• Hello,
    i have pfsense , i install apache on it too.
    i want to send apache logs to remote syslog
    pfsense already sent the pfsense normal logs to it.
    when i try to add apache log files to syslog.conf its not save it after restart syslog service.
    so what i have to do ?

  • Try creating your own apache.conf in /var/etc/syslog.d/.

    /etc/syslog.conf should have an include line it for /var/etc/syslog.d.

    $ cat /etc/syslog.conf
    # Automatically generated, do not edit!
    # Place configuration files in /var/etc/syslog.d
    include                                         /var/etc/syslog.d
    # /* Manually added files with non-conflicting names will not be automatically removed */

    On a side note, installing apache on your pfSense is probably not a good idea. You should really create a DMZ and run apache on its own box/VM.

  • @torred said in pfsense change syslog config:

    include /var/etc/syslog.d

    i can do any changes in /etc/syslog.conf every time i tried to add anything its delete after restart syslog service

  • Hello,
    i add these lines:
    CustomLog "| /bin/sh -c '/usr/bin/tee -a /var/log/access.log | /usr/bin/logger -tacc -plocal1.notice'" combined
    is work
    ErrorLog "|/bin/sh -c '/usr/bin/tee -a /var/log/error.log | /usr/bin/logger -terr-plocal1.err'"
    is write to file but not send to systlog

  • $ cat /etc/syslog.conf
    # Automatically generated, do not edit!

    Do not edit that file.

    The include line I mentioned tells the system to load custom syslog configuration files from /var/etc/syslog.d/.

    Try this:

    $ printf "local1.notice\t\t/var/log/access.log\n" > /var/etc/syslog.d/apache.conf
    $ service syslogd restart

    In your apache.conf (not the syslog.d/apache.conf) you should having something like this:

    CustomLog "|/usr/bin/logger -t httpd -p local1.notice" combined

    Also, one more time so I feel like I properly warned you. Do not run your own webserver on your firewall. All it takes is you making a mistake in your server code and now someone has compromised your firewall. DO NOT DO THIS.