PFsense logg push using TCP



  • I need your help. I'm using PFsense 2.4.3 and Debian 9.

    I have installed and configured rsyslog server on Debian.

    Can you tell me how to push PFsense logs to Debian rsyslog server via TCP protocol?

    Because by default, PFSense push logs only by UDP, but I need to use TCP.



  • @sergnik We use the syslog-ng package for syslog over TLS. You should be able to use the same for basic TCP syslog.



  • I found the same solution. Can you tell me if you have rsyslog on the server? I want to configure an encrypted connection between syslog-ng and rsyslog, but due to the difference in the configuration files I can not figure out how to make a secure connection between this software. Can you offer me something to solve this problem?



  • @aamorris , can you provide me a worked /usr/local/etc/syslog-ng.conf sample? Now I have problems with configuring it(



  • I'm trying to use the next configuration:
    source s_local { unix-dgram("/var/run/log");
    unix-dgram("/var/run/logpriv" perm(0600));
    udp(); internal(); };
    filter my_filter { message(pattern);};
    destination d_syslog_tcp {
    syslog("my_ip" transport("tcp") port(5104)); };
    log { source(s_local);filter(my_filter);destination(d_syslog_tcp); };
    But the pfsense shows me a wrong port
    sockstat -4 -l
    USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
    root syslog-ng 13095 20 udp4 *:514 :
    I have no ideas how to solve this problem(



  • It seems that the problem was in the PfSense version. I made an update and everything is working correctly