Digi | User manual | QN34: Configuring Syslog alerting on a TransPort router
Add to my manuals
13 Pages
advertisement
Quick Note 34
Configuring Syslog alerting on a TransPort router
TransPort Support
March 2013
1
Contents
2
1 INTRODUCTION
1.1 Outline
This document contains information regarding the configuration and use of syslog alerting.
All Digi TransPort products contain an event log. Whenever the Digi TransPort firmware does any significant operation an event is stored in the event log. Each event can be used to trigger an automatic email, SNMP trap, syslog alert or on products with GPRS an SMS message.
1.2 Assumptions
This guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application.
This application note applies to;
Models shown: Digi TransPort WR21.
Other Compatible Models: All Digi TransPort products.
Firmware versions: 5.146 or newer.
Configuration This Application Note assumes that the Digi TransPort product has a PPP instance configured to connect to the Internet and is connected to a LAN. Alerts will be configured to notify a LAN connected syslog server when the PPP connection on the WAN interface changes its UP/DOWN status.
1.3 Corrections
Requests for corrections or amendments to this application note are welcome and should be addressed to: [email protected]
Requests for new application notes can be sent to the same address.
1.4 Version & Revision History
Version Number
1.0 Published
Status
3
2 CONFIGURATION
2.1 Configuring the Event Logcodes
First it is necessary to choose which events should trigger the syslog alerts.
The Event logcodes are configured from Configuration - Alarms > Event Logcodes. The list of events and trigger priorities is held in a file called logcodes.txt, when the event logcodes are changed the changes will not appear in the config.da0 or logcodes.txt files, but are stored in the logcodes.dif file once the changes have been saved.
In order to send a syslog alert when a particular event occurs, the Alarm Priority for the event should be changed. There can be a number of reasons for each event. Each event can be configured with a global
Alarm Priority which applies to all the reasons. It is also possible to override the global event Alarm Priority with a different Alarm Priority for each reason.
In the example below the Event 5 “%e %a down” will be used to trigger a syslog alert when PPP 1 is down and E vent 153 “PPP 1 up” will be used to trigger a syslog alert when PPP 1 is up.
Navigate to Configuration - Alarms > Event Logcodes
The following table describes the meaning of each column.
Parameter Description
Event A numerical value that represents the event
Description
Filter
Event Priority
Reasons
Reason Priority
The main description of the event.
If the Filter is ON, this event will not be logged.
The priority that the event currently has assigned. This is the alarm priority.
The reason that the event is triggered.
The priority that the reason currently has assigned. This is the alarm priority.
4
Click on the %e %a down event (event number 5).
On the following page, configure the Alarm Priority and Syslog Priority. The Syslog Priority and Facility can be used to send different types of alerts to different Syslog servers based on priority and facility, this application note will only be sending alerts to one server, so the Syslog Priority is changed only for the purpose of showing the process.
Parameter
Alarm Priority
Click Apply
Syslog Priority
Setting
9
Alert
Description
Change the Alarm Priority to 9, this will be used later.
Change the Alarm Priority to Alert, this is in the info sent to the Syslog server.
5
R epeat the process for Event 153, ‘PPP 1 up‘
Click Apply
At the top of the screen, click ‘Save All Event Code Changes’ to save the changes to the logcodes.dif file.
6
2.2 Configuring the Event Settings
In the Event Handler, the syslog alarm priority (Send a Syslog message when the alarm priority is at least) should be set to a number the same or higher than the alarm priority configured for the event in the previous steps. If the alarm priority on the Event Settings page is set to 9, then every event (or event reason) with an alarm priority of 9=> will trigger a syslog alert. i.e. 9, 10, 11, 12....
Navigate to Configuration - Alarms > Event Settings, expand the Syslog Messages section and configure the following parameters:
Description
Check the “Send Syslog messages” box to display the Syslog settings.
Setting Parameter
After power up, wait nn seconds before sending Emails, SNMP traps, SMS or Syslog messages
5
Delay in seconds, after power up, before alerts will be sent.
