Syslogないと、ネットッワーク機器がなにしてるかわからない。
SSHでログインしてSyslog見られない機器は大嫌い。トラブルがあったり設定がミスしていても、手がかりがなければ、設定項目をかたっぱしから試すことになったりして辟易する。
syslog でネットッワーク機器からログをもらう
syslogはFacilityとか設定が奥が深いんだけど、ネットッワーク機器からログをもらうだけにそんなもの調べたら時間が足りなくなる。
受信側(機器から見て送信先)のSyslog設定。
受信側は、ネットッワークからのログを受けられるようにする。
/etc/rsyslog.conf
15 # provides UDP syslog reception 16 $ModLoad imudp 17 $UDPServerRun 514 18 $AllowedSender UDP, 127.0.0.1, 192.168.20.0/24
この設定は。UDPのモジュールを取り出して、 ポート514で待ち受け、送信パケットを192.168.20.0/24 のものを取り出す。
上記の設定で、ネットッワークからの待ち受けが出来る
再起動
設定したら、syslogを再起動する。systemdなんて使わないのでinit.dで男らしい仕様
takuya@atom:/etc$ sudo /etc/init.d/rsyslog restart [ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd.
どうでもいいけど、init 系はスクリプトファイルの場所とかコマンドとか整理されててやっぱり好き。
ポートの待ち受けを確認する
sudo nmap localhost -sU -p 514
別ホストからも確認。
takuya@KURO-BOX:~$ sudo nmap -sU 192.168.20.9 -p 514 Starting Nmap 5.00 ( http://nmap.org ) at 2015-03-07 04:45 JST Interesting ports on host (192.168.20.9): PORT STATE SERVICE 514/udp open|filtered syslog MAC Address: 40:61:xx:xx:xx:xx (Unknown) Nmap done: 1 IP address (1 host up) scanned in 3.92 seconds
実際にログが送られるか確認する。
takuya@atom:~$ tail -f /var/log/messages Mar 7 04:47:47 192.168.2.1 syslog: dropbear : ssh daemon successfully stopped ...
送られてきた。
ちょっと見たいだけなんだけど?該当IPだけに出来ないの?
設定中だけちょっと見たいだけのときとか、ガッツリせっていかくのが面倒なので
:fromhost-ip, isequal, "192.168.20.100" /var/log/voip.ata.log
等と書いて、手っ取り早いフィルタをかけることが出来る
実際送られてきたログはこんな感じに該当の機器からのみになる。
tailf -f /var/log/voip.ata.log Mar 7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::run, stack 1 setup port 5062 : 5062 Mar 7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performPnPSubscription Mar 7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:21 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 1 is sent Mar 7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out Mar 7 03:40:22 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1 Mar 7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out Mar 7 03:40:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1 Mar 7 03:40:24 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 1 is timed out Mar 7 03:40:24 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Subscribe transaction got code 0:-1 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 2 is sent Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcv4xx: Received 401 response for transaction 2(REGISTER) Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 2 got status code 401 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcv2xx: Received 200 response for transaction 3 (REGISTER), inXfr : -1 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::processSigRegistered, Account 0 registered, tried 0; Next reg in 3000 seconds (5080) on 192.168.2.9 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 3 got status code 200 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performRegistration, transaction got code 0:200 Mar 7 03:40:25 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPClientTransaction::sendRequest: Request 4 is sent Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 1 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::isMessegeFromAllowedProxy, acct= 0, server= 192.168.2.9:5060, failover= NULL:5060, outboundproxy= NULL:5060 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::cb_rcv4xx: Received 401 response for transaction 4(REGISTER) Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 4 got status code 401 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::isMessegeFromAllowedProxy, acct= 0, server= 192.168.2.9:5060, failover= NULL:5060, outboundproxy= NULL:5060 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::cb_rcv2xx: Received 200 response for transaction 5 (REGISTER), inXfr : -1 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::processSigRegistered, Account 1 registered, tried 0; Next reg in 3000 seconds (5081) on 192.168.2.9 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPTransaction::waitForResponse: Request 5 got status code 200 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SigCtrl::performRegistration, transaction got code 0:200 Mar 7 03:40:26 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 2 Mar 7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3 Mar 7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:29 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3 Mar 7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 3 Mar 7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 2 Mar 7 03:40:30 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:31 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(1)::run: Active transactions: 1 Mar 7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:33 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] IFX_TAPI_EVENT_FXO_APOH event received on port 1 ch 0, status =FXO_INCOMING_RING Mar 7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Vinetic22::stopCidDetection on port 1:0 Mar 7 03:40:36 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0 Mar 7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:37 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:41 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:43 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0 Mar 7 03:40:44 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] FXO_POLARITY event received on port 1 ch 0 Mar 7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:45 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:49 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_rcvreqrexmit: Resend for transaction 1(SUBSCRIBE) Mar 7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::cb_timeout: Transaction timed out for SUBSCRIBE Mar 7 03:40:53 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processPhoneOffHook on port 0:0, status = FXO_RING_THRU/CALL_IDLE, reg'd:1, allow calls w/o reg:0 ,sigReferred:0 Mar 7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] Vinetic22::isFxoPortAvailable, FXO Port Busy Mar 7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::fxsConnectToFxo on FXS port 0:0, No Idle FXO Port Mar 7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processCallFailed on port 0:0, status = FXO_RING_THRU/CALL_IDLE stCode:486 canConf:0 ,sigReferred:0 Mar 7 03:40:54 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] IFX_TAPI_EVENT_FXO_NOPOH event received on port 1 ch 0 Mar 7 03:40:56 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] ATACtrl::processPhoneOnHook on port 0:0, status = CALL_ENDING/CALL_IDLE canConf:0 noreminder:0 ,sigReferred:0 Mar 7 03:41:08 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1 Mar 7 03:41:23 HT-503 [00: 0B:82:60:4E:50]: [1.0.12.8] SIPStack(0)::run: Active transactions: 1