Reply to Syslog (syslog-ng) server on Thu, 22 Mar 2007 21:38:07 GMT

[[global:former-user]] — Thu, 22 Mar 2007 21:38:07 GMT

thanks for this info. very helpful.

Going to try and use php-syslog-ng upon it :)

http://sourceforge.net/projects/php-syslog-ng/
or maybe
http://8pussy.org/ (not porn :p syslog web interface)

Reply to Syslog (syslog-ng) server on Mon, 12 Mar 2007 20:12:56 GMT

prophecy — Mon, 12 Mar 2007 20:12:56 GMT

copying from various sources, i finally figured out how to do it. I'm pretty sure most of these are not necessary for logging pfsense, but i put them there anyways. the only pfsense log i am not getting is the "system events" which i assume logs the boot messages and everything. Does anyone know which filter line I need to do this? thanks.

#pfsense logging#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source pf-s { udp(port(514)); };

destination pf-d_kern { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/kernel"); };
destination pf-d_mesg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/messages"); };
destination pf-d_auth { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/secure"); };
destination pf-d_mail { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/maillog"); };
destination pf-d_uucp { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/spooler"); };
destination pf-d_boot { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/boot.log"); };
destination pf-d_emerg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/emerg.log"); };
destination pf-d_sshd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/sshd.log"); };
destination pf-d_pptpd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/pptpd.log"); };
destination pf-d_daemon { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/daemon.log"); };
destination pf-d_firewall { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/firewall.log"); };

filter pf-f_kern	{ facility(kern); };
filter pf-f_mesg 	{ level(info) and not facility(mail,authpriv,kern,local7); };
filter pf-f_auth	{ facility(authpriv); };
filter pf-f_mail 	{ facility(mail); };
filter pf-f_uucp 	{ facility(uucp); };
filter pf-f_boot        { facility(local7); };
filter pf-f_emerg     	{ level(emerg); };
filter pf-f_sshd 	{ program("sshd"); };
filter pf-f_pptpd       { match("pptpd"); };
filter pf-f_daemon 	{ facility(daemon); };
filter pf-f_firewall 	{ level(debug); };

log { source(pf-s); filter(pf-f_kern); destination(pf-d_kern); };
log { source(pf-s); filter(pf-f_mesg); destination(pf-d_mesg); };
log { source(pf-s); filter(pf-f_auth); destination(pf-d_auth); };
log { source(pf-s); filter(pf-f_mail); destination(pf-d_mail); };
log { source(pf-s); filter(pf-f_uucp); destination(pf-d_uucp); };
log { source(pf-s); filter(pf-f_boot); destination(pf-d_boot); };
log { source(pf-s); filter(pf-f_emerg); destination(pf-d_emerg); };
log { source(pf-s); filter(pf-f_sshd); destination(pf-d_sshd); };
log { source(pf-s); filter(pf-f_pptpd); destination(pf-d_pptpd); };
log { source(pf-s); filter(pf-f_daemon); destination(pf-d_daemon); };
log { source(pf-s); filter(pf-f_firewall); destination(pf-d_firewall); };