Send Syslog messages Checked
Send a Syslog message when the alarm priority is at least nn
Send a maximum of nn Syslog messages per day
9
100
After configuring these parameters, click Apply.
Enables syslog alerting
Events with an alarm priority equal or greater than this number will trigger an alert.
The maximum number of alerts to send per day, this counter is reset at midnight.
7
2.3 Configure Syslog server 0
Scroll down the page a little and expand the section titled Syslog Server 0.
Configure the IP address of the Syslog server, this is where the alerts will be sent to. The port number for
Syslog is UDP 514, this should be entered as 514 in the Port field.
Some TransPort routers also support TCP mode and RFC3195 mode, the options are not shown here.
If there were multiple Syslog servers available, it would be possible by using the tick boxes on this page to only alert the specified syslog server when the selected facilities and priorities match what was configured for the event in section 2.1. Since this application note only uses one syslog server, all boxes remain checked.
Parameter
Syslog Server IP Address
Setting
10.1.51.1
Description
The IP address of the syslog server.
Port 514 The port that the syslog server is listening on.
After configuring these parameters, click Apply, then save the configuration to flash.
8
3 SYSLOG SERVER SOFTWARE
There are plenty of network monitoring applications with syslog capabilities. The software used in this application note is Tftpd64, there is also a 32 bit version called Tftpd32. This software has a bundled Syslog server.
Run the syslog server software (Tftpd64 shown), ensure it is listening on port 514 and if there is a firewall configured on the PC make sure it is allowing inbound UDP 514 traffic.
4 TESTING
To test that the Digi TransPort is configured correctly, the PPP interface should be deactivated and allowed to reconnect.
Navigate to Management - Connections > PPP Connections > PPP 1 and click on Drop Link. Note that the connection to the internet will disconnect for a few seconds.
When the PPP link is dropped, this will create an event in the event log and a syslog alert will also be triggered. When the PPP link comes back up, another syslog alert will be sent.
9
This shows the syslog alerts on the syslog server, including the time stamp, the source IP address of the alert and the reason for the alert.
The events in Management - Event Log will look similar to this, the 2 events that triggered the syslog alert are shown in red for clarification, colouring of text in the actual event log does not happen.
14:26:14, 13 Mar 2013,Default Route 0 Available,Activation
14:26:14, 13 Mar 2013,PPP 1 Available,Activation
14:26:14, 13 Mar 2013,PPP 1 up
14:26:11, 13 Mar 2013,PPP 1 Start IPCP
14:26:11, 13 Mar 2013,PPP 1 Start AUTHENTICATE
14:26:11, 13 Mar 2013,PPP 1 Start LCP
14:26:11, 13 Mar 2013,PPP 1 Start
14:26:11, 13 Mar 2013,Modem connected on asy 4
14:26:11, 13 Mar 2013,Modem dialing on asy 4 #:*98*1#
14:26:08, 13 Mar 2013,Modem disconnected on asy 4,Normal Breakdown
14:26:06, 13 Mar 2013,Default Route 0 Out Of Service,Activation
14:26:06, 13 Mar 2013,PPP 1 Out Of Service,Activation
14:26:05, 13 Mar 2013,PPP 1 down,WEB request
The number of syslog messages sent by the router since midnight can be checked by navigating to
Configuration - Alarms > Event Settings, the number of messages sent is shown in the Syslog Messages section. This is the total number of alerts sent by all configured syslog instances, 0, 1, 2, 3 & 4 (if configured).
