When debugging OpenWRT network components and user software, the system problems need to be solved through the analysis of log information; Product online quality tracking also requires log information to analyze product bugs, so the use of system logs is very important. This article records the process of OpenWRT-19.07 log opening and log automatic reporting to the server.
1. Operating environment description
- The server side adopts the rsyslog component automatically installed by ubuntu-16.04 system;
- Porting syslog components to openwrt-19.07 system;
- The client uses mtk7621 router.
2. Server ubuntu16 system rsyslog parameter configuration
2.1 parameter configuration file of rsyslog, etc / rsyslog conf
# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") # Open the udp listening port on the server # provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514") # Open the server tcp listening port # Enable non-kernel facility klog messages $KLogPermitNonKernelFacility on ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Filter duplicated messages $RepeatedMsgReduction on # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # Storage path of log content received by the server # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf # The path of rsyslog configuration file set. Users can supplement custom log storage, packaging and deletion rules
2.2 configuring log file storage rules
In / etc / rsyslog D / new router Conf configuration file, which configures the file name of the receiving log file, as follows:
root@ubuntu:/# cat /etc/rsyslog.d/router.conf # :FROMHOST-IP,startswith, "192.168.90." /var/spool/rsyslog/%fromhost-ip%-%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log :fromhost-ip,isequal,"192.168.1.1" /var/spool/rsyslog/%fromhost-ip%-%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log &~ #Indicates that the receiving log does not need to be written to the local log file
2.3 restart rsyslog service and detect the service startup status
sudo service rsyslog restart
sudo netstat -tulpn | grep rsyslog
root@ubuntu:/# netstat -tulpn|grep rsyslog tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 8778/rsyslogd tcp6 0 0 :::514 :::* LISTEN 8778/rsyslogd udp 0 0 0.0.0.0:514 0.0.0.0:* 8778/rsyslogd udp6 0 0 :::514 :::* 8778/rsyslogd
3. syslog migration and parameter configuration of client OpenWRT system
3.1 configuring syslog components
make menuconfig select the syslog component, as shown in
Base system
busybox... Core utilities for embedded Linux
System Logging Utilities
Select content
[*] syslogd (13 kb) │ │ [*] Rotate message files │ │ [*] Remote Log support │ │ [*] Support -D (drop dups) option │ │ [*] Support syslog.conf │ │ (256) Read buffer size in bytes │ │ [*] Circular Buffer support │ │ (4) Circular buffer size in Kbytes (minimum 4KB) │ │ [*] Linux kernel printk buffer support
Compile and write to mtk7621 router.
3.2 enable router log
- The first method is to configure the parameters of syslog through uci set command. The contents are as follows:
Example: uci set system.system.log_file=/tmp/syslog
The configured contents are as follows:
config system option hostname 'OpenWrt' option ttylogin '0' option log_size '64' option urandom_seed '0' # The following are syslog configuration parameters option log_ip '192.168.90.180' #Server side address of log reporting option log_file '/tmp/syslog' #Local log file storage location option conloglevel '7' option cronloglevel '8' option log_proto 'udp' #udp communication is adopted for reporting # The following time zone configuration information option zonename 'Asia/Shanghai' option timezone 'CST-8'
- The second method: configure through the WEB management interface of openWRT
After logging into the configuration interface, the configuration page path is: System - > System - > log.
