Announcement

Collapse
No announcement yet.

Jon00 Syslog Utility / UDP & TCP monitor

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by jon00 View Post
    Basic questions:

    1) Have you setup the settings under [SysLogServer1]?
    2) Is the plugin running? There should be an orange circle icon in your Windows sys tray.

    The plugin needs to be started/restarted after the settings are changed.
    All of the above, Yes sir... here's the config...

    Code:
    [Settings]
    ShowSysLog=1
    
    [HS3Log]
    BroadcastIPAddress=
    BroadcastPortNo=
    BroadcastProtocol=UDP
    MessageMode=4
    TCPMode=0
    
    [SysLogServer1]
    IPAddress=192.168.2.1
    PortNo=514
    Protocol=UDP
    RebroadcastPortNo=
    RebroadcastIPAddress=
    RebroadcastProtocol=
    
    [SysLogServer2]
    IPAddress=192.168.2.2
    PortNo=514
    Protocol=UDP
    RebroadcastPortNo=
    RebroadcastIPAddress=
    RebroadcastProtocol=
    
    
    [Trigger1]
    HostIP=192.168.2.1
    FacilityNo=
    SeverityNo=
    Message=" Assoc DC:EF:CA:**:**:**"
    ReTriggerPeriod=
    EventTrigger=Assoc_event_name
    ScriptTrigger=
    HSLogTriggerText=
    LogTriggers=1
    LogDirectory
    
    [Trigger2]
    HostIP=192.168.2.1
    FacilityNo=
    SeverityNo=
    Message="DHCPDISCOVER(br0) dc:ef:ca:**:**:**"
    ReTriggerPeriod=
    EventTrigger=DCHPDicover_event_name"
    ScriptTrigger=
    HSLogTriggerText=
    LogTriggers=1
    LogDirectory
    
    [Trigger3]
    HostIP=192.168.2.2
    FacilityNo=
    SeverityNo=
    Message=" Assoc AC:37:43:**:**:**"
    ReTriggerPeriod=
    EventTrigger=Assoc_event_name
    ScriptTrigger=
    HSLogTriggerText=
    LogTriggers=1
    LogDirectory
    
    [Trigger4]
    HostIP=192.168.2.2
    FacilityNo=
    SeverityNo=
    Message="DHCPDISCOVER(br0) ac:37:43:**:**:**"
    ReTriggerPeriod=
    EventTrigger=DCHPDicover_event_name"
    ScriptTrigger=
    HSLogTriggerText=
    LogTriggers=1
    LogDirectory

    Comment


      #17
      When the plugin was first run, it would have created a root device. Can you see that (Filters are floor: Utility, room: jon00 syslog).
      Jon

      Comment


        #18
        Originally posted by jon00 View Post
        When the plugin was first run, it would have created a root device. Can you see that (Filters are floor: Utility, room: jon00 syslog).
        yes, root is there

        Comment


          #19
          HS3 log, after restart...
          Oct-22 11:41:52 AM Jon00_Syslog Error - Only one usage of each socket address (protocol/network address/port) is normally permitted (Port 514)
          Oct-22 11:41:52 AM Jon00_Syslog UDP SysLog server stopped
          Oct-22 11:41:52 AM Jon00_Syslog ++++++++++
          Oct-22 11:41:52 AM Jon00_Syslog UDP SysLog Server started on port 514 (listening for traffic from 192.168.2.2)
          Oct-22 11:41:52 AM Jon00_Syslog ++++++++++
          Oct-22 11:41:52 AM Jon00_Syslog UDP SysLog Server started on port 514 (listening for traffic from 192.168.2.1)
          Oct-22 11:41:52 AM Jon00_Syslog ++++++++++
          Oct-22 11:41:52 AM Jon00_SysLog Version 1.0.0
          Oct-22 11:41:52 AM Jon00_SysLog Connected to Homeseer
          Oct-22 11:41:50 AM Jon00_Syslog Restarting Plugin....

          Comment


            #20
            As you have set showsyslog=1 under settings, you would see all the syslog messages from your router in the HSLog. If that is not happening, then you either have a config or port blocking/clash issue. I would also only use one syslog server for testing in case there are udp clashes on port 514. Make sure you have nothing else reading the syslog.
            Jon

            Comment


              #21
              Pete
              jon00 ... thank you. you mentioning 'testing' reminded me I had not yet changed the IP the routers were sending to.

              guys, thank you sooo much for the help!

              looks like its working as I'm seeing the devices update in HS3 and it triggered an Event!

              Comment


                #22
                Good to hear. Regarding the port clash in your log, you may be able to get away with just one syslog server. Just remove the Host IP setting and the plugin should pick up the UDP messages from both subnets. There is a small possibility that UDP messages may arrive at the same time but depends on how chatty your routers ares. Alternatively change the syslog port for the second router..
                Jon

                Comment


                  #23
                  jon00
                  Question about the Documentation. It shows an option: Message1... will the plugin check the message strong for both 'Message' and 'Message1'? Can I also add Message2, Message3, etc?

