To be able to keep some log history of my OpenWRT based router, I want to send its output to a remote syslog server.

Fortunately I have another machine that is running 24/7, so I don't have to send it over the WAN link to one of my servers in the datacenter. My HTPC is running Gentoo Linux, and I configured syslog-ng as syslog daemon.

Now, by default, syslog-ng does not listen on the "Well Known" syslog port, so we have to configure it to do so. Start with adding a new source to syslog-ng.conf:

source syslog_udp {
        udp(port(514));
};

We also need to configure a destination, a file in this case, where syslog-ng will write logging information received on the syslog port:

destination df_wrt0 {
        file("/var/log/remote/wrt0.log");
};

That's that. Now if we would configure a log target, using syslog_udp as source, and df_wrt0 as destination, all logging for all machines that send their info to the IP address of this machine will be written into a single file. To configure this behavior, add this to syslog-ng.conf:

log {
        source(syslog_udp);
        destination(df_wrt0);
}

The above is fine if you have only one machine doing remote syslogging, but if you have several machines, you might want to put every machine's log in a different file. To do so, we have to create a filter with the source IP for that machine (in my case my router's IP):

filter f_wrt0 {
        host("192.168.50.254");
};

To activate the above filter, modify the log target so it looks like this:

log {
        source(syslog_udp);
        filter(f_wrt0);
        destination(df_wrt0);
}

Now, if you would send logging info from a machine for which you didn't configure a filter, that would never be written to any file. In this case, you might want to create a general destination, and create a log target without filter that writes to that general destination (note that all logging for all hosts will be written here).

Happy logging :-)