Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie here Anyone know how to configure the syslog output to a certain IP?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 985 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      icastellanos
      last edited by

      I'm working with Arctic Wolf and they're asking to configure syslog output to the management IP address of the sensor I've installed. Anyone know what those steps look like. I'm pretty new the IT world so any help is much appreciated!

      Thank you

      the otherT 1 Reply Last reply Reply Quote 0
      • the otherT Online
        the other @icastellanos
        last edited by the other

        @icastellanos hey there,
        do you mean, you need pfsense to use a remote syslog server?

        Go to Status > System Logs > Settings
        Scroll all the way down to "Remote logging options"
        There:

        • enable remote logging
        • enter source (default is all)
        • enter IP of your remote syslog device, also enter port of service
        • check what needs to be logged
        • check if you need additional firewallrules to open traffic to your remote syslog device

        Or did I get your question wrong?
        :)

        the other

        pure amateur home user, no business or professional background
        please excuse poor english skills and typpoz :)

        I 1 Reply Last reply Reply Quote 1
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by stephenw10

          I think he probably means the source IP used to send the logs. pfSense will use the system routing table to determine the interface to use for sending. So you just need to use a syslog server IP in the management subnet or add a static route to it. You could use an outbound NAT rule to translate to a different IP in the same subnet maybe.

          Steve

          1 Reply Last reply Reply Quote 0
          • I Offline
            icastellanos @the other
            last edited by

            @the-other Thank you! Yes these are the exact settings I needed. You are the best.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.