Expired

VII. Router Diagnostics

Expired

Using the DrayTek Syslog Utility

Products:

Show all

Keywords:

Show all

The DrayTek Syslog utility is a DrayTek specific diagnostic and logging tool designed to record and interpret Syslog messages sent by DrayTek routers and other DrayTek products. Syslog is a simple messaging protocol designed to send human readable messages from network devices to a Syslog daemon (a listening/capturing program) and displayed or logged to a file.

Syslog is intended for logging and auditing purposes, as well as troubleshooting, for instance checking how the router's IP Filter or Content Filter is being applied.

The latest version of the DrayTek Syslog Utility can be downloaded here. It is a standalone application that does not require installation.

Upon first running, the Windows Firewall may prompt to allow the DrayTek Syslog utility through the Windows software firewall, click "Allow Access" to allow the Syslog utility to receive syslog messages, otherwise the Windows Firewall will drop incoming syslog messages when they are sent by your router.

The Syslog protocol uses UDP Port 514 by default, which needs to be allowed through any software firewalls to send syslogs to a PC, or forwarded through NAT if forwarding syslog over the internet.

Usage of the DrayTek Syslog Utility is detailed in these sections:

Application Overview	An overview of the main DrayTek Syslog utility window
Syslog Menu Options	The menu options available in the utility
Saving and Viewing Logs	Saving logs and viewing these saved logs with the DrayTek Syslog utility. Recommended for shorter logs & quick diagnostics
Syslog Database	Saving logs to a DrayTek Syslog Database and reading logs within that database. Recommended for long term logging and auditing
Configuring DrayTek Syslog Utility	Change settings for the DrayTek Syslog utility with additional diagnostic tools

Overview

DrayTek Syslog Utility Overview

The DrayTek Syslog utility breaks down Syslog messages into Categories and Sub-Categories that are specific to DrayTek routers, along with many other options to manage the viewer as it's running, these are described in the table below:

Element	Description
Menu Buttons	The menus for saving and viewing Syslog information with the DrayTek Syslog utility. See the Syslog Menu Options tab for more details.
Message Filter	The Log Filter is able to filter incoming messages and record / display only messages that match the criteria specified, by searching each incoming syslog message as a string of ASCII text. The keyword filter allows for multiple filter entries, with additional options to filter out unwanted entries. This uses apostrophes to designate a string to search for, i.e. '192.168.1.10' will display only entries containing that string of ASCII text (numbers and letters etc). Use brackets () to group items, with AND, OR and (NOT) as search operators, i.e. ('192.168.1.10' AND ':80' AND (NOT 'http')) Additional examples: 'MAC=88-B1-00-FF-00-FF' AND 'DNS' ('DNS' AND 'ebay' AND ('192.168.15.' OR '10.254.')) (':443' AND (NOT '10.254.254') AND (NOT '172.16.254'))
Categories	Displays messages matching the selected Category, defined in the DrayTek Syslog Utility Categories article
Sub-Categories	Some Categories have sub-categories, with additional options or filters, such as Traffic Graphs, Calls Logs etc.
DSL Information	Displays the current DSL modem status.
Selected Router	DrayTek Syslog Utility can record syslog messages from up to 5 devices. Select the IP address of the device currently being displayed from the drop-down box.
WAN Status	Displays the current WAN interface status and usage information. Select the WAN interface to view from the drop-down box.
Pause Button	Ticking the Pause option stops the DrayTek Syslog utility from receiving new syslog messages until this option is un-ticked.
Syslog Message Window	Displays current Syslog messages with: System Time - When the DrayTek Syslog utility received the syslog message Router Time - Timestamp of the router's current time when sending the syslog message Host - Identifies the device sending syslog messages Message - Syslog message data

