ok i've setup pfsense to send the logs, i've installed syslog-ng on this linux machine, i'm just not sure how to set it up. This is what i've made the syslog-ng.conf

# # Configuration file for syslog-ng under Debian # # attempts at reproducing default syslog behavior # the standard syslog levels are (in descending order of priority): # emerg alert crit err warning notice info debug # the aliases "error", "panic", and "warn" are deprecated # the "none" priority found in the original syslogd configuration is # only used in internal messages created by syslogd ###### # options options { long_hostnames(off); sync(0); }; src info_src { udp(514); }; destination info_dst { file(”/var/log/hosts/$HOST.log”); }; filter info_filter { level(info); }; log { source(info_src); filter(info_filter); destination(info_dst); }; options {         # disable the chained hostname format in logs         # (default is enabled)         chain_hostnames(0);         # the time to wait before a died connection is re-established         # (default is 60)         time_reopen(10);         # the time to wait before an idle destination file is closed         # (default is 60)         time_reap(360);         # the number of lines buffered before written to file         # you might want to increase this if your disk isn't catching with         # all the log messages you get or if you want less disk activity         # (say on a laptop)         # (default is 0)         #sync(0);         # the number of lines fitting in the output queue         log_fifo_size(2048);         # enable or disable directory creation for destination files         create_dirs(yes);         # default owner, group, and permissions for log files         # (defaults are 0, 0, 0600)         #owner(root);         group(adm);         perm(0640);         # default owner, group, and permissions for created directories         # (defaults are 0, 0, 0700)         #dir_owner(root);         #dir_group(root);         dir_perm(0755);         # enable or disable DNS usage         # syslog-ng blocks on DNS queries, so enabling DNS may lead to         # a Denial of Service attack         # (default is yes)         use_dns(no);         # maximum length of message in bytes         # this is only limited by the program listening on the /dev/log Unix         # socket, glibc can handle arbitrary length log messages, but -- for         # example -- syslogd accepts only 1024 bytes         # (default is 2048)         #log_msg_size(2048); #Disable statistic log messages. stats_freq(0); }; ###### # sources # all known message sources source s_all {         # message generated by Syslog-NG         internal();         # standard Linux log source (this is the default place for the syslog()         # function to send logs to)         unix-stream("/dev/log");         # messages from the kernel         file("/proc/kmsg" log_prefix("kernel: "));         # use the following line if you want to receive remote UDP logging messages         # (this is equivalent to the "-r" syslogd flag)         # udp(); }; ###### # destinations # some standard log files destination df_auth { file("/var/log/auth.log"); }; destination df_syslog { file("/var/log/syslog"); }; destination df_cron { file("/var/log/cron.log"); }; destination df_daemon { file("/var/log/daemon.log"); }; destination df_kern { file("/var/log/kern.log"); }; destination df_lpr { file("/var/log/lpr.log"); }; destination df_mail { file("/var/log/mail.log"); }; destination df_user { file("/var/log/user.log"); }; destination df_uucp { file("/var/log/uucp.log"); }; # these files are meant for the mail system log files # and provide re-usable destinations for {mail,cron,...}.info, # {mail,cron,...}.notice, etc. destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; # these files are meant for the news system, and are kept separated # because they should be owned by "news" instead of "root" destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; # some more classical and useful files found in standard syslog configurations destination df_debug { file("/var/log/debug"); }; destination df_messages { file("/var/log/messages"); }; # pipes # a console to view log messages under X destination dp_xconsole { pipe("/dev/xconsole"); }; # consoles # this will send messages to everyone logged in destination du_all { usertty("*"); }; ###### # filters # all messages from the auth and authpriv facilities filter f_auth { facility(auth, authpriv); }; # all messages except from the auth and authpriv facilities filter f_syslog { not facility(auth, authpriv); }; # respectively: messages from the cron, daemon, kern, lpr, mail, news, user, # and uucp facilities filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; # some filters to select messages of priority greater or equal to info, warn, # and err # (equivalents of syslogd's *.info, *.warn, and *.err) filter f_at_least_info { level(info..emerg); }; filter f_at_least_notice { level(notice..emerg); }; filter f_at_least_warn { level(warn..emerg); }; filter f_at_least_err { level(err..emerg); }; filter f_at_least_crit { level(crit..emerg); }; # all messages of priority debug not coming from the auth, authpriv, news, and # mail facilities filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; # all messages of info, notice, or warn priority not coming form the auth, # authpriv, cron, daemon, mail, and news facilities filter f_messages {         level(info,notice,warn)             and not facility(auth,authpriv,cron,daemon,mail,news); }; # messages with priority emerg filter f_emerg { level(emerg); }; # complex filter for messages usually sent to the xconsole filter f_xconsole {     facility(daemon,mail)         or level(debug,info,notice,warn)         or (facility(news)                 and level(crit,err,notice)); }; ###### # logs # order matters if you use "flags(final);" to mark the end of processing in a # "log" statement # these rules provide the same behavior as the commented original syslogd rules # auth,authpriv.*                /var/log/auth.log log {         source(s_all);         filter(f_auth);         destination(df_auth); }; # *.*;auth,authpriv.none          -/var/log/syslog log {         source(s_all);         filter(f_syslog);         destination(df_syslog); }; # this is commented out in the default syslog.conf # cron.*                        /var/log/cron.log #log { #        source(s_all); #        filter(f_cron); #        destination(df_cron); #}; # daemon.*                        -/var/log/daemon.log log {         source(s_all);         filter(f_daemon);         destination(df_daemon); }; # kern.*                          -/var/log/kern.log log {         source(s_all);         filter(f_kern);         destination(df_kern); }; # lpr.*                          -/var/log/lpr.log log {         source(s_all);         filter(f_lpr);         destination(df_lpr); }; # mail.*                          -/var/log/mail.log log {         source(s_all);         filter(f_mail);         destination(df_mail); }; # user.*                          -/var/log/user.log log {         source(s_all);         filter(f_user);         destination(df_user); }; # uucp.*                          /var/log/uucp.log log {         source(s_all);         filter(f_uucp);         destination(df_uucp); }; # mail.info                      -/var/log/mail.info log {         source(s_all);         filter(f_mail);         filter(f_at_least_info);         destination(df_facility_dot_info); }; # mail.warn                      -/var/log/mail.warn log {         source(s_all);         filter(f_mail);         filter(f_at_least_warn);         destination(df_facility_dot_warn); }; # mail.err                        /var/log/mail.err log {         source(s_all);         filter(f_mail);         filter(f_at_least_err);         destination(df_facility_dot_err); }; # news.crit                      /var/log/news/news.crit log {         source(s_all);         filter(f_news);         filter(f_at_least_crit);         destination(df_news_dot_crit); }; # news.err                        /var/log/news/news.err log {         source(s_all);         filter(f_news);         filter(f_at_least_err);         destination(df_news_dot_err); }; # news.notice                    /var/log/news/news.notice log {         source(s_all);         filter(f_news);         filter(f_at_least_notice);         destination(df_news_dot_notice); }; # *.=debug;\ #        auth,authpriv.none;\ #        news.none;mail.none    -/var/log/debug log {         source(s_all);         filter(f_debug);         destination(df_debug); }; # *.=info;*.=notice;*.=warn;\ #        auth,authpriv.none;\ #        cron,daemon.none;\ #        mail,news.none          -/var/log/messages log {         source(s_all);         filter(f_messages);         destination(df_messages); }; # *.emerg                        * log {         source(s_all);         filter(f_emerg);         destination(du_all); }; # daemon.*;mail.*;\ #        news.crit;news.err;news.notice;\ #        *.=debug;*.=info;\ #        *.=notice;*.=warn      |/dev/xconsole log {         source(s_all);         filter(f_xconsole);         destination(dp_xconsole); };

