Help for forwarding Syslog through SSH Tunnel.

  • Hi Team,

    I am trying to configure central syslog server for my 100s of  pfSense boxes.

    It is not good Idea to setup openvpn only for sending the syslogs to central server.

    So, I thought ssh reverse tunnel might be the ideal solution as less work. But stuck with the
    fact that  pfsense is only allowing the syslog to UDB not TCP port which most of the syslog servers have.
    Also SSH reverse tunnel won't forward the UDP ports forward. So trying to get a solution for this.
    In line with the below link I have setup the  Reverse tunnel as below.

    1. Setup the SSH Tunnel with  ssh -L 1514:localhost:1514 syslog-server.

    2. On pfSense  ran the following commands:

    mkfifo /tmp/udp2tcp
    nc -l -u  9100 > /tmp/udp2tcp | nc localhost  1514 < /tmp/udp2tcp

    3. On the pfesense System Logs properties  redirected the logs to  localhost: 9100

    4.  On the rsyslog server enabled udp loging on port 514, ( Directly this is working fine without ssh tunnel)

    5. on the syslog server ran the following commands.

    mkfifo /tmp/tcp2udp

    netcat -l -p 1514 < /tmp/tcp2udp | netcat -u localhost 514 > /tmp/tcp2udp.

    Syslogs are not appearling on the  syslog server.

    Not sure where I am making the mistake . Also please let me know if any other alternatives.