Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense logg push using TCP

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SergNik
      last edited by

      I need your help. I'm using PFsense 2.4.3 and Debian 9.

      I have installed and configured rsyslog server on Debian.

      Can you tell me how to push PFsense logs to Debian rsyslog server via TCP protocol?

      Because by default, PFSense push logs only by UDP, but I need to use TCP.

      A 1 Reply Last reply Reply Quote 0
      • A
        aamorris @SergNik
        last edited by

        @sergnik We use the syslog-ng package for syslog over TLS. You should be able to use the same for basic TCP syslog.

        S 1 Reply Last reply Reply Quote 1
        • S
          SergNik
          last edited by SergNik

          I found the same solution. Can you tell me if you have rsyslog on the server? I want to configure an encrypted connection between syslog-ng and rsyslog, but due to the difference in the configuration files I can not figure out how to make a secure connection between this software. Can you offer me something to solve this problem?

          1 Reply Last reply Reply Quote 0
          • S
            SergNik @aamorris
            last edited by

            @aamorris , can you provide me a worked /usr/local/etc/syslog-ng.conf sample? Now I have problems with configuring it(

            1 Reply Last reply Reply Quote 0
            • S
              SergNik
              last edited by

              I'm trying to use the next configuration:
              source s_local { unix-dgram("/var/run/log");
              unix-dgram("/var/run/logpriv" perm(0600));
              udp(); internal(); };
              filter my_filter { message(pattern);};
              destination d_syslog_tcp {
              syslog("my_ip" transport("tcp") port(5104)); };
              log { source(s_local);filter(my_filter);destination(d_syslog_tcp); };
              But the pfsense shows me a wrong port
              sockstat -4 -l
              USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
              root syslog-ng 13095 20 udp4 *:514 :
              I have no ideas how to solve this problem(

              1 Reply Last reply Reply Quote 0
              • S
                SergNik
                last edited by

                It seems that the problem was in the PfSense version. I made an update and everything is working correctly

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.