4. Verify the client syslog local log
View local log files root@eCloud:~# cat /tmp/syslog, as follows:
Thu Jun 17 08:10:47 2021 daemon.info logread[10237]: Logread connected to 192.168.90.180:514 Thu Jun 17 08:12:27 2021 daemon.warn zabbix_agentd[17566]: active check configuration update from [172.16.29.171:10051] started to fail (ZBX_TCP_READ() timed out) Thu Jun 17 08:13:14 2021 daemon.err uhttpd[4723]: luci: accepted login on / for root from 192.168.90.29 Thu Jun 17 08:13:27 2021 daemon.warn zabbix_agentd[17566]: active check configuration update from [172.16.29.171:10051] is working again Thu Jun 17 08:16:00 2021 daemon.err netdata[6426]: PROCFILE: Cannot open file '/proc/sysvipc/shm' Thu Jun 17 08:16:42 2021 daemon.info dnsmasq[3711]: read /etc/hosts - 4 addresses Thu Jun 17 08:16:42 2021 daemon.info dnsmasq[3711]: read /tmp/hosts/odhcpd - 0 addresses Thu Jun 17 08:16:42 2021 daemon.info dnsmasq[3711]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses Thu Jun 17 08:16:42 2021 daemon.err netdata[6426]: PROCFILE: Cannot open file '/proc/sysvipc/shm'
This log is the local log content of OpenWRT virtual machine. The log shows that the ZABBIX client failed to start because the file cannot open '/ proc/sysvipc/shm'.
5. Verify the contents of the server-side rsyslog remote log
View the remote report log on the server side, root@ubuntu:/# cat var/spool/rsyslog/r-network.log |head -n 80
The contents are as follows:
Jun 17 06:33:22 ixe pppd[23653]: sent [LCP EchoRep id=0x83 magic=0xffaaa8e9] Jun 17 06:33:31 ixe dnsmasq[4030]: read /etc/hosts - 4 addresses Jun 17 06:33:31 ixe dnsmasq[4030]: read /tmp/hosts/odhcpd - 1 addresses Jun 17 06:33:31 ixe dnsmasq[4030]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses Jun 17 06:33:31 ixe dnsmasq-dhcp[4030]: read /etc/ethers - 0 addresses Jun 17 14:33:52 ixe pppd[23653]: rcvd [LCP EchoReq id=0x84 magic=0x6cf92d34] Jun 17 14:33:52 ixe pppd[23653]: sent [LCP EchoRep id=0x84 magic=0xffaaa8e9] Jun 17 14:34:09 ixe pppd[23653]: Terminating on signal 15 Jun 17 14:34:09 ixe pppd[23653]: Connect time 194.1 minutes. Jun 17 14:34:09 ixe pppd[23653]: Sent 152 bytes, received 0 bytes. Jun 17 14:34:09 ixe pppd[23653]: MPPE disabled Jun 17 14:34:09 ixe pppd[23653]: Overriding mtu 1500 to 1400 Jun 17 14:34:09 ixe pppd[23653]: PPPoL2TP options: debugmask 0 Jun 17 14:34:09 ixe pppd[23653]: Overriding mru 1500 to mtu value 1400 Jun 17 14:34:09 ixe pppd[23653]: sent [LCP TermReq id=0x4 "MPPE disabled"] Jun 17 14:34:09 ixe pppd[23653]: Overriding mtu 1500 to 1400 Jun 17 14:34:09 ixe pppd[23653]: PPPoL2TP options: debugmask 0 Jun 17 14:34:09 ixe pppd[23653]: Overriding mru 1500 to mtu value 1400 Jun 17 14:34:09 ixe pppd[23653]: sent [LCP TermReq id=0x5 "MPPE disabled"] Jun 17 14:34:12 ixe pppd[23653]: sent [LCP TermReq id=0x6 "MPPE disabled"] Jun 17 14:34:12 ixe pppd[23653]: Connection terminated. Jun 17 14:34:12 ixe pppd[23653]: Modem hangup Jun 17 14:34:12 ixe pppd[23653]: Exit. Jun 17 14:34:33 ixe pppd[27050]: Plugin pppol2tp.so loaded. Jun 17 14:34:33 ixe pppd[27050]: pppd 2.4.7 started by root, uid 0 Jun 17 14:34:33 ixe pppd[27050]: using channel 3 Jun 17 14:34:33 ixe pppd[27050]: Using interface ppp0 Jun 17 14:34:33 ixe pppd[27050]: Connect: ppp0 <--> Jun 17 14:34:33 ixe pppd[27050]: Overriding mtu 1500 to 1400 Jun 17 14:34:33 ixe pppd[27050]: PPPoL2TP options: debugmask 0 Jun 17 14:34:33 ixe