uiScribe uiScribe - Custom System Log page for "scribed" logs

[JT Strickland]

In the /opt/share/syslog-ng/examples directory there is a diversions config file. Move that to /opt/etc/syslog-ng.d directory:

# log all diversion and uiDivStats logs to diversion.log
destination d_diversion {
    file("/opt/var/log/diversion.log");
};
filter f_diversion {
    program("Diversion") or
    program("uiDivStats");
};
log {
    source(src);
    filter(f_diversion);
    destination(d_diversion);
    flags(final);
};
#eof

I've had the null 2nd category since installation. I thought it was supposed to be that way.
After updating filters based on above posts, I now have a "log goes here" entry in the null category.
Should I run your script also? I apologize for my lack of knowledge here, trying to learn what I can from you guys.
thanks,
jts

RT-AC86U w/ 384.17 beta1, RT-AC68U Aimesh node w/ same, Diversion, UiDivstats, Skynet, AiProtection, Scribe, UiScribe, Conmon, SpdMerlin, ScMerlin, Nsrum, NtpMerlin, OpenVPN selective clients

 

[elorimer]

I've had the null 2nd category since installation. I thought it was supposed to be that way.
After updating filters based on above posts, I now have a "log goes here" entry in the null category.
Should I run your script also? I apologize for my lack of knowledge here, trying to learn what I can from you guys.

I think you need to run the uiScribe again, and select "rf" for uiScribe so it rescans what logs there are to display, and then 1 to customize it further again to exclude ones you don't want to show in the GUI.

 

[JT Strickland]

I think you need to run the uiScribe again, and select "rf" for uiScribe so it rescans what logs there are to display, and then 1 to customize it further again to exclude ones you don't want to show in the GUI.

Thanks, that got rid of the null category, but I thought it was to be replaced with a diversion entry. I may have misread the posts. I appreciate the help.
thanks again,
jts

 

[Jack Yaz]

v1.3.0 is now available!
Changelog:

NEW: Add buttons to download log files

 

[L&LD]

More @Jack Yaz goodness! Thank you!

 

[cmkelley]

Thanks, that got rid of the null category, but I thought it was to be replaced with a diversion entry. I may have misread the posts. I appreciate the help.
thanks again,
jts

No, the null entry was a brain fart on my part, and is unrelated to diversion. Instead of just dropping blank messages I was sending them to /dev/null so uiScribe was seeing that and creating an entry. Fixed in recent versions of scribe.

You should have a diversion entry after running rf in uiScribe. After moving the diversion file to the /opt/etc/syslog-ng.d directory, you need to run "scribe reload" so syslog-ng sees the new filter.

 

[JT Strickland]

No, the null entry was a brain fart on my part, and is unrelated to diversion. Instead of just dropping blank messages I was sending them to /dev/null so uiScribe was seeing that and creating an entry. Fixed in recent versions of scribe.

You should have a diversion entry after running rf in uiScribe. After moving the diversion file to the /opt/etc/syslog-ng.d directory, you need to run "scribe reload" so syslog-ng sees the new filter.

Thank you very much cmkelley. So I do need to run the script that I quoted in my original post?:

Code:

# log all diversion and uiDivStats logs to diversion.log
destination d_diversion {
    file("/opt/var/log/diversion.log");
};
filter f_diversion {
    program("Diversion") or
    program("uiDivStats");
};
log {
    source(src);
    filter(f_diversion);
    destination(d_diversion);
    flags(final);
};
#eof

I assume this will make the move? I am just learning how to SSH, and am not proficient yet at the linux navigation, file management, and editing, but I am learning. Slowly a little.
I don't have the diversion entry yet, but the file(s) need to be moved first, maybe? The null entry is gone.
I apologize if I am slowing down the rest of the team.
thanks again,
jts
Edit: I just moved it manually. I need the practice for sure. thanks again.
I now have a diversion entry, but it is empty. I assume that will come later.

 

[elorimer]

So I do need to run the script that I quoted in my original post?:

This isn't a script, it is a configuration file. Pulling logged messages out of the main messages log and into their own log, and showing it the GUI, is a five step process. First, put a configuration file in /opt/etc/syslog-ng.d/. Second, if you need to, put a configuration file in /opt/etc/logrotate.d/ if you need something special about rotating logs (you might not). Three, run "scribe reload" so that syslog-ng will reread all the configurations and pickup your new configuration file. Fourth, run uiScribe again, using the rf menu item so it refreshes the logs that appear in the GUI, including your new log. Fifth, run uiScribe again using the 1 menu item to exclude the logs that you don't want to appear.

 

[maghuro]

First time on scribe/uiScribe and I think I can't catch the concept and what does it does.
The purpose is to create log filters?
If yes, how.can I create a filter for all openvpn or nextdns events?
Thanks.

 

[elorimer]

Bom dia!

