Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[bilefrog]

Hello,

I'm running a small LAN with several routers and servers. All these nodes are configured to log events on a central syslog server within the LAN. I've configured the central syslog-server in a way that it creates a separate log-file for each reporting host. It works fine for all but my DIR-645. Some events are written to the file they are supposed to be written in, but other events from this router produce extra files, as if they were from different hosts.
Examples:

These events log as they should
Jan 30 06:39:03 wan-router DHCP: Client receive ACK from xx.xx.xx.xx, IP=xx.xx.xx.xx, Lease time=3600.
Jan 30 07:08:03 wan-router WLAN: Close wireless interface success
Jan 30 18:01:35 wan-router warning: no upstream servers configured

And these events create separate files as if from another host:
Jan 18 16:48:03 Update 'xxxx.dyndns.org' (xx.xx.xx.xx) to 'DynDNS.org' successfully.
Jan 30 17:17:28 Time synchronized
Dec 22 12:43:51 Got new client [xx:xx:xx:xx:xx:xx] associated from BAND24G-1.1 (2.4 Ghz)

As you can see there is no host and no logging facility in the syslog entries.
As long as the DIR-645 UDP-message has a colon after the first string, the syslog server will interpret that as the logging facility and therefore create a valid log-entry and generate a reporting host via dns-lookup. Without a colon syslog doesn't know what to to with it and will just put this message as an entry in its log-files.

After some troubleshooting I found out, that the format of the udp-messages sent by the 645 are not conform with syslog-standards. example:
 
"Web login success from 192.168.178.100" is the UDP message from my DIR-645 where
"<38>Jan 30 17:52:04 elysium sshd[400]: Accepted password for sysmon from xx.xx.xx.xx port 44763 ssh2" is a properly sent udp-message from another system.

Interesting infos:
* My DIR-645 is on HW ver A1 and I experienced the problems under FW 1.02 and FW 1.03.
* Setup->Network Settings->Router Settings: Host Name is set to wan-router
* Setup->Network Settings->Router Settings: Local Domain Name: unset, as the Router wouldnt accept
any entries there (i'm wondering why i cannot set it to my local domain)
* DHCP Disabled
* Log Type and Level: System and Information

Is there anyone who got this syslog thing work correctly, or am I to wait until D-Link will fix this in a new firmware?

Greetings
Eric

[FurryNutz]

What syslog application program do you use? I use SysLogWatcher myself. I need to check this out and see if it happens there.

I would presume that if the 645 is the only device that isn't logging to syslog specification as maybe other devices do, I would recommend that you phone contact DLink support, ask for level 3 or higher and see if this is how they designed the FW to act or if not, can they get it fixed.

Not much we can do here in the forums regarding coding of FW.

Let us know what they say.

[bilefrog]

I am using rsyslogd as syslog server.

Hmm, perhaps i will write an email to DLink support. My experiences phoning support hotlines are not this good.

I will let you know what they say.

Greetings

[FurryNutz]

Keep us posted on how it goes, Good luck.