System logs, I need more everything

Cylosoft

I'm new to pfSense. Not new to firewalls. I've setup a 2100, 6100, and 7100 now. It's gone really well so far. Really happy with everything but System Logs. There should be some better email alerting based on logs and more history.

I've read through old posts on it and I get the have firewalls do firewall things. I've setup Graylog to offload some of this. But what I'm running into is techs need to be able to login and do some basic troubleshooting on the firewall while onsite. They need like a weeks worth of logs quick and easy and right there on the firewall. We have plenty of storage and plenty of CPU to do searches deeper into the logs.

Also the log display. Because of having to use Graylog I'm using syslog format. The webUI should show the date/time the same as BSD. No reason to show all that microsecond accuracy in the webUI.

I assume there is some way to SSH in and change a config file to allow me to search through more history? Can someone give me an SSH for pfSense newbies on step by step to change?

keyser

@cylosoft I agree, the systemlogs is a great potential area for a new package for pfSense. Obviously having some real log analytics and trend history with filtering capabilities straight out of the Firewall would be nice, but I understand that larger installs would not need that - hence an add-on package that you could elect to use - in case a graylog/splunk whatever install is not an option to you.

If only I was a developer and knew how to code…..:-)