• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Syslog server for pfsense that stores formatted data into MS SQL or MySQL

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 2 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    shaw22
    last edited by Feb 1, 2020, 8:35 AM

    Greetings:

    I am looking to setup a syslog server and route the firewall logs from Pfsense.
    The log should be parsed, formatted and stored in an MS Sql or MySQL server from which I can query (for a date/time range) the following:
    Outbound connections:
    Source IP and port / Destination IP and port / Destination URL
    Inbound connections:
    Source IP and port / Source URL / Destination IP and port

    The output will be consolidated for the date/time range - that is one entry for each unique connection.

    I will then create a 'whitelist' of Outbound and Inbound connection so that the matching entries in 'whitelist' can be excluded from future reports.

    Is there a Log analyzer in existence that will do this? or Do I have to capture to SQL or MySQL server and run queries myself?

    Thanks

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by Feb 1, 2020, 10:59 AM

      afaik you have to do it yourself, you can grab the log with a remote syslog if you configure Status / System Logs / Settings after that you can do whatever you want

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      S 1 Reply Last reply Feb 1, 2020, 2:30 PM Reply Quote 0
      • S
        shaw22 @kiokoman
        last edited by Feb 1, 2020, 2:30 PM

        @kiokoman Thank You,
        Do you know a syslog server that works with pfsense and formats the log file and keep in MS SQL and MySQL database

        1 Reply Last reply Reply Quote 0
        • K
          kiokoman LAYER 8
          last edited by kiokoman Feb 1, 2020, 2:52 PM Feb 1, 2020, 2:51 PM

          rsyslogd can do it
          https://www.rsyslog.com/doc/v8-stable/tutorials/database.html

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • S
            shaw22
            last edited by Feb 1, 2020, 5:32 PM

            @kiokoman

            My Firewall connection to Internet is 1Gbps and I am concerned about this statement:
            " Database i/o is considerably slower than text file i/o. As such, directly writing to the database makes sense only if your message volume is low enough to allow a) the syslogd, b) the network, and c) the database server to catch up with it"

            Is there a way to periodically copy the syslog text file to database - say every hour, rather than directly writing into the database?

            1 Reply Last reply Reply Quote 0
            • K
              kiokoman LAYER 8
              last edited by Feb 1, 2020, 5:42 PM

              i have never done something like this but it shouldn't be too difficult to create a cron job for it, it would be better to ask the rsyslog mailing list or your OS support forum

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • S
                shaw22
                last edited by Feb 1, 2020, 9:49 PM

                Thanks Kiokoman. Also, do you know how to send syslog to more than one remote server. In the GUI it only allows to put in one ip address

                S 1 Reply Last reply Jun 11, 2021, 2:45 AM Reply Quote 0
                • K
                  kiokoman LAYER 8
                  last edited by Feb 1, 2020, 11:34 PM

                  how is that? i see 3 slot
                  Immagine.jpg

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 0
                  • S
                    shaw22 @shaw22
                    last edited by Jun 11, 2021, 2:45 AM

                    Thanks Kiokoman

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received