Enabled remote syslog to greylog but no messages are received

Gio

I just setup a greylog VM to start a central log collection server.

My esxi host got configured pretty easily and I can see the logs in greylog almost instantly. I went into my 2.3.3-RELEASE pfsense box Selected LAN interface (instead of binding to all) and selected my internal greylog host "172.16.0.114" with no port since UDP 514 is the default listening port.

I have restarted the syslog service after resetting the configuration but I still can't manage to get the logs exported into greylog. Does anyone have experience or am I missing something? I already checked and the firewall rule is allowing TCP/UDP 514 but since I selected the same LAN interface as where greylog is hosted I did not think it was going to matter (does it?)

Thanks for the help.

[2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status
syslogd is running as pid 13905.
[2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd restart
Stopping syslogd.
Starting syslogd.
[2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status
syslogd is running as pid 74389.

```![remote-syslog-pfsense.PNG](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG)
![remote-syslog-pfsense.PNG_thumb](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG_thumb)

johnpoz

simple sniff on your lan interface would tell you if being sent..