From 9c9d252a060e580656adb819d03670f5224548d9 Mon Sep 17 00:00:00 2001 From: Tommaso Bailetti Date: Tue, 30 Jun 2026 09:49:49 +0200 Subject: [PATCH] docs: added documentation on how to enable receiving logs from remote --- logs.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/logs.rst b/logs.rst index 20d601db..61761162 100644 --- a/logs.rst +++ b/logs.rst @@ -152,6 +152,26 @@ To stop and disable the forwarder: :: /etc/init.d/ns-clm stop && /etc/init.d/ns-clm disable +Receiving logs from remote devices +=================================== + +NethSecurity runs an rsyslog input that can receive log messages from other devices over the network. +The UDP input is enabled by default on port 514, while the TCP input is disabled. + +For security reasons, both inputs are bound to the loopback interface (``127.0.0.1``) by default, so the service +does not accept logs from remote devices unless explicitly configured. The bind address is controlled by the +``udp_input_address`` and ``tcp_input_address`` options of the ``syslog`` configuration. + +To receive logs from remote devices, set the input to listen on all interfaces (``0.0.0.0``) or on a specific +local IP address. Example for the UDP input on port 514: :: + + uci set rsyslog.syslog.udp_input_address=0.0.0.0 + uci commit rsyslog + /etc/init.d/rsyslog restart + +The same applies to the TCP input using the ``tcp_input_address`` option. Access to this service must be +handled at firewall level, by adding the appropriate rules to allow inbound traffic on the chosen port. + .. _log-rotation-section: