Help for forwarding Syslog through SSH Tunnel.
I am trying to configure central syslog server for my 100s of pfSense boxes.
It is not good Idea to setup openvpn only for sending the syslogs to central server.
So, I thought ssh reverse tunnel might be the ideal solution as less work. But stuck with the
fact that pfsense is only allowing the syslog to UDB not TCP port which most of the syslog servers have.
Also SSH reverse tunnel won't forward the UDP ports forward. So trying to get a solution for this.
In line with the below link I have setup the Reverse tunnel as below.
1. Setup the SSH Tunnel with ssh -L 1514:localhost:1514 syslog-server.
2. On pfSense ran the following commands:
nc -l -u 9100 > /tmp/udp2tcp | nc localhost 1514 < /tmp/udp2tcp
3. On the pfesense System Logs properties redirected the logs to localhost: 9100
4. On the rsyslog server enabled udp loging on port 514, ( Directly this is working fine without ssh tunnel)
5. on the syslog server ran the following commands.
netcat -l -p 1514 < /tmp/tcp2udp | netcat -u localhost 514 > /tmp/tcp2udp.
Syslogs are not appearling on the syslog server.
Not sure where I am making the mistake . Also please let me know if any other alternatives.