Syslog-ng forwarding via TCP not working?
-
Hi all,
I'm trying to use the syslog-ng package to forward syslog logs from my pfSense to a Logstash syslog input. Unfortunately I'm limited to using TCP, so can't use pfSense built-in syslog forwarding.
The syslog-ng package has been installed and configured to receive events on LAN port 5140, and I have configured pfSense system logs to forward to that port via UDP. So far so good, I see the messages in the syslog-ng "Log Viewer" screen.
I thought all I needed to do now was add a new object in "Advanced" of type "Destination":
{ network( "192.168.4.52" port(9514) transport(tcp) ); };No syntax errors etc when saving, but I don't see anything being sent to the other server. I performed a quick telnet test to the Logstash server IP:port from the pfSense console and it does connect (and I actually see my connection in Logstash logs too).
Any thoughts on what I'm missing?
Thanks!
-
Hi Mojimba,
If still interested or someone else needs it, I just solved it like this.
You have to create 2 objects:
Object Name _FORWARD
Object Type Destination
Object Parameters { udp("192.168.1.1" port(514)); };Object Name _FORWARD
Object Type Log
Object Parameters { source(_DEFAULT); destination(_FORWARD); }; -
@flink4 - thanks! I've hacked something else in place for the time being, but will try this out when I find the time!