Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. syslog-ng
    Log in to post
    • All categories
    • JonathanLeeJ

      UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy logging ssd snort squid syslog-ng
      10
      1 Votes
      10 Posts
      2k Views
      JonathanLeeJ

      @JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system:

      ln -s -F /nvme/LOGS_Optane/snort /var/log/snort

      Also you can do this with suricata.

      /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata
    • JonathanLeeJ

      Syslog-ng Status 10 mins

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages syslog-ng stats frequency custom object ap syslog
      3
      0 Votes
      3 Posts
      472 Views
      JonathanLeeJ

      @keyser thank you that fixed it

    • JonathanLeeJ

      Use of Syslog-ng Package to see Bridge Mode AP syslog events on firewall.

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages syslog-ng syslog access point nas logging
      2
      0 Votes
      2 Posts
      828 Views
      JonathanLeeJ

      I know what your thinking, Big deal, I got logs in pfSense,

      But here the issue is, most often you will be running your AP in bridge mode and having pfSense hand out the DHCP addresses, and if your in bridge mode not much info on whats connecting to the NAS internally behind the firewall is ever seen on the firewall logs. This gives you a level of visibility not normally seen within pfSense unless it is configured. Again if you can do it with one AP you can do it with an alias for many APs on a bigger network. This gives you more information into possibile mac spoofing and unauthorized access. If you use remote access and Dynamic DNS for your network, you can see the firewall logs and the AP logs as well.

    • T

      Logging extern syslog on Pfsense Syslog-ng.

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages syslog-ng
      2
      0 Votes
      2 Posts
      428 Views
      bmeeksB

      Depending on what interface your Cisco WAP is on, you may need to add the proper firewall rules on that interface in pfSense. The default rules for the LAN are usually "allow all in" on the interface, but other interfaces or VLANs you create would not have that same default. So you would need to explicitly allow the syslog-ng traffic.

      I've never used the syslog-ng package on pfSense, but there may also be some security settings within the package that you need to adjust in order to allow remote devices (your Cisco WAP, for example) to log to the service.

    • O

      syslog-ng not starting

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages syslog-ng packages
      4
      0 Votes
      4 Posts
      2k Views
      kiokomanK

      @oleg-blecher said in syslog-ng not starting:

      Undefined symbol "g_ptr_array_find_with_equal_func"

      if you have that error after the update it means that everything was not successful

      try from console

      pkg install --force glib-2.56.3_7,1

      or backup your config and do a clean install of 2.4.5 and restore

      that error it's due to a mismatch between lib and syslog-ng