Fae wrote

Thank you for posting the problem o the TP-Link Community.

 

In fact, the syslog is sent by devices instead of by the Controller, Controller only manage the devices.

 

To address the issue, could you please provide the model number, hardware and firmware version of your Omada devices?

Would all of those devices have the same issue with the Telegraf?

@Fae I had not realized the logs come directly from each AP/switches.

Our lab are currently testing with 2 x EAP660HD both running "1.1.0 Build 20211223 Rel. 63013" (beta for mesh if I recall properly).

I can't answer if all devices have the same issue since our lab is 2 of the same model.  If the "latest" AP/switches use the same "code base" for the logging, then it's 1 change to do for all AP/switches.

I can understand why Tp-Link remote syslog doesn't follow RFCs, it was and is likely still today a low priority.  We're now in 2022, hackers are active like never.  Corporations (prosumers) around the world have started to install "AI security systems" products that take actions based on the collected logs.  Often the action to take is to block an IP/device to enter the network.

In our new lab, the only missing block that we have now is the logging from Tp-Link equipments.  If the equipment doesn't send "valuable informations", it's also possible the logging will be completely/partially useless.  We noticed Omada Controller has a lot of information for each connected devices, somone has to wonder .. why not add an option as well in the controller to send its logging to a remote server?

We also noticed Omada documentation http://omada-sdn.docs.tplinkusa.com/en/latest/onboarding/omada_api.html as a reference to this project https://github.com/ghaberek/omada-api -  the project isn't sponsored/maintained by TpLink but by a 3rd party.  It would require more work for us and since it's not a Tp-Link project, we don't want to go in that direction.

What we hope is your dev team to commit to make the required changes.  My 2 cents... since Omada Controller already gather tons of informations, it seems Tp-Link should focus to add a "remote logging" option directly within the controller.  Basically, the controller would have 2 "remote logging" options.

1) keep the current "device logging", e.g. each device sends its log to a remote server

2) Omada Controller new "remote logging", e.g. the controller sends its logs to a remote server (keep a local copy as well).  The end-user should also be able to control the minimum severity level (debug, info, error, etc).

We still have ~3-6 months ahead of us before we take the final decision.  Again, this is low priority.  Hoping you come back within next 2 weeks with some news from the dev team on how they plan to proceed in the near? future.

// Thank you.