それマグで!

知識はカップより、マグでゆっくり頂きます。 takuya_1stのブログ

習慣に早くから配慮した者は、 おそらく人生の実りも大きい。
トップ > syslog を機器から転送ちょこっと収集する

syslog を機器から転送ちょこっと収集する

Syslogないと、ネットッワーク機器がなにしてるかわからない。

SSHでログインしてSyslog見られない機器は大嫌い。トラブルがあったり設定がミスしていても、手がかりがなければ、設定項目をかたっぱしから試すことになったりして辟易する。

syslog でネットッワーク機器からログをもらう

syslogはFacilityとか設定が奥が深いんだけど、ネットッワーク機器からログをもらうだけにそんなもの調べたら時間が足りなくなる。

受信側(機器から見て送信先)のSyslog設定。

受信側は、ネットッワークからのログを受けられるようにする。

/etc/rsyslog.conf

 15 # provides UDP syslog reception
 16 $ModLoad imudp
 17 $UDPServerRun 514
 18 $AllowedSender UDP, 127.0.0.1, 192.168.20.0/24

この設定は。UDPのモジュールを取り出して、 ポート514で待ち受け、送信パケットを192.168.20.0/24 のものを取り出す。

上記の設定で、ネットッワークからの待ち受けが出来る

再起動

設定したら、syslogを再起動する。systemdなんて使わないのでinit.dで男らしい仕様

takuya@atom:/etc$ sudo /etc/init.d/rsyslog restart
[ ok ] Stopping enhanced syslogd: rsyslogd.
[ ok ] Starting enhanced syslogd: rsyslogd.

どうでもいいけど、init 系はスクリプトファイルの場所とかコマンドとか整理されててやっぱり好き。

ポートの待ち受けを確認する

sudo nmap localhost -sU  -p 514

別ホストからも確認。

takuya@KURO-BOX:~$ sudo nmap -sU 192.168.20.9 -p 514

Starting Nmap 5.00 ( http://nmap.org ) at 2015-03-07 04:45 JST
Interesting ports on host (192.168.20.9):
PORT    STATE         SERVICE
514/udp open|filtered syslog
MAC Address: 40:61:xx:xx:xx:xx (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 3.92 seconds

実際にログが送られるか確認する。

takuya@atom:~$ tail  -f /var/log/messages
Mar  7 04:47:47 192.168.2.1 syslog: dropbear : ssh daemon successfully stopped
...

送られてきた。

ちょっと見たいだけなんだけど?該当IPだけに出来ないの?

設定中だけちょっと見たいだけのときとか、ガッツリせっていかくのが面倒なので

:fromhost-ip, isequal, "192.168.20.100" /var/log/voip.ata.log

等と書いて、手っ取り早いフィルタをかけることが出来る

実際送られてきたログはこんな感じに該当の機器からのみになる。

tailf -f /var/log/voip.ata.log
Mar  7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::run, stack 1 setup port 5062 : 5062
Mar  7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performPnPSubscription
Mar  7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 1 is sent
Mar  7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out
Mar  7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1
Mar  7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out
Mar  7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1
Mar  7 03:40:24 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out
Mar  7 03:40:24 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 2 is sent
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcv4xx: Received 401 response for transaction 2(REGISTER)
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 2 got status code 401
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcv2xx: Received 200 response for transaction 3 (REGISTER), inXfr : -1
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::processSigRegistered, Account 0 registered, tried 0; Next reg in 3000 seconds (5080) on 192.168.2.9
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 3 got status code 200
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performRegistration, transaction got code 0:200
Mar  7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 4 is sent
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 1
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::isMessegeFromAllowedProxy, acct= 0, server= 192.168.2.9:5060, failover= NULL:5060, outboundproxy= NULL:5060
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::cb_rcv4xx: Received 401 response for transaction 4(REGISTER)
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 4 got status code 401
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::isMessegeFromAllowedProxy, acct= 0, server= 192.168.2.9:5060, failover= NULL:5060, outboundproxy= NULL:5060
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::cb_rcv2xx: Received 200 response for transaction 5 (REGISTER), inXfr : -1
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::processSigRegistered, Account 1 registered, tried 0; Next reg in 3000 seconds (5081) on 192.168.2.9
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 5 got status code 200
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performRegistration, transaction got code 0:200
Mar  7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2
Mar  7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3
Mar  7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3
Mar  7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3
Mar  7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2
Mar  7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:31 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 1
Mar  7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] IFX_TAPI_EVENT_FXO_APOH event received on port 1 ch 0, status =FXO_INCOMING_RING
Mar  7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Vinetic22::stopCidDetection on port 1:0
Mar  7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0
Mar  7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:43 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0
Mar  7 03:40:44 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0
Mar  7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE)
Mar  7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_timeout: Transaction timed out for SUBSCRIBE
Mar  7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processPhoneOffHook on port 0:0, status = FXO_RING_THRU/CALL_IDLE, reg'd:1, allow calls w/o reg:0 ,sigReferred:0
Mar  7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Vinetic22::isFxoPortAvailable, FXO Port Busy
Mar  7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::fxsConnectToFxo on FXS port 0:0, No Idle FXO Port
Mar  7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processCallFailed on port 0:0, status = FXO_RING_THRU/CALL_IDLE stCode:486 canConf:0 ,sigReferred:0
Mar  7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] IFX_TAPI_EVENT_FXO_NOPOH event received on port 1 ch 0
Mar  7 03:40:56 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processPhoneOnHook on port 0:0, status = CALL_ENDING/CALL_IDLE canConf:0 noreminder:0 ,sigReferred:0
Mar  7 03:41:08 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1
Mar  7 03:41:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1

参考資料

http://d.hatena.ne.jp/hogem/20120326/1332772781