Synology usage series 31 – Capturing Tomato Router Logs using syslog-ng


Since NAS is running 24×7, it is the best device to capture my tomato router logs.

Install and Setup Syslog-ng

  1. Login to NAS using ssh/telnet as root
  2. install syslog-ng

    #ipkg install syslog-ng

    The glib and eventlog packages should be installed by ipkg as well.

  3. Backup syslog-ng configuration

    #cd /opt/etc/syslog-ng
    #mv syslog-ng.conf syslog-ng.conf.bak

  4. Create configuration file

    # vi /opt/etc/syslog-ng.conf

    Below is my syslog-ng configuration to capture only the tomato router log


    options { long_hostnames(off); sync(0); };

    source src{
    internal();
    udp(port(5140));
    };

    destination tomatolog { file("/opt/var/log/tomato.log"); };

    log {
    source(src); destination(wrt54glog);
    };

    I’m using 5140 udp port, change to your own preferred port.

  5. Run the syslog-ng server

    # /opt/etc/init.d/S01syslog-ng start

  6. If you have enabled the NAS firewall, you need to insert a firewall rule to allow the inbound logging traffic from the tomato router.

    Open a browser and go to the NAS control panel. Navigate to Control Panel / Firewall section. Click ‘Create’ button to create a new firewall rule.

    Ports:
    Custom Port Type: Destination port
    Protocol: UDP
    Ports: 5140

    Source IP
    IP address: [IP address of tomato router, i.e. 192.168.1.1]

    Action
    Allow

Setup Tomato Router

  1. Open a browser and go to tomato admin page
  2. Navigate to Administration / Logging page
  3. Unclick the ‘Log Internally’
    Click the ‘Log To Remote System’
    Input the NAS IP address and syslog-ng port (which is 5140 defined in the syslog-ng.conf file)
    Choose the event(s) you want to capture.
    Input ‘0’ in the limit textbox.
    Click ‘Save’ button.

The router log is configured to /opt/var/log/tomato.log.





One thought


  1. nice tutorial, however your script has an small error, here is a correct one for ubuntu:

    options { long_hostnames(off); sync(0); };

    source src{
    internal();
    udp(port(5140));
    };

    destination tomatolog { file(“/opt/var/log/tomato.log”); };

    log {
    source(src); destination(tomatolog);
    };

    Note that you define a destination tomatolog, but then you refer to wrt54glog, which is not defined.

Leave a Reply

Your email address will not be published. Required fields are marked *