[Rickers]

Using 'nc -u -l <host-ip> 514' on my Mac to receive events on UDP port 514. This works fine using loglevel Medium (firewall log config).

However, I need to set firewall loglevel set to High so I receive ACCEPT entries. I need to see those as I'm trying to track down an issue.

The problem is that there are 100s of entries a second for the port 514 remote syslog connection itself. It's so bad, the router GUI crawls. 'nc -u -l <host-ip> 514 | grep -v "DPT=514"' VISUALLY filters these out, but the router is still flooding the client and still has performance problems.

Is there a way in the firewall config (is that just the iptables rules?) to stop the logging of these events with a destination port of UDP 514?

Thanks, Rick

[dale_gribble39]

PuTTY, logging enabled, tail -f /var/log/mesages | grep -i accept is probably an easier way to glean information. I don't know why you'd need to be surfing the webUI while polling firewall logging at the same time.

https://www.google.com/search?q=install+putty+on+macos

[Rickers]

Surfing web UI while examining the log...when I turn on remote logging and set firewall logging to High, it completely locks up the router and it will eventually crash...doesn't work at all. It generates over 4000 messages a second. I suspect each message is generating the next one.

I'm using nc to experiment with this, but I eventually want to write an application to receive the data. I want the application to listen on port 514.

Thanks for the suggestion, but I would like to find a way to use port 514.

Regards, Rick

[dale_gribble39]

Déjà vu. I don't want to assume, but are you surfing the syslog pages in the webUI when this happens?

How to get klog output send to remote syslog server

A proper tailing of the logfile, local or remote, would probably be easier. Something along the lines of:

[Rickers]

Here is the solution to my problem: