Remote logging of dnsbl.log

  • Hi,

    Apparently /var/log/pfblockerng/* is not included in default syslog config, therefore I can't send dnsbl.log to my remote ELK stack for analysis. Did I miss pfblocker option to enable that or should I just manually edit the /etc/syslog.conf to include this file?

  • Don't know about the syslog option, but I am emailing the dnsbl.log using the mailreport package.  Once installed choose Status-Email Reports-Add New Report.  Name it, save it, then edit and add this command:
    cat /var/log/pfblockerng/dnsbl.log

    This is assuming email is already working, configured on the system-advanced-notifications page.

Log in to reply