What's new

WAN failover in syslog?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

metahome

Occasional Visitor
I have an RT-AC68U running Merlin 386.7_2 with a normal ISP ethernet WAN connection and a 4G USB dongle to provide a WAN failover.
Failover and failback seem to be working fine, however I want to be notified when a WAN failover or failback occurs.
My RT-AC68U is set to send everything from WARN level and more critical to my syslog server which then emails me using a set of rules - but I am not seeing anything on the syslog server relating to a failover event.
When I inspect the syslog on the RT-AC68U I don't see anything that indicates a failover or failback.
Can anyone advise what I should see in syslog that would indicate a failover/failback event? Ideally it would help to know what level this gets logged at and what strings I should be looking for to identify these events.

Many thanks in advance.
 
My RT-AC68U is set to send everything from WARN level and more critical to my syslog server which then emails me using a set of rules...
I'm assuming you're talking about a remote syslog server. In which case that's not how it works. All messages are sent to the remote server regardless of their level. The "Log only messages more urgent than" option is a filter that only applies to messages logged on the router itself.
 
I'm assuming you're talking about a remote syslog server. In which case that's not how it works. All messages are sent to the remote server regardless of their level. The "Log only messages more urgent than" option is a filter that only applies to messages logged on the router itself.
Thanks for clarifying that. I think even if all logs get sent to the syslog server, my original question about the severity level and strings to look for still stand. I can't seem to find anything relating to a failover/failback event. Would be great if you, or anyone, have anything to share on that point.
 
Sorry, I don't use dual-WAN. I suggest that you change "Log only messages more urgent than" to "all" and then force a failover condition. I'd expect to see quite a few messages in the router's log.
 
Sorry, I don't use dual-WAN. I suggest that you change "Log only messages more urgent than" to "all" and then force a failover condition. I'd expect to see quite a few messages in the router's log.

I'm seeing plenty of useful messages in the router log, such as:

Nov 21 14:39:09 WAN(0)_Connection: link down.
Nov 21 14:51:16 WAN(1)_Connection: WAN was exceptionally disconnected.
Nov 21 14:54:08 WAN(1)_Connection: WAN was restored.

However none of these are being sent by the router to my syslog server.

My syslog server is getting plenty of other messages from the router, e.g.:

<29>1 2022-11-21T14:51:00+00:00 RT-AC68U-2300-98E3374-C ovpn-server1 9121 - - ovpn-server1[9121]: SIGTERM[hard,] received, process exiting
<11>1 2022-11-21T14:51:01+00:00 RT-AC68U-2300-98E3374-C wsdd2 8246 - - wsdd2[8246]: error: wsdd-mcast-v4: wsd_send_soap_msg: send


But none of the messages above that indicate a WAN up/down/failover/failback situation are coming through to the syslog server.

I'm really struggling here - it is well over 20 years since I last did any coding in 'C' but from searching the code repository the messages I'm looking for appear to be written to the router log from release/src/router/rc/wanduck.c around line 3060, but it is beyond my very ancient coding skills to figure out what the issue is.

Can anyone advise - as I just don't seem to be getting these messages sent to my syslog server.

Thanks in advance.
 
I suspect this is a problem with the configuration of your syslog server. I've just tried this on my router and syslog server and it works fine:

Router (I enabled verbose logging so that you could see the facility and priority):
Code:
Nov 21 17:18:12 RT-AX86U-71F197B-C syslog.info syslogd started: BusyBox v1.25.1
Nov 21 17:18:47 RT-AX86U-71F197B-C syslog.info syslogd: using server 192.168.1.10:514
Nov 21 17:18:47 RT-AX86U-71F197B-C user.crit kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Nov 21 17:18:56 RT-AX86U-71F197B-C user.notice WAN_Connection: WAN(0) link down.
Nov 21 17:19:07 RT-AX86U-71F197B-C user.crit kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link Up at 1000 mbps full duplex
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice WAN_Connection: WAN(0) link up.
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice rc_service: wanduck 1180:notify_rc restart_wan_if 0
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice custom_script: Running /jffs/scripts/service-event (args: restart wan_if)
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice custom_script: Running /jffs/scripts/dhcpc-event (args: deconfig)
Nov 21 17:19:11 RT-AX86U-71F197B-C user.err wsdd2[23741]: error: wsdd-mcast-v4: wsd_send_soap_msg: send

syslog server:
Code:
Nov 21 17:18:47 RT-AX86U-71F197B-C kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Nov 21 17:18:56 RT-AX86U-71F197B-C WAN_Connection: WAN(0) link down.
Nov 21 17:19:07 RT-AX86U-71F197B-C kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link Up at 1000 mbps full duplex
Nov 21 17:19:11 RT-AX86U-71F197B-C WAN_Connection: WAN(0) link up.
Nov 21 17:19:11 RT-AX86U-71F197B-C rc_service: wanduck 1180:notify_rc restart_wan_if 0
Nov 21 17:19:11 RT-AX86U-71F197B-C custom_script: Running /jffs/scripts/service-event (args: restart wan_if)
Nov 21 17:19:11 RT-AX86U-71F197B-C custom_script: Running /jffs/scripts/dhcpc-event (args: deconfig)
Nov 21 17:19:11 RT-AX86U-71F197B-C wsdd2[23741]: error: wsdd-mcast-v4: wsd_send_soap_msg: send
 
