I’ve noticed some issues with regard to local vs remote logging. I have a syslog server set up (graylog) taking in logs from my devices, the following is the example of output from a CRS112:
10:12:34 system,info router rebooted
10:12:36 interface,info MGMT link up
10:12:40 bridge,info hardware offloading activated on bridge "bridge" ports: ether1
10:12:40 bridge,info hardware offloading activated on bridge "bridge" ports: ether2
10:12:40 bridge,info hardware offloading activated on bridge "bridge" ports: ether3
10:12:41 bridge,info hardware offloading activated on bridge "bridge" ports: ether4
10:12:41 bridge,info hardware offloading activated on bridge "bridge" ports: ether5
10:12:41 bridge,info hardware offloading activated on bridge "bridge" ports: ether6
10:12:41 bridge,info hardware offloading activated on bridge "bridge" ports: ether7
10:12:41 bridge,info hardware offloading activated on bridge "bridge" ports: ether8
10:12:43 interface,info ether1 link up (speed 1G, full duplex)
10:12:43 interface,info ether2 link up (speed 10M, full duplex)
10:12:43 bridge,info "bridge" mac address changed to CC:2D:E0:8D:4F:42
10:12:45 dhcp,info dhcp-client on MGMT got IP address 10.0.30.5
10:13:55 system,info sntp change time Jul/01/2019 10:13:17 => Jul/01/2019 10:13:55
10:14:43 ssh,info publickey accepted for user: admin
10:14:43 system,info,account user admin logged in from 10.0.70.2 via ssh
10:14:48 system,info,account user admin logged in from 10.0.90.6 via web
This obviously all shows up in memory, but I only see logs in graylog starting at 10:13:55, the sntp time change.
Both logging entries are simply
topic=info
, with the only difference being
action=memory
vs
action=remote
Here is my remote action:
3 * name="remote" target=remote remote=GRAYLOGIP remote-port=PORT src-address=0.0.0.0 bsd-syslog=yes syslog-time-format=bsd-syslog syslog-facility=daemon syslog-severity=auto