Enabled remote syslog to greylog but no messages are received



  • I just setup a greylog VM to start a central log collection server.

    My esxi host got configured pretty easily and I can see the logs in greylog almost instantly. I went into my 2.3.3-RELEASE pfsense box Selected LAN interface (instead of binding to all) and selected my internal greylog host "172.16.0.114" with no port since UDP 514 is the default listening port.

    I have restarted the syslog service after resetting the configuration but I still can't manage to get the logs exported into greylog. Does anyone have experience or am I missing something? I already checked and the firewall rule is allowing TCP/UDP 514 but since I selected the same LAN interface as where greylog is hosted I did not think it was going to matter (does it?)

    Thanks for the help.

    [2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status
    syslogd is running as pid 13905.
    [2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd restart
    Stopping syslogd.
    Starting syslogd.
    [2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status
    syslogd is running as pid 74389.
    
    ```![remote-syslog-pfsense.PNG](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG)
    ![remote-syslog-pfsense.PNG_thumb](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG_thumb)

  • LAYER 8 Global Moderator

    simple sniff on your lan interface would tell you if being sent..


Log in to reply