Syslog

[namirda]

I have been trying to use the option in espeasy to log to a remote syslog server. This works OK except that I find the esp entry logged on the syslog server with a facility of 'kernel' rather than something more appropriate.

I have taken a look at the espeasy routine 'syslog' in module 'networking' and the reason is clear - the message is logged to syslog using a hardcoded priority of 7.

The priority is calculated as 8 * Facility + Severity and so if the priority is to remain hardcoded, a priority of 133 (Facility=local0=16 and Severity=Warn=5) might be more appropriate.

Even better if this could be made configurable in the webserver.

Thanks

N

[alex73]

In addition to this I also wonder why the ESP generated syslog messages do not follow "usual" structure.

So instead of

Code: Select all

2017-10-10 12:01:09 ESP Unit: 2 : WIFI : Connected! IP: 192.168.xxx.xxx (ESPEasy_BME280_2)

why not send

Code: Select all

2017-10-10 12:01:09 ESPEasy ESPEasy_BME280[2]: WIFI : Connected! IP: 192.168.xxx.xxx (ESPEasy_BME280_2)

So reuse the hostname to identify for ESP - or the real hostname if applicable, the programname could be the ESP Name and the PID the node id.

This would make filtering of syslog much more intuitive and easier. With rsyslog one could write analog to my CRON here

Code: Select all

#
# CRON rsyslog
#
# Catch all CRON generated syslog messages and redirect to a dedicated file
#
if $programname == "CRON" then {
        # collect all matching messages in one dedicated file
        action(type="omfile" file="/var/log/cron.log" name="CRON_omfile")

        # we do not want to have this kind of logs in other log files
        stop
}

instead of a clumsy definition I currently use

Code: Select all

#
# rsyslog config for espeasy devices
#
# define ruleset and bind it to the udp input module
#

# Debugging template as the syslog string of espeasy is strange 2016-12
template(name="esplog_debug" type="string"
        string="%TIMESTAMP:::date-rfc3339%°%syslogfacility-text%°%HOSTNAME%°%syslogtag%°%msg:::sp-if-no-1st-sp%°%msg:::drop-last-lf%°%rawmsg:::drop-last-lf%°\n"
)

#:rawmsg,contains, "ESP Unit:"  /var/log/espeasy/espeasy_all_debug.log;esplog_debug

# define ruleset for remote logging of messages
ruleset(name="espeasy_remote"){
        # check if comming from espeasy nodes
        if $hostname == "ESP" then {
                # collect all espeasy related messages in one big file
                action(type="omfile" file="/var/log/espeasy/espeasy_all.log" name="espeasy_remote_omfile")

                # save messages from different units to different files
                if $rawmsg contains "Unit: 1" then /var/log/espeasy/espeasy-sonoff_nixie.log
                if $rawmsg contains "Unit: 2" then /var/log/espeasy/espeasy-bme280.log
                if $rawmsg contains "Unit: 99" then /var/log/espeasy/espeasy-nodemcu.log
                # we do not want to have espeasy logs in other log files
                stop
        }
}

# bind ruleset to tcp listener and activate it
input(type="imudp" port="514" ruleset="espeasy_remote" name="input_espeasy_remote")

Any comments on this one anyone?

Regards, Alex.