Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Might need a release note about remote syslog

    Scheduled Pinned Locked Moved
    CE 2.6.0 Development Snapshots (Retired)
    1
    1
    356
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skogs
      last edited by skogs

      Bumped from production to beta today (2.6.0.b.20220101.0600); after a while I noted that I wasn't getting 'firewall' category logs in my SIEM anymore.
      Took a look at System Logs / System / General page and it noted a lot of:

      syslogd       sendto: No buffer space available

      Went in to System Logs / Settings
      changed log message format from default BSD format to syslog format.
      Hit save at the bottom, and suddenly logs were working correctly. I'm guessing all I really had to do was hit save; perhaps the format change was needed though.

      Fortunately the SIEM sees the traffic now - good -
      Unfortunately it no longer recognizes it as 'firewall' category of data and now just lumped with general syslog. I'll derp with it. External SIEM is just a testing instance of Security Onion; version 2.3.91 as of today. Clearly not a problem for this forum; this involves the 4 levels of abstraction and auto indicing of elastic and logstash.

      --
      edited to properly note full pfsense version

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.