Announcement

Collapse
No announcement yet.

Pushing data to third party Syslog service

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    I am by no means a syslog guru, but to see entries in the syslog section of this plugin I had to configure each source device with the IP of the HS3 server
    cheeryfool

    Comment


      #17
      Hey Krumpy - do you mean you have an external product you want to be able to accept HS data? I'm confused maybe! UltraLog will be what pushes to an external server? Thanks

      Comment


        #18
        OK.

        1. Nothing sends syslog info unless it has the ability and you have it configured to do so.

        2. Should be answered in #1.

        3. I'm not entirely clear on this one. In this instance UltraLog has a syslog server. This means that it can receive and log logs from other software that can send logs to a syslog server.

        4. See #3.

        5. To make it work all you need is software that has remote logging capabilities. If you don't have something that can transmit to a syslog server then it's of no use to you whatsoever.
        Originally posted by rprade
        There is no rhyme or reason to the anarchy a defective Z-Wave device can cause

        Comment


          #19
          Originally posted by ewkearns View Post
          .....
          Any explanation would be greatly appreciated....
          I'll take a try at providing a overview. Ignoring anything Homeseer or Ultralog.

          Every computer generates logs. Windows has the Event View, Unix has logs as files under /var/logs/ (typically). This is also true with network devices, e.g. routers, managed switches, wi-fi routers, firewall, etc. Each device provides a way to view these logs. They also purge their logs so as not to keep too much stored.

          If you have the need to combined those logs, you need to log into each "device" and export those logs and combine them yourself. Syslog offers you the ability to centralize those logs in a single location. Combined into a single "file" or multiple "files" is typically up to how you want it.

          If a "device" allows you to configure remote logging, most likely it will use syslog (client). I've include screen captures from my firewall, a wifi router and a managed network switch.

          The syslog clients (software), send the log entries to the configured server which must have a syslog daemon (listener - software) running. The syslog daemon is to be configured to tell it where to store each message. (see capture syslog.png)

          There are software packages (e.g. graylog) which accept syslog client messages and then can display dashboards, send alert notifications, provide analysis capabilities, etc.

          Hope this helps.
          Attached Files
          Len


          HomeSeer Version: HS3 Pro Edition 3.0.0.435
          Linux version: Linux homeseer Ubuntu 16.04 x86_64
          Number of Devices: 633
          Number of Events: 773

          Enabled Plug-Ins
          2.0.54.0: BLBackup
          2.0.40.0: BLLAN
          3.0.0.48: EasyTrigger
          30.0.0.36: RFXCOM
          3.0.6.2: SDJ-Health
          3.0.0.87: weatherXML
          3.0.1.190: Z-Wave

          Comment


            #20
            What Len said...

            Syslog is a very simple Unix based logging mechanism that is open.

            While Ultralog does a fine job being a Syslog Server for HomeSeer related logging, I do not want all of my non HomeSeer devices logging to Ultralog because it will saturate HS depending on logging traffic.


            Regular Ultralog/Syslog utilization:
            HomeSeer Log --> UltraLog

            What I/and some other are asking: Keep in mind that some of us are seeking a single place where all logs go. Since we anticipate a lot of "log" traffic, we would rather not bog down HomeSeer/Ultralog with this. We will be then using Ultralog as an agent to "relay" all HomeSeer related logs to the 3rd party Syslog server.

            HomeSeerLog --> Ultralog --> Relay to 3rd Party Syslog Server
            PFSense --> 3rd Party Syslog Server
            WIFI Router --> 3rd Party Syslog Server
            All Windows Machines --> 3rd Party Syslog Server
            All Unix Boxes --> 3rd Party Syslog Server
            WIFI Router --> 3rd Party Syslog Server
            Other switches/routers --> 3rd Party Syslog Server

            I hope this makes sense. For more information on Syslog see https://en.wikipedia.org/wiki/Syslog
            HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

            Comment


              #21
              Thanks guys, I’m really beginning to understand the limitations of trying to do this on Windows. What appears to be a simple *nix matter is apparently convoluted into an exercise to challenge Level 99 Windows IT gurus that are able to leap into their pants… both legs at one time.

              A vignette into the Microsoft method is here and appears to involve winrm and wecutil:

              https://msdn.microsoft.com/en-us/lib...(v=ws.11).aspx

              https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx


              I, also, ran across Graylog, which excited me quite a bit, until I found the following caveat on their website:

              “Unfortunately there is no supported way to run Graylog on Microsoft Windows operating systems even though all parts run on the Java Virtual Machine. We recommend to run the virtual machine appliances on a Windows host. It should be technically possible to run Graylog on Windows but it is most probably not worth the time to work your way around the cliffs.”

