Page 3 of 3

Re: ANNOUNCE: EVL4EZ Syslog Client | RPi Raspbian Considerations

Posted: Sun Feb 16, 2020 12:15 am
by C'est Moi
Configuring EVL4's Syslog Client under Raspbian ("V10 Buster" Linux 4.19.97-V7+) using either a Chromium (V78) or Iceweasel (i.e. Firefox V68) browser proved to be problematic. The webpage presented by EVL4's embedded web-server was not rendered correctly in either browser and therefore it was not possible to update the requisite fields (i.e. Syslog server's IP address and the Facility ID) on the form and post them correctly to the EVL4.

However, on a different PC, attached to the same network subnet, but running Ubuntu 18.04.1 LTS ("Bionic Beaver") and a Chrome V80 browser, the EVL4's console webpage was displayed correctly and it was then possible to input, post and successfully update the requisite Syslog Server information.

After changing /etc/rsyslog.conf and restarting rsyslogd, as described at https://vexxhost.com/resources/tutorial ... 14-04-lts/, and rebooting the EVL4 hardware, ENVISALINK messages then magically appeared in /var/log/messages on the RPi 2B box, running Raspbian "Buster".

Here are the pertinent configuration file settings that I'm using for the syslog daemon and logrotate process, the latter to keep /var/log svelte with a minimum of old log clutter and with minimum grind on my RPi 2B machine.

/etc/rsyslogd.conf
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

/etc/logrotate.conf
# keep this many sets of backlogs
rotate 1
#truncate the original logfile after copying it
copytruncate
# decide whether you want old log files compressed or not
nocompress

NOTE: The EVL4 syslog client can be configured to log to Facility 16 (equates to "local0" ) through 23 (equates to "local7" ).
A rule in /etc/rsyslog.conf or 'equivalent' config file, (name and location depends on the OS, for example, Raspbian vs. Ubuntu)
can be used to route messages to a dedicated log file, to nicely separate out EVL4 messages, for example:

local0.* -/var/log/EVL4.log

Re: ANNOUNCE: EVL4EZ Syslog Client | CID Structure ?

Posted: Sun Feb 16, 2020 2:00 pm
by C'est Moi
What is the structure of the CID (Contact IDs) in syslog messages? They do not seem to follow the Ademco CID field structure (Q EEE GG ZZZ) as documented in the Vista 20P Programming Guide (document K5305-1 PRV8 5/11 Rev. C) that I've got.

Please see an actual syslog (/var/log/messages) example (partially masked for security reasons), as written by an EVL4 (Firmware Version: 01.03.155A):

Feb 15 17:59:37 192.168.xxx.xxx ENVISALINK[Mac Address]: CID Event: 1131010080

Is this the sub-field structure?

1-131-01-0080 1 = New Message ? ; 131 = Alarm Perimeter ? ; partition 01 ? ; zone number 008 ? ; spurious digit ?

Re: ANNOUNCE: EVL4EZ Syslog Client

Posted: Mon Feb 17, 2020 1:45 pm
by GrandWizard
Yes that is correct.

Re: ANNOUNCE: EVL4EZ Syslog Client

Posted: Sun Apr 26, 2020 5:27 pm
by vinistois
what I did to get around the local subnet limitation is fire up a vm in the same subnet as the evl-4

I used centos8 minimal. rsyslog is installed by default. Uncomment the lines to in /etc/rsyslog.conf to enable upd on 514.

Then I forward to papertrail where more actions, including notifications to all kinds of web platforms, webhooks, etc.

Another option would be a node-red instance, there is a syslog listener module in node-red where you could configure your own actions.

Re: ANNOUNCE: EVL4EZ Syslog Client

Posted: Sun Oct 25, 2020 3:14 pm
by digid
Has the subnet issue ever been fixed? I have my security system and home automation on a separate subnet/vnet than my syslog server. I would upgrade to a v4 board just for this feature if its been fixed.

Re: ANNOUNCE: EVL4EZ Syslog Client

Posted: Mon Jul 18, 2022 4:26 pm
by pounder
Is the format used for the messages documented anywhere ?
Sure I could look at the data but its hard to get every case like various types of trouble to be generated.

Re: ANNOUNCE: EVL4EZ Syslog Client

Posted: Fri Oct 28, 2022 12:01 pm
by C'cest Moi
pounder wrote: Mon Jul 18, 2022 4:26 pm Is the format used for the messages documented anywhere ?
Sure I could look at the data but its hard to get every case like various types of trouble to be generated.
SIA DC-05-1999.09 documents CID codes.
For example, the CID codes in Envisalink-4's syslog records look like this:
mmm dd hh:mm:ss xxx.xxx.xxx.xxx ENVISALINK[Mac Address]: CID Event: 1131010080

(xxx.xxx.xxx.xxx = V4 IP address)

Explanation:
1-131-01-008-0 1 = New Message ; 131 = Alarm Perimeter ; 01 = Partition ; 008 = Zone number ; 0 = unused check digit