TrueNAS Scale as LAN SysLog Destination

[asokolsky]

TrueNAS Scale uses syslog-ng with configuration in `/etc/syslog-ng/syslog-ng.conf`.

My plan:

• leave local logs (those coming from TrueNAS) intact;
• accept messages from the remote clients sent to UDP port 554;
• store such logs in a persistent dataset.

Prepare Log Storage

I created a dedicated dataset and mounted it at `/mnt/bmp/logs/`. Log rotation to be addressed later.

Re-Configure syslog-ng

I created `/etc/syslog-ng/conf.d/remote.conf`:

Code:

source s_network {
    syslog(transport("udp"));
};
destination d_network {
    file("/mnt/bmp/logs/$HOST/$PROGRAM.log"
        create-dirs(yes)
        owner("root")
        group("root")
        perm(0777));
};
log {
    source(s_network);
    destination(d_network);
};

For context: I run TrueNAS Scale in a VM with SATA controller passed through.

To examine the logs I ssh into TrueNAS. There is no log analyzer.

 

[Arwen]

Keep in mind changes to the OS won't be kept between updates. Also, later versions of TrueNAS SCALE are going to be hardened, including some OS datasets configured as Read/Only. Not to prevent what you want to do, but to improve security. This can be overcome by developer mode, though I don't remember the details of how to enable developer mode.

It might be possible to have a container with SysLog-NG that has access to the bmp/logs dataset. This should last through any update.

 

[PhilD13]

Why not just install a VM in Truenas with your favorite syslog server running and point Truenas syslog at the server as well as pointing the rest of the lan syslogs desired there as well? I think that would provide the best flexibility and ease of use going forward.