              Graylog
              https://www.graylog.org/

              So, I think my time is probably going to be more wisely spent with pfSense…. and the firewall that reasonably needs to come first.

              Thanks, again, for the collective aid and support….

              PS
              Anybody that can figure out how to aggregate logs on a Windows network, in a simple and understandable manner, is probably doing the IT equivalent of creating a better mousetrap!
              HomeSeer Version: HS4 Pro Edition 4.2.19.0 (Windows - Running as a Service)
              Home Assistant 2024.3
              Operating System: Microsoft Windows 11 Pro - Desktop
              Z-Wave Devices via two Z-Net G3s
              Zigbee Devices via RaspBee on RPi 3b+
              WiFi Devices via Internal Router.

              Enabled Plug-Ins
              AK GoogleCalendar 4.0.4.16,AK HomeAssistant 4.0.1.23,AK SmartDevice 4.0.5.1,AK Weather 4.0.5.181,AmbientWeather 3.0.1.9,Big6 3.44.0.0,BLBackup 2.0.64.0,BLGData 3.0.55.0,BLLock 3.0.39.0,BLUPS 2.0.26.0,Device History 4.5.1.1,EasyTrigger 3.0.0.76,Harmony Hub 4.0.14.0,HSBuddy 4.51.303.0,JowiHue 4.1.4.0,LG ThinQ 4.0.26.0,ONVIF Events 1.0.0.5,SDJ-Health 3.1.1.9,TPLinkSmartHome4 2022.12.30.0,UltraCID3 3.0.6681.34300,Z-Wave 4.1.3.0

              Comment


                #22
                Yea, I am working to get a syslog implemented. I have my firewall (PFSense) hosting a syslog server and just about have the firewall log moved over. Is there an existing plugin that allows the HS3 log to be transmitted to a syslog server?


                Sent from my iPhone using Tapatalk

                Comment


                  #23
                  This is the big issue with closed systems.

                  Have a look at NXLog (https://nxlog.co/products/nxlog-community-edition) and see if that fits your windows based needs. I have this earmarked for the 1 windows "server" (always on windows 8.1 desktop - ex-HS3 computer) at home. I have not yet done the analysis to see if there is any value in sending the windows event logs to my syslog/graylog yet.

                  Won't help with HS3 logs to syslog however.
                  Len


                  HomeSeer Version: HS3 Pro Edition 3.0.0.435
                  Linux version: Linux homeseer Ubuntu 16.04 x86_64
                  Number of Devices: 633
                  Number of Events: 773

                  Enabled Plug-Ins
                  2.0.54.0: BLBackup
                  2.0.40.0: BLLAN
                  3.0.0.48: EasyTrigger
                  30.0.0.36: RFXCOM
                  3.0.6.2: SDJ-Health
                  3.0.0.87: weatherXML
                  3.0.1.190: Z-Wave

                  Comment


                    #24
                    Originally posted by Kerat View Post
                    Yea, I am working to get a syslog implemented. I have my firewall (PFSense) hosting a syslog server and just about have the firewall log moved over. Is there an existing plugin that allows the HS3 log to be transmitted to a syslog server?


                    Sent from my iPhone using Tapatalk
                    I *think* that's what this thread is about. Having UltraLog HSPI forward the HS3 database log entries to an central syslog daemon.

                    If you have HS3 on linux and have Perl installed, here is my hack.

                    I have the following Perl script on my HS server.

                    Code:
                    #!/usr/bin/perl
                    
                    use Net::Syslog;
                    
                    # flush after every write
                    #$| = 1;
                    
                    while (my $data = <STDIN>) {
                        chomp $data;
                        $data =~ s/\r//g;
                        my $priority = 'informational';
                    
                        print "$priority\t$data\n";
                    
                        # write to remote syslog.
                        my $syslog = new Net::Syslog(Facility   => 'local4',
                                                     SyslogHost => '192.168.1.24',
                                                     Name       => 'homeseer',
                                                    );
                        $syslog->send("$data", Priority => "$priority");
                    
                    }
                    I modified HS3's go script as follows:
                    Code:
                    sudo mono HSConsole.exe --log | perl /usr/HomeSeer/scripts/syslog.pl
                    My central syslog VM (192.168.1.24) is configured to send all "homeseer" and "mono" log entries to /var/log/homeseer.log. I have a

                    Code:
                    :programname, isequal, "homeseer"    /var/log/homeseer.log
                    :programname, isequal, "mono"    /var/log/homeseer.log
                    & stop
                    There is only one limitation to this. I can't issue the console's command line to stop homeseer. I have to do it via the web UI.
                    Len


                    HomeSeer Version: HS3 Pro Edition 3.0.0.435
                    Linux version: Linux homeseer Ubuntu 16.04 x86_64
                    Number of Devices: 633
                    Number of Events: 773

                    Enabled Plug-Ins
                    2.0.54.0: BLBackup
                    2.0.40.0: BLLAN
                    3.0.0.48: EasyTrigger
                    30.0.0.36: RFXCOM
                    3.0.6.2: SDJ-Health
                    3.0.0.87: weatherXML
                    3.0.1.190: Z-Wave

                    Comment


                      #25
                      It may be that the latest Windows is the kiss of death. From the NXLOG website:

                      "Supports many different operating systems such as Linux (Debian, Redhat, Ubuntu), BSD, HP-UX, IBM AIX, Solaris, Android and also Microsoft Windows (from XP through 2012) so you don't need a different collector/agent for that other platform."