the problem is when i run it i get this

syslog-ng -f /etc/syslog-ng/syslog-ng.conf
syntax error at 17

where this is line 17:

src info_src { udp(514); };

You need to make sure you created the appropriate Virtual IPs. Also you will need Firewall rules to allow the traffic.

thanks for your suggestion Aldo

finally i've put this in a script called pppoesrvrestart :

killall -15 mpd && sleep 2 && /usr/local/sbin/mpd -b -d /var/etc/mpd-vpn -p /var/run/mpd-vpn.pid pppoe

and then added that in config.xml :

<minute>0</minute> <hour>0</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command></command>/etc/pppoesrvrestart

and pppoe server is restarting everyday at midnight

thanks all for your help

if you enable the cli in the pppoe-server startup script with  -a 127.0.0.1
you can access it and disconnect a pppoe session

i also ammended the pppoe load to add the /usr/local/bin/vpn-up and vpn-down to allow loggin of logged in and logged out clients on the ptpp logging tab like so.

set iface up-script /usr/local/sbin/vpn-linkup
        set iface down-script /usr/local/sbin/vpn-linkdown

adding radius acct-update is as simple as adding a line to vpn.inc like so

set radius acct-update 180

you will find the relevent area near the bottom of vpn.inc

Ok i installed pfsense on vmware
And lucky enough, it got all the options i need.

Hopefully it will run on the DELL

Great Software guys, will get my boss to do a little Donation if everything works fine

@fouinix:

@hoba:

It's the same software but it already is available as pfSense package if you go to system>packages in the webgui (unless you run the embedded version of pfSense).

Does it work with multiple LAN interface (LAN OPT1 …) ?

Not right now. There is a known bug with Bandwidthd using multiple interfaces.

Checking for Biosupdates sometimes helps with compatibility in edgecases too.

If you have modem/routers you can set up the other IP for a /29. Where are you wanting to place your servers?

No problem.  Hopefully someone will find it next time they have the same question.

No, this is not possible. You only can sync settings between CARP-Members.

Thanks for your reply!

I'll have a look into that program, thanks  :)

Best regards,

Chris

Whoops! Good reason not for me to be trying to find solutions to my problems late at night ;D

None of the packages like snort will be included on the livecd. This has been discussed before.

Well, those are fresh installs. What else could there be to configure besides setting WAN to PPPoE and putting in username and password? The logs are quoted from system log. Are there any more detailed logs? BTW, a test install of IPCop works well on the same line (but not at the same time of course).

I used the shell but couldn't find the config files for mpd. Also a tail -f on the logs gives me garbage. Not familiar with BSD, so what would be a way to watch them?

Quite some question. Thanks for answers.

@hchady:

does pfsense runs any STP protocol ?
comcast is not compatible with STP

Only on bridges.