Firewall logs not appearing on remote syslog server *solved*
-
I'm currently evaluating pfsense for use at a MSP as a virtual firewall solution for our VM clusters. Hence I'm trying to make it break :-)
I've set up a pfsense vm to log to our central syslog server but I am unable to receive any actual logs from the firewall filter rules. I see nginx GUI logs just fine but if I disable "Everything" from Remote Syslog Contents and only tick Firewall Events i see nothing at all.
I've selected to log pretty much everything from the firewall - default block rules, default pass rules, bogon and private. All rules i've created are also selected to log.
Am I missing something obvious?
the fw is running 2.4.0.r.20170906.1710
Thanks
-
Turns out it was working! /u/thats_not_howyoudoit[ ran a similar setup (graylog) and tipped me off as to how pfsense prints its logs
https://www.reddit.com/r/PFSENSE/comments/6zdxzh/firewall_logs_not_appearing_on_remote_syslog/dmuq5he/