Menu Options

DrayTek Syslog Menu Options

Menu Icon	Menu Item	Description
	Save Logs	Opens the Save Logs to a file window to configure and save the current log data or start saving logs to a file. See the Saving and Viewing Logs tab for more information.
	Saving Logs	The Save Logs (floppy disk) icon changes to this 'red-stop' icon when actively saving logs to a file (or files). Click this button to stop saving logs.
	Log Viewer	Opens the Log Viewer, to view saved DrayTek Syslog '.log' extension files. See the Saving and Viewing Logs tab for more information.
	Clear Logs	Clears the currently displayed Syslog messages.
	Save to Database	Opens the Database Record menu, to configure saving Syslog messages into a DrayTek Syslog Database '.mdb' file . See the Syslog Database tab for more information.
	Database Log Viewer	Opens the Database Searcher window, to search / query the contents of the selected DrayTek Syslog Database '.mdb' file within the selected time range. See the Syslog Database tab for more information.
	Tools & Miscellaneous	Opens the DrayTek Syslog Utility 'Misc' window, to configure the Syslog Utility's listening port and other settings. See the Configuring DrayTek Syslog Utility tab for more information.
	Syslog View Mode	Toggles the DrayTek Syslog Utility's view mode between the DrayTek specific Syslog view and the non-vendor specific Standard Syslog view.

Save & View Logs

Saving and Viewing Logs

The DrayTek Syslog utility displays logs for each category in the main window - up to 500 syslog messages are buffered in the DrayTek Syslog utility while the application is running. Once the buffer is full, new messages received will push older messages out of the buffer and be lost.

To save older logs, the DrayTek Syslog utility must be configured to save these messages to disk, which can save either the current message buffer, or continuously save messages to disk.

Saving Logs

In the Log Save menu, opened by clicking the , there are options to perform the following actions:

Save current log to a file	This will save the currently displayed content of the Syslog utility's logs to a file. This is recommended for short logs, because the utility will not save syslog entries that are no longer displayed in the utility.
Record log to a file in real time	This will save the log file as a single file for as long as the record time limit is set to. If No Record Time Limit is set, it will log until the utility is closed or the Stop button is pressed, the Stop button will appear in the utility when this log saving method is active.
Record log to multiple files	Starts saving syslog to multiple files depending on the Save to a file every (x) Hours setting, which will make a new log file every (x) hours. It will record for as long as the Record Time Limit is set to. If No Record Time Limit is set, it will log until the utility is closed or the Stop button is pressed, the Stop button will appear in the utility when this log saving method is active.
Auto Launch	When enabled, the DrayTek Syslog utility will start with the settings configured here each time the application is started.

Set the Log File name location manually or click the "..." box to the right of it to specify the location.

Click OK to start the logging. If the utility is set to Record log to a file in real time or Record log to multiple files, the utility will show a Stop button in place of the Save button icon.

Clicking the Stop button will cease saving logs to a file, until clicking the OK button in the Log Save window again, to restart log file recording.

Viewing Logs

The DrayTek Syslog utility's '.log' files are text files that can be read by any normal text viewer, however when opened using the Log Viewer , the DrayTek Syslog utility sorts these files into the categories and sub-categories that are displayed in the main DrayTek Syslog utility window.

Upon clicking the icon, the log viewer will ask for a .log or .csv file to load. Click the Import button to locate the log file in Windows and click OK to load it:

Once loaded, the DrayTek Syslog's Log Viewer breaks down the log file into the categories that are displayed when receiving logs in real-time. To search for specific text in these logs, enter the text to search for in the Keyword entry box and click Refresh:

Syslog DB

Syslog Database

The DrayTek Syslog utility supports saving one router's syslog messages into a DrayTek Syslog Database file with a '.mdb' extension. This is useful for long term logging or for auditing purposes.

Once Database recording is configured and enabled, the DrayTek Syslog utility will save syslog messages into the database whenever the application is running.

This can then be viewed and queried with the Database Viewer, as detailed in the Reading and Searching the Syslog Database section below.

Saving Syslogs to a Syslog Database

To configure saving syslogs to a database, click the Database icon .

That will open the Database Record window, with these options:

Router for Record/Statistics	Select the router IP that the DrayTek Syslog utility will record syslog messages from
Save the DataBase to	Select the location that the database files will be stored
Select log types to record	Tick the log types that the DrayTek Syslog utility will record into the database
Change the DataBase every x	DrayTek Syslog utility will create a new database record file at the specified time interval from enabling Database recording. This increments the filename when it creates a new database file
Prompt if space is below x	DrayTek Syslog utility will give a warning if the available disk space drops below the specified level
No Record Time Limit	If this is unticked, DrayTek Syslog utility will stop recording new entries to the database at the end of the specified countdown time period
Never clear DataBase	If this is unticked, the database will purge entries over x months old

Click OK and the DrayTek Syslog utility will create the DrayTek Syslog Database files in the specified location and record new syslog messages into this file.

