Where does the node red log go to

khfischbach · 2 October 2023 13:42

I have managed to install node red on a ubuntu server and start it via systemd.

Where does the log go to and how can I set the file the log shall go to.
In specific I am looking for all logs on access attempts.

Colin · 2 October 2023 14:14

Assuming that you installed using the recommended method for ubuntu, by default it goes to syslog and to the journal, accessible using journaltcl, which is used by node-red-log.
To send it elsewhere I think you should be able to redirect stdout and stderr to a file in the systemd script.

khfischbach · 2 October 2023 14:18

yes, I installed according to the docu.

I have found some systemd start file at /lib/systemd/system/nodered.service

To be honest, I expected it somewhere under /etc/systemd/

I will check how to reroute stdout since I am not very much familiar with the syntax on systemd start-files.

Thanks for the hint!

Colin · 2 October 2023 14:27

To find where the script is you can run
sudo systemctl status nodered
The output includes where the script is.
I think you should just be able to add to the end of the ExecStart command in the script
>> full/path/to/outfile 2>&1
After editting the file you have to run
sudo systemctl daemon-reload
Then restart node-red using
node-red-stop
node-red-start
or
node-red-reload
I haven't tried redirecting the output, let us know if it works

Colin · 2 October 2023 14:36

No, that doesn't appear to work.

This is probably the right route.
https://nodered.org/docs/user-guide/runtime/logging

TotallyInformation · 2 October 2023 14:39

To view the logs, use journalctl, see the docs for systemd for details.

By default, I believe that the journals are not persisted to disk but you can change that.

My custom startup is called nrmain so to see and follow the log, this works:

sudo journalctl -u nrmain -f -n 500  -o cat --no-hostname

Colin · 2 October 2023 14:45

This does work to redirect to a file if journalctl does not do what you want, add to the systemd script, after the ExecStart line

StandardOutput=append:/full/path/to/file.log
StandardError=append:/full/path/to/file.log

Colin · 2 October 2023 14:50

To use journalctl with the standard install use -u nodered

khfischbach · 2 October 2023 14:52

If I am not wrong, journalctl catches entries of syslog. And with param -u nrmain you filter on one specific service.

Since NR logs to syslog already (I checked that) with service "Node-RED", I could filter syslog by this.

I think I will use syslog-ng to filter syslog and copy the lines to a separate file.

Beside this:
I have seen in syslog, that successfull logins are logged including the ip-address of origin.
Unfortunately not successfull login attempts don't contain the ip-address of origin.

My idea was to use fail2ban to check the logfile on unauthorized login attempts and ban the ip-address. Since the ip-address is not present in the log entry, I assume this aproach will fail.

I could do it with ufw, but as far as I know, allowed ip-addresses have to be set as ip-address, not as DNS-entry. Since I work with dyndns, fail2ban was the idea to use, since fail2ban uses dns-lookups and can allow access based on dns-names.

Bad luck for me! Will see what I can find out!

jbudd · 2 October 2023 14:54

Assumes systemd > v240
On my Raspberry Pi I have v241.
systemctl --version

khfischbach · 2 October 2023 14:55

systemd 249 (249.11-0ubuntu3.10)

khfischbach · 2 October 2023 14:59

I confirm, this works for me!!!

Now I have the log-entries in a separate file. Will see how I can process it with fail2ban.

Thanks for help!

TotallyInformation · 2 October 2023 17:08

Might just be my setup but this is not the case on my server. Yes, the -u nrmain filters the systemd journal output to that single service. But in my case, the log does not go to syslog. I think that might be different with Dave's install script. I don't ever need to keep more than 24hrs worth of logs anyway so I've never bothered to change it. The whole of Node-RED is insanely stable anyway

From an online question:

ForwardToSyslog= is documented in man journald.conf . It doesn't redirect logs to syslog , it copies the files there.

So if you don't have that in your Node-RED systemd startup script, the journal is not copied to syslog and not persisted to disk.

Personally, I would not do that with Node-RED itself since default installs of Node-RED are not very secure. I would use a reverse proxy to do logins and to record failures. With the added advantage that using fail2ban with a proxy (e.g. NGINX or whatever) is probably a standard config anyway.

If you use a proxy on the same device as Node-RED, you can ensure that there is NO access to Node-RED itself from outside the device. If the proxy is on a different device, you can limit Node-RED to only local and that 1 server. Either way, it is already more secure. Of course, you need HTTPS as well but that can be also delivered by the proxy.

Colin · 2 October 2023 19:54

It must be a bit more subtle than that, as the standard nodered.service does not have that line. It seems that on Ubuntu 22.04 that is the default systemwide setting, at least according to /etc/systemd/journald.conf which says that ForwardToSyslog default is yes.

I agree that @khfischbach would be better to do what he is trying to achieve by using a reverse proxy.

TotallyInformation · 2 October 2023 21:17

OK, I use Debian so probably different.

khfischbach · 3 October 2023 07:48

fail2ban would be sufficient, if node red would log the ip-address of a non-successfull login attempt. But it does not. I already have placed a feature request which was answered that this is already in the backlog.

In the meantime I would need to implement a proxy like nginx, which will log the ip-address of login attempts (I already have such implementations on a local server). Then I can catch this with fail2ban to block it.

I wanted to go the easy way - but - I will start implementing it.

khfischbach · 3 October 2023 08:35

what is the root for the nginx setup?

root /var/www/html; ???

gregorius · 3 October 2023 08:35

If you want to log unsuccesful logins, won't that be a matter of adding a console.log somewhere in the settings.js:

    settings.adminAuth = {
      type: "credentials",
      users: function(username) {
        if (process.env.NODE_RED_USERNAME == username) {
          return when.resolve({username:username,permissions:"*"});
        } else {
/*** console.log ... ***/
          return when.resolve(null);
        }
      },
      authenticate: function(username, password) {
        if (process.env.NODE_RED_USERNAME == username &&
            process.env.NODE_RED_PASSWORD == password) {
          return when.resolve({username:username,permissions:"*"});
        } else {
/*** console.log unsuccessful login attempt -- hm, how to get at the ip? ***/
          return when.resolve(null);
        }
      }

sorry if this isn't relevant for your setup, it would be for mine!

khfischbach · 3 October 2023 08:46

thanks for that example. I will keep it in mind.

Anyhow. Node Red already logs the non-successfull login attempts. But the ip-address where it comes from is missing.
And if I understand your example right, it wouldn't bring the ip-address either - not sure - as I am not a very best programmer.

TotallyInformation · 3 October 2023 10:25

Stick with using NGINX, plenty of examples for configuration of logins on the Internet.

Topic		Replies	Views
Where is the node-red log (running from command line on ubuntu) General security	3	409	4 January 2023
Where I can get the debug logs of node-red? General	15	18457	17 February 2021
Syslog server using syslog-ng General	3	342	26 June 2020
Console and debug nodes output redirection to file or General	11	17054	19 January 2020
Can"t find the node-red logs General	7	4580	16 August 2019

Where does the node red log go to

Related Topics