Question Rsyslog - Remote server for AsusMerlin

Toggle sidebar Toggle sidebar
9

93boba

Distinguished
Nov 24, 2015
122
3
18,715
Code: 
version: '3'

services:
rsyslog:
image: aguslr/rsyslog
container_name: rsyslog
build:
context: .
restart: unless-stopped
volumes:
- ./logs:/var/log/supervisord 
ports:
- 514:514/tcp
- 514:514/udp


kibana:
image: docker.elastic.co/kibana/kibana:7.17.0
ports:
- 5601:5601
environment:
SERVER_NAME: xxx
ELASTICSEARCH_HOSTS: [url=http://es01:9200]http://es01:9200[/url]
SERVER_PUBLIC_BASEURL: xxx
networks:
- elastic
depends_on:
- es01

es01:
image: elasticsearch:7.17.20
user: "1000:1000"
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /home/ubuntu/portainer/elasticsearch/data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic

volumes:
data01:
driver: local

networks:
elastic:
driver: bridge

This is my docker compose and rsyslog dont wrok..... Im trying to use is as remote server for logs for Asus Merlin. VPS is arm64... Please guys, give me a solution.
PS
I suppose that anything other than rsyslog wont work with merlin because merlin is using rsyslog... I tried syslog-ng w/o success.
 
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
36,831
3,752
146,290
Update your post to provide more information about the operational setting, the devices involved, and exactly what you are trying to accomplish.

Specific requirements?

What error message etc., if any, are presented when your code fails?
 
  • Like
Reactions: 93boba
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
38,045
3,559
156,790
93boba said:
Code: 
version: '3'

services:
rsyslog:
image: aguslr/rsyslog
container_name: rsyslog
build:
context: .
restart: unless-stopped
volumes:
- ./logs:/var/log/supervisord
ports:
- 514:514/tcp
- 514:514/udp


kibana:
image: docker.elastic.co/kibana/kibana:7.17.0
ports:
- 5601:5601
environment:
SERVER_NAME: xxx
ELASTICSEARCH_HOSTS: [url=http://es01:9200]http://es01:9200[/url]
SERVER_PUBLIC_BASEURL: xxx
networks:
- elastic
depends_on:
- es01

es01:
image: elasticsearch:7.17.20
user: "1000:1000"
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /home/ubuntu/portainer/elasticsearch/data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic

volumes:
data01:
driver: local

networks:
elastic:
driver: bridge

This is my docker compose and rsyslog dont wrok..... Im trying to use is as remote server for logs for Asus Merlin. VPS is arm64... Please guys, give me a solution.
PS
I suppose that anything other than rsyslog wont work with merlin because merlin is using rsyslog... I tried syslog-ng w/o success.
Click to expand...
Is there any firewall ?
Does the container host have a separate IP address?
 
  • Like
Reactions: 93boba
9

93boba

Distinguished
Nov 24, 2015
122
3
18,715
Ralston18 said:
Update your post to provide more information about the operational setting, the devices involved, and exactly what you are trying to accomplish.

Specific requirements?

What error message etc., if any, are presented when your code fails?
Click to expand...
kanewolf said:
Is there any firewall ?
Does the container host have a separate IP address?
Click to expand...
https://pastebin.com/rxkPt0VU (logs)

I would like to display logs real time on dashboard and keep an eye from time to time. Machine is arm64 (Ubuntu 22.04.4)and its on a different network (different from Asus Merlin). I guess exposing 514 udp is not a big deal? Anything that streamlines process and allows me to monitor logs on homepage works for me... Thank you guys.
 
Last edited:
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
36,831
3,752
146,290
Not sure that I understand the environment (full disclosure) but why not just a dual monitor system?

Maybe a remote login to a computer on the other network with the required remote computer's dashboard/monitored logs display presented on the local computer's second monitor?

Just thinking out loud....

A simple sketch of the computers, networks, etc. would be helpful to present the requirements.
 
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
38,045
3,559
156,790
93boba said:
https://pastebin.com/rxkPt0VU (logs)

I would like to display logs real time on dashboard and keep an eye from time to time. Machine is arm64 (Ubuntu 22.04.4)and its on a different network (different from Asus Merlin). I guess exposing 514 udp is not a big deal? Anything that streamlines process and allows me to monitor logs on homepage works for me... Thank you guys.
Click to expand...
What does "different network" mean?
The syslog server is not in the LAN subnet of the router?
Are you trying to send syslog thru the WAN interface?
Is the syslog server pingable from the router interface?
 