                      So.... it sounds like Windows 10 is left out....
                      HomeSeer Version: HS4 Pro Edition 4.2.19.0 (Windows - Running as a Service)
                      Home Assistant 2024.3
                      Operating System: Microsoft Windows 11 Pro - Desktop
                      Z-Wave Devices via two Z-Net G3s
                      Zigbee Devices via RaspBee on RPi 3b+
                      WiFi Devices via Internal Router.

                      Enabled Plug-Ins
                      AK GoogleCalendar 4.0.4.16,AK HomeAssistant 4.0.1.23,AK SmartDevice 4.0.5.1,AK Weather 4.0.5.181,AmbientWeather 3.0.1.9,Big6 3.44.0.0,BLBackup 2.0.64.0,BLGData 3.0.55.0,BLLock 3.0.39.0,BLUPS 2.0.26.0,Device History 4.5.1.1,EasyTrigger 3.0.0.76,Harmony Hub 4.0.14.0,HSBuddy 4.51.303.0,JowiHue 4.1.4.0,LG ThinQ 4.0.26.0,ONVIF Events 1.0.0.5,SDJ-Health 3.1.1.9,TPLinkSmartHome4 2022.12.30.0,UltraCID3 3.0.6681.34300,Z-Wave 4.1.3.0

                      Comment


                        #26
                        Originally posted by ewkearns View Post
                        It may be that the latest Windows is the kiss of death. From the NXLOG website:

                        "Supports many different operating systems such as Linux (Debian, Redhat, Ubuntu), BSD, HP-UX, IBM AIX, Solaris, Android and also Microsoft Windows (from XP through 2012) so you don't need a different collector/agent for that other platform."

                        So.... it sounds like Windows 10 is left out....
                        odds are that it'll work on windows 10.

                        update: just installed NXLog on my a windows 10 pro desktop without issues. It flooded my syslog server with the following.....

                        Code:
                        Dec 11 23:45:45 desktop MSWinEventLog#0112#011System#01133#011Mon Dec 11 23:45:45 2017#0111014#011Microsoft-Windows-DNS-Client#011NETWORK SERVICE#011Well Known Group#011Warning#011desktop#011N/A#011#011Name resolution for the name wpad timed out after none of the configured DNS servers responded.#0117551#015
                        Dec 11 23:46:01 desktop MSWinEventLog#0111#011Application#01134#011Mon Dec 11 23:46:01 2017#01115#011SecurityCenter#011N/A#011N/A#011Information#011desktop#011N/A#011#011Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_ON.#01112024#015
                        used the following configuration:

                        PHP Code:
                        <Input in>
                            
                        Module      im_msvistalog
                        # For windows 2003 and earlier use the following:
                        #   Module      im_mseventlog
                            
                        ReadFromLast TRUE
                            
                        <QueryXML>
                               <
                        QueryList>
                                 <
                        Query Id='1'>
                               <
                        Select Path='Application'>*</Select>
                                   <
                        Select Path='Security'>*[Security/Level=4]</Select>
                               <
                        Select Path='System'>*</Select>
                                 </
                        Query>
                               </
                        QueryList>
                           </
                        QueryXML>
                        </
                        Input
                        Last edited by lveatch; December 12, 2017, 01:00 AM. Reason: update:
                        Len


                        HomeSeer Version: HS3 Pro Edition 3.0.0.435
                        Linux version: Linux homeseer Ubuntu 16.04 x86_64
                        Number of Devices: 633
                        Number of Events: 773

                        Enabled Plug-Ins
                        2.0.54.0: BLBackup
                        2.0.40.0: BLLAN
                        3.0.0.48: EasyTrigger
                        30.0.0.36: RFXCOM
                        3.0.6.2: SDJ-Health
                        3.0.0.87: weatherXML
                        3.0.1.190: Z-Wave

                        Comment


                          #27
                          Originally posted by lveatch View Post
                          I *think* that's what this thread is about. Having UltraLog HSPI forward the HS3 database log entries to an central syslog daemon.



                          If you have HS3 on linux and have Perl installed, here is my hack.



