Getting the Linksys X3500 to log to a remote syslog server

It’s always useful to get your network gear to send their logs somewhere else in case they die, reboot, or go on fire. In a domestic setting this can be very useful if you have some problems with the stability of your link. However, in the case of the X3500, Linksys’s knowledge base says

11.Does the X3500 support transmission of log information to a log server?

No, the Linksys X3500 does not support transmission of log information to a log server.

Welllll…. that’s kind of true, in that there’s no option to enable it, so I suppose it’s not supported. However, it can be done. Linksys would probably say that this will invalidate your warranty, set your hair on fire and poison the groundwater, but a big fat ‘muh’ to them.

Connect to the device’s CLI, and enter sh to get a BusyBox shell. Then we can see this:

BCM96362 Broadband Router
Login: admin
 > sh

BusyBox v1.00 (2013.01.15-03:30+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

# ps
  PID  Uid     VmSize Stat Command
    1 admin       500 S   init                
    2 admin           SW< [kthreadd]
    3 admin           SW< [migration/0]
  350 admin       436 S   syslogd -n -C -l 1
# syslogd -h
syslogd: invalid option -- h
BusyBox v1.00 (2013.01.15-03:30+0000) multi-call binary

Usage: syslogd [OPTION]...

Linux system and kernel logging utility.
Note that this version of syslogd ignores /etc/syslog.conf.

        -m MIN          Minutes between MARK lines (default=20, 0=off)
        -n              Run as a foreground process
        -O FILE         Use an alternate log file (default=/var/log/messages)
        -S              Make logging output smaller.
        -R HOST[:PORT]  Log to IP or hostname on PORT (default PORT=514/UDP)
        -L              Log locally and via network logging (default is network only)
        -C [size(KiB)]  Log to a circular buffer (read the buffer using logread)
        -l [1-7]        local log level
        -r [1-7]        remote log level

So we can see that syslogd is running, and we can also see that there is an option to log to a remote server.

We can kill the running process and start our own:

# kill 350
# syslogd -R our.syslog.server -L -l 1 -r 1 -C 

and we’ll immediately get a message at our syslog server (via UDP port 514), which I’ve pasted almost verbatim to prove it works:

Jun  4 11:52:32 my.x3500.address  BCM96345  started: BusyBox v1.00 (2013.01.15-03:30+0000)

Unfortunately I have no idea how to make this change permanent; ideas welcome!

Leave a Comment

Filed under networking

Leave a Reply