info_i_25x25.png Due to unforeseen weather conditions we are experiencing higher chat wait times. Remember you can also submit a ticket and one of our support representatives will get back to you as soon as possible. We apologize for the inconvenience.

EdgeRouter - Remote Syslog Server for System Logs


Readers will learn how to configure the EdgeRouter to send log messages to a server using syslog. 



Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configuration used in this article.


Equipment used in this article:

EdgeRouter-4 (ER-4)

- Syslog server

Table of Contents

  1. Steps: Syslog Server
  2. Steps: Testing & Verification
  3. Related Articles

Syslog Server

Back to Top

You can either use the GUI or CLI to configure the location of the syslog server and the severity level (0-7). The syslog server can be defined using an IP address or hostname. The severity levels are:

  • 0 - Emergency
  • 1 - Alert
  • 2 - Critical
  • 3 - Error
  • 4 - Warning
  • 5 - Notice
  • 6 - Informational
  • 7 - Debug

The configured severity level will include all the lower number severity levels as well. For example, if you set the severity level to 6 (Informational), the router will send syslog messages for levels 0-6. 


By default, EdgeOS uses the 'BSD' syslog format, the rsyslogd service and UDP port 514 for syslog. It is possible to use an alternate port by adding the port to the syslog server address. For example, configuring will send syslog messages to UDP port 10514.


GUI: Access the Graphical User Interface.

System > System Log

Log to remote server:
Log Level: Informational


CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.
set system syslog host facility all level info
commit ; save

Steps - Testing & Verification

Back to Top

You can use the build-in tcpdump functionality to verify if the syslog messages are actually sent to the server. 

sudo tcpdump -i eth1 -n udp dst port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:11:38.337306 IP > SYSLOG, length: 141
18:11:38.341110 IP > SYSLOG, length: 94
18:11:38.787049 IP > SYSLOG, length: 83
18:11:49.106441 IP > SYSLOG, length: 96
18:11:49.110156 IP > SYSLOG, length: 100
18:12:39.358084 IP > SYSLOG, length: 141
18:12:39.361312 IP > SYSLOG, length: 94
18:12:39.806304 IP > SYSLOG, length: 83

If needed, restart the rsyslogd process with:

sudo service rsyslog restart

Related Articles

Back to Top