Archive for November 30th, 2023

rsyslog: redirect logs from certain host to a separate file

Thursday, November 30th, 2023

Linksys PAP2T-NA phone adapter is configured to send logs to a remote syslog server 10.11.0.10.

Enable UDP listener in /etc/rsyslog.conf and allow in it’s config a remote ip/subnet address:

module(load="imudp")
input(type="imudp" port="514")
$AllowedSender TCP, 10.11.0.0/16

Here is how logs look like after this (and sure after configuring your server’s ip as a syslog server on the remote device). Most likely they will appear in /var/log/syslog :

Nov 25 15:39:19 10.11.13.102 [1: 0]RTP Tx Dn
Nov 25 15:39:19 10.11.13.102 [1: 0]ENC INIT 8
Nov 25 15:39:19 10.11.13.102 [1: 0]RTP Tx Up (pt=8->0a48000a:18076)
Nov 25 15:39:19 10.11.13.102 CC: Remote Resume
Nov 25 15:39:19 10.11.13.102 CC: Connected
Nov 25 15:39:19 10.11.13.102 RTP: SSRC changed 787a1882->1df25275
Nov 25 15:39:29 10.11.13.102 syscfg_update_hdlr!!!
Nov 25 15:39:29 10.11.13.102 syscfg_update_hdlr!!!
Nov 25 15:39:51 10.11.13.102 syscfg_update_hdlr!!!


To redirect logs from remote host with ip address 10.11.13.102 do the following:


Create /etc/rsyslog.d/11-linksys-gw.conf with the following lines:


if $fromhost-ip == '10.11.13.102' then /var/log/linksys-gw.log
& stop


Create /var/log/linksys-gw.log empty file. At least in Debian you need to chown root:adm for this file.

Finally, restart rsyslog daemon. After that all logs going from remote ip-address 10.11.13.102 will be stored in a separate file.