When I went to process my remote firewall log output from OpenWRT, I noticed that the entries were truncated. A quick check with tcpdump indicated that the syslog packets were truncated to 256 characters. As syslogd and klogd are both provided by BusyBox, I decided to replace them both. The obvious solution was to replace them with syslog-ng. opkg indicated that it was available, so installation was simple.
Unfortunately, configuration is not yet automated. A default configuration file is provided in /etc/syslog-ng. This simply logs to /var/log/messages. It also assumes that klogd is active. After some research and experimentation, I came up with a configuration. It can provide a local log in /var/log/messages. More importantly it provides complete firewall log entries to the remote server. (more…)