Firewall logs not appearing on remote syslog server *solved*



  • I'm currently evaluating pfsense for use at a MSP as a virtual firewall solution for our VM clusters. Hence I'm trying to make it break :-)

    I've set up a pfsense vm to log to our central syslog server but I am unable to receive any actual logs from the firewall filter rules. I see nginx GUI logs just fine but if I disable "Everything" from Remote Syslog Contents and only tick Firewall Events i see nothing at all.

    I've selected to log pretty much everything from the firewall - default block rules, default pass rules, bogon and private. All rules i've created are also selected to log.

    Am I missing something obvious?

    the fw is running 2.4.0.r.20170906.1710

    Thanks



  • Turns out it was working! /u/thats_not_howyoudoit[ ran a similar setup (graylog) and tipped me off as to how pfsense prints its logs

    https://www.reddit.com/r/PFSENSE/comments/6zdxzh/firewall_logs_not_appearing_on_remote_syslog/dmuq5he/