Newbie here Anyone know how to configure the syslog output to a certain IP?
-
I'm working with Arctic Wolf and they're asking to configure syslog output to the management IP address of the sensor I've installed. Anyone know what those steps look like. I'm pretty new the IT world so any help is much appreciated!
Thank you
-
@icastellanos hey there,
do you mean, you need pfsense to use a remote syslog server?Go to Status > System Logs > Settings
Scroll all the way down to "Remote logging options"
There:- enable remote logging
- enter source (default is all)
- enter IP of your remote syslog device, also enter port of service
- check what needs to be logged
- check if you need additional firewallrules to open traffic to your remote syslog device
Or did I get your question wrong?
:) -
I think he probably means the source IP used to send the logs. pfSense will use the system routing table to determine the interface to use for sending. So you just need to use a syslog server IP in the management subnet or add a static route to it. You could use an outbound NAT rule to translate to a different IP in the same subnet maybe.
Steve
-
@the-other Thank you! Yes these are the exact settings I needed. You are the best.