PfSense Log Server
Anyone know if is possible have on the same box pfsense acting as a FW, and as a Log Server?
I was thinking about doing the same thing as my pfSense box would be running if any of my machines were running and it has lots of spare resources.
AFAIK it is quite possible and I think fairly easy. I haven't figured out exactly how yet, but I was looking at the docs and it looked like all that is needed is a few tweaks to the syslog config file
Maybe one of the experienced people can also comment on if there are any security implications (security hole?) or other good reason not to use the box as a log server (in a home environment). The only downside that I can think of is that if someone compromises the firewall box, they can wipe or edit the logs and hide their tracks.
I have a a small low power J1900 box with a 120GB SSD that is performing firewall and routing for a small home network.
If the network is up at all, then this machine will be running, even if I'm away and many of the other machines in the network are powered off.
I'm wondering what is the feasibility of adding a log server to the pfSense box?
Any disadvantage in doing this?
The Syslog-ng package maybe.
System -> Package Manager -> Available Packages
Yeah, syslog-ng is definitely the way to go here if you really want such things.
Any real downside to doing this as long as the pfSense box has enough resources?