It’s always useful to get your network gear to send their logs somewhere else in case they die, reboot, or go on fire. In a domestic setting this can be very useful if you have some problems with the stability of your link. However, in the case of the X3500, Linksys’s knowledge base says
11.Does the X3500 support transmission of log information to a log server?
No, the Linksys X3500 does not support transmission of log information to a log server.
Welllll…. that’s kind of true, in that there’s no option to enable it, so I suppose it’s not supported. However, it can be done. Linksys would probably say that this will invalidate your warranty, set your hair on fire and poison the groundwater, but a big fat ‘muh’ to them.
Connect to the device’s CLI, and enter sh to get a BusyBox shell. Then we can see this:
BCM96362 Broadband Router Login: admin Password: > sh BusyBox v1.00 (2013.01.15-03:30+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # ps PID Uid VmSize Stat Command 1 admin 500 S init 2 admin SW< [kthreadd] 3 admin SW< [migration/0] ..... 350 admin 436 S syslogd -n -C -l 1 ..... # syslogd -h syslogd: invalid option -- h BusyBox v1.00 (2013.01.15-03:30+0000) multi-call binary Usage: syslogd [OPTION]... Linux system and kernel logging utility. Note that this version of syslogd ignores /etc/syslog.conf. Options: -m MIN Minutes between MARK lines (default=20, 0=off) -n Run as a foreground process -O FILE Use an alternate log file (default=/var/log/messages) -S Make logging output smaller. -R HOST[:PORT] Log to IP or hostname on PORT (default PORT=514/UDP) -L Log locally and via network logging (default is network only) -C [size(KiB)] Log to a circular buffer (read the buffer using logread) -l [1-7] local log level -r [1-7] remote log level
So we can see that syslogd is running, and we can also see that there is an option to log to a remote server.
We can kill the running process and start our own:
# kill 350 # syslogd -R our.syslog.server -L -l 1 -r 1 -C
and we’ll immediately get a message at our syslog server (via UDP port 514), which I’ve pasted almost verbatim to prove it works:
Jun 4 11:52:32 my.x3500.address BCM96345 started: BusyBox v1.00 (2013.01.15-03:30+0000)
Unfortunately I have no idea how to make this change permanent; ideas welcome!
Leave a Reply