10
5 CONFIGURATION FILES
5.1 Digi TransPort Configuration Files
This is the relevant parts of the config.da0 file: ss237424>config c show eth 0 IPaddr "10.1.51.21" eth 0 mask "255.255.0.0" eth 0 gateway "10.1.2.100" ip 0 cidr ON def_route 0 ll_ent "ppp" def_route 0 ll_add 1 syslog 0 server "10.1.51.1" syslog 0 port 514 ppp 0 timeout 300 ppp 1 name "W-WAN" ppp 1 phonenum "*98*1#" ppp 1 username "bt" ppp 1 epassword "Ois=" ppp 1 IPaddr "0.0.0.0" ppp 1 timeout 0 ppp 1 use_modem 1 ppp 1 aodion 1 ppp 1 autoassert 1 ppp 1 ipanon ON ppp 1 r_chap OFF ppp 3 defpak 16 ppp 4 defpak 16 modemcc 0 asy_add 4 modemcc 0 info_asy_add 2 modemcc 0 init_str "+CGQREQ=1" modemcc 0 init_str1 "+CGQMIN=1" modemcc 0 apn "btmobile.bt.com" modemcc 0 link_retries 10 modemcc 0 stat_retries 30 modemcc 0 sms_interval 1 modemcc 0 sms_concat 0 modemcc 0 init_str_2 "+CGQREQ=1" modemcc 0 init_str1_2 "+CGQMIN=1" modemcc 0 apn_2 "Your.APN.goes.here" modemcc 0 link_retries_2 10 modemcc 0 stat_retries_2 30 cmd 0 unitid "ss%s>" cmd 0 cmdnua "99" cmd 0 hostname "digi.router" cmd 0 asyled_mode 2 cmd 0 ent_name "sarian" cmd 0 tremto 1200 user 0 access 0 user 1 name "username" user 1 epassword "KD5lSVJDVVg=" user 1 access 0 user 2 access 0 user 3 access 0 user 4 access 0 user 5 access 0 user 6 access 0 user 7 access 0 user 8 access 0 user 9 access 0 local 0 transaccess 2 event 0 syslog_max 100
11
event 0 syslog_trig 9 event 0 action_dly 5 ssh 0 hostkey1 "privSSH.pem" ssh 0 nb_listen 5 ssh 0 v1 OFF
Power Up Profile: 0
OK
This is the contents of the logcodes.dif file, manual configuration of the logcodes.dif is outside the scope of this application note, if further instruction is required please contact [email protected]:
E5,9 sp=1,
E153,9 sp=1,
5.2 Digi TransPort Firmware Versions
This is the firmware \ hardware information from the unit:
Digi TransPort WR21-U82B-DE1-XX Ser#:237424
Software Build Ver5169. Feb 27 2013 02:47:07 WW
ARM Bios Ver 6.91u v43 454MHz B987-M995-F80-O8001,0 MAC:00042d039f70
Async Driver Revision: 1.19 Int clk
Ethernet Hub Driver Revision: 1.11
Firewall Revision: 1.0
EventEdit Revision: 1.0
Timer Module Revision: 1.1
(B)USBHOST Revision: 1.0
L2TP Revision: 1.10
PPTP Revision: 1.00
TACPLUS Revision: 1.00
MODBUS Revision: 0.00
RealPort Revision: 0.00
MultiTX Revision: 1.00
LAPB Revision: 1.12
X25 Layer Revision: 1.19
MACRO Revision: 1.0
PAD Revision: 1.4
X25 Switch Revision: 1.7
TPAD Interface Revision: 1.12
GPS Revision: 1.0
SCRIBATSK Revision: 1.0
BASTSK Revision: 1.0
PYTHON Revision: 1.0
IDIGISMS Revision: 1.0
TCP Revision: 1.14
TCP Utils Revision: 1.13
PPP Revision: 1.19
WEB Revision: 1.5
SMTP Revision: 1.1
FTP Client Revision: 1.5
FTP Revision: 1.4
IKE Revision: 1.0
PollANS Revision: 1.2
PPPOE Revision: 1.0
BRIDGE Revision: 1.1
MODEM CC (GOBI UMTS) Revision: 1.4
FLASH Write Revision: 1.2
Command Interpreter Revision: 1.38
SSLCLI Revision: 1.0
OSPF Revision: 1.0
BGP Revision: 1.0
QOS Revision: 1.0
PWRCTRL Revision: 1.0
12
RADIUS Client Revision: 1.0
SSH Server Revision: 1.0
SCP Revision: 1.0
CERT Revision: 1.0
LowPrio Revision: 1.0
Tunnel Revision: 1.2
OVPN Revision: 1.2
QDL Revision: 1.0
WiMax Revision: 1.0 iDigi Revision: 2.0
OK
13
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement