Syslog server on TrueNAS Scale?

bpolak · May 4, 2024, 8:26am

Is there a reasonable way to run Syslog server on TrueNAS Scale 23.10.2 pls? I am surprised it is not available in official Apps. Trying to migrate from old Qnap, this is one of the show stoppers.

LarsR · May 4, 2024, 8:46am

Truecharts, a third party app catalogue, has a syslog-ng app in their stable train. I’ve never used it and therefore have no idea how it should be setup…
You could also try to run it as a custom app, because you can deploy any docker image from docker hub.

Protopia · May 4, 2024, 2:42pm

I run the TrueCharts syslog-ng app on my TrueNas Scale Cobia 23.10.2 server.

I have the syslog app set-up and can provide screen shots, however IMO it isn’t much use by itself unless you can:

Browse and filter the syslog
Get alerts for specific messages received - and have a decent admin panel to manage this.

Perhaps we can explore this together…

dan · May 4, 2024, 2:47pm

Something like Graylog really seems like what’s called for here. I’m kind of surprised there isn’t an app for it already.

bpolak · May 4, 2024, 3:20pm

I am planning to use Kiwi Log Viewer for Windows Free Edition which would do the very basic job. I would look for something more sophisticated (New Relic?) later, once having this up and running.
Still having a trouble with persistence - app config storage redirected to the host path stays empty and I did not find the way how to redirect the path for the messages storage. Any hint pls?

PhilD13 · May 4, 2024, 5:08pm

Graylog Open has a Docker image and Compose downloads, so it could likely be installed on Truenas Scale.

Protopia · May 4, 2024, 5:10pm

Ok - here is how I do my storage for apps.

I created an apps-pool on an SSD (performance and power usage reasons).
I created an apps-config dataset in the apps pool, a syslog-ng subdirectory, and a syslog-ng.conf file in there.
I created a syslog-data dataset in the apps pool
I created two host data definitions in the syslog-ng kubernetes app settings to map these into the syslog-ng container:

I hope that this helps.

Protopia · May 4, 2024, 5:15pm

My syslog-ng.conf file looks like this:

@version: 4.5
@include "scl.conf"

options {
        # https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.22/administration-guide/59#TOPIC-1209295
        perm(775);
        create-dirs(yes);
        dir-perm(775);
        flush-lines(10);
        keep-hostname(yes);
        on-error(fallback-to-string);
        stats(freq(21600));
        stats(level(1));
        use-dns(no);
};

source s_local {
        system();
        internal();
};

source s_network {
        default-network-drivers(
                # NOTE: TLS support
                #
                # the default-network-drivers() source driver opens the TLS
                # enabled ports as well, however without an actual key/cert
                # pair they will not operate and syslog-ng would display a
                # warning at startup.
                #
                #tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
        );
};

destination d_local {
        file("/dev/stdout");
};

destination d_network {
        file(
                "/var/log/syslog-ng/${HOST}/${HOST}_${YEAR}_${MONTH}_${DAY}.log"
                create-dirs(yes)
        );

        file(
                "/var/log/syslog-ng/${HOST}/KV/${HOST}_${YEAR}_${MONTH}_${DAY}.log" 
                template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") 
                frac-digits(3)
                create-dirs(yes)
        );
};

log {
        source(s_local); destination(d_local);
};

log {
        source(s_network); destination(d_network);
};

Protopia · May 5, 2024, 2:28pm

Or Nagios-XI