Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG syslog logentries to remote SIEM

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 17 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK Offline
      keyser Rebel Alliance
      last edited by

      Hi All.

      A few years back there was no real good way of getting pfBlockerNG log files to a remote SIEM as pfBlocker had no built-in syslog support.
      The way pfBlockerNG rotated log files caused the entire log content to be resent/duplicated when the CRON update job ran if you used the syslog-ng package to monitor the log files.

      A Ticket has been open on this for years: https://redmine.pfsense.org/issues/14878

      I can still not find any builtin syslog support, and the log file lines are also still in their own format as opposed to standard Syslog format.

      Have anyone come up with a good solution to getting pfBlockerNG log files shipped to a SIEM without various workarounds, reformatting and extra packages needed?

      Love the no fuss of using the official appliances :-)

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.