Data Logging Using Syslog

The ENVIROMUX Environment Monitoring Systems log data from their sensors, and send it to computers using Syslog.

Data Logging Using Syslog

The ENVIROMUX Environment Monitoring Systems store event and data entries in the system data log. The system data log can be downloaded as a comma-separated plain text file (.csv), viewed via the web interface, or sent to up to 9 remote IP addresses using syslog. Data logging using Syslog on a remote computer allows for historical data collection in a convenient location.

Linux/Unix-based computers use a standard syslog daemon to accept log data from the kernel, from any and all local processes, and even from processes on remote systems. Syslog support is not included on Windows-based computers, and will need a third-party application to accept the syslog alerts from the E-MICRO or E-1W.

Configuring the E-MICRO and E-1W for Syslog

The E-MICRO and E-1W are easily configured to send log data to a syslog server based on the user selected.

Access the User page by clicking "Administration", "Users", and then the "Edit" button next to the desired user.

Example user syslog settings: (update image with attachment in email)
User Syslog Settings example
Checkmark or fill in the following sections as desired for Syslog data logging:
  • Email datalog: Place a checkmark if the user should receive sensor datalog reports via email
  • Datalog Email Frequency: Select the frequency to receive datalog reports – 30min, 1hr, 2hr, 4hr, 6hr, or 8hr increments
  • Syslog alerts: Place a checkmark if the user should receive alerts via syslog messages
  • Syslog/SNMP IP address: Enter a valid syslog/SNMP IP address for the user to receive syslog/SNMP messages
  • Syslog Facility: select Syslog Facility to send Syslog messages for the user - Local0 thru Local7
  • Remote datalog: Enter a checkmark if this user should receive sensor datalog reports via syslog at a rate of once each minute

Configuring a Windows-based Syslog Server to Receive Syslog Alerts

Windows-based computers do not include native syslog support, and will need a third-party application such as Kiwi Syslog (available as freeware with 30-day advanced options free trial) to receive syslog alerts. The software can be installed either as a stand-alone application, or installed as a service running uninterrupted in the background. Installing the software as a service doesn't require the user to login to Windows to accept syslog messages.


Example Operating Mode:
Operating Mode example

Once installed, the software can be setup to filter syslog alerts by priority and facility. In the Service Manager window, click the "File" menu, and then "Setup" to access the settings for the software. Right click the "Filters" submenu underneath "Default" in the "Rules" section of the menu, and click "Add filter". Rename the new filter accordingly, and hit enter to apply the name. Click the new filter's name to access the settings for that filter. Select "Priority" from the "Field" drop down list above to bring up the options for filtering incoming syslog messages. The chart shown categorizes each facility to the left, and priorities on the top.

Since the E-MICRO and E-1W send messages to the selected local0 thru local7 facility, scroll near the bottom of the facility list to the left to find the desired local folder and select the priorities to filter. Click the green tick button at the bottom of the screen to set priorities. A match on each priority causes the filter result to be true, delivering the message. Setting a green tick in all of the priority values ensures a match will occur no matter what the message priority value.


Example Priority and Facility Filter:
Priority and Facility Filter example

Click "Apply" to accept the settings, and "OK" to exit the Setup window. The default settings on the other options in the Setup window can be modified to fit individual needs of the user, but of particular importance is the "UDP" menu item under "Alarms". These default settings are standard remote message settings for syslog, and should not be changed.


Example UDP Settings:
Example UDP Settings

The software should now be ready to accept incoming syslog messages from the E-MICRO.


Configuring the Linux/Unix-based Syslog Server to Receive Syslog Alerts

The standard syslog daemon used by Linux/Unix-based systems is configurable to accept alerts from remote systems. To configure the system to receive these alerts, two configuration files will need to be edited: /etc/sysconfig/syslog (/etc/init.d/sysklogd on some systems) and /etc/syslog.conf (/etc/rsyslog.conf on some systems).

The security settings of the Linux/Unix-based syslog server may need to be configured to allow remote syslog alerts to be received. The default settings for the centralized syslog configuration file do not listen for remote messages, and will need UDP port 514 opened to accept remote UDP logging. On most systems, the "SYSLOGD_OPTIONS" (or just "SYSLOGD" on some systems) variable in the /etc/sysconfig/syslog (or /etc/init.d/sysklogd) file will need an "-r" included in it to open the port.


Example syslogd configuration:
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details

SYSLOGD_OPTIONS="-m 0 -r"

# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details

KLOGD_OPTIONS="-x"

#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".



Save the changes to the syslogd configuration, and restart syslog to apply the changes.

Example restart syslog command:
/etc/rc.d/init.d/syslog restart

The system firewall may also need to have port 514 opened as well.

Filtering Received Syslog Alerts

At this point, the received syslog messages are being written to the same file as many other system messages and alerts. Syslog writes each type of message received based on the settings in the /etc/syslog.conf (/etc/rsyslog.conf on some systems) configuration file. The syslog configuration file can be modified to isolate the messages coming from the E-MICRO or E-1W for easier access. The file consists of two columns, first listing the facilities and severities of messages, and the second listing the files to which they should be logged. By listing the full path to a filename as a line's action in syslog.conf, messages that match that line will be appended to that file.

Supported facilities in Linux are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, UUCP and local0 through local7. When configuring individual user alerts, one facility from local0 through local7 can be selected to receive syslog messages from the E-MICRO or E-1W.

The example syslog.conf configuration below filters the incoming selected local facility messages sent by the E-MICRO or E-1W into three files. In this example, "local2" facility messages with the priority of informational are logged in the /var/log/syslog file, while "local0" facility messages with a priority of notice and higher are logged in the var/log/syslog.alert file for easy access.



Example syslog.conf file configuration
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console

# Save syslog and remote info messages to syslog
syslog.*;local2.=info;user.*				/var/log/syslog

#Save syslog and remote alert info to syslogalert
local0.notice						/var/log/syslog.alert

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local0.none;auth.none	/var/log/messages

# The authpriv file has restricted access.
authpriv.*;auth.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							-/var/log/maillog


# Log cron stuff

cron.*							/var/log/cron

# Everybody gets emergency messages
*.emerg							*

# Save news errors of level crit and higher in a special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*							/var/log/boot.log




Restart syslog again to apply the changes.