                          I have the following Perl script on my HS server.



                          Code:
                          #!/usr/bin/perl
                          
                          
                          
                          use Net::Syslog;
                          
                          
                          
                          # flush after every write
                          
                          #$| = 1;
                          
                          
                          
                          while (my $data = <STDIN>) {
                          
                              chomp $data;
                          
                              $data =~ s/\r//g;
                          
                              my $priority = 'informational';
                          
                          
                          
                              print "$priority\t$data\n";
                          
                          
                          
                              # write to remote syslog.
                          
                              my $syslog = new Net::Syslog(Facility   => 'local4',
                          
                                                           SyslogHost => '192.168.1.24',
                          
                                                           Name       => 'homeseer',
                          
                                                          );
                          
                              $syslog->send("$data", Priority => "$priority");
                          
                          
                          
                          }


                          I modified HS3's go script as follows:

                          Code:
                          sudo mono HSConsole.exe --log | perl /usr/HomeSeer/scripts/syslog.pl


                          My central syslog VM (192.168.1.24) is configured to send all "homeseer" and "mono" log entries to /var/log/homeseer.log. I have a



                          Code:
                          :programname, isequal, "homeseer"    /var/log/homeseer.log
                          
                          :programname, isequal, "mono"    /var/log/homeseer.log
                          
                          & stop


                          There is only one limitation to this. I can't issue the console's command line to stop homeseer. I have to do it via the web UI.


                          This is sweet. I will give this a whirl this weekend.


                          Sent from my iPhone using Tapatalk

                          Comment


                            #28
                            HomeSeer 2, HomeSeer 3, Allonis myServer, Amazon Alexa Dots, ELK M1G, ISY 994i, HomeKit, BlueIris, and 6 "4k" Cameras using NVR, and integration between all of these systems. Home Automation since 1980.

                            Comment


                              #29
                              I'll be posting the update Tomorrow.

                              Regards,
                              Ultrajones
                              Plug-ins: UltraMon, UltraM1G, UltraCID, Ultra1Wire, UltraLog, UltraWeatherBug, UltraPioneerAVR, UltraGCIR

                              Comment


                                #30
                                This is what the log output looks like on my syslog receiver:

                                Code:
                                Dec 17 10:14:46 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Info, Message=Plugin UltraLog3 with instance:  has disconnected#015
                                Dec 17 10:15:00 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Log Maintenance, Message=81 records, selected by date/time, were removed from the log database.#015
                                Dec 17 10:15:00 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Log Info, Message=The log database is currently 2.31MB in size.#015
                                Dec 17 10:15:25 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Z-Wave, Message=Device: Node 2 Z-Wave Gallons Set to 843.3 (843.3 Gallons)#015
                                Dec 17 10:16:06 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Info, Message=Plugin UltraLog3 has connected. IP:127.0.0.1:57933#015
                                Dec 17 10:16:25 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Z-Wave, Message=Device: Node 2 Z-Wave Water Notification Set to NOTIFICATION for type Water Notification, Event: No Event#015
                                Dec 17 10:18:14 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Info, Message=Plugin UltraLog3 with instance:  has disconnected#015
                                Dec 17 10:19:40 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Info, Message=Plugin UltraLog3 has connected. IP:127.0.0.1:58063#015
                                Dec 17 10:21:49 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Device Control, Message=Device: Node 2 Z-Wave Gallons to Reset Accumulated Values (0) by/from: CAPI Control Handler#015
                                Dec 17 10:21:49 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Z-Wave, Message=Device: Node 2 Z-Wave Gallons Set to 0#015
                                Dec 17 10:22:10 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Z-Wave, Message=Device: Node 2 Z-Wave Gallons Set to 0.1 (0.1 Gallons)#015
                                Dec 17 10:22:10 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Z-Wave, Message=Device: Node 2 Z-Wave Water Notification Set to NOTIFICATION for type Water Notification, Event: Water Flow Alarm#015
                                Dec 17 10:22:33 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Warning, Message=Interface UltraFlowMeter3 is running as a trial, 6 days remaining.#015
                                Dec 17 10:22:33 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Info, Message=Plugin UltraFlowMeter3 has connected. IP:127.0.0.1:58725#015
                                Dec 17 10:22:34 mac-mini-dev HomeSeer3[904]: Priority=0, errorCode=0, Source=HomeSeer3, Type=Plug-In, Message=Finished initializing plug-in UltraFlowMeter3#015
                                Last edited by Ultrajones; December 17, 2017, 10:24 AM.
                                Plug-ins: UltraMon, UltraM1G, UltraCID, Ultra1Wire, UltraLog, UltraWeatherBug, UltraPioneerAVR, UltraGCIR

                                Comment

                                Working...
                                X