/or is never written

can somebody help?


thx, Robi

More information about the syslog-ng mailing list