I wanted to send logs of various devices somewhere in a central location I could always access no matter where I am.
I've looked into Amazon CloudWatch before but I could not find a quick way to do it due to it using an agent that has to be installed on the device or server. This isn't always possible, especially on devices such as a router.
Most devices are limited to sending logs to a log server, so I needed to find a solution that supports it.
I've seen people mention Papertrail on Twitter, and after digging through their docs, I thought I should just give it a go. Lo and behold, it does exactly what I want and is packed with features that will come in handy.
I've quickly set it up for some of my devices, with the exception of my ASUS RT-AC68U router. The remote log server field (Located under Administration -> System -> Miscellaneous) only accepts an IP address, and no port.
Papertrail requires you to send logs to a domain on a certain port and that's not possible through the router's UI. The domain looks something like this:
After some digging around I found a way to get it working, the obvious first step was to ping the domain to the IP.
ping logs<number>.papertrailapp.com PING logs<number>.papertrailapp.com (184.108.40.2067): 56 data bytes 64 bytes from 220.127.116.117: seq=0 ttl=48 time=141.011 ms 64 bytes from 18.104.22.1687: seq=1 ttl=48 time=147.535 ms
The IP is what we'll enter in the log server field, but first we'll have to set that port somehow. To do this, you'll have to enable telnet first in Administration -> System -> Miscellaneous -> Enable Telnet
Once done, go to your terminal of choice and run
telnet 192.168.1.1 (or whichever your router IP is), you'll have to enter your login credentials.
Once in, run the following (replace <port> with your Papertrail port):
admin@RT-AC68U:/tmp/home/root# nvram set log_port=<port> admin@RT-AC68U:/tmp/home/root# nvram commit
That's about it, after setting the port you just enter that IP in the router UI and it should be sending logs to Papertrail!
One issue with this method is that this might stop working when the IP changes. Another is that a firmware update may reset the port and you'll have to fix it, but this could be fixed with a cron job if that is a possibility - I haven't looked into that yet.
That's it for now, hope this helps someone out there!