XIII
Very Senior Member
That’s not the real login name I use...except, bad boy to be using admin as your login name
That’s not the real login name I use...except, bad boy to be using admin as your login name
Two posts below is another solution someone found.These commands did not work.
Today (2020-07-29) it seems to finally have rotated:Still, the output looks to me like when it runs overnight, it will be (that is, should be) rotating the log.
suricata.log
suricata.log-20200706.gz
suricata.log-20200729
suricata.log
file now only contains entries from today.source s_startup {
file("/opt/var/log/startup" keep-timestamp(no) log-fetch-limit(3000) follow-freq(1000));
};
Jul 30 17:49:07 syslogd started: BusyBox v1.25.1
Jul 30 17:49:07 RT-AC86U kernel: klogd started: BusyBox v1.25.1 (2020-07-30 00:43:28 EDT)
Jul 30 17:49:07 RT-AC86U kernel: Booting Linux on physical CPU 0x0
Jul 30 17:49:07 RT-AC86U kernel: Linux version 4.1.27 (merlin@ubuntu-dev) (gcc version 5.3.0 (Buildroot 2016.02) ) #2 SMP PREEMPT Thu Jul 30 01:57:08 EDT 2020
Jul 30 17:49:07 RT-AC86U kernel: CPU: AArch64 Processor [420f1000] revision 0
....
2400 other messages, until the USB drive is mouinted, entware starts, and syslog-ng gets started by scribe
...
Jul 30 17:49:07 RT-AC86U custom_script: Running /jffs/scripts/post-mount (args: /tmp/mnt/Cruzer)
Jul 30 17:49:07 RT-AC86U kernel: Adding 2097148k swap on /tmp/mnt/Cruzer/myswap.swp. Priority:-1 extents:15 across:2424832k
Jul 30 17:49:07 RT-AC86U Diversion: Starting Entware and Diversion services on /tmp/mnt/Cruzer
Jul 30 17:49:07 RT-AC86U kernel: klogd: exiting
Jul 30 17:49:07 syslogd exiting
Jul 30 17:49:07 RT-AC86U elorimer: Diversion Mounting Diversion WebUI as user1.asp
Jul 30 17:49:08 RT-AC86U Diversion: restarted Dnsmasq to apply settings
(VPN_Failover.sh)[15718]: 5077 Will check VPN Client 5 connection status again in 00:01:00 .....@16:21:44
(ChkWAN.sh)[17271]: 17111 v1.15 Monitoring WAN connection using 1 target PING hosts (www.google.com) (Tries=3)
How would one go about stripping items like this from the syslog and sending them to their own log files?
Code:(VPN_Failover.sh)[15718]: 5077 Will check VPN Client 5 connection status again in 00:01:00 .....@16:21:44 (ChkWAN.sh)[17271]: 17111 v1.15 Monitoring WAN connection using 1 target PING hosts (www.google.com) (Tries=3)
destination d_wlchangestation {
file("/opt/var/log/wlchangestation.log");
};
filter f_kernel {
program("kernel");
};
filter f_mymsg{
message("CFG80211-ERROR") or
message("wl_cfg80211_change_station");
};
log {
source(src);
filter(f_kernel);
filter(f_mymsg);
destination(d_wlchangestation);
flags(final);
};
you need to create files under /opt/etc/syslog-ng.d and logrotate.d
look at the ones there and copy/modify
to filter this annoyance:
kernel: CFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not set
I used
Code:destination d_wlchangestation { file("/opt/var/log/wlchangestation.log"); }; filter f_kernel { program("kernel"); }; filter f_mymsg{ message("CFG80211-ERROR") or message("wl_cfg80211_change_station"); }; log { source(src); filter(f_kernel); filter(f_mymsg); destination(d_wlchangestation); flags(final); };
not sure if best approach, but it works, and the msg no longer spams my syslog, making it readable again
destination d_vpnfailover {
file("/opt/var/log/vpnfailover.log");
};
filter f_vpnfailover {
program("kernel")
};
filter f_mymsg{
message("VPN_Failover.sh");
};
log {
source(src);
filter(f_kernel);
filter(f_mymsg);
destination(d_vpnfailover);
flags(final);
};
remove the filter "f_vpnfailover" (you're not actually using it) and also remove the line "filter(f_kernel);" from the log statement since as @ugandy points out, it isn't a message from the kernel, and "f_kernel" may not be defined in your environment anyways.I tried this but it did not work:
Code:destination d_vpnfailover { file("/opt/var/log/vpnfailover.log"); }; filter f_vpnfailover { program("kernel") }; filter f_mymsg{ message("VPN_Failover.sh"); }; log { source(src); filter(f_kernel); filter(f_mymsg); destination(d_vpnfailover); flags(final); };
Worked like a charm! Thanks much!Like this, it works
Code:destination d_vpnfailover { file("/opt/var/log/vpnfailover.log"); }; filter f_vpnfailover{ program("VPN_Failover.sh"); }; log { source(src); filter(f_vpnfailover); destination(d_vpnfailover); flags(final); };
I'm not quite sure I understand your problem, but neither scribe nor Skynet rely on each other work. If you have, or are going to use Skynet, you should install Skynet first to ensure scribe properly handles Skynet's logs, but that's it.Hello All. I am a complete n00b to ASUSWRT-Merlin, but I generally know enough about networking, scripting, linux, etc to get by. Please excuse my n00b question, but does Skynet need to be installed in order for scribe to work? Does installing Skynet make getting scribe to work easier? I ask these questions because I attempted to install scribe and it is not working. The General -> System Messages log works, but the other logs are (firewall.log, logrotate.log, syslog-ng.log, wlceventd.log). Can someone please help me with this?
