Introduction

This page is intended to show you how to set up audible, centralized, remote system logging on your computers. In other words, I am going to show you how to set this up on a mixture of Ubuntu 7.04 Desktop and Server editions and a couple XP Computers. As of witting this, I am unable to forward logs from the XP computers to the linux syslogd daemon, (the logging "program" for Ubuntu Linux.) and it should be added if you know how to do this.

In simple terms we are going to remotely log every event from 3 computers to one single file (for easy sequential reading, and to keep the voices from overlapping or getting out of order). We are then going to use tail and awk to evaluate log events and produce a sting for espeak to execute. I find it rather usefull for high-risk and general "need-to-know" log events on all your computers without reading anything from the screen or printing large amounts of paper logs for review.

You can do this on one computer, simply start with the section titled "Make one log".

Even though I will go over the steps needed for this to work, I am spanning multiple commands for linux. Please refer to the man pages for syslogd, tail, awk, and espeak respectively for additional help.

You should not need to use apt-get at all for this unless you used an alternate install disk.

Configure receiving syslogd

syslogd (sysklogd) is the daemon that preforms a majority of the logging on Ubuntu Linux. We need to configure each computer to send every log it gets to a main computer, for the sake of this example I recommend desktop mainly because I have not completed testing this set up on a server, and it would be rather complicated to get the same results.

Open port 514

We first need to set up our main syslogd on a Ubuntu 7.04 Desktop, though this may work for other versions as well. We want this syslogd to not only recieve logs from other computers and put them all in one file. First thing we want to do is enable port 514/udp so syslogd can listen for logs from remote computers. To do this we need to backup and edit the /etc/services file like so:

#To make a backup:
sudo cp /etc/services /etc/services.backup

#To edit
sudo gedit /etc/services

By default, Ubuntu 7.04 Desktop does not have port 514 open. Check to be sure it is not already on the list before you add the following:

syslog          514/udp                 # Syslogd Port

and then save the file. If you already have port 514 listed in your services file then you might want to check what is using it because it might be a problem.

Set -r Options

Regardless of how you control the audio portion of this tutorial, you are still going to want your logs going somewhere. By default Ubuntu 7.04 does not load syslogd in receive mode. This means that the computer that runs the syslogd in receive mode needs to automatically load the -r switch.

We need to backup and edit /etc/init.d/sysklogd. NOTE sysklogd is not a typo.

#To make a backup:
sudo cp /etc/init.d/sysklogd /etc/init.d/sysklogd.backup

#To edit:
sudo gedit /etc/init.d/sysklogd

Assuming you have not modified this file already, then you should see a block like this start near Line 21:

21:# Options for start/restart the daemons
22:#   For remote UDP logging use SYSLOGD="-r"
23:#
24:SYSLOGD="-s syslog"

Simply change Line 24 to:

24:SYSLOGD="-r"

then save and exit the file. We will restart sysklog in the next section, but doing it now wont hurt anything.

should not produce an error at all.

Make one log

I decided it was best to put everything in one log for the sake of simplicity mainly, and because I had some issues with overlapping voices and events being spoken out of order. Plus, we can output this file in text only for use on a server or a computer without sound. NOTE if you dont have sound or server, you probably shouldnt bother doing this unless you want all of your logs in one file on one computer.

to put all the logs in one file is actually really simple, simply back up and edit /etc/syslog.conf like this:

#To make a backup:
sudo cp /etc/syslog.conf /etc/syslog.conf.backup

#To edit:
sudo gedit /etc/syslog.conf

Now delete everything and replace with this:

# Sample syslogd configuration file to
# messages to a remote host forward all.
*.*            /var/log/alllogs

NOTE: you can replace "/var/log/alllogs" with any name of your choice, just substitute "/var/log/alllogs" for your choice for the rest of the examples.

Now simply restart the sysklogd and networking daemons so it is listening for logs from remote computers and logging them to one file, type:

sudo /etc/init.d/networking restart
sudo /etc/init.d/sysklogd restart

Configure other syslogd's

Next we need to get the other computer to send there logs to the computer we just set up to receive logs. First what you need to do is enable the syslogd port on each computer you want sending its logs. To do this we need to back up and edit /etc/services on each of these computers like so:

Open port 514

We first need to set up our main syslogd on a Ubuntu 7.04 Desktop, though this may work for other versions as well. We want this syslogd to not only recieve logs from other computers and put them all in one file. First thing we want to do is enable port 514/udp so syslogd can listen for logs from remote computers. To do this we need to backup and edit the /etc/services file like so:

#To make a backup:
sudo cp /etc/services /etc/services.backup

#To edit
sudo gedit /etc/services

By default, Ubuntu 7.04 Desktop does not have port 514 open. Check to be sure it is not already on the list before you add the following:

syslog          514/udp                 # Syslogd Port

and then save the file. If you already have port 514 listed in your services file then you might want to check what is using it because it might be a problem.

