Nexapp - Logs

Logs

NexappOS writes logs in a safe, flexible way so you can troubleshoot locally or forward events to external systems.

By default, logs are first written to an in-memory temporary directory. This protects the root filesystem from corruption in case of disk or system failure.

NexappOS supports three logging destinations:

  • Local storage Logs can be persisted directly on disk. Configure this from the UI in Storage.

  • Remote Controller If the firewall is connected to a Controller, logs can be forwarded automatically.

  • Custom Syslog Forwarder Logs can be sent to an external syslog server (UDP/TCP), using UCI configuration. This section explains how to configure this option.

Forwarding Logs to a Remote Syslog Server

To enable syslog forwarding:

  1. Configure the forwarder in UCI
  2. Commit changes
  3. Restart rsyslog

Temporary logs remain visible in /var/log/messages and are also forwarded to the remote server.

Most syslog servers listen on UDP port 514 by default.

Example: Forwarding to 192.168.1.88 via UDP/514

Create a forwarder called clm (Custom Log Manager):

uci set rsyslog.clm=forwarder
uci set rsyslog.clm.source=*.*
uci set rsyslog.clm.protocol=udp
uci set rsyslog.clm.port=514
uci set rsyslog.clm.target=192.168.1.88

Commit the configuration:

uci commit rsyslog

Restart rsyslog:

/etc/init.d/rsyslog restart

Syslog Format (RFC 3164 vs RFC 5424)

By default, forwarding uses TraditionalFileFormat (RFC 3164). To switch to RFC 5424:

uci set rsyslog.clm.rfc=5424
uci commit rsyslog
/etc/init.d/rsyslog restart

You can configure multiple forwarders by repeating the same steps with a different name (e.g., clm2, clm3, etc.).

Log Rotation Size

The main log file /var/log/messages is stored in RAM. When it reaches its size limit, it is rotated and compressed:

  • Active log: /var/log/messages
  • Rotated log: /var/log/messages.1.gz
  • Only two versions are kept (current + last rotated)

From version 1.4.0, the default rotation threshold is 10% of the tmpfs mounted at /tmp.

Managing Rotation Size with ns-log-size

The ns-log-size script controls the rotation limit (in bytes) for /var/log/messages.

What it does

  • get: shows current rotation size

  • set <size>: updates rotation size

    • must be a positive integer
    • must be at least 50 MB (52428800 bytes)
  • automatically restarts rsyslog after a successful set
  • writes changes into /etc/rsyslog.conf

Usage

ns-log-size {get|set <size>}

Examples

Get current rotation size:

ns-log-size get

Set rotation size to 100 MB:

ns-log-size set 104857600
Discard
Save
Draft
This page has been updated since your last edit. Your draft may contain outdated content. Load Latest Version

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on