syslog-ng and Tomato - Remote logging, Tomato - custom DNS servers

Using Tomato firmware on an ASUS RT-N15U router I found it possible to use remote logging, so the router writes it's /var/log/messages log to another host.

I used the instructions from here:

On the Debian target machine to log to, do the following:

# go root
sudo bash

# install syslog-ng, which replaces original rsyslogd
apt-get install syslog-ng

# go to the config directory
cd /etc/syslog-ng/conf.d

In this directory you need to create a file called 00load-tomato - or something else.
Note that this is my suggestion, you may also edit the syslog-ng.conf in the directory below,
but as I found it quite messy I preferred using the conf.d directory, which is included by the 
config file anyway.

Fill the file with the following:

# source port
source s_router { udp(port(514)); };

# destination for log
destination d_router { file("/var/log/tomato-log-file"); };

# custom log for router logs, see reference url
log { source(s_router); destination(d_router); };

# make sure the log file exists
touch /var/log/tomato-log-file

# Restart the service:
service syslog-ng restart

On the router to be logged:
Log in to the Tomato from the web, go to Administration -> Logging.
Enable Log To Remote System, fill in the IP of the destination machine, leave port 514 if you like.
NOTE: the router may not be able to resolve hostnames, so specify IP to the target machine.

Now if everything works, you should get log messages from the router in the log file specified above.

To test this you can log in to the router using ssh:

ssh the-router-ip -u root -p (enter the password used for admin account)
logger test message

A log message should appear in the log file on the target machine. 
If not, enable local logging to /var/log/messages (or an USB memory if you want to prevent wear on the router).

To set custom DNS servers apart from the ones supplied by DHCP from the ISP, do the following, för version 1.28 of Tomato by Shibby:

Go to the web interface at the IP address and login to the router

Go to Basic, Network

In the fields at Static DNS, fill in your desired DNS servers

Go to Advanced, DHCP/DNS

Uncheck Use received DNS with user-entered DNS, to stop mixing the static DNS servers with those from the ISP

Check Use internal DNS if you want to use the router as the local DNS server

Check Intercept DNS port (UDP 53) if you want to force using the router as DNS on the network by intercepting DNS packages. Useful for programs that does not listen to the network config on the hosts.

To verify what servers that you are running, login using ssh to the router (ssh <router-ip> -l root -p in a terminal, same password as for the web page), then do cat /etc/resolv.dnsmasq.

This is a personal note. Last updated: 2017-02-13 22:38:00.







Don't forget to pay my friend a visit too. Joakim