pppd[27050]: Overriding mru 1500 to mtu value 1400 Jun 17 14:34:33 ixe pppd[27050]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x7d73ba8d>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <mru 1450> <magic 0xfb92c32>] Jun 17 14:34:33 ixe pppd[27050]: sent [LCP ConfAck id=0x1 <auth chap MS-v2> <mru 1450> <magic 0xfb92c32>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [LCP ConfRej id=0x1 <asyncmap 0x0>] Jun 17 14:34:33 ixe pppd[27050]: sent [LCP ConfReq id=0x2 <mru 1400> <magic 0x7d73ba8d>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [LCP ConfAck id=0x2 <mru 1400> <magic 0x7d73ba8d>] Jun 17 14:34:33 ixe pppd[27050]: PPPoL2TP options: debugmask 0 Jun 17 14:34:33 ixe pppd[27050]: rcvd [CHAP Challenge id=0x1 <5570fcc24838fe7fa186d6a7f2688529>, name = "CHR-GZ-DY-Router003-MGT-1"] Jun 17 14:34:33 ixe pppd[27050]: added response cache entry 0 Jun 17 14:34:33 ixe pppd[27050]: sent [CHAP Response id=0x1 <ea6f73fb3f10a92293b903f0b9ad13d40000000000000000f31a83726597822671b76789c9079504f9d054bf654db79b00>, name = "test02"] Jun 17 14:34:33 ixe pppd[27050]: rcvd [CHAP Success id=0x1 "S=9DCD53371E49AE8C63FEF51C461FCD90329C8978"] Jun 17 14:34:33 ixe pppd[27050]: response found in cache (entry 0) Jun 17 14:34:33 ixe pppd[27050]: CHAP authentication succeeded Jun 17 14:34:33 ixe pppd[27050]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [proto=0x8281] 01 01 00 04 Jun 17 14:34:33 ixe pppd[27050]: Unsupported protocol 0x8281 received #There are unsupported protocols here Jun 17 14:34:33 ixe pppd[27050]: sent [LCP ProtRej id=0x3 82 81 01 01 00 04] Jun 17 14:34:33 ixe pppd[27050]: rcvd [IPCP ConfReq id=0x1 <addr 172.20.156.1>] Jun 17 14:34:33 ixe pppd[27050]: sent [IPCP ConfAck id=0x1 <addr 172.20.156.1>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [IPCP ConfNak id=0x1 <addr 172.20.156.3>] Jun 17 14:34:33 ixe pppd[27050]: sent [IPCP ConfReq id=0x2 <addr 172.20.156.3>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [CCP ConfReq id=0x2 <mppe -H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: sent [CCP ConfAck id=0x2 <mppe -H -M +S -L -D -C>] Jun 17 14:34:33 ixe pppd[27050]: rcvd [IPCP ConfAck id=0x2 <addr 172.20.156.3>] Jun 17 14:34:33 ixe pppd[27050]: local IP address 172.20.156.3 Jun 17 14:34:33 ixe pppd[27050]: remote IP address 172.20.156.1
Log information includes l2tp link and heartbeat message; And have unsupported protocols.
Improve the remote reporting of logs after Internet NAT
Through the log file, we can quickly find the problems existing in the system operation and improve the efficiency of finding problems. At present, there are still some problems in the system operation in the rsyslog configuration.
Question 1 The configuration log file name generation rule is incorrect
As follows:
root@ubuntu:/# ls var/spool/rsyslog/ %fromhost-ip%-%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log r-network.log
The file name here does not get the client ip address and date information.
Problem 2: the device reports via the Internet, and the naming rules of log files
If the device is connected to the cloud server through the Internet, the device address passes through the NAT address, and the factory settings of the host name are the same; How to distinguish the log information of different devices? This problem will be solved later.
If you have any good methods, please leave a message, thank you.