• Which syslog server do you use? Based on another thread, it's probably a good idea to run a syslog server on a dedicated machine or VM instead of on the Pfsense box. I've been trying many of the Windows and Linux variations, and now am hooked on Syslog Watcher. You can get a license for personal use, it's easy to set up and it runs on any Windows machine (I have it running on a VM). It looks like I can't post links here, but you can Google it easy enough. *edit - I guess I can post a link https://syslogwatcher.com/

    Some of the others I have tried were crippled in the free version (Kiwi, Event log analyzer) or just didn't work (PRTG has a home version that requires dot net 4 or below, won't work with any newer OS). The Linux servers I tried were difficult for me to set up, some had OVAs that could be imported directly into a VM but (to me) had a steep learning curve.

    In addition, does anyone use Security Onion for log analysis? Can tools like this be used with any syslog server, or is it only used with syslog-ng?

    It's a home setup, I'm on a budget and near retirement... Costs mean a lot to me now.



  • @larryf

    I use FreeBSD syslog. Runs light, on a low memory VM. Easy to install and setup.