Enabled remote syslog to greylog but no messages are received
-
I just setup a greylog VM to start a central log collection server.
My esxi host got configured pretty easily and I can see the logs in greylog almost instantly. I went into my 2.3.3-RELEASE pfsense box Selected LAN interface (instead of binding to all) and selected my internal greylog host "172.16.0.114" with no port since UDP 514 is the default listening port.
I have restarted the syslog service after resetting the configuration but I still can't manage to get the logs exported into greylog. Does anyone have experience or am I missing something? I already checked and the firewall rule is allowing TCP/UDP 514 but since I selected the same LAN interface as where greylog is hosted I did not think it was going to matter (does it?)
Thanks for the help.
[2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status syslogd is running as pid 13905. [2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd restart Stopping syslogd. Starting syslogd. [2.3.3-RELEASE][admin@fw.gspot]/var/db/ntopng: /etc/rc.d/syslogd status syslogd is running as pid 74389. ```![remote-syslog-pfsense.PNG](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG) ![remote-syslog-pfsense.PNG_thumb](/public/_imported_attachments_/1/remote-syslog-pfsense.PNG_thumb)
-
simple sniff on your lan interface would tell you if being sent..