UniFi - How to Enable Netconsole Debug Logging on USG

 Overview


This article describes how to enable netconsole debug logging to syslog for UniFi Security Gateways (USG). This can be helpful to capture debug information, which would otherwise have to be captured by connecting a serial console to the device. 

This article is applicable to firmware version 4.4.34 and newer.

Table of Contents


  1. Intro
  2. Enabling netconsole logging
  3. Checking netconsole status
  4. Disabling netconsole logging
  5. Persisting across reboots
  6. Related Articles

Intro


Back to Top

The ubnt-netconsole utility is included in the USG versions 4.3.34 and newer, to assist in the configuration of netconsole logging. This is useful for capturing crash details for instance, where the OS might have otherwise been unable to send the logs over the network, and they would have been lost during reboot.

In order to use netconsole, a syslog server setup is needed to accept remote logging data.

To see the usage of the ubnt-netconsole command, SSH into the USG and run sudo ubnt-netconsole.

$ sudo ubnt-netconsole
Usage: /usr/sbin/ubnt-netconsole <device> <remote ip> [remote port] [remote mac]
      /usr/sbin/ubnt-netconsole status
      /usr/sbin/ubnt-netconsole disable

Enabling netconsole logging


Back to Top

To enable netconsole logging, you will specify the interface used to reach the syslog server, the IP and port of the syslog server, and optionally the MAC address of that server. If the syslog server isn’t directly-connected to one of USG’s interfaces, you should specify the MAC address of the next-hop router through which it is reachable (such as your ISP’s router if the syslog server is reachable via the Internet).

For this example, the syslog server is at 192.168.1.50 on the LAN, which is interface eth1 of the USG, using port 514, and the server’s MAC address is 12:34:56:78:90:aa.

$ sudo ubnt-netconsole eth1 192.168.1.50 514 12:34:56:78:90:aa
Netconsole : enabled
Device     : eth1
Local IP   : 192.168.1.1
Local port : 6665
Local mac  : 80:2a:a8:8e:f8:3d
Remote IP  : 192.168.1.50
Remote port: 514
Remote mac : 12:34:56:78:90:aa

The resulting "Netconsole: enabled" output shows that it was successfully configured.


Checking netconsole status


Back to Top

To check the status of netconsole, run sudo ubnt-netconsole status. It will either show enabled or disabled.

$ sudo ubnt-netconsole status
Netconsole : enabled
Device     : eth1
Local IP   : 192.168.1.1
Local port : 6665
Local mac  : 80:2a:a8:8e:f8:3d
Remote IP  : 192.168.1.50
Remote port: 514
Remote mac : 12:34:56:78:90:aa

$ sudo ubnt-netconsole status
Netconsole not active

Disabling netconsole logging


Back to Top

To disable netconsole logging, run sudo ubnt-netconsole disable. The disable command does not provide output, but you can check status afterwards to verify. It will also be disabled after a reboot.

$ sudo ubnt-netconsole disable
$ sudo ubnt-netconsole status
Netconsole not active

Persisting across reboots


Back to Top

If you want your netconsole logging to persist across reboots, you can add the enable command that was used, to /etc/rc.local above the exit 0 line. To persist the configuration applied in the previous example, the bottom of /etc/rc.local should look like the following. 

/usr/sbin/ubnt-netconsole eth1 192.168.1.50 514 12:34:56:78:90:aa
exit 0

Related Articles


Back to Top

Powered by Zendesk