How to tell if my Unifi remote logging is working?

S

S-F

Gawd
Joined
Aug 5, 2010
Messages
671
I have enabled remote logging on my Unifi controller and have a syslog server set up on the same machine but I'm seeing no entries on the server. I have tried setting the controller to both the IP address of the machine and to 127.0.0.1 to no avail. So I'm wondering if there is a way to see if the controller is actually sending the information? I can get my DD-WRT router to log to the syslog server so I'm inclined to think it's either an issue with the controller and the server being on the same machine or that the controller isn't sending the logs for some reason.

Any ideas?
 
Well I'm using WHS 2011 and it has a built in firewall. But does that even matter since the controller and server are on the same machine?

EDIT:

I tried turning the firewall plain off and it's still not working.
 
I fired up wireshark on my PC and filtered for UDP traffic on port 514 ad saw nothing. I then changed the port IP Address to a different PC (that doesn't have a syslog server, but whatever) and immediately I saw traffic. So I installed the Unifi controller on a different PC and pointed it to my PC and again I saw a bunch of traffic in wireshark but still nothing appeared in the syslog viewer. None of this does anything to enlighten me but I'd figure I'd throw it out there in case someone else can find a clue. I'm posting the same information on the Unifi forum but responses are pretty sparse there as well. Are there some inherent issues with running a syslog server on the same machine as whatever is generating the logs?
 
Pinski said:
Wireshark only sees what data is going over the network card. If you're using 127.0.0.1 then you need to monitor the loopback.

http://wiki.wireshark.org/CaptureSetup/Loopback

It sounds like your syslog server isn't setup correctly.
Click to expand...

I'm not sure how my syslog server could be set up incorrectly. It really doesn't have too many options. Only enable, log level, bind to ip address and UDP port. I left the bind to ip address blank as this is supposed to allow connections from any ip address and the UDP port is set to the same as the Unifi controller, 514.
I certainly can't be the only person who has tried running a syslog server on the same machine as the log generating application. Are there any other possibilities?
 
I have discovered that the syslog messages aren't sent form the controller but from the PA's themselves so they will even continue to send the logs if the controller is offline. SO my issue has nothing to do with where the controller is running. I have wireshark running on the PC in question and it's picking up all of the messages it should but still nothing appears in my syslog server. Could there be a firewall issue here? It seems odd that wireshark can see the traffic but not the server. Wold wireshark still pick up the traffic if the firewall were blocking it?
 
You must log in or register to reply here.
Back
Top