Receiving Syslog messages with a systemd Arch Linux

syslogsystemdsystemd-journald

I'm feeling like I've overlooked the obvious, but I can't figure out how to get my Arch Linux server, which uses systemd, to receive and log syslog messages from a remote system.

I have a Cisco 678 DSL modem and a DD-WRT WAP, and both can be configured to send syslog-format messages to some other machine. I'd like that machine to be my Arch Linux server.

I've googled around, and all I find is that "systemd replaces syslog", or that I no longer need to run syslog or something equally irrelevant to my question.

UPDATE

I have asked on the Arch forums and gotten no relevant answers. I've installed syslog-ng just to listen on UDP port 514. syslog-ng writes messages from my Cisco 678, and a DD-WRT WAP I've got. Unfortunately, the messages don't end up in systemd's journal, but rather in flat files. So, no exact solution, but something of a workaround. I'd rather have the syslog messages in the journal, not in flat files.

Best Answer

You can write a poor man's syslog server quite easily with socat. You just need a service unit like this:

[Service]
Restart=on-success
ExecStart=/usr/bin/socat -u UDP-RECV:514 STDOUT

It will blindly send anything received on the syslog service port to the systemd journal. Save the above as, say, /etc/systemd/system/syslog.service and then

# systemctl daemon-reload
# systemctl start syslog

You then just need your source to send messages to UDP port 514 on your listening server.

You may want to enhance this to actually parse the received data and format it but it isn't necessary if all you want to do is journal what's received.

(socat is in the Arch Linux Extra repository: pacman -S socat)

Related Question