So yes, the scribe and uiScribe threads are long. Without them, router logging is done through a more limited syslogd daemon and appears on the syslog page. With scribe, syslog-ng is used as a replacement; it is much more powerful and allows the log to be split up into separate logs according to various configuration files. uiScribe then works to present those separate logs on what had been the syslog page. It is really awesome what @cmkelley and @Jack Yaz have done here, for those who have expanded their router into the entware world.

There is a configuration file already for openvpn. Nextdns wouldn't be hard if it isn't already done.

 

[maghuro]

Bom dia!

So yes, the scribe and uiScribe threads are long. Without them, router logging is done through a more limited syslogd daemon and appears on the syslog page. With scribe, syslog-ng is used as a replacement; it is much more powerful and allows the log to be split up into separate logs according to various configuration files. uiScribe then works to present those separate logs on what had been the syslog page. It is really awesome what @cmkelley and @Jack Yaz have done here, for those who have expanded their router into the entware world.

There is a configuration file already for openvpn. Nextdns wouldn't be hard if it isn't already done.

Boa noite

Thanks for your explanation. Perfectly clear right now! The most difficult thing for me to catch up was that syslog-ng was a replacement for syslogd! Now it's clear.
I just dig into the example files and I created one for nextdns. Pretty simple and straightforward. It's perfectly working.

Thanks for your words!

 

[cmkelley]

First time on scribe/uiScribe and I think I can't catch the concept and what does it does.
The purpose is to create log filters?
If yes, how.can I create a filter for all openvpn or nextdns events?
Thanks.

There are lots of sample filters in /opt/share/syslog-ng/examples ... as @elorimer said, there is already one for openvpn. There is a README.1ST file in that directory that discusses the various filters.

 

[JT Strickland]

This isn't a script, it is a configuration file. Pulling logged messages out of the main messages log and into their own log, and showing it the GUI, is a five step process. First, put a configuration file in /opt/etc/syslog-ng.d/. Second, if you need to, put a configuration file in /opt/etc/logrotate.d/ if you need something special about rotating logs (you might not). Three, run "scribe reload" so that syslog-ng will reread all the configurations and pickup your new configuration file. Fourth, run uiScribe again, using the rf menu item so it refreshes the logs that appear in the GUI, including your new log. Fifth, run uiScribe again using the 1 menu item to exclude the logs that you don't want to appear.

Thank you, Elorimer, as you can see, I know just enough to be dangerous. But I do want to learn more about networking. It is a lot more complex than I imagined. I will follow your directions, and I am confident it will take care of that.
thanks again,
jts
edit: It seems to be working correctly now in spite of me.

 

[Jack Yaz]

v1.3.1 is now available
Changelog:

NEW: Staggered loading of individual log files to mitigate page freezes

 

[AntonK]

Is it possible to Clear logs with uiScribe?

 

[JT Strickland]

These started after I upgraded uiScribe around 4 pm CST, I thought to 1.3.1. I also just now upgraded uiScribe to 1.3.1 at about 8;45 pm CST, per amtm, although I thought I already had earlier, and restarted syslog-ng. It may not mean anything bad, may just be doing its job. amtm says I am current now.
From the syslog-ng.log:

Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Follow-mode file source not found, deferring open; filename='/var/lib/logrotate.status'
Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload request received, reloading configuration;
Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload finished;

RT-AC86U w/ 384.17, RT-AC68U Aimesh node w/ same, Diversion, UiDivstats, Skynet, AiProtection, Scribe, UiScribe, Conmon, SpdMerlin, ScMerlin, Nsrum, NtpMerlin

 

[Jack Yaz]

Is it possible to Clear logs with uiScribe?

Not at the moment

 

[Jack Yaz]

These started after I upgraded uiScribe around 4 pm CST, I thought to 1.3.1. I also just now upgraded uiScribe to 1.3.1 at about 8;45 pm CST, per amtm, although I thought I already had earlier, and restarted syslog-ng. It may not mean anything bad, may just be doing its job. amtm says I am current now.
From the syslog-ng.log:

Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Follow-mode file source not found, deferring open; filename='/var/lib/logrotate.status'
Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload request received, reloading configuration;
Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload finished;

RT-AC86U w/ 384.17, RT-AC68U Aimesh node w/ same, Diversion, UiDivstats, Skynet, AiProtection, Scribe, UiScribe, Conmon, SpdMerlin, ScMerlin, Nsrum, NtpMerlin

Those look like normal messages to me

 

[elorimer]

Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload request received, reloading configuration;
Apr 27 20:00:00 RT-AC86U-8F38 syslog-ng[2690]: Configuration reload finished;

Hourly skynet boils its log down to a single summary line, which requires syslog-ng to restart, so it sends a hangup to syslog-ng. That's what these messages are.

 

[JT Strickland]

Hourly skynet boils its log down to a single summary line, which requires syslog-ng to restart, so it sends a hangup to syslog-ng. That's what these messages are.

I knew they happened right on the hour. The line that concerned me was "Follow-mode file source not found, deferring open; filename='/var/lib/logrotate.status'" , but I suppose it's normal, also, from what you guys say, and that's good enough for me.
thanks again,
jts