pfBlockerNG remote logging
-
Hi,
Firstly, sorry if this has been asked before but I did not find topic regarding this with search.
I'm logging PGSense logs remotely but I noticed that eventhough I have set PFSense to send "Everything" it is not sending pfBlockerNG logs.
Is there any way of do this?
-
@JohanÅ said in pfBlockerNG remote logging:
I'm logging PGSense logs remotely but I noticed that eventhough I have set PFSense to send "Everything" it is not sending
pfBlockerNG doesn't use syslog, it manage it's log files in /var/log/pfblockerNG.
-
Hmm ok. Any idea why it is so? Isn't that way worst than using syslog?
So does anyone have an idea what would be the best way to send the log file to remote server and then parse it with logstash? I know that Logstash is able to parse files but was wondering how to make sure that it does not log duplicates. This is more Elasticsearch topic but if someone has done this already, I would appreciate any idea.
I was not able to find logging settings to dnsbl, I would like to limit the truncate of the logging file to 24h so I could send it every day and maybe limit the duplicates.
-
@JohanÅ said in pfBlockerNG remote logging:
Hmm ok. Any idea why it is so? Isn't that way worst than using syslog?
pfBlockerNG does a lot of processing on Firewall and DNSBL logs. This is needed for the Widget and Reports tabs.
-
That is understandable. Thanks for the answers. I'll try to find a way to use these logs in my need.
