SysLog Server For WIFI AP
-
The NetGear WAX610 AP allows for the submission of logs to a syslog server. I was told by AI that the pfSense on the 4200S will accommodate. If so, the AP asks for an IP and Port. Shall i use the 4200S AP? What port? Will that be enough for the logs to be saved on the 4200S?
-
If you install the syslog-ng package it will receive and store those logs as long as firewall rules allow it.
-
@ortizat Make ABSOLUTELY sure you have the 4200 Max with an SSD, as storing external logs on your firewall both requires extra diskspace as well as introduce a lot more SSD wear.
-
thank you stephenw10 & keyser for the guidance...
clarifying questions: what do you mean by "Max"? Also, my disk status shows 2% used of 86G. I know my 4200S does have expansion. Should i go and get an SSD? -
@ortizat The Max version is a 4200 with a built in SSD rather than the 16Gb eMMC bootdrive. I think I recall the SSD is 128GB in size on the Max
-
@ortizat said in SysLog Server For WIFI AP:
my disk status shows 2% used of 86G
Yeah that must be an SSD. Probably with less than the full size due to other ZFS BEs.
-
@stephenw10 is it possible it's a 128GB that's partitioned to allocate (128-86)=42GB for pfSense+apps?
-
Not without doing something very custom at install time. pfSense doesn't support anything close to that natively.
-
typically for syslog it using the following ports.
514 for UDP
601 for TCP
6514 TLSNetgear devices i have dealt with usually use UDP by default so you need to send the logs to the Syslog server UDP port.
As someone who uses syslog daily i don't think you are going to get any benefit from collecting logs from an AP as 99.9% will be noise. Usually I would only collect the audit logs and in most cases that can only be done by the Controller of the APs/Switches etc.. so we would only collect logs from the controller.
