Kiwi SysLog and PfSense
-
Hey does anyone have any idea how to clean up these pfSense logs either from the GUI or with Kiwi? I'm sending my logs to PaperTrail and as you can imagine they are full of unreadable junk. It doesnt help that the firewall logs do not contain a DNS name but rather the IP address (unlike what you are provided with pfblocker). Any guidance is appreciated.
example output:
-
Log Message Format is an option implemented in pfsense 2.5.0-devel where you can chose between rfc 3164 and rfc 5424
the default for pfsense 2.4.5-p1 is rfc 3164
what i understand is that
kiwi need rfc 5424 -
@kiokoman Thank you for the reply. I will try and use a log parser before sending them to papertrail then (until we have a native way to do it). I think it may be worth my time to setup a cron job to ftp the pfblocker-ng logs rather than the system logs. I need to look at those logs to see if they containt the DNS name.