PfSense as log server

MeatPuppet

Hello

I recenlty installed pfSense on my Watchguard Firebox, and have been playing around with it a little, a real nice firewall - truning from meh to awesome in one simple install!

Anywho, my question here is; when I installed pfSense I used a 60GB disk, in the hopes that all my other devices and systems
could log to the pfSense box. Are there any way of doing this.
I am here mainly thinking of conviniently viewing the logs, not just opening pfSense's syslog server to the network?

Best Regards,
MeatPuppet

AudiAddict

I use Kiwi Syslog on a external pc and I let pfsense send all the traffic logs directly to this kiwi program.

Kiwi filters it for me and even has triggers for things like " block" or " error " etc.

Also I filter on each host/ip, so I have a folder + txt log for each machine in my network.

Works like a charm!! I did purchase kiwi for it's filter+action features.. but it's worth the cash!!

MeatPuppet

Sounds exactly like what I'm looking for.

Would Kiwi be able to run on the pfSense box?

Best Regards,
MeatPuppet

GruensFroeschli

AudiAddict is running the Syslog on an external PC.

Basically you can install on pfSense anything you could on a normal FreeBSD system.
You just have to do it yourself.

This is not supported.
You should not run anything besides the needed services on a security-critical system like a firewall.

If you still want to know how to do it you should learn how to install something on a FreeBSD system.
The FreeBSD handbook is a good place to start:
http://www.freebsd.org/doc/en/books/handbook/

MeatPuppet

Ok, I was just hoping I could utilize the log monitoring gui provided by pfSense,
and justify the use of a 60GB disk for the os.

I am familar with the best practices of firewall usage, but the way I have implemented the Watchguard/pfSense is a special condition in this case;
the servers/systems I want to log to it is all running on their own dedicated VLAN (VLAN 1, as proper cisco practices).
None of the devices are accessible outside the VLAN, and the only thing the VLAN is used for is just that, reading logs, and accessing device configuration,
I simply wanted to make this a little easier, as well as centralizing my logs; and figured the pfSense box would be as good and secure device for this, as any.

Best Regards,
MeatPuppet

cybrsrfr

I wrote a simple Syslog server in PHP it could likely be made into a package. If someone would like to sponsor it with a bounty then I may consider making it into a pfSense package.