Define the log host

What we need to do now is define the host for system logs. Just open up your /etc/hosts file and add the information for the main logging computer we set up first. To do this just backup and edit /etc/hosts like this:

#To make a backup:
sudo cp /etc/hosts /etc/hosts.backup

#To edit on Ubuntu Desktop 7.04
sudo gedit /etc/hosts
#To edit on Ubuntu Server 7.04
sudo nano /etc/hosts

The first two lines in this file contain helpful information to adding your host properly. Simply add the IP and Host Name for the main logging computer to this file then save and exit. The Host Name will be used in the next section.

Forward all logs

Now that we have all the pieces in place to receive the logs we just need to send them all over to the main logging computer. To do this we need to backup and edit the /etc/syslog.conf file on each of the computers that need to send there logs like this:

#To make a backup:
sudo cp /etc/syslog.conf /etc/syslog.conf.backup

#To edit on Ubuntu Desktop 7.04
sudo gedit /etc/syslog.conf
#To edit on Ubuntu Server 7.04
sudo nano /etc/syslog.conf

Now delete everything and replace it with:

*.*        @log-host #log-host should be the host you just defined in the last section.

Next, restart the sysklogd and networkings service like this:

sudo /etc/init.d/networking restart
sudo /etc/init.d/sysklogd restart

Testing changes

On the main logging computer that you set up first run this command:

clear; tail -f -n1 /var/log/alllogs

This will clear the screen and write the last line of the main log file. Restart one of the computers and watch the output from tail.

Play with esound

esound is a handy little text to speech program that is installed on Ubuntu Desktop by default. If you don't have it, you should go get it. Start with a little hello like this:

esound "hello"

Your computer should say hello. If you don't hear anything, please note what you did to troubleshoot it here, aside of turning your speakers on or plugging them in, ect...

You sould take a second to read up on esounds options, try:esound --help

Put it awk together

Now all we need to do is pipe the tail command to an awk evaluation set it to autoload and where done! This is not a comprehensive guide on how to use awk. In fact its probably horrible, but it will be easy for even the most novice user to follow as a first step.

The command we are going to use is something like this:

#This is just an example, will not work
tail -f -n1 /var/log/alllogs | awk '/pattern1/{code}/pattern2/&&/pattern3/{code}'

The trick is simply this, look for patterns in the log entries, for instance here is how I could have my computer speak when my desktop DHCP's with the server.

Here is an actual line from my log: Jul  4 10:33:01 ubuntu-desktop dhclient: DHCPREQUEST on eth0 to 192.168.1.1 port 67 now what I do is take a couple paterns, like "ubuntu-desktop" because other machines log here too, "DHCPREQUEST" because it tells me that eth0 is doing a DHCP request with the server at 192.168.1.1. Now all I would need to do is take those two patterns and launch esound with a special sentence for DHCP requests. This is what it looks like by itself. {{{tail -f -n1 /var/log/alllogs | awk '/ubuntu-desktop/&&/DHCPREQUEST/{system("espeak -ven+11 -s140 -p60 \"U bun 2 Desktop made a D H C P Request to the server\"")}' }}} NOTE: I added some switch options to my espeak command to make it female and a little more understandable. The text itself is more syllable strings. "U bun 2" speaks out better than "Ubuntu" so its just a matter of fiddling with it.

What about when it binds the address, wouldn't it be nice to do something with that? My DHCP host always gives ubuntu-desktop the .194 address. Now what I want to do is add this so it will speak the event for me and still alert me of the DHCP Request so all I would need to do is:{{{tail -f -n1 /var/log/alllogs | awk '/ubuntu-desktop/&&/DHCPREQUEST/{system("espeak -ven+11 -s140 -p60 \"U bun 2 Desktop made a D H C P Request to the server\"")}/ubuntu-desktop/&&/bound/&&/194/{system("espeak \-ven\+11 \-s140 \-p60 \"U bun 2 Desktop is bouhnd to 1 9 2 dot 1 6 8 dot 1 dot 1 9 4\"")}' }}} Now I have a functioning audio informant for all my logs. I will be adding more to this page in due time, this is what I did to get to where I could hear audible events from a complex awk statement. It has been running for 7 hours with absolutely no problems. Tested on Desktop to Laptop both running Ubuntu Desktop 7.04


CategoryAudio CategorySecurity

AudibleLogs (last edited 2011-04-07 22:04:41 by D9784B24)