Skynet isn't necessary.Hello All. I am a complete n00b to ASUSWRT-Merlin, but I generally know enough about networking, scripting, linux, etc to get by. Please excuse my n00b question, but does Skynet need to be installed in order for scribe to work? Does installing Skynet make getting scribe to work easier? I ask these questions because I attempted to install scribe and it is not working. The General -> System Messages log works, but the other logs are (firewall.log, logrotate.log, syslog-ng.log, wlceventd.log). Can someone please help me with this?
you're going to have to finish that sentence.but the other logs are (firewall.log, logrotate.log, syslog-ng.log, wlceventd.log)
Updated list of available packages in /opt/var/opkg-lists/entware
Installing syslog-ng (3.27.1-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/syslog-ng_3.27.1-1_armv7-2.6.ipk
Configuring syslog-ng.
syslog-ng: error while loading shared libraries: /opt/lib/librt.so.1: invalid ELF header
syslog-ng version 3.19 or higher required!
Please update your Entware packages and run scribe install again.
Removing package syslog-ng from root...
@cmkelley will be along to apply expert help. He's the guru.Im stuck in a loop.
3. Created my filters in /opt/etc/syslogng-d/. Here they are./opt/var/log/afpd.log {
rotate 4
postrotate
/usr/bin/killall -HUP syslog-ng
endscript
}
destination d_afpd {
file("/opt/var/log/afpd.log");
};
filter f_afpd{
program("afpd");
};
filter f_mymsg{
message("ad_valid_header_osx");
};
log {
source(src);
filter(f_afpd);
filter(f_mymsg);
destination(d_afpd);
flags(final);
};
};
filter f_kernel{
program("kernel");
};
filter f_mymsg{
message("sd 0:0:0:0: [sda]") or
message("end_request: I/O error") or
message("xhci_hcd 0000:00:0c.0");
};
log {
source(src);
filter(f_kernel);
filter(f_mymsg);
destination(d_sda);
flags(final);
};
3.Rebooted the router.destination d_transmission {
file("/opt/var/log/transmission.log");
};
filter f_transmission-daemon{
program("transmission-daemon");
};
log {
source(src);
filter(f_transmission-daemon);
destination(d_transmission);
flags(final);
};
kernel: sd 0:0:0:0: [sda] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
kernel: sd 0:0:0:0: [sda] Sense Key : Illegal Request [current]
kernel: sd 0:0:0:0: [sda] Add. Sense: Invalid command operation code
kernel: sd 0:0:0:0: [sda] CDB: Write same(16): 93 08 00 00 00 00 93 c4 c4 38 00 00 00 70 00 00
kernel: end_request: I/O error, dev sda, sector 2479146040
kernel: end_request: I/O error, dev sda, sector 2479146040
kernel: xhci_hcd 0000:00:0c.0: WARN: Stalled endpoint
There is a afpd.log filter file in entware/share/syslog-ng/examples/ provided with Scribe. I think that is the one i wrote and tested about a year ago. It works for me. Here it is copied from that directory above.I attempted to follow some of the instructions on this page to filter out messages from transmission, afpd, and some kernel messages related to my hard drive. However, now I seem to have broken all logging. From what I can see, none of my logs have updated since I rebooted the router. I also don't see the three new log files I made listed in uiscribe.
Here are the steps I followed:
1. Touched new files in /opt/var/log for afpd.log, transmission.log, and sda.log.
2. Created new files related to all of the above in /opt/etc/logrotate.d/ that pointed to the logs files. They are all the same other than the path to the log file, so here is my afpd one:
3. Created my filters in /opt/etc/syslogng-d/. Here they are.
afpd:
sda:
transmission:
3.Rebooted the router.
My intention was to send a recurring afpd/time machine message that spams my main log over and over to its own log, send all transmission entries to their own log, and send the following block of similar messages to its own log file:
Any ideas? Please help
# log Apple Time Machine messages to /opt/var/log/afpd.log
# afpd = Apple Filing Protocal daemon
# cnid_dbd = Catalog Node ID database daemon
destination d_afpd {
file("/opt/var/log/afpd.log");
};
filter f_afpd {
program("afpd") or
program("cnid_dbd");
};
log {
source(src);
filter(f_afpd);
destination(d_afpd);
flags(final);
};
#eof
kernel: sd 0:0:0:0: [sda] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
kernel: sd 0:0:0:0: [sda] Sense Key : Illegal Request [current]
kernel: sd 0:0:0:0: [sda] Add. Sense: Invalid command operation code
kernel: sd 0:0:0:0: [sda] CDB: Write same(16): 93 08 00 00 00 00 93 c4 c4 38 00 00 00 70 00 00
kernel: end_request: I/O error, dev sda, sector 2479146040
kernel: end_request: I/O error, dev sda, sector 2479146040
kernel: xhci_hcd 0000:00:0c.0: WARN: Stalled endpoint
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!