pfsense change syslog config
i have pfsense , i install apache on it too.
i want to send apache logs to remote syslog
pfsense already sent the pfsense normal logs to it.
when i try to add apache log files to syslog.conf its not save it after restart syslog service.
so what i have to do ?
Try creating your own
/etc/syslog.conf should have an include line it for /var/etc/syslog.d.
$ cat /etc/syslog.conf # Automatically generated, do not edit! # Place configuration files in /var/etc/syslog.d !* include /var/etc/syslog.d # /* Manually added files with non-conflicting names will not be automatically removed */
On a side note, installing apache on your pfSense is probably not a good idea. You should really create a DMZ and run apache on its own box/VM.
i add these lines:
CustomLog "| /bin/sh -c '/usr/bin/tee -a /var/log/access.log | /usr/bin/logger -tacc -plocal1.notice'" combined
ErrorLog "|/bin/sh -c '/usr/bin/tee -a /var/log/error.log | /usr/bin/logger -terr-plocal1.err'"
is write to file but not send to systlog
$ cat /etc/syslog.conf # Automatically generated, do not edit!
Do not edit that file.
The include line I mentioned tells the system to load custom syslog configuration files from /var/etc/syslog.d/.
$ printf "local1.notice\t\t/var/log/access.log\n" > /var/etc/syslog.d/apache.conf $ service syslogd restart
In your apache.conf (not the syslog.d/apache.conf) you should having something like this:
CustomLog "|/usr/bin/logger -t httpd -p local1.notice" combined
Also, one more time so I feel like I properly warned you. Do not run your own webserver on your firewall. All it takes is you making a mistake in your server code and now someone has compromised your firewall. DO NOT DO THIS.