Syslong-ng Dnsmasq

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Galeriusinmood

New Around Here
Hi Everyone

I am a new user to SNB and to the merlin asus firmware. I have been checking for a couple of months SNB posts in order to be able to perform the task that i am going to describe but without success.

Currently sending my asus syslog information to an internal syslog repo. Unfortunately dnsmasq.log is not been sent and i have no clue what might be happening. I am running latest Merlin firmware with diversion, skynet , scribe and unbound.

My syslog-ng dnsmasq looks like the following :
destination d_dnsmasq {
file("/opt/var/log/dnsmasq.log" );
};

filter f_dnsmasq {
program("dnsmasq");
};


log {
source(src);
filter(f_dnsmasq);
destination(d_dnsmasq);
flags(final);
};

#eof

Starting syslog-ng within debug i can see the following lines related with dnsmasq imports :
[2020-10-09T13:01:09.775977] Adding include file; filename='dnsmasq', depth='1'
[2020-10-09T13:01:09.828565] Starting to read include file; filename='/opt/etc/syslog-ng.d/dnsmasq', depth='1'
[2020-10-09T13:01:09.829474] Finishing include; filename='/opt/etc/syslog-ng.d/dnsmasq', depth='1'
The log file is written as expected under /opt/var/log/dnsmasq.log but remote syslog server never sees this logs . Also notice that the permissions of this file is nobody:root which is different from existing logs admin:root.

Any clue what i might be doing wrong ?

Thanks
 

Galeriusinmood

New Around Here
Removing #log-facility=/opt/var/log/dnsmasq.log from /etc/dnsmasq.conf and starting dnsmasq manually allows the sending of the log via /opt/var/log/dnsmasq.log to remote syslog server. Until service is restarted and configs are pushed back to original :(

Also noticed that when starting the dnsmasq manually the user and group of the dnsmasq.log is admin:root instead of nobody:root .

How do i make this change permanent ? For the permissions that the log is created with ?
 

Maverickcdn

Senior Member
Removing #log-facility=/opt/var/log/dnsmasq.log from /etc/dnsmasq.conf and starting dnsmasq manually allows the sending of the log via /opt/var/log/dnsmasq.log to remote syslog server. Until service is restarted and configs are pushed back to original :(

Also noticed that when starting the dnsmasq manually the user and group of the dnsmasq.log is admin:root instead of nobody:root .

How do i make this change permanent ? For the permissions that the log is created with ?
nobody:root are processes owned/started by the router itself. Im guessing your login name is the default admin so processes you start will be owned by the user that created it.

Use a dnsmasq.postconf script to edit the dnsmasq.conf to retain changed settings on service restarts/reboots.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-config-files
 

elorimer

Very Senior Member
You are fighting diversion here, I think. If you configure diversion to log, then it appends that dnsmasq logging location to the config file, and dnsmasq will write to that log file, and diversion will rotate it and mine it for statistics. As a result, dnsmasq log entries are never sent to the locations syslog-ng reads as a source, and syslog-ng never processes messages that would meet your filter. Most people leave the dnsmasq log alone.

Now, I'm not sure what you mean by sending your syslog info to an internal syslog repo/remote syslog. Your destination definition doesn't include another syslog.

If you want to send the dnsmasq log entries (and I'm not sure why), then you could define the dnsmasq.log file as a source, and include a logging configuration that reads that source and sends log entries to the remote destination. (I think.)
 

Galeriusinmood

New Around Here
Thanks for the comments. @elorimer and @Maverickcdn


Remote syslog server is defined under syslog.d directory .

My dnsmasq under /etc/dnsmasq.conf contains a entry that i would like to remove and make it permanent. I suppose using the /jffs/scripts/dnsmasq.postconf and adding
pc_delete "string within line to delete" "config filename"

Not sure why syslog is not reading the file created under /opt/var/log/dnsmasq.log when it's configured :(
 

dave14305

Part of the Furniture
Diversion will also rotate the dnsmasq.log every day, so you may need to HUP something to reopen the file.
 

elorimer

Very Senior Member
Remote syslog server is defined under syslog.d directory .
It might be helpful if you showed us this. What you included in the OP is something else: in that file, syslog-ng is reading from the src source (that is, what otherwise would be syslog), looking to see if the program that generated the message (as it extracts it from the message) matches dnsmasq, and if it does, it writes it to the dnsmasq.log file, and then stops processing it. Nothing about that goes to a remote syslog server.

Further, as I said, diversion sets things up so that dnsmasq is not logging to anything read by the src source, and writes it directly to the dnsmasq.log file. In that fashion, there is no point to setting up syslog-ng to deal with those messages: it won't read them, it won't match them. To be honest, outside of the logging and rotating that diversion does, I don't see the point of having syslog-ng handle them, or any remote syslog server. But if you do undo dnsmasq's own logging, you will end up in almost the same place but interfere with what diversion wants to do with that file in unpredictable ways.

I say "almost the same place", because syslog-ng will add a host field in the log, which is necessary if your remote syslog server is to make sense of the different sources feeding in to it.
 

elorimer

Very Senior Member

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top