Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Secure logging to external server

    pfSense Packages
    2
    3
    494
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PipeTenNathan
      last edited by

      Hello all

      I'm trying to overcome a problem which is mainly focused around logging and security. I have configured an external service which receives all logs via UDP. Snort barnyard2 and pflogs work fine to this server. I'm not happy chucking all of that data over as plaintext thought. I want it encrypted.

      Our first attempts was to use the syslog package in pfsense to export our logs over TLS. This proved extremely difficult as the package seems to just be a listener

      Our second attempt was to mount IPsec Tunnels from pfsense to logging service and output data to the private IP of the logging server. We have successfully got this working but then we have the security implication of potentially bridging two networks.

      I was wondering if anyone has found a good method for exporting logs securely that isn't IPsec?

      P 1 Reply Last reply Reply Quote 0
      • P
        PipeTenNathan @PipeTenNathan
        last edited by

        Incase anyone else is stuck on this, I found the solution.

        Posted it here:

        https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @PipeTenNathan
          last edited by

          @pipetennathan said in Secure logging to external server:

          Incase anyone else is stuck on this, I found the solution.

          Posted it here:

          https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6

          This is a great solution as Barnyard2 has not been well supported in recent years by its developer. You could almost call it "dead" in a manner of speaking. It is likely that at some point down the road Barnyard2 will be pulled from the Snort and Suricata packages.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.