ANNOUNCE: EVL4EZ Syslog Client

[C'est Moi]

Configuring EVL4's Syslog Client under Raspbian ("V10 Buster" Linux 4.19.97-V7+) using either a Chromium (V78) or Iceweasel (i.e. Firefox V68) browser proved to be problematic. The webpage presented by EVL4's embedded web-server was not rendered correctly in either browser and therefore it was not possible to update the requisite fields (i.e. Syslog server's IP address and the Facility ID) on the form and post them correctly to the EVL4.

However, on a different PC, attached to the same network subnet, but running Ubuntu 18.04.1 LTS ("Bionic Beaver") and a Chrome V80 browser, the EVL4's console webpage was displayed correctly and it was then possible to input, post and successfully update the requisite Syslog Server information.

After changing /etc/rsyslog.conf and restarting rsyslogd, as described at https://vexxhost.com/resources/tutorial ... 14-04-lts/, and rebooting the EVL4 hardware, ENVISALINK messages then magically appeared in /var/log/messages on the RPi 2B box, running Raspbian "Buster".

Here are the pertinent configuration file settings that I'm using for the syslog daemon and logrotate process, the latter to keep /var/log svelte with a minimum of old log clutter and with minimum grind on my RPi 2B machine.

/etc/rsyslogd.conf
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

/etc/logrotate.conf
# keep this many sets of backlogs
rotate 1
#truncate the original logfile after copying it
copytruncate
# decide whether you want old log files compressed or not
nocompress

NOTE: The EVL4 syslog client can be configured to log to Facility 16 (equates to "local0" ) through 23 (equates to "local7" ).
A rule in /etc/rsyslog.conf or 'equivalent' config file, (name and location depends on the OS, for example, Raspbian vs. Ubuntu)
can be used to route messages to a dedicated log file, to nicely separate out EVL4 messages, for example:

local0.* -/var/log/EVL4.log

[C'est Moi]

What is the structure of the CID (Contact IDs) in syslog messages? They do not seem to follow the Ademco CID field structure (Q EEE GG ZZZ) as documented in the Vista 20P Programming Guide (document K5305-1 PRV8 5/11 Rev. C) that I've got.

Please see an actual syslog (/var/log/messages) example (partially masked for security reasons), as written by an EVL4 (Firmware Version: 01.03.155A):

Feb 15 17:59:37 192.168.xxx.xxx ENVISALINK[Mac Address]: CID Event: 1131010080

Is this the sub-field structure?

1-131-01-0080 1 = New Message ? ; 131 = Alarm Perimeter ? ; partition 01 ? ; zone number 008 ? ; spurious digit ?

[GrandWizard]

Yes that is correct.

[vinistois]

what I did to get around the local subnet limitation is fire up a vm in the same subnet as the evl-4

I used centos8 minimal. rsyslog is installed by default. Uncomment the lines to in /etc/rsyslog.conf to enable upd on 514.

Then I forward to papertrail where more actions, including notifications to all kinds of web platforms, webhooks, etc.

Another option would be a node-red instance, there is a syslog listener module in node-red where you could configure your own actions.

[digid]

Has the subnet issue ever been fixed? I have my security system and home automation on a separate subnet/vnet than my syslog server. I would upgrade to a v4 board just for this feature if its been fixed.

[pounder]

Is the format used for the messages documented anywhere ?
Sure I could look at the data but its hard to get every case like various types of trouble to be generated.

[C'cest Moi]

Is the format used for the messages documented anywhere ?
Sure I could look at the data but its hard to get every case like various types of trouble to be generated.

SIA DC-05-1999.09 documents CID codes.
For example, the CID codes in Envisalink-4's syslog records look like this:
mmm dd hh:mm:ss xxx.xxx.xxx.xxx ENVISALINK[Mac Address]: CID Event: 1131010080

(xxx.xxx.xxx.xxx = V4 IP address)

Explanation:
1-131-01-008-0 1 = New Message ; 131 = Alarm Perimeter ; 01 = Partition ; 008 = Zone number ; 0 = unused check digit