Problems logging to external syslog server

Hi - I’m new to FreePBX (and Linux). We’ve bought a Sangoma FreePBX 60 to run the phones at our private nursing home. I’ve got everything working nicely but we’ve had two instances of extended downtime on our SIP trunk - so far unexplained. First time, the trunk de-registered and was timing out trying to re-register until I rebooted the router (Draytek 2960). Second time, the trunk de-registered and received 486 “Busy Here” when it tried to re-register (but succeeded after about 30mins). In order to track down this problem I’ve agreed with the trunk supplier to supply complete PBX and router logs if/when it happens again - so I’ve set up PRTG Network Monitor to collect and combine logs from everything.

But… the logs being received from the FreePBX box are peppered with messages like this:

syslog: unknown facility/priority: 405

I’m now cross-eyed from googling this! I understand that there’s a bug in glibc that may be the cause of my woes, and that asterisk has (on Mar 25 2016) patched main/logger.c

/* Don't use LOG_MAKEPRI because it's broken in glibc<2.17 */
syslog_level = facility | syslog_level; /* LOG_MAKEPRI(facility, syslog_level); */

I assume it would be some time before that patch appears in my system, so my question is: is there some other way I can get around this? Could I, for example, update glibc (to >2.17) without breaking anything?

A further (and perhaps related) problem is with controlling what is sent to the remote server. I have:

syslog.local0 => dtmf,error,notice,warning,security,verbose(10)

in logger_logfiles_custom.conf and

*.* <tab> @10.0.1.42:514

in rsyslog.conf - at the syslog server I’m getting the OS logs from the box itself and only SECURITY messages (plus the “unknown” messages) from FreePBX. If I try

local0.* <tab> @10.0.1.42:514

then I get nothing at all at the other end. Am I misunderstanding something?

EDIT: actually - I am getting all the messages from FreePBX, so scratch that part of the problem. I’m still curious, though, as to why local0. doesn’t work. (This page suggests it should)*

Any help/pointers will be much appreciated.

Thanks :heart_eyes:
Jeremy

Bump…

Nobody? Surely, many people must have remote logging working cleanly? I’ve seen many people asking about this but I’ve never seen any clear explanation (i.e. one that doesn’t assume command line ninja status). Frankly, I find it a little surprising that this facility isn’t built in to FreePBX - it’s not even mentioned in the documentation. Every other piece of kit I have (routers, managed switches, etc.) has GUI settings to specify IP address and port for an external log server.

117 views and no responses - can someone please put me out of misery… tell me I’ve asked a dumb question or I’ve asked it in the wrong place.

It’s more that it’s a base Unix question, and the syslogd configuration is OS (and syslog) specific. The man pages for your base OS install should give you all the information you need.

It is kind of a basic question and outside the scope of what most phone people do.

You have to set up the “catcher” to receive traffic from the log service on your phone server, and you have to set up the “thrower” to correctly send the right traffic to your catcher. Also, there may be limitations placed in your way by the local firewall (if you have one) on either of the servers. There are also allow/deny rules that you may or may not need to configure.

Finally, personally, I can’t really offer you much in the way of support. My log server is a NetBSD based system as are most of the servers in my network. I’ve never set up a Linux server to talk to Berkeley’s syslogd, although all of my Berkeley servers are set up to do this.

Thanks, Dave. I don’t mind at all being told - it was the silence that was killing me :wink:

I’ll try to get answers in other forums on the OS-specific issues. But I guess I buried a FreePBX-specific issue in too much verbiage for it to stand out. I appreciate that the majority of users are using the Distro on a variety of OS bases. But the FreePBX appliances (like the FreePBX 60 I bought) are using CentOS with a number of “not the latest version” components: specifically, here, rsyslog (v5.8, the current being v8.18) and glibc (v2.12, the current being v2.23). The bug I mentioned in glibc messes up remote logging (as described), so even if I can get the remote link straightened out, I’m still going to get all those “unknown facility/priority messages”. I was hoping some people around here would be interested in that (and be able to offer me a work-around).

Nope - I’ve done some more research - turns out this IS the right place to me to ask for help. The FreePBX appliance I bought contains the FreePBX Distro, which (I now understand) is a complete OS plus Asterisk plus FreePBX GUI. Furthermore, I now realise that the OS is a “Schmooze special”. Since the problem I have is (I believe) related to the version of glibc within this custom OS, I believe I’m asking in the right place - so I remain hopeful :slight_smile:

Yep, it is. Sorry, I missed this one. OK, so let’s revisit. You want to send syslog messages off to another server.

Yes. But I wouldn’t really call it a “special”. It’s just CentOS that’s been rebranded (we have to rebrand it, legally, as we’re changing some packages that we distribute, and we’re no longer allowed to call it CentOS).

Now, I think the important question is this:

That looks like it should work to me, too.

It’s in the 13.9 branch, which is currently at beta-2. We don’t know when Asterisk will release their next version, but we try to update our RPMS quickly!

I’m pretty sure that will break EVERYTHING, but it would be a fun thing to try on a sacrificial system! 8)

If you really wanted to, you could build your own asterisk RPMs, but honestly I’d just put up with the errors in the log, or filter them out with a simple script.

HOWEVER (and look at me jumping around here)

Turn off any ‘nat helpers’ in the router. If your provider supports TLS for SIP Signalling, that will also resolve the issue. Your problem is caused by your router thinking it knows better than you. This is rarely correct 8)

Thank you. Rob.

  • I’ll look into the local0 issue, but it’s now less important because of the next point.
  • I had thought that I was getting those “unknown” messages INSTEAD OF real ones, but after comparing the source and the remote, I finally realised that they are IN ADDITION TO the real ones, i.e. for each actual message I get one “unknown”. I’ve set a filter on the syslog receiver to drop them.
  • Regarding my original registration timeout issue - your response prompted me to re-examine my router settings. I had turned off SIP ALG when I first set up the router. Much later, I set up QoS in the router (Draytek 2960) - I used a convenient built-in option to “auto-set” priority for SIP/RTP - turns out that that setting silently re-engages SIP ALG (in a completely different location in the GUI) :rage:.
  • I’ll check with our provider on Monday about TLS - seems like a good idea anyway.

Thanks again for your attention - and to all you guys for a wickedly good product.

J

1 Like