                  I figured out that I need to check, for each MAC, for Assoc and ReAssoc (separately). I know I can use a RegEx but Messages are just easier.

                  Also, one thought (feature request)... it would be really cool to be able to have "Trigger Groups" (5a, 5b, etc) which are associated to a single vDevice. This allows us to set values on that a vDevice. For example...

                  [Trigger5a]
                  HostIP=192.168.2.2
                  FacilityNo=
                  SeverityNo=
                  Message=" Assoc DC:EF:CA:66:44:22"
                  ReTriggerPeriod=
                  EventTrigger=
                  ScriptTrigger=
                  HSLogTriggerText=
                  LogTriggers=1
                  LogDirectory=

                  ControlUse="on"
                  Value = 1
                  StatusOnly = "no"

                  [Trigger5a]
                  HostIP=192.168.2.1
                  FacilityNo=
                  SeverityNo=
                  Message=" Assoc DC:EF:CA:66:44:22"
                  ReTriggerPeriod=
                  EventTrigger=
                  ScriptTrigger=
                  HSLogTriggerText=
                  LogTriggers=1
                  LogDirectory=

                  ControlUse="on"
                  ​​​​​​​Value = 1
                  StatusOnly = "no"


                  [Trigger5c]
                  HostIP=192.168.2.2
                  FacilityNo=
                  SeverityNo=
                  Message="DisAssoc DC:EF:CA:66:44:22"
                  ReTriggerPeriod=
                  EventTrigger=
                  ScriptTrigger=
                  HSLogTriggerText=
                  LogTriggers=1
                  LogDirectory=

                  ControlUse="off"
                  ​​​​​​​Value = 0
                  StatusOnly = "no"

                  [Trigger5d]
                  HostIP=192.168.2.1
                  FacilityNo=
                  SeverityNo=
                  Message="DisAssoc DC:EF:CA:66:44:22"
                  ReTriggerPeriod=
                  EventTrigger=
                  ScriptTrigger=
                  HSLogTriggerText=
                  LogTriggers=1
                  LogDirectory=

                  ControlUse="off"
                  ​​​​​​​Value = 0
                  StatusOnly = "no"

                  Comment


                    #24
                    You can use both Message and Message1 but both have to be true for a trigger. Message1 was added to cater for case sensitive triggers. You cannot add Message2 etc
                    Jon

                    Comment


                      #25
                      Originally posted by jon00 View Post
                      You can use both Message and Message1 but both have to be true for a trigger. Message1 was added to cater for case sensitive triggers. You cannot add Message2 etc
                      Ah, wish it was an OR not AND. Thoughts on enhancing the script to make the option for OR... and my idea around Trigger Groups?

                      Comment


                        #26
                        'Or' is supported via Rexex. You just use the pipe character to separate the strings to 'Or'

                        Example:

                        RegexMatch=Hello|World

                        This would trigger if Hello or World were in the syslog message.

                        I understand what you are trying to do with the trigger groups but that would require quite significant work. Remember you can pass the syslog triggered message to a script where you can do your own logic to do what you want.
                        Jon

                        Comment


                          #27
                          I am planning on an upgrade and reconfig for my home network. It's overloaded and not as secure as it should be. Can you recommend a good (free or low cost) syslog server software package which I think would be helpful to get things working right?

                          Comment


                            #28
                            Originally posted by noopara View Post
                            I am planning on an upgrade and reconfig for my home network. It's overloaded and not as secure as it should be. Can you recommend a good (free or low cost) syslog server software package which I think would be helpful to get things working right?
                            What kind of network equipment are you going to use? A number of HomeSeer users use Ubiquiti Unifi. If you use that, you can setup a network controller on a Linux box and use the built-in syslog facility in Linux. This is what I do and I use the Elastic Stack solution to monitor and report events.

                            Comment


                              #29
                              Originally posted by noopara View Post
                              Can you recommend a good (free or low cost) syslog server software package
                              Have a look at graylog.

                              Comment


                                #30
                                What equipment? I haven't decided on that yet. I used some Ubiquity equipment years ago to link a few building together but haven't used any in my home. I've been looking at mikroTik(I've used a little of that also to link a couple of buildings along with a few switches), Ubiquity and TP-Link. I would like to go with managed equipment. I don't currently have any in the home. I'm using a Netgear cable modem with voice (CM1150V) into an Asus RT-N66U router, a DGS-1024 D-Link 24 port switch, DGS-2208 D-Link 8 port switch and a couple of D-Link WAPs (converted routers). I am using 32 ethernet connections and a bunch of wireless devices including a lot of IoT devices. I am planning on a border router and then a couple of other routers, one for IoT devices and guests and another for secure devices. I'm not sure at this point if having all the IoT devices on a separate router will work with the HS server if it's on the secure router. I have 10 alexa devices at the present conversing with HS3. I guess it will work since it's all done through the MyHS server. I would like to find out from anyone that has done this if it will work without any issues.

                                Comment

                                Working...
                                X