EdgeRouter - Remote Syslog Server for System Logs


Readers will learn how to configure the EdgeRouter to send log messages to a server using syslog. 



Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configuration used in this article.


Equipment used in this article:

EdgeRouter-4 (ER-4)

- Syslog server

Table of Contents

  1. Steps: Syslog Server
  2. Steps: Testing & Verification
  3. Related Articles

Syslog Server

Back to Top

You can either use the GUI or CLI to configure the location of the syslog server and the severity level (0-7). The syslog server can be defined using an IP address or hostname. The severity levels are:

  • 0 - Emergency
  • 1 - Alert
  • 2 - Critical
  • 3 - Error
  • 4 - Warning
  • 5 - Notice
  • 6 - Informational
  • 7 - Debug

The configured severity level will include all the lower number severity levels as well. For example, if you set the severity level to 6 (Informational), the router will send syslog messages for levels 0-6. 


By default, EdgeOS uses the 'BSD' syslog format, the rsyslogd service and UDP port 514 for syslog. It is possible to use an alternate port by adding the port to the syslog server address. For example, configuring will send syslog messages to UDP port 10514.


GUI: Access the Graphical User Interface.

System > System Log

Log to remote server:
Log Level: Informational


CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.
set system syslog host facility all level info
commit ; save

Steps - Testing & Verification

Back to Top

You can use the build-in tcpdump functionality to verify if the syslog messages are actually sent to the server. 

sudo tcpdump -i eth1 -n udp dst port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:11:38.337306 IP > SYSLOG authpriv.info, length: 141
18:11:38.341110 IP > SYSLOG authpriv.info, length: 94
18:11:38.787049 IP > SYSLOG authpriv.info, length: 83
18:11:49.106441 IP > SYSLOG auth.info, length: 96
18:11:49.110156 IP > SYSLOG authpriv.info, length: 100
18:12:39.358084 IP > SYSLOG authpriv.info, length: 141
18:12:39.361312 IP > SYSLOG authpriv.info, length: 94
18:12:39.806304 IP > SYSLOG authpriv.info, length: 83

If needed, restart the rsyslogd process with:

sudo service rsyslog restart

Related Articles

Back to Top