RuggedCom RX1000, RX1100 manual Remote Logging, Changing a Syslog entry to remote log

RuggedRouter™ User Guide

Left unrestricted the logging system would consume all available “disk” space, causing the router to fail. The router limits the memory used by the logging system by storing logs in a volatile (i.e. lost after a reboot) file system which is limited in size. Such a system will lose logging information when a power failure occurs, too much logging is generated or as the result of a user commanded reboot.

The router deals with this problem by storing compressed versions of three key files (messages, auth.log, and critical) to the permanent disk. The log files are saved every 180 seconds and upon an orderly reboot. The log files are restored during the next boot. All other files but these are cleared.

Remote Logging

Remote logging (often referred to as remote syslogging) is the process of forwarding log entries to a remote host computer. Remote logging enables central collation of logs and preserves logs in the events of security incidents. Remote logging does not require any file storage on the router and as such does not suffer from loss of information around unplanned power failures. On the other hand, remote logging cannot record events that occur before network connectivity to the logging host is established.

Remote logging can replace disk logging or can augment it.

If you wish to replace disk logging for some information type, select the appropriate link under the System Logs sub-menu Log Destination column. Enter the URL of the logging host under the Syslog server on.

Figure 231: Changing a Syslog entry to remote log

If you wish to remote log in addition to disk log some log type, you must duplicate the log entry and the configure the logging host. Duplicate the entry by using the “Add a new system log” link on the System Logs sub-menu.

Finally, you may forward all information to the remote logger by creating a new system log entry and specifying “All” Facilities and all priorities, and checking the Syslog server on field with an appropriate address.