syslog-ng - send logs using TCP and TLS



  • Hi all,

    Trying to configure a brand new syslog-ng installation here for secure log transport from the firewall where this daemon is running.

    In pfSense book I can't find anything about this.

    From Jim's post on issue #10486, looks like it's possible. But how?



  • I did a quick Google search using these terms -- syslog-ng tls tutorial and found lots of hits (pages of them, actually). There are examples for many different OS setups.

    Also found an old thread here on the Netgate forums about this, and the user there apparently finally had some success. Keep in mind this was with older versions of both pfSense and syslog-ng (as in five years ago): https://forum.netgate.com/topic/80368/syslog-ng-tls-configuration-help-2-1-5.

    You are not likely to find a step-by-step tutorial written explicitly for pfSense 2.4.5. But if you are willing to read and learn from all the tutorials out on the web using other operating systems, you can create your own configuration. If you are successful, then return here and share your knowledge ... ☺. That helps the next guy who comes along with the same question.



  • @bmeeks first of all, thanks for all the work you're doing with Suricata!

    Yup, manual config is possbile with syslog-ng. Myself, I prefer to use GUI methods to minimize errors and configuration drift.

    I was sincerely hoping a GUI method is available. Am already using such a setup, but with Barracudas.

    Guess a feature request is in order for this.



  • @e-1-1 said in syslog-ng - send logs using TCP and TLS:

    @bmeeks first of all, thanks for all the work you're doing with Suricata!

    Yup, manual config is possbile with syslog-ng. Myself, I prefer to use GUI methods to minimize errors and configuration drift.

    I was sincerely hoping a GUI method is available. Am already using such a setup, but with Barracudas.

    Guess a feature request is in order for this.

    Or learn a little PHP programming know-how (if you don't have it already) and create a package for this feature. Become a volunteer package maintainer. That's what I did for Snort (when I took over its maintenance) and later when I created the Suricata package. That's the beauty of open-source software.


Log in to reply