Configuring Asterisk for a remote Syslog Server PART I

Syslog & Rsyslog are the mainstay tools of event logging.  Every standard UNIX/Linux based Operating System comes with some version.  Asterisk logging capabilities allow for some or all events to be sent to syslogd for post processing; (that is) to store in a SQL database or for sending logs to a remote syslog server.

If you work on or troubleshoot Asterisk PBX servers than you know there are a many pieces to put together.  Putting together 30 Polycom IP SoundPoint phones, the network, and configuring Asterisk can a huge task.  I tell most Administrators to expect a “shake out” period.  Usually about for a week.

Start with the simplist feature set possible, and work your way out.  However, occasionally dial plan SNAFU’s aren’t noticed right away.  Like for instance when a user cannot dial a certain area code or there is typo in some utility extension.  By this time there might be wide use of your(mostly operational) Asterisk PBX, making it diffacult to watch the CLI and catch the error.  For the record I’m using Rsyslog, Asterisk 1.4.23-rc2 on Fedora 10 i386, 32bit, Intel yada yada… We’ll start by editing the logger.conf file.


; Logging Configuration
; In this file, you configure logging to files or to
; the syslog system.
; “logger reload” at the CLI will reload configuration
; of the logging system.

; Customize the display of debug message time stamps
; this example is the ISO 8601 date format (yyyy-mm-dd HH:MM:SS)
; see strftime(3) Linux manual for format specifiers
;dateformat=%F %T
; This appends the hostname to the name of the log files.
;appendhostname = yes
; This determines whether or not we log queue events to a file
; (defaults to yes).
;queue_log = no
; This determines whether or not we log generic events to a file
; (defaults to yes).
;event_log = no
; For each file, specify what to log.
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See ‘asterisk -h’ for more information.
; Directory for log files is configures in asterisk.conf
; option astlogdir
; Format is “filename” and then “levels” of debugging to be included:
;    debug
;    notice
;    warning
;    error
;    verbose
;    dtmf
; Special filename “console” represents the system console
; We highly recommend that you DO NOT turn on debug mode if you are simply
; running a production system.  Debug mode turns on a LOT of extra messages,
; most of which you are unlikely to understand without an understanding of
; the underlying code.  Do NOT report debug messages as code issues, unless
; you have a specific issue that you are attempting to debug.  They are
; messages for just that — debugging — and do not rise to the level of
; something that merit your attention as an Asterisk administrator.  Debug
; messages are also very verbose and can and do fill up logfiles quickly;
; this is another reason not to have debug mode on a production system unless
; you are in the process of debugging a specific issue.
;debug => debug
console => notice,warning,error
;console => notice,warning,error,debug
messages => notice,warning,error
;full => notice,warning,error,debug,verbose

;syslog keyword : This special keyword logs to syslog facility

syslog.local1 => verbose

The first time I looked at this I was confused, ‘ ;syslog keyword : This special keyword logs to syslog facility ‘.  This almost implies that ‘keyword’ could be anything.  So what if i call it

/etc/asterisk/logger.conf :

;syslog.local1 => verbose

; replace with

syslog.asterisk => verbose

Now I’ll create a matching entry in the /etc/rsyslog.conf (Fedora 10 uses rsyslog).  Keep in mind you may use /etc/syslog.conf on your system.


#rsyslog v3 config file

# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance

#### MODULES ####

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so    # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so    # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514


# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# Below you will see series of expressions to catch asterisk logs

#Some work, other expressions will not.  Why is that?


local0.*                        /var/log/asterisk.log

local1.*                        /var/log/local-cli.log

#The asterisk ‘logger.conf’ file matches entries ‘local1’ and ‘asterisk’.

asterisk.*                    /var/log/asterisk-cli.log


# ### begin forwarding rule ###
# The statement between the begin … end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g., port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

No Comments »

RSS feed for comments on this post. TrackBack URL

Leave a comment