Last edited:
I suspect this is a problem with the configuration of your syslog server. I've just tried this on my router and syslog server and it works fine:

Router (I enabled verbose logging so that you could see the facility and priority):
Code:
Nov 21 17:18:12 RT-AX86U-71F197B-C syslog.info syslogd started: BusyBox v1.25.1
Nov 21 17:18:47 RT-AX86U-71F197B-C syslog.info syslogd: using server 192.168.1.10:514
Nov 21 17:18:47 RT-AX86U-71F197B-C user.crit kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Nov 21 17:18:56 RT-AX86U-71F197B-C user.notice WAN_Connection: WAN(0) link down.
Nov 21 17:19:07 RT-AX86U-71F197B-C user.crit kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link Up at 1000 mbps full duplex
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice WAN_Connection: WAN(0) link up.
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice rc_service: wanduck 1180:notify_rc restart_wan_if 0
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice custom_script: Running /jffs/scripts/service-event (args: restart wan_if)
Nov 21 17:19:11 RT-AX86U-71F197B-C user.notice custom_script: Running /jffs/scripts/dhcpc-event (args: deconfig)
Nov 21 17:19:11 RT-AX86U-71F197B-C user.err wsdd2[23741]: error: wsdd-mcast-v4: wsd_send_soap_msg: send

syslog server:
Code:
Nov 21 17:18:47 RT-AX86U-71F197B-C kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Nov 21 17:18:56 RT-AX86U-71F197B-C WAN_Connection: WAN(0) link down.
Nov 21 17:19:07 RT-AX86U-71F197B-C kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link Up at 1000 mbps full duplex
Nov 21 17:19:11 RT-AX86U-71F197B-C WAN_Connection: WAN(0) link up.
Nov 21 17:19:11 RT-AX86U-71F197B-C rc_service: wanduck 1180:notify_rc restart_wan_if 0
Nov 21 17:19:11 RT-AX86U-71F197B-C custom_script: Running /jffs/scripts/service-event (args: restart wan_if)
Nov 21 17:19:11 RT-AX86U-71F197B-C custom_script: Running /jffs/scripts/dhcpc-event (args: deconfig)
Nov 21 17:19:11 RT-AX86U-71F197B-C wsdd2[23741]: error: wsdd-mcast-v4: wsd_send_soap_msg: send
Thanks for this, much appreciated. It is really helpful to have an example of it working. I am pretty sure I have not set any filtering or blocking on my syslog server but I will re-check.

I note you are using an RT-AX86U - can I ask what code level you are running and what options you have set on the log page of the router? Would also be useful to know how you get the verbose log. Is that done via CLI? I will try to replicate this on my RT-AC68U.
 
I note you are using an RT-AX86U - can I ask what code level you are running and what options you have set on the log page of the router? Would also be useful to know how you get the verbose log. Is that done via CLI? I will try to replicate this on my RT-AC68U.
I'm running 386.5_2. Apart from the IP address and port (514) of my syslog server it doesn't matter what the other options are set to. As I said earlier, all syslog messages are sent to the remote server - I checked this again today.

To get the verbose entries showing up in the router's log you have to kill the current syslogd process and run it again manually with the "-S" option removed.

What remote syslog server are you using? I'm using rsyslogd on Ubuntu.
 
I‘m using a QNAP TS-453 Pro NAS box.

Reason I asked about options is that there are couple of parameters I am seeing on the log page which I haven't been able to find a documented description for.

They are the two shown here... even if you think are not relevant to my issue I'd like to understand what they are supposed to do.

1669061930773.png
 
If you hover the mouse pointer over the title of the field a ? will appear. Click the mouse for a description.

I have the "Default.." field set to "notice" and "Log only.." set to "all".
 
Colin Taylor - thanks for your help. Much appreciated.

On my RT-AC68U the WAN connection messages are logged as kern.notice whereas yours are logged as user.notice - which seems a bit odd but maybe to do with different Merlin versions?.

I've now taken a deeper look at the syslog server on my NAS and there are a lot of complaints in the community about the quality of the server. I'm pretty sure it is dropping some types of log entry.
As I haven't been able to configure it to log these missing warnings (regardless of what it is receiving) I suspect I am not going to solve it this way.
There are options to run other syslog servers on the NAS but it involves setting up VMs and I really don't want to get into that, I'd rather let my NAS do the job I bought it for.

I found an old Win7 laptop stashed away in a cupboard so I have put Ubuntu on it and running rsyslog I am seeing all the log entries as you demonstrated.

All I need to do now is to figure the best way to get an email alert sent out from the system.

I know rsyslogd supports ommail, but I really need something that will talk (with login controls) to a gmail SMTP server. I guess that is my next challenge.

Anyway, kudos to you for getting me much further forward by sharing info from your own setup. Many thanks.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top