Reading and Searching the Syslog Database

To view the contents of the DrayTek Syslog Database file, click the Database Log Viewer icon .

This will open the Database Searcher window, which has options to select the database file to read from. When a DrayTek Syslog Database '.mdb' file is selected, this will display the router's IP address and the start and end time period that the database has recorded logs for.

Initially, no messages will be displayed and the database must be searched to load messages. Specify the Start Time and End Time dates to the desired time period and click Search Database. This will then query the DrayTek Syslog Database to load the stored messages.

To search for specific information, enter the words to search for in the Keywords text box and click Search Database again to query the database for this data.

Configuring

Configuring DrayTek Syslog Utility

The DrayTek Syslog utility is configured from the Tools & Miscellanous menu, opened by clicking this icon .

This opens the Misc menu, which contains these tabs:

Tab	Description
Tool Setup	Used to configure the Syslog utility settings. See Configuring DrayTek Syslog utility below for more details
Telnet Read-out Setup	Configure the Syslog utility to periodically record the output of specified CLI commands via telnet . See Telnet Read-out Setup below for more details
Codepage Information	Specify the codepage information used by the IP Filter. The default setting is correct for any English language DrayTek router. This should only be changed if the router's [Firewall] > [General Setup] > [Default Rule] > [Advance Setting] Codepage value has been changed from its default ANSI(1252)-Latin I setting
Recover	For DrayTek Support technician usage, not otherwise used
Network Information	Select the network adapter that the Syslog utility will record messages from. See Select Listening Adapter below for more details
Net State	Displays the current network status information similar to the output of the Windows command prompt "netstat" command

Configuration

In the Tool Setup tab, the DrayTek Syslog utility settings are configured:

Syslog port	Specify the UDP port to listen for Syslog messages on the computer. The default value is "514" This might need to be changed if the Syslog listening port conflicts with another application listening on that port, or if the router has been configured to send to a different port.
Max messages stored	The maximum number of messages that stored in the DrayTek Syslog utility application's buffer before the oldest messages are dropped on a first-in, first-out basis. Configure the Syslog Database or Save Logs windows to save logs to a file to keep messages beyond this amount.
Relay Messages	Enabling this and entering IP addresses will forward any received syslog messages to the specified addresses and ports
Launch syslog on Windows startup	Enabling this will launch the application when a user logs into the computer. This does not automatically configure the application to save logs to a file, that must be configured from the Syslog Database (by enabling it) or Save Logs (by ticking "Auto-Launch") windows.

Click the OK button to save and apply the setting changes.

Telnet Read-out Setup

The Telnet Read-out facility has the DrayTek Syslog utility connect to the specified router via telnet and perform the specified commands, recording the output into the "Others" category in the utility. This is useful for periodic diagnostics or to periodically perform an action. The connection is made through an unencrypted telnet session and the results are sent through unencrypted syslog messages so it should only be set up to send data locally or through a VPN tunnel.

To configure this, tick the option in the upper left to enable it
Select the router from the Router for Record/Statistics list
Enter the Account & Router Password, select the time interval and click the Update button to store those credentials
Select telnet commands to have the router perform by selecting entries from the list on the left and click the >> to move them to the right list. Or add custom commands by entering them in the text box below and click Add, then add those into the list box on the right.
Click the OK button
Wait for the period specified and check the Others category in the utility to check for the telnet read-out results

Select Listening Adapter

The network adapter used by the DrayTek Syslog utility may use an adapter with no routers connected to it if your computer has many network adapters. Select the adapter to use from the NIC Description drop down box, this should list the routers connected to that adapter. Click OK to select the correct adapter for Syslog to use.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

: First Published: 08/11/2018; Last Updated: 22/04/2021

Share this link