L

lantis3

Distinguished
Nov 5, 2015
856
146
19,070
If I understand it correctly, OP is running VPS Ubuntu 22 on the cloud with rsyslog container and he wants to send Asus home router's syslog to the Ubuntu's rsyslog container, but display the log on Asus router's dashboard?
 
9

93boba

Distinguished
Nov 24, 2015
122
3
18,715
lantis3 said:
If I understand it correctly, OP is running VPS Ubuntu 22 on the cloud with rsyslog container and he wants to send Asus home router's syslog to the Ubuntu's rsyslog container, but display the log on Asus router's dashboard?
Click to expand...
kanewolf said:
What does "different network" mean?
The syslog server is not in the LAN subnet of the router?
Are you trying to send syslog thru the WAN interface?
Is the syslog server pingable from the router interface?
Click to expand...
Ralston18 said:
Not sure that I understand the environment (full disclosure) but why not just a dual monitor system?

Maybe a remote login to a computer on the other network with the required remote computer's dashboard/monitored logs display presented on the local computer's second monitor?

Just thinking out loud....

A simple sketch of the computers, networks, etc. would be helpful to present the requirements.
Click to expand...
VPS Ubuntu 22 on Cloud with rsyslog container and I want to send Asus home router's syslog to the Ubuntu's rsyslog container, and to display logs on my Homepage Dashboard which is also on VPS Ubuntu 22 on Cloud.

I had someone trying to brute force in my OpenVPN for quite some time, and I saw logs few days ago.. Just want to keep an eye on everything.
 
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
38,045
3,559
156,790
93boba said:
VPS Ubuntu 22 on Cloud with rsyslog container and I want to send Asus home router's syslog to the Ubuntu's rsyslog container, and to display logs on my Homepage Dashboard which is also on VPS Ubuntu 22 on Cloud.

I had someone trying to brute force in my OpenVPN for quite some time, and I saw logs few days ago.. Just want to keep an eye on everything.
Click to expand...
Is there a VPN between the router and this cloud host or are you trying to send to the public IP of the cloud host ?
 
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
38,045
3,559
156,790
93boba said:
Code: 
version: '3'

services:
rsyslog:
image: aguslr/rsyslog
container_name: rsyslog
build:
context: .
restart: unless-stopped
volumes:
- ./logs:/var/log/supervisord
ports:
- 514:514/tcp
- 514:514/udp


kibana:
image: docker.elastic.co/kibana/kibana:7.17.0
ports:
- 5601:5601
environment:
SERVER_NAME: xxx
ELASTICSEARCH_HOSTS: [url=http://es01:9200]http://es01:9200[/url]
SERVER_PUBLIC_BASEURL: xxx
networks:
- elastic
depends_on:
- es01

es01:
image: elasticsearch:7.17.20
user: "1000:1000"
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /home/ubuntu/portainer/elasticsearch/data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic

volumes:
data01:
driver: local

networks:
elastic:
driver: bridge

This is my docker compose and rsyslog dont wrok..... Im trying to use is as remote server for logs for Asus Merlin. VPS is arm64... Please guys, give me a solution.
PS
I suppose that anything other than rsyslog wont work with merlin because merlin is using rsyslog... I tried syslog-ng w/o success.
Click to expand...
Since you mention that you are using Merlin firmware have you posted this question to the Merlin forum over at smallnetbuilder.com ?
 
  • Like
Reactions: 93boba
9

93boba

Distinguished
Nov 24, 2015
122
3
18,715
kanewolf said:
Since you mention that you are using Merlin firmware have you posted this question to the Merlin forum over at smallnetbuilder.com ?
Click to expand...
I did...
kanewolf said:
Is there a VPN between the router and this cloud host or are you trying to send to the public IP of the cloud host ?
Click to expand...
No, im trying to send public IP.. I could setup tailscale but I really don't want to due to security concerns
 
fred0r

fred0r

Apr 21, 2024
3
1
10
@93boba
(r)syslog transfer is not crypted, since you seem to take care of security.
kanewolf said:
Is there a VPN between the router and this cloud host or are you trying to send to the public IP of the cloud host ?
Click to expand...
you should enable some sort of 'vpn' between these hosts - maybe just tunnel through ssh.
 
  • Like
Reactions: 93boba
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom