Anyone able to send PfSense logs to remote syslog server using TLS?
-
Trying to get this set up using syslog-ng, but have been running into all sorts of issues, with the first being that syslog-ng fails to start. Here is the error:
Syslog-ng syntax test failed: ld-elf.so.1: Shared object "libcrypto.so.30" not found, required by "libsyslog-ng-4.4.so.0"Apart from that it seems like the configuration for sending logs securely is unnecessarily convoluted -- is there any ETA on when this is supported natively in PFSense?
-
Hmm, that should be possible using syslog-ng. What pfSense version are you running? Has it pulled in a newer pkg version somehow?
Steve
-
@stephenw10 thanks for responding -- yup pfSense update solved this particular issue. Now I'm running into TLS/ cert issues on my dockerized graylog setup, which is probably outside the scope of this forum.
Would be nice to have a standard way to securely manage logs in Pfsense -- one that does not encourage people to send logs in the clear.
I know you can just run a local server and have some security with Rules, but would suggest to have a more formal secure integration with Graylog given how popular it seems to be with people here. Also for people that want to monitor more than one network with one Graylog instance