Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense change syslog config

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 964 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aminbaik
      last edited by

      Hello,
      i have pfsense , i install apache on it too.
      i want to send apache logs to remote syslog
      pfsense already sent the pfsense normal logs to it.
      when i try to add apache log files to syslog.conf its not save it after restart syslog service.
      so what i have to do ?
      thanks.

      1 Reply Last reply Reply Quote 0
      • T
        torred
        last edited by

        Try creating your own apache.conf in /var/etc/syslog.d/.

        /etc/syslog.conf should have an include line it for /var/etc/syslog.d.

        $ cat /etc/syslog.conf
        # Automatically generated, do not edit!
        # Place configuration files in /var/etc/syslog.d
        !*
        
        include                                         /var/etc/syslog.d
        # /* Manually added files with non-conflicting names will not be automatically removed */
        

        On a side note, installing apache on your pfSense is probably not a good idea. You should really create a DMZ and run apache on its own box/VM.

        1 Reply Last reply Reply Quote 0
        • A
          aminbaik
          last edited by

          @torred said in pfsense change syslog config:

          include /var/etc/syslog.d

          Hello,
          i can do any changes in /etc/syslog.conf every time i tried to add anything its delete after restart syslog service
          thnaks.

          1 Reply Last reply Reply Quote 0
          • A
            aminbaik
            last edited by

            Hello,
            i add these lines:
            CustomLog "| /bin/sh -c '/usr/bin/tee -a /var/log/access.log | /usr/bin/logger -tacc -plocal1.notice'" combined
            is work
            but:
            ErrorLog "|/bin/sh -c '/usr/bin/tee -a /var/log/error.log | /usr/bin/logger -terr-plocal1.err'"
            is write to file but not send to systlog
            thnaks.

            1 Reply Last reply Reply Quote 0
            • T
              torred
              last edited by

              $ cat /etc/syslog.conf
              # Automatically generated, do not edit!
              

              Do not edit that file.

              The include line I mentioned tells the system to load custom syslog configuration files from /var/etc/syslog.d/.

              Try this:

              $ printf "local1.notice\t\t/var/log/access.log\n" > /var/etc/syslog.d/apache.conf
              $ service syslogd restart
              

              In your apache.conf (not the syslog.d/apache.conf) you should having something like this:

              CustomLog "|/usr/bin/logger -t httpd -p local1.notice" combined
              

              Also, one more time so I feel like I properly warned you. Do not run your own webserver on your firewall. All it takes is you making a mistake in your server code and now someone has compromised your firewall. DO NOT DO THIS.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.