Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help for forwarding Syslog through SSH Tunnel.

    Scheduled Pinned Locked Moved
    Bounties
    1
    1
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SandeepAthiyarath
      last edited by

      Hi Team,

      I am trying to configure central syslog server for my 100s of  pfSense boxes.

      It is not good Idea to setup openvpn only for sending the syslogs to central server.

      So, I thought ssh reverse tunnel might be the ideal solution as less work. But stuck with the
      fact that  pfsense is only allowing the syslog to UDB not TCP port which most of the syslog servers have.
      Also SSH reverse tunnel won't forward the UDP ports forward. So trying to get a solution for this.
      In line with the below link I have setup the  Reverse tunnel as below.
      https://www.quora.com/How-do-you-forward-UDP-packets-through-an-SSH-tunnel

      1. Setup the SSH Tunnel with  ssh -L 1514:localhost:1514 syslog-server.

      2. On pfSense  ran the following commands:

      mkfifo /tmp/udp2tcp
      nc -l -u  9100 > /tmp/udp2tcp | nc localhost  1514 < /tmp/udp2tcp

      3. On the pfesense System Logs properties  redirected the logs to  localhost: 9100

      4.  On the rsyslog server enabled udp loging on port 514, ( Directly this is working fine without ssh tunnel)

      5. on the syslog server ran the following commands.

      mkfifo /tmp/tcp2udp

      netcat -l -p 1514 < /tmp/tcp2udp | netcat -u localhost 514 > /tmp/tcp2udp.

      Syslogs are not appearling on the  syslog server.

      Not sure where I am making the mistake . Also please let me know if any other alternatives.

      Thanks
      Sandeep

      1 Reply Last reply Reply Quote 0
      • First post
        Last post