How do you set up syslog assignments?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
I have setup an Ubuntu Server 12.04 LTS server with rsyslog service running port 514 (tested and confirmed with netstat). Then the syslog assignment with facility of Local0, on an object with the IP address of the rsyslog server, with the severity of debug has been added in HiveManager. Finally, the configuration has been pushed out to the APs. Unfortunately, I am seeing absolutely no rsyslog logs from Aerohive equipment whatsoever.

Any ideas? Thanks!
Photo of Nathaniel Black

Nathaniel Black

  • 5 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Hi Nathaniel

use text editor of choice
sudo vi /etc/rsyslog.conf

uncomment
$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514


vi commands
x to delete the #
esc key wq! to write and quit

sudo service rsyslog restart

cd to /var/log
tail -300 syslog

try local 6

0 is usually mapped to errors

under configuration advanced



assign to network policy





(Edited)
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
How many APs are in your deployment? Even at info you're going to be generating huge amounts of logs. I have a 130-AP deployment, dropping ~65% of my logs (set proxy/unset proxy), and I still pull in about 1.3M log entries a day.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Sorry I wasn't clear

you test with higher log level to verify that logging is working.

Then adjust as needed.

A
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
Wasn't criticizing, just wanted to make sure that Nathaniel wasn't going to get overwhelmed. It's perfectly fine to haul down a ton of logging data, but you'll need to be running something to manage it.
Photo of Nathaniel Black

Nathaniel Black

  • 5 Posts
  • 0 Reply Likes
Thanks for your help! The one area that I had missed was under Additional Settings > Management Server Settings. After setting that value, I am now getting logs. Thanks!